1. 什么是Argocd
1.Argo CD是Kubernetes的一个声明性GitOps持续交付工具。
2.应用程序定义、配置和环境应该是声明性的和版本控制的。应用程序部署和生命周期管理应自动化、可审核且易于理解。
3.Argo CD 是以 Kubernetes 作为基础设施,遵循声明式 GitOps 理念的持续交付(continuous delivery, CD)工具,支持多种配置管理工具,包括 ksonnet/jsonnet、kustomize 和 Helm 等。它的配置和使用非常简单,并且自带一个简单易用的可视化界面。
4.按照官方定义,Argo CD 被实现为一个 Kubernetes 控制器,它会持续监控正在运行的应用,并将当前的实际状态与 Git 仓库中声明的期望状态进行比较,如果实际状态不符合期望状态,就会更新应用的实际状态以匹配期望状态。
5.Argo CD 会被部署在 Kubernetes 集群中,使用的是基于 Pull 的部署模式,它会周期性地监控应用的实际状态,也会周期性地拉取 Git 仓库中的配置清单,并将实际状态与期望状态进行比较,如果实际状态不符合期望状态,就会更新应用的实际状态以匹配期望状态。
官方文档: https://argo-cd.readthedocs.io/en/stable/
2. 安装Argocd
2.1 部署yaml
kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/core-install.yaml [root@kn-server-master01-13 argocd]# kubectl apply -n argocd -f install.yaml customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created customresourcedefinition.apiextensions.k8s.io/applicationsets.argoproj.io created customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created serviceaccount/argocd-application-controller created serviceaccount/argocd-applicationset-controller created serviceaccount/argocd-dex-server created serviceaccount/argocd-notifications-controller created serviceaccount/argocd-redis created serviceaccount/argocd-repo-server created serviceaccount/argocd-server created role.rbac.authorization.k8s.io/argocd-application-controller created role.rbac.authorization.k8s.io/argocd-applicationset-controller created role.rbac.authorization.k8s.io/argocd-dex-server created role.rbac.authorization.k8s.io/argocd-notifications-controller created role.rbac.authorization.k8s.io/argocd-server created clusterrole.rbac.authorization.k8s.io/argocd-application-controller created clusterrole.rbac.authorization.k8s.io/argocd-server created rolebinding.rbac.authorization.k8s.io/argocd-application-controller created rolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created rolebinding.rbac.authorization.k8s.io/argocd-dex-server created rolebinding.rbac.authorization.k8s.io/argocd-notifications-controller created rolebinding.rbac.authorization.k8s.io/argocd-redis created rolebinding.rbac.authorization.k8s.io/argocd-server created clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created clusterrolebinding.rbac.authorization.k8s.io/argocd-server created configmap/argocd-cm created configmap/argocd-cmd-params-cm created configmap/argocd-gpg-keys-cm created configmap/argocd-notifications-cm created configmap/argocd-rbac-cm created configmap/argocd-ssh-known-hosts-cm created configmap/argocd-tls-certs-cm created secret/argocd-notifications-secret created secret/argocd-secret created service/argocd-applicationset-controller created service/argocd-dex-server created service/argocd-metrics created service/argocd-notifications-controller-metrics created service/argocd-redis created service/argocd-repo-server created service/argocd-server created service/argocd-server-metrics created deployment.apps/argocd-applicationset-controller created deployment.apps/argocd-dex-server created deployment.apps/argocd-notifications-controller created deployment.apps/argocd-redis created deployment.apps/argocd-repo-server created deployment.apps/argocd-server created statefulset.apps/argocd-application-controller created networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created networkpolicy.networking.k8s.io/argocd-applicationset-controller-network-policy created networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created networkpolicy.networking.k8s.io/argocd-notifications-controller-network-policy created networkpolicy.networking.k8s.io/argocd-redis-network-policy created networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created networkpolicy.networking.k8s.io/argocd-server-network-policy created
Pod都已经running
[root@kn-server-master01-13 argocd]# kubectl get pods -n argocd NAME READY STATUS RESTARTS AGE argocd-application-controller-0 1/1 Running 0 8m11s argocd-applicationset-controller-fb8d96cb5-l9kxc 1/1 Running 0 8m12s argocd-dex-server-69f8bb9b-79wkz 1/1 Running 0 8m12s argocd-notifications-controller-85fdd8f7d9-5hfjt 1/1 Running 0 8m12s argocd-redis-6d67ff987b-7rffz 1/1 Running 0 8m11s argocd-repo-server-67566f5fb4-tvkds 1/1 Running 0 8m11s argocd-server-58dd4685bc-c8wlw 1/1 Running 0 8m11s
修改为Nodeport或者loadbalancer亦或者Ingress才可用访问Argocd WEBUI
[root@kn-server-master01-13 argocd]# kubectl get svc -n argocd NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE argocd-applicationset-controller ClusterIP 10.96.233.34 <none> 7000/TCP,8080/TCP 8m35s argocd-dex-server ClusterIP 10.96.15.14 <none> 5556/TCP,5557/TCP,5558/TCP 8m35s argocd-metrics ClusterIP 10.96.99.245 <none> 8082/TCP 8m35s argocd-notifications-controller-metrics ClusterIP 10.96.154.168 <none> 9001/TCP 8m35s argocd-redis ClusterIP 10.96.182.219 <none> 6379/TCP 8m35s argocd-repo-server ClusterIP 10.96.108.40 <none> 8081/TCP,8084/TCP 8m35s argocd-server ClusterIP 10.96.164.184 <none> 80/TCP,443/TCP 8m35s argocd-server-metrics ClusterIP 10.96.83.5 <none> 8083/TCP 8m35s
3. 安装Argocd CLI
3.1 下载客户端的安装包
[root@kn-server-master01-13 argocd]# wget https://github.com/argoproj/argo-cd/releases/download/v2.5.3/argocd-linux-amd64 --2022-12-04 09:56:47-- https://github.com/argoproj/argo-cd/releases/download/v2.5.3/argocd-linux-amd64 正在解析主机 github.com (github.com)... 20.205.243.166 正在连接 github.com (github.com)|20.205.243.166|:443... 已连接。 已发出 HTTP 请求,正在等待回应... 302 Found 位置:https://objects.githubusercontent.com/github-production-release-asset-2e65be/120896210/dc4d761d-ef5d-4f4c-8dc3-a72e134313c1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221204T015648Z&X-Amz-Expires=300&X-Amz-Signature=ac9daeadb91a0f6b12cab84d5bc3b5d56abb78e960a93a62f68df9de904360bf&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=120896210&response-content-disposition=attachment%3B%20filename%3Dargocd-linux-amd64&response-content-type=application%2Foctet-stream [跟随至新的 URL] --2022-12-04 09:56:48-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/120896210/dc4d761d-ef5d-4f4c-8dc3-a72e134313c1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221204T015648Z&X-Amz-Expires=300&X-Amz-Signature=ac9daeadb91a0f6b12cab84d5bc3b5d56abb78e960a93a62f68df9de904360bf&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=120896210&response-content-disposition=attachment%3B%20filename%3Dargocd-linux-amd64&response-content-type=application%2Foctet-stream 正在解析主机 objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.110.133, ... 正在连接 objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... 已连接。 已发出 HTTP 请求,正在等待回应... 200 OK 长度:133625646 (127M) [application/octet-stream] 正在保存至: “argocd-linux-amd64” 100%[==========================================================================================================================================================>] 133,625,646 595KB/s 用时 4m 18s 2022-12-04 10:01:07 (506 KB/s) - 已保存 “argocd-linux-amd64” [133625646/133625646])
3.2 拷贝并赋权
[root@kn-server-master01-13 argocd]# cp argocd-linux-amd64 /usr/local/bin/argocd [root@kn-server-master01-13 argocd]# chmod +x /usr/local/bin/argocd
4. 使用Argocd CLI
4.1 Argocd命令帮助
[root@kn-server-master01-13 argocd]# argocd --help argocd controls a Argo CD server Usage: argocd [flags] argocd [command] Available Commands: account Manage account settings admin Contains a set of commands useful for Argo CD administrators and requires direct Kubernetes access app Manage applications appset Manage ApplicationSets cert Manage repository certificates and SSH known hosts entries cluster Manage cluster credentials completion output shell completion code for the specified shell (bash or zsh) context Switch between contexts gpg Manage GPG keys used for signature verification help Help about any command login Log in to Argo CD logout Log out from Argo CD proj Manage projects relogin Refresh an expired authenticate token repo Manage repository connection parameters repocreds Manage repository connection parameters version Print version information Flags: --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file --config string Path to Argo CD config (default "/root/.config/argocd/config") --core If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server --grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. --grpc-web-root-path string Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root. -H, --header strings Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers) -h, --help help for argocd --http-retry-max int Maximum number of retries to establish http connection to Argo CD server --insecure Skip server certificate and domain verification --kube-context string Directs the command to the given kube-context --logformat string Set the logging format. One of: text|json (default "text") --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") --plaintext Disable TLS --port-forward Connect to a random argocd-server port using port forwarding --port-forward-namespace string Namespace name which should be used for port forwarding --server string Argo CD server address --server-crt string Server certificate file Use "argocd [command] --help" for more information about a command.
4.2 命令行登陆Argocd
Argocd的密码是保存Secret中的,查看Secret并拿到Argocd的登录密码。
[root@kn-server-master01-13 ~]# kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo 56bRDj50k-a1LWpT
[root@kn-server-master01-13 argocd]# argocd login 10.0.0.14 WARNING: server certificate had error: x509: cannot validate certificate for 10.0.0.14 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? yes Username: admin Password: 'admin:login' logged in successfully Context '10.0.0.14' updated
4.3 命令行修改Argocd登陆密码
由于Argocd的密码过于复杂,并不易于记住,所以修改Argocd登陆密码。
[root@kn-server-master01-13 argocd]# argocd account update-password *** Enter password of currently logged in user (admin): 输入argocd的原密码 *** Enter new password for user admin: *** Confirm new password for user admin: Password updated Context '10.0.0.14' updated 密码修改成功,WEBUI会自动刷新。
另外Argocd可能在国内无法拖下镜像,需要镜像的可以留言,后续会将Argocd镜像上传至Docker Hub。