大家好,我是張晉濤。
在前兩篇內容中,我分別為大家介紹了 GitOps 的概念,以及用於實施 GitOps 的工具 Argo CD。本篇我們將以一個示例專案為大家介紹 Argo CD 的實踐。
建立叢集
我們通過 KIND(Kubernetes in Docker)工具建立一個用於本地測試的 Kubernetes 叢集。使用如下的配置檔案,建立一個包含一個 control plane 和三個 work 的叢集。
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: worker
- role: worker
- role: worker使用如下命令進行叢集的建立:
➜ (MoeLove) kind create cluster --config=kind-config.yaml
Creating cluster "kind" ...
✓ Ensuring node image (kindest/node:v1.20.2) ?
✓ Preparing nodes ? ? ? ?
✓ Writing configuration ?
✓ Starting control-plane ?️
✓ Installing CNI ?
✓ Installing StorageClass ?
✓ Joining worker nodes ?
Set kubectl context to "kind-kind"
You can now use your cluster with:
kubectl cluster-info --context kind-kind
Have a nice day! ?執行如下命令等待叢集完全 Ready:
➜ (MoeLove) kubectl wait --for=condition=Ready nodes --all部署 Argo CD
待叢集狀態完全 Ready 後,開始進行 Argo CD 的部署。我們建立一個名為 argocd 的 namespace。
部署
這裡可以直接使用 Argo CD 專案中提供的部署檔案進行安裝。這裡需要注意的是 此部署檔案中 RBA 的配置中引用了 argocd 這個 namespace,所以如果你是將它部署到其他 namespace 中,那一定要進行對應的修改。
➜ (MoeLove) kubectl create ns argocd
namespace/argocd created
➜ (MoeLove) kubectl -n argocd apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-redis created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-redis created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-cmd-params-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-secret created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server created
service/argocd-server-metrics created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
statefulset.apps/argocd-application-controller created
networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy created檢視狀態
➜ (MoeLove) kubectl -n argocd get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
argocd-dex-server 0/1 1 1 1m
argocd-redis 0/1 1 1 1m
argocd-repo-server 1/1 1 1 1m
argocd-server 0/1 1 1 1m獲取密碼:
預設情況下安裝好的 Argo CD 會啟用基於 Basic Auth的身份校驗,我們可以在 Secret 資源中找到對應的密碼。但需要注意的是 這個名字為 argocd-initial-admin-secret 的 sercret 資源是等到 Pod 處於 Running 狀態後才會寫入。
# 等待 Pod 全 Ready
➜ (MoeLove) kubectl wait --for=condition=Ready pods --all -n argocd
pod/argocd-application-controller-0 condition met
pod/argocd-dex-server-5fc596bcdd-lnx65 condition met
pod/argocd-redis-5b6967fdfc-mfbrr condition met
pod/argocd-repo-server-98598b6c7-7pmgb condition met
pod/argocd-server-5b4b7b868b-bjmzz condition met
# 獲取密碼
➜ (MoeLove) kubectl -n argocd get secret argocd-initial-admin-secret -o template="{{ .data.password | base64decode }}"
AFbmuBSmRo1F0Dow通過 UI 訪問它
我們可以通過 kubectl port-forward 將 argocd-server 的 443 埠對映到本地的 9080 埠。
➜ (MoeLove) ➜ (MoeLove) kubectl port-forward --address 0.0.0.0 service/argocd-server -n argocd 9080:443這樣在瀏覽器中就可以 ArgoCD dashboard ,這是 username 是 admin, 以及 password 便可以前面提到的『獲取密碼』章節 。
命令列訪問:
如果你不喜歡通過瀏覽器進行操作,那也可以使用 Argo CD 提供的 CLI 工具。
➜ (MoeLove) wget https://github.com/argoproj/argo-cd/releases/download/v2.1.2/argocd-linux-amd64 -O argocd
➜ (MoeLove) chmod +x argocd
➜ (MoeLove) mv argocd /bin/argocd
# 執行這條命令前,我們先通過 kubectl port-forward 進行了埠轉發
➜ (MoeLove) argocd login localhost:9080
WARNING: server certificate had error: x509: certificate signed by unknown authority. Proceed insecurely (y/n)? y
Username: admin
Password:
'admin:login' logged in successfully
Context 'localhost:9080' updated部署應用
這裡我建立了一個示例專案,完整內容可以在我的 GitHub https://github.com/tao1234566... 獲取到。
建立目標 namespace
➜ (MoeLove) kubectl create ns kustomize
namespace/kustomize created建立 app
這裡可以選擇在 Argo CD 的 UI 中直接配置,也可以使用 Argo CD 的 CLI 來配置,這裡我以 CLI 配置為例
➜ (MoeLove) argocd app create argo-cd-demo --repo https://github.com/tao12345666333/argo-cd-demo.git --revision kustomize --path ./kustomization --dest-server https://kubernetes.default.svc --dest-namespace kustomize
application 'argo-cd-demo' created其中:
--repo指定部署應用所使用的倉庫地址;--revision指定部署應用所使用的分支,這裡我使用了一個名為kustomize的分支;--path部署應用程式用到的 manifest 所在的位置--dest-server目標 Kubernetes 叢集的地址--dest-`namespace` 應用要部署的目標 namespace
檢視狀態
當 Application 建立完成後,也可以直接在 UI 上看到具體資訊:
或者通過 argocd 在終端下進行檢視:
➜ (MoeLove) argocd app get argo-cd-demo
Name: argo-cd-demo
Project: default
Server: https://kubernetes.default.svc
Namespace: kustomize
URL: https://localhost:8080/applications/argo-cd-demo
Repo: https://github.com/tao12345666333/argo-cd-demo.git
Target: kustomize
Path: ./kustomization
SyncWindow: Sync Allowed
Sync Policy: <none>
Sync Status: OutOfSync from kustomize (e8a2d77)
Health Status: Missing
GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
Service kustomize argo-cd-demo OutOfSync Missing
apps Deployment kustomize argo-cd-demo OutOfSync Missing 可以看到當前的 Application 狀態是 OutOfSync ,所以我們可以為它觸發一次 sync 操作,進行首次部署。
sync
可以在 UI 上點選 SYNC 按鈕,或者通過 argocd CLI 來觸發同步操作。
➜ (MoeLove) argocd app sync argo-cd-demo
TIMESTAMP GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
2021-10-30T10:35:33+00:00 Service kustomize argo-cd-demo OutOfSync Missing
2021-10-30T10:35:33+00:00 apps Deployment kustomize argo-cd-demo OutOfSync Missing
2021-10-30T10:35:35+00:00 Service kustomize argo-cd-demo Synced Healthy
2021-10-30T10:35:35+00:00 Service kustomize argo-cd-demo Synced Healthy service/argo-cd-demo created
2021-10-30T10:35:35+00:00 apps Deployment kustomize argo-cd-demo OutOfSync Missing deployment.apps/argo-cd-demo created
2021-10-30T10:35:35+00:00 apps Deployment kustomize argo-cd-demo Synced Progressing deployment.apps/argo-cd-demo created
Name: argo-cd-demo
Project: default
Server: https://kubernetes.default.svc
Namespace: kustomize
URL: https://localhost:8080/applications/argo-cd-demo
Repo: https://github.com/tao12345666333/argo-cd-demo.git
Target: kustomize
Path: ./kustomization
SyncWindow: Sync Allowed
Sync Policy: <none>
Sync Status: Synced to kustomize (e8a2d77)
Health Status: Progressing
Operation: Sync
Sync Revision: e8a2d77cf0e5405ba9e5dc70d3bf44da91b3ce00
Phase: Succeeded
Start: 2021-10-30 10:35:33 +0000 UTC
Finished: 2021-10-30 10:35:35 +0000 UTC
Duration: 2s
Message: successfully synced (all tasks run)
GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
Service kustomize argo-cd-demo Synced Healthy service/argo-cd-demo created
apps Deployment kustomize argo-cd-demo Synced Progressing deployment.apps/argo-cd-demo created同步成功後,在 UI 上也能看到當前應用和同步的狀態。
點選檢視詳情,可以看到應用部署的拓撲結構:
驗證效果
CI
接下來在 kustomize 分支,進行一些程式碼上的修改,並提交到 GitHub 上。此時會觸發專案中基於 GitHub Action 的 CI,我們來看看其具體的配置:
deploy:
name: Deploy
runs-on: ubuntu-latest
continue-on-error: true
needs: build
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Setup Kustomize
uses: imranismail/setup-kustomize@v1
with:
kustomize-version: "4.3.0"
- name: Update Kubernetes resources
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
run: |-
cd manifests
kustomize edit set image ghcr.io/${{ github.repository }}/argo-cd-demo:${{ github.sha }}
cat kustomization.yaml
kustomize build ./ > ../kustomization/manifests.yaml
cat ../kustomization/manifests.yaml
- uses: EndBug/add-and-commit@v7
with:
default_author: github_actions
branch: kustomize可以看到這裡其實利用了 kustomize 這個工具,將最新的映象寫入到了部署應用所用的 manifest.yaml 檔案中了,然後利用 EndBug/add-and-commit@v7 這個 action 將最新的 manifest.yaml 檔案再提交回 GitHub 中。
檢視狀態
此時當 Sync 再次觸發後,我們也就可以看到最新的部署拓撲了。
總結
以上就是關於使用 Argo CD 實現 GitOps 的實踐內容了。感興趣的小夥伴可以直接在 GitHub 上找到此專案的完整示例:https://github.com/tao1234566...
歡迎訂閱我的文章公眾號【MoeLove】
