GitOps 應用實踐系列 - Argo CD 上手實踐

張晉濤發表於2021-11-01

大家好,我是張晉濤。

在前兩篇內容中,我分別為大家介紹了 GitOps 的概念,以及用於實施 GitOps 的工具 Argo CD。本篇我們將以一個示例專案為大家介紹 Argo CD 的實踐。

建立叢集

我們通過 KIND(Kubernetes in Docker)工具建立一個用於本地測試的 Kubernetes 叢集。使用如下的配置檔案,建立一個包含一個 control plane 和三個 work 的叢集。

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: worker
- role: worker
- role: worker

使用如下命令進行叢集的建立:

➜ (MoeLove) kind create cluster --config=kind-config.yaml 
Creating cluster "kind" ...
 ✓ Ensuring node image (kindest/node:v1.20.2) ? 
 ✓ Preparing nodes ? ? ? ?  
 ✓ Writing configuration ? 
 ✓ Starting control-plane ?️ 
 ✓ Installing CNI ? 
 ✓ Installing StorageClass ? 
 ✓ Joining worker nodes ? 
Set kubectl context to "kind-kind"
You can now use your cluster with:

kubectl cluster-info --context kind-kind

Have a nice day! ?

執行如下命令等待叢集完全 Ready:

➜ (MoeLove) kubectl wait --for=condition=Ready nodes --all

部署 Argo CD

待叢集狀態完全 Ready 後,開始進行 Argo CD 的部署。我們建立一個名為 argocd 的 namespace。

部署

這裡可以直接使用 Argo CD 專案中提供的部署檔案進行安裝。這裡需要注意的是 此部署檔案中 RBA 的配置中引用了 argocd 這個 namespace,所以如果你是將它部署到其他 namespace 中,那一定要進行對應的修改。

➜ (MoeLove) kubectl create ns argocd
namespace/argocd created
➜ (MoeLove) kubectl -n argocd apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-redis created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-redis created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-cmd-params-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-secret created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server created
service/argocd-server-metrics created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
statefulset.apps/argocd-application-controller created
networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy created

檢視狀態

➜ (MoeLove) kubectl -n argocd get deploy
NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
argocd-dex-server    0/1     1            1           1m
argocd-redis         0/1     1            1           1m
argocd-repo-server   1/1     1            1           1m
argocd-server        0/1     1            1           1m

獲取密碼:

預設情況下安裝好的 Argo CD 會啟用基於 Basic Auth的身份校驗,我們可以在 Secret 資源中找到對應的密碼。但需要注意的是 這個名字為 argocd-initial-admin-secret 的 sercret 資源是等到 Pod 處於 Running 狀態後才會寫入。

# 等待 Pod 全 Ready
➜ (MoeLove) kubectl wait --for=condition=Ready pods --all -n argocd
pod/argocd-application-controller-0 condition met
pod/argocd-dex-server-5fc596bcdd-lnx65 condition met
pod/argocd-redis-5b6967fdfc-mfbrr condition met
pod/argocd-repo-server-98598b6c7-7pmgb condition met
pod/argocd-server-5b4b7b868b-bjmzz condition met

# 獲取密碼
➜ (MoeLove) kubectl  -n argocd get secret argocd-initial-admin-secret -o template="{{ .data.password | base64decode }}" 
AFbmuBSmRo1F0Dow

通過 UI 訪問它

我們可以通過 kubectl port-forward 將 argocd-server 的 443 埠對映到本地的 9080 埠。

➜ (MoeLove) ➜ (MoeLove) kubectl port-forward --address 0.0.0.0 service/argocd-server -n argocd 9080:443

這樣在瀏覽器中就可以 ArgoCD dashboard ,這是 username 是 admin, 以及 password 便可以前面提到的『獲取密碼』章節 。

img

命令列訪問:

如果你不喜歡通過瀏覽器進行操作,那也可以使用 Argo CD 提供的 CLI 工具。

➜ (MoeLove) wget https://github.com/argoproj/argo-cd/releases/download/v2.1.2/argocd-linux-amd64 -O argocd
➜ (MoeLove) chmod +x argocd
➜ (MoeLove) mv argocd /bin/argocd

# 執行這條命令前,我們先通過 kubectl port-forward 進行了埠轉發
➜ (MoeLove) argocd login localhost:9080
WARNING: server certificate had error: x509: certificate signed by unknown authority. Proceed insecurely (y/n)? y
Username: admin
Password: 
'admin:login' logged in successfully
Context 'localhost:9080' updated

部署應用

這裡我建立了一個示例專案,完整內容可以在我的 GitHub https://github.com/tao1234566... 獲取到。

建立目標 namespace

➜ (MoeLove) kubectl  create ns kustomize
namespace/kustomize created

建立 app

這裡可以選擇在 Argo CD 的 UI 中直接配置,也可以使用 Argo CD 的 CLI 來配置,這裡我以 CLI 配置為例

➜ (MoeLove) argocd app create argo-cd-demo --repo https://github.com/tao12345666333/argo-cd-demo.git --revision kustomize --path ./kustomization --dest-server https://kubernetes.default.svc --dest-namespace kustomize 
application 'argo-cd-demo' created

其中:

  • --repo 指定部署應用所使用的倉庫地址;
  • --revision 指定部署應用所使用的分支,這裡我使用了一個名為 kustomize 的分支;
  • --path 部署應用程式用到的 manifest 所在的位置
  • --dest-server 目標 Kubernetes 叢集的地址
  • --dest-`namespace` 應用要部署的目標 namespace

檢視狀態

當 Application 建立完成後,也可以直接在 UI 上看到具體資訊:

img

或者通過 argocd 在終端下進行檢視:

➜ (MoeLove) argocd app get argo-cd-demo
Name:               argo-cd-demo
Project:            default
Server:             https://kubernetes.default.svc
Namespace:          kustomize
URL:                https://localhost:8080/applications/argo-cd-demo
Repo:               https://github.com/tao12345666333/argo-cd-demo.git
Target:             kustomize
Path:               ./kustomization
SyncWindow:         Sync Allowed
Sync Policy:        <none>
Sync Status:        OutOfSync from kustomize (e8a2d77)
Health Status:      Missing

GROUP  KIND        NAMESPACE  NAME          STATUS     HEALTH   HOOK  MESSAGE
       Service     kustomize  argo-cd-demo  OutOfSync  Missing        
apps   Deployment  kustomize  argo-cd-demo  OutOfSync  Missing 

可以看到當前的 Application 狀態是 OutOfSync ,所以我們可以為它觸發一次 sync 操作,進行首次部署。

sync

可以在 UI 上點選 SYNC 按鈕,或者通過 argocd CLI 來觸發同步操作。

➜ (MoeLove) argocd app sync argo-cd-demo
TIMESTAMP                  GROUP        KIND   NAMESPACE                  NAME    STATUS    HEALTH        HOOK  MESSAGE
2021-10-30T10:35:33+00:00            Service   kustomize          argo-cd-demo  OutOfSync  Missing              
2021-10-30T10:35:33+00:00   apps  Deployment   kustomize          argo-cd-demo  OutOfSync  Missing              
2021-10-30T10:35:35+00:00            Service   kustomize          argo-cd-demo    Synced  Healthy              
2021-10-30T10:35:35+00:00            Service   kustomize          argo-cd-demo    Synced   Healthy              service/argo-cd-demo created
2021-10-30T10:35:35+00:00   apps  Deployment   kustomize          argo-cd-demo  OutOfSync  Missing              deployment.apps/argo-cd-demo created
2021-10-30T10:35:35+00:00   apps  Deployment   kustomize          argo-cd-demo    Synced  Progressing              deployment.apps/argo-cd-demo created

Name:               argo-cd-demo
Project:            default
Server:             https://kubernetes.default.svc
Namespace:          kustomize
URL:                https://localhost:8080/applications/argo-cd-demo
Repo:               https://github.com/tao12345666333/argo-cd-demo.git
Target:             kustomize
Path:               ./kustomization
SyncWindow:         Sync Allowed
Sync Policy:        <none>
Sync Status:        Synced to kustomize (e8a2d77)
Health Status:      Progressing

Operation:          Sync
Sync Revision:      e8a2d77cf0e5405ba9e5dc70d3bf44da91b3ce00
Phase:              Succeeded
Start:              2021-10-30 10:35:33 +0000 UTC
Finished:           2021-10-30 10:35:35 +0000 UTC
Duration:           2s
Message:            successfully synced (all tasks run)

GROUP  KIND        NAMESPACE  NAME          STATUS  HEALTH       HOOK  MESSAGE
       Service     kustomize  argo-cd-demo  Synced  Healthy            service/argo-cd-demo created
apps   Deployment  kustomize  argo-cd-demo  Synced  Progressing        deployment.apps/argo-cd-demo created

同步成功後,在 UI 上也能看到當前應用和同步的狀態。

img

點選檢視詳情,可以看到應用部署的拓撲結構:

img

驗證效果

CI

接下來在 kustomize 分支,進行一些程式碼上的修改,並提交到 GitHub 上。此時會觸發專案中基於 GitHub Action 的 CI,我們來看看其具體的配置:

  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    continue-on-error: true
    needs: build

    steps:
      - name: Check out code
        uses: actions/checkout@v2

      - name: Setup Kustomize
        uses: imranismail/setup-kustomize@v1
        with:
          kustomize-version: "4.3.0"

      - name: Update Kubernetes resources
        env:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
        run: |-
          cd manifests
          kustomize edit set image ghcr.io/${{ github.repository }}/argo-cd-demo:${{ github.sha }}
          cat kustomization.yaml
          kustomize build ./ > ../kustomization/manifests.yaml
          cat ../kustomization/manifests.yaml

      - uses: EndBug/add-and-commit@v7
        with:
          default_author: github_actions
          branch: kustomize

可以看到這裡其實利用了 kustomize 這個工具,將最新的映象寫入到了部署應用所用的 manifest.yaml 檔案中了,然後利用 EndBug/add-and-commit@v7 這個 action 將最新的 manifest.yaml 檔案再提交回 GitHub 中。

檢視狀態

此時當 Sync 再次觸發後,我們也就可以看到最新的部署拓撲了。

img

總結

以上就是關於使用 Argo CD 實現 GitOps 的實踐內容了。感興趣的小夥伴可以直接在 GitHub 上找到此專案的完整示例:https://github.com/tao1234566...


歡迎訂閱我的文章公眾號【MoeLove】

TheMoeLove

相關文章