GitOps實踐之kubernetes安裝argocd

1. 什麼是argocd

1.Argo CD是Kubernetes的一個宣告性GitOps持續交付工具。
2.應用程式定義、配置和環境應該是宣告性的和版本控制的。應用程式部署和生命週期管理應自動化、可稽核且易於理解。
3.Argo CD 是以 Kubernetes 作為基礎設施，遵循宣告式 GitOps 理念的持續交付（continuous delivery, CD）工具，支援多種配置管理工具，包括 ksonnet/jsonnet、kustomize 和 Helm 等。它的配置和使用非常簡單，並且自帶一個簡單易用的視覺化介面。
4.按照官方定義，Argo CD 被實現為一個 Kubernetes 控制器，它會持續監控正在執行的應用，並將當前的實際狀態與 Git 倉庫中宣告的期望狀態進行比較，如果實際狀態不符合期望狀態，就會更新應用的實際狀態以匹配期望狀態。
5.Argo CD 會被部署在 Kubernetes 叢集中，使用的是基於 Pull 的部署模式，它會週期性地監控應用的實際狀態，也會週期性地拉取 Git 倉庫中的配置清單，並將實際狀態與期望狀態進行比較，如果實際狀態不符合期望狀態，就會更新應用的實際狀態以匹配期望狀態。

官方文件: https://argo-cd.readthedocs.io/en/stable/

2. 安裝argocd

2.1 部署yaml

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/core-install.yaml
[root@kn-server-master01-13 argocd]# kubectl apply -n argocd -f  install.yaml 
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/applicationsets.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-applicationset-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-notifications-controller created
serviceaccount/argocd-redis created
serviceaccount/argocd-repo-server created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-applicationset-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-notifications-controller created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-notifications-controller created
rolebinding.rbac.authorization.k8s.io/argocd-redis created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-cmd-params-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-notifications-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-notifications-secret created
secret/argocd-secret created
service/argocd-applicationset-controller created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-notifications-controller-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server created
service/argocd-server-metrics created
deployment.apps/argocd-applicationset-controller created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-notifications-controller created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
statefulset.apps/argocd-application-controller created
networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-applicationset-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
networkpolicy.networking.k8s.io/argocd-notifications-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy created

Pod都已經running

[root@kn-server-master01-13 argocd]# kubectl get pods -n argocd
NAME                                               READY   STATUS    RESTARTS   AGE
argocd-application-controller-0                    1/1     Running   0          8m11s
argocd-applicationset-controller-fb8d96cb5-l9kxc   1/1     Running   0          8m12s
argocd-dex-server-69f8bb9b-79wkz                   1/1     Running   0          8m12s
argocd-notifications-controller-85fdd8f7d9-5hfjt   1/1     Running   0          8m12s
argocd-redis-6d67ff987b-7rffz                      1/1     Running   0          8m11s
argocd-repo-server-67566f5fb4-tvkds                1/1     Running   0          8m11s
argocd-server-58dd4685bc-c8wlw                     1/1     Running   0          8m11s

修改為Nodeport或者loadbalancer亦或者Ingress才可用訪問Argocd WEBUI

[root@kn-server-master01-13 argocd]# kubectl get svc -n argocd
NAME                                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
argocd-applicationset-controller          ClusterIP   10.96.233.34    <none>        7000/TCP,8080/TCP            8m35s
argocd-dex-server                         ClusterIP   10.96.15.14     <none>        5556/TCP,5557/TCP,5558/TCP   8m35s
argocd-metrics                            ClusterIP   10.96.99.245    <none>        8082/TCP                     8m35s
argocd-notifications-controller-metrics   ClusterIP   10.96.154.168   <none>        9001/TCP                     8m35s
argocd-redis                              ClusterIP   10.96.182.219   <none>        6379/TCP                     8m35s
argocd-repo-server                        ClusterIP   10.96.108.40    <none>        8081/TCP,8084/TCP            8m35s
argocd-server                             ClusterIP   10.96.164.184   <none>        80/TCP,443/TCP               8m35s
argocd-server-metrics                     ClusterIP   10.96.83.5      <none>        8083/TCP                     8m35s

3. 安裝argocd CLI

3.1 下載客戶端的安裝包

[root@kn-server-master01-13 argocd]# wget  https://github.com/argoproj/argo-cd/releases/download/v2.5.3/argocd-linux-amd64
--2022-12-04 09:56:47--  https://github.com/argoproj/argo-cd/releases/download/v2.5.3/argocd-linux-amd64
正在解析主機 github.com (github.com)... 20.205.243.166
正在連線 github.com (github.com)|20.205.243.166|:443... 已連線。
已發出 HTTP 請求，正在等待回應... 302 Found
位置：https://objects.githubusercontent.com/github-production-release-asset-2e65be/120896210/dc4d761d-ef5d-4f4c-8dc3-a72e134313c1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221204T015648Z&X-Amz-Expires=300&X-Amz-Signature=ac9daeadb91a0f6b12cab84d5bc3b5d56abb78e960a93a62f68df9de904360bf&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=120896210&response-content-disposition=attachment%3B%20filename%3Dargocd-linux-amd64&response-content-type=application%2Foctet-stream [跟隨至新的 URL]
--2022-12-04 09:56:48--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/120896210/dc4d761d-ef5d-4f4c-8dc3-a72e134313c1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221204T015648Z&X-Amz-Expires=300&X-Amz-Signature=ac9daeadb91a0f6b12cab84d5bc3b5d56abb78e960a93a62f68df9de904360bf&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=120896210&response-content-disposition=attachment%3B%20filename%3Dargocd-linux-amd64&response-content-type=application%2Foctet-stream
正在解析主機 objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.110.133, ...
正在連線 objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... 已連線。
已發出 HTTP 請求，正在等待回應... 200 OK
長度：133625646 (127M) [application/octet-stream]
正在儲存至: “argocd-linux-amd64”

100%[==========================================================================================================================================================>] 133,625,646  595KB/s 用時 4m 18s 

2022-12-04 10:01:07 (506 KB/s) - 已儲存 “argocd-linux-amd64” [133625646/133625646])

3.2 複製並賦權

[root@kn-server-master01-13 argocd]# cp argocd-linux-amd64  /usr/local/bin/argocd
[root@kn-server-master01-13 argocd]#  chmod +x /usr/local/bin/argocd

4. 使用argocd CLI

4.1 argocd命令幫助

[root@kn-server-master01-13 argocd]# argocd --help
argocd controls a Argo CD server

Usage:
  argocd [flags]
  argocd [command]

Available Commands:
  account     Manage account settings
  admin       Contains a set of commands useful for Argo CD administrators and requires direct Kubernetes access
  app         Manage applications
  appset      Manage ApplicationSets
  cert        Manage repository certificates and SSH known hosts entries
  cluster     Manage cluster credentials
  completion  output shell completion code for the specified shell (bash or zsh)
  context     Switch between contexts
  gpg         Manage GPG keys used for signature verification
  help        Help about any command
  login       Log in to Argo CD
  logout      Log out from Argo CD
  proj        Manage projects
  relogin     Refresh an expired authenticate token
  repo        Manage repository connection parameters
  repocreds   Manage repository connection parameters
  version     Print version information

Flags:
      --auth-token string               Authentication token
      --client-crt string               Client certificate file
      --client-crt-key string           Client certificate key file
      --config string                   Path to Argo CD config (default "/root/.config/argocd/config")
      --core                            If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server
      --grpc-web                        Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2.
      --grpc-web-root-path string       Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.
  -H, --header strings                  Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)
  -h, --help                            help for argocd
      --http-retry-max int              Maximum number of retries to establish http connection to Argo CD server
      --insecure                        Skip server certificate and domain verification
      --kube-context string             Directs the command to the given kube-context
      --logformat string                Set the logging format. One of: text|json (default "text")
      --loglevel string                 Set the logging level. One of: debug|info|warn|error (default "info")
      --plaintext                       Disable TLS
      --port-forward                    Connect to a random argocd-server port using port forwarding
      --port-forward-namespace string   Namespace name which should be used for port forwarding
      --server string                   Argo CD server address
      --server-crt string               Server certificate file

Use "argocd [command] --help" for more information about a command.

4.2 命令列登陸argocd

[root@kn-server-master01-13 argocd]# argocd login 10.0.0.14
WARNING: server certificate had error: x509: cannot validate certificate for 10.0.0.14 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? yes
Username: admin
Password: 
'admin:login' logged in successfully
Context '10.0.0.14' updated

4.3 命令列修改argocd密碼

[root@kn-server-master01-13 argocd]# argocd account update-password
*** Enter password of currently logged in user (admin): 
*** Enter new password for user admin: 
*** Confirm new password for user admin: 
Password updated
Context '10.0.0.14' updated

另外Argocd可能在國內無法拖下映象，需要映象的可以留言，後續會將argocd映象上傳至Docker Hub。