共计 8044 个字符,预计需要花费 21 分钟才能阅读完成。
大家好,我是张晋涛。
在前两篇内容中,我别离为大家介绍了 GitOps 的概念,以及用于施行 GitOps 的工具 Argo CD。本篇咱们将以一个示例我的项目为大家介绍 Argo CD 的实际。
创立集群
咱们通过 KIND(Kubernetes in Docker)工具创立一个用于本地测试的 Kubernetes 集群。应用如下的配置文件,创立一个蕴含一个 control plane 和三个 work 的集群。
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: worker
- role: worker
- role: worker
应用如下命令进行集群的创立:
➜ (MoeLove) kind create cluster --config=kind-config.yaml
Creating cluster "kind" ...
✓ Ensuring node image (kindest/node:v1.20.2) 🖼
✓ Preparing nodes 📦 📦 📦 📦
✓ Writing configuration 📜
✓ Starting control-plane 🕹️
✓ Installing CNI 🔌
✓ Installing StorageClass 💾
✓ Joining worker nodes 🚜
Set kubectl context to "kind-kind"
You can now use your cluster with:
kubectl cluster-info --context kind-kind
Have a nice day! 👋
执行如下命令期待集群齐全 Ready:
➜ (MoeLove) kubectl wait --for=condition=Ready nodes --all
部署 Argo CD
待集群状态齐全 Ready 后,开始进行 Argo CD 的部署。咱们创立一个名为 argocd
的 namespace。
部署
这里能够间接应用 Argo CD 我的项目中提供的部署文件进行装置。这里须要留神的是 此部署文件中 RBA 的配置中援用了 argocd 这个 namespace,所以如果你是将它部署到其余 namespace 中,那肯定要进行对应的批改。
➜ (MoeLove) kubectl create ns argocd
namespace/argocd created
➜ (MoeLove) kubectl -n argocd apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-redis created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-redis created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-cmd-params-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-secret created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server created
service/argocd-server-metrics created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
statefulset.apps/argocd-application-controller created
networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy created
查看状态
➜ (MoeLove) kubectl -n argocd get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
argocd-dex-server 0/1 1 1 1m
argocd-redis 0/1 1 1 1m
argocd-repo-server 1/1 1 1 1m
argocd-server 0/1 1 1 1m
获取明码:
默认状况下装置好的 Argo CD 会启用基于 Basic Auth 的身份校验,咱们能够在 Secret
资源中找到对应的明码。但须要留神的是 这个名字为 argocd-initial-admin-secret 的 sercret 资源是等到 Pod 处于 Running 状态后才会写入。
# 期待 Pod 全 Ready
➜ (MoeLove) kubectl wait --for=condition=Ready pods --all -n argocd
pod/argocd-application-controller-0 condition met
pod/argocd-dex-server-5fc596bcdd-lnx65 condition met
pod/argocd-redis-5b6967fdfc-mfbrr condition met
pod/argocd-repo-server-98598b6c7-7pmgb condition met
pod/argocd-server-5b4b7b868b-bjmzz condition met
# 获取明码
➜ (MoeLove) kubectl -n argocd get secret argocd-initial-admin-secret -o template="{{.data.password | base64decode}}"
AFbmuBSmRo1F0Dow
通过 UI 拜访它
咱们能够通过 kubectl port-forward
将 argocd-server 的 443 端口映射到本地的 9080
端口。
➜ (MoeLove) ➜ (MoeLove) kubectl port-forward --address 0.0.0.0 service/argocd-server -n argocd 9080:443
这样在浏览器中就能够 ArgoCD dashboard,这是 username 是 admin, 以及 password 便能够后面提到的『获取明码』章节。
命令行拜访:
如果你不喜爱通过浏览器进行操作,那也能够应用 Argo CD 提供的 CLI 工具。
➜ (MoeLove) wget https://github.com/argoproj/argo-cd/releases/download/v2.1.2/argocd-linux-amd64 -O argocd
➜ (MoeLove) chmod +x argocd
➜ (MoeLove) mv argocd /bin/argocd
# 执行这条命令前,咱们先通过 kubectl port-forward 进行了端口转发
➜ (MoeLove) argocd login localhost:9080
WARNING: server certificate had error: x509: certificate signed by unknown authority. Proceed insecurely (y/n)? y
Username: admin
Password:
'admin:login' logged in successfully
Context 'localhost:9080' updated
部署利用
这里我创立了一个示例我的项目,残缺内容能够在我的 GitHub https://github.com/tao1234566… 获取到。
创立指标 namespace
➜ (MoeLove) kubectl create ns kustomize
namespace/kustomize created
创立 app
这里能够抉择在 Argo CD 的 UI 中间接配置,也能够应用 Argo CD 的 CLI 来配置,这里我以 CLI 配置为例
➜ (MoeLove) argocd app create argo-cd-demo --repo https://github.com/tao12345666333/argo-cd-demo.git --revision kustomize --path ./kustomization --dest-server https://kubernetes.default.svc --dest-namespace kustomize
application 'argo-cd-demo' created
其中:
--repo
指定部署利用所应用的仓库地址;--revision
指定部署利用所应用的分支,这里我应用了一个名为kustomize
的分支;--path
部署应用程序用到的 manifest 所在的地位--dest-server
指标 Kubernetes 集群的地址--dest-
`namespace` 利用要部署的指标 namespace
查看状态
当 Application 创立实现后,也能够间接在 UI 上看到具体信息:
或者通过 argocd 在终端下进行查看:
➜ (MoeLove) argocd app get argo-cd-demo
Name: argo-cd-demo
Project: default
Server: https://kubernetes.default.svc
Namespace: kustomize
URL: https://localhost:8080/applications/argo-cd-demo
Repo: https://github.com/tao12345666333/argo-cd-demo.git
Target: kustomize
Path: ./kustomization
SyncWindow: Sync Allowed
Sync Policy: <none>
Sync Status: OutOfSync from kustomize (e8a2d77)
Health Status: Missing
GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
Service kustomize argo-cd-demo OutOfSync Missing
apps Deployment kustomize argo-cd-demo OutOfSync Missing
能够看到以后的 Application 状态是 OutOfSync
,所以咱们能够为它触发一次 sync 操作,进行首次部署。
sync
能够在 UI 上点击 SYNC
按钮,或者通过 argocd
CLI 来触发同步操作。
➜ (MoeLove) argocd app sync argo-cd-demo
TIMESTAMP GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
2021-10-30T10:35:33+00:00 Service kustomize argo-cd-demo OutOfSync Missing
2021-10-30T10:35:33+00:00 apps Deployment kustomize argo-cd-demo OutOfSync Missing
2021-10-30T10:35:35+00:00 Service kustomize argo-cd-demo Synced Healthy
2021-10-30T10:35:35+00:00 Service kustomize argo-cd-demo Synced Healthy service/argo-cd-demo created
2021-10-30T10:35:35+00:00 apps Deployment kustomize argo-cd-demo OutOfSync Missing deployment.apps/argo-cd-demo created
2021-10-30T10:35:35+00:00 apps Deployment kustomize argo-cd-demo Synced Progressing deployment.apps/argo-cd-demo created
Name: argo-cd-demo
Project: default
Server: https://kubernetes.default.svc
Namespace: kustomize
URL: https://localhost:8080/applications/argo-cd-demo
Repo: https://github.com/tao12345666333/argo-cd-demo.git
Target: kustomize
Path: ./kustomization
SyncWindow: Sync Allowed
Sync Policy: <none>
Sync Status: Synced to kustomize (e8a2d77)
Health Status: Progressing
Operation: Sync
Sync Revision: e8a2d77cf0e5405ba9e5dc70d3bf44da91b3ce00
Phase: Succeeded
Start: 2021-10-30 10:35:33 +0000 UTC
Finished: 2021-10-30 10:35:35 +0000 UTC
Duration: 2s
Message: successfully synced (all tasks run)
GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
Service kustomize argo-cd-demo Synced Healthy service/argo-cd-demo created
apps Deployment kustomize argo-cd-demo Synced Progressing deployment.apps/argo-cd-demo created
同步胜利后,在 UI 上也能看到以后利用和同步的状态。
点击查看详情,能够看到利用部署的拓扑构造:
验证成果
CI
接下来在 kustomize 分支,进行一些代码上的批改,并提交到 GitHub 上。此时会触发我的项目中基于 GitHub Action 的 CI,咱们来看看其具体的配置:
deploy:
name: Deploy
runs-on: ubuntu-latest
continue-on-error: true
needs: build
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Setup Kustomize
uses: imranismail/setup-kustomize@v1
with:
kustomize-version: "4.3.0"
- name: Update Kubernetes resources
env:
DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
run: |-
cd manifests
kustomize edit set image ghcr.io/${{github.repository}}/argo-cd-demo:${{github.sha}}
cat kustomization.yaml
kustomize build ./ > ../kustomization/manifests.yaml
cat ../kustomization/manifests.yaml
- uses: EndBug/add-and-commit@v7
with:
default_author: github_actions
branch: kustomize
能够看到这里其实利用了 kustomize
这个工具,将最新的镜像写入到了部署利用所用的 manifest.yaml 文件中了,而后利用 EndBug/add-and-commit@v7
这个 action 将最新的 manifest.yaml
文件再提交回 GitHub 中。
查看状态
此时当 Sync 再次触发后,咱们也就能够看到最新的部署拓扑了。
总结
以上就是对于应用 Argo CD 实现 GitOps 的实际内容了。感兴趣的小伙伴能够间接在 GitHub 上找到此我的项目的残缺示例:https://github.com/tao1234566…
欢送订阅我的文章公众号【MoeLove】