大家好,我是张晋涛。

在前两篇内容中,我别离为大家介绍了 GitOps 的概念,以及用于施行 GitOps 的工具 Argo CD。本篇咱们将以一个示例我的项目为大家介绍 Argo CD 的实际。

创立集群

咱们通过 KIND(Kubernetes in Docker)工具创立一个用于本地测试的 Kubernetes 集群。应用如下的配置文件,创立一个蕴含一个 control plane 和三个 work 的集群。

kind: ClusterapiVersion: kind.x-k8s.io/v1alpha4nodes:- role: control-plane- role: worker- role: worker- role: worker

应用如下命令进行集群的创立:

➜ (MoeLove) kind create cluster --config=kind-config.yaml Creating cluster "kind" ... ✓ Ensuring node image (kindest/node:v1.20.2)   ✓ Preparing nodes       ✓ Writing configuration   ✓ Starting control-plane ️  ✓ Installing CNI   ✓ Installing StorageClass   ✓ Joining worker nodes  Set kubectl context to "kind-kind"You can now use your cluster with:kubectl cluster-info --context kind-kindHave a nice day!

执行如下命令期待集群齐全 Ready:

➜ (MoeLove) kubectl wait --for=condition=Ready nodes --all

部署 Argo CD

待集群状态齐全 Ready 后,开始进行 Argo CD 的部署。咱们创立一个名为 argocd 的 namespace。

部署

这里能够间接应用 Argo CD 我的项目中提供的部署文件进行装置。这里须要留神的是 此部署文件中 RBA 的配置中援用了 argocd 这个 namespace,所以如果你是将它部署到其余 namespace 中,那肯定要进行对应的批改。

➜ (MoeLove) kubectl create ns argocdnamespace/argocd created➜ (MoeLove) kubectl -n argocd apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yamlcustomresourcedefinition.apiextensions.k8s.io/applications.argoproj.io createdcustomresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io createdserviceaccount/argocd-application-controller createdserviceaccount/argocd-dex-server createdserviceaccount/argocd-redis createdserviceaccount/argocd-server createdrole.rbac.authorization.k8s.io/argocd-application-controller createdrole.rbac.authorization.k8s.io/argocd-dex-server createdrole.rbac.authorization.k8s.io/argocd-server createdclusterrole.rbac.authorization.k8s.io/argocd-application-controller createdclusterrole.rbac.authorization.k8s.io/argocd-server createdrolebinding.rbac.authorization.k8s.io/argocd-application-controller createdrolebinding.rbac.authorization.k8s.io/argocd-dex-server createdrolebinding.rbac.authorization.k8s.io/argocd-redis createdrolebinding.rbac.authorization.k8s.io/argocd-server createdclusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller createdclusterrolebinding.rbac.authorization.k8s.io/argocd-server createdconfigmap/argocd-cm createdconfigmap/argocd-cmd-params-cm createdconfigmap/argocd-gpg-keys-cm createdconfigmap/argocd-rbac-cm createdconfigmap/argocd-ssh-known-hosts-cm createdconfigmap/argocd-tls-certs-cm createdsecret/argocd-secret createdservice/argocd-dex-server createdservice/argocd-metrics createdservice/argocd-redis createdservice/argocd-repo-server createdservice/argocd-server createdservice/argocd-server-metrics createddeployment.apps/argocd-dex-server createddeployment.apps/argocd-redis createddeployment.apps/argocd-repo-server createddeployment.apps/argocd-server createdstatefulset.apps/argocd-application-controller creatednetworkpolicy.networking.k8s.io/argocd-application-controller-network-policy creatednetworkpolicy.networking.k8s.io/argocd-dex-server-network-policy creatednetworkpolicy.networking.k8s.io/argocd-redis-network-policy creatednetworkpolicy.networking.k8s.io/argocd-repo-server-network-policy creatednetworkpolicy.networking.k8s.io/argocd-server-network-policy created

查看状态

➜ (MoeLove) kubectl -n argocd get deployNAME                 READY   UP-TO-DATE   AVAILABLE   AGEargocd-dex-server    0/1     1            1           1margocd-redis         0/1     1            1           1margocd-repo-server   1/1     1            1           1margocd-server        0/1     1            1           1m

获取明码:

默认状况下装置好的 Argo CD 会启用基于 Basic Auth的身份校验,咱们能够在 Secret 资源中找到对应的明码。但须要留神的是 这个名字为 argocd-initial-admin-secret 的 sercret 资源是等到 Pod 处于 Running 状态后才会写入。

# 期待 Pod 全 Ready➜ (MoeLove) kubectl wait --for=condition=Ready pods --all -n argocdpod/argocd-application-controller-0 condition metpod/argocd-dex-server-5fc596bcdd-lnx65 condition metpod/argocd-redis-5b6967fdfc-mfbrr condition metpod/argocd-repo-server-98598b6c7-7pmgb condition metpod/argocd-server-5b4b7b868b-bjmzz condition met# 获取明码➜ (MoeLove) kubectl  -n argocd get secret argocd-initial-admin-secret -o template="{{ .data.password | base64decode }}" AFbmuBSmRo1F0Dow

通过 UI 拜访它

咱们能够通过 kubectl port-forward 将 argocd-server 的 443 端口映射到本地的 9080 端口。

➜ (MoeLove) ➜ (MoeLove) kubectl port-forward --address 0.0.0.0 service/argocd-server -n argocd 9080:443

这样在浏览器中就能够 ArgoCD dashboard ,这是 username 是 admin, 以及 password 便能够后面提到的『获取明码』章节 。

命令行拜访:

如果你不喜爱通过浏览器进行操作,那也能够应用 Argo CD 提供的 CLI 工具。

➜ (MoeLove) wget https://github.com/argoproj/argo-cd/releases/download/v2.1.2/argocd-linux-amd64 -O argocd➜ (MoeLove) chmod +x argocd➜ (MoeLove) mv argocd /bin/argocd# 执行这条命令前,咱们先通过 kubectl port-forward 进行了端口转发➜ (MoeLove) argocd login localhost:9080WARNING: server certificate had error: x509: certificate signed by unknown authority. Proceed insecurely (y/n)? yUsername: adminPassword: 'admin:login' logged in successfullyContext 'localhost:9080' updated

部署利用

这里我创立了一个示例我的项目,残缺内容能够在我的 GitHub https://github.com/tao1234566... 获取到。

创立指标 namespace

➜ (MoeLove) kubectl  create ns kustomizenamespace/kustomize created

创立 app

这里能够抉择在 Argo CD 的 UI 中间接配置,也能够应用 Argo CD 的 CLI 来配置,这里我以 CLI 配置为例

➜ (MoeLove) argocd app create argo-cd-demo --repo https://github.com/tao12345666333/argo-cd-demo.git --revision kustomize --path ./kustomization --dest-server https://kubernetes.default.svc --dest-namespace kustomize application 'argo-cd-demo' created

其中:

  • --repo 指定部署利用所应用的仓库地址;
  • --revision 指定部署利用所应用的分支,这里我应用了一个名为 kustomize 的分支;
  • --path 部署应用程序用到的 manifest 所在的地位
  • --dest-server 指标 Kubernetes 集群的地址
  • --dest-`namespace` 利用要部署的指标 namespace

查看状态

当 Application 创立实现后,也能够间接在 UI 上看到具体信息:

或者通过 argocd 在终端下进行查看:

➜ (MoeLove) argocd app get argo-cd-demoName:               argo-cd-demoProject:            defaultServer:             https://kubernetes.default.svcNamespace:          kustomizeURL:                https://localhost:8080/applications/argo-cd-demoRepo:               https://github.com/tao12345666333/argo-cd-demo.gitTarget:             kustomizePath:               ./kustomizationSyncWindow:         Sync AllowedSync Policy:        <none>Sync Status:        OutOfSync from kustomize (e8a2d77)Health Status:      MissingGROUP  KIND        NAMESPACE  NAME          STATUS     HEALTH   HOOK  MESSAGE       Service     kustomize  argo-cd-demo  OutOfSync  Missing        apps   Deployment  kustomize  argo-cd-demo  OutOfSync  Missing

能够看到以后的 Application 状态是 OutOfSync ,所以咱们能够为它触发一次 sync 操作,进行首次部署。

sync

能够在 UI 上点击 SYNC 按钮,或者通过 argocd CLI 来触发同步操作。

➜ (MoeLove) argocd app sync argo-cd-demoTIMESTAMP                  GROUP        KIND   NAMESPACE                  NAME    STATUS    HEALTH        HOOK  MESSAGE2021-10-30T10:35:33+00:00            Service   kustomize          argo-cd-demo  OutOfSync  Missing              2021-10-30T10:35:33+00:00   apps  Deployment   kustomize          argo-cd-demo  OutOfSync  Missing              2021-10-30T10:35:35+00:00            Service   kustomize          argo-cd-demo    Synced  Healthy              2021-10-30T10:35:35+00:00            Service   kustomize          argo-cd-demo    Synced   Healthy              service/argo-cd-demo created2021-10-30T10:35:35+00:00   apps  Deployment   kustomize          argo-cd-demo  OutOfSync  Missing              deployment.apps/argo-cd-demo created2021-10-30T10:35:35+00:00   apps  Deployment   kustomize          argo-cd-demo    Synced  Progressing              deployment.apps/argo-cd-demo createdName:               argo-cd-demoProject:            defaultServer:             https://kubernetes.default.svcNamespace:          kustomizeURL:                https://localhost:8080/applications/argo-cd-demoRepo:               https://github.com/tao12345666333/argo-cd-demo.gitTarget:             kustomizePath:               ./kustomizationSyncWindow:         Sync AllowedSync Policy:        <none>Sync Status:        Synced to kustomize (e8a2d77)Health Status:      ProgressingOperation:          SyncSync Revision:      e8a2d77cf0e5405ba9e5dc70d3bf44da91b3ce00Phase:              SucceededStart:              2021-10-30 10:35:33 +0000 UTCFinished:           2021-10-30 10:35:35 +0000 UTCDuration:           2sMessage:            successfully synced (all tasks run)GROUP  KIND        NAMESPACE  NAME          STATUS  HEALTH       HOOK  MESSAGE       Service     kustomize  argo-cd-demo  Synced  Healthy            service/argo-cd-demo createdapps   Deployment  kustomize  argo-cd-demo  Synced  Progressing        deployment.apps/argo-cd-demo created

同步胜利后,在 UI 上也能看到以后利用和同步的状态。

点击查看详情,能够看到利用部署的拓扑构造:

验证成果

CI

接下来在 kustomize 分支,进行一些代码上的批改,并提交到 GitHub 上。此时会触发我的项目中基于 GitHub Action 的 CI,咱们来看看其具体的配置:

  deploy:    name: Deploy    runs-on: ubuntu-latest    continue-on-error: true    needs: build    steps:      - name: Check out code        uses: actions/checkout@v2      - name: Setup Kustomize        uses: imranismail/setup-kustomize@v1        with:          kustomize-version: "4.3.0"      - name: Update Kubernetes resources        env:          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}        run: |-          cd manifests          kustomize edit set image ghcr.io/${{ github.repository }}/argo-cd-demo:${{ github.sha }}          cat kustomization.yaml          kustomize build ./ > ../kustomization/manifests.yaml          cat ../kustomization/manifests.yaml      - uses: EndBug/add-and-commit@v7        with:          default_author: github_actions          branch: kustomize

能够看到这里其实利用了 kustomize 这个工具,将最新的镜像写入到了部署利用所用的 manifest.yaml 文件中了,而后利用 EndBug/add-and-commit@v7 这个 action 将最新的 manifest.yaml 文件再提交回 GitHub 中。

查看状态

此时当 Sync 再次触发后,咱们也就能够看到最新的部署拓扑了。

总结

以上就是对于应用 Argo CD 实现 GitOps 的实际内容了。感兴趣的小伙伴能够间接在 GitHub 上找到此我的项目的残缺示例:https://github.com/tao1234566...

欢送订阅我的文章公众号【MoeLove】