4
头图

Hi everyone, this is Zhang Jintao.

In the previous two content, I were to introduce the GitOps concept , and tool for the implementation of GitOps CD Argo . In this article, we will introduce the practice of Argo CD with a sample project.

Create a cluster

We use the KIND (Kubernetes in Docker) tool to create a Kubernetes cluster for local testing. Use the following configuration file to create a cluster with a control plane and three work.

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: worker
- role: worker
- role: worker

Use the following command to create a cluster:

➜ (MoeLove) kind create cluster --config=kind-config.yaml 
Creating cluster "kind" ...
 ✓ Ensuring node image (kindest/node:v1.20.2) 🖼 
 ✓ Preparing nodes 📦 📦 📦 📦  
 ✓ Writing configuration 📜 
 ✓ Starting control-plane 🕹️ 
 ✓ Installing CNI 🔌 
 ✓ Installing StorageClass 💾 
 ✓ Joining worker nodes 🚜 
Set kubectl context to "kind-kind"
You can now use your cluster with:

kubectl cluster-info --context kind-kind

Have a nice day! 👋

Execute the following command to wait for the cluster to be fully ready:

➜ (MoeLove) kubectl wait --for=condition=Ready nodes --all

Deploy Argo CD

After the cluster status is completely Ready, start the deployment of Argo CD. We create a namespace argocd

deploy

Here you can directly use the deployment file provided in the Argo CD project for installation. It should be noted that this deployment configuration file RBA cited argocd this namespace, so if you are deploying it to other namespace in, it must be corresponding changes.

➜ (MoeLove) kubectl create ns argocd
namespace/argocd created
➜ (MoeLove) kubectl -n argocd apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-redis created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-redis created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-cmd-params-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-secret created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server created
service/argocd-server-metrics created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
statefulset.apps/argocd-application-controller created
networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy created

Check status

➜ (MoeLove) kubectl -n argocd get deploy
NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
argocd-dex-server    0/1     1            1           1m
argocd-redis         0/1     1            1           1m
argocd-repo-server   1/1     1            1           1m
argocd-server        0/1     1            1           1m

Get password:

By default, the installed Argo CD will enable Basic Auth-based identity verification. We can find the corresponding password Secret But note that name is argocd-Initial-ADMIN-Secret after sercret resources until the Pod is not written in the Running state.

# 等待 Pod 全 Ready
➜ (MoeLove) kubectl wait --for=condition=Ready pods --all -n argocd
pod/argocd-application-controller-0 condition met
pod/argocd-dex-server-5fc596bcdd-lnx65 condition met
pod/argocd-redis-5b6967fdfc-mfbrr condition met
pod/argocd-repo-server-98598b6c7-7pmgb condition met
pod/argocd-server-5b4b7b868b-bjmzz condition met

# 获取密码
➜ (MoeLove) kubectl  -n argocd get secret argocd-initial-admin-secret -o template="{{ .data.password | base64decode }}" 
AFbmuBSmRo1F0Dow

Access it through the UI

We can kubectl port-forward 443 port mapping to the local argocd-server of 9080 port.

➜ (MoeLove) ➜ (MoeLove) kubectl port-forward --address 0.0.0.0 service/argocd-server -n argocd 9080:443

In this way, you can get the ArgoCD dashboard in the browser. This is username is admin, and the password can be used in the "Get Password" chapter mentioned earlier.

img

Command line access:

If you don't like to operate through the browser, you can also use the CLI tool provided by Argo CD.

➜ (MoeLove) wget https://github.com/argoproj/argo-cd/releases/download/v2.1.2/argocd-linux-amd64 -O argocd
➜ (MoeLove) chmod +x argocd
➜ (MoeLove) mv argocd /bin/argocd

# 执行这条命令前,我们先通过 kubectl port-forward 进行了端口转发
➜ (MoeLove) argocd login localhost:9080
WARNING: server certificate had error: x509: certificate signed by unknown authority. Proceed insecurely (y/n)? y
Username: admin
Password: 
'admin:login' logged in successfully
Context 'localhost:9080' updated

Deploy the application

Here I created a sample project, the complete content can be obtained on my GitHub https://github.com/tao12345666333/argo-cd-demo .

Create target namespace

➜ (MoeLove) kubectl  create ns kustomize
namespace/kustomize created

Create app

Here you can choose to configure directly in the UI of Argo CD, or you can use the CLI of Argo CD to configure, here I take the CLI configuration as an example

➜ (MoeLove) argocd app create argo-cd-demo --repo https://github.com/tao12345666333/argo-cd-demo.git --revision kustomize --path ./kustomization --dest-server https://kubernetes.default.svc --dest-namespace kustomize 
application 'argo-cd-demo' created

in:

  • --repo specifies the warehouse address used to deploy the application;
  • --revision specifies the branch used to deploy the application. Here I used a branch kustomize
  • --path The location of the manifest used to deploy the application
  • --dest-server The address of the target Kubernetes cluster
  • --dest- The target namespace of the `namespace` application to be deployed

Check status

After the Application is created, you can also see the specific information directly on the UI:

img

Or view it in the terminal through argocd:

➜ (MoeLove) argocd app get argo-cd-demo
Name:               argo-cd-demo
Project:            default
Server:             https://kubernetes.default.svc
Namespace:          kustomize
URL:                https://localhost:8080/applications/argo-cd-demo
Repo:               https://github.com/tao12345666333/argo-cd-demo.git
Target:             kustomize
Path:               ./kustomization
SyncWindow:         Sync Allowed
Sync Policy:        <none>
Sync Status:        OutOfSync from kustomize (e8a2d77)
Health Status:      Missing

GROUP  KIND        NAMESPACE  NAME          STATUS     HEALTH   HOOK  MESSAGE
       Service     kustomize  argo-cd-demo  OutOfSync  Missing        
apps   Deployment  kustomize  argo-cd-demo  OutOfSync  Missing 

You can see that the current Application status is OutOfSync , so we can trigger a sync operation for it for the first deployment.

sync

You can click the SYNC button on the UI or use the argocd CLI to trigger the synchronization operation.

➜ (MoeLove) argocd app sync argo-cd-demo
TIMESTAMP                  GROUP        KIND   NAMESPACE                  NAME    STATUS    HEALTH        HOOK  MESSAGE
2021-10-30T10:35:33+00:00            Service   kustomize          argo-cd-demo  OutOfSync  Missing              
2021-10-30T10:35:33+00:00   apps  Deployment   kustomize          argo-cd-demo  OutOfSync  Missing              
2021-10-30T10:35:35+00:00            Service   kustomize          argo-cd-demo    Synced  Healthy              
2021-10-30T10:35:35+00:00            Service   kustomize          argo-cd-demo    Synced   Healthy              service/argo-cd-demo created
2021-10-30T10:35:35+00:00   apps  Deployment   kustomize          argo-cd-demo  OutOfSync  Missing              deployment.apps/argo-cd-demo created
2021-10-30T10:35:35+00:00   apps  Deployment   kustomize          argo-cd-demo    Synced  Progressing              deployment.apps/argo-cd-demo created

Name:               argo-cd-demo
Project:            default
Server:             https://kubernetes.default.svc
Namespace:          kustomize
URL:                https://localhost:8080/applications/argo-cd-demo
Repo:               https://github.com/tao12345666333/argo-cd-demo.git
Target:             kustomize
Path:               ./kustomization
SyncWindow:         Sync Allowed
Sync Policy:        <none>
Sync Status:        Synced to kustomize (e8a2d77)
Health Status:      Progressing

Operation:          Sync
Sync Revision:      e8a2d77cf0e5405ba9e5dc70d3bf44da91b3ce00
Phase:              Succeeded
Start:              2021-10-30 10:35:33 +0000 UTC
Finished:           2021-10-30 10:35:35 +0000 UTC
Duration:           2s
Message:            successfully synced (all tasks run)

GROUP  KIND        NAMESPACE  NAME          STATUS  HEALTH       HOOK  MESSAGE
       Service     kustomize  argo-cd-demo  Synced  Healthy            service/argo-cd-demo created
apps   Deployment  kustomize  argo-cd-demo  Synced  Progressing        deployment.apps/argo-cd-demo created

After the synchronization is successful, the current application and synchronization status can also be seen on the UI.

img

Click to view details, you can see the topology of the application deployment:

img

Verification effect

CI

Next, make some code changes on the kustomize branch and submit them to GitHub. At this time, the CI based on GitHub Action in the project will be triggered. Let's take a look at its specific configuration:

  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    continue-on-error: true
    needs: build

    steps:
      - name: Check out code
        uses: actions/checkout@v2

      - name: Setup Kustomize
        uses: imranismail/setup-kustomize@v1
        with:
          kustomize-version: "4.3.0"

      - name: Update Kubernetes resources
        env:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
        run: |-
          cd manifests
          kustomize edit set image ghcr.io/${{ github.repository }}/argo-cd-demo:${{ github.sha }}
          cat kustomization.yaml
          kustomize build ./ > ../kustomization/manifests.yaml
          cat ../kustomization/manifests.yaml

      - uses: EndBug/add-and-commit@v7
        with:
          default_author: github_actions
          branch: kustomize

We can see here, in fact, take advantage of the kustomize this tool will write the latest image file to the manifest.yaml deploy applications used in, and then use EndBug/add-and-commit@v7 this action will be the latest manifest.yaml file and then committed back in GitHub.

Check status

At this point when Sync is triggered again, we can also see the latest deployment topology.

img

Summarize

The above is about the practical content of using Argo CD to implement GitOps. Interested friends can find the complete example of this project directly on GitHub: https://github.com/tao12345666333/argo-cd-demo


Welcome to subscribe to my article public account【MoeLove】

TheMoeLove


张晋涛
1.7k 声望19.7k 粉丝