1 部署 ArgoCD

官方提供四种部署方式,分别是:

此文档后面补充了下,所以会出现图片对不上的情况,但不影响观看

1.1 argo 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# 这里用的高可用配置
wget https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml
vim install.yaml

# 添加gitlab解析,避免访问不了gitlab
spec:
......
spec:
hostAliases:
- ip: 10.99.205.6
hostnames:
- gitlab.xpaas.lenovo.com
# 配置持久化, argocd-redis-ha-server配置文件里删除字段
- emptyDir: {}
name: data
# 删除,不然出现 failed exit status 2 参考: https://github.com/argoproj/argo-cd/issues/9809
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# 添加持久化
volumeClaimTemplates:
- metadata:
name: data
labels:
app: "redis"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"
storageClassName: "rbd-csi"
# 添加 http访问,默认强制https
apiVersion: v1
data:
redis.server: argocd-redis-ha-haproxy:6379
server.insecure: "true" #要添加的
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-cmd-params-cm
app.kubernetes.io/part-of: argocd
name: argocd-cmd-params-cm

1.2 查看pod是否正常

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
kubectl get pod -n argocd 
NAME READY STATUS RESTARTS AGE
argocd-application-controller-0 1/1 Running 0 48m
argocd-application-controller-1 1/1 Running 0 48m
argocd-application-controller-2 1/1 Running 0 49m
argocd-applicationset-controller-84c8548bf6-2p244 1/1 Running 0 33m
argocd-applicationset-controller-84c8548bf6-9gq5h 1/1 Running 0 33m
argocd-applicationset-controller-84c8548bf6-bvlkg 1/1 Running 0 33m
argocd-dex-server-65cb45687-5bxdb 1/1 Running 0 49m
argocd-dex-server-65cb45687-hzvlw 1/1 Running 0 49m
argocd-dex-server-65cb45687-kl24l 1/1 Running 0 49m
argocd-notifications-controller-7854c8cd9b-cjzbl 1/1 Running 0 33m
argocd-notifications-controller-7854c8cd9b-csqbb 1/1 Running 0 33m
argocd-notifications-controller-7854c8cd9b-xs874 1/1 Running 0 33m
argocd-redis-ha-haproxy-56546c5467-9mjrx 1/1 Running 0 48m
argocd-redis-ha-haproxy-56546c5467-bgmld 1/1 Running 0 49m
argocd-redis-ha-haproxy-56546c5467-ttccs 1/1 Running 0 48m
argocd-redis-ha-server-0 3/3 Running 0 44m
argocd-redis-ha-server-1 3/3 Running 0 46m
argocd-redis-ha-server-2 3/3 Running 0 48m
argocd-repo-server-5646948fd4-lvhl2 1/1 Running 0 50m
argocd-repo-server-5646948fd4-pklbb 1/1 Running 0 50m
argocd-repo-server-5646948fd4-xdt8h 1/1 Running 0 50m
argocd-server-7b7744ff5d-dtmn4 1/1 Running 0 48m
argocd-server-7b7744ff5d-t7t4q 1/1 Running 0 49m

# 查看密码
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

2 argocd-server 配置与使用

2.1 配置项目

命名空间可以使用简单对正则,比如 !xxx,表示不能部署到xxx命名空间

image-20211125105832844

2.2 添加 git 仓库

image-20211125105528713

没问题会显示 Successful

image-20211125105544343

2.3 添加集群

2.3.1 查看添加的集群信息

集群添加 kubeconfig 参考Kubernetes自定义权限,如果不想自定义权限也可以拷贝/root/.kube/config
比较重要的是 name

1
2
3
4
# 获取集群名称
kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* kubernetes kubernetes admin

2.3.2 argocd 添加集群

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# 拷贝刚才对kubeconfig
kubectl cp tstconfig -n argocd $(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o jsonpath='{.items[0].metadata.name}'):/home/argocd

# 查看密码
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

# 进入argo容器添加集群
# 进入容器
kubectl exec -it -n argocd $(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o jsonpath='{.items[0].metadata.name}') bash
# 登陆argocd
argocd login 127.0.0.1:8080 --username admin --password qweasd123 (查看密码结果)
WARNING: server certificate had error: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? y
'admin:login' logged in successfully
Context '127.0.0.1:8080' updated

# 添加集群
argocd cluster add kubernetes --kubeconfig tstconfig --name test-env

# 查看集群信息
# 没有配置app.所以集群状态Unknown
argocd cluster list
SERVER NAME VERSION STATUS MESSAGE PROJECT
https://kubernetes.default.svc ceph-tst-cluster 1.22 Successful
https://10.1.1.1:443 test-env Unknown Cluster has no applications and is not being monitored.

2.3.3 查看集群

image-20211125105734655

2.4 添加应用

image.png

2.5 配置权限

这里创建了俩账户,一个管理员权限,一个只读应用权限

kubectl edit configmap argocd-cm -n argocd

1
2
3
4
5
6
data:
accounts.argocd: login
accounts.argocd.enabled: "true"
accounts.argocd-admin: login
accounts.argocd-admin.enabled: "true"
admin.enabled: "true"

kubectl edit configmap argocd-rbac-cm -n argocd

1
2
3
4
5
6
data:
# 定义默认用户是只读用户角色
policy.default: role:readonly
# 定义管理员角色
policy.csv: |
g, argocd-admin, role:admin

2.5.1 登录 argo 服务

1
2
3
4
5
6
7
argocd login 127.0.0.1:8080 --username admin --password qweasd123 (查看密码结果)
# 查看用户
argocd account list
NAME ENABLED CAPABILITIES
admin true login
argocd true login
argocd-admin true login

2.5.2 修改密码

argocd account update-password --account admin --new-password qweasd
回车后输入上面步骤查到的root密码

2.5.3 测试

普通账户同步会报错

image-20211021165741090

管理员账户不会

image-20211021165805995

2.6 备份与恢复

1
2
3
4
5
kubectl exec -it -n argocd $(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o jsonpath='{.items[0].metadata.name}') bash
# 备份
argocd admin export > backup.yaml
# 恢复
argocd admin import - < backup.yaml

详细文档参考

3 web 使用

3.1 这里可以选择不同的展示

image-20210930112038110

3.2 查看服务的所有日志,不同的实例会有不同的颜色标记

image-20210930112116093

image-20210930112155421

3.3 看某个实例的日志

image-20210930112227106

image-20210928120253078

4 监控

参考官网,默认监控接口已经打开了