1 部署 ArgoCD
官方提供四种部署方式,分别是:
此文档后面补充了下,所以会出现图片对不上的情况,但不影响观看
1.1 argo 配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 wget https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml vim install.yaml spec: ...... spec: hostAliases: - ip: 10.99.205.6 hostnames: - gitlab.xpaas.ccops.com - emptyDir: {} name: data securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type : RuntimeDefault volumeClaimTemplates: - metadata: name: data labels: app: "redis" spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "8Gi" storageClassName: "rbd-csi" apiVersion: v1 data: redis.server: argocd-redis-ha-haproxy:6379 server.insecure: "true" kind: ConfigMap metadata: labels: app.kubernetes.io/name: argocd-cmd-params-cm app.kubernetes.io/part-of: argocd name: argocd-cmd-params-cm
1.2 查看pod是否正常
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 kubectl get pod -n argocd NAME READY STATUS RESTARTS AGE argocd-application-controller-0 1/1 Running 0 48m argocd-application-controller-1 1/1 Running 0 48m argocd-application-controller-2 1/1 Running 0 49m argocd-applicationset-controller-84c8548bf6-2p244 1/1 Running 0 33m argocd-applicationset-controller-84c8548bf6-9gq5h 1/1 Running 0 33m argocd-applicationset-controller-84c8548bf6-bvlkg 1/1 Running 0 33m argocd-dex-server-65cb45687-5bxdb 1/1 Running 0 49m argocd-dex-server-65cb45687-hzvlw 1/1 Running 0 49m argocd-dex-server-65cb45687-kl24l 1/1 Running 0 49m argocd-notifications-controller-7854c8cd9b-cjzbl 1/1 Running 0 33m argocd-notifications-controller-7854c8cd9b-csqbb 1/1 Running 0 33m argocd-notifications-controller-7854c8cd9b-xs874 1/1 Running 0 33m argocd-redis-ha-haproxy-56546c5467-9mjrx 1/1 Running 0 48m argocd-redis-ha-haproxy-56546c5467-bgmld 1/1 Running 0 49m argocd-redis-ha-haproxy-56546c5467-ttccs 1/1 Running 0 48m argocd-redis-ha-server-0 3/3 Running 0 44m argocd-redis-ha-server-1 3/3 Running 0 46m argocd-redis-ha-server-2 3/3 Running 0 48m argocd-repo-server-5646948fd4-lvhl2 1/1 Running 0 50m argocd-repo-server-5646948fd4-pklbb 1/1 Running 0 50m argocd-repo-server-5646948fd4-xdt8h 1/1 Running 0 50m argocd-server-7b7744ff5d-dtmn4 1/1 Running 0 48m argocd-server-7b7744ff5d-t7t4q 1/1 Running 0 49m kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
2 argocd-server 配置与使用
2.1 配置项目
命名空间可以使用简单对正则,比如 !xxx
,表示不能部署到xxx命名空间
2.2 添加 git 仓库
没问题会显示 Successful
2.3 添加集群
2.3.1 查看添加的集群信息
集群添加 kubeconfig 参考Kubernetes自定义权限 ,如果不想自定义权限也可以拷贝/root/.kube/config
比较重要的是 name
1 2 3 4 kubectl config get-contexts CURRENT NAME CLUSTER AUTHINFO NAMESPACE * kubernetes kubernetes admin
2.3.2 argocd 添加集群
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 kubectl cp tstconfig -n argocd $(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o jsonpath='{.items[0].metadata.name}' ):/home/argocd kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d kubectl exec -it -n argocd $(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o jsonpath='{.items[0].metadata.name}' ) bash argocd login 127.0.0.1:8080 --username admin --password qweasd123 (查看密码结果) WARNING: server certificate had error: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? y ' admin:login' logged in successfully Context ' 127.0.0.1:8080' updated # 添加集群 argocd cluster add kubernetes --kubeconfig tstconfig --name test-env # 查看集群信息 # 没有配置app.所以集群状态Unknown argocd cluster list SERVER NAME VERSION STATUS MESSAGE PROJECT https://kubernetes.default.svc ceph-tst-cluster 1.22 Successful https://10.1.1.1:443 test-env Unknown Cluster has no applications and is not being monitored.
2.3.3 查看集群
2.4 添加应用
2.5 配置权限
这里创建了俩账户,一个管理员权限,一个只读应用权限
kubectl edit configmap argocd-cm -n argocd
1 2 3 4 5 6 data: accounts.argocd: login accounts.argocd.enabled: "true" accounts.argocd-admin: login accounts.argocd-admin.enabled: "true" admin.enabled: "true"
kubectl edit configmap argocd-rbac-cm -n argocd
1 2 3 4 5 6 data: policy.default: role:readonly policy.csv: | g, argocd-admin, role:admin
2.5.1 登录 argo 服务
1 2 3 4 5 6 7 argocd login 127.0.0.1:8080 --username admin --password qweasd123 (查看密码结果) argocd account list NAME ENABLED CAPABILITIES admin true login argocd true login argocd-admin true login
2.5.2 修改密码
argocd account update-password --account admin --new-password qweasd
回车后输入上面步骤查到的root密码
2.5.3 测试
普通账户同步会报错
管理员账户不会
2.6 备份与恢复
1 2 3 4 5 kubectl exec -it -n argocd $(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o jsonpath='{.items[0].metadata.name}' ) bash argocd admin export > backup.yaml argocd admin import - < backup.yaml
详细文档参考
3 web 使用
3.1 这里可以选择不同的展示
3.2 查看服务的所有日志,不同的实例会有不同的颜色标记
3.3 看某个实例的日志
4 监控
参考官网,默认监控接口已经打开了