1 部署 ArgoCD

官方提供四种部署方式,分别是:

此文档后面补充了下,所以会出现图片对不上的情况,但不影响观看

1.1 argo 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# 这里用的高可用配置
wget https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml
vim install.yaml

# 添加gitlab解析,避免访问不了gitlab
spec:
......
    spec:
      hostAliases:
      - ip: 10.99.205.6
        hostnames:
        - gitlab.xpaas.ccops.com
# 配置持久化, argocd-redis-ha-server配置文件里删除字段
      - emptyDir: {}
        name: data
# 删除,不然出现 failed exit status 2 参考: https://github.com/argoproj/argo-cd/issues/9809
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
# 添加持久化
    volumeClaimTemplates:
      - metadata:
          name: data
          labels:
            app: "redis"
        spec:
          accessModes:
            - "ReadWriteOnce"
          resources:
            requests:
              storage: "8Gi"
          storageClassName: "rbd-csi"
# 添加 http访问,默认强制https
apiVersion: v1
data:
  redis.server:  argocd-redis-ha-haproxy:6379
  server.insecure: "true" #要添加的
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/name: argocd-cmd-params-cm
    app.kubernetes.io/part-of: argocd
  name: argocd-cmd-params-cm

1.2 查看pod是否正常

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
kubectl get pod -n argocd 
NAME                                                READY   STATUS    RESTARTS   AGE
argocd-application-controller-0                     1/1     Running   0          48m
argocd-application-controller-1                     1/1     Running   0          48m
argocd-application-controller-2                     1/1     Running   0          49m
argocd-applicationset-controller-84c8548bf6-2p244   1/1     Running   0          33m
argocd-applicationset-controller-84c8548bf6-9gq5h   1/1     Running   0          33m
argocd-applicationset-controller-84c8548bf6-bvlkg   1/1     Running   0          33m
argocd-dex-server-65cb45687-5bxdb                   1/1     Running   0          49m
argocd-dex-server-65cb45687-hzvlw                   1/1     Running   0          49m
argocd-dex-server-65cb45687-kl24l                   1/1     Running   0          49m
argocd-notifications-controller-7854c8cd9b-cjzbl    1/1     Running   0          33m
argocd-notifications-controller-7854c8cd9b-csqbb    1/1     Running   0          33m
argocd-notifications-controller-7854c8cd9b-xs874    1/1     Running   0          33m
argocd-redis-ha-haproxy-56546c5467-9mjrx            1/1     Running   0          48m
argocd-redis-ha-haproxy-56546c5467-bgmld            1/1     Running   0          49m
argocd-redis-ha-haproxy-56546c5467-ttccs            1/1     Running   0          48m
argocd-redis-ha-server-0                            3/3     Running   0          44m
argocd-redis-ha-server-1                            3/3     Running   0          46m
argocd-redis-ha-server-2                            3/3     Running   0          48m
argocd-repo-server-5646948fd4-lvhl2                 1/1     Running   0          50m
argocd-repo-server-5646948fd4-pklbb                 1/1     Running   0          50m
argocd-repo-server-5646948fd4-xdt8h                 1/1     Running   0          50m
argocd-server-7b7744ff5d-dtmn4                      1/1     Running   0          48m
argocd-server-7b7744ff5d-t7t4q                      1/1     Running   0          49m

# 查看密码
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

2 argocd-server 配置与使用

2.1 配置项目

命名空间可以使用简单对正则,比如 !xxx,表示不能部署到xxx命名空间

image-20211125105832844

2.2 添加 git 仓库

image-20211125105528713

没问题会显示 Successful

image-20211125105544343

2.3 添加集群

2.3.1 查看添加的集群信息

集群添加 kubeconfig 参考Kubernetes自定义权限,如果不想自定义权限也可以拷贝/root/.kube/config
比较重要的是 name

1
2
3
4
# 获取集群名称
kubectl config get-contexts
CURRENT   NAME         CLUSTER      AUTHINFO   NAMESPACE
*         kubernetes   kubernetes   admin

2.3.2 argocd 添加集群

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# 拷贝刚才对kubeconfig
kubectl cp  tstconfig -n argocd   $(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o jsonpath='{.items[0].metadata.name}'):/home/argocd

# 查看密码
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

# 进入argo容器添加集群
# 进入容器
kubectl exec -it -n argocd $(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o jsonpath='{.items[0].metadata.name}') bash
# 登陆argocd
argocd login 127.0.0.1:8080 --username admin --password qweasd123 (查看密码结果)
WARNING: server certificate had error: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? y
'admin:login' logged in successfully
Context '127.0.0.1:8080' updated

# 添加集群
argocd cluster add kubernetes --kubeconfig tstconfig --name test-env

# 查看集群信息
# 没有配置app.所以集群状态Unknown
argocd cluster list
SERVER                          NAME              VERSION  STATUS      MESSAGE                                                  PROJECT
https://kubernetes.default.svc  ceph-tst-cluster  1.22     Successful
https://10.1.1.1:443      test-env                   Unknown     Cluster has no applications and is not being monitored.

2.3.3 查看集群

image-20211125105734655

2.4 添加应用

image.png

2.5 配置权限

这里创建了俩账户,一个管理员权限,一个只读应用权限

kubectl edit configmap argocd-cm -n argocd

1
2
3
4
5
6
data:
  accounts.argocd: login
  accounts.argocd.enabled: "true"
  accounts.argocd-admin: login
  accounts.argocd-admin.enabled: "true"
  admin.enabled: "true"

kubectl edit configmap argocd-rbac-cm -n argocd

1
2
3
4
5
6
data:
  # 定义默认用户是只读用户角色
  policy.default: role:readonly
  # 定义管理员角色
  policy.csv: |
    g, argocd-admin, role:admin

2.5.1 登录 argo 服务

1
2
3
4
5
6
7
argocd login 127.0.0.1:8080 --username admin --password qweasd123 (查看密码结果)
# 查看用户
argocd account list
NAME          ENABLED  CAPABILITIES
admin         true     login
argocd        true     login
argocd-admin  true     login

2.5.2 修改密码

argocd account update-password --account admin --new-password qweasd
回车后输入上面步骤查到的root密码

2.5.3 测试

普通账户同步会报错

image-20211021165741090

管理员账户不会

image-20211021165805995

2.6 备份与恢复

1
2
3
4
5
kubectl exec -it -n argocd $(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o jsonpath='{.items[0].metadata.name}') bash
# 备份
argocd admin export > backup.yaml
# 恢复
argocd admin import - < backup.yaml

详细文档参考

3 web 使用

3.1 这里可以选择不同的展示

image-20210930112038110

3.2 查看服务的所有日志,不同的实例会有不同的颜色标记

image-20210930112116093

image-20210930112155421

3.3 看某个实例的日志

image-20210930112227106

image-20210928120253078

4 监控

参考官网,默认监控接口已经打开了