GitOps实践之kubernetes安装argocd

1. 什么是argocd

1.Argo CD是Kubernetes的一个声明性GitOps持续交付工具。
2.应用程序定义、配置和环境应该是声明性的和版本控制的。应用程序部署和生命周期管理应自动化、可审核且易于理解。
3.Argo CD 是以 Kubernetes 作为基础设施，遵循声明式 GitOps 理念的持续交付（continuous delivery, CD）工具，支持多种配置管理工具，包括 ksonnet/jsonnet、kustomize 和 Helm 等。它的配置和使用非常简单，并且自带一个简单易用的可视化界面。
4.按照官方定义，Argo CD 被实现为一个 Kubernetes 控制器，它会持续监控正在运行的应用，并将当前的实际状态与 Git 仓库中声明的期望状态进行比较，如果实际状态不符合期望状态，就会更新应用的实际状态以匹配期望状态。
5.Argo CD 会被部署在 Kubernetes 集群中，使用的是基于 Pull 的部署模式，它会周期性地监控应用的实际状态，也会周期性地拉取 Git 仓库中的配置清单，并将实际状态与期望状态进行比较，如果实际状态不符合期望状态，就会更新应用的实际状态以匹配期望状态。

官方文档: https://argo-cd.readthedocs.io/en/stable/

2. 安装argocd

2.1 部署yaml

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/core-install.yaml
[root@kn-server-master01-13 argocd]# kubectl apply -n argocd -f  install.yaml 
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/applicationsets.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-applicationset-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-notifications-controller created
serviceaccount/argocd-redis created
serviceaccount/argocd-repo-server created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-applicationset-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-notifications-controller created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-notifications-controller created
rolebinding.rbac.authorization.k8s.io/argocd-redis created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-cmd-params-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-notifications-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-notifications-secret created
secret/argocd-secret created
service/argocd-applicationset-controller created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-notifications-controller-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server created
service/argocd-server-metrics created
deployment.apps/argocd-applicationset-controller created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-notifications-controller created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
statefulset.apps/argocd-application-controller created
networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-applicationset-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
networkpolicy.networking.k8s.io/argocd-notifications-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy created

Pod都已经running

[root@kn-server-master01-13 argocd]# kubectl get pods -n argocd
NAME                                               READY   STATUS    RESTARTS   AGE
argocd-application-controller-0                    1/1     Running   0          8m11s
argocd-applicationset-controller-fb8d96cb5-l9kxc   1/1     Running   0          8m12s
argocd-dex-server-69f8bb9b-79wkz                   1/1     Running   0          8m12s
argocd-notifications-controller-85fdd8f7d9-5hfjt   1/1     Running   0          8m12s
argocd-redis-6d67ff987b-7rffz                      1/1     Running   0          8m11s
argocd-repo-server-67566f5fb4-tvkds                1/1     Running   0          8m11s
argocd-server-58dd4685bc-c8wlw                     1/1     Running   0          8m11s

修改为Nodeport或者loadbalancer亦或者Ingress才可用访问Argocd WEBUI

[root@kn-server-master01-13 argocd]# kubectl get svc -n argocd
NAME                                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
argocd-applicationset-controller          ClusterIP   10.96.233.34    <none>        7000/TCP,8080/TCP            8m35s
argocd-dex-server                         ClusterIP   10.96.15.14     <none>        5556/TCP,5557/TCP,5558/TCP   8m35s
argocd-metrics                            ClusterIP   10.96.99.245    <none>        8082/TCP                     8m35s
argocd-notifications-controller-metrics   ClusterIP   10.96.154.168   <none>        9001/TCP                     8m35s
argocd-redis                              ClusterIP   10.96.182.219   <none>        6379/TCP                     8m35s
argocd-repo-server                        ClusterIP   10.96.108.40    <none>        8081/TCP,8084/TCP            8m35s
argocd-server                             ClusterIP   10.96.164.184   <none>        80/TCP,443/TCP               8m35s
argocd-server-metrics                     ClusterIP   10.96.83.5      <none>        8083/TCP                     8m35s

3. 安装argocd CLI

3.1 下载客户端的安装包

[root@kn-server-master01-13 argocd]# wget  https://github.com/argoproj/argo-cd/releases/download/v2.5.3/argocd-linux-amd64
--2022-12-04 09:56:47--  https://github.com/argoproj/argo-cd/releases/download/v2.5.3/argocd-linux-amd64
正在解析主机 github.com (github.com)... 20.205.243.166
正在连接 github.com (github.com)|20.205.243.166|:443... 已连接。
已发出 HTTP 请求，正在等待回应... 302 Found
位置：https://objects.githubusercontent.com/github-production-release-asset-2e65be/120896210/dc4d761d-ef5d-4f4c-8dc3-a72e134313c1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221204T015648Z&X-Amz-Expires=300&X-Amz-Signature=ac9daeadb91a0f6b12cab84d5bc3b5d56abb78e960a93a62f68df9de904360bf&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=120896210&response-content-disposition=attachment%3B%20filename%3Dargocd-linux-amd64&response-content-type=application%2Foctet-stream [跟随至新的 URL]
--2022-12-04 09:56:48--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/120896210/dc4d761d-ef5d-4f4c-8dc3-a72e134313c1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221204T015648Z&X-Amz-Expires=300&X-Amz-Signature=ac9daeadb91a0f6b12cab84d5bc3b5d56abb78e960a93a62f68df9de904360bf&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=120896210&response-content-disposition=attachment%3B%20filename%3Dargocd-linux-amd64&response-content-type=application%2Foctet-stream
正在解析主机 objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.110.133, ...
正在连接 objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... 已连接。
已发出 HTTP 请求，正在等待回应... 200 OK
长度：133625646 (127M) [application/octet-stream]
正在保存至: “argocd-linux-amd64”

100%[==========================================================================================================================================================>] 133,625,646  595KB/s 用时 4m 18s 

2022-12-04 10:01:07 (506 KB/s) - 已保存 “argocd-linux-amd64” [133625646/133625646])

3.2 拷贝并赋权

[root@kn-server-master01-13 argocd]# cp argocd-linux-amd64  /usr/local/bin/argocd
[root@kn-server-master01-13 argocd]#  chmod +x /usr/local/bin/argocd

4. 使用argocd CLI

4.1 argocd命令帮助

[root@kn-server-master01-13 argocd]# argocd --help
argocd controls a Argo CD server

Usage:
  argocd [flags]
  argocd [command]

Available Commands:
  account     Manage account settings
  admin       Contains a set of commands useful for Argo CD administrators and requires direct Kubernetes access
  app         Manage applications
  appset      Manage ApplicationSets
  cert        Manage repository certificates and SSH known hosts entries
  cluster     Manage cluster credentials
  completion  output shell completion code for the specified shell (bash or zsh)
  context     Switch between contexts
  gpg         Manage GPG keys used for signature verification
  help        Help about any command
  login       Log in to Argo CD
  logout      Log out from Argo CD
  proj        Manage projects
  relogin     Refresh an expired authenticate token
  repo        Manage repository connection parameters
  repocreds   Manage repository connection parameters
  version     Print version information

Flags:
      --auth-token string               Authentication token
      --client-crt string               Client certificate file
      --client-crt-key string           Client certificate key file
      --config string                   Path to Argo CD config (default "/root/.config/argocd/config")
      --core                            If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server
      --grpc-web                        Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2.
      --grpc-web-root-path string       Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.
  -H, --header strings                  Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)
  -h, --help                            help for argocd
      --http-retry-max int              Maximum number of retries to establish http connection to Argo CD server
      --insecure                        Skip server certificate and domain verification
      --kube-context string             Directs the command to the given kube-context
      --logformat string                Set the logging format. One of: text|json (default "text")
      --loglevel string                 Set the logging level. One of: debug|info|warn|error (default "info")
      --plaintext                       Disable TLS
      --port-forward                    Connect to a random argocd-server port using port forwarding
      --port-forward-namespace string   Namespace name which should be used for port forwarding
      --server string                   Argo CD server address
      --server-crt string               Server certificate file

Use "argocd [command] --help" for more information about a command.

4.2 命令行登陆argocd

[root@kn-server-master01-13 argocd]# argocd login 10.0.0.14
WARNING: server certificate had error: x509: cannot validate certificate for 10.0.0.14 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? yes
Username: admin
Password: 
'admin:login' logged in successfully
Context '10.0.0.14' updated

4.3 命令行修改argocd密码

[root@kn-server-master01-13 argocd]# argocd account update-password
*** Enter password of currently logged in user (admin): 
*** Enter new password for user admin: 
*** Confirm new password for user admin: 
Password updated
Context '10.0.0.14' updated