安装Argo CD
单独为Argo CD创建命名空间argocd,命令如下所示。
$ kubectl create namespace argocd
namespace/argocd created
使用以下命令将Argo CD部署到argocd命名空间下。
$ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-secret created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server-metrics created
service/argocd-server created
deployment.apps/argocd-application-controller created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
查看Argo CD所有Deployment部署的运行状态,如下所示。
$ kubectl -n argocd get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
argocd-application-controller 1/1 1 1 2m41s
argocd-dex-server 1/1 1 1 2m41s
argocd-redis 1/1 1 1 2m41s
argocd-repo-server 1/1 1 1 2m41s
argocd-server 1/1 1 1 2m41s
Argo CD中每个Deployment部署的职责如下所示。
- argocd-application-controller:Application Controller组件。
- argocd-dex-server:Argo CD集成Dex service用于将身份验证委托给外部提供者,更多关于Dex的介绍请访问Dex社区(https://github.com/dexidp/dex)进行了解。
- argocd-redis:Argo CD集成Redis服务,用于临时缓存,缓存丢失并不会影响Argo CD的正常工作。
- argocd-repo-server:Repository Server组件。
- argocd-server:API Server组件。
Argo CD的访问方式
用户可以使用Web UI或者CLI方式访问Argo CD。
1. 使用CLI访问Argo CD
下载并安装Argo CD CLI工具,Linux系统和Mac OS系统下对应不同的二进制可执行文件。
Linux系统安装命令如下所示。
$ VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argocd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
$ curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argocd/releases/download/$VERSION/argocd-linux-amd64
$ chmod +x /usr/local/bin/argocd
Mac OS系统安装命令如下所示。
$ VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argocd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
$ curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argocd/releases/download/$VERSION/argocd-darwin-amd64
$ chmod +x /usr/local/bin/argocd
使用以下命令检查CLI是否正常执行。
$ argocd version
argocd: v1.7.4+f8cbd6b
BuildDate: 2020-09-05T02:44:27Z
GitCommit: f8cbd6bf432327cc3b0f70d23b66511bb906a178
GitTreeState: clean
GoVersion: go1.14.1
Compiler: gc
Platform: linux/amd64
FATA[0000] Argo CD server address unspecified
CLI访问Argo CD之前需要使用用户名和密码进行登录,默认的内置用户名是admin,初始密码为Argo CD API Server Pod的名字,可以使用如下命令获取初始密码。
$ kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
argocd-server-cf8dbb7bd-n5zrv
获取Argo CD API Server服务访问端点,命令如下所示。
$ kubectl get svc -n argocd -l app.kubernetes.io/name=argocd-server |grep argocd-server
argocd-server ClusterIP 172.27.8.59 <none> 80/TCP,443/TCP 26m
使用用户名密码登录Argo CD系统。
$ argocd login 172.27.8.59
WARNING: server certificate had error: x509: cannot validate certificate for 172.27.8.59 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? y
Username: admin
Password:
'admin' logged in successfully
Context '172.27.8.59' updated
再次使用Argo CD CLI命令查看客户端和服务端的版本信息,若都能正确输出信息则说明客户端和服务端正常工作。
$ argocd version
argocd: v1.7.4+f8cbd6b
BuildDate: 2020-09-05T02:44:27Z
GitCommit: f8cbd6bf432327cc3b0f70d23b66511bb906a178
GitTreeState: clean
GoVersion: go1.14.1
Compiler: gc
Platform: linux/amd64
argocd-server: v1.7.3+b4c79cc
BuildDate: 2020-09-01T23:19:02Z
GitCommit: b4c79ccb88173604c3786dcd34e83a9d7e8919a5
GitTreeState: clean
GoVersion: go1.14.1
Compiler: gc
Platform: linux/amd64
Ksonnet Version: v0.13.1
Kustomize Version: {Version:kustomize/v3.6.1 GitCommit:c97fa946d576eb6ed559f17f2ac43b3b5a8d5dbd BuildDate:2020-05-27T20:47:35Z GoOs:linux GoArch:amd64}
Helm Version: version.BuildInfo{Version:"v3.2.0", GitCommit:"e11b7ce3b12db2941e90399e874513fbd24bcb71", GitTreeState:"clean", GoVersion:"go1.13.10"}
Kubectl Version: v1.17.8
使用以下命令可以更新Argo CD系统中admin用户的密码。
$ argocd account update-password
*** Enter current password:
*** Enter new password:
*** Confirm new password:
Password updated
Context '172.27.8.59' updated
Argo CD默认只支持admin用户登录访问,更多关于Argo CD用户管理的内容请阅读7.3.1节。
2. 使用Web UI访问Argo CD
安装Argo CD后,API Server默认使用Kubernetes内部服务类型ClusterIP,如果想从Kubernetes集群外部访问API Server,则需要执行以下命令将服务类型改为LoadBalancer。
$ kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'
service/argocd-server patched
或执行以下命令将服务类型改为NodePort。
$ kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}'
service/argocd-server patched
在浏览器中访问Argo CD。使用用户名和密码登录后,直接跳转到应用面板。
卸载Argo CD
如果想从集群中卸载Argo CD,执行以下命令可删除Argo CD的所有资源。
$ kubectl delete -n argocd -f https://raw.githubusercontent.com/argoproj/argo- cd/stable/manifests/install.yaml
$ kubectl delete ns argocd