linuxea:基于kustomize的argocd发布实现(10)

marksugar
2022-07-10 / 0 评论 / 1,195 阅读 / 正在检测是否收录...
温馨提示:
本文最后更新于2022年07月10日,已超过203天没有更新,若内容或图片失效,请留言反馈。

在此前我们配置了Kustomize清单,并且通过kubectl将清单应用到k8s中,之后又做另一个状态跟踪,但这还不够。我们希望通过一个cd工具来配置管理,并且提供一个可视化界面。我们选择argocd

我不会在这篇章节中去介绍uI界面到底怎么操作,因为那些显而易见。我只会介绍argocd的二进制程序客户端的操作使用,但是也仅限于完成一个app的创建,集群的添加,项目的添加。仅此而已。

argocd是一个成熟的部署工具,如果有时间,我将会在后面的时间里更新其他的必要功能。

阅读此篇,你将了解argocd客户端最简单的操作,和一些此前的流水线实现方式列表如下:

  • jenkins和gitlab触发(已实现)
  • jenkins凭据使用(已实现)
  • juit配置(已实现)
  • sonarqube简单扫描(已实现)
  • sonarqube覆盖率(已实现)
  • 打包基于java的skywalking agent(已实现)
  • sonarqube与gitlab关联 (已实现)
  • 配置docker中构建docker (已实现)
  • mvn打包(已实现)
  • sonarqube简单分支扫描(已实现)
  • 基于gitlab来管理kustomize的k8s配置清单(已实现)
  • kubectl部署(已实现)
  • kubeclt deployment的状态跟踪(已实现)
  • kustomize和argocd(本章实现)
  • 钉钉消息的构建状态推送

1.1 安装2.4.2

我们在gitlab上获取此配置文件,并修改镜像

此前我拉取了2.4.0和2.4.2的镜像,如下

2.4.0

        image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:dex-v2.30.2 
        image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:haproxy-2.0.25-alpine
        image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:v2.4.0
        image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:redis-7.0.0-alpine

2.4.2

        image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:dex-v2.30.2 
        image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:haproxy-2.0.25-alpine
        image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:v2.4.2
        image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:redis-7.0.0-alpine

分别替换所有镜像地址,如果是install.yaml就替换,如果是ha-install.yaml也替换

sed -i 's@redis:7.0.0-alpine@registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:redis-7.0.0-alpine@g' 
sed -i 's@ghcr.io/dexidp/dex:v2.30.2@registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:dex-v2.30.2@g'
sed -i 's@quay.io/argoproj/argocd:v2.4.0@registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:v2.4.0@g'
sed -i 's@haproxy:2.0.25-alpine@registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:haproxy-2.0.25-alpine@g'

创建名称空间并apply

kubectl create namespace argocd
kubectl apply  -n argocd -f argocd.yaml

更新删除不掉的时候的解决办法

kubectl patch crd/appprojects.argoproj.io -p '{"metadata":{"finalizers":[]}}' --type=merge

等待,到argocd组件准备完成

[root@linuxea-11 ~/argocd]# kubectl  -n argocd get pod 
NAME                                                READY   STATUS    RESTARTS   AGE
argocd-application-controller-0                     1/1     Running   0          7m33s
argocd-applicationset-controller-7bbcd5c9bd-rqn84   1/1     Running   0          7m33s
argocd-dex-server-75c668865-s9x5d                   1/1     Running   0          7m33s
argocd-notifications-controller-bc5954bd7-gg4ks     1/1     Running   0          7m33s
argocd-redis-ha-haproxy-8658c76475-hdzkv            1/1     Running   0          7m33s
argocd-redis-ha-haproxy-8658c76475-jrrtl            1/1     Running   0          7m33s
argocd-redis-ha-haproxy-8658c76475-rk868            1/1     Running   0          7m33s
argocd-redis-ha-server-0                            2/2     Running   0          7m33s
argocd-redis-ha-server-1                            2/2     Running   0          5m3s
argocd-redis-ha-server-2                            2/2     Running   0          4m3s
argocd-repo-server-567dd6c487-6k89z                 1/1     Running   0          7m33s
argocd-repo-server-567dd6c487-rt4vq                 1/1     Running   0          7m33s
argocd-server-677d79497b-k72h2                      1/1     Running   0          7m33s
argocd-server-677d79497b-pb5gt                      1/1     Running   0          7m33s

配置域名访问

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  rules:
  - host: argocd.linuxea.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service: 
            name: argocd-server
            port:
              name: https

创建

[root@linuxea-11 ~/argocd]# kubectl  apply -f argocd-ingress.yaml
ingress.networking.k8s.io/argocd-server-ingress created
[root@linuxea-11 ~/argocd]# kubectl  -n argocd get ingress
NAME                    CLASS   HOSTS                ADDRESS   PORTS   AGE
argocd-server-ingress   nginx   argocd.linuxea.com             80      11s

image-20220621225640408.png

配置nodeport

我们直接使用nodeport来配置

apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/name: argocd-server
    app.kubernetes.io/part-of: argocd
  name: argocd-server
  namespace: argocd  
spec:
  ports:
  - name: http
    port: 80
    nodePort: 31080    
    protocol: TCP
    targetPort: 8080
  - name: https
    port: 443
    nodePort: 31443    
    protocol: TCP
    targetPort: 8080
  selector:
    app.kubernetes.io/name: argocd-server
  type: NodePort

用户名admin, 获取密码

[root@linuxea-11 ~/argocd]# kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d && echo
QOOMW76CV8bEczKO

image-20220708102850889.png

1.2 客户端登录

安装完成后,我们通过一个二进制的客户端来操作整个流程,于是我们需要下载一个Linux客户端

注意: 和此前的其他包一样,如果是docker运行的jenkins,要将二进制包放到容器内,因此我提供了两种方式

wget https://github.com/argoproj/argo-cd/releases/download/v2.4.2/argocd-linux-amd64

如果你用私有域名的话,你本地hosts解析需要配置

[root@linuxea-48 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.100.11 argocd.linuxea.com

下载二进制文件后进行登录即可, 我使用的是nodeport

argocd login 172.16.100.11:31080 --grpc-web
[root@linuxea-48 ~/.kube]# argocd login 172.16.100.11:31080 --grpc-web
WARNING: server certificate had error: x509: cannot validate certificate for 172.16.100.11 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? y
Username: admin
Password: 
'admin:login' logged in successfully
Context '172.16.100.11:31080' updated

登录会在一段时间后失效,于是我门需要些一个脚本过一段时间登录一次

argocd login 172.16.100.11:31080 --grpc-web

# 登录
argocd login 172.16.15.137:31080 --grpc-web

最好写在脚本里面登录即可

容器外脚本

# cat /login.sh
KCONFIG=/root/.kube/config-1.23.1-dev
argocd login 172.16.100.11:31080 --username admin --password $(kubectl  --kubeconfig=$KCONFIG -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d )  --insecure --grpc-web
  • 容器内

下载argocd二进制文件存放到已经映射的目录内,并添加执行权限

[root@linuxea-48 /data/jenkins-latest/jenkins_home]# cp /usr/local/sbin/argocd /data/jenkins-latest/package/
[root@linuxea-48 /data/jenkins-latest/jenkins_home]# ll /data/jenkins-latest/package/
total 251084
drwxr-xr-x  6 root root        99 Sep  5  2021 apache-maven-3.8.2
-rw-r--r--  1 root root 131352410 Jul  9 17:24 argocd
drwxr-xr-x  6 root root       105 Sep  6  2021 gradle-6.9.1
drwxr-xr-x  2 root root        16 Oct 18  2021 jq-1.6
-rwxr-xr-x  1 root root  40230912 Jul  9 15:08 kubectl
-rwxr-xr-x  1 root root  11976704 Jul  9 15:08 kustomize
drwxr-xr-x  6 1001 1001       108 Aug 31  2021 node-v14.17.6-linux-x64
drwxrwxr-x 10 1001 1002       221 Jun 18 11:37 skywalking-agent
-rw-r--r--  1 root root  30443381 Jun 29 23:46 skywalking-java-8.11.0.tar.gz
drwxr-xr-x  6 root root        51 May  7  2021 sonar-scanner-4.6.2.2472-linux
-rw-r--r--  1 root root  43099390 Sep 11  2021 sonar-scanner-cli-4.6.2.2472-linux.zip
[root@linuxea-48 /data/jenkins-latest/jenkins_home]# chmod +x /data/jenkins-latest/package/argocd 

还需要k8s的config配置文件,如果你阅读了上一篇基于jenkins的kustomize配置发布(9),那这里当然是轻车熟路了

我的二进制文件存放在/usr/local/package

      - /data/jenkins-latest/package:/usr/local/package

由于我门在容器里面,我门复制config文件到一个位置而后指定即可

[root@linuxea-48 ~]# cp -r  ~/.kube /data/jenkins-latest/jenkins_home/
[root@linuxea-48 ~]# ls /data/jenkins-latest/jenkins_home/.kube/
cache  config  config-1.20.2-test  config-1.22.1-prod  config-1.22.1-test  config-1.23.1-dev  config2  marksugar-dev-1  marksugar-prod-1

容器内登录

KUBE_PATH=/usr/local/package
KCONFIG=/var/jenkins_home/.kube/config-1.23.1-dev
${KUBE_PATH}/argocd login  172.16.100.11:31080 --username admin --password $(${KUBE_PATH}/kubectl  --kubeconfig=$KCONFIG -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d )  --insecure --grpc-web

如下

bash-5.1# KUBE_PATH=/usr/local/package
bash-5.1# KCONFIG=/var/jenkins_home/.kube/config-1.23.1-dev
bash-5.1# ${KUBE_PATH}/argocd login  172.16.100.11:31080 --username admin --password $(${KUBE_PATH}/kubectl  --kubeconfig=$KCONFIG -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d )  --insecure --grpc-web
'admin:login' logged in successfully
Context '172.16.100.11:31080' updated

在上面我们说过,一旦登录了只会,登录的凭据是会失效的,因此我们需要在计划任务里面,5个小时登录一次。

而后使用计划任务进行登录即可

0 5 * * *  /bin/bash /login.sh

查看版本信息

[root@linuxea-48 ~]# argocd version --grpc-web
argocd: v2.4.2+c6d0c8b
  BuildDate: 2022-06-21T21:03:41Z
  GitCommit: c6d0c8baaa291cd68465acd7ad6bef58b2b6f942
  GitTreeState: clean
  GoVersion: go1.18.3
  Compiler: gc
  Platform: linux/amd64
argocd-server: v2.4.2+c6d0c8b
  BuildDate: 2022-06-21T20:42:05Z
  GitCommit: c6d0c8baaa291cd68465acd7ad6bef58b2b6f942
  GitTreeState: clean
  GoVersion: go1.18.3
  Compiler: gc
  Platform: linux/amd64
  Kustomize Version: v4.4.1 2021-11-11T23:36:27Z
  Helm Version: v3.8.1+g5cb9af4
  Kubectl Version: v0.23.1
  Jsonnet Version: v0.18.0

1.2.1. 集群凭据管理

通常可能存在多个集群,因此,我们使用配置参数指定即可

  • 如果只有一个,无需指定,默认config
[root@linuxea-48 ~]# ll ~/.kube/
total 56
drwxr-x--- 4 root root   35 Jun 22 00:09 cache
-rw-r--r-- 1 root root 6254 Jun 21 23:58 config-1.20.2-test
-rw-r--r-- 1 root root 6277 Jun 22 00:07 config-1.22.1-prod
-rw-r--r-- 1 root root 6277 Jun 22 00:06 config-1.22.1-test
-rw-r--r-- 1 root root 6193 Jun 22 00:09 config-1.23.1-dev
-rw-r--r-- 1 root root 6246 Mar  4 23:55 config2
-rw-r--r-- 1 root root 6277 Aug 22  2021 marksugar-dev-1
-rw-r--r-- 1 root root 6277 Aug 22  2021 marksugar-prod-1

如果有多个,需要指定配置文件

[root@linuxea-48 ~/.kube]#  kubectl --kubeconfig  /root/.kube/config-1.23.1-dev -n argocd get pod
NAME                                                READY   STATUS    RESTARTS      AGE
argocd-application-controller-0                     1/1     Running   1 (12m ago)   23h
argocd-applicationset-controller-7bbcd5c9bd-rqn84   1/1     Running   1 (12m ago)   23h
argocd-dex-server-75c668865-s9x5d                   1/1     Running   1 (12m ago)   23h
argocd-notifications-controller-bc5954bd7-gg4ks     1/1     Running   1 (12m ago)   23h
argocd-redis-ha-haproxy-8658c76475-hdzkv            1/1     Running   1 (12m ago)   23h
argocd-redis-ha-haproxy-8658c76475-jrrtl            1/1     Running   1 (12m ago)   23h
argocd-redis-ha-haproxy-8658c76475-rk868            1/1     Running   1 (12m ago)   23h
argocd-redis-ha-server-0                            2/2     Running   2 (12m ago)   23h
argocd-redis-ha-server-1                            2/2     Running   2 (12m ago)   23h
argocd-redis-ha-server-2                            2/2     Running   2 (12m ago)   23h
argocd-repo-server-567dd6c487-6k89z                 1/1     Running   1 (12m ago)   23h
argocd-repo-server-567dd6c487-rt4vq                 1/1     Running   1 (12m ago)   23h
argocd-server-677d79497b-k72h2                      1/1     Running   1 (12m ago)   23h
argocd-server-677d79497b-pb5gt                      1/1     Running   1 (12m ago)   23h\

1.2.2 将集群加入argocd

仍然需要重申下环境变量的配置

export KUBECONFIG=$HOME/.kube/config-1.23.1-dev

而后在查看当前的集群

[root@linuxea-48 ~/.kube]# kubectl config get-contexts -o name
context-cluster1

将此集群加入到argocd

[root@linuxea-48 ~/.kube]# argocd cluster add context-cluster1
WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `context-cluster1` with full cluster level privileges. Do you want to continue [y/N]? y
INFO[0008] ServiceAccount "argocd-manager" created in namespace "kube-system" 
INFO[0008] ClusterRole "argocd-manager-role" created    
INFO[0008] ClusterRoleBinding "argocd-manager-role-binding" created 
Cluster 'https://172.16.100.11:6443' added

这里添加完成后,在settings->Clusters 中也将会看到

image-20220623233630728.png

  • 容器内

首先将config文件复制到映射的目录内,比如/var/jenkins_home/

# 配置kubeconfig位置
bash-5.1#  export KUBECONFIG=/var/jenkins_home/.kube/config-1.23.1-dev
# 复制二进制文件到sbin,仅仅是方便操作
bash-5.1# cp /usr/local/package/argocd /usr/sbin/
bash-5.1# cp /usr/local/package/kubectl /usr/sbin/
# 测试
bash-5.1# kubectl get pod
NAME                                     READY   STATUS    RESTARTS         AGE
nfs-client-provisioner-59bd97ddb-qcrpj   1/1     Running   18 (7h51m ago)   26d
# 查看当前contexts名称
bash-5.1# kubectl config get-contexts -o name
context-cluster1
# 添加到argocd
bash-5.1#  argocd cluster add context-cluster
WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `kubernetes-admin@kubernetes` with full cluster level privileges. Do you want to continue [y/N]?
WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `kubernetes-admin@kubernetes` with full cluster level privileges. Do you want to continue [y/N]? y
INFO[0003] ServiceAccount "argocd-manager" created in namespace "kube-system"
INFO[0003] ClusterRole "argocd-manager-role" created
INFO[0003] ClusterRoleBinding "argocd-manager-role-binding" created
Cluster 'https://172.16.100.11:6443' added

添加完成

image-20220709175343271.png

1.3 定义repo存储库

定于存储库有两种方式分别是ssh和http,都可以使用,参考官方文档

1.3.1 密钥

如果已经有现成的密钥,则不需要创建,如果没有,可以使用ssh-keygen -t ed25519 生成密钥, 并且添加到gitlab中

# ssh-keygen -t ed25519  -f /home/jenkins_home/.ssh/

# ls /home/jenkins_home/.ssh/ -ll
总用量 8
-rw------- 1 root root 399 7月   8 16:44 id_rsa
-rw-r--r-- 1 root root  93 7月   8 16:44 id_rsa.pub

argocd添加git,指定~/.ssh/id_rsa,并使用--insecure-ignore-host-key选项

[root@linuxea-48 ~/.kube]# argocd  repo add git@172.16.100.47:pipeline-ops/marksugar-ui.git --ssh-private-key-path   ~/.ssh/id_rsa  --insecure-ignore-host-key
Repository 'git@172.16.100.47:pipeline-ops/marksugar-ui.git' added

这里添加完成在settings->repositories界面将会看到一个存储库

image-20220623233659995.png

  • 容器内

和上面一样,如果已经有现成的密钥,则不需要创建,如果没有,可以使用ssh-keygen -t ed25519 生成密钥, 并且将id_rsa.pub添加到gitlab中

下面是docker-compose的密钥

    volumes:
....
      - /home/jenkins_home/.ssh/:/root/.ssh

我们在上面已经添加了marksugar-ui, 如果有多个项目,多次添加即可

我们开始添加 java-demo

git@172.16.100.47:devops/k8s-yaml.git是kustmoize配置清单的地址

argocd  repo add git@172.16.100.47:devops/k8s-yaml.git --ssh-private-key-path   ~/.ssh/id_rsa  --insecure-ignore-host-key
bash-5.1# argocd  repo add git@172.16.100.47:devops/k8s-yaml.git --ssh-private-key-path   ~/.ssh/id_rsa  --insecure-ignore-host-key
Repository 'git@172.16.100.47:devops/k8s-yaml.git' added

image-20220709190450877.png

1.3.2 http

我门仍然可以考虑使用http来使用,官方的示例如下

argocd repo add https://github.com/argoproj/argocd-example-apps --username <username> --password <password>

我的环境如下配置:

argocd repo add http://172.16.15.136:180/devops/k8s-yaml --username root --password gitlab.com

# 添加repo
root@ca060212e6f6:/var/jenkins_home# argocd repo add http://172.16.15.136:180/devops/k8s-yaml.git --username root --password gitlab.com
Repository 'http://172.16.15.136:180/devops/k8s-yaml.git' added

image-20220708172137725.png

1.4 定义项目

AppProject CRD 是代表应用程序逻辑分组的 Kubernetes 资源对象。它由以下关键信息定义:

  • sourceRepos引用项目中的应用程序可以从中提取清单的存储库。
  • destinations引用项目中的应用程序可以部署到的集群和命名空间(不要使用该name字段,仅server匹配该字段)。
  • roles定义了他们对项目内资源的访问权限的实体列表。

一个示例规范如下:

在创建之前,我们先在集群内创建一个名称空间:marksugar

kubectl create ns marksugar

声明式配置如下,指定name,指定marksugar部署的名称空间,其他默认

  destinations:
  - namespace: marksugar
    server: 'https://172.16.100.11:6443'

更多时候我们限制项目内使用的范围,比如我们只配置使用的

如:deployment,service,configmap,这些配置取决于控制器

apiVersion: v1
kind: ConfigMap
...
---
apiVersion: v1
kind: Service
...

and Deployment

apiVersion: apps/v1
kind: Deployment

如果此时有ingress,那么配置就如下

  - group: 'networking.k8s.io'
    kind: 'Ingress'

以此推论。最终我的配置如下:

  namespaceResourceWhitelist:
  - group: 'apps'
    kind: 'Deployment'
  - group: ''
    kind: 'Service'
  - group: ''
    kind: 'ConfigMap'

一个完整的配置如下:

apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: my-linuxea # 名称
#  name: marksugar
  namespace: argocd
#  finalizers:
#    - resources-finalizer.argocd.argoproj.io
spec:
  description: Example Project(测试) # 更详细的内容
  sourceRepos:
  - '*'
  destinations:
  - namespace: marksugar # 名称空间
    server: 'https://172.16.100.11:6443' # k8s api地址
#  clusterResourceWhitelist:
#  - group: ''
#    kind: Namespace
#  namespaceResourceBlacklist:
#  - group: ''
#    kind: ResourceQuota
#  - group: ''
#    kind: LimitRange
#  - group: ''
#    kind: NetworkPolicy
  namespaceResourceWhitelist:
  - group: 'apps'  
    kind: 'Deployment' # 名称空间的内允许让argocd当前app使用的的kind
  - group: ''
    kind: 'Service' # 名称空间的内允许让argocd当前app使用的的kind
  - group: ''
    kind: 'ConfigMap' # 名称空间的内允许让argocd当前app使用的的kind
#    kind: Deployment
#  - group: 'apps'
#    kind: StatefulSet
# roles:
#  - name: read-only
#    description: Read-only privileges to my-project
#    policies:
#    - p, proj:my-project:read-only, applications, get, my-project/*, allow
#     groups:
#     - test-env
#  - name: ci-role
#    description: Sync privileges for guestbook-dev
#    policies:
#    - p, proj:my-project:ci-role, applications, sync, my-project/guestbook-dev, allow
#     jwtTokens:
#     - iat: 1535390316

上面的这个有太多注释,精简一下,并进行成我门实际的参数,最终如下:

apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: my-linuxea-java-demo
  namespace: argocd
spec:
  description: Example Project(测试)
  sourceRepos:
  - '*'
  destinations:
  - namespace: java-demo
    server: 'https://172.16.100.11:6443'
  namespaceResourceWhitelist:
  - group: 'apps'
    kind: 'Deployment'
  - group: ''
    kind: 'Service'
  - group: ''
    kind: 'ConfigMap'

执行

PS E:\ops\k8s-1.23.1-latest\gitops\argocd> kubectl.exe apply -f .\project-new.yaml
appproject.argoproj.io/my-linuxea-java-demo created

执行完成后,将会创建一个projects,在settings->projects查看

image-20220709191525690.png

1.5 定义应用

Application CRD 是 Kubernetes 资源对象,表示环境中已部署的应用程序实例。它由两个关键信息定义:

source对 Git 中所需状态的引用(存储库、修订版、路径、环境)
destination对目标集群和命名空间的引用。对于集群,可以使用 server 或 name 之一,但不能同时使用两者(这将导致错误)。当服务器丢失时,它会根据名称进行计算并用于任何操作。
一个最小的应用程序规范如下:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: marksugar-ui
  namespace: argocd
  labels: 
    marksugar/marksugar-ui: prod  # 标签
spec:
  project: my-linuxea # 定义的项目名
  source:
    repoURL: git@172.16.100.47:pipeline-ops/marksugar-ui.git # git地址
    targetRevision: master # git分支
    path: overlays/marksugar-ui/prod/  # git路径对应到目录下的配置
  destination:
    server: https://172.16.100.11:6443 # k8s api
    namespace: marksugar # 名称空间

有关其他字段,请参阅application.yaml。只要您完成了入门的第一步,您就可以应用它kubectl apply -n argocd -f application.yaml,Argo CD 将开始部署留言簿应用程序。

或者使用下面客户端命令进行配置,比如我此前配置去的marksugar-ui就是命令行配置的,如下:

argocd app create marksugar-ui  --repo git@172.16.100.47:pipeline-ops/marksugar-ui.git --revision master --path overlays/marksugar-ui/prod/ --dest-server https://172.16.100.11:6443 --dest-namespace marksugar --project=my-linuxea --label=marksugar/marksugar-ui=prod

我门仍然进行修改成我门希望的配置样子,yaml如下

  • 我这里使用的是http
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: java-demo
  namespace: argocd
  labels: 
    marksugar/app: java-demo
spec:
  project: my-linuxea-java-demo
  source:
    repoURL: git@172.16.100.47:devops/k8s-yaml.git
    targetRevision: java-demo
    path: overlays/dev/
  destination:
    server: https://172.16.100.11:6443
    namespace: java-demo

此时创建了一个app

PS E:\ops\k8s-1.23.1-latest\gitops\argocd\java-demo> kubectl.exe apply -f .\app.yaml
application.argoproj.io/java-demo created

如下

  • 只有同步正常,healthy才会变绿

image-20220709191812363.png

如果有多个名称空间,不想混合显示,我们在页面中在做左侧,选择cluster的名称空间后,才能看到名称空间下的app,也就是应用

image-20220709191654505.png

如果你配置的是http的git地址就会是下面这个样子

配置

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: java-demo
  namespace: argocd
  labels: 
    marksugar/app: java-demo
spec:
  project: my-linuxea-java-demo
  source:
    repoURL: http://172.16.15.136:180/devops/k8s-yaml.git
    targetRevision: java-demo
    path: overlays/dev/
  destination:
    server: https://172.16.15.137:6443
    namespace: java-demo

视图

image-20220708171031245.png

1.6 手动同步

我门可以点击web页面的上面的sync来进行同步,也可以用命令行手动同步使其生效

我门通过argocd app list查看当前的已经有的项目

  • 示例:

密钥

root@9c0cad5ebce8:/# argocd app list
NAME       CLUSTER                     NAMESPACE  PROJECT               STATUS   HEALTH   SYNCPOLICY  CONDITIONS       REPO                                         PATH           TARGET
java-demo  https://172.16.15.137:6443  java-demo  my-linuxea-java-demo  Unknown  Healthy  <none>      ComparisonError  git@172.16.15.136:23857/devops/k8s-yaml.git  overlays/dev/  java-demo

http

root@ca060212e6f6:/var/jenkins_home# argocd app list
NAME       CLUSTER                     NAMESPACE  PROJECT               STATUS     HEALTH   SYNCPOLICY  CONDITIONS  REPO                  PATH           TARGET
java-demo  https://172.16.15.137:6443  java-demo  my-linuxea-java-demo  OutOfSync  Missing  <none>      <none>      http://172.16.15.136:180/devops/k8s-yaml.git  overlays/dev/  java-demo

而我们现在的是这样的

bash-5.1#  argocd app list
NAME          CLUSTER                     NAMESPACE  PROJECT               STATUS     HEALTH   SYNCPOLICY  CONDITIONS  REPO                                             PATH                         TARGET
java-demo     https://172.16.100.11:6443  java-demo  my-linuxea-java-demo  OutOfSync  Missing  <none>      <none>      git@172.16.100.47:devops/k8s-yaml.git            overlays/dev/                java-demo
marksugar-ui  https://172.16.100.11:6443  marksugar  my-linuxea            Synced     Healthy  <none>      <none>      git@172.16.100.47:pipeline-ops/marksugar-ui.git  overlays/marksugar-ui/prod/  master

而后进行同步即可

argocd app sync java-demo --retry-backoff-duration=10s -l marksugar/app=java-demo

如下

bash-5.1# argocd app sync java-demo --retry-backoff-duration=10s -l marksugar/app=java-demo
TIMESTAMP                  GROUP        KIND   NAMESPACE                  NAME    STATUS    HEALTH        HOOK  MESSAGE
2022-07-09T19:20:26+08:00          ConfigMap   java-demo   envinpod-74t9b8htb6    Synced                        
2022-07-09T19:20:26+08:00            Service   java-demo             java-demo  OutOfSync  Missing              
2022-07-09T19:20:26+08:00   apps  Deployment   java-demo             java-demo    Synced   Healthy              
2022-07-09T19:20:27+08:00            Service   java-demo             java-demo  OutOfSync  Healthy              
2022-07-09T19:20:27+08:00          ConfigMap   java-demo   envinpod-74t9b8htb6    Synced                        configmap/envinpod-74t9b8htb6 unchanged
2022-07-09T19:20:27+08:00            Service   java-demo             java-demo  OutOfSync  Healthy              service/java-demo created
2022-07-09T19:20:27+08:00   apps  Deployment   java-demo             java-demo    Synced   Healthy              deployment.apps/java-demo configured

Name:               java-demo
Project:            my-linuxea-java-demo
Server:             https://172.16.100.11:6443
Namespace:          java-demo
URL:                https://172.16.100.11:31080/applications/java-demo
Repo:               git@172.16.100.47:devops/k8s-yaml.git
Target:             java-demo
Path:               overlays/dev/
SyncWindow:         Sync Allowed
Sync Policy:        <none>
Sync Status:        Synced to java-demo (fd1286f)
Health Status:      Healthy

Operation:          Sync
Sync Revision:      fd1286f64d1edac2def43d4a37bcc13a9f0286d0
Phase:              Succeeded
Start:              2022-07-09 19:20:26 +0800 CST
Finished:           2022-07-09 19:20:27 +0800 CST
Duration:           1s
Message:            successfully synced (all tasks run)

GROUP  KIND        NAMESPACE  NAME                 STATUS  HEALTH   HOOK  MESSAGE
       ConfigMap   java-demo  envinpod-74t9b8htb6  Synced                 configmap/envinpod-74t9b8htb6 unchanged
       Service     java-demo  java-demo            Synced  Healthy        service/java-demo created
apps   Deployment  java-demo  java-demo            Synced  Healthy        deployment.apps/java-demo configured
TIMESTAMP                  GROUP        KIND   NAMESPACE                  NAME    STATUS   HEALTH        HOOK  MESSAGE
2022-07-09T19:20:28+08:00   apps  Deployment   java-demo             java-demo    Synced  Healthy              
2022-07-09T19:20:28+08:00          ConfigMap   java-demo   envinpod-74t9b8htb6    Synced                       
2022-07-09T19:20:28+08:00            Service   java-demo             java-demo    Synced  Healthy              
2022-07-09T19:20:28+08:00   apps  Deployment   java-demo             java-demo    Synced  Healthy              deployment.apps/java-demo configured
2022-07-09T19:20:28+08:00          ConfigMap   java-demo   envinpod-74t9b8htb6    Synced                       configmap/envinpod-74t9b8htb6 unchanged
2022-07-09T19:20:28+08:00            Service   java-demo             java-demo    Synced  Healthy              service/java-demo unchanged

Name:               java-demo
Project:            my-linuxea-java-demo
Server:             https://172.16.100.11:6443
Namespace:          java-demo
URL:                https://172.16.100.11:31080/applications/java-demo
Repo:               git@172.16.100.47:devops/k8s-yaml.git
Target:             java-demo
Path:               overlays/dev/
SyncWindow:         Sync Allowed
Sync Policy:        <none>
Sync Status:        Synced to java-demo (fd1286f)
Health Status:      Healthy

Operation:          Sync
Sync Revision:      fd1286f64d1edac2def43d4a37bcc13a9f0286d0
Phase:              Succeeded
Start:              2022-07-09 19:20:27 +0800 CST
Finished:           2022-07-09 19:20:28 +0800 CST
Duration:           1s
Message:            successfully synced (all tasks run)

GROUP  KIND        NAMESPACE  NAME                 STATUS  HEALTH   HOOK  MESSAGE
       ConfigMap   java-demo  envinpod-74t9b8htb6  Synced                 configmap/envinpod-74t9b8htb6 unchanged
       Service     java-demo  java-demo            Synced  Healthy        service/java-demo unchanged
apps   Deployment  java-demo  java-demo            Synced  Healthy        deployment.apps/java-demo configured

同步完成后状态就会发生改变

命令行查看

bash-5.1#  argocd app list
NAME          CLUSTER                     NAMESPACE  PROJECT               STATUS  HEALTH   SYNCPOLICY  CONDITIONS  REPO                                             PATH                         TARGET
java-demo     https://172.16.100.11:6443  java-demo  my-linuxea-java-demo  Synced  Healthy  <none>      <none>      git@172.16.100.47:devops/k8s-yaml.git            overlays/dev/                java-demo
marksugar-ui  https://172.16.100.11:6443  marksugar  my-linuxea            Synced  Healthy  <none>      <none>      git@172.16.100.47:pipeline-ops/marksugar-ui.git  overlays/marksugar-ui/prod/  master

打开页面查看

image-20220709192126916.png

如果是http的这里会显示http

image-20220708171143735.png

此时正在拉取镜像状态是 Progressing,我们等待拉取完成,而后选中后会点击进入详情页面

image-20220708171212456.png

项目内的仪表盘功能如下图

image-20220708171749337.png

一旦镜像完成拉取,并且runing起来,则显示健康

仪表盘功能如下图

image-20220622235555728.png

回到k8s查看

[root@linuxea-01 .ssh]# kubectl get all -n java-demo
NAME                             READY   STATUS    RESTARTS   AGE
pod/java-demo-6474cb8fc8-6zwlt   1/1     Running   0          7m45s
pod/java-demo-6474cb8fc8-92sw7   1/1     Running   0          7m45s
pod/java-demo-6474cb8fc8-k8985   1/1     Running   0          7m45s
pod/java-demo-6474cb8fc8-ndzpl   1/1     Running   0          7m45s
pod/java-demo-6474cb8fc8-rxg2k   1/1     Running   0          7m45s

NAME                TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
service/java-demo   NodePort   10.111.26.148   <none>        8080:31180/TCP   24h

NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/java-demo   5/5     5            5           7m45s

NAME                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/java-demo-6474cb8fc8   5         5         5       7m45s

1.7 加入流水线

阅读过上一篇基于jenkins的kustomize配置发布(9)你大概就知道,整个简单的流程是怎么走的,我们复制过来修改一下,如下

当前阶段流水线阶段,步骤大致如下:

1.判断本地是否有git的目录,如果有就删除
2.拉取git,并切换到分支
3.追加当前的镜像版本到一个buildhistory的文件中
4.cd到目录中修改镜像
5.修改完成后上传修改你被人
6.argocd同步

与之不同的就是将kustomize和kubectl改成了argocd

代码快如下:

        stage('Deploy') {
            steps {
                sh '''                
                    [ ! -d ${JOB_NAMES} ] || rm -rf ${JOB_NAMES} }
                    git clone ${kustomize_Git} && cd ${JOB_NAMES} && git checkout ${apps_name}
                    echo "push latest images: $IPATH"
                    echo "`date +%F-%T` imageTag:  $IPATH  buildId: ${BUILD_NUMBER} " >> ./buildhistory-$Projects_Area-${apps_name}.log
                    cd overlays/$Projects_Area
                    ${PACK_PATH}/kustomize edit set image $IPATH
                    cd ../..
                    git add .
                    git config --global push.default matching
                    git config user.name zhengchao.tang
                    git config user.email usertzc@163.com
                    git commit -m "image tag $IPATH-> ${imageUrlPath}"
                    git push -u origin ${apps_name}                   
                    ${PACK_PATH}/argocd app sync ${apps_name} --retry-backoff-duration=10s -l marksugar/app=${apps_name}
                '''                     
            }
        } 

仅此而已

image-20220709193719680.png

在上一篇中忘了截图

与此同时,gitlab上已经有了一个版本的历史记录

image-20220709193809677.png

argocd最简单的示例到此告一段落

参考

gitops

0

评论

博主关闭了当前页面的评论