在此前我们配置了Kustomize清单,并且通过kubectl将清单应用到k8s中,之后又做另一个状态跟踪,但这还不够。我们希望通过一个cd工具来配置管理,并且提供一个可视化界面。我们选择argocd
我不会在这篇章节中去介绍uI界面到底怎么操作,因为那些显而易见。我只会介绍argocd的二进制程序客户端的操作使用,但是也仅限于完成一个app的创建,集群的添加,项目的添加。仅此而已。
argocd是一个成熟的部署工具,如果有时间,我将会在后面的时间里更新其他的必要功能。
阅读此篇,你将了解argocd客户端最简单的操作,和一些此前的流水线实现方式列表如下:
- jenkins和gitlab触发(已实现)
- jenkins凭据使用(已实现)
- juit配置(已实现)
- sonarqube简单扫描(已实现)
- sonarqube覆盖率(已实现)
- 打包基于java的skywalking agent(已实现)
- sonarqube与gitlab关联 (已实现)
- 配置docker中构建docker (已实现)
- mvn打包(已实现)
- sonarqube简单分支扫描(已实现)
- 基于gitlab来管理kustomize的k8s配置清单(已实现)
- kubectl部署(已实现)
- kubeclt deployment的状态跟踪(已实现)
- kustomize和argocd(本章实现)
- 钉钉消息的构建状态推送
1.1 安装2.4.2
我们在gitlab上获取此配置文件,并修改镜像
此前我拉取了2.4.0和2.4.2的镜像,如下
2.4.0
image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:dex-v2.30.2
image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:haproxy-2.0.25-alpine
image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:v2.4.0
image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:redis-7.0.0-alpine2.4.2
image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:dex-v2.30.2
image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:haproxy-2.0.25-alpine
image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:v2.4.2
image: registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:redis-7.0.0-alpine分别替换所有镜像地址,如果是install.yaml就替换,如果是ha-install.yaml也替换
sed -i 's@redis:7.0.0-alpine@registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:redis-7.0.0-alpine@g'
sed -i 's@ghcr.io/dexidp/dex:v2.30.2@registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:dex-v2.30.2@g'
sed -i 's@quay.io/argoproj/argocd:v2.4.0@registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:v2.4.0@g'
sed -i 's@haproxy:2.0.25-alpine@registry.cn-hangzhou.aliyuncs.com/marksugar/argocd:haproxy-2.0.25-alpine@g'创建名称空间并apply
kubectl create namespace argocd
kubectl apply -n argocd -f argocd.yaml更新删除不掉的时候的解决办法
kubectl patch crd/appprojects.argoproj.io -p '{"metadata":{"finalizers":[]}}' --type=merge等待,到argocd组件准备完成
[root@linuxea-11 ~/argocd]# kubectl -n argocd get pod
NAME READY STATUS RESTARTS AGE
argocd-application-controller-0 1/1 Running 0 7m33s
argocd-applicationset-controller-7bbcd5c9bd-rqn84 1/1 Running 0 7m33s
argocd-dex-server-75c668865-s9x5d 1/1 Running 0 7m33s
argocd-notifications-controller-bc5954bd7-gg4ks 1/1 Running 0 7m33s
argocd-redis-ha-haproxy-8658c76475-hdzkv 1/1 Running 0 7m33s
argocd-redis-ha-haproxy-8658c76475-jrrtl 1/1 Running 0 7m33s
argocd-redis-ha-haproxy-8658c76475-rk868 1/1 Running 0 7m33s
argocd-redis-ha-server-0 2/2 Running 0 7m33s
argocd-redis-ha-server-1 2/2 Running 0 5m3s
argocd-redis-ha-server-2 2/2 Running 0 4m3s
argocd-repo-server-567dd6c487-6k89z 1/1 Running 0 7m33s
argocd-repo-server-567dd6c487-rt4vq 1/1 Running 0 7m33s
argocd-server-677d79497b-k72h2 1/1 Running 0 7m33s
argocd-server-677d79497b-pb5gt 1/1 Running 0 7m33s配置域名访问
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-server-ingress
namespace: argocd
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- host: argocd.linuxea.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
name: https创建
[root@linuxea-11 ~/argocd]# kubectl apply -f argocd-ingress.yaml
ingress.networking.k8s.io/argocd-server-ingress created
[root@linuxea-11 ~/argocd]# kubectl -n argocd get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
argocd-server-ingress nginx argocd.linuxea.com 80 11s
配置nodeport
我们直接使用nodeport来配置
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
namespace: argocd
spec:
ports:
- name: http
port: 80
nodePort: 31080
protocol: TCP
targetPort: 8080
- name: https
port: 443
nodePort: 31443
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/name: argocd-server
type: NodePort用户名admin, 获取密码
[root@linuxea-11 ~/argocd]# kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d && echo
QOOMW76CV8bEczKO
1.2 客户端登录
安装完成后,我们通过一个二进制的客户端来操作整个流程,于是我们需要下载一个Linux客户端
注意: 和此前的其他包一样,如果是docker运行的jenkins,要将二进制包放到容器内,因此我提供了两种方式
wget https://github.com/argoproj/argo-cd/releases/download/v2.4.2/argocd-linux-amd64如果你用私有域名的话,你本地hosts解析需要配置
[root@linuxea-48 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.100.11 argocd.linuxea.com下载二进制文件后进行登录即可, 我使用的是nodeport
argocd login 172.16.100.11:31080 --grpc-web[root@linuxea-48 ~/.kube]# argocd login 172.16.100.11:31080 --grpc-web
WARNING: server certificate had error: x509: cannot validate certificate for 172.16.100.11 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? y
Username: admin
Password:
'admin:login' logged in successfully
Context '172.16.100.11:31080' updated登录会在一段时间后失效,于是我门需要些一个脚本过一段时间登录一次
argocd login 172.16.100.11:31080 --grpc-web
# 登录
argocd login 172.16.15.137:31080 --grpc-web最好写在脚本里面登录即可
容器外脚本
# cat /login.sh
KCONFIG=/root/.kube/config-1.23.1-dev
argocd login 172.16.100.11:31080 --username admin --password $(kubectl --kubeconfig=$KCONFIG -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d ) --insecure --grpc-web- 容器内
下载argocd二进制文件存放到已经映射的目录内,并添加执行权限
[root@linuxea-48 /data/jenkins-latest/jenkins_home]# cp /usr/local/sbin/argocd /data/jenkins-latest/package/
[root@linuxea-48 /data/jenkins-latest/jenkins_home]# ll /data/jenkins-latest/package/
total 251084
drwxr-xr-x 6 root root 99 Sep 5 2021 apache-maven-3.8.2
-rw-r--r-- 1 root root 131352410 Jul 9 17:24 argocd
drwxr-xr-x 6 root root 105 Sep 6 2021 gradle-6.9.1
drwxr-xr-x 2 root root 16 Oct 18 2021 jq-1.6
-rwxr-xr-x 1 root root 40230912 Jul 9 15:08 kubectl
-rwxr-xr-x 1 root root 11976704 Jul 9 15:08 kustomize
drwxr-xr-x 6 1001 1001 108 Aug 31 2021 node-v14.17.6-linux-x64
drwxrwxr-x 10 1001 1002 221 Jun 18 11:37 skywalking-agent
-rw-r--r-- 1 root root 30443381 Jun 29 23:46 skywalking-java-8.11.0.tar.gz
drwxr-xr-x 6 root root 51 May 7 2021 sonar-scanner-4.6.2.2472-linux
-rw-r--r-- 1 root root 43099390 Sep 11 2021 sonar-scanner-cli-4.6.2.2472-linux.zip
[root@linuxea-48 /data/jenkins-latest/jenkins_home]# chmod +x /data/jenkins-latest/package/argocd 还需要k8s的config配置文件,如果你阅读了上一篇基于jenkins的kustomize配置发布(9),那这里当然是轻车熟路了
我的二进制文件存放在/usr/local/package
- /data/jenkins-latest/package:/usr/local/package由于我门在容器里面,我门复制config文件到一个位置而后指定即可
[root@linuxea-48 ~]# cp -r ~/.kube /data/jenkins-latest/jenkins_home/
[root@linuxea-48 ~]# ls /data/jenkins-latest/jenkins_home/.kube/
cache config config-1.20.2-test config-1.22.1-prod config-1.22.1-test config-1.23.1-dev config2 marksugar-dev-1 marksugar-prod-1容器内登录
KUBE_PATH=/usr/local/package
KCONFIG=/var/jenkins_home/.kube/config-1.23.1-dev
${KUBE_PATH}/argocd login 172.16.100.11:31080 --username admin --password $(${KUBE_PATH}/kubectl --kubeconfig=$KCONFIG -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d ) --insecure --grpc-web如下
bash-5.1# KUBE_PATH=/usr/local/package
bash-5.1# KCONFIG=/var/jenkins_home/.kube/config-1.23.1-dev
bash-5.1# ${KUBE_PATH}/argocd login 172.16.100.11:31080 --username admin --password $(${KUBE_PATH}/kubectl --kubeconfig=$KCONFIG -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d ) --insecure --grpc-web
'admin:login' logged in successfully
Context '172.16.100.11:31080' updated在上面我们说过,一旦登录了只会,登录的凭据是会失效的,因此我们需要在计划任务里面,5个小时登录一次。
而后使用计划任务进行登录即可
0 5 * * * /bin/bash /login.sh查看版本信息
[root@linuxea-48 ~]# argocd version --grpc-web
argocd: v2.4.2+c6d0c8b
BuildDate: 2022-06-21T21:03:41Z
GitCommit: c6d0c8baaa291cd68465acd7ad6bef58b2b6f942
GitTreeState: clean
GoVersion: go1.18.3
Compiler: gc
Platform: linux/amd64
argocd-server: v2.4.2+c6d0c8b
BuildDate: 2022-06-21T20:42:05Z
GitCommit: c6d0c8baaa291cd68465acd7ad6bef58b2b6f942
GitTreeState: clean
GoVersion: go1.18.3
Compiler: gc
Platform: linux/amd64
Kustomize Version: v4.4.1 2021-11-11T23:36:27Z
Helm Version: v3.8.1+g5cb9af4
Kubectl Version: v0.23.1
Jsonnet Version: v0.18.01.2.1. 集群凭据管理
通常可能存在多个集群,因此,我们使用配置参数指定即可
- 如果只有一个,无需指定,默认config
[root@linuxea-48 ~]# ll ~/.kube/
total 56
drwxr-x--- 4 root root 35 Jun 22 00:09 cache
-rw-r--r-- 1 root root 6254 Jun 21 23:58 config-1.20.2-test
-rw-r--r-- 1 root root 6277 Jun 22 00:07 config-1.22.1-prod
-rw-r--r-- 1 root root 6277 Jun 22 00:06 config-1.22.1-test
-rw-r--r-- 1 root root 6193 Jun 22 00:09 config-1.23.1-dev
-rw-r--r-- 1 root root 6246 Mar 4 23:55 config2
-rw-r--r-- 1 root root 6277 Aug 22 2021 marksugar-dev-1
-rw-r--r-- 1 root root 6277 Aug 22 2021 marksugar-prod-1
如果有多个,需要指定配置文件
[root@linuxea-48 ~/.kube]# kubectl --kubeconfig /root/.kube/config-1.23.1-dev -n argocd get pod
NAME READY STATUS RESTARTS AGE
argocd-application-controller-0 1/1 Running 1 (12m ago) 23h
argocd-applicationset-controller-7bbcd5c9bd-rqn84 1/1 Running 1 (12m ago) 23h
argocd-dex-server-75c668865-s9x5d 1/1 Running 1 (12m ago) 23h
argocd-notifications-controller-bc5954bd7-gg4ks 1/1 Running 1 (12m ago) 23h
argocd-redis-ha-haproxy-8658c76475-hdzkv 1/1 Running 1 (12m ago) 23h
argocd-redis-ha-haproxy-8658c76475-jrrtl 1/1 Running 1 (12m ago) 23h
argocd-redis-ha-haproxy-8658c76475-rk868 1/1 Running 1 (12m ago) 23h
argocd-redis-ha-server-0 2/2 Running 2 (12m ago) 23h
argocd-redis-ha-server-1 2/2 Running 2 (12m ago) 23h
argocd-redis-ha-server-2 2/2 Running 2 (12m ago) 23h
argocd-repo-server-567dd6c487-6k89z 1/1 Running 1 (12m ago) 23h
argocd-repo-server-567dd6c487-rt4vq 1/1 Running 1 (12m ago) 23h
argocd-server-677d79497b-k72h2 1/1 Running 1 (12m ago) 23h
argocd-server-677d79497b-pb5gt 1/1 Running 1 (12m ago) 23h\1.2.2 将集群加入argocd
仍然需要重申下环境变量的配置
export KUBECONFIG=$HOME/.kube/config-1.23.1-dev而后在查看当前的集群
[root@linuxea-48 ~/.kube]# kubectl config get-contexts -o name
context-cluster1将此集群加入到argocd
[root@linuxea-48 ~/.kube]# argocd cluster add context-cluster1
WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `context-cluster1` with full cluster level privileges. Do you want to continue [y/N]? y
INFO[0008] ServiceAccount "argocd-manager" created in namespace "kube-system"
INFO[0008] ClusterRole "argocd-manager-role" created
INFO[0008] ClusterRoleBinding "argocd-manager-role-binding" created
Cluster 'https://172.16.100.11:6443' added这里添加完成后,在settings->Clusters 中也将会看到
- 容器内
首先将config文件复制到映射的目录内,比如/var/jenkins_home/
# 配置kubeconfig位置
bash-5.1# export KUBECONFIG=/var/jenkins_home/.kube/config-1.23.1-dev
# 复制二进制文件到sbin,仅仅是方便操作
bash-5.1# cp /usr/local/package/argocd /usr/sbin/
bash-5.1# cp /usr/local/package/kubectl /usr/sbin/
# 测试
bash-5.1# kubectl get pod
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-59bd97ddb-qcrpj 1/1 Running 18 (7h51m ago) 26d
# 查看当前contexts名称
bash-5.1# kubectl config get-contexts -o name
context-cluster1
# 添加到argocd
bash-5.1# argocd cluster add context-cluster
WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `kubernetes-admin@kubernetes` with full cluster level privileges. Do you want to continue [y/N]?
WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `kubernetes-admin@kubernetes` with full cluster level privileges. Do you want to continue [y/N]? y
INFO[0003] ServiceAccount "argocd-manager" created in namespace "kube-system"
INFO[0003] ClusterRole "argocd-manager-role" created
INFO[0003] ClusterRoleBinding "argocd-manager-role-binding" created
Cluster 'https://172.16.100.11:6443' added添加完成
1.3 定义repo存储库
定于存储库有两种方式分别是ssh和http,都可以使用,参考官方文档
1.3.1 密钥
如果已经有现成的密钥,则不需要创建,如果没有,可以使用ssh-keygen -t ed25519 生成密钥, 并且添加到gitlab中
# ssh-keygen -t ed25519 -f /home/jenkins_home/.ssh/
# ls /home/jenkins_home/.ssh/ -ll
总用量 8
-rw------- 1 root root 399 7月 8 16:44 id_rsa
-rw-r--r-- 1 root root 93 7月 8 16:44 id_rsa.pubargocd添加git,指定~/.ssh/id_rsa,并使用--insecure-ignore-host-key选项
[root@linuxea-48 ~/.kube]# argocd repo add git@172.16.100.47:pipeline-ops/marksugar-ui.git --ssh-private-key-path ~/.ssh/id_rsa --insecure-ignore-host-key
Repository 'git@172.16.100.47:pipeline-ops/marksugar-ui.git' added这里添加完成在settings->repositories界面将会看到一个存储库
- 容器内
和上面一样,如果已经有现成的密钥,则不需要创建,如果没有,可以使用ssh-keygen -t ed25519 生成密钥, 并且将id_rsa.pub添加到gitlab中
下面是docker-compose的密钥
volumes:
....
- /home/jenkins_home/.ssh/:/root/.ssh我们在上面已经添加了marksugar-ui, 如果有多个项目,多次添加即可
我们开始添加 java-demo
git@172.16.100.47:devops/k8s-yaml.git是kustmoize配置清单的地址
argocd repo add git@172.16.100.47:devops/k8s-yaml.git --ssh-private-key-path ~/.ssh/id_rsa --insecure-ignore-host-keybash-5.1# argocd repo add git@172.16.100.47:devops/k8s-yaml.git --ssh-private-key-path ~/.ssh/id_rsa --insecure-ignore-host-key
Repository 'git@172.16.100.47:devops/k8s-yaml.git' added
1.3.2 http
我门仍然可以考虑使用http来使用,官方的示例如下
argocd repo add https://github.com/argoproj/argocd-example-apps --username <username> --password <password>我的环境如下配置:
argocd repo add http://172.16.15.136:180/devops/k8s-yaml --username root --password gitlab.com
# 添加repo
root@ca060212e6f6:/var/jenkins_home# argocd repo add http://172.16.15.136:180/devops/k8s-yaml.git --username root --password gitlab.com
Repository 'http://172.16.15.136:180/devops/k8s-yaml.git' added
1.4 定义项目
AppProject CRD 是代表应用程序逻辑分组的 Kubernetes 资源对象。它由以下关键信息定义:
sourceRepos引用项目中的应用程序可以从中提取清单的存储库。destinations引用项目中的应用程序可以部署到的集群和命名空间(不要使用该name字段,仅server匹配该字段)。roles定义了他们对项目内资源的访问权限的实体列表。
一个示例规范如下:
在创建之前,我们先在集群内创建一个名称空间:marksugar
kubectl create ns marksugar声明式配置如下,指定name,指定marksugar部署的名称空间,其他默认
destinations:
- namespace: marksugar
server: 'https://172.16.100.11:6443'更多时候我们限制项目内使用的范围,比如我们只配置使用的
如:deployment,service,configmap,这些配置取决于控制器
apiVersion: v1
kind: ConfigMap
...
---
apiVersion: v1
kind: Service
...and Deployment
apiVersion: apps/v1
kind: Deployment如果此时有ingress,那么配置就如下
- group: 'networking.k8s.io'
kind: 'Ingress'以此推论。最终我的配置如下:
namespaceResourceWhitelist:
- group: 'apps'
kind: 'Deployment'
- group: ''
kind: 'Service'
- group: ''
kind: 'ConfigMap'一个完整的配置如下:
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: my-linuxea # 名称
# name: marksugar
namespace: argocd
# finalizers:
# - resources-finalizer.argocd.argoproj.io
spec:
description: Example Project(测试) # 更详细的内容
sourceRepos:
- '*'
destinations:
- namespace: marksugar # 名称空间
server: 'https://172.16.100.11:6443' # k8s api地址
# clusterResourceWhitelist:
# - group: ''
# kind: Namespace
# namespaceResourceBlacklist:
# - group: ''
# kind: ResourceQuota
# - group: ''
# kind: LimitRange
# - group: ''
# kind: NetworkPolicy
namespaceResourceWhitelist:
- group: 'apps'
kind: 'Deployment' # 名称空间的内允许让argocd当前app使用的的kind
- group: ''
kind: 'Service' # 名称空间的内允许让argocd当前app使用的的kind
- group: ''
kind: 'ConfigMap' # 名称空间的内允许让argocd当前app使用的的kind
# kind: Deployment
# - group: 'apps'
# kind: StatefulSet
# roles:
# - name: read-only
# description: Read-only privileges to my-project
# policies:
# - p, proj:my-project:read-only, applications, get, my-project/*, allow
# groups:
# - test-env
# - name: ci-role
# description: Sync privileges for guestbook-dev
# policies:
# - p, proj:my-project:ci-role, applications, sync, my-project/guestbook-dev, allow
# jwtTokens:
# - iat: 1535390316上面的这个有太多注释,精简一下,并进行成我门实际的参数,最终如下:
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: my-linuxea-java-demo
namespace: argocd
spec:
description: Example Project(测试)
sourceRepos:
- '*'
destinations:
- namespace: java-demo
server: 'https://172.16.100.11:6443'
namespaceResourceWhitelist:
- group: 'apps'
kind: 'Deployment'
- group: ''
kind: 'Service'
- group: ''
kind: 'ConfigMap'执行
PS E:\ops\k8s-1.23.1-latest\gitops\argocd> kubectl.exe apply -f .\project-new.yaml
appproject.argoproj.io/my-linuxea-java-demo created执行完成后,将会创建一个projects,在settings->projects查看
1.5 定义应用
Application CRD 是 Kubernetes 资源对象,表示环境中已部署的应用程序实例。它由两个关键信息定义:
source对 Git 中所需状态的引用(存储库、修订版、路径、环境)
destination对目标集群和命名空间的引用。对于集群,可以使用 server 或 name 之一,但不能同时使用两者(这将导致错误)。当服务器丢失时,它会根据名称进行计算并用于任何操作。
一个最小的应用程序规范如下:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: marksugar-ui
namespace: argocd
labels:
marksugar/marksugar-ui: prod # 标签
spec:
project: my-linuxea # 定义的项目名
source:
repoURL: git@172.16.100.47:pipeline-ops/marksugar-ui.git # git地址
targetRevision: master # git分支
path: overlays/marksugar-ui/prod/ # git路径对应到目录下的配置
destination:
server: https://172.16.100.11:6443 # k8s api
namespace: marksugar # 名称空间有关其他字段,请参阅application.yaml。只要您完成了入门的第一步,您就可以应用它kubectl apply -n argocd -f application.yaml,Argo CD 将开始部署留言簿应用程序。
或者使用下面客户端命令进行配置,比如我此前配置去的marksugar-ui就是命令行配置的,如下:
argocd app create marksugar-ui --repo git@172.16.100.47:pipeline-ops/marksugar-ui.git --revision master --path overlays/marksugar-ui/prod/ --dest-server https://172.16.100.11:6443 --dest-namespace marksugar --project=my-linuxea --label=marksugar/marksugar-ui=prod我门仍然进行修改成我门希望的配置样子,yaml如下
- 我这里使用的是http
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: java-demo
namespace: argocd
labels:
marksugar/app: java-demo
spec:
project: my-linuxea-java-demo
source:
repoURL: git@172.16.100.47:devops/k8s-yaml.git
targetRevision: java-demo
path: overlays/dev/
destination:
server: https://172.16.100.11:6443
namespace: java-demo此时创建了一个app
PS E:\ops\k8s-1.23.1-latest\gitops\argocd\java-demo> kubectl.exe apply -f .\app.yaml
application.argoproj.io/java-demo created如下
- 只有同步正常,healthy才会变绿
如果有多个名称空间,不想混合显示,我们在页面中在做左侧,选择cluster的名称空间后,才能看到名称空间下的app,也就是应用
如果你配置的是http的git地址就会是下面这个样子
配置
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: java-demo
namespace: argocd
labels:
marksugar/app: java-demo
spec:
project: my-linuxea-java-demo
source:
repoURL: http://172.16.15.136:180/devops/k8s-yaml.git
targetRevision: java-demo
path: overlays/dev/
destination:
server: https://172.16.15.137:6443
namespace: java-demo视图
1.6 手动同步
我门可以点击web页面的上面的sync来进行同步,也可以用命令行手动同步使其生效
我门通过argocd app list查看当前的已经有的项目
- 示例:
密钥
root@9c0cad5ebce8:/# argocd app list
NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET
java-demo https://172.16.15.137:6443 java-demo my-linuxea-java-demo Unknown Healthy <none> ComparisonError git@172.16.15.136:23857/devops/k8s-yaml.git overlays/dev/ java-demohttp
root@ca060212e6f6:/var/jenkins_home# argocd app list
NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET
java-demo https://172.16.15.137:6443 java-demo my-linuxea-java-demo OutOfSync Missing <none> <none> http://172.16.15.136:180/devops/k8s-yaml.git overlays/dev/ java-demo而我们现在的是这样的
bash-5.1# argocd app list
NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET
java-demo https://172.16.100.11:6443 java-demo my-linuxea-java-demo OutOfSync Missing <none> <none> git@172.16.100.47:devops/k8s-yaml.git overlays/dev/ java-demo
marksugar-ui https://172.16.100.11:6443 marksugar my-linuxea Synced Healthy <none> <none> git@172.16.100.47:pipeline-ops/marksugar-ui.git overlays/marksugar-ui/prod/ master而后进行同步即可
argocd app sync java-demo --retry-backoff-duration=10s -l marksugar/app=java-demo如下
bash-5.1# argocd app sync java-demo --retry-backoff-duration=10s -l marksugar/app=java-demo
TIMESTAMP GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
2022-07-09T19:20:26+08:00 ConfigMap java-demo envinpod-74t9b8htb6 Synced
2022-07-09T19:20:26+08:00 Service java-demo java-demo OutOfSync Missing
2022-07-09T19:20:26+08:00 apps Deployment java-demo java-demo Synced Healthy
2022-07-09T19:20:27+08:00 Service java-demo java-demo OutOfSync Healthy
2022-07-09T19:20:27+08:00 ConfigMap java-demo envinpod-74t9b8htb6 Synced configmap/envinpod-74t9b8htb6 unchanged
2022-07-09T19:20:27+08:00 Service java-demo java-demo OutOfSync Healthy service/java-demo created
2022-07-09T19:20:27+08:00 apps Deployment java-demo java-demo Synced Healthy deployment.apps/java-demo configured
Name: java-demo
Project: my-linuxea-java-demo
Server: https://172.16.100.11:6443
Namespace: java-demo
URL: https://172.16.100.11:31080/applications/java-demo
Repo: git@172.16.100.47:devops/k8s-yaml.git
Target: java-demo
Path: overlays/dev/
SyncWindow: Sync Allowed
Sync Policy: <none>
Sync Status: Synced to java-demo (fd1286f)
Health Status: Healthy
Operation: Sync
Sync Revision: fd1286f64d1edac2def43d4a37bcc13a9f0286d0
Phase: Succeeded
Start: 2022-07-09 19:20:26 +0800 CST
Finished: 2022-07-09 19:20:27 +0800 CST
Duration: 1s
Message: successfully synced (all tasks run)
GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
ConfigMap java-demo envinpod-74t9b8htb6 Synced configmap/envinpod-74t9b8htb6 unchanged
Service java-demo java-demo Synced Healthy service/java-demo created
apps Deployment java-demo java-demo Synced Healthy deployment.apps/java-demo configured
TIMESTAMP GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
2022-07-09T19:20:28+08:00 apps Deployment java-demo java-demo Synced Healthy
2022-07-09T19:20:28+08:00 ConfigMap java-demo envinpod-74t9b8htb6 Synced
2022-07-09T19:20:28+08:00 Service java-demo java-demo Synced Healthy
2022-07-09T19:20:28+08:00 apps Deployment java-demo java-demo Synced Healthy deployment.apps/java-demo configured
2022-07-09T19:20:28+08:00 ConfigMap java-demo envinpod-74t9b8htb6 Synced configmap/envinpod-74t9b8htb6 unchanged
2022-07-09T19:20:28+08:00 Service java-demo java-demo Synced Healthy service/java-demo unchanged
Name: java-demo
Project: my-linuxea-java-demo
Server: https://172.16.100.11:6443
Namespace: java-demo
URL: https://172.16.100.11:31080/applications/java-demo
Repo: git@172.16.100.47:devops/k8s-yaml.git
Target: java-demo
Path: overlays/dev/
SyncWindow: Sync Allowed
Sync Policy: <none>
Sync Status: Synced to java-demo (fd1286f)
Health Status: Healthy
Operation: Sync
Sync Revision: fd1286f64d1edac2def43d4a37bcc13a9f0286d0
Phase: Succeeded
Start: 2022-07-09 19:20:27 +0800 CST
Finished: 2022-07-09 19:20:28 +0800 CST
Duration: 1s
Message: successfully synced (all tasks run)
GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
ConfigMap java-demo envinpod-74t9b8htb6 Synced configmap/envinpod-74t9b8htb6 unchanged
Service java-demo java-demo Synced Healthy service/java-demo unchanged
apps Deployment java-demo java-demo Synced Healthy deployment.apps/java-demo configured同步完成后状态就会发生改变
命令行查看
bash-5.1# argocd app list
NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET
java-demo https://172.16.100.11:6443 java-demo my-linuxea-java-demo Synced Healthy <none> <none> git@172.16.100.47:devops/k8s-yaml.git overlays/dev/ java-demo
marksugar-ui https://172.16.100.11:6443 marksugar my-linuxea Synced Healthy <none> <none> git@172.16.100.47:pipeline-ops/marksugar-ui.git overlays/marksugar-ui/prod/ master打开页面查看
如果是http的这里会显示http
此时正在拉取镜像状态是 Progressing,我们等待拉取完成,而后选中后会点击进入详情页面
项目内的仪表盘功能如下图
一旦镜像完成拉取,并且runing起来,则显示健康
仪表盘功能如下图
回到k8s查看
[root@linuxea-01 .ssh]# kubectl get all -n java-demo
NAME READY STATUS RESTARTS AGE
pod/java-demo-6474cb8fc8-6zwlt 1/1 Running 0 7m45s
pod/java-demo-6474cb8fc8-92sw7 1/1 Running 0 7m45s
pod/java-demo-6474cb8fc8-k8985 1/1 Running 0 7m45s
pod/java-demo-6474cb8fc8-ndzpl 1/1 Running 0 7m45s
pod/java-demo-6474cb8fc8-rxg2k 1/1 Running 0 7m45s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/java-demo NodePort 10.111.26.148 <none> 8080:31180/TCP 24h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/java-demo 5/5 5 5 7m45s
NAME DESIRED CURRENT READY AGE
replicaset.apps/java-demo-6474cb8fc8 5 5 5 7m45s1.7 加入流水线
阅读过上一篇基于jenkins的kustomize配置发布(9)你大概就知道,整个简单的流程是怎么走的,我们复制过来修改一下,如下
当前阶段流水线阶段,步骤大致如下:
1.判断本地是否有git的目录,如果有就删除
2.拉取git,并切换到分支
3.追加当前的镜像版本到一个buildhistory的文件中
4.cd到目录中修改镜像
5.修改完成后上传修改你被人
6.argocd同步
与之不同的就是将kustomize和kubectl改成了argocd
代码快如下:
stage('Deploy') {
steps {
sh '''
[ ! -d ${JOB_NAMES} ] || rm -rf ${JOB_NAMES} }
git clone ${kustomize_Git} && cd ${JOB_NAMES} && git checkout ${apps_name}
echo "push latest images: $IPATH"
echo "`date +%F-%T` imageTag: $IPATH buildId: ${BUILD_NUMBER} " >> ./buildhistory-$Projects_Area-${apps_name}.log
cd overlays/$Projects_Area
${PACK_PATH}/kustomize edit set image $IPATH
cd ../..
git add .
git config --global push.default matching
git config user.name zhengchao.tang
git config user.email usertzc@163.com
git commit -m "image tag $IPATH-> ${imageUrlPath}"
git push -u origin ${apps_name}
${PACK_PATH}/argocd app sync ${apps_name} --retry-backoff-duration=10s -l marksugar/app=${apps_name}
'''
}
} 仅此而已
在上一篇中忘了截图
与此同时,gitlab上已经有了一个版本的历史记录
argocd最简单的示例到此告一段落
评论