Jenkins-Argocd CICD-下
# 九、Argocd配置CD
# 安装Argocd
项目路径: kubernetes-software-yaml/argocd
https://argo-cd.readthedocs.io/en/stable/
https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
# 直接使用编排文件进行安装(这里采用编排文件进行安装)
kubectl create namespace argocd
wget https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl apply -f install.yaml -n argocd --dry-run=server
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# 使用helm进行安装
helm repo add argo https://argoproj.github.io/argo-helm
helm search repo argocd
helm pull argo/argo-cd --untar --version 3.35.4
$ helm upgrade --install argocd . -n argocd
Release "argocd" does not exist. Installing it now.
NAME: argocd
LAST DEPLOYED: Thu Nov 17 17:03:23 2022
NAMESPACE: argocd
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
In order to access the server UI you have the following options:
1. kubectl port-forward service/argocd-server -n argocd 8080:443
and then open the browser on http://localhost:8080 and accept the certificate
2. enable ingress in the values file "server.ingress.enabled" and either
- Add the annotation for ssl passthrough: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough
- Add the "--insecure" flag to "server.extraArgs" in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts
After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli)
# Ingress 配置(这里采用的Nginx Ingress)
$ kubectl apply -f argo-ingress.yaml -n argocd --dry-run=server
ingress.networking.k8s.io/argocd-server-ingress created (server dry run)
$ kubectl apply -f argo-ingress.yaml -n argocd
ingress.networking.k8s.io/argocd-server-ingress created
$ kubectl get ingress -n argocd
NAME CLASS HOSTS ADDRESS PORTS AGE
argocd-server-ingress <none> argocddemo.chsaos.com 80, 443 3s
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
官方文档: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
问题: rgocd 将您重定向的次数过多
If you encounter a redirect loop or are getting a 307 response code解决:
then you need to force the nginx ingress to connect to the backend using HTTPS.
# Argocd客户端安装
$ VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argo-cd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
$ curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/$VERSION/argocd-linux-amd64
$ chmod +x /usr/local/bin/argocd
$ ln -sfv /usr/local/bin/argocd /usr/bin/
# 查看密码
$ kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
FMgfgp1RLZ2HRLbz
# argocd客户端连接
$ CLUSTER_IP=`kubectl get svc argocd-server -n argocd -o jsonpath="{.spec.clusterIP}"`
$ argocd --insecure login ${CLUSTER_IP}:443
Username: admin
Password:
'admin:login' logged in successfully
Context '10.103.59.183:443' updated
$ argocd version
argocd: v2.5.2+148d8da
BuildDate: 2022-11-07T17:06:04Z
GitCommit: 148d8da7a996f6c9f4d102fdd8e688c2ff3fd8c7
GitTreeState: clean
GoVersion: go1.18.7
Compiler: gc
Platform: linux/amd64
argocd-server: v2.5.2+148d8da
BuildDate: 2022-11-07T16:42:47Z
GitCommit: 148d8da7a996f6c9f4d102fdd8e688c2ff3fd8c7
GitTreeState: clean
GoVersion: go1.18.8
Compiler: gc
Platform: linux/amd64
Kustomize Version: v4.5.7 2022-08-02T16:35:54Z
Helm Version: v3.10.1+g9f88ccb
Kubectl Version: v0.24.2
Jsonnet Version: v0.18.0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# 域名访问Argocd
- https://argocddemo.chsaos.com/
- 默认用户名: admin
# 查看密码
$ kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
FMgfgp1RLZ2HRLbz
1
2
3
2
3
# argocd上添加代码仓库
# 创建应用
- 同步策略: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/
Application Name: myapp-dev
Project Name: default
SYNC POLICY: Automatic
SYNC OPTIONS: PRUNT LAST
Repository URL: https://gitlabdemo.chsaos.com/infra/devops-cd.git
Revision: HEAD
Path: devops-simple-java/
Cluster URL: https://kuberntes.default.svc
Namespace: dev
- https://argo-cd.readthedocs.io/en/stable/user-guide/kustomize/
# APP HEALH问题
- ArgoCD Ingress资源一直处于Progressing状态
Argocd一个bug,ingress的健康检查必须要loadBalance有值,不然就不通过,但是并不影响使用这个问题需要分版本做不同的处理;主要是通过
ArgoCD健康检查的自定义的资源检查来排除对Ingress的检查
参考官方文档
https://argo-cd.readthedocs.io/en/stable/operator-manual/health/#ingress
https://github.com/argoproj/argo-cd/issues/1704
# Nginx Ingress处理
- 查看
Nginx的版本
# 查看Nginx Ingress 中Nginx的版本
$ kubectl exec -it ingress-nginx-controller-b7db2 -n ingress-nginx -- /bin/sh -c "nginx -V"
nginx version: nginx/1.21.6
built by gcc 11.2.1 20220219 (Alpine 11.2.1_git20220219)
built with OpenSSL 1.1.1q 5 Jul 2022 (running with OpenSSL 1.1.1s 1 Nov 2022)
....
1
2
3
4
5
6
2
3
4
5
6
v1.20.0及以上版本处理
# 编辑Argocd的configmap
$ kubectl get cm -n argocd
NAME DATA AGE
argocd-cm 0 28h
......
$ kubectl edit cm -n argocd argocd-cm
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
......
labels:
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
name: argocd-cm
namespace: argocd
......
data:
resource.customizations: |
networking.k8s.io/Ingress:
health.lua: |
hs = {}
hs.status = "Healthy"
return hs
# 获取Argocd登录密码
$ kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
FMgfgp1RLZ2HRLbz
# 获取Argocd Service IP地址
$ CLUSTER_IP=`kubectl get svc argocd-server -n argocd -o jsonpath="{.spec.clusterIP}"`
# 使用CLUSTER_IP登录Argocd
$ argocd --insecure login ${CLUSTER_IP}:443
Username: admin
Password:
'admin:login' logged in successfully
Context '10.103.59.183:443' updated
# 查看Argocd的APP 列表
$ argocd app list
NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET
argocd/myapp-dev https://kubernetes.default.svc dev default Synced Progressing Auto <none> https://gitlabdemo.chsaos.com/infra/devops-cd.git devops-simple-java/ HEAD
# 应用同步
$ argocd app sync argocd/myapp-dev --force
TIMESTAMP GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
2022-11-18T22:05:32+08:00 Service dev the-service Synced Healthy
2022-11-18T22:05:32+08:00 apps Deployment dev the-deployment Synced Healthy
2022-11-18T22:05:32+08:00 networking.k8s.io Ingress dev the-ingress Synced Progressing
2022-11-18T22:05:32+08:00 Service dev the-service Synced Healthy service/the-service unchanged
2022-11-18T22:05:32+08:00 apps Deployment dev the-deployment Synced Healthy deployment.apps/the-deployment unchanged
2022-11-18T22:05:32+08:00 networking.k8s.io Ingress dev the-ingress Synced Progressing ingress.networking.k8s.io/the-ingress unchanged
Name: argocd/myapp-dev
Project: default
Server: https://kubernetes.default.svc
Namespace: dev
URL: https://10.103.59.183/applications/argocd/myapp-dev
Repo: https://gitlabdemo.chsaos.com/infra/devops-cd.git
Target: HEAD
Path: devops-simple-java/
SyncWindow: Sync Allowed
Sync Policy: Automated
Sync Status: Synced to HEAD (fbc4a6c)
Health Status: Healthy
Operation: Sync
Sync Revision: fbc4a6c57f7cbbf1baa63b878bac2cefcad17c60
Phase: Succeeded
Start: 2022-11-18 22:05:32 +0800 CST
Finished: 2022-11-18 22:05:32 +0800 CST
Duration: 0s
Message: successfully synced (all tasks run)
GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
Service dev the-service Synced Healthy service/the-service unchanged
apps Deployment dev the-deployment Synced Healthy deployment.apps/the-deployment unchanged
networking.k8s.io Ingress dev the-ingress Synced Healthy ingress.networking.k8s.io/the-ingress unchanged
# 查看应用的HEALTHY状态
$ argocd app list
NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET
argocd/myapp-dev https://kubernetes.default.svc dev default Synced Healthy Auto <none> https://gitlabdemo.chsaos.com/infra/devops-cd.git devops-simple-java/ HEAD
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
v1.20.0版本以下版本处理
# 编辑Argocd的configmap
$ kubectl get cm -n argocd
NAME DATA AGE
argocd-cm 0 28h
......
$ kubectl edit cm -n argocd argocd-cm
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
......
labels:
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
name: argocd-cm
namespace: argocd
......
data:
resource.customizations.health.extensions_Ingress: |
hs = {}
hs.status = "Healthy"
hs.message = "SoulChild"
return hs
resource.customizations.useOpenLibs.extensions_Ingress: "true"
# 获取Argocd登录密码
$ kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
# 获取Argocd Service IP地址
$ CLUSTER_IP=`kubectl get svc argocd-server -n argocd -o jsonpath="{.spec.clusterIP}"`
# 使用CLUSTER_IP登录Argocd
$ argocd --insecure login ${CLUSTER_IP}:443
# 查看Argocd的APP 列表
$ argocd app list
# 应用同步
$ argocd app sync argocd/myapp-dev --force
......
# 查看应用的HEALTHY状态
$ argocd app list
......
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
WEB页面恢复正常
# 通过域名访问服务
testcoolops.chsaos.com
# 查看Java服务的Igress域名
$ kubectl get ns
NAME STATUS AGE
argocd Active 29h
default Active 2d11h
dev Active 30h
......
$ kubectl get ingress -n dev
NAME CLASS HOSTS ADDRESS PORTS AGE
the-ingress <none> testcoolops.chsaos.com 80, 443 174m
1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
# 十、集成Gitlab
# 通过Webhook触发Jenkins
在
Jenkins中选择项目,在项目中配置gitlab触发
GitLab. GitLab webhook UR: http://jenkinsdemo.chsaos.com/project/devops-simple-java_TEST
Secret token: eb5c5c10d5a421ed8fab115a31651f3d
# Gitlab上配置集成
进入项目-->项目设置-->集成
- 配置
Jenkins上生成的回调URL和TOKEN
Gitlab手动发送test观察是否触发流水线
- 到
ArgocdWEB界面手动SYNC
访问
Java ServiceIngress 域名https://testcoolops.chsaos.com/hello
上次更新: 2024/04/09, 16:48:42
- 01
- AWS NAT-NetWork-Firwalld配置(一)04-09
- 02
- AWS NAT-NetWork-Firwalld配置(二)04-09
- 03
- kubernetes部署minio对象存储01-18