argocd部署
# 安装argo cd
# 创建ns
[root@k8s-master ~]# kubectl create namespace argocd
1
# 安装argocd
[root@k8s-master ~]# kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
1
注意事项:默认下载的是最新版argocd,安装argocd时,务必参阅支持的k8s版本列表,否则会出现安装失败pod运行异常的情况。
参考文档:https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
由于k8s集群版本为1.23.16。因此安装的argo cd版本为2.4.28,yaml文件地址:https://github.com/argoproj/argo-cd/blob/v2.4.28/manifests/install.yaml
执行成功后会在argocd的namespace下创建如下资源。
[root@k8s-master ~]# kubectl get all -n argocd
NAME READY STATUS RESTARTS AGE
pod/argocd-application-controller-0 1/1 Running 0 12h
pod/argocd-applicationset-controller-5ff469f5b9-6bgcx 1/1 Running 0 12h
pod/argocd-dex-server-6df59d8b66-7xt4j 1/1 Running 0 12h
pod/argocd-notifications-controller-6566fdb9fb-kwrcc 1/1 Running 0 12h
pod/argocd-redis-86b48ccc59-87g7h 1/1 Running 0 12h
pod/argocd-repo-server-8556b5fd7b-42x2j 1/1 Running 0 12h
pod/argocd-server-59d6bfc48b-m8tdm 1/1 Running 0 12h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/argocd-applicationset-controller ClusterIP 10.107.129.45 <none> 7000/TCP,8080/TCP 15h
service/argocd-dex-server ClusterIP 10.101.106.223 <none> 5556/TCP,5557/TCP,5558/TCP 15h
service/argocd-metrics ClusterIP 10.111.3.69 <none> 8082/TCP 15h
service/argocd-notifications-controller-metrics ClusterIP 10.102.91.50 <none> 9001/TCP 15h
service/argocd-redis ClusterIP 10.106.114.155 <none> 6379/TCP 15h
service/argocd-repo-server ClusterIP 10.96.39.69 <none> 8081/TCP,8084/TCP 15h
service/argocd-server ClusterIP 10.108.206.123 <none> 80/TCP,443/TCP 15h
service/argocd-server-metrics ClusterIP 10.110.61.94 <none> 8083/TCP 15h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/argocd-applicationset-controller 1/1 1 1 15h
deployment.apps/argocd-dex-server 1/1 1 1 15h
deployment.apps/argocd-notifications-controller 1/1 1 1 15h
deployment.apps/argocd-redis 1/1 1 1 15h
deployment.apps/argocd-repo-server 1/1 1 1 15h
deployment.apps/argocd-server 1/1 1 1 15h
NAME DESIRED CURRENT READY AGE
replicaset.apps/argocd-applicationset-controller-5ff469f5b9 1 1 1 15h
replicaset.apps/argocd-applicationset-controller-7f9896f959 0 0 0 15h
replicaset.apps/argocd-dex-server-57784ccdfc 0 0 0 15h
replicaset.apps/argocd-dex-server-6df59d8b66 1 1 1 15h
replicaset.apps/argocd-notifications-controller-6566fdb9fb 1 1 1 15h
replicaset.apps/argocd-notifications-controller-f8c5999b7 0 0 0 15h
replicaset.apps/argocd-redis-6877f4f5bf 0 0 0 15h
replicaset.apps/argocd-redis-86b48ccc59 1 1 1 15h
replicaset.apps/argocd-repo-server-8556b5fd7b 1 1 1 15h
replicaset.apps/argocd-repo-server-8d7bd6b6c 0 0 0 15h
replicaset.apps/argocd-server-59c85d466d 0 0 0 15h
replicaset.apps/argocd-server-59d6bfc48b 1 1 1 15h
NAME READY AGE
statefulset.apps/argocd-application-controller 1/1 15h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# web访问argocd
访问Argo server的方式有两种:
- 通过web ui
- 使用argocd 客户端工具
# 访问web ui(NodePort方式)
通过kubectl edit -n argocd svc argocd-server将service的type类型从ClusterIP改为NodePort。改完后通过以下命令查看端口:
[root@k8s-master ~]# kubectl get svc -n argocd
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
argocd-applicationset-controller ClusterIP 10.107.129.45 <none> 7000/TCP,8080/TCP 15h
argocd-dex-server ClusterIP 10.101.106.223 <none> 5556/TCP,5557/TCP,5558/TCP 15h
argocd-metrics ClusterIP 10.111.3.69 <none> 8082/TCP 15h
argocd-notifications-controller-metrics ClusterIP 10.102.91.50 <none> 9001/TCP 15h
argocd-redis ClusterIP 10.106.114.155 <none> 6379/TCP 15h
argocd-repo-server ClusterIP 10.96.39.69 <none> 8081/TCP,8084/TCP 15h
argocd-server NodePort 10.108.206.123 <none> 80:30357/TCP,443:32640/TCP 15h
argocd-server-metrics ClusterIP 10.110.61.94 <none> 8083/TCP 15h
1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
访问https://192.168.10.10:32640/ (opens new window)
用户名为admin,初始密码
kubectl get secret -n argocd argocd-initial-admin-secret -o yaml
转换解析密码 base64 ,为解析后的密码
echo cFN4SG5kR0tadFpjQ3Jaag== |base64 -d
# 访问web ui(ingress方式)
访问web ui必须使用https方式访问,以traefik为例,创建ingressroute资源
# 创建证书文件
[root@k8s-master argo]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=argocd.test.com"
# 创建secret资源
[root@k8s-master argo]# kubectl create secret tls argocd-tls --cert=tls.crt --key=tls.key -n argocd
secret/myapp2-tls created
[root@k8s-master argo]# kubectl describe secrets argocd-tls -n argocd
Name: argocd-tls
Namespace: default
Labels: <none>
Annotations: <none>
Type: kubernetes.io/tls
Data
====
tls.crt: 1131 bytes
tls.key: 1704 bytes
# 创建ingress资源
[root@k8s-master argo]# cat ingress.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: argocd-tls
namespace: argocd
spec:
entryPoints:
- websecure # 监听 websecure 这个入口点,也就是通过 443 端口来访问
routes:
- match: Host(`argocd.test.com`)
kind: Rule
services:
- name: argocd-server
port: 443
tls:
secretName: argocd-tls # 指定tls证书名称
[root@k8s-master argo]# kubectl apply -f ingress.yaml
ingressroute.traefik.containo.us/argocd-tls create
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
添加hosts解析记录 192.168.10.10 argocd.test.com
# 客户端工具访问argocd
# 下载argocd客户端工具
注意客户端工具版本与argocd版本保持一致
[root@k8s-master argo]# wget https://github.com/argoproj/argo-cd/releases/download/v2.4.18/argocd-linux-amd64
[root@k8s-master argo]# mv argocd-linux-amd64 /usr/local/bin/argocd
[root@k8s-master argo]# chmod u+x argocd
[root@k8s-master argo]# chmod u+x /usr/local/bin/argocd
[root@k8s-master argo]# argocd version
argocd: v2.4.18+beef23b
BuildDate: 2022-12-16T16:31:28Z
GitCommit: beef23b7a4ecf3fcb20c7aaa5b18e5cb4e1b8af2
GitTreeState: clean
GoVersion: go1.18.9
Compiler: gc
Platform: linux/amd64
argocd-server: v2.4.28+598f792
BuildDate: 2023-03-23T14:58:46Z
GitCommit: 598f79236ae4160325b37342434baef4ff95d61c
GitTreeState: clean
GoVersion: go1.18.10
Compiler: gc
Platform: linux/amd64
Kustomize Version: v4.4.1 2021-11-11T23:36:27Z
Helm Version: v3.8.1+g5cb9af4
Kubectl Version: v0.23.1
Jsonnet Version: v0.18.0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# 客户端工具登录argocd
[root@k8s-master argo]# argocd login 192.168.10.10:32640 --username admin --password argocd-server-59d6bfc48b-m8tdm
'admin:login' logged in successfully
Context '192.168.10.10:32640' updated
1
2
3
2
3
# 更新admin密码
[root@k8s-master argo]# argocd account update-password --account admin --current-password argocd-server-59d6bfc48b-m8tdm --new-password 12345678
Password updated
Context '192.168.10.10:32640' updated
1
2
3
2
3
上次更新: 2024/03/27, 08:45:38
|