kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argo-cd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/$VERSION/argocd-linux-amd64
chmod +x /usr/local/bin/argocd
cat <<EOF | kubectl apply -f -
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: argocd-server-ingress
namespace: argocd
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- host: argocd.172.31.230.24.nip.io
http:
paths:
- backend:
serviceName: argocd-server
servicePort: https
tls:
- hosts:
- argocd.172.31.230.24.nip.io
secretName: argocd-tls-secret
EOF
kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
## 出現的東西即是密碼
argocd-server-656f9b895b-bfjvw
## 先port-forward 如果直接連ing 會出現UTF8問題
kubectl port-forward svc/argocd-server -n argocd --address 0.0.0.0 8080:443
## 取得密碼
kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
argocd-server-656f9b895b-bfjvw
## 登入
argocd login 127.0.0.1:8080
## 修改密碼
argocd account update-password
## 變更密碼
argocd account update-password
*** Enter current password:
*** Enter new password:
*** Confirm new password:
- 預設值只能在default 的namespace 裡面活動
- 執行下面指令會將現在的kube config 裡關於 kube-system 的權限綁定給 此sa使用 (如果你正在登入的權限為cluster-admin, 此時argo的sa 也會同樣取得此ClusterRole)
## local 為kubeconfig 內的 CONTEXTNAME
argocd cluster add local
### 會發現報錯誤 因為我們用的是rancher 的kube api
INFO[0000] ServiceAccount "argocd-manager" created in namespace "kube-system"
INFO[0000] ClusterRole "argocd-manager-role" created
INFO[0000] ClusterRoleBinding "argocd-manager-role-binding" created
Handling connection for 8080
FATA[0001] rpc error: code = Unauthenticated desc = the server has asked for the client to provide credentials
## 解決辦法在下面
### 裡面相關資訊從rancher 的的kubeconfig取得
https://gist.github.com/janeczku/b16154194f7f03f772645303af8e9f80
apiVersion: v1
kind: Secret
metadata:
name: mycluster-secret
labels:
argocd.argoproj.io/secret-type: cluster
type: Opaque
stringData:
name: mycluster.com
server: https://mycluster.com
config: |
{
"bearerToken": "<authentication token>",
"tlsClientConfig": {
"insecure": false,
"caData": "<base64 encoded certificate>"
}
}
## ===========================================
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: rancher-secret
namespace: argocd
labels:
argocd.argoproj.io/secret-type: cluster
type: Opaque
stringData:
name: rancher.local
server: https://rancher.intranet.com.tw/k8s/clusters/local
config: |
{
"bearerToken": "kubeconfig-user-5h5gh:h942vjfbhhl9p79c7vk626bXXXXXXXXXXXXXXXXrhvzzkzjcszw",
"tlsClientConfig": {
"insecure": true
}
}
EOF
argocd app create guestbook --repo https://github.com/harryliu123/argocd-example-apps --path guestbook --dest-server https://kubernetes.default.svc --dest-namespace test
## --self-heal 會自動比對同步 30秒同步一次
argocd app set guestbook --sync-policy automated --auto-prune --self-heal \
--self-heal-timeout-seconds 30
連線到UI: https://argocd.172.31.230.24.nip.io
- 再登入自己的github
- 連線到下面的範例網址 https://github.com/harryliu123/argocd-example-apps
- 按下右上角的 Fork 取得網址 https://github.com/yourname/argocd-example-apps
- 修改 guestbook/guestbook-ui-ingress.yaml 裡面的網址: guestbook.tradevan-rd.com
- path 為 guestbook
- 由於 argo 所佈署的k8s 和 guestbook 為同一座k8s 所以 kube api為https://kubernetes.default.svc
- 將服務佈署在 default的 namespace上
argocd app create guestbook --repo https://github.com/yourname/argocd-example-apps --path guestbook --dest-server https://kubernetes.default.svc --dest-namespace default
連線 http:https://guestbook.tradevan-rd.com 即可看到網頁
$ kubectl get po
NAME READY STATUS RESTARTS AGE
guestbook-ui-85c9c5f9cb-fdc97 1/1 Running 0 14h
...
spec:
replicas: 3 --> 原本1改為3
...
$ kubectl get po
NAME READY STATUS RESTARTS AGE
guestbook-ui-85c9c5f9cb-7vw7w 0/1 ContainerCreating 0 4s
guestbook-ui-85c9c5f9cb-fdc97 1/1 Running 0 16h
guestbook-ui-85c9c5f9cb-kgqrh 0/1 ContainerCreating 0 4s
## 先到slack 註冊
### 註冊網址
https://api.slack.com/apps?new_app=1
### 參考文件
https://argoproj-labs.github.io/argocd-notifications/services/slack/
## 安裝 argocd-notifications
helm repo add argo https://argoproj.github.io/argo-helm
helm install --namespace argocd argo/argocd-notifications --generate-name \
--set triggers[0].name=on-sync-succeeded \
--set triggers[0].enabled=true \
--set secret.notifiers.slack.enabled=true \
--set secret.notifiers.slack.token=<slack token>