Argo CD安装配置

安装Argo CD

单独为Argo CD创建命名空间argocd，命令如下所示。

$ kubectl create namespace argocd
namespace/argocd created

使用以下命令将Argo CD部署到argocd命名空间下。

$ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-secret created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server-metrics created
service/argocd-server created
deployment.apps/argocd-application-controller created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created

查看Argo CD所有Deployment部署的运行状态，如下所示。

$ kubectl -n argocd get deployment
NAME                            READY   UP-TO-DATE   AVAILABLE   AGE
argocd-application-controller   1/1     1            1           2m41s
argocd-dex-server               1/1     1            1           2m41s
argocd-redis                    1/1     1            1           2m41s
argocd-repo-server              1/1     1            1           2m41s
argocd-server                   1/1     1            1           2m41s

Argo CD中每个Deployment部署的职责如下所示。

• argocd-application-controller：Application Controller组件。
• argocd-dex-server：Argo CD集成Dex service用于将身份验证委托给外部提供者，更多关于Dex的介绍请访问Dex社区（https://github.com/dexidp/dex）进行了解。
• argocd-redis：Argo CD集成Redis服务，用于临时缓存，缓存丢失并不会影响Argo CD的正常工作。
• argocd-repo-server：Repository Server组件。
• argocd-server：API Server组件。

Argo CD的访问方式

用户可以使用Web UI或者CLI方式访问Argo CD。

1. 使用CLI访问Argo CD

下载并安装Argo CD CLI工具，Linux系统和Mac OS系统下对应不同的二进制可执行文件。

Linux系统安装命令如下所示。

$ VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argocd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
$ curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argocd/releases/download/$VERSION/argocd-linux-amd64
$ chmod  +x /usr/local/bin/argocd

Mac OS系统安装命令如下所示。

$ VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argocd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
$ curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argocd/releases/download/$VERSION/argocd-darwin-amd64
$ chmod +x /usr/local/bin/argocd

使用以下命令检查CLI是否正常执行。

$ argocd version
argocd: v1.7.4+f8cbd6b
  BuildDate: 2020-09-05T02:44:27Z
  GitCommit: f8cbd6bf432327cc3b0f70d23b66511bb906a178
  GitTreeState: clean
  GoVersion: go1.14.1
  Compiler: gc
  Platform: linux/amd64
FATA[0000] Argo CD server address unspecified

CLI访问Argo CD之前需要使用用户名和密码进行登录，默认的内置用户名是admin，初始密码为Argo CD API Server Pod的名字，可以使用如下命令获取初始密码。

$ kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
argocd-server-cf8dbb7bd-n5zrv

获取Argo CD API Server服务访问端点，命令如下所示。

$ kubectl get svc -n argocd -l app.kubernetes.io/name=argocd-server |grep argocd-server
argocd-server   ClusterIP   172.27.8.59   <none>        80/TCP,443/TCP   26m

使用用户名密码登录Argo CD系统。

$ argocd login 172.27.8.59
WARNING: server certificate had error: x509: cannot validate certificate for 172.27.8.59 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? y
Username: admin
Password:
'admin' logged in successfully
Context '172.27.8.59' updated

再次使用Argo CD CLI命令查看客户端和服务端的版本信息，若都能正确输出信息则说明客户端和服务端正常工作。

$ argocd version
argocd: v1.7.4+f8cbd6b
  BuildDate: 2020-09-05T02:44:27Z
  GitCommit: f8cbd6bf432327cc3b0f70d23b66511bb906a178
  GitTreeState: clean
  GoVersion: go1.14.1
  Compiler: gc
  Platform: linux/amd64
argocd-server: v1.7.3+b4c79cc
  BuildDate: 2020-09-01T23:19:02Z
  GitCommit: b4c79ccb88173604c3786dcd34e83a9d7e8919a5
  GitTreeState: clean
  GoVersion: go1.14.1
  Compiler: gc
  Platform: linux/amd64
  Ksonnet Version: v0.13.1
  Kustomize Version: {Version:kustomize/v3.6.1 GitCommit:c97fa946d576eb6ed559f17f2ac43b3b5a8d5dbd BuildDate:2020-05-27T20:47:35Z GoOs:linux GoArch:amd64}
  Helm Version: version.BuildInfo{Version:"v3.2.0", GitCommit:"e11b7ce3b12db2941e90399e874513fbd24bcb71", GitTreeState:"clean", GoVersion:"go1.13.10"}
  Kubectl Version: v1.17.8

使用以下命令可以更新Argo CD系统中admin用户的密码。

$ argocd account update-password
*** Enter current password:
*** Enter new password:
*** Confirm new password:
Password updated
Context '172.27.8.59' updated

Argo CD默认只支持admin用户登录访问，更多关于Argo CD用户管理的内容请阅读7.3.1节。

2. 使用Web UI访问Argo CD

安装Argo CD后，API Server默认使用Kubernetes内部服务类型ClusterIP，如果想从Kubernetes集群外部访问API Server，则需要执行以下命令将服务类型改为LoadBalancer。

$ kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'
service/argocd-server patched

或执行以下命令将服务类型改为NodePort。

$ kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}'
service/argocd-server patched

在浏览器中访问Argo CD。使用用户名和密码登录后，直接跳转到应用面板。

卸载Argo CD

如果想从集群中卸载Argo CD，执行以下命令可删除Argo CD的所有资源。

$ kubectl delete -n argocd -f https://raw.githubusercontent.com/argoproj/argo-  cd/stable/manifests/install.yaml
$ kubectl delete ns argocd