部署 Argo CD v2.9.3
创建 ns argocd
# kubectl create namespace argocdnamespace/argocd created安装 argocd
# kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.9.3/manifests/ha/install.yamlcustomresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/applicationsets.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-applicationset-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-notifications-controller created
serviceaccount/argocd-redis-ha created
serviceaccount/argocd-redis-ha-haproxy created
serviceaccount/argocd-repo-server created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-applicationset-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-notifications-controller created
role.rbac.authorization.k8s.io/argocd-redis-ha created
role.rbac.authorization.k8s.io/argocd-redis-ha-haproxy created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-notifications-controller created
rolebinding.rbac.authorization.k8s.io/argocd-redis-ha created
rolebinding.rbac.authorization.k8s.io/argocd-redis-ha-haproxy created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-cmd-params-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-notifications-cm created
configmap/argocd-rbac-cm created
configmap/argocd-redis-ha-configmap created
configmap/argocd-redis-ha-health-configmap created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-notifications-secret created
secret/argocd-secret created
service/argocd-applicationset-controller created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-notifications-controller-metrics created
service/argocd-redis-ha created
service/argocd-redis-ha-announce-0 created
service/argocd-redis-ha-announce-1 created
service/argocd-redis-ha-announce-2 created
service/argocd-redis-ha-haproxy created
service/argocd-repo-server created
service/argocd-server created
service/argocd-server-metrics created
deployment.apps/argocd-applicationset-controller created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-notifications-controller created
deployment.apps/argocd-redis-ha-haproxy created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
statefulset.apps/argocd-application-controller created
statefulset.apps/argocd-redis-ha-server created
networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-applicationset-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
networkpolicy.networking.k8s.io/argocd-notifications-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-ha-proxy-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-ha-server-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy created查看 argocd 资源
查看 pod
# kubectl get pods -n argocdNAME READY STATUS RESTARTS AGE
argocd-application-controller-0 1/1 Running 0 19m
argocd-applicationset-controller-5f975ff5-fjjz5 1/1 Running 0 20m
argocd-dex-server-7bb445db59-vnm8w 1/1 Running 0 20m
argocd-notifications-controller-566465df76-tm8j9 1/1 Running 0 20m
argocd-redis-ha-haproxy-7b898b954b-d95wf 1/1 Running 0 20m
argocd-redis-ha-haproxy-7b898b954b-gqg6l 1/1 Running 0 20m
argocd-redis-ha-haproxy-7b898b954b-hgbnb 1/1 Running 0 20m
argocd-redis-ha-server-0 3/3 Running 0 19m
argocd-redis-ha-server-1 3/3 Running 0 15m
argocd-redis-ha-server-2 3/3 Running 0 13m
argocd-repo-server-56f754cbb7-c5bvn 1/1 Running 0 20m
argocd-repo-server-56f754cbb7-gjv8t 1/1 Running 0 20m
argocd-server-c9d5dbdb6-676ns 1/1 Running 0 20m
argocd-server-c9d5dbdb6-zdl4m 1/1 Running 0 20m查看 svc
# kubectl get svc -n argocdNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
argocd-applicationset-controller ClusterIP 10.100.236.115 <none> 7000/TCP,8080/TCP 21m
argocd-dex-server ClusterIP 10.100.188.12 <none> 5556/TCP,5557/TCP,5558/TCP 21m
argocd-metrics ClusterIP 10.100.22.127 <none> 8082/TCP 21m
argocd-notifications-controller-metrics ClusterIP 10.100.61.49 <none> 9001/TCP 21m
argocd-redis-ha ClusterIP None <none> 6379/TCP,26379/TCP 21m
argocd-redis-ha-announce-0 ClusterIP 10.100.62.64 <none> 6379/TCP,26379/TCP 21m
argocd-redis-ha-announce-1 ClusterIP 10.100.69.120 <none> 6379/TCP,26379/TCP 21m
argocd-redis-ha-announce-2 ClusterIP 10.100.202.175 <none> 6379/TCP,26379/TCP 21m
argocd-redis-ha-haproxy ClusterIP 10.100.74.249 <none> 6379/TCP,9101/TCP 21m
argocd-repo-server ClusterIP 10.100.19.66 <none> 8081/TCP,8084/TCP 21m
argocd-server ClusterIP 10.100.243.80 <none> 80/TCP,443/TCP 21m
argocd-server-metrics ClusterIP 10.100.177.201 <none> 8083/TCP 21m查看 CRD
# kubectl api-resources |grep argoapplications app,apps argoproj.io/v1alpha1 true Application
applicationsets appset,appsets argoproj.io/v1alpha1 true ApplicationSet
appprojects appproj,appprojs argoproj.io/v1alpha1 true AppProject暴露 argocd-server
argocd-dashboard-virtualservice.yaml
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: argocd-dashboard-gateway
namespace: istio-system
spec:
selector:
app: istio-ingressgateway
servers:
- hosts:
- "argocd.wgs.com"
port:
number: 80
name: http
protocol: HTTP
tls:
httpsRedirect: true
- hosts:
- "argocd.wgs.com"
port:
number: 443
name: https
protocol: HTTPS
tls:
mode: PASSTHROUGH
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: argocd-dashboard-virtualservice
namespace: argocd
spec:
hosts:
- "argocd.wgs.com"
gateways:
- istio-system/argocd-dashboard-gateway
tls:
- match:
- port: 443
sniHosts:
- argocd.wgs.com
route:
- destination:
host: argocd-server
port:
number: 443创建 vs
# kubectl apply -f argocd-dashboard-virtualservice.yamlgateway.networking.istio.io/argocd-dashboard-gateway created
virtualservice.networking.istio.io/argocd-dashboard-virtualservice created查看 vs
# kubectl get vs -n argocdNAME GATEWAYS HOSTS AGE
argocd-dashboard-virtualservice ["istio-system/argocd-dashboard-gateway"] ["argocd.wgs.com"] 5m46s查看 Istio svc
# kubectl get svc -n istio-systemNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-egressgateway ClusterIP 10.100.156.22 <none> 80/TCP,443/TCP 24d
istio-ingressgateway LoadBalancer 10.100.148.114 192.168.174.249 15021:31031/TCP,80:31283/TCP,443:30741/TCP 25d
istiod ClusterIP 10.100.158.79 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 25d
knative-local-gateway ClusterIP 10.100.169.65 <none> 80/TCP 23d添加hosts
# echo "192.168.174.249 argocd.wgs.com" >> hosts部署 argocd CLI
curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/v2.9.3/argocd-linux-amd64
sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
rm argocd-linux-amd64使用 CLI 登录
admin帐户的初始密码是自动生成的,并以明文形式存储在 Argo CD 安装命名空间中名为 argocd-initial-admin-secret 的secret中。获取初始密码
# argocd admin initial-password -n argocdJoOpha6ShfmVpt4-
This password must be only used for first time login. We strongly recommend you update the password using `argocd account update-password`.登录 argocd
# argocd login 10.100.123.2 # argocd-server svc 地址WARNING: server certificate had error: tls: failed to verify certificate: x509: cannot validate certificate for 10.100.123.2 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? y
Username: admin
Password:
'admin:login' logged in successfully
Context '10.100.123.2' updated更新 argocd 密码
# argocd account update-password*** Enter password of currently logged in user (admin):
*** Enter new password for user admin:
*** Confirm new password for user admin:
Password updated
Context '10.100.123.2' updatedArgocd dashboard
访问 argocd dashboard
https://argocd.wgs.com
参考文档
https://argo-cd.readthedocs.io/en/stable/getting_started/
