2021.4.20
1. Argo CD
- Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
- https://argoproj.github.io/argo-cd/
- Argo CD is largely stateless, all data is persisted as Kubernetes objects, which in turn is stored in Kubernetes' etcd.
Redis is only used as a throw-away cache and can be lost. When lost, it will be rebuilt without loss of service.
2. Environments
- Kubernetes 1.16.15
- Argo CD v 1.8.7
3. Install Argo CD
$ kubectl create namespace argocd
$ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v1.8.7/manifests/install.yaml
$
$ kubectl get pod -n argocd
NAME READY STATUS RESTARTS AGE
argocd-application-controller-0 1/1 Running 0 103s
argocd-dex-server-6dfbbfc5fd-qshjx 1/1 Running 0 103s
argocd-redis-5ccdd9d4fd-cvh4n 1/1 Running 0 103s
argocd-repo-server-dc6b8f69f-7xc4l 1/1 Running 0 103s
argocd-server-5d7b59fcd-zzpwn 1/1 Running 0 103s
$ kubectl get svc argocd-server -n argocd
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
argocd-server LoadBalancer 10.98.62.228 14.52.244.139 80:31797/TCP,443:30831/TCP 25d
$
$ kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
argocd-server-5d7b59fcd-zzpwn
$admin 계정의 암호는 설치 시점의 초기 argocd-server pod 명('argocd-server-5d7b59fcd-zzpwn')이다.
4. Download Argo CD CLI
$ VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argo-cd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
$ sudo curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/$VERSION/argocd-linux-amd64
## scp argocd root@14.52.244.134:/usr/local/bin
$ sudo chmod +x /usr/local/bin/argocd
$ argocd login 14.52.244.139 --insecure
Username: admin
Password:
'admin' logged in successfully
Context '14.52.244.139' updated
$
$ argocd account update-password
*** Enter current password:
*** Enter new password:
*** Confirm new password:
Password updated
Context '14.52.244.139' updated
$
5. User management
- https://argoproj.github.io/argo-cd/operator-manual/user-management/
a. Create local new user
$ k edit configmaps argocd-cm -n argocd
apiVersion: v1
data:
# add an additional local user with apiKey and login capabilities
# apiKey - allows generating API keys
# login - allows to login using UI
accounts.agp: login # new user
accounts.ktxtwin: login
repositories: |
…
$ argocd account list
NAME ENABLED CAPABILITIES
admin true login
ktxtwin true login
$ argocd account update-password --account agp --new-password *****
*** Enter current password: # password of admin account
Password updated
$
b. RBAC Configuration
- https://argoproj.github.io/argo-cd/operator-manual/rbac/
- applications resource: 계정별로 분리
- repositories resource: 계정별로 분리 불가, admin 계정에서 등록하고 일반 계정에서는 조회
- cluster resource: 어플리케이션이 배포될 kubernets 접속 정보
- projects resource: admin 계정에서 project를 미리 생성 해야 함, 계정별로 분리
$ k edit configmaps argocd-rbac-cm -n argocd
apiVersion: v1
data:
policy.csv: |
p, role:ktxtwin, applications, *, ktxtwin/*, allow
p, role:ktxtwin, projects, get, ktxtwin, allow
p, role:ktxtwin, repositories, get, *, allow
p, role:ktxtwin, clusters, get, *, allow
g, ktxtwin, role:ktxtwin
p, role:agp, applications, *, agp/*, allow
p, role:agp, projects, get, agp, allow
p, role:agp, repositories, get, *, allow
p, role:agp, clusters, get, *, allow
g, agp, role:agp
kind: ConfigMap
…
$
c. Create projects
- URL: https://gitops.acp.kt.co.kr/ or http://14.52.244.139/
username: admin, password: admin****
- 계정 별로 사용할 Project 생성
Source repositories, Destinations, Cluster resource allow list 를 위와 같이 입력
6. Repositories management
'Kubernetes > CI-CD' 카테고리의 다른 글
| CI/CD 적용 가이드 #2 (CI 편) (0) | 2021.09.26 |
|---|---|
| CI/CD 적용 가이드 #1 (개요) (0) | 2021.09.26 |
| Jenkins (0) | 2021.09.18 |
| Harbor (0) | 2021.09.18 |
| Giblab (0) | 2021.09.17 |
댓글