GitHub项目: https://github.com/argoproj

Argo官网: https://argoproj.github.io

Argo - 图1

Argoproj is a collection of tools for getting work done with Kubernetes.

  • Argo Workflows - Container-native Workflow Engine
  • Argo CD - Declarative GitOps Continuous Delivery
  • Argo Events - Event-based Dependency Manager

  • Argo Rollouts - Progressive Delivery with support for Canary and Blue Green deployment strategies


    Argo CD ApplicationSet Controller

argoproj-deployments

https://github.com/argoproj/argoproj-deployments

cd.apps.argoproj.io

Argo Rollouts

https://argoproj.github.io/argo-rollouts/

Argo CD

https://argo-cd.readthedocs.io/en/stable/

ApplicationSet

https://argocd-applicationset.readthedocs.io/en/stable/

Argo CD Image Updater

https://argocd-image-updater.readthedocs.io/en/stable/

argocd

  1. kubectl create namespace argocd 
  2. kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  rules:
  - host: monday.automan.fun
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: argocd-server
            port:
              name: https
  tls:
  - hosts:
    - monday.automan.fun
    secretName: argocd-secret

# admin 用户密码
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

argo-rollouts

[root@master ~]# chmod +x ./kubectl-argo-rollouts-linux-amd64 
[root@master ~]# sudo mv ./kubectl-argo-rollouts-linux-amd64 /usr/local/bin/kubectl-argo-rollouts
[root@master ~]# kubectl argo rollouts version
kubectl-argo-rollouts: v1.1.1+0716c5d
  BuildDate: 2021-11-29T19:14:05Z
  GitCommit: 0716c5d4417ec1cc507b24b3a400d07e4bf24303
  GitTreeState: clean
  GoVersion: go1.16.3
  Compiler: gc
  Platform: linux/amd64
[root@master ~]#

命令行安装

curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
chmod +x /usr/local/bin/argocd

命令行自动补全

source <(kubectl-argo-rollouts completion bash)

用户管理

https://argoproj.github.io/argo-cd/operator-manual/user-management/

RBAC控制

https://argoproj.github.io/argo-cd/operator-manual/rbac/

image.png

image.png

KubeSphere + Argo CD

https://kubesphere.com.cn/blogs/kubesphere-argocd
https://kubesphere.com.cn/blogs/gitops-argocd

视频教程
https://jenkins-zh.blog.csdn.net/article/details/121391460?spm=1001.2014.3001.5502

https://jenkins-zh.blog.csdn.net/article/details/122053451?spm=1001.2014.3001.5502

点击查看【bilibili】

[root@UR-20210425NAMA ~]# argocd login 192.168.13.181:32647
WARNING: server certificate had error: x509: cannot validate certificate for 192.168.13.181 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? yes
Username: admin
Password:
'admin:login' logged in successfully
Context '192.168.13.181:32647' updated
[root@UR-20210425NAMA ~]# argocd -h
argocd controls a Argo CD server

Usage:
  argocd [flags]
  argocd [command]

Available Commands:
  account     Manage account settings
  admin       Contains a set of commands useful for Argo CD administrators and requires direct Kubernetes access
  app         Manage applications
  cert        Manage repository certificates and SSH known hosts entries
  cluster     Manage cluster credentials
  completion  output shell completion code for the specified shell (bash or zsh)
  context     Switch between contexts
  gpg         Manage GPG keys used for signature verification
  help        Help about any command
  login       Log in to Argo CD
  logout      Log out from Argo CD
  proj        Manage projects
  relogin     Refresh an expired authenticate token
  repo        Manage repository connection parameters
  repocreds   Manage repository connection parameters
  version     Print version information

Flags:
      --auth-token string               Authentication token
      --client-crt string               Client certificate file
      --client-crt-key string           Client certificate key file
      --config string                   Path to Argo CD config (default "/root/.argocd/config")
      --core                            If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server
      --grpc-web                        Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2.
      --grpc-web-root-path string       Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.
  -H, --header strings                  Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)
  -h, --help                            help for argocd
      --http-retry-max int              Maximum number of retries to establish http connection to Argo CD server
      --insecure                        Skip server certificate and domain verification
      --logformat string                Set the logging format. One of: text|json (default "text")
      --loglevel string                 Set the logging level. One of: debug|info|warn|error (default "info")
      --plaintext                       Disable TLS
      --port-forward                    Connect to a random argocd-server port using port forwarding
      --port-forward-namespace string   Namespace name which should be used for port forwarding
      --server string                   Argo CD server address
      --server-crt string               Server certificate file

Use "argocd [command] --help" for more information about a command.
[root@UR-20210425NAMA ~]#
[root@UR-20210425NAMA ~]#

https://www.kancloud.cn/willseecloud/jenkins/2424093

argocd CLI

登录argocd,地址为argocd server地址,用户名默认为admin:

argocd login --insecure 36.133.145.139:30085 \
  --username admin \
  --password Argocd@123 --insecure

修改默认密码

argocd account update-password \
  --current-password 4Ao0K4wvElznS92n \
  --new-password Argocd@123

查看应用

argocd app list

查看单个应用

argocd app get guestbook

同步应用

argocd app sync guestbook

执行非级联删除:

argocd app delete APPNAME --cascade=false

执行级联删除,同时删除应用及资源

argocd app delete APPNAME

argocd app delete APPNAME --cascade

添加集群

argocd cluster add disa --kubeconfig /root/.kube/config --name disa

上传本地清单,由于这是GitOps范例的反模式,建议仅用于开发目的

argocd app sync APPNAME --local /path/to/dir/

用户管理

查看用户

argocd account list

查看用户详情

argocd account get &lt;username&gt;

修改默认密码

argocd account update-password \
  --current-password &lt;current-admin&gt; \
  --new-password &lt;new-user-password&gt;

查看本地配置文件

cat ~/.argocd/config

登录账号

argocd logout 47.242.223.127

重置admin密码

编辑argocd-secret修改admin.password字段。访问https://www.browserling.com/tools/bcrypt 生成一个新的 bcrypt hash。

bcrypt(password)=$2a$10$QwI0ax5u3Nw5VOvUnZeHOuxC8X8fwmJ7SaQoDHb4eFIjBZpyouiYS

kubectl -n argocd patch secret argocd-secret \
  -p &#039;{&quot;stringData&quot;: {
    &quot;admin.password&quot;: &quot;$2a$10$QwI0ax5u3Nw5VOvUnZeHOuxC8X8fwmJ7SaQoDHb4eFIjBZpyouiYS&quot;,
    &quot;admin.passwordMtime&quot;: &quot;&#039;$(date +%FT%T%Z)&#039;&quot;
  }}&#039;

也可以删除 admin.passwordadmin.passwordMtime字段,密码会重置为pod名称。

使用kubectl删除

要执行非级联删除:

kubectl delete app APPNAME

要执行级联删除,请设置Finalizer,例如,使用kubctl patch

kubectl patch app APPNAME  -p &#039;{&quot;metadata&quot;: {&quot;finalizers&quot;: [&quot;resources-finalizer.argocd.argoproj.io&quot;]}}&#039; --type merge
kubectl delete app APPNAME

Argo CD的应用程序控制器会对此进行监视,然后将删除该应用程序及其资源。
当您使用argocd app delete调用—cascade时,终结器会自动添加。