Argo CD는 GitOps 환경을 만들어주는 Kubenetes Tool이다.
자세한 설명은 공식 Site가 있다.
Argo CD 공식 문서에 자세한 설명이 나와 있다.
주요 기능은 다음과 같다.
- Declarative - 명령을 직접적으로 때리는 것이 아니라 코드를 통해 원하는 상태를 선언한다.
- GitOps - 원하는 상태를 정의한 코드를 Git 레파지토리에 올리면 Argo CD는 그것을 현재 상태에 반영한다.
- Continuous Delivery - Git 레파지토리에 있는 내용의 변화를 감지하고 계속해서 레파지토리 내용과의 Sync를 맞춘다.
즉, Argo CD는 쿠버네티스 리소스들의 현 상태를 사용자가 원하는 상태로 유지하려고 하는 지속적인 배포 도구이다.
Argo CD 설치
argo 네임스페이스를 생성한다.
$ kubectl create namespace argo
namespace/argo createdhelm 명령어를 통해서 설치가 진행된다.
$ helm repo add argo https://argoproj.github.io/argo-helm
"argo" has been added to your repositories
$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "raphael" chart repository
...Successfully got an update from the "argo" chart repository
Update Complete. ⎈Happy Helming!⎈values 파일을 작성하기 위해 Argo CD가 제공하는 템플릿 소스를 다운로드 받는다.
$ helm fetch argo/argo-cd압축된 소스를 다운 받아진다.
$ ls
argo-cd-4.5.4.tgz압축을 풀어준다.
$ tar -zxvf argo-cd-*.tgz
argo-cd/Chart.yaml
argo-cd/Chart.lock
argo-cd/values.yaml
argo-cd/templates/NOTES.txt
argo-cd/templates/_helpers.tpl
argo-cd/templates/argocd-aggregate-roles.yaml
argo-cd/templates/argocd-application-controller/clusterrole.yaml
...압축 해제 후 argo-cd 폴더로 들어가서 values.yaml 파일을 열어 편집해 준다.
$ cd argo-cd
vi values.yamlNodePort 타입으로 서비스를 배포하여 외부에서 접속 가능하도록 954번째 줄에 .server.service 부분을 다음과 같이 수정해준다.
[기본]
## Server service configuration
service:
# -- Server service annotations
annotations: {}
# -- Server service labels
labels: {}
# -- Server service type
type: ClusterIP
.......ClusterIP => NodePort
## Server service configuration
service:
# -- Server service annotations
annotations: {}
# -- Server service labels
labels: {}
# -- Server service type
type: NodePort
수정된 values.yaml파일을 이용하여 Argo CD 설치를 진행한다.
$ helm install argo -n argo argo/argo-cd -f values.yaml
NAME: argo
LAST DEPLOYED: Thu Apr 21 08:55:35 2022
NAMESPACE: argo
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
In order to access the server UI you have the following options:
1. kubectl port-forward service/argo-argocd-server -n argo 8080:443
and then open the browser on http://localhost:8080 and accept the certificate
2. enable ingress in the values file `server.ingress.enabled` and either
- Add the annotation for ssl passthrough: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough
- Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts
After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
kubectl -n argo get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli)
만약 "Error: INSTALLATION FAILED: cannot re-use a name that is still in use" 이런 에러가 발생한다면 --replace 옵션을 사용한다.
$ helm install --replace argo -n argo argo/argo-cd -f values.yaml
argo 네임스페이스의 Pod와 Service를 조회해 보면 다음과 같이 배포가 잘 된 것을 볼 수 있다.
$ kubectl get po,svc -n argo
NAME READY STATUS RESTARTS AGE
pod/argo-argocd-application-controller-0 1/1 Running 0 90s
pod/argo-argocd-applicationset-controller-746c9dd58c-p4wt2 1/1 Running 0 92s
pod/argo-argocd-dex-server-78545cd8b6-k44sc 1/1 Running 1 92s
pod/argo-argocd-notifications-controller-59874f59b8-j7k7c 1/1 Running 0 92s
pod/argo-argocd-redis-76f6f6bcdd-l5ftm 1/1 Running 0 92s
pod/argo-argocd-repo-server-688674b484-wqwl6 1/1 Running 0 92s
pod/argo-argocd-server-56d796c775-zvf2z 1/1 Running 0 92s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/argo-argocd-application-controller ClusterIP 10.105.244.63 <none> 8082/TCP 92s
service/argo-argocd-applicationset-controller ClusterIP 10.97.220.61 <none> 7000/TCP 92s
service/argo-argocd-dex-server ClusterIP 10.105.66.108 <none> 5556/TCP,5557/TCP 92s
service/argo-argocd-redis ClusterIP 10.105.125.248 <none> 6379/TCP 92s
service/argo-argocd-repo-server ClusterIP 10.105.32.56 <none> 8081/TCP 92s
service/argo-argocd-server NodePort 10.107.254.67 <none> 80:30080/TCP,443:30443/TCP 92shttp://{NodeIP}:30080/ 으로 접속 (WebUI)
Username은 "admin" 이고 비밀번호는 Console을 통해서 얻을수 있음.
$ kubectl -n argo get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d비밀번호 변경.. 우선은 12341234로 변경함..
* ArgoCD CLI 설치
ArgoCD의 UI는 주로 View를 제공해주는데 초점이 되어, 상세설정을 위하여 ArgoCD CLI를 Install한다.
다음과 같이 입력하여 ArgoCD 최신 버전을 조회한다.
$ VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argo-cd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
$ echo $VERSION
v2.3.3home 디렉토리에 ArgoCD CLI를 다운로드 받고 실행 권한을 설정한다.
$ cd ~
$ curl -sSL -o ~/argocd https://github.com/argoproj/argo-cd/releases/download/$VERSION/argocd-linux-amd64
$ chmod +x ~/argocd다운로드받은 파일을 실행시켜보면 사용법이 출력된다.
./argocd
argocd controls a Argo CD server
Usage:
argocd [flags]
argocd [command]
Available Commands:
account Manage account settings
admin Contains a set of commands useful for Argo CD administrators and requires direct Kubernetes access
app Manage applications
cert Manage repository certificates and SSH known hosts entries
cluster Manage cluster credentials
completion output shell completion code for the specified shell (bash or zsh)
context Switch between contexts
gpg Manage GPG keys used for signature verification
help Help about any command
login Log in to Argo CD
logout Log out from Argo CD
proj Manage projects
relogin Refresh an expired authenticate token
repo Manage repository connection parameters
repocreds Manage repository connection parameters
version Print version information
Flags:
--auth-token string Authentication token
--client-crt string Client certificate file
--client-crt-key string Client certificate key file
--config string Path to Argo CD config (default "/root/.config/argocd/config")
--core If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server
--grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2.
--grpc-web-root-path string Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.
-H, --header strings Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)
-h, --help help for argocd
--http-retry-max int Maximum number of retries to establish http connection to Argo CD server
--insecure Skip server certificate and domain verification
--logformat string Set the logging format. One of: text|json (default "text")
--loglevel string Set the logging level. One of: debug|info|warn|error (default "info")
--plaintext Disable TLS
--port-forward Connect to a random argocd-server port using port forwarding
--port-forward-namespace string Namespace name which should be used for port forwarding
--server string Argo CD server address
--server-crt string Server certificate file
Use "argocd [command] --help" for more information about a command.
Rabbitmq 구성하기
ArgoCD의 Applications 메뉴에서 "+ NEW APP" 버튼을 선택하고 Rabbitmq Application을 생성한다.
* Application Name : myrabbitmq
* Project : default
* Repository URL : https://charts.bitnami.com/bitnami [HELM]
* Chart : rabbitmq (8.31.0)
* Cluster URL : https://kubernetes.default.svc [URL]
* Namespace : default
* auth.password : rabbitmq
* auth.username : rabbitmq
* replicaCount : 2
ClusterIP로 되어 있는 것을 NodePort로 변경하면 문제가 발생한다..
Application Name을 'rabbitmq'로 설정하면, 다음과 같은 오류 발생함.
Error while waiting for Mnesia tables: {timeout_waiting_for_tables,[rabbit_durable_queue]}
Waiting for Mnesia tables for 30000 ms, 6 retries left
rabbit@rabbitmq-1.rabbitmq-headless.default.svc.cluster.local timeoutClusterIP로 Kubenetes의 Port-Forward를 이용하여 접속 창구를 만든다.
$ kubectl port-forward service/myrabbitmq --address 0.0.0.0 15672:15672
Forwarding from 0.0.0.0:15672 -> 15672http:{nodeport}:15672 접속
* Rabbitmq Admin Portal login
비밀번호 확인
$ echo "Password : $(kubectl get secret myrabbitmq -o jsonpath="{.data.rabbitmq-password}
" | base64 --decode)"
Password : *****
$ kubectl get secret/myrabbitmq -o yaml
apiVersion: v1
data:
rabbitmq-erlang-cookie: a0lHS1FacktwZVRvZ3pRZHlLN0dXS0NMRlZpckRqMTI=
rabbitmq-password: cmFiYml0bXE=
kind: Secret
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"rabbitmq-erlang-cookie":"a0lHS1FacktwZVRvZ3pRZHlLN0dXS0NMRlZpckRqMTI=","rabbitmq-password":"cmFiYml0bXE="},"kind":"Secret","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"myrabbitmq","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"rabbitmq","argocd.argoproj.io/instance":"myrabbitmq","helm.sh/chart":"rabbitmq-8.31.0"},"name":"myrabbitmq","namespace":"default"},"type":"Opaque"}
creationTimestamp: "2022-04-25T01:27:31Z"
labels:
app.kubernetes.io/instance: myrabbitmq
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: rabbitmq
argocd.argoproj.io/instance: myrabbitmq
helm.sh/chart: rabbitmq-8.31.0
name: myrabbitmq
namespace: default
resourceVersion: "12699585"
selfLink: /api/v1/namespaces/default/secrets/myrabbitmq
uid: de0cf440-a657-4d42-ab84-ba5cc68294c1
type: Opaque
Jenkins 구성하기
ArgoCD의 Applications 메뉴에서 "+ NEW APP" 버튼을 선택하고 Rabbitmq Application을 생성한다.
* Application Name : myjenkins
* Project : default
* Repository URL : https://charts.bitnami.com/bitnami [HELM]
* Chart : jenkins (10.2.4)
* Cluster URL : https://kubernetes.default.svc [URL]
* Namespace : default
* jenkinsPassword : user123 # Least 6 character
* jenkinsUser : user
* service.nodePorts.http : 31080 # 30000 ~ 32767 for nodeport
* service.type : NodePort
Postgresql 구성하기
ArgoCD의 Applications 메뉴에서 "+ NEW APP" 버튼을 선택하고 Postgresql Application을 생성한다.
* Application Name : mydb
* Project : default
* Repository URL : https://charts.bitnami.com/bitnami [HELM]
* Chart : postgresql (11.6.5)
* Cluster URL : https://kubernetes.default.svc [URL]
* Namespace : default
* global.postgresql.auth.database : das_db # Least 6 character
* global.postgresql.auth.password : postgres
* global.postgresql.auth.username : postgres
# port를 node port로 할경우, 내부 서비스가 찾기 어려움
Redis 구성하기
ArgoCD의 Applications 메뉴에서 "+ NEW APP" 버튼을 선택하고 Redis Application을 생성한다.
* Application Name : myredis
* Project : default
* Repository URL : https://charts.bitnami.com/bitnami [HELM]
* Chart : redis (16.12.0)
* Cluster URL : https://kubernetes.default.svc [URL]
* Namespace : default
* primary.service.ports.postgresql : 31379 # 6379 # 30000 ~ 32767 for nodeport
* master.service.type : NodePort
MariaDB 구성하기
ArgoCD의 Applications 메뉴에서 "+ NEW APP" 버튼을 선택하고 MariaDB Application을 생성한다
* Application Name : targetdb
* Project : default
* Repository URL : https://charts.bitnami.com/bitnami [HELM]
* Chart : mariadb (11.0.12)
* Cluster URL : https://kubernetes.default.svc [URL]
* Namespace : default
* auth.database : my_db # Least 6 character
* auth.password : mariadb
* auth.username : mariadb