Argo CD 安裝的紀錄

ArgoCD Install Memo

1 Manual Install

1. download install yaml (option)

   • 指定版本

     bash

      curl -sSL https://raw.githubusercontent.com/argoproj/argo-cd/v2.2.1/manifests/install.yaml -o install-2.2.1.yaml

   • 最新版本

     bash

      curl -sSL https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml -o install-latest.yaml

2. 建立 namespace

   • 純建立

     bash

     kubectl create namespace argocd

   • 含設定 istio 掛車

     bash

     kubectl create namespace argocd
     kubectl label namespace argocd istio-injection=enabled --overwrite

3. Install to K8s

   • 使用下載版 (指定版本)

     bash

     kubectl apply -n argocd -f install-2.2.1.yaml

   • 使用下載版 (最新版本)

     bash

     kubectl apply -n argocd -f install-latest.yaml

   • 使用線上指定版

     bash

     kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.2.1/manifests/install.yaml

   • 使用線上最新版

     bash

     kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

4. Install Argo Cli (option)

   bash

   curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
   chmod +x /usr/local/bin/argocd

5. Fix Https Problam

   Reference

   • 編輯發布設定

     bash

     kubectl edit deploy argocd-server -n argocd

   • 找到 spec.containers.command 區段並加入以下內容

     yaml

     spec:
       containers:
         - name: argocd-server
           command:
             - argocd-server
             # 加入以下五行，使用 http 連線
             - --staticassets
             - /shared/app
             - --repo-server
             - argocd-repo-server:8081
             - --insecure

   • 重新佈署

     bash

     kubectl rollout restart deploy -n argocd

2 Helm Install

Official Argo CD Helm Readme

重要：安裝時設定 server.extraArgs={–insecure} 來避開 TLS 憑證，如果要使用 TLS 憑證的話要多一些憑證設定，這邊先略過

helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd argo/argo-cd -n argocd
kubectl create namespace argocd
kubectl label namespace argocd istio-injection=enabled --overwrite
helm install argocd argo/argo-cd -n argocd --set server.extraArgs={--insecure}

3 Ingress Install

3.1 Use Specific ArgoCD Domain

1. nginx Ingress

   yaml

   apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
     name: argocd-server-ingress
     namespace: argocd
     annotations:
       # kubernetes.io/ingress.class: nginx
       # nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
       # nginx.ingress.kubernetes.io/ssl-passthrough: "true"
   spec:
     ingressClassName: nginx
     rules:
     - host: argocd.<domain>
       http:
         paths:
         - pathType: Prefix
           path: /
           backend:
             service:
               name: argocd-server
               port:
                 number: 80

2. Istio Ingress

   Reference

   • Gateway yaml

     yaml

     apiVersion: networking.istio.io/v1beta1
     kind: Gateway
     metadata:
       name: argocd-gateway
       namespace: argocd
     spec:
       selector:
         istio: ingressgateway
       servers:
         - hosts:
             - argocd.<domain>
           port:
             name: http
             # port 要用 ingressgateway 中，port = 80 的那組設定的 TargetPort
             number: 8080
             protocol: HTTP
           # 如果要強轉 HTTPS
           # tls:
           #   httpsRedirect: true
         - hosts:
             # 這邊這樣設定只是想讓 istio 不會跳相同 host 的警告
             - argocd/argocd.<domain>
           port:
             name: https
             # port 要用 ingressgateway 中，port = 443 的那組設定的 TargetPort
             number: 8443
             protocol: HTTPS
           tls:
             mode: PASSTHROUGH
           # 另外的設定方法，待測試
           # tls:
           #   credentialName: argocd-server-tls # argocd server 會自動讀取這個名稱的 k8s secrets
           #   mode: SIMPLE

   • VirtualService yaml
     資訊

         含有 https 導流的設定方式要研究一下
     

     yaml

     apiVersion: networking.istio.io/v1beta1
     kind: VirtualService
     metadata:
       name: argocd-vs
       namespace: argocd
     spec:
       hosts:
       - argocd.<domain>
       gateways:
       - argocd-gateway
       http:
       - route:
         - destination:
             host: argocd-server.argocd.svc.cluster.local
             port:
               number: 80

3.2 Use Relative ArgoCD Path

1. nginx Ingress

   待補

2. Istio Ingress

   • Gateway yaml

     yaml

     apiVersion: networking.istio.io/v1beta1
     kind: Gateway
     metadata:
       name: argocd-gateway
       namespace: argocd
     spec:
       selector:
         istio: ingressgateway
       servers:
         - hosts:
             - <domain>
           port:
             name: http
             # port 要用 ingressgateway 中，port = 80 的那組設定的 TargetPort
             number: 8080
             protocol: HTTP
           # 如果要強轉 HTTPS
           # tls:
           #   httpsRedirect: true
         - hosts:
             # 這邊這樣設定只是想讓 istio 不會跳相同 host 的警告
             - argocd/<domain>
           port:
             name: https
             # port 要用 ingressgateway 中，port = 443 的那組設定的 TargetPort
             number: 443
             protocol: HTTPS
           tls:
             mode: PASSTHROUGH
           # 另外的設定方法，待測試
           # tls:
           #   credentialName: argocd-server-tls # argocd server 會自動讀取這個名稱的 k8s secrets
           #   mode: SIMPLE

   • VirtualService yaml
     資訊

         含有 https 導流的設定方式要研究一下
     

     yaml

     apiVersion: networking.istio.io/v1beta1
     kind: VirtualService
     metadata:
       name: argocd-vs
       namespace: argocd
     spec:
       hosts:
       - <domain>
       gateways:
       - argocd-gateway
       http:
       - route:
         - destination:
             host: argocd-server.argocd.svc.cluster.local
             port:
               number: 80

4 kustomization Install With Istio (Recommend when use istio)

此方法主要參考以下三個連結

• 說明文件
• 官方 issues
• 第三方的主要 GitRepo

1. 預先準備

   • 依據 Manual Command Install 章節準備好官方 ArgoCD 安裝 Yaml 與 Kubernetes Namespace
   • 依據 Ingress Install 章節準備好 Istio 使用的 VisualService 與 Gateway

2. 準備 kustomization yaml

   yaml

   apiVersion: kustomize.config.k8s.io/v1beta1
   kind: Kustomization
   namespace: argocd
   resources:
     - install-2.2.1.yaml
     - VirtualService.yaml
     - Gateway.yaml
   patchesStrategicMerge:
     - istio_patches.yaml
   components:
     # extensions controller component
     - https://github.com/argoproj-labs/argocd-extensions/manifests

3. 準備 istio patch yaml

   資訊

   這邊準備的 yaml 除了預先設定排除 https 之外，就是要設定每個部屬出去的組件的版本號與應用程式名稱，以便 Istio 可以正確追蹤；在使用 [Manual Command Install](#Manual-Command-Install) + [Ingress Install](#Ingress-Install) 的方式安裝時，Istio 會發出因為沒有版本號與應用程式的 Label 而無法追蹤的錯誤。
   

   警告

   此處提供的 yaml 內容須依據實際安裝的版本去修改版本號，例如在本文件中使用的 Argo CD 版本為 v2.2.1 版，就要將相關版本設定為 v2.2.1。而 Redis 與其他套件的部分，建議參考官方安裝文件中使用的版號進行設定，盡可能使 label 中的版號與實際使用的套件版本相符。
   

   yaml

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     labels:
       app.kubernetes.io/component: server
       app.kubernetes.io/name: argocd-server
       app.kubernetes.io/part-of: argocd
       app: argocd-server
       version: v2.2.1
     name: argocd-server
   spec:
     template:
       spec:
         containers:
         - name: argocd-server
           command:
           - argocd-server
           - --staticassets
           - /shared/app
           - --insecure
   ---
   apiVersion: apps/v1
   kind: Deployment
   metadata:
     labels:
       app.kubernetes.io/component: repo-server
       app.kubernetes.io/name: argocd-repo-server
       app.kubernetes.io/part-of: argocd
       app: argocd-repo-server
       version: v2.2.1
     name: argocd-repo-server
   spec:
     template:
       metadata:
         labels:
           app: argocd-repo-server
           version: v2.2.1
   ---
   apiVersion: apps/v1
   kind: Deployment
   metadata:
     labels:
       app.kubernetes.io/component: redis
       app.kubernetes.io/name: argocd-redis
       app.kubernetes.io/part-of: argocd
       app: argocd-redis
       version: v6.2.4
     name: argocd-redis
   spec:
     template:
       metadata:
         labels:
           app: argocd-redis
           version: v6.2.4
   ---
   apiVersion: apps/v1
   kind: Deployment
   metadata:
     labels:
       app.kubernetes.io/component: dex-server
       app.kubernetes.io/name: argocd-dex-server
       app.kubernetes.io/part-of: argocd
       app: argocd-dex-server
       version: v2.30.0
     name: argocd-dex-server
   spec:
     template:
       metadata:
         labels:
           app: argocd-dex-server
           version: v2.30.0
   ---
   apiVersion: apps/v1
   kind: StatefulSet
   metadata:
     labels:
       app.kubernetes.io/component: application-controller
       app.kubernetes.io/name: argocd-application-controller
       app.kubernetes.io/part-of: argocd
       app: argocd-application-controller
       version: v2.2.1
     name: argocd-application-controller
   spec:
     template:
       metadata:
         labels:
           app: argocd-application-controller
           version: v2.2.1
   ---
   apiVersion: v1
   kind: Service
   metadata:
     name: argocd-dex-server
   spec:
     # expose container ports to istio network
     ports:
     - name: http
       port: 5556
       protocol: TCP
       targetPort: 5556
     - name: http-grpc
       port: 5557
       protocol: TCP
       targetPort: 5557
     - name: http-metrics
       port: 5558
       protocol: TCP
       targetPort: 5558
   
   ---
   apiVersion: v1
   kind: Service
   metadata:
     name: argocd-metrics
   spec:
     # expose container ports to istio network
     ports:
     - name: http-metrics
       port: 8082
       protocol: TCP
       targetPort: 8082
   ---
   apiVersion: v1
   kind: Service
   metadata:
     name: argocd-repo-server
   spec:
     # expose container ports to istio network
     ports:
     - name: https-server
       port: 8081
       protocol: TCP
       targetPort: 8081
     - name: http-metrics
       port: 8084
       protocol: TCP
       targetPort: 8084
   ---
   apiVersion: v1
   kind: Service
   metadata:
     name: argocd-server-metrics
   spec:
     # expose container ports to istio network
     ports:
     - name: http-metrics
       port: 8083
       protocol: TCP
       targetPort: 8083
   ---
   apiVersion: v1
   kind: Service
   metadata:
     name: argocd-server
   spec:
     ports:
     - name: http-argocd-server
       port: 80
       protocol: TCP
       targetPort: 8080
     # delete https port
     - port: 443
       $patch: delete

4. 安裝

   警告

   建議前述準備的 yaml 檔案統一放在專門的資料夾
   

   bash

   kubectl apply -k ./

CLI Tool

官方文件

1 Install - Linux

• Download Latest with curl (Linux)

curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
chmod +x /usr/local/bin/argocd

• Download Concrete Version with curl (Linux)

curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v2.2.1/argocd-linux-amd64
chmod +x /usr/local/bin/argocd

Manage

1 Remote Cluster

1. 參考 Kubernetes Multi-Cluster 中的說明，調整 ArgoCD 所在的網路叢集的 Kubernetes config，加入外部叢集資訊
2. 確認外部叢集的名稱以供後續 ArgoCD 加入外部叢集時使用

   bash

   kubectl config get-contexts -o name

3. 使用 ArgoCD CLI 登入 ArgoCD

   bash

   argocd login <ARGOCD_SERVER>

4. 加入外部叢集

   bash

   argocd cluster add <remote-cluster name>

5. 現在可以在 UI 中看到外部叢集了
6. CLI 參考

   bash

   # List all known clusters in JSON format:
   argocd cluster list -o json
   
   # Add a target cluster configuration to ArgoCD. The context must exist in your kubectl config:
   argocd cluster add <cluster name>
   
   # Get specific details about a cluster in plain text (wide) format:
   argocd cluster get <cluster name> -o wide
   
   # Remove a target cluster context from ArgoCD
   argocd cluster rm <cluster name>

2 User

1. Get Default Admin Password

   bash

   kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo

1. 使用官方提供的命令取得管理員密碼，登入系統後應修改密碼

   bash

   kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

2. 編輯 ConfigMap

   bash

   kubectl edit cm argocd-cm -n argocd

3. 找到 data 區段，加入使用者

   yaml

   data:
     accounts.<user>: apiKey,login # 加入這個
     application.instanceLabelKey: argocd.argoproj.io/instance
     url: <argocd server url> # 這個可以順便改一下

4. 到 <argocd server url>/settings/accounts 建立登入的 Token (密碼的更新方式待測試)

Extension Install

1 Core Install

官方擴充套件 建議使用 Kustomization 方式安裝，同時，安裝時會需要使用到 Git，請確認系統內已安裝 Git。

kustomization yaml (Base on kustomization Install With Istio)

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: argocd
resources:
  - install-2.2.1.yaml
  - VirtualService.yaml
  - Gateway.yaml
patchesStrategicMerge:
  - istio_patches.yaml
components:
  # extensions controller component
  - https://github.com/argoproj-labs/argocd-extensions/manifests

2 Rollout-extension install

Argo Rollout dashboard into the Argo CD Web UI.

• download yaml

curl https://raw.githubusercontent.com/argoproj-labs/rollout-extension/v0.1.0/manifests/install.yaml -o argocd-rollout-extension.yaml

• apply

kubectl apply -n argocd -f argocd-rollout-extension.yaml

Reference

Argo Cd Official Startup Argo Cd Official TLS Configuration Argo Cd Official Startup-Github Argo Cd Github Release Page