一、安装Argo CD
1.1创建ns
kubectl create namespace argocd1.2安装argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml注意事项:默认下载的是最新版argocd,安装argocd时,务必参阅支持的k8s版本列表,否则会出现安装失败pod运行异常的情况。
参考文档:https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
由于k8s集群版本为1.27.6。因此安装的argo cd版本为2.11.3,yaml文件地址:https://github.com/argoproj/argo-cd/blob/v2.11.3/manifests/install.yaml执行成功后会在argocd的namespace下创建如下资源。
root@k8s-01:~/argocd# kubectl get all -n argocd
NAME READY STATUS RESTARTS AGE
pod/argocd-application-controller-0 1/1 Running 0 4m9s
pod/argocd-applicationset-controller-7c75857ff5-9lrzm 1/1 Running 0 4m9s
pod/argocd-dex-server-7496f974df-p9ms2 1/1 Running 0 92s
pod/argocd-notifications-controller-66f486587f-grsgd 1/1 Running 0 4m9s
pod/argocd-redis-544dbfdbc5-sbvn8 1/1 Running 0 4m9s
pod/argocd-repo-server-87d6bf9b7-txql5 1/1 Running 0 4m9s
pod/argocd-server-b54fdb74d-jsfwr 1/1 Running 0 4m9s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/argocd-applicationset-controller ClusterIP 10.108.48.9 <none> 7000/TCP,8080/TCP 4m9s
service/argocd-dex-server ClusterIP 10.104.66.145 <none> 5556/TCP,5557/TCP,5558/TCP 4m9s
service/argocd-metrics ClusterIP 10.110.242.240 <none> 8082/TCP 4m9s
service/argocd-notifications-controller-metrics ClusterIP 10.108.2.224 <none> 9001/TCP 4m9s
service/argocd-redis ClusterIP 10.111.74.193 <none> 6379/TCP 4m9s
service/argocd-repo-server ClusterIP 10.111.94.151 <none> 8081/TCP,8084/TCP 4m9s
service/argocd-server ClusterIP 10.102.209.251 <none> 80/TCP,443/TCP 4m9s
service/argocd-server-metrics ClusterIP 10.99.167.144 <none> 8083/TCP 4m9s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/argocd-applicationset-controller 1/1 1 1 4m9s
deployment.apps/argocd-dex-server 1/1 1 1 4m9s
deployment.apps/argocd-notifications-controller 1/1 1 1 4m9s
deployment.apps/argocd-redis 1/1 1 1 4m9s
deployment.apps/argocd-repo-server 1/1 1 1 4m9s
deployment.apps/argocd-server 1/1 1 1 4m9s
NAME DESIRED CURRENT READY AGE
replicaset.apps/argocd-applicationset-controller-7c75857ff5 1 1 1 4m9s
replicaset.apps/argocd-dex-server-7496f974df 1 1 1 4m9s
replicaset.apps/argocd-notifications-controller-66f486587f 1 1 1 4m9s
replicaset.apps/argocd-redis-544dbfdbc5 1 1 1 4m9s
replicaset.apps/argocd-repo-server-87d6bf9b7 1 1 1 4m9s
replicaset.apps/argocd-server-b54fdb74d 1 1 1 4m9s
NAME READY AGE
statefulset.apps/argocd-application-controller 1/1 4m9s
root@k8s-01:~/argocd#
二、web访问argocd
访问Argo server的方式有两种:
1. 通过web ui
2. 使用argocd 客户端工具2.1访问web ui(NodePort方式)
通过kubectl edit -n argocd svc argocd-server将service的type类型从ClusterIP改为NodePort。改完后通过以下命令查看端口:root@k8s-01:~/argocd# kubectl get svc -n argocd
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
argocd-applicationset-controller ClusterIP 10.108.48.9 <none> 7000/TCP,8080/TCP 9m34s
argocd-dex-server ClusterIP 10.104.66.145 <none> 5556/TCP,5557/TCP,5558/TCP 9m34s
argocd-metrics ClusterIP 10.110.242.240 <none> 8082/TCP 9m34s
argocd-notifications-controller-metrics ClusterIP 10.108.2.224 <none> 9001/TCP 9m34s
argocd-redis ClusterIP 10.111.74.193 <none> 6379/TCP 9m34s
argocd-repo-server ClusterIP 10.111.94.151 <none> 8081/TCP,8084/TCP 9m34s
argocd-server ClusterIP 10.102.209.251 <none> 80/TCP,443/TCP 9m34s
argocd-server-metrics ClusterIP 10.99.167.144 <none> 8083/TCP 9m34s
root@k8s-01:~/argocd#
root@k8s-01:~/argocd#
root@k8s-01:~/argocd#
root@k8s-01:~/argocd#
root@k8s-01:~/argocd# kubectl edit -n argocd svc argocd-serve
Error from server (NotFound): services "argocd-serve" not found
root@k8s-01:~/argocd# kubectl edit -n argocd svc argocd-server
service/argocd-server edited
root@k8s-01:~/argocd# kubectl get svc -n argocd
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
argocd-applicationset-controller ClusterIP 10.108.48.9 <none> 7000/TCP,8080/TCP 12m
argocd-dex-server ClusterIP 10.104.66.145 <none> 5556/TCP,5557/TCP,5558/TCP 12m
argocd-metrics ClusterIP 10.110.242.240 <none> 8082/TCP 12m
argocd-notifications-controller-metrics ClusterIP 10.108.2.224 <none> 9001/TCP 12m
argocd-redis ClusterIP 10.111.74.193 <none> 6379/TCP 12m
argocd-repo-server ClusterIP 10.111.94.151 <none> 8081/TCP,8084/TCP 12m
argocd-server NodePort 10.102.209.251 <none> 80:31232/TCP,443:32542/TCP 12m
argocd-server-metrics ClusterIP 10.99.167.144 <none> 8083/TCP 12m
https://192.168.30.180:31232/
2.2获取admin密码
用户名为admin,密码通过以下方式获取。
root@k8s-01:~/argocd# kubectl get secrets argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d
DCg5oVXU8Xd-rNMW
root@k8s-01:~/argocd# 2.3访问web ui(ingress方式)
访问web ui必须使用https方式访问,以traefik为例,创建ingressroute资源
# 创建证书文件
root@k8s-01:~/argocd# kubectl get secrets argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d
DCg5oVXU8Xd-rNMWroot@kopenssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=argocd.local.com"rgocd.local.com"
..+..........+......+..+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+...+.....+....+...+..+...+....+...+..................+...+...............+.....+.+...+......+.........+..+...+.+.....+.+......+..+.............+............+..+....+.....+....+....................+..........+.....+...+...+.+.........+.....+......+.+..+.......+......+........+.+.....+.............+..+.............+.....+.+......+......+.....+.........+.+..+............+....+..+...+.+...+..+..........+...........+...+....+......+......+...+.....+.+..+........................+.+..+.............+..+.+.........+...+..+......+.+.....+.+..............+......+....+...+...........+..........+..+.........+...+.............+..+.+.....+......+...+......+....+......+.........+.....+.+..+.........................+..+............+.+...+......+...........+....+...+........+...+.+.....+......+...+.........+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..........+...+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+.....+.+.........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
root@k8s-01:~/argocd# kubectl create secret tls argocd-tls --cert=tls.crt --key=tls.key -n argocd
secret/argocd-tls created
root@k8s-01:~/argocd# kubectl describe secrets argocd-tls -n argocd
Name: argocd-tls
Namespace: argocd
Labels: <none>
Annotations: <none>
Type: kubernetes.io/tls
Data
====
tls.crt: 1131 bytes
tls.key: 1704 bytes
#创建ingress资源
root@k8s-01:~/argocd# cat ingress.yaml
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: argocd-transport
namespace: argocd
spec:
serverName: "argocd.local.com"
insecureSkipVerify: true
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: argocd-tls
namespace: argocd
spec:
entryPoints:
- websecure
routes:
- match: Host(`argocd.local.com`)
kind: Rule
services:
- name: argocd-server
port: 443
serversTransport: argocd-transport
tls:
secretName: argocd-tls
root@k8s-01:~/argocd# kubectl apply -f ingress.yaml
serverstransport.traefik.io/argocd-transport created
ingressroute.traefik.io/argocd-tls created添加hosts解析记录 192.168.30.180 argocd.local.com
三、客户端工具访问argocd
3.1下载argocd客户端工具
root@k8s-01:~/argocd# ls
argocd-linux-amd64 ingress.yaml install.yaml tls.crt tls.key
root@k8s-01:~/argocd# mv argocd-linux-amd64 /usr/local/bin/argocd
root@k8s-01:~/argocd# chmod u+x /usr/local/bin/argocd
root@k8s-01:~/argocd# argocd version
argocd: v2.11.3+3f344d5
BuildDate: 2024-06-06T08:42:00Z
GitCommit: 3f344d54a4e0bbbb4313e1c19cfe1e544b162598
GitTreeState: clean
GoVersion: go1.21.9
Compiler: gc
Platform: linux/amd64
FATA[0000] Argo CD server address unspecified 3.2客户端工具登录argocd
root@k8s-01:~/argocd# argocd login argocd.local.com:30443 --username admin --password DCg5oVXU8Xd-rNMW
WARNING: server certificate had error: tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead. Proceed insecurely (y/n)? y
WARN[0020] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.
'admin:login' logged in successfully
Context 'argocd.local.com:30443' updated
3.3修改密码
root@k8s-01:~/argocd# argocd account update-password --account admin --current-password DCg5oVXU8Xd-rNMW --new-password '30044844Abc@'
WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.
Password updated
Context 'argocd.local.com:30443' updated
评论 (0)