搜索到
78
篇与
的结果
-
Directory APP创建与配置 一、APP创建 1.1webUI创建1.2CLI创建除了使用webUI创建应用外,也可以使用Argo CLI命令行工具创建# 创建应用 root@k8s-01:~/argocd# argocd app create demo1 \ --repo http://192.168.30.181/develop/argo-demo.git \ --path manifests/ --sync-policy automatic --dest-namespace default \ --dest-server https://kubernetes.default.svc --directory-recurse WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. application 'demo1' created root@k8s-01:~/argocd# # 查看应用列表 root@k8s-01:~/argocd# argocd app list WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET argocd/demo https://kubernetes.default.svc default OutOfSync Progressing Manual SharedResourceWarning(3) http://192.168.30.181/develop/argo-demo.git manifests HEAD argocd/demo-test https://kubernetes.default.svc default OutOfSync Healthy Manual SharedResourceWarning(3) http://192.168.30.181/develop/argo-demo.git manifests/ HEAD argocd/demo1 https://kubernetes.default.svc default default Synced Healthy Auto <none> http://192.168.30.181/develop/argo-demo.git manifests/ # 查看应用状态 root@k8s-01:~/argocd# kubectl get application -n argocd NAME SYNC STATUS HEALTH STATUS demo OutOfSync Progressing demo-test OutOfSync Healthy demo1 Synced Healthy # 执行立即同步操作 root@k8s-01:~/argocd# argocd app sync argocd/demo WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. TIMESTAMP GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE 2025-08-19T07:00:05+00:00 Service default myapp OutOfSync Healthy 2025-08-19T07:00:05+00:00 apps Deployment default myapp OutOfSync Healthy 2025-08-19T07:00:05+00:00 traefik.io IngressRoute default myapp OutOfSync 2025-08-19T07:00:05+00:00 Service default myapp Synced Healthy 2025-08-19T07:00:05+00:00 Service default myapp Synced Healthy service/myapp configured 2025-08-19T07:00:05+00:00 apps Deployment default myapp OutOfSync Healthy deployment.apps/myapp configured 2025-08-19T07:00:05+00:00 traefik.io IngressRoute default myapp OutOfSync ingressroute.traefik.io/myapp configured 2025-08-19T07:00:05+00:00 apps Deployment default myapp Synced Healthy deployment.apps/myapp configured 2025-08-19T07:00:05+00:00 traefik.io IngressRoute default myapp Synced ingressroute.traefik.io/myapp configured Name: argocd/demo Project: default Server: https://kubernetes.default.svc Namespace: URL: https://argocd.local.com:30443/applications/argocd/demo Source: - Repo: http://192.168.30.181/develop/argo-demo.git Target: HEAD Path: manifests SyncWindow: Sync Allowed Sync Policy: Manual Sync Status: Synced to HEAD (293d75f) Health Status: Healthy Operation: Sync Sync Revision: 293d75f441403c3f19c888df50939ec3a9e6f1fa Phase: Succeeded Start: 2025-08-19 07:00:05 +0000 UTC Finished: 2025-08-19 07:00:05 +0000 UTC Duration: 0s Message: successfully synced (all tasks run) GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE Service default myapp Synced Healthy service/myapp configured apps Deployment default myapp Synced Healthy deployment.apps/myapp configured traefik.io IngressRoute default myapp Synced ingressroute.traefik.io/myapp configured1.3yaml文件创建[root@tiaoban ~]# cat demo.yaml apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: demo namespace: argocd spec: destination: namespace: default server: 'https://kubernetes.default.svc' source: path: manifests # yaml资源清单路径 repoURL: 'http://gitlab.local.com/devops/argo-demo.git' # 同步仓库地址 targetRevision: 'master' # 分支名称 sources: [] project: default syncPolicy: automated: prune: false selfHeal: false [root@tiaoban ~]# kubectl apply -f demo.yaml application.argoproj.io/demo created二、应用同步选项 2.1同步策略配置SYNC POLICY:同步策略 Argo CD能够在检测到 Git 中所需的清单与集群中的实时状态之间存在差异时自动同步应用程序。自动同步是GitOps Pull模式的核心,好处是 CI/CD Pipeline 不再需要直接访问Argo CD API服务器来执行部署,可以通过在WEB UI的Application-SYNC POLICY中启用AUTOMATED或CLIargocd app set <APPNAME> --sync-policy automated 进行配置。PRUNE RESOURCES :自动删除资源,开启选项后Git Repo中删除资源会自动在环境中删除对应的资源。SELF HEAL:自动痊愈,强制以GitRepo状态为准,手动在环境修改不会生效。2.2AutoSync自动同步默认同步周期是180s, 可以修改argocd-cm配置文件,添加timeout.reconciliation参数。同步流程: 1. 获取所有设置为auto-sync的apps 2. 从每个app的git存储库中获取最新状态 3. 将git状态与集群应用状态对比 4. 如果相同,不执行任何操作并标记为synced 5. 如果不同,标记为out-of-sync2.3SyncOptions同步选项- Validate=false:禁用Kubectl验证 - Replace=true:kubectl replace替换 - PrunePropagationPolicy=background:级联删除策略(background, foreground and orphan.)ApplyOutOfSyncOnly=true:仅同步不同步状态的资源。避免大量对象时资源API消耗 - CreateNamespace=true:创建namespace - PruneLast=true:同步后进行修剪 - RespectlgnoreDifferences=true:支持忽略差异配置(ignoreDifferences:) - ServerSideApply=true:部署操作在服务端运行(避免文件过大)三、应用状态 sync status - Synced:已同步 - OutOfSync:未同步 health status - Progressing:正在执行 - Suspended:资源挂载暂停 - Healthy:资源健康 - Degraded:资源故障 - Missing:集群不存在资源 -
ArgoCD监控 参考文档:https://argo-cd.readthedocs.io/en/stable/operator-manual/metrics/一、配置targets 1.1查看metrics信息[root@tiaoban ~]# kubectl get svc -n argocd NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE argocd-applicationset-controller ClusterIP 10.97.81.94 <none> 7000/TCP,8080/TCP 27d argocd-dex-server ClusterIP 10.106.72.83 <none> 5556/TCP,5557/TCP,5558/TCP 27d argocd-metrics ClusterIP 10.103.26.87 <none> 8082/TCP 27d argocd-notifications-controller-metrics ClusterIP 10.105.181.100 <none> 9001/TCP 27d argocd-redis ClusterIP 10.100.131.134 <none> 6379/TCP 27d argocd-repo-server ClusterIP 10.100.123.80 <none> 8081/TCP,8084/TCP 27d argocd-server NodePort 10.106.11.146 <none> 80:30701/TCP,443:30483/TCP 27d argocd-server-metrics ClusterIP 10.105.164.150 <none> 8083/TCP 27d [root@tiaoban ~]# kubectl exec -it rockylinux -- bash [root@rockylinux /]# curl argocd-metrics.argocd.svc:8082/metrics # HELP argocd_app_info Information about application. # TYPE argocd_app_info gauge argocd_app_info{autosync_enabled="true",dest_namespace="default",dest_server="https://kubernetes.default.svc",health_status="Healthy",name="blue-green",namespace="argocd",operation="",project="default",repo="http://gitlab.local.com/devops/argo-demo",sync_status="Synced"} 1 # HELP argocd_app_reconcile Application reconciliation performance. # TYPE argocd_app_reconcile histogram argocd_app_reconcile_bucket{dest_server="https://kubernetes.default.svc",namespace="argocd",le="0.25"} 12 argocd_app_reconcile_bucket{dest_server="https://kubernetes.default.svc",namespace="argocd",le="0.5"} 18 argocd_app_reconcile_bucket{dest_server="https://kubernetes.default.svc",namespace="argocd",le="1"} 21 argocd_app_reconcile_bucket{dest_server="https://kubernetes.default.svc",namespace="argocd",le="2"} 21 argocd_app_reconcile_bucket{dest_server="https://kubernetes.default.svc",namespace="argocd",le="4"} 22 argocd_app_reconcile_bucket{dest_server="https://kubernetes.default.svc",namespace="argocd",le="8"} 241.2创建ServiceMonitor资源apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: argocd-exporter # ServiceMonitor名称 namespace: monitoring # ServiceMonitor所在名称空间 spec: jobLabel: argocd-exporter # job名称 endpoints: # prometheus所采集Metrics地址配置,endpoints为一个数组,可以创建多个,但是每个endpoints包含三个字段interval、path、port - port: metrics # prometheus采集数据的端口,这里为port的name,主要是通过spec.selector中选择对应的svc,在选中的svc中匹配该端口 interval: 30s # prometheus采集数据的周期,单位为秒 scheme: http # 协议 path: /metrics # prometheus采集数据的路径 selector: # svc标签选择器 matchLabels: app.kubernetes.io/name: argocd-metrics namespaceSelector: # namespace选择 matchNames: - argocd1.3验证targets二、grafana查看数据 2.1导入dashboard参考文档:https://grafana.com/grafana/dashboards/14584-argocd/2.2查看数据
-
ArgoCD project 一、Project创建通过项目,可以配置对应用程序的访问控制策略。例如,可以指定哪些用户或团队有权在特定命名空间或集群中进行部署操作。提供了资源隔离的功能,确保不同项目之间的资源不会互相干扰。这有助于维护不同团队或应用程序之间的清晰界限。 最佳实践应该是为每个gitlab group在argoCD中创建对应的Project,便于各个组之间权限资源相互隔离。1.1webUI创建1.2CLI创建## argocd CLI # login argocd login argocd.idevops.site # list argocd proj list # remove argocd proj remove dev1 # create argocd proj create --help argocd proj create dev2 argocd proj list argocd proj add-source dev2 http://github.com/dev2/app.git1.3yaml创建示例文档: https://argo-cd.readthedocs.io/en/stable/operator-manual/project.yamlapiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: name: dev3 namespace: argocd finalizers: - resources-finalizer.argocd.argoproj.io spec: description: Example Project sourceRepos: - 'https://github.com/dev3/app.git' destinations: - namespace: dev3 server: https://kubernetes.default.svc name: in-cluster # Deny all cluster-scoped resources from being created, except for Namespace clusterResourceWhitelist: - group: '' kind: Namespace # Allow all namespaced-scoped resources to be created, except for ResourceQuota, LimitRange, NetworkPolicy namespaceResourceBlacklist: - group: '' kind: ResourceQuota - group: '' kind: LimitRange - group: '' kind: NetworkPolicy # Deny all namespaced-scoped resources from being created, except for Deployment and StatefulSet namespaceResourceWhitelist: - group: 'apps' kind: Deployment - group: 'apps' kind: StatefulSet二、project配置 2.1webUI配置2.2yaml配置apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: name: dev1 namespace: argocd spec: clusterResourceBlacklist: - group: "" kind: "" clusterResourceWhitelist: - group: "" kind: Namespace description: dev1 group destinations: - name: in-cluster namespace: dev1 server: https://kubernetes.default.svc namespaceResourceWhitelist: - group: '*' kind: '*' roles: - jwtTokens: - iat: 1684030305 id: 12764563-0582-4d2d-afbc-ab2712c5c47e name: dev1-role policies: - p, proj:dev1:dev1-role, applications, get, dev1/*, allow - p, proj:dev1:dev1-role, applications, sync, dev1/*, allow - p, proj:dev1:dev1-role, applications, delete, dev1/*, deny sourceRepos: - http://gitlab.local.com/devops/** ## 根据项目组配置,允许该组下的所有repo - ""三、ProjectRoleProjectRole 是一种用于定义在特定项目 (Project) 范围内的访问控制策略的资源。它允许你对项目中的资源进行细粒度的权限管理,指定哪些用户或服务账户可以执行哪些操作。ProjectRole 主要用于增强安全性和隔离性,确保只有被授权的用户或系统组件可以对项目内的应用程序和资源进行特定操作。3.1创建role我们在demo项目下创建名为dev的角色,配置权限为:允许get sync操作权限,不允许delete操作。3.2创建JWT Tokenroot@k8s-01:~/argocd# argocd proj role create-token demo-project dev-role WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. Create token succeeded for proj:demo-project:dev-role. ID: 9c150b55-848f-436c-88db-fe61e95874fc Issued At: 2025-08-19T06:31:59Z Expires At: Never Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhcmdvY2QiLCJzdWIiOiJwcm9qOmRlbW8tcHJvamVjdDpkZXYtcm9sZSIsIm5iZiI6MTc1NTU4NTExOSwiaWF0IjoxNzU1NTg1MTE5LCJqdGkiOiI5YzE1MGI1NS04NDhmLTQzNmMtODhkYi1mZTYxZTk1ODc0ZmMifQ.54fvz4OOOIo-wsK_hwclCmW0oSIJO1vz2Xgv4Axl08s3.3验证测试# 注销之前登录的admin账号 [root@tiaoban ~]# argocd logout argocd.local.com Logged out from 'argocd.local.com' # 使用token查看app列表 [root@tiaoban ~]# argocd app list --auth-token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhcmdvY2QiLCJzdWIiOiJwcm9qOmRlbW8tcHJvamVjdDpkZXYtcm9sZSIsIm5iZiI6MTcxOTExNTk0OSwiaWF0IjoxNzE5MTE1OTQ5LCJqdGkiOiI5MDg5OTc0OC1mYjg2LTRlZjktYjNmMC03MWY4MjBjZjEwZDYifQ.RCLx7U-2RdQ_BD5z8sBW3Ghh5RA6DnwU9VHvmU8EgQM WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET argocd/demo https://kubernetes.default.svc demo-project Synced Healthy Auto <none> http://gitlab.local.com/devops/argo-demo.git manifests HEAD # 使用token执行sync操作 [root@tiaoban ~]# argocd app sync argocd/demo --auth-token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhcmdvY2QiLCJzdWIiOiJwcm9qOmRlbW8tcHJvamVjdDpkZXYtcm9sZSIsIm5iZiI6MTcxOTExNTk0OSwiaWF0IjoxNzE5MTE1OTQ5LCJqdGkiOiI5MDg5OTc0OC1mYjg2LTRlZjktYjNmMC03MWY4MjBjZjEwZDYifQ.RCLx7U-2RdQ_BD5z8sBW3Ghh5RA6DnwU9VHvmU8EgQM WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. TIMESTAMP GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE 2024-06-23T12:20:07+08:00 Service default myapp Synced Healthy 2024-06-23T12:20:07+08:00 apps Deployment default myapp Synced Healthy 2024-06-23T12:20:07+08:00 traefik.containo.us IngressRoute default myapp Synced 2024-06-23T12:20:07+08:00 traefik.containo.us IngressRoute default myapp Synced ingressroute.traefik.containo.us/myapp unchanged 2024-06-23T12:20:07+08:00 Service default myapp Synced Healthy service/myapp unchanged 2024-06-23T12:20:07+08:00 apps Deployment default myapp Synced Healthy deployment.apps/myapp unchanged Name: argocd/demo Project: demo-project Server: https://kubernetes.default.svc Namespace: URL: https://argocd.local.com/applications/argocd/demo Source: - Repo: http://gitlab.local.com/devops/argo-demo.git Target: HEAD Path: manifests SyncWindow: Sync Allowed Sync Policy: Automated Sync Status: Synced to HEAD (0ea8019) Health Status: Healthy Operation: Sync Sync Revision: 0ea801988a54f0ad73808454f2fce5030d3e28ef Phase: Succeeded Start: 2024-06-23 12:20:07 +0800 CST Finished: 2024-06-23 12:20:07 +0800 CST Duration: 0s Message: successfully synced (all tasks run) GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE Service default myapp Synced Healthy service/myapp unchanged apps Deployment default myapp Synced Healthy deployment.apps/myapp unchanged traefik.containo.us IngressRoute default myapp Synced ingressroute.traefik.containo.us/myapp unchanged # 使用token删除应用,提示权限拒绝 [root@tiaoban ~]# argocd app delete argocd/demo --auth-token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhcmdvY2QiLCJzdWIiOiJwcm9qOmRlbW8tcHJvamVjdDpkZXYtcm9sZSIsIm5iZiI6MTcxOTExNTk0OSwiaWF0IjoxNzE5MTE1OTQ5LCJqdGkiOiI5MDg5OTc0OC1mYjg2LTRlZjktYjNmMC03MWY4MjBjZjEwZDYifQ.RCLx7U-2RdQ_BD5z8sBW3Ghh5RA6DnwU9VHvmU8EgQM WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. Are you sure you want to delete 'argocd/demo' and all its resources? [y/n] y FATA[0001] rpc error: code = PermissionDenied desc = permission denied: applications, delete, demo-project/demo, sub: proj:demo-project:dev-role, iat: 2024-06-23T04:12:29Z
-
ArgoCD快速体验 一、gitlab仓库配置创建一个名为Argo Demo的仓库,在manifests目录下仅包含应用的yaml文件,文件内容如下apiVersion: apps/v1 kind: Deployment metadata: name: myapp namespace: default spec: selector: matchLabels: app: myapp template: metadata: labels: app: myapp spec: containers: - name: myapp image: ikubernetes/myapp:v1 resources: limits: memory: "128Mi" cpu: "500m" ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: myapp namespace: default spec: type: ClusterIP selector: app: myapp ports: - port: 80 targetPort: 80 --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: myapp namespace: default spec: entryPoints: - web routes: - match: Host(`myapp.test.com`) kind: Rule services: - name: myapp port: 80 gitlab仓库如下:二、vargocd配置 2.1添加仓库地址添加仓库地址,Settings → Repositories,点击 CONNECT REPO 按钮添加仓库,填写以下信息验证通过后显示如下,点击创建应用创建应用创建完后如下所示三、访问验证 3.1验证应用部署状态查看k8s创建的资源信息,发现已经成功创建了对应的资源root@k8s-01:~/argocd# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-fd4fd598f-kkrck 1/1 Running 0 113s root@k8s-01:~/argocd# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 19d myapp ClusterIP 10.101.17.194 <none> 80/TCP 2m2s root@k8s-01:~/argocd# kubectl get ingressroute NAME AGE myapp 2m13s 访问web页面验证3.2版本更新接下来模拟配置变更,将镜像版本从v1改为v2Argo CD默认每180秒同步一次,查看argocd信息,发现已经自动同步了yaml文件,并且正在进行发布访问web页面状态,发现已经完成了发布工作。此时整个应用关联关系如下3.3版本回退点击history and rollback即可看到整个应用的所有发布记录,并且可以选择指定版本进行回退操作。再次访问发现已经回退到v1版本
-
ArgoCD部署 一、安装Argo CD 1.1创建nskubectl create namespace argocd1.2安装argocdkubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml注意事项:默认下载的是最新版argocd,安装argocd时,务必参阅支持的k8s版本列表,否则会出现安装失败pod运行异常的情况。 参考文档:https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions 由于k8s集群版本为1.27.6。因此安装的argo cd版本为2.11.3,yaml文件地址:https://github.com/argoproj/argo-cd/blob/v2.11.3/manifests/install.yaml执行成功后会在argocd的namespace下创建如下资源。 root@k8s-01:~/argocd# kubectl get all -n argocd NAME READY STATUS RESTARTS AGE pod/argocd-application-controller-0 1/1 Running 0 4m9s pod/argocd-applicationset-controller-7c75857ff5-9lrzm 1/1 Running 0 4m9s pod/argocd-dex-server-7496f974df-p9ms2 1/1 Running 0 92s pod/argocd-notifications-controller-66f486587f-grsgd 1/1 Running 0 4m9s pod/argocd-redis-544dbfdbc5-sbvn8 1/1 Running 0 4m9s pod/argocd-repo-server-87d6bf9b7-txql5 1/1 Running 0 4m9s pod/argocd-server-b54fdb74d-jsfwr 1/1 Running 0 4m9s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/argocd-applicationset-controller ClusterIP 10.108.48.9 <none> 7000/TCP,8080/TCP 4m9s service/argocd-dex-server ClusterIP 10.104.66.145 <none> 5556/TCP,5557/TCP,5558/TCP 4m9s service/argocd-metrics ClusterIP 10.110.242.240 <none> 8082/TCP 4m9s service/argocd-notifications-controller-metrics ClusterIP 10.108.2.224 <none> 9001/TCP 4m9s service/argocd-redis ClusterIP 10.111.74.193 <none> 6379/TCP 4m9s service/argocd-repo-server ClusterIP 10.111.94.151 <none> 8081/TCP,8084/TCP 4m9s service/argocd-server ClusterIP 10.102.209.251 <none> 80/TCP,443/TCP 4m9s service/argocd-server-metrics ClusterIP 10.99.167.144 <none> 8083/TCP 4m9s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/argocd-applicationset-controller 1/1 1 1 4m9s deployment.apps/argocd-dex-server 1/1 1 1 4m9s deployment.apps/argocd-notifications-controller 1/1 1 1 4m9s deployment.apps/argocd-redis 1/1 1 1 4m9s deployment.apps/argocd-repo-server 1/1 1 1 4m9s deployment.apps/argocd-server 1/1 1 1 4m9s NAME DESIRED CURRENT READY AGE replicaset.apps/argocd-applicationset-controller-7c75857ff5 1 1 1 4m9s replicaset.apps/argocd-dex-server-7496f974df 1 1 1 4m9s replicaset.apps/argocd-notifications-controller-66f486587f 1 1 1 4m9s replicaset.apps/argocd-redis-544dbfdbc5 1 1 1 4m9s replicaset.apps/argocd-repo-server-87d6bf9b7 1 1 1 4m9s replicaset.apps/argocd-server-b54fdb74d 1 1 1 4m9s NAME READY AGE statefulset.apps/argocd-application-controller 1/1 4m9s root@k8s-01:~/argocd# 二、web访问argocd访问Argo server的方式有两种: 1. 通过web ui 2. 使用argocd 客户端工具2.1访问web ui(NodePort方式)通过kubectl edit -n argocd svc argocd-server将service的type类型从ClusterIP改为NodePort。改完后通过以下命令查看端口:root@k8s-01:~/argocd# kubectl get svc -n argocd NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE argocd-applicationset-controller ClusterIP 10.108.48.9 <none> 7000/TCP,8080/TCP 9m34s argocd-dex-server ClusterIP 10.104.66.145 <none> 5556/TCP,5557/TCP,5558/TCP 9m34s argocd-metrics ClusterIP 10.110.242.240 <none> 8082/TCP 9m34s argocd-notifications-controller-metrics ClusterIP 10.108.2.224 <none> 9001/TCP 9m34s argocd-redis ClusterIP 10.111.74.193 <none> 6379/TCP 9m34s argocd-repo-server ClusterIP 10.111.94.151 <none> 8081/TCP,8084/TCP 9m34s argocd-server ClusterIP 10.102.209.251 <none> 80/TCP,443/TCP 9m34s argocd-server-metrics ClusterIP 10.99.167.144 <none> 8083/TCP 9m34s root@k8s-01:~/argocd# root@k8s-01:~/argocd# root@k8s-01:~/argocd# root@k8s-01:~/argocd# root@k8s-01:~/argocd# kubectl edit -n argocd svc argocd-serve Error from server (NotFound): services "argocd-serve" not found root@k8s-01:~/argocd# kubectl edit -n argocd svc argocd-server service/argocd-server edited root@k8s-01:~/argocd# kubectl get svc -n argocd NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE argocd-applicationset-controller ClusterIP 10.108.48.9 <none> 7000/TCP,8080/TCP 12m argocd-dex-server ClusterIP 10.104.66.145 <none> 5556/TCP,5557/TCP,5558/TCP 12m argocd-metrics ClusterIP 10.110.242.240 <none> 8082/TCP 12m argocd-notifications-controller-metrics ClusterIP 10.108.2.224 <none> 9001/TCP 12m argocd-redis ClusterIP 10.111.74.193 <none> 6379/TCP 12m argocd-repo-server ClusterIP 10.111.94.151 <none> 8081/TCP,8084/TCP 12m argocd-server NodePort 10.102.209.251 <none> 80:31232/TCP,443:32542/TCP 12m argocd-server-metrics ClusterIP 10.99.167.144 <none> 8083/TCP 12m https://192.168.30.180:31232/2.2获取admin密码用户名为admin,密码通过以下方式获取。 root@k8s-01:~/argocd# kubectl get secrets argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d DCg5oVXU8Xd-rNMW root@k8s-01:~/argocd# 2.3访问web ui(ingress方式)访问web ui必须使用https方式访问,以traefik为例,创建ingressroute资源 # 创建证书文件 root@k8s-01:~/argocd# kubectl get secrets argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d DCg5oVXU8Xd-rNMWroot@kopenssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=argocd.local.com"rgocd.local.com" ..+..........+......+..+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+...+.....+....+...+..+...+....+...+..................+...+...............+.....+.+...+......+.........+..+...+.+.....+.+......+..+.............+............+..+....+.....+....+....................+..........+.....+...+...+.+.........+.....+......+.+..+.......+......+........+.+.....+.............+..+.............+.....+.+......+......+.....+.........+.+..+............+....+..+...+.+...+..+..........+...........+...+....+......+......+...+.....+.+..+........................+.+..+.............+..+.+.........+...+..+......+.+.....+.+..............+......+....+...+...........+..........+..+.........+...+.............+..+.+.....+......+...+......+....+......+.........+.....+.+..+.........................+..+............+.+...+......+...........+....+...+........+...+.+.....+......+...+.........+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ..........+...+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+.....+.+.........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- root@k8s-01:~/argocd# kubectl create secret tls argocd-tls --cert=tls.crt --key=tls.key -n argocd secret/argocd-tls created root@k8s-01:~/argocd# kubectl describe secrets argocd-tls -n argocd Name: argocd-tls Namespace: argocd Labels: <none> Annotations: <none> Type: kubernetes.io/tls Data ==== tls.crt: 1131 bytes tls.key: 1704 bytes #创建ingress资源 root@k8s-01:~/argocd# cat ingress.yaml apiVersion: traefik.io/v1alpha1 kind: ServersTransport metadata: name: argocd-transport namespace: argocd spec: serverName: "argocd.local.com" insecureSkipVerify: true --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: argocd-tls namespace: argocd spec: entryPoints: - websecure routes: - match: Host(`argocd.local.com`) kind: Rule services: - name: argocd-server port: 443 serversTransport: argocd-transport tls: secretName: argocd-tls root@k8s-01:~/argocd# kubectl apply -f ingress.yaml serverstransport.traefik.io/argocd-transport created ingressroute.traefik.io/argocd-tls created添加hosts解析记录 192.168.30.180 argocd.local.com三、客户端工具访问argocd 3.1下载argocd客户端工具root@k8s-01:~/argocd# ls argocd-linux-amd64 ingress.yaml install.yaml tls.crt tls.key root@k8s-01:~/argocd# mv argocd-linux-amd64 /usr/local/bin/argocd root@k8s-01:~/argocd# chmod u+x /usr/local/bin/argocd root@k8s-01:~/argocd# argocd version argocd: v2.11.3+3f344d5 BuildDate: 2024-06-06T08:42:00Z GitCommit: 3f344d54a4e0bbbb4313e1c19cfe1e544b162598 GitTreeState: clean GoVersion: go1.21.9 Compiler: gc Platform: linux/amd64 FATA[0000] Argo CD server address unspecified 3.2客户端工具登录argocdroot@k8s-01:~/argocd# argocd login argocd.local.com:30443 --username admin --password DCg5oVXU8Xd-rNMW WARNING: server certificate had error: tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead. Proceed insecurely (y/n)? y WARN[0020] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. 'admin:login' logged in successfully Context 'argocd.local.com:30443' updated 3.3修改密码root@k8s-01:~/argocd# argocd account update-password --account admin --current-password DCg5oVXU8Xd-rNMW --new-password '30044844Abc@' WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. Password updated Context 'argocd.local.com:30443' updated
