[kubernetes] ArgoCD를 이용한 서비스 배포
사전 준비
kind 설치
choco install kind
kind -version
#>kind v0.11.1 go1.16.4 windows/amd64
argoCD-cli 설치
$version = (Invoke-RestMethod https://api.github.com/repos/argoproj/argo-cd/releases/latest).tag_name
$url = "https://github.com/argoproj/argo-cd/releases/download/" + $version + "/argocd-windows-amd64.exe"
$output = "C:\argocd\argocd.exe"
Invoke-WebRequest -Uri $url -OutFile $output
그런 다음 시스템 환경 변수에 argoCD를 설정합니다.
argocd version
#>argocd: v2.0.3+8d2b13d
#> BuildDate: 2021-05-27T17:42:53Z
#> GitCommit: 8d2b13d733e1dff7d1ad2c110ed31be4804406e2
#> GitTreeState: clean
#> GoVersion: go1.16
#> Compiler: gc
#> Platform: windows/amd64
클러스터 생성
kind-3-3-cluster.yaml# a cluster with 3 control-plane nodes and 3 workers
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: control-plane
- role: control-plane
- role: worker
- role: worker
- role: worker
kind create cluster --config kind-3-3-cluster.yaml
kubectl create namespace argocd
argoCD 설정
argoCD 배포
kubectl apply -n argocd -f argoCD.yaml
kubectl get svc argocd-server -n argocd
#>NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
#>argocd-server LoadBalancer 10.96.91.38 <pending> 80:30619/TCP,443:32674/TCP 3h10m
helmchart의 경우
PS C:\Users\aruki\Desktop\dev\kind> helm repo list
#NAME URL
#gitlab https://charts.gitlab.io
#local http://***/api/v4/projects/8/packages/helm/stable
#bitnami https://charts.bitnami.com/bitnami
#ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install my-argo-cd local/argo-cd
argoCD UI 연결
# Kubectlポートフォワーディング
kubectl port-forward svc/argocd-server -n argocd 8080:443
# 初期パスワードのチェック
kubectl -n argocd get secret argocd-initial-admin-secret -o go-template="{{.data.password | base64decode }}"
#>********
argocd login localhost:8080
#> WARNING: server certificate had error: x509: certificate signed by unknown authority. Proceed insecurely (y/n)?
#>Username: admin
#>Password:
#>'admin:login' logged in successfully
#>Context 'localhost:8080' updated
# パスワード変更
argocd account update-password
그 후, 브라우저에서 아래와 같이 접속하면 argoCD의 UI가 표시된다.
https://localhost:8080/applications
샘플: kubernetes-dashboard 배포
사전 준비
kubernetes-dashboard를 argoCD에 배포 (Helmchart를 통해)
choco install kind
kind -version
#>kind v0.11.1 go1.16.4 windows/amd64
$version = (Invoke-RestMethod https://api.github.com/repos/argoproj/argo-cd/releases/latest).tag_name
$url = "https://github.com/argoproj/argo-cd/releases/download/" + $version + "/argocd-windows-amd64.exe"
$output = "C:\argocd\argocd.exe"
Invoke-WebRequest -Uri $url -OutFile $output
argocd version
#>argocd: v2.0.3+8d2b13d
#> BuildDate: 2021-05-27T17:42:53Z
#> GitCommit: 8d2b13d733e1dff7d1ad2c110ed31be4804406e2
#> GitTreeState: clean
#> GoVersion: go1.16
#> Compiler: gc
#> Platform: windows/amd64
kind-3-3-cluster.yaml
# a cluster with 3 control-plane nodes and 3 workers
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: control-plane
- role: control-plane
- role: worker
- role: worker
- role: worker
kind create cluster --config kind-3-3-cluster.yaml
kubectl create namespace argocd
argoCD 설정
argoCD 배포
kubectl apply -n argocd -f argoCD.yaml
kubectl get svc argocd-server -n argocd
#>NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
#>argocd-server LoadBalancer 10.96.91.38 <pending> 80:30619/TCP,443:32674/TCP 3h10m
helmchart의 경우
PS C:\Users\aruki\Desktop\dev\kind> helm repo list
#NAME URL
#gitlab https://charts.gitlab.io
#local http://***/api/v4/projects/8/packages/helm/stable
#bitnami https://charts.bitnami.com/bitnami
#ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install my-argo-cd local/argo-cd
argoCD UI 연결
# Kubectlポートフォワーディング
kubectl port-forward svc/argocd-server -n argocd 8080:443
# 初期パスワードのチェック
kubectl -n argocd get secret argocd-initial-admin-secret -o go-template="{{.data.password | base64decode }}"
#>********
argocd login localhost:8080
#> WARNING: server certificate had error: x509: certificate signed by unknown authority. Proceed insecurely (y/n)?
#>Username: admin
#>Password:
#>'admin:login' logged in successfully
#>Context 'localhost:8080' updated
# パスワード変更
argocd account update-password
그 후, 브라우저에서 아래와 같이 접속하면 argoCD의 UI가 표시된다.
https://localhost:8080/applications
샘플: kubernetes-dashboard 배포
사전 준비
kubernetes-dashboard를 argoCD에 배포 (Helmchart를 통해)
kubectl apply -n argocd -f argoCD.yaml
kubectl get svc argocd-server -n argocd
#>NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
#>argocd-server LoadBalancer 10.96.91.38 <pending> 80:30619/TCP,443:32674/TCP 3h10m
PS C:\Users\aruki\Desktop\dev\kind> helm repo list
#NAME URL
#gitlab https://charts.gitlab.io
#local http://***/api/v4/projects/8/packages/helm/stable
#bitnami https://charts.bitnami.com/bitnami
#ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install my-argo-cd local/argo-cd
# Kubectlポートフォワーディング
kubectl port-forward svc/argocd-server -n argocd 8080:443
# 初期パスワードのチェック
kubectl -n argocd get secret argocd-initial-admin-secret -o go-template="{{.data.password | base64decode }}"
#>********
argocd login localhost:8080
#> WARNING: server certificate had error: x509: certificate signed by unknown authority. Proceed insecurely (y/n)?
#>Username: admin
#>Password:
#>'admin:login' logged in successfully
#>Context 'localhost:8080' updated
# パスワード変更
argocd account update-password
kubernetes-dashboard.yaml
project: default
source:
repoURL: 'https://kubernetes.github.io/dashboard/'
targetRevision: 4.3.1
helm:
valueFiles:
- values.yaml
parameters:
- name: serviceAccount.name
value: admin-user
chart: kubernetes-dashboard
destination:
server: 'https://kubernetes.default.svc'
namespace: kubernetes-dashboard
syncPolicy:
syncOptions:
- CreateNamespace=true
배포
다음과 같이 설정하고 sync (동기화)
결과, 모두 창조되고 동기화될 수 있는지 확인할 수 있다.
작성 결과
디폴트 설정에서는 한 곳만 변경을 하고 있다.
kubernetes-dashboard 연결
로그인하려면 ServiceAccount 및 clusterrolebinding이 필요합니다.
- clusterrolebinding 추가
※ServiceAccount는 argocd에서 dashboard를 작성했을 때 설정하고 있으므로 추가 불필요
clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
kubectl apply -f clusterrole.yaml
# トークン取得
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
>#eyJ*************************************************************************
kubectl proxy
그 후, 브라우저에서 아래와 같이 접속하면 kubernetes-dashboard의 UI가 표시되므로, 방금전에 표시한 토큰을 입력한다
결과적으로 로그인에 성공하고 모든 리소스가 정상(녹색 표시)인지 확인합니다.
Reference
이 문제에 관하여([kubernetes] ArgoCD를 이용한 서비스 배포), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/KO_YAmajun/items/dc24e03275eab7e3f9af텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)