argocd를 배포하여 사용하는 과정입니다
환경은 AKS(azure kubernetes service)에서 진행하며, aks구축 과정은 생략하고 argocd 설치부터 진행합니다.
https://argo-cd.readthedocs.io/en/stable/#what-is-argo-cd
- Argocd install
- aks ingress 설정을 통해서, 외부 접근허용하기
- git 연동
- 배포 테스트
1.Argocd Install
설치는 간단합니다.
namespace 를 만들고, argocd install yaml파일을 다운받아서 적용하면 됩니다.
[root@console ~]# kubectl create namespace argocd
namespace/argocd created
[root@console ~]# kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/applicationsets.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-applicationset-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-notifications-controller created
serviceaccount/argocd-redis created
serviceaccount/argocd-repo-server created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-applicationset-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-notifications-controller created
role.rbac.authorization.k8s.io/argocd-redis created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-applicationset-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-notifications-controller created
rolebinding.rbac.authorization.k8s.io/argocd-redis created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-cmd-params-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-notifications-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-notifications-secret created
secret/argocd-secret created
service/argocd-applicationset-controller created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-notifications-controller-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server created
service/argocd-server-metrics created
deployment.apps/argocd-applicationset-controller created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-notifications-controller created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
statefulset.apps/argocd-application-controller created
networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-applicationset-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
networkpolicy.networking.k8s.io/argocd-notifications-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy created
[root@console ~]#
설치가 완료되면, argocd pod들이 생성되어있는걸 확인할 수 있습니다.
[root@console ~]# kubectl get all -n argocd
NAME READY STATUS RESTARTS AGE
pod/argocd-application-controller-0 1/1 Running 0 3m35s
pod/argocd-applicationset-controller-7584dc59-bbdzn 1/1 Running 0 3m35s
pod/argocd-dex-server-756b7ff6d6-2bzdp 1/1 Running 0 3m35s
pod/argocd-notifications-controller-7c6c4644ff-mr9gx 1/1 Running 0 3m35s
pod/argocd-redis-675cf99c54-9hdgq 1/1 Running 0 3m35s
pod/argocd-repo-server-7b9966b95b-7tzcn 1/1 Running 0 3m35s
pod/argocd-server-65cbd5c97b-srsz4 1/1 Running 0 3m35s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/argocd-applicationset-controller ClusterIP 10.0.82.211 <none> 7000/TCP,8080/TCP 3m36s
service/argocd-dex-server ClusterIP 10.0.153.136 <none> 5556/TCP,5557/TCP,5558/TCP 3m36s
service/argocd-metrics ClusterIP 10.0.15.106 <none> 8082/TCP 3m36s
service/argocd-notifications-controller-metrics ClusterIP 10.0.70.192 <none> 9001/TCP 3m36s
service/argocd-redis ClusterIP 10.0.235.123 <none> 6379/TCP 3m36s
service/argocd-repo-server ClusterIP 10.0.185.48 <none> 8081/TCP,8084/TCP 3m36s
service/argocd-server ClusterIP 10.0.25.122 <none> 80/TCP,443/TCP 3m36s
service/argocd-server-metrics ClusterIP 10.0.221.123 <none> 8083/TCP 3m36s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/argocd-applicationset-controller 1/1 1 1 3m36s
deployment.apps/argocd-dex-server 1/1 1 1 3m36s
deployment.apps/argocd-notifications-controller 1/1 1 1 3m36s
deployment.apps/argocd-redis 1/1 1 1 3m36s
deployment.apps/argocd-repo-server 1/1 1 1 3m36s
deployment.apps/argocd-server 1/1 1 1 3m35s
NAME DESIRED CURRENT READY AGE
replicaset.apps/argocd-applicationset-controller-7584dc59 1 1 1 3m36s
replicaset.apps/argocd-dex-server-756b7ff6d6 1 1 1 3m36s
replicaset.apps/argocd-notifications-controller-7c6c4644ff 1 1 1 3m36s
replicaset.apps/argocd-redis-675cf99c54 1 1 1 3m36s
replicaset.apps/argocd-repo-server-7b9966b95b 1 1 1 3m36s
replicaset.apps/argocd-server-65cbd5c97b 1 1 1 3m35s
NAME READY AGE
statefulset.apps/argocd-application-controller 1/1 3m35s
[root@console ~]#
현재 상태에선, argocd 서비스가 외부 노출이 되어있지 않으므로 접속이 되지 않습니다.
외부에서 접근이 가능하도록 ingress를 활성화하여 연결을 진행합니다.
azure app-routing 기능을 이용합니다.
https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default
#app-routing 활성화#
[root@console ~]# az aks approuting enable --resource-group aks생성시 만든 resource그룹명 --name aks클러스터이름
다음 ingress를 생성합니다.
#ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-ingress
namespace: argocd
spec:
ingressClassName: webapprouting.kubernetes.azure.com
rules:
- host: test.argocd.test ##host는 임의로 작성하였습니다.
http:
paths:
- backend:
service:
name: argocd-server
port:
number: 80 #ssl 인증서를 발급받지 않았기 때문에, 80포트로 연결되도록하며, argocd에서도 tls를 사용하지 않도록 비활성화해야합니다.
path: /
pathType: Prefix
위에서 만든 ingress.yaml파일을 적용하면, ingress가 생성됩니다.
[root@console ~]# kubectl get ing -n argocd
NAME CLASS HOSTS ADDRESS PORTS AGE
argocd-ingress webapprouting.kubernetes.azure.com test.argocd.test 4.230.153.171 80 11m
[root@console ~]#ingress가 생성되고 일정시간이 지난면 ADDRESS 부분에 public ip가 연결됩니다.
이제, argocd-server가 tls를 사용하지 않게 비활성화 합니다.
argocd 설정은 configmap을 통해 설정이 가능합니다.
먼저 argocd configmap들을 살펴보겠습니다.
[root@console ~]# kubectl get cm -n argocd
NAME DATA AGE
argocd-cm 0 42m
argocd-cmd-params-cm 1 42m
argocd-gpg-keys-cm 0 42m
argocd-notifications-cm 0 42m
argocd-rbac-cm 0 42m
argocd-ssh-known-hosts-cm 1 42m
argocd-tls-certs-cm 0 42m
kube-root-ca.crt 1 42m
[root@console ~]#
argocd namespace 에 생성된 configmap 리스트입니다.
tls비활성화는 위 configmap 중 argocd-cmd-params-cm 에서 추가합니다.
kubectl edit를 통해 configmap을 수정합니다.
[root@console ~]# kubectl edit cm argocd-cmd-params-cm -n argocd
##configmap 내용
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data: ##추가
server.insecure: "true" ###해당 내용을 넣어줍니다., 처음 설치시에는 data영역이 없으므로, 윗줄 data: 부터 추가합니다.
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"argocd-cmd-params-cm","app.kubernetes.io/part-of":"argocd"},"name":"argocd-cmd-params-cm","namespace":"argocd"}}
creationTimestamp: "2024-08-23T05:02:02Z"
labels:
app.kubernetes.io/name: argocd-cmd-params-cm
app.kubernetes.io/part-of: argocd
name: argocd-cmd-params-cm
namespace: argocd
resourceVersion: "35212"
uid: bbfe6d35-cbc9-4205-befd-cf46cb5918ad
설정을 진행했으면, argocd-server를 재배포합니다.
[root@console ~]# kubectl rollout restart deploy argocd-server -n argocd
deployment.apps/argocd-server restarted
[root@console ~]# kubectl get pod -n argocd| grep argocd-server
argocd-server-5d78948db9-jgb7f 1/1 Running 0 10m
argocd-server-77dfff8f57-rcwns 0/1 Running 0 13s
[root@console ~]#재배포를 하게되면, pod가 재생성 됩니다.
pod상태가 ready가 될때까지 기다립니다.
[root@console ~]# kubectl get pod -n argocd| grep argocd-server
argocd-server-77dfff8f57-rcwns 1/1 Running 0 81s완료되면 새로 배포된 pod만 남게되며 ready상태를 확인할 수 있습니다.
이제 해당 IP주소를 통해서 argocd로 접근이 가능하게 됩니다.
다만, 접속을 하려면 host명을 통해 접속해야합니다.
ingress쪽 host설정에 따라 ip가 아닌 host로 접속을 진행합니다.
(임의 host명 접속을 위해선 사용하는 윈도우pc의 hosts 파일을 수정해서 접속테스트 해볼 수 있습니다.관련 내용은 본문에서 다루지 않습니다.)
hosts정보 수정 후 test.argocd호스트 접속시 argocd 로그인 화면 확인이 가능합니다.
username을 admin이며, password는 다음 명령어로 확인이 가능합니다.
[root@console ~]# kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
udO0umnu4mI4PjoU
[root@console ~]#
*로그인 후 초기 패스워드는 변경하여 사용합니다.
2.git 연동
git은 private repo를 사용하며, 연동은 ssh를 통해 연결을 진행하도록 설정합니다.
ssh연결을 위해 필요한건 ssh pub,private key가 필요합니다.
우선 서버에서 key를 생성합니다.
[root@console ~]# ssh-keygen -f argocd-key
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in argocd-key.
Your public key has been saved in argocd-key.pub.
The key fingerprint is:
SHA256:CevhonOzCUGU5y+IJLkSBtnS8xWo5+lCRxwYp41QFi4 root@console
The key's randomart image is:
+---[RSA 3072]----+
|.=*=.... |
|+=*=+ . |
|Eo=B.o. |
|+=. * o . |
|++.= oo S |
|+ o.=o.. |
|...o..o |
| oo+o |
| .+oo |
+----[SHA256]-----+
[root@console ~]# ll
total 24
-rw------- 1 root root 2602 Aug 23 06:27 argocd-key ##private key
-rw-r--r-- 1 root root 566 Aug 23 06:27 argocd-key.pub ##pub key
git repo에 가서 setting쪽에 deploy key에 위에서 생성한 pub key를 등록합니다.
등록이되면 위 캡쳐 화면처럼 key가 등록된걸 확인할 수 있습니다.
이제, argocd 에서 repo를 추가합니다.
repo url에 사용하는 git url을 위 캡쳐와 같은 형태로 입력하고, 위에서 생성한 private key를 넣어줍니다.
해당 키는 유출되면 안되므로, 사용시 주의합니다.
입력 후 CONNECT를 클릭하여 등록상황을 확인합니다.
연결이 정상적으로 되었다면, 아래와같이 Successful이 나옵니다.
여기까지 git연동이 완료되었습니다.
이제 git에 yaml파일을 올리고, argocd를 통해서 deploy를 진행해보겠습니다.
3.배포하기
우선 nginx,tomcat deploy yaml을 작성하여 git에 올립니다.
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deployment
namespace: argocd
labels:
app: tomcat
spec:
replicas: 4
selector:
matchLabels:
app: tomcat
template:
metadata:
labels:
app: tomcat
spec:
containers:
- name: tomcat
image: tomcat:latest
ports:
- containerPort: 8080
env:
- name: JAVA_OPTS
value: "-Djava.security.egd=file:/dev/./urandom"apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: argocd
labels:
app: nginx
spec:
replicas: 5
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
위와 같은 두개의 deployment.yaml이 생성되어있으며, 이제 argocd를 통해 배포를 진행해보겠습니다.
argocd 에서 Applications -> NEW APP을 클릭합니다.
위에처럼 기본사항만 입력 후 CREATE를 진행합니다.
생성내역 확인되며, sync를 클릭하여 배포 진행합니다.
클릭을 해보면, 세부 배포 내역을 확인할 수 있습니다.
[root@console ~]# kubectl get deploy -n argocd
NAME READY UP-TO-DATE AVAILABLE AGE
argocd-applicationset-controller 1/1 1 1 171m
argocd-dex-server 1/1 1 1 171m
argocd-notifications-controller 1/1 1 1 171m
argocd-redis 1/1 1 1 171m
argocd-repo-server 1/1 1 1 171m
argocd-server 1/1 1 1 171m
nginx-deployment 5/5 5 5 2m1s
tomcat-deployment 4/4 4 4 2m1s
[root@console ~]# kubectl get pod -n argocd
NAME READY STATUS RESTARTS AGE
argocd-application-controller-0 1/1 Running 0 171m
argocd-applicationset-controller-7584dc59-bbdzn 1/1 Running 0 171m
argocd-dex-server-756b7ff6d6-2bzdp 1/1 Running 0 171m
argocd-notifications-controller-7c6c4644ff-mr9gx 1/1 Running 0 171m
argocd-redis-675cf99c54-9hdgq 1/1 Running 0 171m
argocd-repo-server-7b9966b95b-7tzcn 1/1 Running 0 171m
argocd-server-77dfff8f57-rcwns 1/1 Running 0 126m
nginx-deployment-7c79c4bf97-5csw8 1/1 Running 0 2m10s
nginx-deployment-7c79c4bf97-8f5rq 1/1 Running 0 2m9s
nginx-deployment-7c79c4bf97-97clh 1/1 Running 0 2m10s
nginx-deployment-7c79c4bf97-z9k22 1/1 Running 0 2m9s
nginx-deployment-7c79c4bf97-zq9ts 1/1 Running 0 2m10s
tomcat-deployment-59dc4c7f7d-969tf 1/1 Running 0 2m10s
tomcat-deployment-59dc4c7f7d-9rh6g 1/1 Running 0 2m10s
tomcat-deployment-59dc4c7f7d-b2bwz 1/1 Running 0 2m10s
tomcat-deployment-59dc4c7f7d-mlv54 1/1 Running 0 2m9saks내에서 명령어를 통해 배포된 내역을 확인할 수 있습니다.
여기까지 argocd와 git연동을 통해 배포를 진행해보았습니다.
'ETC_OSS > Argocd' 카테고리의 다른 글
| [Argocd] presync,postsync (0) | 2024.08.23 |
|---|