GitOps - Argo CD Note

Argo CD 目前市面上唯一具有完整 UI 的 GitOps 工具，簡單又直覺的操作以及完整的文件，很值得花幾個小時去玩看看。

Get Started

https://argoproj.github.io/argo-cd/getting_started/

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl config set-context --current --namespace=argocd

安裝 Argo CLI

brew tap argoproj/tap
brew install argoproj/tap/argocd

預設的 argo service 不會 expose，先改成 LoadBalancer，方便 Debug。

kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'

取得 admin 密碼

kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2

重設密碼 https://github.com/argoproj/argo-cd/blob/master/docs/faq.md#i-forgot-the-admin-password-how-do-i-reset-it

# password: rammus
kubectl -n argocd patch secret argocd-secret \
  -p "{\"data\": \
    {\
      \"admin.password\": \"$(echo -n '$2a$10$yAfkcG7WZasNvIp9etc6guOg2MeU/PcK.AEpWWgh1r7UBoPnNJtU.' | base64)\", \
      \"admin.passwordMtime\": \"$(date +%FT%T%Z | base64)\" \
  }}"

Clean

刪除 namespace 就會自動 cascade 底下所有資源了。

kubectl delete ns argocd

行為

auto-sync 不能 rollback

Argo CD polls Git repositories every three minutes to detect changes to the manifests.
(source)

最好使用不變的路徑. (source)

✅ github.com/argoproj/argo-cd//manifests/cluster-install?ref=v0.11.1
❌ github.com/argoproj/argo-cd//manifests/cluster-install

Blue/Green Deploy

kubectl create namespace argo-rollouts
kubectl apply -n argo-rollouts -f https://raw.githubusercontent.com/argoproj/argo-rollouts/stable/manifests/install.yaml

namespace/argo-rollouts created
customresourcedefinition.apiextensions.k8s.io/rollouts.argoproj.io created
serviceaccount/argo-rollouts created
role.rbac.authorization.k8s.io/argo-rollouts-role created
clusterrole.rbac.authorization.k8s.io/argo-rollouts-aggregate-to-admin created
clusterrole.rbac.authorization.k8s.io/argo-rollouts-aggregate-to-edit created
clusterrole.rbac.authorization.k8s.io/argo-rollouts-aggregate-to-view created
clusterrole.rbac.authorization.k8s.io/argo-rollouts-clusterrole created
rolebinding.rbac.authorization.k8s.io/argo-rollouts-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/argo-rollouts-clusterrolebinding created
service/argo-rollouts-metrics created
deployment.apps/argo-rollouts created

https://github.com/RammusXu/argo-demo/blob/master/bg/demo.yaml

Create:

Update image:

preview-service 會連結到新的 pods:

確認無誤後，繼續 rollout:

rollout 成功後，preview-service 的 pod 也會跟著清掉:

如果想要 rollback，可以參考:

Ref:

• https://argoproj.github.io/argo-rollouts/
• https://blog.argoproj.io/introducing-argo-rollouts-59dd0fad476c

Read More

• GitOps Comparison - Argo, Flux
• GitOps - Flux 心得