Argo CD

By Bys on April 21, 2021

- Argo CD

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes

- Kubernets Helm을 통한 설치

Create Namespace

kubectl create namespace argo

Donwload Template

helm fetch argo/argo-cd
tar -xvzf argo-cd-3.6.4.tgz

Modify values.yaml

cd argo-cd
vim values.yaml

Service Using NLB

## Server service configuration
  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
      service.beta.kubernetes.io/aws-load-balancer-subnets: subnet-0745ae9d00efcb688, subnet-070711a376c168a6e
    labels: {}
    type: LoadBalancer
    ## For node port default ports
    nodePortHttp: 30080
    nodePortHttps: 30443
    servicePortHttp: 80
    servicePortHttps: 443
    servicePortHttpName: http
    servicePortHttpsName: https
    namedTargetPort: true
    loadBalancerIP: ""
    loadBalancerSourceRanges: []
    externalIPs: []
    externalTrafficPolicy: ""

Service Using NLB

helm install argo -n argo argo/argo-cd -f values.yaml

helm을 통해 정상 배포 후에는 아래와 같이 argo-argocd가 배포되며 argo-argocd-server의 EXTERNAL-IP를 통해 접속 할 수 있다.

 k get po -n argo
NAME                                                  READY   STATUS    RESTARTS   AGE
argo-argocd-application-controller-7cdcc48d5c-jnt8k   1/1     Running   0          62m
argo-argocd-dex-server-fd6b7d5fc-ssnbp                1/1     Running   0          62m
argo-argocd-redis-7c9dc5d5f4-lczkd                    1/1     Running   0          62m
argo-argocd-repo-server-765d5cdbb-qgsln               1/1     Running   0          62m
argo-argocd-server-74c959d6dc-vbtsb                   1/1     Running   0          62m

k get svc -n argo
NAME                                 TYPE           CLUSTER-IP       EXTERNAL-IP                                                                          PORT(S)                      AGE
argo-argocd-application-controller   ClusterIP      172.20.113.195   <none>                                                                               8082/TCP                     62m
argo-argocd-dex-server               ClusterIP      172.20.20.74     <none>                                                                               5556/TCP,5557/TCP            62m
argo-argocd-redis                    ClusterIP      172.20.72.203    <none>                                                                               6379/TCP                     62m
argo-argocd-repo-server              ClusterIP      172.20.90.9      <none>                                                                               8081/TCP                     62m
argo-argocd-server                   LoadBalancer   172.20.199.156   a365a14fe8cfd40d3905ff4ee69d52e0-**.elb.ap-northeast-2.amazonaws.com                 80:31017/TCP,443:31146/TCP   62m

Ingress Using ALB

server:
  ingress:
    # -- Enable an ingress resource for the Argo CD server
    enabled: true
    https: true
    # -- Additional ingress annotations
    annotations:
      alb.ingress.kubernetes.io/group.name: argocd
      alb.ingress.kubernetes.io/subnets: subnet-02e6d788fad8afdcf, subnet-020255d69e8c814da
      alb.ingress.kubernetes.io/scheme : internet-facing
      alb.ingress.kubernetes.io/security-groups: bys-dev-sg-alb-argocd
      alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS13-1-2-2021-06
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-2:558846430793:certificate/250015a4-4753-4a97-b536-88a6e6aaaf73
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
      alb.ingress.kubernetes.io/backend-protocol: HTTPS
      alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": {"Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
      alb.ingress.kubernetes.io/healthcheck-path: /
      alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
      alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '10'
      alb.ingress.kubernetes.io/healthy-threshold-count: '2'
      alb.ingress.kubernetes.io/unhealthy-threshold-count: '4'
      alb.ingress.kubernetes.io/healthcheck-port: traffic-port
      alb.ingress.kubernetes.io/success-codes: 200,301,302
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/tags: auto-delete=no
    # -- Additional ingress labels
    labels: {}
    # -- Defines which ingress controller will implement the resource
    ingressClassName: "alb"

    # -- List of ingress hosts
    ## Argo Ingress.
    ## Hostnames must be provided if Ingress is enabled.
    ## Secrets must be manually created in the namespace
    hosts:
      - argocd-main.bys.world
      # - argocd.example.com

    # -- List of ingress paths
    paths:
      - /
    # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
    pathType: Prefix
    # -- Additional ingress paths
    extraPaths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: ssl-redirect
            port:
              name: use-annotation
    # -- Ingress TLS configuration
    tls:
      - hosts:
          - argocd-main.bys.world
        secretName: cert

    #tls: []
      # - secretName: your-certificate-name
      #   hosts:
      #     - argocd.example.com

    # -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp`
 #   https: false

Login
Username은 admin이고 패스워드는 아래의 정보를 통해 알 수 있다.

kubectl -n argo get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d


- Upgrade ArgoCD

helm upgrade argo-cd argo/argo-cd -f values.yaml -n argocd


- ArgoCD CLI

# Access to argoCD server
kubectl exec -it $(k get po -n argocd | grep argo-cd-argocd-server | awk '{print $1}') -n argocd -- /bin/bash

# Account login
argocd login localhost:8080 --insecure
admin / password 

# Account list
argocd account list

# Change password
argocd account update-password --account byoungsoo

argocd account update-password --account admin

Tag: [ cicd  gitlab  gitlab-runner  pipeline  docker  docker-compose  ]