Kubernetes ArgoCD
Automation of Everything - How To Combine Argo Events, Workflows & Pipelines, CD, and Rollouts
Делаю:
15.02.2021
https://www.youtube.com/watch?v=XNXJtxkUKeY
Original Gist
https://gist.github.com/vfarcic/48f44d3974db698d3127f52b6e7cd0d3
$ export INGRESS_HOST=$(minikube --profile my-profile ip)
$ echo ${INGRESS_HOST}
192.168.49.2
export BASE_HOST=[...] # e.g., $INGRESS_HOST.nip.io
export REGISTRY_SERVER=https://index.docker.io/v1/
# Replace `[...]` with the registry username
export REGISTRY_USER=[...]
# Replace `[...]` with the registry password
export REGISTRY_PASS=[...]
# Replace `[...]` with the registry email
export REGISTRY_EMAIL=[...]
# Replace `[...]` with the GitHub token
export GH_TOKEN=[...]
# Replace `[...]` with the GitHub email
export GH_EMAIL=[...]
$ cd ~/tmp
$ git clone https://github.com/vfarcic/argo-combined-app
$ git clone https://github.com/vfarcic/argo-combined-demo.git
$ cd argo-combined-app
$ cat kustomize/base/ingress.yaml \
| sed -e "[email protected]@[email protected]" \
| tee kustomize/overlays/staging/ingress.yaml
$ cat kustomize/overlays/production/rollout.yaml \
| sed -e "[email protected]@[email protected]" \
| tee kustomize/overlays/production/rollout.yaml
$ cat kustomize/overlays/staging/deployment.yaml \
| sed -e "[email protected]@$REGIS[email protected]" \
| tee kustomize/overlays/staging/deployment.yaml
$ cd argo-combined-demo
$ cat orig/sealed-secrets.yaml \
| sed -e "[email protected]@[email protected]" \
| tee production/sealed-secrets.yaml
$ cat argo-cd/base/ingress.yaml \
| sed -e "[email protected]@[email protected]" \
| tee argo-cd/overlays/production/ingress.yaml
$ cat argo-workflows/base/ingress.yaml \
| sed -e "[email protected]@argo-workflows.$BA[email protected]" \
| tee argo-workflows/overlays/production/ingress.yaml
$ cat argo-events/base/event-sources.yaml \
| sed -e "[email protected]@[email protected]" \
| sed -e "[email protected]@[email protected]" \
| tee argo-events/overlays/production/event-sources.yaml
$ cat argo-events/base/sensors.yaml \
| sed -e "[email protected]: [email protected]: [email protected]" \
| sed -e "[email protected]: [email protected]: [email protected]" \
| tee argo-events/overlays/production/sensors.yaml
$ cat production/argo-cd.yaml \
| sed -e "[email protected]@[email protected]" \
| tee production/argo-cd.yaml
$ cat production/argo-workflows.yaml \
| sed -e "[email protected]@[email protected]" \
| tee production/argo-workflows.yaml
$ cat production/argo-events.yaml \
| sed -e "[email protected]@[email protected]" \
| tee production/argo-events.yaml
$ cat production/argo-rollouts.yaml \
| sed -e "[email protected]@[email protected]" \
| tee production/argo-rollouts.yaml
$ cat production/argo-combined-app.yaml \
| sed -e "[email protected]/[email protected]/[email protected]" \
| sed -e "[email protected] [email protected] $REGISTRY_US[email protected]" \
| tee production/argo-combined-app.yaml
$ cat staging/argo-combined-app.yaml \
| sed -e "[email protected]/[email protected]/[email protected]" \
| sed -e "[email protected] [email protected] [email protected]" \
| tee staging/argo-combined-app.yaml
$ cat apps.yaml \
| sed -e "[email protected]@[email protected]" \
| tee apps.yaml
$ kubectl apply --filename sealed-secrets
$ kubectl --namespace workflows \
create secret \
docker-registry regcred \
--docker-server=$REGISTRY_SERVER \
--docker-username=$REGISTRY_USER \
--docker-password=$REGISTRY_PASS \
--docker-email=$REGISTRY_EMAIL \
--output json \
--dry-run=client \
| kubeseal --format yaml \
| tee argo-workflows/overlays/production/regcred.yaml
# Wait for a while and repeat the previous command if the output contains `cannot fetch certificate` error message
$ echo "apiVersion: v1
kind: Secret
metadata:
name: github-access
namespace: workflows
type: Opaque
data:
token: $(echo -n $GH_TOKEN | base64)
user: $(echo -n $GH_ORG | base64)
email: $(echo -n $GH_EMAIL | base64)" \
| kubeseal --format yaml \
| tee argo-workflows/overlays/workflows/githubcred.yaml
$ echo "apiVersion: v1
kind: Secret
metadata:
name: github-access
namespace: argo-events
type: Opaque
data:
token: $(echo -n $GH_TOKEN | base64)" \
| kubeseal --format yaml \
| tee argo-events/overlays/production/githubcred.yaml
git add .
git commit -m "Manifests"
git push
cd ..
GitOps deployments
$ cd argo-combined-demo
$ cat production/argo-cd.yaml
$ kustomize build \
argo-cd/overlays/production \
| kubectl apply --filename -
$ kubectl --namespace argocd \
rollout status \
deployment argocd-server
$ export PASS=$(kubectl \
--namespace argocd \
get secret argocd-initial-admin-secret \
--output jsonpath="{.data.password}" \
| base64 --decode)
$ argocd login \
--insecure \
--username admin \
--password $PASS \
--grpc-web \
argo-cd.$BASE_HOST
$ argocd account update-password \
--current-password $PASS \
--new-password admin
http://argo-cd.$BASE_HOST
admin / admin
$ kubectl apply --filename project.yaml
$ kubectl apply --filename apps.yaml
Events and workflows
$ cat argo-events/overlays/production/event-sources.yaml
$ cat argo-events/overlays/production/sensors.yaml
open https://github.com/$GH_ORG/argo-combined-app/settings/hooks
open http://argo-workflows.$BASE_HOST
$ cd ../argo-combined-app
# This might not work with providers that do not expose the IP but a host (e.g., AWS EKS)
$ export ISTIO_HOST=$(kubectl \
--namespace istio-system \
get svc istio-ingressgateway \
--output jsonpath="{.status.loadBalancer.ingress[0].ip}")
$ echo $ISTIO_HOST
$ cat kustomize/base/istio.yaml \
| sed -e "[email protected]@[email protected]" \
| tee kustomize/overlays/production/istio.yaml
$ cat config.toml \
| sed -e "[email protected] DevOps becomes [email protected] now\!\!\[email protected]" \
| tee config.toml
git add .
git commit -m "A silly change"
git push
GitOps upgrades
open http://staging.argo-combined-app.$BASE_HOST
Canary deployments
cat kustomize/overlays/production/rollout.yaml
kubectl argo rollouts
–namespace production
get rollout argo-combined-app
–watch
open http://argo-combined-app.$ISTIO_HOST.xip.io