Argo CD 설치
설치는 둘중에 선택해서 하시면 됩니다.
Non-HA:
$ kubectl create namespace argocd
$ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v1.5.5/manifests/install.yaml
$ kubectl get all -n argocd
NAME READY STATUS RESTARTS AGE
pod/argocd-application-controller-7bfb796d56-z9sb6 1/1 Running 0 89s
pod/argocd-dex-server-59cdcc74d8-vqvv9 1/1 Running 0 89s
pod/argocd-redis-868b8cb57f-ttbth 1/1 Running 0 88s
pod/argocd-repo-server-69b47ccc5b-shzfv 1/1 Running 0 88s
pod/argocd-server-669b67b49d-b5nx5 1/1 Running 0 88s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/argocd-dex-server ClusterIP 10.35.243.19 <none> 5556/TCP,5557/TCP,5558/TCP 90s
service/argocd-metrics ClusterIP 10.35.241.52 <none> 8082/TCP 89s
service/argocd-redis ClusterIP 10.35.249.68 <none> 6379/TCP 89s
service/argocd-repo-server ClusterIP 10.35.254.96 <none> 8081/TCP,8084/TCP 89s
service/argocd-server ClusterIP 10.35.244.45 <none> 80/TCP,443/TCP 89s
service/argocd-server-metrics ClusterIP 10.35.254.54 <none> 8083/TCP 89s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/argocd-application-controller 1/1 1 1 89s
deployment.apps/argocd-dex-server 1/1 1 1 89s
deployment.apps/argocd-redis 1/1 1 1 88s
deployment.apps/argocd-repo-server 1/1 1 1 88s
deployment.apps/argocd-server 1/1 1 1 88s
NAME DESIRED CURRENT READY AGE
replicaset.apps/argocd-application-controller-7bfb796d56 1 1 1 89s
replicaset.apps/argocd-dex-server-59cdcc74d8 1 1 1 89s
replicaset.apps/argocd-redis-868b8cb57f 1 1 1 88s
replicaset.apps/argocd-repo-server-69b47ccc5b 1 1 1 88s
replicaset.apps/argocd-server-669b67b49d 1 1 1 88s
HA:
$ kubectl create namespace argocd
$ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v1.5.5/manifests/ha/install.yaml
$ kubectl get all -n argocd NAME READY STATUS RESTARTS AGE
pod/argocd-application-controller-6855f79bcd-x56dm 1/1 Running 0 2m5s
pod/argocd-dex-server-59cdcc74d8-8zkg4 1/1 Running 0 2m5s
pod/argocd-redis-ha-haproxy-7f6577999f-6cn2m 1/1 Running 0 2m5s
pod/argocd-redis-ha-haproxy-7f6577999f-85bx5 1/1 Running 0 2m5s
pod/argocd-redis-ha-haproxy-7f6577999f-dvm7b 1/1 Running 0 2m5s
pod/argocd-redis-ha-server-0 2/2 Running 0 2m4s
pod/argocd-redis-ha-server-1 2/2 Running 0 98s
pod/argocd-redis-ha-server-2 2/2 Running 0 88s
pod/argocd-repo-server-578d788b9b-8l6b4 1/1 Running 0 2m4s
pod/argocd-repo-server-578d788b9b-kd9gt 1/1 Running 0 2m4s
pod/argocd-server-858dd7ccf8-6kxmw 1/1 Running 0 2m4s
pod/argocd-server-858dd7ccf8-f48s2 1/1 Running 0 2m4s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/argocd-dex-server ClusterIP 10.35.254.88 <none> 5556/TCP,5557/TCP,5558/TCP 2m6s
service/argocd-metrics ClusterIP 10.35.250.216 <none> 8082/TCP 2m6s
service/argocd-redis-ha ClusterIP None <none> 6379/TCP,26379/TCP 2m6s
service/argocd-redis-ha-announce-0 ClusterIP 10.35.247.241 <none> 6379/TCP,26379/TCP 2m7s
service/argocd-redis-ha-announce-1 ClusterIP 10.35.244.203 <none> 6379/TCP,26379/TCP 2m7s
service/argocd-redis-ha-announce-2 ClusterIP 10.35.246.180 <none> 6379/TCP,26379/TCP 2m6s
service/argocd-redis-ha-haproxy ClusterIP 10.35.250.66 <none> 6379/TCP 2m6s
service/argocd-repo-server ClusterIP 10.35.243.123 <none> 8081/TCP,8084/TCP 2m6s
service/argocd-server ClusterIP 10.35.246.223 <none> 80/TCP,443/TCP 2m5s
service/argocd-server-metrics ClusterIP 10.35.247.145 <none> 8083/TCP 2m6s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/argocd-application-controller 1/1 1 1 2m6s
deployment.apps/argocd-dex-server 1/1 1 1 2m6s
deployment.apps/argocd-redis-ha-haproxy 3/3 3 3 2m6s
deployment.apps/argocd-repo-server 2/2 2 2 2m6s
deployment.apps/argocd-server 2/2 2 2 2m6s
NAME DESIRED CURRENT READY AGE
replicaset.apps/argocd-application-controller-6855f79bcd 1 1 1 2m6s
replicaset.apps/argocd-dex-server-59cdcc74d8 1 1 1 2m6s
replicaset.apps/argocd-redis-ha-haproxy-7f6577999f 3 3 3 2m6s
replicaset.apps/argocd-repo-server-578d788b9b 2 2 2 2m6s
replicaset.apps/argocd-server-858dd7ccf8 2 2 2 2m6s
NAME READY AGE
statefulset.apps/argocd-redis-ha-server 3/3 2m5s
Argo CD CLI 다운로드
https://github.com/argoproj/argo-cd/releases/latest에서 최신 Argo CD 버전을 다운로드하십시오. 보다 자세한 설치 지침은 CLI 설치 설명서를 참조하십시오.
Mac Homebrew에서도 사용 가능:
$ brew tap argoproj/tap
$ brew install argoproj/tap/argocd
Argo CD 서버에 액세스하기위한 포트 포워드:
$ kubectl port-forward -n argocd svc/argocd-server 8080:443
CLI를 사용하여 로그인
초기 암호는 Argo CD API 서버의 포드 이름이되도록 자동 생성됩니다. 다음 명령으로 검색 할 수 있습니다.
$ kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
argocd-server-669b67b49d-b5nx5
위의 사용자 이름 admin과 비밀번호를 사용하여 Argo CD의 IP 또는 호스트 이름으로 로그인하십시오.
$ argocd login localhost:8080 --insecure --username admin --password argocd-server-669b67b49d-b5nx5
로그인후 비밀번호를 변경하십시오.
$ argocd account update-password
인그레스 cert-manager를 사용해 ssl 적용
ERR_TOO_MANY_REDIRECTS 오류 발생. 기본적으로 Argo-CD가 항상 HTTP 요청을 HTTPS로 리디렉션한다는 것입니다. 따라서 해결책 중 하나는 Argo-CD에서 HTTPS를 비활성화하는 것입니다. argocd-server에서 –insecure 플래그를 사용하면됩니다.
$ kubectl patch deploy argocd-server -n argocd -p '[{"op": "add", "path": "/spec/template/spec/containers/0/command/-", "value": "--insecure"}]' --type json
인그레이스 정보 추가
$ echo '
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: argocd-server-ingress
namespace: argocd
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
konghq.com/strip-path: "true"
kubernetes.io/ingress.class: kong
spec:
rules:
- host: argocd.35.XXX.XXX.XX.nip.io
http:
paths:
- backend:
serviceName: argocd-server
servicePort: https
path: /
tls:
- hosts:
- argocd.35.XXX.XXX.XX.nip.io
secretName: argocd-secret
' | kubectl apply -f -
HTTPS 리디렉션 설정
$ echo '
apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: https-only
namespace: argocd
route:
protocols:
- https
https_redirect_status_code: 302
' | kubectl apply -f -
kongingress.configuration.konghq.com/https-only created
다음으로 KongIngress 리소스를 이전에 만든 인그레스 리소스와 연결해야합니다.
$ kubectl patch ingress argocd-server-ingress -n argocd -p '{"metadata":{"annotations":{"konghq.com/override":"https-only"}}}'
ingress.extensions/argocd-server-ingress patched
인그레스 연결후 CLI 로그인 방법
$ argocd login argocd.35.XXX.XXX.XX.nip.io --username admin --password 변경한비밀번호 --grpc-web
관리자 비밀번호를 잊어 버렸습니다. 어떻게 재설정합니까?
비밀번호를 변경하려면 argocd-secret 비밀을 편집하고 admin.password 필드를 새로운 bcrypt 해시로 업데이트하십시오. https://www.browserling.com/tools/bcrypt와 같은 사이트를 사용하여 새 해시를 생성 할 수 있습니다. 예를 들면 다음과 같습니다.
# bcrypt(password)=$2a$10$rRyBsGSHK6.uc8fntPwVIuLVHgsAhAX7TcdrqW/RADU0uh7CaChLa
$ kubectl -n argocd patch secret argocd-secret \
-p '{"stringData": {
"admin.password": "$2a$10$rRyBsGSHK6.uc8fntPwVIuLVHgsAhAX7TcdrqW/RADU0uh7CaChLa",
"admin.passwordMtime": "'$(date +%FT%T%Z)'"
}}'