1. ArgoCD概述与环境规划
ArgoCD是一个开源的GitOps持续部署工具,提供了基于Git仓库的应用部署和管理能力。ArgoCD基于Kubernetes,支持多种部署策略和应用管理功能。更多学习教程www.fgedu.net.cn
1.1 ArgoCD版本说明
ArgoCD目前主要版本为2.x系列,本教程以ArgoCD 2.7.0为例进行详细讲解。ArgoCD 2.x版本相比之前版本在性能、稳定性和功能方面都有显著提升,支持更多的GitOps特性。
$ argocd version
argocd: v2.7.0+589814e
BuildDate: 2023-04-05T15:33:19Z
GitCommit: 589814e84117135389f6c719b4c1721c40d2b6c6
GitTreeState: clean
GoVersion: go1.19.6
Compiler: gc
Platform: linux/amd64
# 查看Kubernetes版本
$ kubectl version
Client Version: v1.27.0
Server Version: v1.27.0
# 查看系统版本
$ cat /etc/os-release
NAME=”Oracle Linux Server”
VERSION=”8.9″
ID=”ol”
PRETTY_NAME=”Oracle Linux Server 8.9″
# 查看内核版本
$ uname -r
5.4.17-2136.302.7.2.el8uek.x86_64
1.2 环境规划
本次安装环境规划如下:
master01.fgedu.net.cn (192.168.1.51) – 控制平面节点
master02.fgedu.net.cn (192.168.1.52) – 控制平面节点
master03.fgedu.net.cn (192.168.1.53) – 控制平面节点
worker01.fgedu.net.cn (192.168.1.61) – 工作节点
worker02.fgedu.net.cn (192.168.1.62) – 工作节点
ArgoCD版本:2.7.0
Kubernetes版本:1.27.0
安装方式:使用Helm
命名空间:argocd
2. 硬件环境要求
ArgoCD作为GitOps工具,对硬件资源要求相对较低,适合在标准Kubernetes集群中运行。学习交流加群风哥微信: itpux-com
2.1 物理主机环境要求
– CPU:至少4核
– 内存:至少16GB
– 磁盘:系统盘120GB SSD + 数据盘200GB SSD
# 工作节点要求
– CPU:至少8核
– 内存:至少32GB
– 磁盘:系统盘120GB SSD + 数据盘500GB SSD
# 检查控制平面节点资源
# free -h
total used free shared buff/cache available
Mem: 16G 4.2G 10G 256M 1.8G 11G
Swap: 8G 0B 8G
# 检查工作节点资源
# free -h
total used free shared buff/cache available
Mem: 32G 8.4G 22G 512M 3.6G 23G
# 检查磁盘空间
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 120G 20G 100G 17% /
/dev/sdb1 200G 50G 150G 25% /var/lib/containers
2.2 vSphere虚拟主机环境要求
– 控制平面节点:
– vCPU:4核
– 内存:16GB
– 磁盘:系统盘120GB SSD + 数据盘200GB SSD
– 网络:VMXNET3网卡,10Gbps网络
– 工作节点:
– vCPU:8核
– 内存:32GB
– 磁盘:系统盘120GB SSD + 数据盘500GB SSD
– 网络:VMXNET3网卡,10Gbps网络
资源池配置:
– CPU预留:控制平面2GHz,工作节点4GHz
– 内存预留:控制平面8GB,工作节点16GB
– 内存限制:控制平面16GB,工作节点32GB
– CPU份额:正常
– 内存份额:正常
2.3 云平台主机环境要求
– 控制平面节点:
– 实例规格:ecs.g6.2xlarge或同等规格
– vCPU:8核
– 内存:32GB
– 系统盘:SSD云盘 120GB
– 数据盘:SSD云盘 200GB
– 网络带宽:10Gbps以上
– 工作节点:
– 实例规格:ecs.g6.4xlarge或同等规格
– vCPU:16核
– 内存:64GB
– 系统盘:SSD云盘 120GB
– 数据盘:SSD云盘 500GB
– 网络带宽:10Gbps以上
存储配置:
– OSS对象存储:用于存储应用配置
– NAS文件存储:用于共享数据
– 云盘快照:定期备份集群数据
3. 操作系统环境准备
在安装ArgoCD之前,需要对操作系统进行必要的配置和优化。
3.1 操作系统版本检查
# cat /etc/os-release
NAME=”Oracle Linux Server”
VERSION=”8.9″
ID=”ol”
PRETTY_NAME=”Oracle Linux Server 8.9″
# 检查内核版本
# uname -r
5.4.17-2136.302.7.2.el8uek.x86_64
# 检查SELinux状态
# getenforce
Enforcing
# 检查防火墙状态
# systemctl status firewalld
● firewalld.service – firewalld – dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running)
3.2 依赖服务安装
# curl -LO “https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl”
# chmod +x kubectl
# mv kubectl /usr/local/bin/
# 安装Helm
# curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
# chmod 700 get_helm.sh
# ./get_helm.sh
# 验证依赖安装
# kubectl version
Client Version: v1.27.0
# helm version
version.BuildInfo{
Version: “v3.11.3”,
GitCommit: “323249351482b4c820d4856636bd87c0993fab4b”,
GitTreeState: “clean”,
GoVersion: “go1.18.10”
}
3.3 Kubernetes集群准备
# kubectl cluster-info
Kubernetes control plane is running at https://master01.fgedu.net.cn:6443
CoreDNS is running at https://master01.fgedu.net.cn:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
# 检查节点状态
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01.fgedu.net.cn Ready control-plane,master 1h v1.27.0
master02.fgedu.net.cn Ready control-plane,master 1h v1.27.0
master03.fgedu.net.cn Ready control-plane,master 1h v1.27.0
worker01.fgedu.net.cn Ready worker 1h v1.27.0
worker02.fgedu.net.cn Ready worker 1h v1.27.0
# 检查集群服务
# kubectl get pods -n kube-system
4. ArgoCD安装配置
完成环境准备后,开始安装ArgoCD。
4.1 安装ArgoCD
# kubectl create namespace argocd
# 使用Helm安装ArgoCD
# helm repo add argo https://argoproj.github.io/argo-helm
# helm install argocd argo/argo-cd -n argocd
# 验证安装
# kubectl get pods -n argocd
NAME READY STATUS RESTARTS AGE
argocd-application-controller-123456 1/1 Running 0 5m
argocd-dex-server-123456 1/1 Running 0 5m
argocd-redis-123456 1/1 Running 0 5m
argocd-repo-server-123456 1/1 Running 0 5m
argocd-server-123456 1/1 Running 0 5m
# 查看ArgoCD服务
# kubectl get services -n argocd
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
argocd-dex-server ClusterIP 10.96.0.100
argocd-metrics ClusterIP 10.96.0.101
argocd-redis ClusterIP 10.96.0.102
argocd-repo-server ClusterIP 10.96.0.103
argocd-server ClusterIP 10.96.0.104
argocd-server-metrics ClusterIP 10.96.0.105
4.2 配置ArgoCD
# kubectl patch service argocd-server -n argocd -p ‘{“spec”:{“type”:”LoadBalancer”}}’
# 获取ArgoCD服务IP
# kubectl get services -n argocd argocd-server
# 获取初始密码
# kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath='{.data.password}’ | base64 -d
# 访问ArgoCD Web UI
# 打开浏览器访问 https://
# 登录ArgoCD
# 用户名:admin
# 密码:<初始密码>
4.3 安装ArgoCD CLI
# curl -sSL -o argocd https://github.com/argoproj/argo-cd/releases/download/v2.7.0/argocd-linux-amd64
# 添加执行权限
# chmod +x argocd
# mv argocd /usr/local/bin/
# 验证安装
# argocd version
argocd: v2.7.0+589814e
BuildDate: 2023-04-05T15:33:19Z
GitCommit: 589814e84117135389f6c719b4c1721c40d2b6c6
GitTreeState: clean
GoVersion: go1.19.6
Compiler: gc
Platform: linux/amd64
5. ArgoCD配置优化
为了提高ArgoCD的性能和稳定性,需要进行一些配置优化。
5.1 资源配置优化
# vi argocd-values.yaml
server:
resources:
requests:
cpu: 200m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
repoServer:
resources:
requests:
cpu: 200m
memory: 256Mi
limits:
cpu: 500m
memory: 1Gi
applicationController:
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 1
memory: 1Gi
# 应用配置
# helm upgrade argocd argo/argo-cd -n argocd -f argocd-values.yaml
# 验证配置
# kubectl get pods -n argocd
5.2 高可用配置
# vi argocd-ha-values.yaml
server:
replicaCount: 3
repoServer:
replicaCount: 2
applicationController:
replicaCount: 2
redis:
architecture: replicated
replicas:
master: 1
replica: 2
# 应用配置
# helm upgrade argocd argo/argo-cd -n argocd -f argocd-ha-values.yaml
# 验证配置
# kubectl get pods -n argocd
5.3 存储配置
# vi argocd-storage-values.yaml
redis:
persistence:
enabled: true
storageClass: “managed-nfs-storage”
size: 10Gi
# 应用配置
# helm upgrade argocd argo/argo-cd -n argocd -f argocd-storage-values.yaml
# 验证配置
# kubectl get pvc -n argocd
6. ArgoCD应用管理
ArgoCD通过Git仓库管理应用配置,支持多种部署策略。
6.1 创建应用
# argocd app create demo-app \
–repo https://github.com/fgedu/argocd-demo.git \
–path app \
–dest-server https://kubernetes.default.svc \
–dest-namespace default
# 使用ArgoCD Web UI创建应用
# 1. 登录ArgoCD Web UI
# 2. 点击”New App”
# 3. 配置应用信息
# 4. 保存配置
# 查看应用
# argocd app list
6.2 同步应用
# argocd app sync demo-app
# 自动同步应用
# argocd app set demo-app –sync-policy automated
# 查看同步状态
# argocd app get demo-app
6.3 应用配置
# argocd app edit demo-app
# 查看应用配置
# argocd app get demo-app -o yaml
# 删除应用
# argocd app delete demo-app
7. ArgoCD集群管理
ArgoCD支持管理多个Kubernetes集群,实现跨集群应用部署。
7.1 添加集群
# kubectl config get-contexts
# 添加集群到ArgoCD
# argocd cluster add kubernetes-admin@kubernetes
# 查看集群
# argocd cluster list
7.2 管理集群
# argocd cluster get https://kubernetes.default.svc
# 删除集群
# argocd cluster rm https://kubernetes.default.svc
# 更新集群
# argocd cluster update https://kubernetes.default.svc
8. ArgoCD安全配置
ArgoCD提供了多种安全功能,包括RBAC权限控制、SSO集成、密钥管理等。
8.1 RBAC配置
# vi argocd-rbac-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
namespace: argocd
data:
policy.csv: |
p, role:admin, applications, *, */*, allow
p, role:developer, applications, get, */*, allow
p, role:developer, applications, sync, */*, allow
g, admin, role:admin
g, developer, role:developer
# 应用配置
# kubectl apply -f argocd-rbac-cm.yaml
# 验证配置
# kubectl get cm argocd-rbac-cm -n argocd -o yaml
8.2 SSO集成
# vi argocd-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
namespace: argocd
data:
url: https://argocd.fgedu.net.cn
oidc.config: |
name: Keycloak
issuer: https://keycloak.fgedu.net.cn/realms/master
clientID: argocd
clientSecret: $oidc.keycloak.clientSecret
requestedScopes: [“openid”, “profile”, “email”, “groups”]
# 应用配置
# kubectl apply -f argocd-cm.yaml
# 验证配置
# kubectl get cm argocd-cm -n argocd -o yaml
8.3 密钥管理
# kubectl create secret generic argocd-secret -n argocd –from-literal=oidc.keycloak.clientSecret=secret
# 查看密钥
# kubectl get secrets argocd-secret -n argocd
# 编辑密钥
# kubectl edit secrets argocd-secret -n argocd
9. ArgoCD性能优化
在生产环境中,需要对ArgoCD进行性能优化以提高应用部署效率。from:www.itpux.com
9.1 资源配置优化
# vi argocd-performance-values.yaml
server:
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: 1
memory: 1Gi
repoServer:
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 2
memory: 2Gi
applicationController:
resources:
requests:
cpu: 1
memory: 2Gi
limits:
cpu: 2
memory: 4Gi
# 应用配置
# helm upgrade argocd argo/argo-cd -n argocd -f argocd-performance-values.yaml
# 验证配置
# kubectl get pods -n argocd
9.2 缓存配置
# vi argocd-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
namespace: argocd
data:
repo.server.timeout.seconds: “60”
repo.server.cache.expiration: “24h”
# 应用配置
# kubectl apply -f argocd-cm.yaml
# 验证配置
# kubectl get cm argocd-cm -n argocd -o yaml
9.3 并行同步
# vi argocd-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
namespace: argocd
data:
application.controller.parallelism.limit: “10”
# 应用配置
# kubectl apply -f argocd-cm.yaml
# 验证配置
# kubectl get cm argocd-cm -n argocd -o yaml
10. ArgoCD升级迁移
本节介绍ArgoCD的版本升级和数据迁移方法。
10.1 ArgoCD版本升级
# kubectl get secret argocd-secret -n argocd -o yaml > /backup/argocd-secret.yaml
# kubectl get cm argocd-cm -n argocd -o yaml > /backup/argocd-cm.yaml
# kubectl get cm argocd-rbac-cm -n argocd -o yaml > /backup/argocd-rbac-cm.yaml
# 升级ArgoCD
# helm repo update
# helm upgrade argocd argo/argo-cd -n argocd
# 验证升级
# argocd version
argocd: v2.7.1+abcdefg
BuildDate: 2023-05-01T15:33:19Z
GitCommit: abcdefg1234567890abcdefg1234567890abcdefg
GitTreeState: clean
GoVersion: go1.19.6
Compiler: gc
Platform: linux/amd64
# 访问ArgoCD Web UI
# 打开浏览器访问 https://argocd.fgedu.net.cn
10.2 ArgoCD配置迁移
# kubectl get all -n argocd -o yaml > /backup/argocd-all.yaml
# 在新集群上导入配置
# kubectl apply -f /backup/argocd-all.yaml
# 验证配置
# kubectl get pods -n argocd
11. ArgoCD备份恢复
本节介绍ArgoCD的备份和恢复方法。
11.1 ArgoCD备份
# kubectl get secret argocd-secret -n argocd -o yaml > /backup/argocd-secret.yaml
# kubectl get cm argocd-cm -n argocd -o yaml > /backup/argocd-cm.yaml
# kubectl get cm argocd-rbac-cm -n argocd -o yaml > /backup/argocd-rbac-cm.yaml
# kubectl get apps -n argocd -o yaml > /backup/argocd-apps.yaml
# 验证备份
# ls -la /backup/
11.2 ArgoCD恢复
# kubectl delete namespace argocd
# 重新创建ArgoCD命名空间
# kubectl create namespace argocd
# 恢复ArgoCD配置
# kubectl apply -f /backup/argocd-secret.yaml
# kubectl apply -f /backup/argocd-cm.yaml
# kubectl apply -f /backup/argocd-rbac-cm.yaml
# 重新安装ArgoCD
# helm install argocd argo/argo-cd -n argocd
# 恢复应用
# kubectl apply -f /backup/argocd-apps.yaml
# 验证恢复
# kubectl get pods -n argocd
# 打开浏览器访问 https://argocd.fgedu.net.cn
11.3 ArgoCD监控脚本
# vi /data/argocd/scripts/argocd_monitor.sh
#!/bin/bash
LOG_FILE=”/var/log/argocd_monitor.log”
ALERT_EMAIL=”admin@fgedu.net.cn”
check_argocd_status() {
echo “$(date): Checking argocd status…” >> $LOG_FILE
pods=$(kubectl get pods -n argocd | grep -v STATUS | wc -l)
running_pods=$(kubectl get pods -n argocd | grep Running | wc -l)
echo “$(date): Total pods: $pods, Running pods: $running_pods” >> $LOG_FILE
if [ “$pods” -ne “$running_pods” ]; then
echo “$(date): Not all argocd pods are running” >> $LOG_FILE
echo “Not all argocd pods are running: $running_pods/$pods” | mail -s “ArgoCD Alert” $ALERT_EMAIL
fi
}
check_argocd_web() {
echo “$(date): Checking argocd web…” >> $LOG_FILE
status=$(curl -s -o /dev/null -w “%{http_code}” https://argocd.fgedu.net.cn)
if [ “$status” = “200” ]; then
echo “$(date): ArgoCD web: OK” >> $LOG_FILE
else
echo “$(date): ArgoCD web: FAILED” >> $LOG_FILE
echo “ArgoCD web failed” | mail -s “ArgoCD Alert” $ALERT_EMAIL
fi
}
check_app_sync() {
echo “$(date): Checking app sync…” >> $LOG_FILE
apps=$(argocd app list | grep -v NAME | wc -l)
synced_apps=$(argocd app list | grep Synced | wc -l)
echo “$(date): Total apps: $apps, Synced apps: $synced_apps” >> $LOG_FILE
if [ “$apps” -ne “$synced_apps” ]; then
echo “$(date): Not all apps are synced” >> $LOG_FILE
echo “Not all apps are synced: $synced_apps/$apps” | mail -s “ArgoCD Alert” $ALERT_EMAIL
fi
}
main() {
check_argocd_status
check_argocd_web
check_app_sync
}
main
# 添加执行权限
# chmod +x /data/argocd/scripts/argocd_monitor.sh
# 添加定时任务
# crontab -e
*/15 * * * * /data/argocd/scripts/argocd_monitor.sh
通过以上步骤,ArgoCD安装配置、性能优化、升级迁移、备份恢复等内容已全部完成。ArgoCD作为GitOps工具,能够高效地管理和部署应用,是DevOps实践的重要组成部分。
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
