1. Terraform을 통한 argocd 설치
1) argocd helm repo 추가
helm repo add argo https://argoproj.github.io/argo-helm
helm search repo argocd
Tip) 유용한 명령어
helm show values argo/argo-cd --version 3.35.4 > argocd-default.yaml
helm ls --all-namespaces
helm delete -n argocd argocd
2) terraform 작성
// provider
provider "helm" {
kubernetes {
config_path = "~/.kube/config"
}
}// resource
resource "helm_release" "argocd" {
name = "argocd"
repository = "https://argoproj.github.io/argo-helm"
chart = "argo-cd"
namespace = "argocd"
create_namespace = true
version = "3.35.4"
values = [file("values/argocd.yaml")]
}
// values
global:
image:
tag: "v2.6.6"
server:
extraArgs:
- --insecure
3) Forward Ports
k get services -n argocd
kubectl port-forward service/argocd-server -n argocd 8080:804) default admin password 조회
k get secrets -n argocd
k get secrets argocd-initial-admin-secret -o yaml -n argocd
echo "UTN4b2RIU0hDWGR3d2JRZg==" | base64 -d
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d2. Public Git repo 테스트
1) docker Image 생성 및 hub 저장
docker pull nginx:1.23.3
docker tag nginx:1.23.3 ${name}/nginx:v0.1.0
docker push ${name}/nginx:v0.1.02) Deployment, Namespace yaml 작성 후 repo commit
// deployment.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: prod
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: ${name}/nginx:v0.1.2
ports:
- containerPort: 80
// namespace.yaml
---
apiVersion: v1
kind: Namespace
metadata:
name: prod
3) argocd application yaml 생성 및 실행
// application.yaml
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
# 해당 git repo 설정 및 path(폴더명) 적용
repoURL: ${2번 public git repo 주소}
targetRevision: HEAD
path: first-app
destination:
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- Validate=true
- CreateNamespace=false
- PrunePropagationPolicy=foreground
- PruneLast=true
finalizers: - resources-finalizer.argocd.argoproj.io는 ArgoCD 애플리케이션의 종료(Finalization) 과정에서 수행되어야 하는 리소스 정리 작업을 정의합니다.
Kubernetes에서는 리소스를 삭제할 때 해당 리소스와 관련된 종속 리소스들이 제거되는 과정이 있습니다. 이때 종속 리소스들의 삭제 작업이 완료된 후에 리소스의 종료 작업이 진행되어야 합니다. 이를 위해 finalizer를 사용합니다.
즉, resources-finalizer.argocd.argoproj.io는 ArgoCD 애플리케이션의 삭제와 관련된 종료 작업을 수행하기 위해 필요한 finalizer를 나타냅니다.
apply -f application.yaml3. Private Git repo, docker repo 테스트
1) private git repo secret 적용
(1) secret repo key 생성
(2) application.yaml 생성
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: ${private_git_repo_cli}
targetRevision: HEAD
path: my-app
destination:
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- Validate=true
- CreateNamespace=false
- PrunePropagationPolicy=foreground
- PruneLast=true
(3) secret.yaml 생성
---
apiVersion: v1
kind: Secret
metadata:
name: gitreposshkey
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
stringData:
url: ${private_git_repo_cli}
sshPrivateKey: |
-----BEGIN OPENSSH PRIVATE KEY-----
${key}
-----END OPENSSH PRIVATE KEY-----
insecure: "false"
enableLfs: "true"
2. private docker repo secret 적용
1) private docker repo 생성 및 토큰 발급
2) secret 생성 및 적용
kubectl create secret docker-registry dockerconfigjson -n ${ns}
\ --docker-server="https://index.docker.io/v1/"
\ --docker-username=${id}
\ --docker-password=${access token}
\ --docker-email=${email}---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: foo
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
imagePullPolicy: Always
image: ${private docker image}
ports:
- containerPort: 80
// secret key 적용
imagePullSecrets:
- name: dockerconfigjson
apply -f application.yaml
Pay it forward