CI/CD
ArgoCD Helm 설치 & 테스트
uuuhhh
2022. 12. 10. 15:40
▪︎ ArgoCD 설치
- helm repo 받기
$ k create namespace argocd
$ helm repo add argo <https://argoproj.github.io/argo-helm>
- argocd 설정 파일 받기
$ helm show values argo/argo-cd > argocd-values.yaml
- helm으로 argocd 설치
$ helm install argocd argo/argo-cd -n argocd
- 그런데 만들고 보니깐 service도 로드밸런서 타입으로 만들고 싶고.. 리소스도 조정하고 싶은데..
- 다시 갈아 엎어보자..!
- 그리고 계속 argo-server pod이 CrashLoopBack 에러로 다운되는 것을 확인
$ helm uninstall argocd -n argocd
These resources were kept due to the resource policy:
[CustomResourceDefinition] applications.argoproj.io
[CustomResourceDefinition] applicationsets.argoproj.io
[CustomResourceDefinition] appprojects.argoproj.io
release "argocd" uninstalled
$ helm install argocd argo/argo-cd -n argocd \\
> --set server.service.type=LoadBalancer
NAME: argocd
LAST DEPLOYED: Sat Nov 5 15:52:55 2022
NAMESPACE: argocd
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
In order to access the server UI you have the following options:
1. kubectl port-forward service/argocd-server -n argocd 8080:443
and then open the browser on and accept the certificate
2. enable ingress in the values file `server.ingress.enabled` and either
- Add the annotation for ssl passthrough: <https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough>
- Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: <https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts>
After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
(You should delete the initial secret afterwards as suggested by the Getting Started Guide: <https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli>)
- 설치 완료 !
- 근데 보이시나요 ? 불편해 보이는 것이..
- argocd-repo-server-*** → CrashLoopBackOff
🚨 트러블 슈팅
argo-repo-server issue: gpg ... --gen-key failed exit status 2 · Issue #9809 · argoproj/argo-cd
Checklist: I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq. I've included steps to reproduce the bug. I've pasted the output of argocd version. Describe the b...
github.com
argocd-repo-server fails to start · Issue #1471 · argoproj/argo-helm
Describe the bug argocd-repo-server-c784cd67c-qkv5x 0/1 CrashLoopBackOff $ kubectl logs -n argocd argocd-repo-server-c784cd67c-qkv5x time="2022-09-21T07:44:34Z" level=info msg="Gener...
github.com
GnuPG verification - Argo CD - Declarative GitOps CD for Kubernetes
GnuPG signature verification Overview As of v1.7 it is possible to configure ArgoCD to only sync against commits that are signed in Git using GnuPG. Signature verification is configured on project level. If a project is configured to enforce signature veri
argo-cd.readthedocs.io
- 특정 버전에 나타나는 비슷한 이슈가 있었다.
- configs.gpgKeys를 통해 잘못된 사용자 지정 GPG 키를 키링으로 가져오는 것에 대한 이슈라고 나온다.
- 솔직히 정확하게 관련 이슈를 분석하진 못했지만 해결법을 참고하는 데는 도움이 되었다.
- argocd-repo-server Deployment 매니페스트 수정 및 적용
- spec.template.spec.seccomProfile.type 부분을 삭제하였다.
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-repo-server
spec:
template:
spec:
securityContext:
############삭제##########
seccompProfile:
type: RuntimeDefault
#########################
- 정상 동작 확인 !
▪︎ ArgoCD 실행
- check admin passwd
$ kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
- console login
- 성공 !
- argocd cli 설치
$ brew install argocd
$ argocd version
argocd: v2.5.1+504da42.dirty
BuildDate: 2022-11-01T23:23:38Z
GitCommit: 504da424c2c9bb91d7fb2ebf3ae72162e7a5a5be
GitTreeState: dirty
GoVersion: go1.19.3
Compiler: gc
Platform: darwin/arm64
FATA[0000] Argo CD server address unspecified
- argocd login
- login을 안 하고 argocd CLI 명령어 입력 시 다음과 같은 에러 발생
- FATA[0000] rpc error: code = Unauthenticated desc = invalid session: Token is expired
$ argocd login argocd-argocd-server-81f92-13865802-c00c18872b20.kr.lb.naverncp.com
WARNING: server certificate had error: x509: “Argo CD” certificate is not trusted. Proceed insecurely (y/n)? y
Username: admin
Password:
'admin:login' logged in successfully
Context 'argocd-argocd-server-81f92-13865802-c00c18872b20.kr.lb.naverncp.com' updated
$ argocd version
argocd: v2.5.1+504da42.dirty
BuildDate: 2022-11-01T23:23:38Z
GitCommit: 504da424c2c9bb91d7fb2ebf3ae72162e7a5a5be
GitTreeState: dirty
GoVersion: go1.19.3
Compiler: gc
Platform: darwin/arm64
argocd-server: v2.5.1+504da42
BuildDate: 2022-11-01T21:14:30Z
GitCommit: 504da424c2c9bb91d7fb2ebf3ae72162e7a5a5be
GitTreeState: clean
GoVersion: go1.18.8
Compiler: gc
Platform: linux/amd64
Kustomize Version: v4.5.7 2022-08-02T16:35:54Z
Helm Version: v3.10.1+g9f88ccb
Kubectl Version: v0.24.2
Jsonnet Version: v0.18.0
- password 바꾸기
$ argocd account update-password
*** Enter password of currently logged in user (admin):
*** Enter new password for user admin:
*** Confirm new password for user admin:
Password updated
Context 'argocd-argocd-server-81f92-13865802-c00c18872b20.kr.lb.naverncp.com' updated
▪︎ Sample Application으로 ArgoCD 동작 확인
- Helm으로 Sample Application 생성
$ argocd app create helm-guestbook --repo <https://github.com/UhyeongJo/argocd-example-apps.git> --path helm-guestbook --dest-server <https://kubernetes.default.svc> --dest-namespace argocd
application 'helm-guestbook' created
- 아직 Github에서 애플리케이션의 helm 차트를 검색하고 생성하였지만 Kubernetes 리소스랑 동기화를 하지 않았으므로 OutOfSync 상태 !
- Argocd CLI를 사용해서 동기화하는 법도 있지만 콘솔 창을 활용해서 동기화를 시도해보겠다.
- $ argocd app sync helm-guestbook
- Synchronize !
- 동기화 성공 !
- 포트 포워딩을 통해 guestbook 서비스에 접속 !
- 8080은 젠킨스가 쓰고 있어서..ㅎㅎ
$ kubectl port-forward svc/helm-guestbook 9090:80
- 다른 버전의 이미지를 선언하여 GitOps를 활용한 Application 업데이트를 해보자
- 현재 지원하는 이미지 버전은 해당 GCR에서 확인 가능하다.
- 이미지 버전 태그 변경 후 Push
- 동기화를 해야겠죠 ?
→ Sync in progress…
→ Sync Done !
- 잘 적용이 되었는지 확인해야겠죠?
- 빤딱 빤딱 빛나는 로고로 바뀐 버전이 잘 적용된 것을 확인 !
ref.
How to Deploy to Kubernetes using Argo CD and GitOps | DigitalOcean