如何进行argo云原生的CI/CD初探

本篇文章为大家展示了如何进行argo云原生的CI/CD初探，内容简明扼要并且容易理解，绝对能使你眼前一亮，通过这篇文章的详细介绍希望你能有所收获。

• argo是云原生计算基金会的孵化项目 https://www.cncf.io/projects/。 Argo专为容器而设计，没有传统VM和基于服务器的环境的开销和限制，是一个基于kubernetes的CI/CD工具

• 目前CI(持续集成)方面还不完善，未提供event triggers（ https://github.com/argoproj/argo/blob/master/examples/README.md#continuous-integration-example ），最近有大改，可期待，参考PR https://github.com/argoproj/argo/pull/3488

• 可以看下另一个云原生的CI/CD工具 tekton (不推荐) 可参考https://my.oschina.net/u/160697/blog/4469399

• argo目前还在发展中，现在是CNCF推荐的CI/CD工具。本人推荐现在用起来比argo更简单的drone。https://my.oschina.net/u/160697/blog/4487417

• 更多介绍参考官网 https://github.com/argoproj/argo

• 安装argo controller，以官方最新为准https://github.com/argoproj/argo/releases

kubectl create namespace argokubectl apply -n argo -f https://raw.githubusercontent.com/argoproj/argo/v2.10.0-rc4/manifests/install.yaml

• 安装argo linux/mac客服端（可不安装，使用UI操作）

# Download the binarycurl -sLO https://github.com/argoproj/argo/releases/download/v2.10.0-rc4/argo-linux-amd64.gz# Unzipgunzip argo-linux-amd64.gz# Make binary executablechmod +x argo-linux-amd64# Move binary to pathmv ./argo-linux-amd64 /usr/local/bin/argo# Test installationargo version

• 外网访问argo controller的Service（traefik https://my.oschina.net/u/160697/blog/4437939 ），官方也有登录方案，只是文档较少，选择自定义的一种方案

  #通过以下命令生成(在线生成https://tool.oschina.net/htpasswd)帐号密码#并替换Secret中的userssudo apt install apache2-utilsecho $(htpasswd -nb admin gJv4EAfuXp5vFJ8)

  
  

  替换第8行的users内容为上面echo的输出。增加basicAuth认证，增加认证后会增加Header(authorization)，argo会判断此header。所以需要增加一个中间件删除authorization

  apiVersion: v1kind: Secretmetadata:  name: argo-dashboard-auth-secret  namespace: argotype: OpaquestringData:  users: admin:$apr1$tQ1iFwRf$8SvGrGQcBT.RdZS73ULXH1---apiVersion: traefik.containo.us/v1alpha1kind: Middlewaremetadata:  name: argo-dashboard-auth  namespace: argospec:  basicAuth:    secret: argo-dashboard-auth-secret---apiVersion: traefik.containo.us/v1alpha1kind: Middlewaremetadata:  name: remove-argo-auth-header  namespace: argospec:  headers:    customRequestHeaders:      authorization: "" # Removes---apiVersion: traefik.containo.us/v1alpha1kind: IngressRoutemetadata:  name: argo-dashboard  namespace: argospec:  entryPoints:  - websecure  routes:  - kind: Rule    match: Host(`argo.your_domain.com`)    services:    - name: argo-server      port: 2746    middlewares:    - name: argo-dashboard-auth    - name: remove-argo-auth-header  tls:    certResolver: aliyun    domains:    - main: "argo.your_domain.com"

  
  

• 效果

• 创建一个官方默认的workflow。

1. 需要注意的是namespace选择argo，spec下增加serviceAccountName: argo

2. 使用kubectl apply -n argo -f https://raw.githubusercontent.com/argoproj/argo/v2.10.0-rc4/manifests/install.yaml创建时，只在命名空间argo里创建了ServiceAccount

3. 如不修改会报以下错误：Failed to establish pod watch: unknown (get pods)

4. 如需在其它命名空间使用，参考后面

• 如果需要在其它命名空间下创建workflow。需要创建ServiceAccount。以下为argo-rbac.yaml

#argo-rbac.yamlapiVersion: v1kind: ServiceAccountmetadata:  name: workflow---apiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata:  name: workflow-rolerules:# pod get/watch is used to identify the container IDs of the current pod# pod patch is used to annotate the step's outputs back to controller (e.g. artifact location)- apiGroups:  - ""  resources:  - pods  verbs:  - get  - watch  - patch# logs get/watch are used to get the pods logs for script outputs, and for log archival- apiGroups:  - ""  resources:  - pods/log  verbs:  - get  - watch---apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:  name: workflow-bindingroleRef:  apiGroup: rbac.authorization.k8s.io  kind: Role  name: workflow-rolesubjects:- kind: ServiceAccount  name: workflow

• 创建ServiceAccount。可把default改为其它命名空间，创建后使用也必须加serviceAccountName: workflow

kubectl apply -n default -f argo-rbac.yaml

• 使用Workflow Template

增加一行serviceAccountName: workflow

创建后就可以通过此模板部署k8s程序

上述内容就是如何进行argo云原生的CI/CD初探，你们学到知识或技能了吗？如果还想学到更多技能或者丰富自己的知识储备，欢迎关注行业资讯频道。