溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
本篇文章為大家展示了如何進行argo云原生的CI/CD初探,內容簡明扼要并且容易理解,絕對能使你眼前一亮,通過這篇文章的詳細介紹希望你能有所收獲。
argo是云原生計算基金會的孵化項目 https://www.cncf.io/projects/。 Argo專為容器而設計,沒有傳統VM和基于服務器的環境的開銷和限制,是一個基于kubernetes的CI/CD工具
目前CI(持續集成)方面還不完善,未提供event triggers( https://github.com/argoproj/argo/blob/master/examples/README.md#continuous-integration-example ),最近有大改,可期待,參考PR https://github.com/argoproj/argo/pull/3488
可以看下另一個云原生的CI/CD工具 tekton (不推薦) 可參考https://my.oschina.net/u/160697/blog/4469399
argo目前還在發展中,現在是CNCF推薦的CI/CD工具。本人推薦現在用起來比argo更簡單的drone。https://my.oschina.net/u/160697/blog/4487417
更多介紹參考官網 https://github.com/argoproj/argo
安裝argo controller,以官方最新為準https://github.com/argoproj/argo/releases
kubectl create namespace argo kubectl apply -n argo -f https://raw.githubusercontent.com/argoproj/argo/v2.10.0-rc4/manifests/install.yaml
安裝argo linux/mac客服端(可不安裝,使用UI操作)
# Download the binary curl -sLO https://github.com/argoproj/argo/releases/download/v2.10.0-rc4/argo-linux-amd64.gz # Unzip gunzip argo-linux-amd64.gz # Make binary executable chmod +x argo-linux-amd64 # Move binary to path mv ./argo-linux-amd64 /usr/local/bin/argo # Test installation argo version
外網訪問argo controller的Service(traefik https://my.oschina.net/u/160697/blog/4437939 ),官方也有登錄方案,只是文檔較少,選擇自定義的一種方案
#通過以下命令生成(在線生成https://tool.oschina.net/htpasswd)帳號密碼 #并替換Secret中的users sudo apt install apache2-utils echo $(htpasswd -nb admin gJv4EAfuXp5vFJ8)
替換第8行的users內容為上面echo的輸出。增加basicAuth認證,增加認證后會增加Header(authorization),argo會判斷此header。所以需要增加一個中間件刪除authorization
apiVersion: v1 kind: Secret metadata: name: argo-dashboard-auth-secret namespace: argo type: Opaque stringData: users: admin:$apr1$tQ1iFwRf$8SvGrGQcBT.RdZS73ULXH1 --- apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: argo-dashboard-auth namespace: argo spec: basicAuth: secret: argo-dashboard-auth-secret --- apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: remove-argo-auth-header namespace: argo spec: headers: customRequestHeaders: authorization: "" # Removes --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: argo-dashboard namespace: argo spec: entryPoints: - websecure routes: - kind: Rule match: Host(`argo.your_domain.com`) services: - name: argo-server port: 2746 middlewares: - name: argo-dashboard-auth - name: remove-argo-auth-header tls: certResolver: aliyun domains: - main: "argo.your_domain.com"
效果
創建一個官方默認的workflow。
需要注意的是namespace選擇argo,spec下增加serviceAccountName: argo
使用kubectl apply -n argo -f https://raw.githubusercontent.com/argoproj/argo/v2.10.0-rc4/manifests/install.yaml創建時,只在命名空間argo里創建了ServiceAccount
如不修改會報以下錯誤:Failed to establish pod watch: unknown (get pods)
如需在其它命名空間使用,參考后面
如果需要在其它命名空間下創建workflow。需要創建ServiceAccount。以下為argo-rbac.yaml
#argo-rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: name: workflow --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: workflow-role rules: # pod get/watch is used to identify the container IDs of the current pod # pod patch is used to annotate the step's outputs back to controller (e.g. artifact location) - apiGroups: - "" resources: - pods verbs: - get - watch - patch # logs get/watch are used to get the pods logs for script outputs, and for log archival - apiGroups: - "" resources: - pods/log verbs: - get - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: workflow-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: workflow-role subjects: - kind: ServiceAccount name: workflow
創建ServiceAccount。可把default改為其它命名空間,創建后使用也必須加serviceAccountName: workflow
kubectl apply -n default -f argo-rbac.yaml
使用Workflow Template
增加一行serviceAccountName: workflow
創建后就可以通過此模板部署k8s程序
上述內容就是如何進行argo云原生的CI/CD初探,你們學到知識或技能了嗎?如果還想學到更多技能或者豐富自己的知識儲備,歡迎關注億速云行業資訊頻道。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
