狠狠撸

LAB #2 on GKE
Deploy app by ARGO CD

0. ?? ?? ??
??? ???? ?? ??? ??? ?? GCP Cloud Shell ( )? ??? ???.
[?? 1] Cloud Shell? GKE ??
??? ?? ?? ??? ?? ????.
[hj@cs-491314827780-default ~ (?? |hj-gke:default)]$ git clone
https://github.com/sysnet4admin/Iac.git
Cloning into 'IaC'...
remote: Enumerating objects: 2094, done.
<snipped>
Receiving objects: 100% (2094/2094), 17.78 MiB | 20.83 MiB/s, done.
Resolving deltas: 100% (1133/1133), done.
?? ?? ????? ???? ??? ??? ?? ?????.
[hj@cs-491314827780-default ~ (?? |hj-gke:default)]$ cd IaC/
[hj@cs-491314827780-default IaC (?? |hj-gke:default)]$ ls
Argo GCP Jenkins manifests NXOSv README.md tools
Docker GitOps k8s nGrinder Prometheus Terraform
2

Note: ? ?? GitOps? ?? ??? ??? ???, ??? ?? ??? ? ???? ???
??? ???.
1.GKE ????
????? ??? ???? ??? GKE? ?????.
1.1.gcloud ???? ???? ?? ??? GKE ?? ????
[hj@cs-491314827780-default IaC (?? |hj-gke:default)]$ gcloud container get-server-config
--region=asia-northeast3 --format=json
Fetching server config for asia-northeast3
{
"channels": [
{
"channel": "RAPID",
"defaultVersion": "1.26.1-gke.1500",
"validVersions": [
"1.26.1-gke.1500",
"1.25.7-gke.1000",
"1.25.6-gke.200",
"1.24.10-gke.2300",
"1.23.16-gke.1400",
"1.22.17-gke.5400",
"1.22.17-gke.4300",
"1.21.14-gke.18100"
]
},
{
"channel": "REGULAR",
"validVersions": [
"1.25.7-gke.1000",
"1.24.9-gke.3200",
"1.23.16-gke.1100",
"1.22.17-gke.4000",
"1.21.14-gke.15800"
]
},
{
"channel": "STABLE",
"validVersions": [
"1.24.9-gke.3200",
"1.23.16-gke.1100",
"1.22.17-gke.3100",
"1.21.14-gke.15800",
3

"1.21.14-gke.14600"
]
}
],
"defaultClusterVersion": "1.24.9-gke.3200",
"defaultImageType": "COS_CONTAINERD",
"validImageTypes": [
"COS_CONTAINERD",
"COS",
"UBUNTU",
"UBUNTU_CONTAINERD",
"WINDOWS_LTSC",
"WINDOWS_LTSC_CONTAINERD",
"WINDOWS_SAC",
"WINDOWS_SAC_CONTAINERD"
],
"validMasterVersions": [
"1.25.7-gke.1000",
"1.25.6-gke.200",
"1.24.10-gke.2300"
<snipped>
Note: kube-apiserver? kubelet ??? ???? ?? ??? ???? ??? ???
?????
1.2.? ?? control-plane? asia-northeast3-a? ?? GKE? ????
??? ?? cluster-version? ?? ? ???, ??? ??? ?????.
[hj@cs-491314827780-default IaC (?? |hj-gke:default)]$ gcloud container clusters create
megazone-gke-multi-zonal
--num-nodes=1
--zone asia-northeast3-a
--node-locations=asia-northeast3-a,asia-northeast3-b,asia-northeast3-c
--cluster-version=1.25.7-gke.1000
--enable-ip-alias
--location-policy=BALANCED
Note: The Pod address range limits the maximum size of the cluster. Please refer to
https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr to learn how to
optimize IP address allocation.
Creating cluster megazone-gke-multi-zonal in asia-northeast3-a... Cluster is being
health-checked (master is healthy)...done.
Created
[https://container.googleapis.com/v1/projects/dbgong-team-20200512/zones/asia-northeast3-a/c
lusters/megazone-gke-multi-zonal].
To inspect the contents of your cluster, go to:
https://console.cloud.google.com/kubernetes/workload_/gcloud/asia-northeast3-a/megazone-gke-
multi-zonal?project=dbgong-team-20200512
4

kubeconfig entry generated for megazone-gke-multi-zonal.
NAME: megazone-gke-multi-zonal
LOCATION: asia-northeast3-a
MASTER_VERSION: 1.25.7-gke.1000
MASTER_IP: 34.64.87.231
MACHINE_TYPE: e2-medium
NODE_VERSION: 1.25.7-gke.1000
NUM_NODES: 3
STATUS: RUNNING
Note: ??? glcoud container ??? ??? ??? ?????
1.2.??? GKE ?? ? ?? ????
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
gke-megazone-gke-mult-default-pool-0848afc4-qmmf Ready <none> 111s v1.25.7-gke.1000
gke-megazone-gke-mult-default-pool-603823cf-mlwj Ready <none> 111s v1.25.7-gke.1000
gke-megazone-gke-mult-default-pool-d39da12f-c6r1 Ready <none> 111s v1.25.7-gke.1000
1.3.??? kube-system ?????? ????
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
event-exporter-gke-755c4b4d97-wpwr6 2/2 Running 0 4m4s
fluentbit-gke-c8m5b 2/2 Running 0 3m4s
fluentbit-gke-crkpk 2/2 Running 0 3m3s
fluentbit-gke-s9rgk 2/2 Running 0 3m3s
gke-metrics-agent-5s5xw 2/2 Running 0 3m3s
gke-metrics-agent-jmhn2 2/2 Running 0 3m4s
gke-metrics-agent-ns8kp 2/2 Running 0 3m3s
konnectivity-agent-6c7d8d7ccd-68269 1/1 Running 0 3m55s
konnectivity-agent-6c7d8d7ccd-grm44 1/1 Running 0 2m39s
konnectivity-agent-6c7d8d7ccd-rg7mt 1/1 Running 0 2m39s
konnectivity-agent-autoscaler-7dc78c8c9-7xgkr 1/1 Running 0 3m53s
kube-dns-7b9b6ffbd9-hqkvz 4/4 Running 0 4m6s
kube-dns-7b9b6ffbd9-jldn9 4/4 Running 0 2m40s
kube-dns-autoscaler-5f56f8997c-vd9wr 1/1 Running 0 4m6s
kube-proxy-gke-megazone-gke-mult-default-pool-0848afc4-qmmf 1/1 Running 0 114s
kube-proxy-gke-megazone-gke-mult-default-pool-603823cf-mlwj 1/1 Running 0 2m15s
kube-proxy-gke-megazone-gke-mult-default-pool-d39da12f-c6r1 1/1 Running 0 2m3s
l7-default-backend-d6b749b76-xzfpj 1/1 Running 0 3m51s
metrics-server-v0.5.2-67864775dc-vg5b8 2/2 Running 0 2m23s
pdcsi-node-h4tvw 2/2 Running 0 3m4s
pdcsi-node-kgxpm 2/2 Running 0 3m3s
pdcsi-node-s9gqk 2/2 Running 0 3m3s
5

2.Argo CD ?? ? ??
Argo CD ???? ??? ???? Argo CD? ?????? ?????.
2.1.Argo CD? ?? ?? ???? ??
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ helm repo add argo
https://argoproj.github.io/argo-helm
"argo" has been added to your repositories
2.2.Argo CD? ?? ???? ?? ???? ???? ??
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "argo" chart repository
Update Complete. ?Happy Helming!?
2.3.?? ???? ??? ??
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ helm repo list
NAME URL
argo https://argoproj.github.io/argo-helm
2.4.???? Argo CD ??
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ helm install argocd argo/argo-cd
--set server.service.type=LoadBalancer
--set configs.params."server.insecure"=true
--set server.image.tag=v2.6.7
--namespace=argocd
--create-namespace
NAME: argocd
LAST DEPLOYED: Wed Apr 12 04:59:07 2023
NAMESPACE: argocd
STATUS: deployed
REVISION: 1
TEST SUITE: None
6

NOTES:
In order to access the server UI you have the following options:
1. kubectl port-forward service/argocd-server -n argocd 8080:443
and then open the browser on http://localhost:8080 and accept the certificate
2. enable ingress in the values file `server.ingress.enabled` and either
- Add the annotation for ssl passthrough:
https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
- Set the `configs.params."server.insecure"` in the values file and terminate SSL at
your ingress:
https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-
objects-and-hosts
After reaching the UI the first time you can login with username: admin and the random
password generated during the installation. You can find the password by running:
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" |
base64 -d
(You should delete the initial secret afterwards as suggested by the Getting Started Guide:
https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli)
2.5.??? Deployment? Service ??? ??
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ kubectl get po,svc -n argocd
pod/argocd-application-controller-0 1/1 Running 0 2m40s
pod/argocd-applicationset-controller-5dd87cc68-8zfqc 1/1 Running 0 2m40s
pod/argocd-dex-server-64b965fd-2xxgv 1/1 Running 0 2m40s
pod/argocd-notifications-controller-74b84c4bf5-9r9tl 1/1 Running 0 2m40s
pod/argocd-redis-6c9f5c7dcc-h89lt 1/1 Running 0 2m40s
pod/argocd-repo-server-594fcbb47d-xx9kt 1/1 Running 0 2m40s
pod/argocd-server-77b68b89b8-xt25h 1/1 Running 0 2m40s
NAME TYPE CLUSTER-IP EXTERNAL-IP
PORT(S) AGE
service/argocd-applicationset-controller ClusterIP 10.88.40.181 <none>
7000/TCP 2m40s
service/argocd-dex-server ClusterIP 10.88.33.226 <none>
5556/TCP,5557/TCP 2m40s
service/argocd-redis ClusterIP 10.88.44.0 <none>
6379/TCP 2m40s
service/argocd-repo-server ClusterIP 10.88.33.119 <none>
8081/TCP 2m40s
7

service/argocd-server LoadBalancer 10.88.35.84 34.64.50.202
80:31187/TCP,443:30755/TCP 2m40s
2.6.? ????? Argo CD? ?????(LoadBalancer) IP? ???? ?? ??
2.7.???? ?? admin ??? admin-hoonjo ? ??
# bcrypt password = admin-hoonjo >>> $2a$10$rRyBsGSHK6.uc8fntPwVIuLVHgsAhAX7TcdrqW/RADU0uh7CaChLa
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ kubectl -n argocd patch secret
argocd-secret
-p '{"stringData": {
"admin.password": "$2a$10$lix6ghybmAoZEfEjAkJS9eTRQcAIaA7kYFCdmpJlDdeQKPWKL2JMG",
"admin.passwordMtime": "'$(date +%FT%T%Z)'"
}}'
secret/argocd-secret patched
8

Note1: ?? bcrypt ??? ???? ??? ??? ????? ?????.
Bcrypt Hash Generator - Online - Browserling Web Developer Tools
Note2: ?? ??? ?????? ??? ??? ?????.
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ kubectl -n argocd get secret
argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
AMAgkEzreMKd9mE6
2.8.???? ?? admin / admin-hoonjo? ??
2.9.????? ??? ?? ??
9

3.Argo CD? Web UI? ??? GitOps ????
??? CD? ???? ???? ??? ???.
3.1.Argo CD? ??? ??????? ??
3.2.?????? ??? ???? ??(default)? ??
10

Application Name: web-gitops
Project Name: default
Note: ???(default)? ?? ?? ? ???? ???? ?????
3.3.??? URL? ??
??? URL? ??? ? ???? ???? ???. ??? ??? commit & push? ???
? ????.
Repository URL: https://github.com/sysnet4admin/IaC.git
Path: GitOps
11

3.4.??? ?? ??
Cluster URL: https://kubernetes.default.svc
Namespace: default
3.5.??(CREATE) ??? ??? ?? ??? ????? ??
12

3.6.??? ??? ???? ??? ?? ??? ??
13

3.7.??? ???? ???? ???(GitOps) ??(SYNC) ??? ??
14

3.7.??? ???? ?? SYNCHRONIZE ??? ??
3.8.???? ??? ???? Pod? 3? ?? ???? ?? ?? ???
15

3.9.??? ??? ??????? ??? ?? ?? kubectl ???? ??
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ kubectl get po,svc
pod/gitops-chk-info-64f565554b-lc8m2 1/1 Running 0 5m
16

pod/gitops-chk-info-64f565554b-p5zdb 1/1 Running 0 5m
pod/gitops-chk-info-64f565554b-pjtpm 1/1 Running 0 5m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.88.32.1 <none> 443/TCP 16d
service/lb-gitops-chk-info LoadBalancer 10.88.41.101 34.64.33.205 80:30327/TCP 5m
3.10.GitOps ?? ??? ?? ?? Replicas? ??? 3??? 1?? ???
3.11.??? ??? ???(Github) ??? ?? ?? ??? ??(OutOfSync)? ??
??
17

3.12.?? ???? ??? ??(SYNC) ??? ??????(SYNCHRONIZE) ???
?? ??
18

3.13.???? ??? Pod? 1?? ??? ?? ??
3.14.??? ??? ??????? 1?? ?????? kubectl ???? ??
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ kubectl get po,svc
pod/gitops-chk-info-64f565554b-p5zdb 1/1 Running 0 25m
19

3.15.?? ??? ??? web-gitops ????? ??(DELETE)?
???? ??(web-gitops) ??? ?????.
20

4.argo ????? ??? Argo CD? admin ?? ????
????? ??? CD? ??? argo ????? ??? ?? ?????.
4.1.????
GCP Cloud Shell? ?? ? /usr/local/bin?? ????? ???? ?? ?? ???
???????.
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ sudo curl -sSL -o ~/.local/bin/argocd
https://github.com/argoproj/argo-cd/releases/download/v2.6.7/argocd-linux-amd64
4.2.?? ?? ????
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ sudo chmod +x ~/.local/bin/argocd
4.3.argocd ?? ?? ??
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ argocd
argocd controls a Argo CD server
Usage:
argocd [flags]
argocd [command]
Available Commands:
<snipped>
4.4.argocd ? ??? argo CD ?? ???
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ argocd login `kubectl get svc
argocd-server -n argocd -o jsonpath='{.status.loadBalancer.ingress[0].ip}'`
WARNING: server is not configured with TLS. Proceed (y/n)? y
Username: admin
Password: <admin-hoonjo>
'admin:login' logged in successfully
Context '34.64.50.202' updated
22

4.5.Argo CD? ???? ?? ??
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ argocd account list
NAME ENABLED CAPABILITIES
admin true login
4.6.argo ??? ??? admin ??? ??
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ argocd account update-password
*** Enter password of currently logged in user (admin): <admin-hoonjo>
*** Enter new password for user admin: <NEW-PASSWORD>
*** Confirm new password for user admin: <NEW-PASSWORD>
Password updated
Context '34.64.50.202' updated
4.7.??? ??? ?? Argo CD ??? ? ??
23

5.argo ????? ??? GitOps ????
?? argo ????? ??? ??? ? ?? ? ? ???? ??? ??? ???.
5.1.GitOps? ?? Argo CD ??????? ?? ????? ?? ? ??
[hj@cs-491314827780-default ~ (?? |mzs-gke:default)]$ cd ~/Iac/Argo/argo-cd/
[hj@cs-491314827780-default argo-cd (?? |mzs-gke:default)]$ cat app-gitops.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gitops
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/sysnet4admin/IaC.git
targetRevision: HEAD
path: GitOps
destination:
server: https://kubernetes.default.svc
namespace: default
syncPolicy:
Automated:
# prune: false # git ???? ???? ???? ?? ???? ??? ??
selfHeal: true # ???? ?? ??? ???? sync-up? (default 5?)
# ?? Refresh? 3???? ?? 3? ??
5.2.GitOps? ?? Argo CD ??????? ??
[hj@cs-491314827780-default argo-cd (?? |mzs-gke:default)]$ kubectl apply -f app-gitops.yaml
application.argoproj.io/gitops created
24

5.3.??? ?? ??? ??
5.4.GCP Cloud Shell?? ??? ?????? ? ???? ?? ??
[hj@cs-491314827780-default argo-cd (?? |mzs-gke:default)]$ kubectl get po,svc
pod/gitops-chk-info-64f565554b-m7k9b 1/1 Running 0 6m3s
service/lb-gitops-chk-info LoadBalancer 10.88.37.104 34.64.178.90 80:31993/TCP 6m4s
5.5.GitOps ?? ??? ?? ?? Replicas? ??? 1??? 5?? ???? push?
25

5.6.????? ?? ?? ???? REFRESH?? SYNC ?? ?? ?? ??
????? ????? ??? f5 ??? ?? ??? (?? 3?? ??)
5.7.kubectl? ??? ??????? ???? ???
[hj@cs-491314827780-default argo-cd (?? |mzs-gke:default)]$ kubectl get po,svc
pod/gitops-chk-info-64f565554b-2tjk5 1/1 Running 0 2m41s
pod/gitops-chk-info-64f565554b-h6rsm 1/1 Running 0 17m
pod/gitops-chk-info-64f565554b-jjmdm 1/1 Running 0 2m41s
pod/gitops-chk-info-64f565554b-jxnjh 1/1 Running 0 2m41s
pod/gitops-chk-info-64f565554b-xn754 1/1 Running 0 2m41s
5.8.?? ???? ?? argo ???? ?? ????? ???
[hj@cs-491314827780-default argo-cd (?? |mzs-gke:default)]$ kubectl delete -f
app-gitops.yaml
application.argoproj.io "gitops" deleted
26

5.9.?? ?? Applications ??? ???? ?? Argo CD? ???? ?????
??? ??
?? ???
1. ???(GitOps)? ????? ???? ?? ???
2. ?? ??? GitOps ArgoCD
3. Argo CD ???? (??)
27

狠狠撸

[GitOps] Argo CD on GKE (v0.9.2).pdf

More Related Content

[GitOps] Argo CD on GKE (v0.9.2).pdf