kubernetes argocd - ghdrako/doc_snipets GitHub Wiki

Architecture

Docs

Integration ADFS

CLI

Wersje

Argo CD implements a Kubernetes concept called a Controller which executes a non-terminating control loop for managing and monitoring the desired state of at least one resource. Based on a defined configuration, the controller will ensure that the current state matches the desired state.

Argo CD makes use of several Custom Resources and their properties are the primary vehicle to enable end users to manage their Kubernetes resources using GitOps based principles. The use of Kubernetes Controllers and Custom Resource are fundamental to the overall Argo CD architecture.

Argo CD implements a microservices based architecture, there is no single Argo CD component, but instead multiple distributed systems that act in a coordinated fashion.

Custom Resources:

  • Applications
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: bgd-app
  namespace: argocd                                                     <---- namespace argo instalation
  spec:
    destination:
      namespace: bgd                                                    <----- target namespace 
      server: https://kubernetes.default.svc                            <----- target cluster
    project: default                                                    <----- Installing the application in Argo CD’s default project
    source:
      repoURL: https://github.com/gitops-cookbook/gitops-cookbook-sc.git <--- manifest repo with yaml
      path: ch07/bgd                                                     <--- path to manifest
      targetRevision: main                                               <--- branch
    syncPolicy:                                                          <--- Starts the synchronization policy configuration section  Without this we would synchronise manualy: argocd app sync bgd-app
      automated: {}                                                      <--- Argo CD automatically syncs the repo

kubectl apply -f manual-bgd-app.yaml

the application is registered as an Argo CD application.

  • AppProjects
  • ApplicationSets

Argo CD interacts with the Kubernetes cluster using these CRDs. This, effectively,makes these CRDs your interface for managing your Kubernetes cluster/clusters.

Application Controller / ApplicationSet Controller

The Application Controller and ApplicationSet Controller are both Kubernetes Operators (and by definition, also controllers) that continuously monitor the state of Application and ApplicationSet resources and compare the live state in the Kubernetes cluster to the desired state from source repositories. In addition to strictly monitoring for Custom Resources, they are also responsible for performing lifecycle events associated with the content that they are reconciling.

App of Apps

This was a precursor to ApplicationSets.

ApplicationSet controller

Automation and greater flexibility managing Argo CD Applications across a large number of clusters and within monorepos, plus it makes self-service usage possible on multitenant Kubernetes clusters.

The ApplicationSet controller provides:

  • The ability to use a single Kubernetes manifest to target multiple Kubernetes clusters with Argo CD
  • The ability to use a single Kubernetes manifest to deploy multiple applications from one or multiple Git repositories with Argo CD
  • Improved support for monorepos: in the context of Argo CD, a monorepo is multiple Argo CD Application resources defined within a single Git repository
  • Within multitenant clusters, improves the ability of individual cluster tenants to deploy applications using Argo CD (without needing to involve privileged cluster administrators in enabling the destination clusters/namespaces)
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
  name: guestbook
spec:
  goTemplate: true
  goTemplateOptions: ["missingkey=error"]
  generators:
  - list:
      elements:
      - cluster: engineering-dev
        url: https://1.2.3.4
      - cluster: engineering-prod
        url: https://2.4.6.8
      - cluster: finance-preprod
        url: https://9.8.7.6
  template:
    metadata:
      name: '{{.cluster}}-guestbook'
    spec:
      project: my-project
      source:
        repoURL: https://github.com/infra-team/cluster-deployments.git
        targetRevision: HEAD
        path: guestbook/{{.cluster}}
      destination:
        server: '{{.url}}'
        namespace: guestbook

Generators

  • https://www.redhat.com/en/blog/getting-started-with-applicationsets The ApplicationSet controller is made up of “generators”. These “generators” instruct the ApplicationSet how to generate Applications by the provided repo or repos, and it also instructs where to deploy the Application.
  • List Generator - generates Argo CD Application manifests based on a fixed list.
  • Cluster Generator
  • Git Generator

Repository Server

The Repository Server maintains a local cache of the remote content source that will be translated into Kubernetes manifests. It is responsible for generating resources based on parameters including:

  • Repository type
  • Repository source location
  • Path within the repository
  • Template tool specific parameters In addition, Custom plugins are also executed within this component as they can influence the generation of the Kubernetes resources.

API Server

The API server is a gRPC/REST based server that exposes services for managing key configurations that are integral to the platform including:

  • Application management and status reporting
  • Invocation of Application operations including syncing, rollback and additional user defined actions
  • Cluster and repository management
  • RBAC enforcement

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. One of the core components of Argo CD is called application controller, which in practice observes continuously the running applications and compares the current application state against the desired target state, for which the source of truth is a Git repository. The following uses cases are empowered with Argo CD: • Automated deployment: After any Git commit action, or CI pipeline run and a manual sync trigger, the Argo CD controller will push the desired state from the Git repository into the cluster in an automated manner. This is achieved while using the Argo Events automation framework (https://argoproj.github.io/argo-events/) or a manual user request. • Observability: Argo CD offers a UI, CLI, and Argo CD Notifications engine (https://argocd-notifications.readthedocs.io/en/stable/) with which we can identify whether the state of the application state is in sync with the desired state in Git. • Multi-tenancy: The ability to manage and deploy to multiple clusters with Role Based Access Control (RBAC) policies for authorization.

The Argo project is a family of many tools, as you saw previously, which includes the following:

Argo CD reconciliation

Argo CD, as described previously, has a duty to match the desired state described in a Git repository with the live state in the cluster and deliver it in the environment of our preference. This is called reconciliation, and Argo CD is in a reconciling loop from the Git repository to Kubernetes.

Argo CD watches the Git repository and compares them with the desired state in the cluster, which is called sync status. If Argo CD identifies any differences, then the templated files will be applied with kubectl apply and change accordingly the Kubernetes desired state, which can be automated or done manually. Also, Argo CD watches the live Kubernetes objects and compares them to the Kubernetes desired state, which is called the health status of the application.

Argo GUI - trzeba autoryzacje dorobic - DEX Okta with SAML z id OIDC identity provider typu keyclock Argo Notify

kubectl get argoapplication argoconfig

Integracja z Vaultem

https://argocd-vault-plugin.readthedocs.io/en/stable/

ArgoCD Application concept:

  • The Aplication connect to source (Git repository) to create K8 object in destination
  • The Aplication source doesn't define how to provide the application
    • YAML manifest file,helm harts, and Kustomize overlaysare all supported
  • The Aplication defines in which K8 cluster and in which Namespace the K8 objects should be created

Application Sync and Healt Status

  • Argo CD aplication sync status uses kubectl diff to verify that the aplication desired statein the Git source repo meets the curren t state of the running Kubernetes objects
  • The healt status summarizes if the application meets its requiments
  • The aggregated application status as show by argocd apps list indicates the current state of entire application: if only one component is degraded , the entire application is degraded

Projects

  • Project provides logical gruping of aplication where teams witin organization are isolated from each other by fine tuned access control
  • The purpose of projects is to provide security and isolate teams from each other
  • It restricts witch K8objects may be created by by an application

Phrases:

  • Retrive resource manifest done by argocd-repo-server
  • Detect and fix deviation done by argocd-application-controller
  • Present the result to the end user done by argocd-server

Install

kubectl create namespace argocd
kubctl apply -n argocd -f https:/raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl get all -n argocd
# download argocd binary https:/github.com/argoproj/argo-cd/releases/
sudo mv "/Downloads/argocd-linux-amd64 /usr/local/bin/argocd

Accessing

$ kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="(.data.password)"| base64 -d; echo
$ kubectl port-forward svc/argocd-server -n argocd 8080:443
# in browser: localhost:8080
$ argocd login localhost:8080
username: admin
password: as printed above
$ argocd account update-password

Synchronizing application

argocd app create kube-app -repo \
https:/github.com/sandervanvugt/kube-app -path. -dest-server \
https:/kubernetes.default.svc -dest-namespace default
argocd app get kube-app
argocd app list
argocd app sync kube-app
kubectl get all

Modifing repo

argocd app diff kube-app --refresh  # show changes in repo
argocd app get kube-app             # show status  Sync Status: Out of Sync
argocd app sync kube-app
kubectl get deploy sampleginex -o yaml|less # show synch deployment

Web Interface

  • Argo CD comes with a web interface
  • This interface can be accessed on the Argo CD port that is exposed
  • For easy access, use kubectl port-foward to define a port on the kubect client machine
  • Alternatively, use the Nodeport Service type to define a port on the cluster nodes

Restart Application Controler

kubectl rollout restart sts argocd-application-controller -n argocd

when using helm

kubectl rollout restart deploy argocd-application-controller -n argocd

Pruning

By default, Argo CD will not delete (prune) any resource when it detects that it is no longer available in Git, and it will be in an OutOfSync status. If you want Argo CD to delete these resources, you can do it in two ways. The first way is by manually invoking a sync with the -prune option:

argocd app sync --prune

The second way is letting Argo CD delete pruned resources automatically by setting the prune attribute to true in the automated section:

syncPolicy:
  automated:
    prune: true     <---- Enables automatic pruning

self-healing

Argo CD is configured not to correct any drift made manually in the cluster. For example, Argo CD will let the execution of a kubectl patch directly in the cluster change any configuration parameter of the application. Argo change status to OutOfSync as the application and the definition in the Git repository diverges.

Argo CD will not roll back to correct this drift as the selfHeal property default is set to false.

syncPolicy:
  automated:
    prune: true
    selfHeal: true  <----  correct any drift

Manifest (yaml)

Argo CD supports several different ways in which Kubernetes manifests can be defined:

  • Kustomize
  • Helm
  • Ksonnet
  • Jsonnet

Argo CD detects a Kustomize project if there are any of the following files: kustomization.yaml, kustomization.yml, or Kustomization.