Argo CD 実践ガイド #k8sjp / Argo CD Practice Guide

Transcript

1. 19/07/25 Kubernetes Meetup Tokyo #21 - Cloud Native CI/CD @ponde_m

   Argo CD ࣮ફΨΠυ

2. ࠓճͷΠϕϯτϖʔδ

3. ͜Εʹωλ͔ͿΓ͠ͳ͍Α͏ͳ
   ر๬
   "SHP
   $%
   ͷࡉ͔͍࿩Λ͍͖ͯ͠·͢ ࠓճͷΠϕϯτϖʔδ

4. @ponde_m Dai Kurosawa SRE

5. ͓͞Β͍: Argo CD ͱ͸ • Pull ܕͷ CD • GitOps

   ʹ࢖͏ • ͍͍ײ͡ͷ UI

6. ࠓ೔࿩͢͜ͱ • Argo CD ͷ CRD ʹ͍ͭͯ • Argo CD

   ͷ RBAC ʹ͍ͭͯ • Argo CD ͷ Sync ઓུʹ͍ͭͯ

7. ࠓ೔࿩͢͜ͱ • Argo CD ͷ CRD ʹ͍ͭͯ • Argo CD

   ͷ RBAC ʹ͍ͭͯ • Argo CD ͷ Sync ઓུʹ͍ͭͯ ͕࣌ؒ଍Γͳ͔ͬͨͷͰ
 εΩοϓ͠·͢ (ࢿྉ͸ͦͷ··Ξοϓ͠·͢)

8. Argo CDͷ CRD

9. Argo CD ͷ CRD • 2ͭͷ CRD ͕͋Δ • Application

   • AppProject

10. Argo CD ͷ CRD Application Application Application AppProject

11. Application • Argo CD ʹ͓͚Δ
 σϓϩΠͷઃఆ • ݱ࣮ੈքͷ
 ΞϓϦέʔγϣϯͱಉ͡୯Ґ
 (ෳ਺ͷ

    Object ͷू߹)

12. Application Git Repository Revision Path Λࢦఆͯͦ͜͠ʹ͋Δ manifest ΛσϓϩΠ͢Δ

13. Application λʔήοτͱͳΔ Ϋϥελͱ namespace

14. Automated Sync • syncPolicy Λ
 ໌ࣔతʹࢦఆ͠ͳ͍ͱ
 ࣗಈͰಉظͯ͘͠Εͳ͍ͷͰ஫ҙ • prune: true

    Λࢦఆ͠ͳ͍৔߹͸
 Ϧιʔεͷ Pruning ͸ߦΘΕͳ͍

15. Tools • αϙʔτ͍ͯ͠Δ apply ํ๏ • kustomize • Helm charts

    • Ksonnet • YAML/JSON/Jsonnet manifest ͷσΟϨΫτϦ • ϓϥάΠϯ (ࣗ࡞όΠφϦ΋࢖͑Δ)

16. Application of Applications • Application Ͱ 
 Application Λ؅ཧ͢Δ

17. Application of Applications • kustomize ͷྫ: root.yaml

18. Application of Applications • kustomize ͷྫ: root.yaml ͜͜ͷ path ࢦఆͰ

19. Application of Applications • kustomize ͷྫ: root.yaml ͜͜ͷ path ࢦఆͰ

    application-of-applications σΟϨΫτϦͷ kustomization.yaml ͕ࢀর͞ΕΔ

20. Application of Applications • kustomize ͷྫ: kustomization.yaml

21. Application of Applications • kustomize ͷྫ: kustomization.yaml kustomize ͷ
 resources

    Ͱ root ʹඥͮ͘ Application Λࢦఆ͢Δ

22. Application of Applications • kustomize ͷྫ: root ʹͳΔ Application Λ

    apply ͢Δ

23. Application of Applications • kustomize ͷྫ:

24. Application of Applications • kustomize ͷྫ: root ʹͳΔ Application Λ

    apply ͚ͨͩ͠Ͱ 
 root ʹඥͮ͘ Application ΋উखʹద༻͞ΕΔ

25. Application of Applications UI ͔Β͸͜ͷΑ͏ͳײ͡Ͱ
 දࣔ͞ΕΔ

26. Application of Applications • kustomize ͷྫ: ͜ΕΒͷ Application ͸ GitOps

    Ͱࣗಈతʹ Sync ͞ΕΔ (feature ϒϥϯνͷ manifest Λ
 ద༻͍ͨ͠Έ͍ͨͳঢ়گͷ࣌ʹָ)

27. Application of Applications revision Λॻ͖׵͑ͨ Pull Request Λ
 merge ͢Δͱ

    feature ϒϥϯνͷ
 manifest ΛࢀরͰ͖Δ

28. AppProject • Application ͷ
 ࿦ཧతͳάϧʔϓΛද͢ • Role ͱ͔΋ఆٛͰ͖Δ
 (ৄ͘͠͸ޙड़)

29. Argo CDͷ RBAC

30. Argo CD ͷೝূ • ϩάΠϯը໘:

31. Argo CD ͷೝূ • ϩάΠϯը໘: User ͱ Password Λ
 ೖྗ͢Δεϖʔε͕͋Δ͕


    Argo CD Ͱ͸૊ΈࠐΈͷ
 admin Ҏ֎ͷϢʔβ͸ଘࡏ͠ͳ͍

32. Argo CD ͷೝূ • ϩάΠϯը໘: admin Ҏ֎ͷશͯͷϢʔβ͸ SSO Λհͯ͠ϩάΠϯ͢Δ
 ඞཁ͕͋Δ


    (͜ͷ৔߹͸ GitHub Λ࢖༻)

33. Argo CD ͷೝূ • Argo CD Ͱ SSO Λߦ͏ํ๏͸ 2

    छྨ • όϯυϧ͞ΕͯΔ Dex Λ࢖༻͢Δ • طଘͷ OIDC provider Λ࢖༻͢Δ

34. Argo CD ͷೝূ • Argo CD Ͱ SSO Λߦ͏ํ๏͸ 2

    छྨ • όϯυϧ͞ΕͯΔ Dex Λ࢖༻͢Δ • طଘͷ OIDC provider Λ࢖༻͢Δ ࠓճ͸ Dex Λ࢖ͬͯ
 GitHub Ͱೝূ͢Δ࿩Λ͠·͢

35. Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • Argo CD Ͱ͸ Dex ͱ͍͏


    OIDC provider ͕όϯυϧ͞Ε͍ͯΔ • https://github.com/dexidp/dex

36. Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • GitHub Ͱ OAuth application Λ࡞ͬͯ


    `argocd-cm` ͱ͍͏ ConfigMap ʹ
 ઃఆΛهࡌ͢Δ

37. Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • ConfigMap ͷྫ:

38. Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • ConfigMap ͷྫ: ൃߦͨ͠ clientID ͱ

    clientSecret $dex.github.clientSecret Έ͍ͨʹॻ͘͜ͱͰ
 Kubernetes ͷ Secret ͔Β
 ஋ΛಡΈࠐΜͰ͘ΕΔ

39. Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • ConfigMap ͷྫ: ϩάΠϯͰ͖Δ GitHub org

    ͱ Team ͷઃఆ ͜ͷ৔߹͸ `classmethod` ͱ͍͏ GitHub org ͷ `sre-team` ͔͠ ϩάΠϯͰ͖ͳ͍

40. Role • GitHub-org:team
 ʹରͯ͠ AppProject ʹ
 ඥͮ͘Role ΛఆٛͰ͖Δ

41. Role • Argo CD ͷ Web UI ͔Β
 Delete, Edit

    ͱ͔͕Ͱ͖ͨΓ͢Δ໰୊΋ 
 Role Λ࢖੍ͬͯޚ͢Δ͜ͱ͕Ͱ͖Δ

42. Argo CDͷ Sync

43. Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ

    PreSync Sync PostSync

44. Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ

    PreSync Sync PostSync manifest ͷద༻લʹ࣮ߦ͞ΕΔ

45. Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ

    PreSync Sync PostSync manifest ͷద༻ʹ
 ؔ࿈࣮ͯ͠ߦ͞ΕΔ

46. Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ

    PreSync Sync PostSync manifest ͷద༻ޙʹ࣮ߦ͞ΕΔ

47. • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync Sync

    ΞϓϦέʔγϣϯ ͷσϓϩΠ DB ͷ
 ϚΠάϨʔγϣϯ PostSync Sync Phases ΞϓϦέʔγϣϯͷσϓϩΠલʹ
 Kubernetes ͷ Job Ͱ
 DB ͷϚΠάϨʔγϣϯΛ࣮ߦ

48. Sync Phases and Waves • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ

    3 ͭͷϑΣʔζ͕͋Δɹ PreSync ΞϓϦέʔγϣϯͷσϓϩΠલʹ
 Kubernetes ͷ Job Ͱ
 DB ͷϚΠάϨʔγϣϯΛ࣮ߦ DB ͷ
 ϚΠάϨʔγϣϯ

49. Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ

    PreSync DB ͷ
 ϚΠάϨʔγϣϯ annotation ʹهࡌΛ͢Δͱ
 Argo CD ͕هࡌͨ͠ϑΣʔζͰ
 ࣮ߦͯ͘͠ΕΔ

50. • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync DB

    ͷ
 ϚΠάϨʔγϣϯ PreSync ͷϑΣʔζ͕
 ऴΘͬͨΒ Job Λ࡟আ Sync Phases

51. Sync Waves • ֤ϑΣʔζ಺Ͱͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ PreSync Sync PostSync Job

    Job Pod Job 1 2 3 v1.1.0 ͔Βͷ৽ػೳ

52. Sync Waves Sync Job Pod Job 1 2 3 •

    ֤ϑΣʔζ಺Ͱͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ

53. Sync Waves Sync Job Pod Job 1 2 3 •

    ֤ϑΣʔζ಺Ͱͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ `argocd.argoproj.io/sync-wave` ͱ͍͏ annotaion ʹ
 ੔਺஋Λࢦఆ͢Δ

54. ·ͱΊ

55. ·ͱΊ • Argo CD ͸Ϧονͳ Web UI Ͱ GitOps Ͱ͖Δπʔϧ

    • ৭ʑͱࡉ͔͍ػೳͱ͔΋ॆ࣮ͯ͠Δ • ެࣜͷυΩϡϝϯτ΋ॆ࣮ͯ͠ΔͷͰΈΑ͏! • https://argoproj.github.io/argo-cd/

56. Thank You! @ponde_m