Kubernetes Meetup Tokyo #21 - Cloud Native CI/CD で発表した資料です https://k8sjp.connpass.com/event/138375/
19/07/25 Kubernetes Meetup Tokyo #21 - Cloud Native CI/CD@ponde_mArgo CD࣮ફΨΠυ
View Slide
ࠓճͷΠϕϯτϖʔδ
͜Εʹωλ͔ͿΓ͠ͳ͍Α͏ͳ ر"SHP$%ͷࡉ͔͍Λ͍͖ͯ͠·͢ࠓճͷΠϕϯτϖʔδ
@ponde_mDai KurosawaSRE
͓͞Β͍: Argo CD ͱ• Pull ܕͷ CD• GitOps ʹ͏• ͍͍ײ͡ͷ UI
ࠓ͢͜ͱ• Argo CD ͷ CRD ʹ͍ͭͯ• Argo CD ͷ RBAC ʹ͍ͭͯ• Argo CD ͷ Sync ઓུʹ͍ͭͯ
ࠓ͢͜ͱ• Argo CD ͷ CRD ʹ͍ͭͯ• Argo CD ͷ RBAC ʹ͍ͭͯ• Argo CD ͷ Sync ઓུʹ͍͕ͭͯ࣌ؒΓͳ͔ͬͨͷͰ εΩοϓ͠·͢(ࢿྉͦͷ··Ξοϓ͠·͢)
Argo CDͷCRD
Argo CD ͷ CRD• 2ͭͷ CRD ͕͋Δ• Application• AppProject
Argo CD ͷ CRDApplication Application ApplicationAppProject
Application• Argo CD ʹ͓͚Δ σϓϩΠͷઃఆ• ݱ࣮ੈքͷ ΞϓϦέʔγϣϯͱಉ͡୯Ґ (ෳͷ Object ͷू߹)
ApplicationGit RepositoryRevisionPathΛࢦఆͯͦ͜͠ʹ͋Δmanifest ΛσϓϩΠ͢Δ
ApplicationλʔήοτͱͳΔΫϥελͱ namespace
Automated Sync• syncPolicy Λ ໌ࣔతʹࢦఆ͠ͳ͍ͱ ࣗಈͰಉظͯ͘͠Εͳ͍ͷͰҙ• prune: true Λࢦఆ͠ͳ͍߹ Ϧιʔεͷ Pruning ߦΘΕͳ͍
Tools• αϙʔτ͍ͯ͠Δ apply ํ๏• kustomize• Helm charts• Ksonnet• YAML/JSON/Jsonnet manifest ͷσΟϨΫτϦ• ϓϥάΠϯ (ࣗ࡞όΠφϦ͑Δ)
Application of Applications• Application Ͱ Application Λཧ͢Δ
Application of Applications• kustomize ͷྫ:root.yaml
Application of Applications• kustomize ͷྫ:root.yaml͜͜ͷ path ࢦఆͰ
Application of Applications• kustomize ͷྫ:root.yaml͜͜ͷ path ࢦఆͰapplication-of-applicationsσΟϨΫτϦͷkustomization.yaml ͕ࢀর͞ΕΔ
Application of Applications• kustomize ͷྫ:kustomization.yaml
Application of Applications• kustomize ͷྫ:kustomization.yamlkustomize ͷ resources Ͱ root ʹඥͮ͘Application Λࢦఆ͢Δ
Application of Applications• kustomize ͷྫ:root ʹͳΔApplication Λ apply ͢Δ
Application of Applications• kustomize ͷྫ:
Application of Applications• kustomize ͷྫ:root ʹͳΔApplication Λ apply ͚ͨͩ͠Ͱ root ʹඥͮ͘ Application উखʹద༻͞ΕΔ
Application of ApplicationsUI ͔Β͜ͷΑ͏ͳײ͡Ͱ දࣔ͞ΕΔ
Application of Applications• kustomize ͷྫ:͜ΕΒͷ Application GitOps Ͱࣗಈతʹ Sync ͞ΕΔ(feature ϒϥϯνͷ manifest Λ ద༻͍ͨ͠Έ͍ͨͳঢ়گͷ࣌ʹָ)
Application of Applicationsrevision Λॻ͖͑ͨ Pull Request Λ merge ͢Δͱ feature ϒϥϯνͷ manifest ΛࢀরͰ͖Δ
AppProject• Application ͷ ཧతͳάϧʔϓΛද͢• Role ͱ͔ఆٛͰ͖Δ (ৄ͘͠ޙड़)
Argo CDͷRBAC
Argo CD ͷೝূ• ϩάΠϯը໘:
Argo CD ͷೝূ• ϩάΠϯը໘: User ͱ Password Λ ೖྗ͢Δεϖʔε͕͋Δ͕ Argo CD ͰΈࠐΈͷ admin Ҏ֎ͷϢʔβଘࡏ͠ͳ͍
Argo CD ͷೝূ• ϩάΠϯը໘:admin Ҏ֎ͷશͯͷϢʔβSSO Λհͯ͠ϩάΠϯ͢Δ ඞཁ͕͋Δ (͜ͷ߹ GitHub Λ༻)
Argo CD ͷೝূ• Argo CD Ͱ SSO Λߦ͏ํ๏ 2 छྨ• όϯυϧ͞ΕͯΔ Dex Λ༻͢Δ• طଘͷ OIDC provider Λ༻͢Δ
Argo CD ͷೝূ• Argo CD Ͱ SSO Λߦ͏ํ๏ 2 छྨ• όϯυϧ͞ΕͯΔ Dex Λ༻͢Δ• طଘͷ OIDC provider Λ༻͢Δࠓճ Dex Λͬͯ GitHub Ͱೝূ͢ΔΛ͠·͢
Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ• Argo CD Ͱ Dex ͱ͍͏ OIDC provider ͕όϯυϧ͞Ε͍ͯΔ• https://github.com/dexidp/dex
Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ• GitHub Ͱ OAuth application Λ࡞ͬͯ `argocd-cm` ͱ͍͏ ConfigMap ʹ ઃఆΛهࡌ͢Δ
Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ• ConfigMap ͷྫ:
Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ• ConfigMap ͷྫ:ൃߦͨ͠ clientID ͱ clientSecret$dex.github.clientSecretΈ͍ͨʹॻ͘͜ͱͰ Kubernetes ͷ Secret ͔Β ΛಡΈࠐΜͰ͘ΕΔ
Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ• ConfigMap ͷྫ:ϩάΠϯͰ͖Δ GitHub org ͱTeam ͷઃఆ͜ͷ߹ `classmethod` ͱ͍͏GitHub org ͷ `sre-team` ͔͠ϩάΠϯͰ͖ͳ͍
Role• GitHub-org:team ʹରͯ͠ AppProject ʹ ඥͮ͘Role ΛఆٛͰ͖Δ
Role• Argo CD ͷ Web UI ͔Β Delete, Edit ͱ͔͕Ͱ͖ͨΓ͢Δ Role Λ੍ͬͯޚ͢Δ͜ͱ͕Ͱ͖Δ
Argo CDͷSync
Sync Phases• Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋ΔɹPreSync Sync PostSync
Sync Phases• Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋ΔɹPreSync Sync PostSyncmanifest ͷద༻લʹ࣮ߦ͞ΕΔ
Sync Phases• Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋ΔɹPreSync Sync PostSyncmanifest ͷద༻ʹ ؔ࿈࣮ͯ͠ߦ͞ΕΔ
Sync Phases• Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋ΔɹPreSync Sync PostSyncmanifest ͷద༻ޙʹ࣮ߦ͞ΕΔ
• Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋ΔɹPreSync SyncΞϓϦέʔγϣϯͷσϓϩΠDB ͷ ϚΠάϨʔγϣϯPostSyncSync PhasesΞϓϦέʔγϣϯͷσϓϩΠલʹ Kubernetes ͷ Job Ͱ DB ͷϚΠάϨʔγϣϯΛ࣮ߦ
Sync Phases and Waves• Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋ΔɹPreSyncΞϓϦέʔγϣϯͷσϓϩΠલʹ Kubernetes ͷ Job Ͱ DB ͷϚΠάϨʔγϣϯΛ࣮ߦDB ͷ ϚΠάϨʔγϣϯ
Sync Phases• Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋ΔɹPreSyncDB ͷ ϚΠάϨʔγϣϯannotation ʹهࡌΛ͢Δͱ Argo CD ͕هࡌͨ͠ϑΣʔζͰ ࣮ߦͯ͘͠ΕΔ
• Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋ΔɹPreSyncDB ͷ ϚΠάϨʔγϣϯPreSync ͷϑΣʔζ͕ ऴΘͬͨΒ Job ΛআSync Phases
Sync Waves• ֤ϑΣʔζͰͷ manifest ͷద༻ॱΛ੍ޚͰ͖ΔPreSync Sync PostSyncJob JobPodJob123v1.1.0 ͔Βͷ৽ػೳ
Sync WavesSyncJobPodJob123• ֤ϑΣʔζͰͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ
Sync WavesSyncJobPodJob123• ֤ϑΣʔζͰͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ`argocd.argoproj.io/sync-wave`ͱ͍͏ annotaion ʹ Λࢦఆ͢Δ
·ͱΊ
·ͱΊ• Argo CD Ϧονͳ Web UI Ͱ GitOps Ͱ͖Δπʔϧ• ৭ʑͱࡉ͔͍ػೳͱ͔ॆ࣮ͯ͠Δ• ެࣜͷυΩϡϝϯτॆ࣮ͯ͠ΔͷͰΈΑ͏!• https://argoproj.github.io/argo-cd/
Thank You!@ponde_m
daikurosawa
hikiroku
miyake
gotok365
nabedge
zakiyama
marikashiotsuki
cyberagentdevelopers
microcms
yuyakakizaki08
ymty
techtekt
holman
jonyablonski
aarron
paulrobertlloyd
robhawkes
destraynor
hursman
zenorocha
eileencodes
morganepeng
lynnandtonic
denniskardys