Argo CD 実践ガイド #k8sjp / Argo CD Practice Guide

Cad656ed619672b702191833dc819943?s=47 d-kuro
July 25, 2019
Technology
11
4.8k

Argo CD 実践ガイド #k8sjp / Argo CD Practice Guide

Kubernetes Meetup Tokyo #21 - Cloud Native CI/CD で発表した資料です
https://k8sjp.connpass.com/event/138375/

Cad656ed619672b702191833dc819943?s=128

d-kuro

July 25, 2019
Tweet

More Decks by d-kuro

See All by d-kuro
Cad656ed619672b702191833dc819943?s=48 daikurosawa
7
5.3k
Cad656ed619672b702191833dc819943?s=48 daikurosawa
4
3.7k
Cad656ed619672b702191833dc819943?s=48 daikurosawa
10
13k
Cad656ed619672b702191833dc819943?s=48 daikurosawa
24
2.8k
Cad656ed619672b702191833dc819943?s=48 daikurosawa
4
4.2k
Cad656ed619672b702191833dc819943?s=48 daikurosawa
1
93
Cad656ed619672b702191833dc819943?s=48 daikurosawa
2
1.1k

Other Decks in Technology

See All in Technology
875e2bcfb1dc37d05adebcf72269dc77?s=48 omilke
1
240
A2cac4b3dcb2bc0b87917ddc034ef708?s=48 sansandsoc
2
110
D5173894fbe19c9c1e125cf4cf341ca5?s=48 mtkage
0
100
E481624463bdb1c97c46e2155408acb4?s=48 igorwojda
2
420
22ac00b36d2057e61ee1c06f0f5dc6cb?s=48 nakazax
0
450
9ea422a61c1a69c888786830eee3dbe6?s=48 osonoi
0
120
Cd891a89dfec6ca7bd278b5f5bd87c90?s=48 tzkoba
1
1.4k
0eacc4d25ee36af36d12e76b52de8bac?s=48 koushiohno
0
110
332f89cc697355902a817506b6995f2b?s=48 ytaka23
2
530
7cd783377515bdf8207062840b7b2f4e?s=48 soracom
0
210
4778efaf773e22787dee8ca84f44ed37?s=48 torisankanasan
0
120
9df0566fad9c9ca3bf669917848878fe?s=48 i35_267
0
230

Featured

See All Featured
282d599b414022eba5096510f675b6e2?s=48 chrislema
172
14k
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
61
2.4k
7c8469ee8c9e594c65c59b919626c08d?s=48 scottboms
251
11k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
1349
190k
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
205
10k
A16eb159db895e3b01d3dc95767ad595?s=48 jonyablonski
10
810
D09fad3e36ae6841f54820be0e907f7a?s=48 rocio
155
11k
E43f8dfd01057f8304f5f8fb9a294d7d?s=48 jeffersonlam
325
15k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
83
4.6k
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
11
670
7653c7c449918ff6542880a8c284f5e7?s=48 jponch
101
4.9k
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
268
16k

Transcript

  1. 19/07/25 Kubernetes Meetup Tokyo #21 - Cloud Native CI/CD @ponde_m

    Argo CD ࣮ફΨΠυ

  2. ࠓճͷΠϕϯτϖʔδ

  3. ͜Εʹωλ͔ͿΓ͠ͳ͍Α͏ͳ ر๬  "SHP$%ͷࡉ͔͍࿩Λ͍͖ͯ͠·͢ ࠓճͷΠϕϯτϖʔδ

  4. @ponde_m Dai Kurosawa SRE

  5. ͓͞Β͍: Argo CD ͱ͸ • Pull ܕͷ CD • GitOps

    ʹ࢖͏ • ͍͍ײ͡ͷ UI

  6. ࠓ೔࿩͢͜ͱ • Argo CD ͷ CRD ʹ͍ͭͯ • Argo CD

    ͷ RBAC ʹ͍ͭͯ • Argo CD ͷ Sync ઓུʹ͍ͭͯ

  7. ࠓ೔࿩͢͜ͱ • Argo CD ͷ CRD ʹ͍ͭͯ • Argo CD

    ͷ RBAC ʹ͍ͭͯ • Argo CD ͷ Sync ઓུʹ͍ͭͯ ͕࣌ؒ଍Γͳ͔ͬͨͷͰ
 εΩοϓ͠·͢ (ࢿྉ͸ͦͷ··Ξοϓ͠·͢)

  8. Argo CDͷ CRD

  9. Argo CD ͷ CRD • 2ͭͷ CRD ͕͋Δ • Application

    • AppProject

  10. Argo CD ͷ CRD Application Application Application AppProject

  11. Application • Argo CD ʹ͓͚Δ
 σϓϩΠͷઃఆ • ݱ࣮ੈքͷ
 ΞϓϦέʔγϣϯͱಉ͡୯Ґ
 (ෳ਺ͷ

    Object ͷू߹)

  12. Application Git Repository Revision Path Λࢦఆͯͦ͜͠ʹ͋Δ manifest ΛσϓϩΠ͢Δ

  13. Application λʔήοτͱͳΔ Ϋϥελͱ namespace

  14. Automated Sync • syncPolicy Λ
 ໌ࣔతʹࢦఆ͠ͳ͍ͱ
 ࣗಈͰಉظͯ͘͠Εͳ͍ͷͰ஫ҙ • prune: true

    Λࢦఆ͠ͳ͍৔߹͸
 Ϧιʔεͷ Pruning ͸ߦΘΕͳ͍

  15. Tools • αϙʔτ͍ͯ͠Δ apply ํ๏ • kustomize • Helm charts

    • Ksonnet • YAML/JSON/Jsonnet manifest ͷσΟϨΫτϦ • ϓϥάΠϯ (ࣗ࡞όΠφϦ΋࢖͑Δ)

  16. Application of Applications • Application Ͱ 
 Application Λ؅ཧ͢Δ

  17. Application of Applications • kustomize ͷྫ: root.yaml

  18. Application of Applications • kustomize ͷྫ: root.yaml ͜͜ͷ path ࢦఆͰ

  19. Application of Applications • kustomize ͷྫ: root.yaml ͜͜ͷ path ࢦఆͰ

    application-of-applications σΟϨΫτϦͷ kustomization.yaml ͕ࢀর͞ΕΔ

  20. Application of Applications • kustomize ͷྫ: kustomization.yaml

  21. Application of Applications • kustomize ͷྫ: kustomization.yaml kustomize ͷ
 resources

    Ͱ root ʹඥͮ͘ Application Λࢦఆ͢Δ

  22. Application of Applications • kustomize ͷྫ: root ʹͳΔ Application Λ

    apply ͢Δ

  23. Application of Applications • kustomize ͷྫ:

  24. Application of Applications • kustomize ͷྫ: root ʹͳΔ Application Λ

    apply ͚ͨͩ͠Ͱ 
 root ʹඥͮ͘ Application ΋উखʹద༻͞ΕΔ

  25. Application of Applications UI ͔Β͸͜ͷΑ͏ͳײ͡Ͱ
 දࣔ͞ΕΔ

  26. Application of Applications • kustomize ͷྫ: ͜ΕΒͷ Application ͸ GitOps

    Ͱࣗಈతʹ Sync ͞ΕΔ (feature ϒϥϯνͷ manifest Λ
 ద༻͍ͨ͠Έ͍ͨͳঢ়گͷ࣌ʹָ)

  27. Application of Applications revision Λॻ͖׵͑ͨ Pull Request Λ
 merge ͢Δͱ

    feature ϒϥϯνͷ
 manifest ΛࢀরͰ͖Δ

  28. AppProject • Application ͷ
 ࿦ཧతͳάϧʔϓΛද͢ • Role ͱ͔΋ఆٛͰ͖Δ
 (ৄ͘͠͸ޙड़)

  29. Argo CDͷ RBAC

  30. Argo CD ͷೝূ • ϩάΠϯը໘:

  31. Argo CD ͷೝূ • ϩάΠϯը໘: User ͱ Password Λ
 ೖྗ͢Δεϖʔε͕͋Δ͕


    Argo CD Ͱ͸૊ΈࠐΈͷ
 admin Ҏ֎ͷϢʔβ͸ଘࡏ͠ͳ͍

  32. Argo CD ͷೝূ • ϩάΠϯը໘: admin Ҏ֎ͷશͯͷϢʔβ͸ SSO Λհͯ͠ϩάΠϯ͢Δ
 ඞཁ͕͋Δ


    (͜ͷ৔߹͸ GitHub Λ࢖༻)

  33. Argo CD ͷೝূ • Argo CD Ͱ SSO Λߦ͏ํ๏͸ 2

    छྨ • όϯυϧ͞ΕͯΔ Dex Λ࢖༻͢Δ • طଘͷ OIDC provider Λ࢖༻͢Δ

  34. Argo CD ͷೝূ • Argo CD Ͱ SSO Λߦ͏ํ๏͸ 2

    छྨ • όϯυϧ͞ΕͯΔ Dex Λ࢖༻͢Δ • طଘͷ OIDC provider Λ࢖༻͢Δ ࠓճ͸ Dex Λ࢖ͬͯ
 GitHub Ͱೝূ͢Δ࿩Λ͠·͢

  35. Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • Argo CD Ͱ͸ Dex ͱ͍͏


    OIDC provider ͕όϯυϧ͞Ε͍ͯΔ • https://github.com/dexidp/dex

  36. Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • GitHub Ͱ OAuth application Λ࡞ͬͯ


    `argocd-cm` ͱ͍͏ ConfigMap ʹ
 ઃఆΛهࡌ͢Δ

  37. Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • ConfigMap ͷྫ:

  38. Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • ConfigMap ͷྫ: ൃߦͨ͠ clientID ͱ

    clientSecret $dex.github.clientSecret Έ͍ͨʹॻ͘͜ͱͰ
 Kubernetes ͷ Secret ͔Β
 ஋ΛಡΈࠐΜͰ͘ΕΔ

  39. Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • ConfigMap ͷྫ: ϩάΠϯͰ͖Δ GitHub org

    ͱ Team ͷઃఆ ͜ͷ৔߹͸ `classmethod` ͱ͍͏ GitHub org ͷ `sre-team` ͔͠ ϩάΠϯͰ͖ͳ͍

  40. Role • GitHub-org:team
 ʹରͯ͠ AppProject ʹ
 ඥͮ͘Role ΛఆٛͰ͖Δ

  41. Role • Argo CD ͷ Web UI ͔Β
 Delete, Edit

    ͱ͔͕Ͱ͖ͨΓ͢Δ໰୊΋ 
 Role Λ࢖੍ͬͯޚ͢Δ͜ͱ͕Ͱ͖Δ

  42. Argo CDͷ Sync

  43. Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ

    PreSync Sync PostSync

  44. Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ

    PreSync Sync PostSync manifest ͷద༻લʹ࣮ߦ͞ΕΔ

  45. Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ

    PreSync Sync PostSync manifest ͷద༻ʹ
 ؔ࿈࣮ͯ͠ߦ͞ΕΔ

  46. Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ

    PreSync Sync PostSync manifest ͷద༻ޙʹ࣮ߦ͞ΕΔ

  47. • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync Sync

    ΞϓϦέʔγϣϯ ͷσϓϩΠ DB ͷ
 ϚΠάϨʔγϣϯ PostSync Sync Phases ΞϓϦέʔγϣϯͷσϓϩΠલʹ
 Kubernetes ͷ Job Ͱ
 DB ͷϚΠάϨʔγϣϯΛ࣮ߦ

  48. Sync Phases and Waves • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ

    3 ͭͷϑΣʔζ͕͋Δɹ PreSync ΞϓϦέʔγϣϯͷσϓϩΠલʹ
 Kubernetes ͷ Job Ͱ
 DB ͷϚΠάϨʔγϣϯΛ࣮ߦ DB ͷ
 ϚΠάϨʔγϣϯ

  49. Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ

    PreSync DB ͷ
 ϚΠάϨʔγϣϯ annotation ʹهࡌΛ͢Δͱ
 Argo CD ͕هࡌͨ͠ϑΣʔζͰ
 ࣮ߦͯ͘͠ΕΔ

  50. • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync DB

    ͷ
 ϚΠάϨʔγϣϯ PreSync ͷϑΣʔζ͕
 ऴΘͬͨΒ Job Λ࡟আ Sync Phases

  51. Sync Waves • ֤ϑΣʔζ಺Ͱͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ PreSync Sync PostSync Job

    Job Pod Job 1 2 3 v1.1.0 ͔Βͷ৽ػೳ

  52. Sync Waves Sync Job Pod Job 1 2 3 •

    ֤ϑΣʔζ಺Ͱͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ

  53. Sync Waves Sync Job Pod Job 1 2 3 •

    ֤ϑΣʔζ಺Ͱͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ `argocd.argoproj.io/sync-wave` ͱ͍͏ annotaion ʹ
 ੔਺஋Λࢦఆ͢Δ

  54. ·ͱΊ

  55. ·ͱΊ • Argo CD ͸Ϧονͳ Web UI Ͱ GitOps Ͱ͖Δπʔϧ

    • ৭ʑͱࡉ͔͍ػೳͱ͔΋ॆ࣮ͯ͠Δ • ެࣜͷυΩϡϝϯτ΋ॆ࣮ͯ͠ΔͷͰΈΑ͏! • https://argoproj.github.io/argo-cd/

  56. Thank You! @ponde_m