Tweet
Tweet

Slide 1

Slide 1 text

19/07/25 Kubernetes Meetup Tokyo #21 - Cloud Native CI/CD @ponde_m Argo CD ࣮ફΨΠυ

Slide 2

Slide 2 text

ࠓճͷΠϕϯτϖʔδ

Slide 3

Slide 3 text

͜Εʹωλ͔ͿΓ͠ͳ͍Α͏ͳ ر๬ "SHP$%ͷࡉ͔͍࿩Λ͍͖ͯ͠·͢ ࠓճͷΠϕϯτϖʔδ

Slide 4

Slide 4 text

@ponde_m Dai Kurosawa SRE

Slide 5

Slide 5 text

͓͞Β͍: Argo CD ͱ͸ • Pull ܕͷ CD • GitOps ʹ࢖͏ • ͍͍ײ͡ͷ UI

Slide 6

Slide 6 text

ࠓ೔࿩͢͜ͱ • Argo CD ͷ CRD ʹ͍ͭͯ • Argo CD ͷ RBAC ʹ͍ͭͯ • Argo CD ͷ Sync ઓུʹ͍ͭͯ

Slide 7

Slide 7 text

ࠓ೔࿩͢͜ͱ • Argo CD ͷ CRD ʹ͍ͭͯ • Argo CD ͷ RBAC ʹ͍ͭͯ • Argo CD ͷ Sync ઓུʹ͍ͭͯ ͕࣌ؒ଍Γͳ͔ͬͨͷͰ
 εΩοϓ͠·͢ (ࢿྉ͸ͦͷ··Ξοϓ͠·͢)

Slide 8

Slide 8 text

Argo CDͷ CRD

Slide 9

Slide 9 text

Argo CD ͷ CRD • 2ͭͷ CRD ͕͋Δ • Application • AppProject

Slide 10

Slide 10 text

Argo CD ͷ CRD Application Application Application AppProject

Slide 11

Slide 11 text

Application • Argo CD ʹ͓͚Δ
 σϓϩΠͷઃఆ • ݱ࣮ੈքͷ
 ΞϓϦέʔγϣϯͱಉ͡୯Ґ
 (ෳ਺ͷ Object ͷू߹)

Slide 12

Slide 12 text

Application Git Repository Revision Path Λࢦఆͯͦ͜͠ʹ͋Δ manifest ΛσϓϩΠ͢Δ

Slide 13

Slide 13 text

Application λʔήοτͱͳΔ Ϋϥελͱ namespace

Slide 14

Slide 14 text

Automated Sync • syncPolicy Λ
 ໌ࣔతʹࢦఆ͠ͳ͍ͱ
 ࣗಈͰಉظͯ͘͠Εͳ͍ͷͰ஫ҙ • prune: true Λࢦఆ͠ͳ͍৔߹͸
 Ϧιʔεͷ Pruning ͸ߦΘΕͳ͍

Slide 15

Slide 15 text

Tools • αϙʔτ͍ͯ͠Δ apply ํ๏ • kustomize • Helm charts • Ksonnet • YAML/JSON/Jsonnet manifest ͷσΟϨΫτϦ • ϓϥάΠϯ (ࣗ࡞όΠφϦ΋࢖͑Δ)

Slide 16

Slide 16 text

Application of Applications • Application Ͱ 
 Application Λ؅ཧ͢Δ

Slide 17

Slide 17 text

Application of Applications • kustomize ͷྫ: root.yaml

Slide 18

Slide 18 text

Application of Applications • kustomize ͷྫ: root.yaml ͜͜ͷ path ࢦఆͰ

Slide 19

Slide 19 text

Application of Applications • kustomize ͷྫ: root.yaml ͜͜ͷ path ࢦఆͰ application-of-applications σΟϨΫτϦͷ kustomization.yaml ͕ࢀর͞ΕΔ

Slide 20

Slide 20 text

Application of Applications • kustomize ͷྫ: kustomization.yaml

Slide 21

Slide 21 text

Application of Applications • kustomize ͷྫ: kustomization.yaml kustomize ͷ
 resources Ͱ root ʹඥͮ͘ Application Λࢦఆ͢Δ

Slide 22

Slide 22 text

Application of Applications • kustomize ͷྫ: root ʹͳΔ Application Λ apply ͢Δ

Slide 23

Slide 23 text

Application of Applications • kustomize ͷྫ:

Slide 24

Slide 24 text

Application of Applications • kustomize ͷྫ: root ʹͳΔ Application Λ apply ͚ͨͩ͠Ͱ 
 root ʹඥͮ͘ Application ΋উखʹద༻͞ΕΔ

Slide 25

Slide 25 text

Application of Applications UI ͔Β͸͜ͷΑ͏ͳײ͡Ͱ
 දࣔ͞ΕΔ

Slide 26

Slide 26 text

Application of Applications • kustomize ͷྫ: ͜ΕΒͷ Application ͸ GitOps Ͱࣗಈతʹ Sync ͞ΕΔ (feature ϒϥϯνͷ manifest Λ
 ద༻͍ͨ͠Έ͍ͨͳঢ়گͷ࣌ʹָ)

Slide 27

Slide 27 text

Application of Applications revision Λॻ͖׵͑ͨ Pull Request Λ
 merge ͢Δͱ feature ϒϥϯνͷ
 manifest ΛࢀরͰ͖Δ

Slide 28

Slide 28 text

AppProject • Application ͷ
 ࿦ཧతͳάϧʔϓΛද͢ • Role ͱ͔΋ఆٛͰ͖Δ
 (ৄ͘͠͸ޙड़)

Slide 29

Slide 29 text

Argo CDͷ RBAC

Slide 30

Slide 30 text

Argo CD ͷೝূ • ϩάΠϯը໘:

Slide 31

Slide 31 text

Argo CD ͷೝূ • ϩάΠϯը໘: User ͱ Password Λ
 ೖྗ͢Δεϖʔε͕͋Δ͕
 Argo CD Ͱ͸૊ΈࠐΈͷ
 admin Ҏ֎ͷϢʔβ͸ଘࡏ͠ͳ͍

Slide 32

Slide 32 text

Argo CD ͷೝূ • ϩάΠϯը໘: admin Ҏ֎ͷશͯͷϢʔβ͸ SSO Λհͯ͠ϩάΠϯ͢Δ
 ඞཁ͕͋Δ
 (͜ͷ৔߹͸ GitHub Λ࢖༻)

Slide 33

Slide 33 text

Argo CD ͷೝূ • Argo CD Ͱ SSO Λߦ͏ํ๏͸ 2 छྨ • όϯυϧ͞ΕͯΔ Dex Λ࢖༻͢Δ • طଘͷ OIDC provider Λ࢖༻͢Δ

Slide 34

Slide 34 text

Argo CD ͷೝূ • Argo CD Ͱ SSO Λߦ͏ํ๏͸ 2 छྨ • όϯυϧ͞ΕͯΔ Dex Λ࢖༻͢Δ • طଘͷ OIDC provider Λ࢖༻͢Δ ࠓճ͸ Dex Λ࢖ͬͯ
 GitHub Ͱೝূ͢Δ࿩Λ͠·͢

Slide 35

Slide 35 text

Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • Argo CD Ͱ͸ Dex ͱ͍͏
 OIDC provider ͕όϯυϧ͞Ε͍ͯΔ • https://github.com/dexidp/dex

Slide 36

Slide 36 text

Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • GitHub Ͱ OAuth application Λ࡞ͬͯ
 `argocd-cm` ͱ͍͏ ConfigMap ʹ
 ઃఆΛهࡌ͢Δ

Slide 37

Slide 37 text

Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • ConfigMap ͷྫ:

Slide 38

Slide 38 text

Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • ConfigMap ͷྫ: ൃߦͨ͠ clientID ͱ clientSecret $dex.github.clientSecret Έ͍ͨʹॻ͘͜ͱͰ
 Kubernetes ͷ Secret ͔Β
 ஋ΛಡΈࠐΜͰ͘ΕΔ

Slide 39

Slide 39 text

Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • ConfigMap ͷྫ: ϩάΠϯͰ͖Δ GitHub org ͱ Team ͷઃఆ ͜ͷ৔߹͸ `classmethod` ͱ͍͏ GitHub org ͷ `sre-team` ͔͠ ϩάΠϯͰ͖ͳ͍

Slide 40

Slide 40 text

Role • GitHub-org:team
 ʹରͯ͠ AppProject ʹ
 ඥͮ͘Role ΛఆٛͰ͖Δ

Slide 41

Slide 41 text

Role • Argo CD ͷ Web UI ͔Β
 Delete, Edit ͱ͔͕Ͱ͖ͨΓ͢Δ໰୊΋ 
 Role Λ࢖੍ͬͯޚ͢Δ͜ͱ͕Ͱ͖Δ

Slide 42

Slide 42 text

Argo CDͷ Sync

Slide 43

Slide 43 text

Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync Sync PostSync

Slide 44

Slide 44 text

Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync Sync PostSync manifest ͷద༻લʹ࣮ߦ͞ΕΔ

Slide 45

Slide 45 text

Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync Sync PostSync manifest ͷద༻ʹ
 ؔ࿈࣮ͯ͠ߦ͞ΕΔ

Slide 46

Slide 46 text

Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync Sync PostSync manifest ͷద༻ޙʹ࣮ߦ͞ΕΔ

Slide 47

Slide 47 text

• Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync Sync ΞϓϦέʔγϣϯ ͷσϓϩΠ DB ͷ
 ϚΠάϨʔγϣϯ PostSync Sync Phases ΞϓϦέʔγϣϯͷσϓϩΠલʹ
 Kubernetes ͷ Job Ͱ
 DB ͷϚΠάϨʔγϣϯΛ࣮ߦ

Slide 48

Slide 48 text

Sync Phases and Waves • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync ΞϓϦέʔγϣϯͷσϓϩΠલʹ
 Kubernetes ͷ Job Ͱ
 DB ͷϚΠάϨʔγϣϯΛ࣮ߦ DB ͷ
 ϚΠάϨʔγϣϯ

Slide 49

Slide 49 text

Sync Phases • Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync DB ͷ
 ϚΠάϨʔγϣϯ annotation ʹهࡌΛ͢Δͱ
 Argo CD ͕هࡌͨ͠ϑΣʔζͰ
 ࣮ߦͯ͘͠ΕΔ

Slide 50

Slide 50 text

• Argo CD ͷ Sync ʹ͸େ͖͘෼͚ͯ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync DB ͷ
 ϚΠάϨʔγϣϯ PreSync ͷϑΣʔζ͕
 ऴΘͬͨΒ Job Λ࡟আ Sync Phases

Slide 51

Slide 51 text

Sync Waves • ֤ϑΣʔζ಺Ͱͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ PreSync Sync PostSync Job Job Pod Job 1 2 3 v1.1.0 ͔Βͷ৽ػೳ

Slide 52

Slide 52 text

Sync Waves Sync Job Pod Job 1 2 3 • ֤ϑΣʔζ಺Ͱͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ

Slide 53

Slide 53 text

Sync Waves Sync Job Pod Job 1 2 3 • ֤ϑΣʔζ಺Ͱͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ `argocd.argoproj.io/sync-wave` ͱ͍͏ annotaion ʹ
 ੔਺஋Λࢦఆ͢Δ

Slide 54

Slide 54 text

·ͱΊ

Slide 55

Slide 55 text

·ͱΊ • Argo CD ͸Ϧονͳ Web UI Ͱ GitOps Ͱ͖Δπʔϧ • ৭ʑͱࡉ͔͍ػೳͱ͔΋ॆ࣮ͯ͠Δ • ެࣜͷυΩϡϝϯτ΋ॆ࣮ͯ͠ΔͷͰΈΑ͏! • https://argoproj.github.io/argo-cd/

Slide 56

Slide 56 text

Thank You! @ponde_m