ArgoCD高级应用
ArgoCD高级应用
ArgoCD架构
ArgoCD Server
├── API Server
├── Repo Server
├── Application Controller
└── Redis (缓存)
ApplicationSets
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: myapp
namespace: argocd
spec:
generators:
- list:
elements:
- env: staging
url: https://staging.example.com
- env: production
url: https://api.example.com
template:
metadata:
name: 'myapp-{{env}}'
spec:
project: default
source:
repoURL: https://github.com/myorg/k8s-manifests.git
targetRevision: HEAD
path: 'apps/myapp/{{env}}'
destination:
server: '{{url}}'
namespace: '{{env}}'
syncPolicy:
automated:
prune: true
selfHeal: true
多集群管理
# 注册远程集群
apiVersion: argoproj.io/v1alpha1
kind: Secret
metadata:
name: cluster-production
namespace: argocd
labels:
argocd.argoproj.io/secret-type: cluster
type: Opaque
stringData:
name: production
server: https://production.example.com
config: |
{
"bearerToken": "xxx",
"tlsClientConfig": {
"insecure": false,
"caData": "xxx"
}
}
同步策略
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: myapp
namespace: argocd
annotations:
# 自动同步
argocd.argoproj.io/sync-wave: "0"
spec:
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- PrunePropagationPolicy=foreground
- PruneLast=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m0s
Hooks
# Pre-sync hook
apiVersion: batch/v1
kind: Job
metadata:
name: migrate-db
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/hook-delete-policy: HookSucceeded
spec:
template:
spec:
containers:
- name: migrate
image: myapp:migrate
command: ["./migrate.sh"]
restartPolicy: Never
backoffLimit: 1
---
# Post-sync hook
apiVersion: batch/v1
kind: Job
metadata:
name: notify-deploy
annotations:
argocd.argoproj.io/hook: PostSync
spec:
template:
spec:
containers:
- name: notify
image: curlimages/curl
command:
- curl
- -X
- POST
- https://hooks.slack.com/services/xxx
restartPolicy: Never
实践:完整GitOps工作流
# 1. ArgoCD Application
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: myapp-production
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: production
source:
repoURL: https://github.com/myorg/k8s-manifests.git
targetRevision: HEAD
path: apps/myapp/production
helm:
valueFiles:
- values.yaml
- values-production.yaml
destination:
server: https://production.example.com
namespace: production
syncPolicy:
automated:
prune: true
selfHeal: true
---
# 2. RBAC
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: production
namespace: argocd
spec:
description: Production applications
sourceRepos:
- 'https://github.com/myorg/*'
destinations:
- namespace: production
server: https://production.example.com
clusterResourceWhitelist:
- group: ''
kind: Namespace
namespaceResourceWhitelist:
- group: ''
kind: '*'
监控和告警
# Prometheus规则
groups:
- name: argocd
rules:
- alert: ArgoCDAppOutOfSync
expr: argocd_app_info{sync_status!="Synced"} == 1
for: 5m
labels:
severity: warning
annotations:
summary: "ArgoCD application out of sync"
- alert: ArgoCDAppDegraded
expr: argocd_app_info{health_status!="Healthy"} == 1
for: 5m
labels:
severity: critical
最佳实践
- 使用ApplicationSets
- 实施RBAC
- 配置健康检查
- 使用Hooks
- 监控同步状态
总结
ArgoCD是GitOps的核心工具。通过高级配置和最佳实践,可以实现高效的Kubernetes应用管理。