Subsections of CICD
Install Argo CD
Preliminary
1. install argoCD binary
2. install components
Install By
1. Prepare argocd.values.yaml
2. Install argoCD
crds:
install: true
keep: false
global:
revisionHistoryLimit: 3
image:
repository: m.daocloud.io/quay.io/argoproj/argocd
imagePullPolicy: IfNotPresent
redis:
enabled: true
image:
repository: m.daocloud.io/docker.io/library/redis
exporter:
enabled: false
image:
repository: m.daocloud.io/bitnami/redis-exporter
metrics:
enabled: false
redis-ha:
enabled: false
image:
repository: m.daocloud.io/docker.io/library/redis
configmapTest:
repository: m.daocloud.io/docker.io/koalaman/shellcheck
haproxy:
enabled: false
image:
repository: m.daocloud.io/docker.io/library/haproxy
exporter:
enabled: false
image: m.daocloud.io/docker.io/oliver006/redis_exporter
dex:
enabled: true
image:
repository: m.daocloud.io/ghcr.io/dexidp/dex
helm install argo-cd argo-cd \
--namespace argocd \
--create-namespace \
--version 8.1.2 \
--repo https://aaronyang0628.github.io/helm-chart-mirror/charts \
--values argocd.values.yaml \
--atomic
helm install argo-cd argo-cd \
--namespace argocd \
--create-namespace \
--version 8.1.2 \
--repo https://argoproj.github.io/argo-helm \
--values argocd.values.yaml \
--atomic
by default you can install argocd by this link
kubectl create namespace argocd \
&& kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml4. prepare argocd-server-external.yaml
Install By
kubectl -n argocd apply -f - <<EOF
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/name: argocd-server-external
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.8.4
name: argocd-server-external
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: 8080
nodePort: 30443
selector:
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/name: argocd-server
type: NodePort
EOF
kubectl -n argocd apply -f - <<EOF
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/name: argocd-server-external
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.8.4
name: argocd-server-external
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: 8080
nodePort: 30443
selector:
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/name: argocd-server
type: NodePort
---
EOF5. create external service
kubectl -n argocd apply -f argocd-server-external.yaml6. [Optional] prepare argocd-server-ingress.yaml
Before you create ingress, you need to create cert-manager and cert-issuer self-signed-ca-issuer, if not, please check πlink
Install By
kubectl -n argocd apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argo-cd-argocd-server
annotations:
cert-manager.io/cluster-issuer: self-signed-ca-issuer
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
ingressClassName: nginx
tls:
- hosts:
- argo-cd.ay.dev
secretName: argo-cd.ay.dev-tls
rules:
- host: argo-cd.ay.dev
http:
paths:
- path: /?(.*)
pathType: ImplementationSpecific
backend:
service:
name: argo-cd-argocd-server
port:
number: 80
EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argo-cd-argocd-server
annotations:
cert-manager.io/cluster-issuer: self-signed-ca-issuer
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
ingressClassName: nginx
tls:
- hosts:
- argo-cd.ay.dev
secretName: argo-cd-tls
rules:
- host: argo-cd.ay.dev
http:
paths:
- path: /?(.*)
pathType: ImplementationSpecific
backend:
service:
name: argo-cd-argocd-server
port:
number: 807. [Optional] create external service
kubectl -n argocd apply -f argocd-server-external.yaml8. get argocd initialized password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d9. login argocd
ARGOCD_PASS=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)
MASTER_IP=$(kubectl get nodes --selector=node-role.kubernetes.io/control-plane -o jsonpath='{$.items[0].status.addresses[?(@.type=="InternalIP")].address}')
argocd login --insecure --username admin $MASTER_IP:30443 --password $ARGOCD_PASSif you deploy argocd in minikube, you might need to forward this port
ssh -i ~/.minikube/machines/minikube/id_rsa docker@$(minikube ip) -L '*:30443:0.0.0.0:30443' -N -fopen https://$(minikube ip):30443if you use ingress, you might need to configure your browser to allow insecure connection
kubectl -n basic-components get secret root-secret -o jsonpath='{.data.tls\.crt}' | base64 -d > cert-manager-self-signed-ca-secret.crtopen https://argo-cd.ay.devInstall Argo WorkFlow
Preliminary
- Kubernets has installed, if not check πlink
- Argo CD has installed, if not check πlink
- cert-manager has installed on argocd and the clusterissuer has a named
self-signed-ca-issuerservice, , if not check πlink
1. prepare argo-workflows.yaml
content
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argo-workflows
spec:
syncPolicy:
syncOptions:
- CreateNamespace=true
project: default
source:
repoURL: https://aaronyang0628.github.io/helm-chart-mirror/charts
chart: argo-workflows
targetRevision: 0.40.11
helm:
releaseName: argo-workflows
values: |
crds:
install: true
keep: false
singleNamespace: false
controller:
image:
registry: m.daocloud.io/quay.io
workflowNamespaces:
- business-workflows
executor:
image:
registry: m.daocloud.io/quay.io
workflow:
serviceAccount:
create: true
rbac:
create: true
server:
enabled: true
image:
registry: m.daocloud.io/quay.io
ingress:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: self-signed-ca-issuer
nginx.ingress.kubernetes.io/rewrite-target: /$1
hosts:
- argo-workflows.ay.dev
paths:
- /?(.*)
tls:
- secretName: argo-workflows-tls
hosts:
- argo-workflows.ay.dev
authModes:
- server
sso:
enabled: false
destination:
server: https://kubernetes.default.svc
namespace: workflowskubectl -n argocd apply -f - << EOF
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argo-workflows
spec:
syncPolicy:
syncOptions:
- CreateNamespace=true
project: default
source:
repoURL: https://argoproj.github.io/argo-helm
chart: argo-workflows
targetRevision: 0.45.11
helm:
releaseName: argo-workflows
values: |
crds:
install: true
keep: false
singleNamespace: false
controller:
image:
registry: m.daocloud.io/quay.io
workflowNamespaces:
- business-workflows
executor:
image:
registry: m.daocloud.io/quay.io
workflow:
serviceAccount:
create: true
rbac:
create: true
server:
enabled: true
image:
registry: m.daocloud.io/quay.io
ingress:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: self-signed-ca-issuer
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/use-regex: "true"
hosts:
- argo-workflows.ay.dev
paths:
- /?(.*)
tls:
- secretName: argo-workflows.ay.dev-tls
hosts:
- argo-workflows.ay.dev
authModes:
- server
- client
sso:
enabled: false
destination:
server: https://kubernetes.default.svc
namespace: workflows
EOF2. install argo workflow binary
3. create workflow related namespace
kubectl get namespace business-workflows > /dev/null 2>&1 || kubectl create namespace business-workflows4. apply to k8s
kubectl -n argocd apply -f argo-workflows.yaml5. sync by argocd
argocd app sync argocd/argo-workflows6. check workflow status
# list all flows
argo -n business-workflows list# get specific flow status
argo -n business-workflows get <$flow_name># get specific flow log
argo -n business-workflows logs <$flow_name># get specific flow log continuously
argo -n business-workflows logs <$flow_name> --watchInstall Argo Event
Preliminary
1. prepare argo-events.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argo-events
spec:
syncPolicy:
syncOptions:
- CreateNamespace=true
project: default
source:
repoURL: https://argoproj.github.io/argo-helm
chart: argo-events
targetRevision: 2.4.2
helm:
releaseName: argo-events
values: |
openshift: false
createAggregateRoles: true
crds:
install: true
keep: true
global:
image:
repository: m.daocloud.io/quay.io/argoproj/argo-events
controller:
replicas: 1
resources: {}
webhook:
enabled: true
replicas: 1
port: 12000
resources: {}
extraObjects:
- apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: self-signed-ca-issuer
nginx.ingress.kubernetes.io/rewrite-target: /$1
labels:
app.kubernetes.io/instance: argo-events
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: argo-events-events-webhook
app.kubernetes.io/part-of: argo-events
argocd.argoproj.io/instance: argo-events
name: argo-events-webhook
spec:
ingressClassName: nginx
rules:
- host: argo-events.webhook.ay.dev
http:
paths:
- backend:
service:
name: events-webhook
port:
number: 12000
path: /?(.*)
pathType: ImplementationSpecific
tls:
- hosts:
- argo-events.webhook.ay.dev
secretName: argo-events-webhook-tls
destination:
server: https://kubernetes.default.svc
namespace: argocd4. apply to k8s
kubectl -n argocd apply -f argo-events.yaml5. sync by argocd
argocd app sync argocd/argo-eventsSample
Subsections of Sample
Publish 2 Dockerhub
name: publish-image-to-ghcr
run-name: ${{ gitea.actor }} is testing out Gitea Push Image π
on: [push]
env:
REGISTRY: ghcr.io
USER: aaronyang0628
REPOSITORY_NAMESPACE: aaronyang0628
jobs:
build-and-push-images:
strategy:
matrix:
include:
- name_suffix: "aria-ng"
container_path: "application/aria2/container/aria-ng"
dockerfile_path: "application/aria2/container/aria-ng/Dockerfile"
- name_suffix: "aria2"
container_path: "application/aria2/container/aria2"
dockerfile_path: "application/aria2/container/aria2/Dockerfile"
runs-on: ubuntu-latest
steps:
- name: checkout-repository
uses: actions/checkout@v4
- name: log in to the container registry
uses: docker/login-action@v3
with:
registry: "${{ env.REGISTRY }}"
username: "${{ env.USER }}"
password: "${{ secrets.GIT_REGISTRY_PWD }}"
- name: build and push container image
uses: docker/build-push-action@v6
with:
context: "${{ matrix.container_path }}"
file: "${{ matrix.dockerfile_path }}"
push: true
tags: |
${{ env.REGISTRY }}/${{ env.REPOSITORY_NAMESPACE }}/${{ github.repository }}-${{ matrix.name_suffix }}:${{ inputs.tag || 'latest' }}
${{ env.REGISTRY }}/${{ env.REPOSITORY_NAMESPACE }}/${{ github.repository }}-${{ matrix.name_suffix }}:${{ github.ref_name }}
labels: |
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}Publish 2 Ghcr
name: publish-image-to-ghcr
run-name: ${{ gitea.actor }} is testing out Gitea Push Image π
on: [push]
env:
REGISTRY: ghcr.io
USER: aaronyang0628
REPOSITORY_NAMESPACE: aaronyang0628
jobs:
build-and-push-images:
strategy:
matrix:
include:
- name_suffix: "aria-ng"
container_path: "application/aria2/container/aria-ng"
dockerfile_path: "application/aria2/container/aria-ng/Dockerfile"
- name_suffix: "aria2"
container_path: "application/aria2/container/aria2"
dockerfile_path: "application/aria2/container/aria2/Dockerfile"
runs-on: ubuntu-latest
steps:
- name: checkout-repository
uses: actions/checkout@v4
- name: log in to the container registry
uses: docker/login-action@v3
with:
registry: "${{ env.REGISTRY }}"
username: "${{ env.USER }}"
password: "${{ secrets.GIT_REGISTRY_PWD }}"
- name: build and push container image
uses: docker/build-push-action@v6
with:
context: "${{ matrix.container_path }}"
file: "${{ matrix.dockerfile_path }}"
push: true
tags: |
${{ env.REGISTRY }}/${{ env.REPOSITORY_NAMESPACE }}/${{ github.repository }}-${{ matrix.name_suffix }}:${{ inputs.tag || 'latest' }}
${{ env.REGISTRY }}/${{ env.REPOSITORY_NAMESPACE }}/${{ github.repository }}-${{ matrix.name_suffix }}:${{ github.ref_name }}
labels: |
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}Publish 2 Harbor
name: publish-image-to-ghcr
run-name: ${{ gitea.actor }} is testing out Gitea Push Image π
on: [push]
env:
REGISTRY: harbor.zhejianglab.com
USER: byang628@zhejianglab.com
REPOSITORY_NAMESPACE: ay-dev
jobs:
build-and-push-images:
strategy:
matrix:
include:
- name_suffix: "aria-ng"
container_path: "application/aria2/container/aria-ng"
dockerfile_path: "application/aria2/container/aria-ng/Dockerfile"
- name_suffix: "aria2"
container_path: "application/aria2/container/aria2"
dockerfile_path: "application/aria2/container/aria2/Dockerfile"
runs-on: ubuntu-latest:host
steps:
- name: checkout-repository
uses: actions/checkout@v4
- name: log in to the container registry
uses: docker/login-action@v3
with:
registry: "${{ env.REGISTRY }}"
username: "${{ env.USER }}"
password: "${{ secrets.HARBOR_REGISTRY_PWD }}"
- name: build and push container image
uses: docker/build-push-action@v6
with:
context: "${{ matrix.container_path }}"
file: "${{ matrix.dockerfile_path }}"
push: true
tags: |
${{ env.REGISTRY }}/${{ env.REPOSITORY_NAMESPACE }}/${{ github.repository }}-${{ matrix.name_suffix }}:${{ inputs.tag || 'latest' }}
${{ env.REGISTRY }}/${{ env.REPOSITORY_NAMESPACE }}/${{ github.repository }}-${{ matrix.name_suffix }}:${{ github.ref_name }}
labels: |
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}Publish 2 Harbor
name: publish-image-to-ghcr
run-name: ${{ gitea.actor }} is testing out Gitea Push Image π
on: [push]
env:
REGISTRY: harbor.zhejianglab.com
USER: byang628@zhejianglab.com
REPOSITORY_NAMESPACE: ay-dev
jobs:
build-and-push-images:
strategy:
matrix:
include:
- name_suffix: "aria-ng"
container_path: "application/aria2/container/aria-ng"
dockerfile_path: "application/aria2/container/aria-ng/Dockerfile"
- name_suffix: "aria2"
container_path: "application/aria2/container/aria2"
dockerfile_path: "application/aria2/container/aria2/Dockerfile"
runs-on: ubuntu-latest:host
steps:
- name: checkout-repository
uses: actions/checkout@v4
- name: log in to the container registry
uses: docker/login-action@v3
with:
registry: "${{ env.REGISTRY }}"
username: "${{ env.USER }}"
password: "${{ secrets.HARBOR_REGISTRY_PWD }}"
- name: build and push container image
uses: docker/build-push-action@v6
with:
context: "${{ matrix.container_path }}"
file: "${{ matrix.dockerfile_path }}"
push: true
tags: |
${{ env.REGISTRY }}/${{ env.REPOSITORY_NAMESPACE }}/${{ github.repository }}-${{ matrix.name_suffix }}:${{ inputs.tag || 'latest' }}
${{ env.REGISTRY }}/${{ env.REPOSITORY_NAMESPACE }}/${{ github.repository }}-${{ matrix.name_suffix }}:${{ github.ref_name }}
labels: |
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}