Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Argo CD 実践ガイド #k8sjp / Argo CD Practice Guide
Search
d-kuro
July 25, 2019
Technology
13
8.2k
Argo CD 実践ガイド #k8sjp / Argo CD Practice Guide
Kubernetes Meetup Tokyo #21 - Cloud Native CI/CD で発表した資料です
https://k8sjp.connpass.com/event/138375/
d-kuro
July 25, 2019
Tweet
Share
More Decks by d-kuro
See All by d-kuro
kube-state-metrics Sharding
daikurosawa
0
290
Helm Chart を Unit Test する / Unit Testing Helm Chart
daikurosawa
0
1.9k
Understanding CPU throttling in Kubernetes to improve application performance #k8sjp
daikurosawa
12
14k
Leader Election in Kubernetes #k8sjp
daikurosawa
5
9.9k
図で理解する Descheduler #k8sjp #ymju / Introduction to Descheduler
daikurosawa
12
23k
Kubernetes のソースコードとの付き合い方 #gounco / Kubernetes source code reading
daikurosawa
24
4.9k
GolangCI を使ってコードの品質を保ちながら快適な Golang 生活を送る話 #gounco / GolangCI
daikurosawa
4
5.8k
Introduction gRPC
daikurosawa
1
240
Go Cloud を触ってみる / gopher-dojo-lt
daikurosawa
2
2.1k
Other Decks in Technology
See All in Technology
ノーコードデータ分析ツールで体験する時系列データ分析超入門
negi111111
0
420
生成AIが変えるデータ分析の全体像
ishikawa_satoru
0
170
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
390
100 名超が参加した日経グループ横断の競技型 AWS 学習イベント「Nikkei Group AWS GameDay」の紹介/mediajaws202411
nikkei_engineer_recruiting
1
170
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
4
230
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
130
アジャイルチームがらしさを発揮するための目標づくり / Making the goal and enabling the team
kakehashi
3
110
誰も全体を知らない ~ ロールの垣根を超えて引き上げる開発生産性 / Boosting Development Productivity Across Roles
kakehashi
1
230
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
第1回 国土交通省 データコンペ参加者向け勉強会③- Snowflake x estie編 -
estie
0
130
Featured
See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Making Projects Easy
brettharned
115
5.9k
YesSQL, Process and Tooling at Scale
rocio
169
14k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Teambox: Starting and Learning
jrom
133
8.8k
Designing the Hi-DPI Web
ddemaree
280
34k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Optimizing for Happiness
mojombo
376
70k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
Agile that works and the tools we love
rasmusluckow
327
21k
Producing Creativity
orderedlist
PRO
341
39k
Faster Mobile Websites
deanohume
305
30k
Transcript
19/07/25 Kubernetes Meetup Tokyo #21 - Cloud Native CI/CD @ponde_m
Argo CD ࣮ફΨΠυ
ࠓճͷΠϕϯτϖʔδ
͜Εʹωλ͔ͿΓ͠ͳ͍Α͏ͳ ر "SHP$%ͷࡉ͔͍Λ͍͖ͯ͠·͢ ࠓճͷΠϕϯτϖʔδ
@ponde_m Dai Kurosawa SRE
͓͞Β͍: Argo CD ͱ • Pull ܕͷ CD • GitOps
ʹ͏ • ͍͍ײ͡ͷ UI
ࠓ͢͜ͱ • Argo CD ͷ CRD ʹ͍ͭͯ • Argo CD
ͷ RBAC ʹ͍ͭͯ • Argo CD ͷ Sync ઓུʹ͍ͭͯ
ࠓ͢͜ͱ • Argo CD ͷ CRD ʹ͍ͭͯ • Argo CD
ͷ RBAC ʹ͍ͭͯ • Argo CD ͷ Sync ઓུʹ͍ͭͯ ͕࣌ؒΓͳ͔ͬͨͷͰ εΩοϓ͠·͢ (ࢿྉͦͷ··Ξοϓ͠·͢)
Argo CDͷ CRD
Argo CD ͷ CRD • 2ͭͷ CRD ͕͋Δ • Application
• AppProject
Argo CD ͷ CRD Application Application Application AppProject
Application • Argo CD ʹ͓͚Δ σϓϩΠͷઃఆ • ݱ࣮ੈքͷ ΞϓϦέʔγϣϯͱಉ͡୯Ґ (ෳͷ
Object ͷू߹)
Application Git Repository Revision Path Λࢦఆͯͦ͜͠ʹ͋Δ manifest ΛσϓϩΠ͢Δ
Application λʔήοτͱͳΔ Ϋϥελͱ namespace
Automated Sync • syncPolicy Λ ໌ࣔతʹࢦఆ͠ͳ͍ͱ ࣗಈͰಉظͯ͘͠Εͳ͍ͷͰҙ • prune: true
Λࢦఆ͠ͳ͍߹ Ϧιʔεͷ Pruning ߦΘΕͳ͍
Tools • αϙʔτ͍ͯ͠Δ apply ํ๏ • kustomize • Helm charts
• Ksonnet • YAML/JSON/Jsonnet manifest ͷσΟϨΫτϦ • ϓϥάΠϯ (ࣗ࡞όΠφϦ͑Δ)
Application of Applications • Application Ͱ Application Λཧ͢Δ
Application of Applications • kustomize ͷྫ: root.yaml
Application of Applications • kustomize ͷྫ: root.yaml ͜͜ͷ path ࢦఆͰ
Application of Applications • kustomize ͷྫ: root.yaml ͜͜ͷ path ࢦఆͰ
application-of-applications σΟϨΫτϦͷ kustomization.yaml ͕ࢀর͞ΕΔ
Application of Applications • kustomize ͷྫ: kustomization.yaml
Application of Applications • kustomize ͷྫ: kustomization.yaml kustomize ͷ resources
Ͱ root ʹඥͮ͘ Application Λࢦఆ͢Δ
Application of Applications • kustomize ͷྫ: root ʹͳΔ Application Λ
apply ͢Δ
Application of Applications • kustomize ͷྫ:
Application of Applications • kustomize ͷྫ: root ʹͳΔ Application Λ
apply ͚ͨͩ͠Ͱ root ʹඥͮ͘ Application উखʹద༻͞ΕΔ
Application of Applications UI ͔Β͜ͷΑ͏ͳײ͡Ͱ දࣔ͞ΕΔ
Application of Applications • kustomize ͷྫ: ͜ΕΒͷ Application GitOps
Ͱࣗಈతʹ Sync ͞ΕΔ (feature ϒϥϯνͷ manifest Λ ద༻͍ͨ͠Έ͍ͨͳঢ়گͷ࣌ʹָ)
Application of Applications revision Λॻ͖͑ͨ Pull Request Λ merge ͢Δͱ
feature ϒϥϯνͷ manifest ΛࢀরͰ͖Δ
AppProject • Application ͷ ཧతͳάϧʔϓΛද͢ • Role ͱ͔ఆٛͰ͖Δ (ৄ͘͠ޙड़)
Argo CDͷ RBAC
Argo CD ͷೝূ • ϩάΠϯը໘:
Argo CD ͷೝূ • ϩάΠϯը໘: User ͱ Password Λ ೖྗ͢Δεϖʔε͕͋Δ͕
Argo CD ͰΈࠐΈͷ admin Ҏ֎ͷϢʔβଘࡏ͠ͳ͍
Argo CD ͷೝূ • ϩάΠϯը໘: admin Ҏ֎ͷશͯͷϢʔβ SSO Λհͯ͠ϩάΠϯ͢Δ ඞཁ͕͋Δ
(͜ͷ߹ GitHub Λ༻)
Argo CD ͷೝূ • Argo CD Ͱ SSO Λߦ͏ํ๏ 2
छྨ • όϯυϧ͞ΕͯΔ Dex Λ༻͢Δ • طଘͷ OIDC provider Λ༻͢Δ
Argo CD ͷೝূ • Argo CD Ͱ SSO Λߦ͏ํ๏ 2
छྨ • όϯυϧ͞ΕͯΔ Dex Λ༻͢Δ • طଘͷ OIDC provider Λ༻͢Δ ࠓճ Dex Λͬͯ GitHub Ͱೝূ͢ΔΛ͠·͢
Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • Argo CD Ͱ Dex ͱ͍͏
OIDC provider ͕όϯυϧ͞Ε͍ͯΔ • https://github.com/dexidp/dex
Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • GitHub Ͱ OAuth application Λ࡞ͬͯ
`argocd-cm` ͱ͍͏ ConfigMap ʹ ઃఆΛهࡌ͢Δ
Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • ConfigMap ͷྫ:
Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • ConfigMap ͷྫ: ൃߦͨ͠ clientID ͱ
clientSecret $dex.github.clientSecret Έ͍ͨʹॻ͘͜ͱͰ Kubernetes ͷ Secret ͔Β ΛಡΈࠐΜͰ͘ΕΔ
Dex Λ༻͍ͯ GitHub Ͱೝূ͢Δ • ConfigMap ͷྫ: ϩάΠϯͰ͖Δ GitHub org
ͱ Team ͷઃఆ ͜ͷ߹ `classmethod` ͱ͍͏ GitHub org ͷ `sre-team` ͔͠ ϩάΠϯͰ͖ͳ͍
Role • GitHub-org:team ʹରͯ͠ AppProject ʹ ඥͮ͘Role ΛఆٛͰ͖Δ
Role • Argo CD ͷ Web UI ͔Β Delete, Edit
ͱ͔͕Ͱ͖ͨΓ͢Δ Role Λ੍ͬͯޚ͢Δ͜ͱ͕Ͱ͖Δ
Argo CDͷ Sync
Sync Phases • Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋Δɹ
PreSync Sync PostSync
Sync Phases • Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋Δɹ
PreSync Sync PostSync manifest ͷద༻લʹ࣮ߦ͞ΕΔ
Sync Phases • Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋Δɹ
PreSync Sync PostSync manifest ͷద༻ʹ ؔ࿈࣮ͯ͠ߦ͞ΕΔ
Sync Phases • Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋Δɹ
PreSync Sync PostSync manifest ͷద༻ޙʹ࣮ߦ͞ΕΔ
• Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync Sync
ΞϓϦέʔγϣϯ ͷσϓϩΠ DB ͷ ϚΠάϨʔγϣϯ PostSync Sync Phases ΞϓϦέʔγϣϯͷσϓϩΠલʹ Kubernetes ͷ Job Ͱ DB ͷϚΠάϨʔγϣϯΛ࣮ߦ
Sync Phases and Waves • Argo CD ͷ Sync ʹେ͖͚ͯ͘
3 ͭͷϑΣʔζ͕͋Δɹ PreSync ΞϓϦέʔγϣϯͷσϓϩΠલʹ Kubernetes ͷ Job Ͱ DB ͷϚΠάϨʔγϣϯΛ࣮ߦ DB ͷ ϚΠάϨʔγϣϯ
Sync Phases • Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋Δɹ
PreSync DB ͷ ϚΠάϨʔγϣϯ annotation ʹهࡌΛ͢Δͱ Argo CD ͕هࡌͨ͠ϑΣʔζͰ ࣮ߦͯ͘͠ΕΔ
• Argo CD ͷ Sync ʹେ͖͚ͯ͘ 3 ͭͷϑΣʔζ͕͋Δɹ PreSync DB
ͷ ϚΠάϨʔγϣϯ PreSync ͷϑΣʔζ͕ ऴΘͬͨΒ Job Λআ Sync Phases
Sync Waves • ֤ϑΣʔζͰͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ PreSync Sync PostSync Job
Job Pod Job 1 2 3 v1.1.0 ͔Βͷ৽ػೳ
Sync Waves Sync Job Pod Job 1 2 3 •
֤ϑΣʔζͰͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ
Sync Waves Sync Job Pod Job 1 2 3 •
֤ϑΣʔζͰͷ manifest ͷద༻ॱΛ੍ޚͰ͖Δ `argocd.argoproj.io/sync-wave` ͱ͍͏ annotaion ʹ Λࢦఆ͢Δ
·ͱΊ
·ͱΊ • Argo CD Ϧονͳ Web UI Ͱ GitOps Ͱ͖Δπʔϧ
• ৭ʑͱࡉ͔͍ػೳͱ͔ॆ࣮ͯ͠Δ • ެࣜͷυΩϡϝϯτॆ࣮ͯ͠ΔͷͰΈΑ͏! • https://argoproj.github.io/argo-cd/
Thank You! @ponde_m