4
使用Ingress-Nginx来暴露ArgoCD Web-UI - 梨花海棠
source link: https://www.cnblogs.com/xunweidezui/p/17180195.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
未安装ArgoCD参考GitOps实践之kubernetes部署Argocd
1. 查看Argocd Service
可以看到是ClusterIP,因此不能从外部直接访问Argocd的WEB-UI
# kubectl get svc -n argocd
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
argocd-applicationset-controller ClusterIP 10.96.52.109 <none> 7000/TCP,8080/TCP 25d
argocd-dex-server ClusterIP 10.96.57.217 <none> 5556/TCP,5557/TCP,5558/TCP 25d
argocd-metrics ClusterIP 10.96.153.115 <none> 8082/TCP 25d
argocd-notifications-controller-metrics ClusterIP 10.96.207.83 <none> 9001/TCP 25d
argocd-redis ClusterIP 10.96.112.222 <none> 6379/TCP 25d
argocd-repo-server ClusterIP 10.96.240.85 <none> 8081/TCP,8084/TCP 25d
argocd-server ClusterIP 10.96.65.68 <none> 80/TCP,443/TCP 25d
argocd-server-metrics ClusterIP 10.96.16.178 <none> 8083/TCP 25ds
2. 检查Ingress控制器是否正常。
打算使用ingress-nginx来暴露应用,也可以使用Traefik等。
# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-bnmpt 1/1 Running 26 25d
ingress-nginx-controller-cfblk 1/1 Running 28 (5d23h ago) 25d
3. 查看Secret
# kubectl get secret -n argocd
NAME TYPE DATA AGE
argocd-application-controller-token-f9qj7 kubernetes.io/service-account-token 3 25d
argocd-applicationset-controller-token-r5vqk kubernetes.io/service-account-token 3 25d
argocd-dex-server-token-hzwkt kubernetes.io/service-account-token 3 25d
argocd-initial-admin-secret Opaque 1 25d
argocd-notifications-controller-token-75csv kubernetes.io/service-account-token 3 25d
argocd-notifications-secret Opaque 0 25d
argocd-redis-token-78522 kubernetes.io/service-account-token 3 25d
argocd-repo-server-token-6f2x9 kubernetes.io/service-account-token 3 25d
argocd-secret Opaque 5 25d
4. 配置Ingress规则。
# cat argocd-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-server-ingress
namespace: argocd
annotations:
nginx.io/tls-acme: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # 后端使用tls协议,设置代理后端服务器的代理协议类型,默认为 HTTP
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # 设置当前虚拟主机支持 HTTPS 请求时,是否将 HTTP 的请求强制跳转到 HTTPS 端口,全局默认为 true
nginx.ingress.kubernetes.io/ssl-passthrough: "true" # ssl透传
spec:
ingressClassName: nginx # 使用 nginx 的 IngressClass(关联的 ingress-nginx 控制器)
rules: # 规则
- host: argocd.k8s.local # 虚拟主机的FQDN
http:
paths:
- path: /
pathType: Prefix # Prefix前缀匹配
backend:
service:
name: argocd-server
port:
name: https
tls: # 配置 tls 证书
- hosts:
- argocd.k8s.local
secretName: argocd-secret "引用的secret"
# kubectl apply -f argocd-ingress.yaml
ingress.networking.k8s.io/argocd-server-ingress unchanged
5. 查看Ingress配置
不过需要注意大部分Ingress控制器都不是直接转发到Service
而是只是通过Service来获取后端的Endpoints列表,直接转发到Pod,这样可以减少网络跳转,提高性能。
# kubectl get ingress -n argocd
NAME CLASS HOSTS ADDRESS PORTS AGE
argocd-server-ingress nginx argocd.k8s.local 10.0.0.11,10.0.0.12 80, 443 24d
# kubectl describe ingress argocd-server-ingress -n argocd
Name: argocd-server-ingress
Namespace: argocd
Address: xxxxxxxx
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
argocd-secret terminates argocd.k8s.local
Rules:
Host Path Backends
---- ---- --------
argocd.k8s.local
/ argocd-server:https (192.168.2.49:8080)
Annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/force-ssl-redirect: true
nginx.ingress.kubernetes.io/ssl-passthrough: true
nginx.io/tls-acme: true
Events: <none>
6. 配置本地hosts解析。
echo "xxxxx argocd.k8s.local"
7. 访问argocd WEB-UI
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK