×
Community Blog Istio Ecosystem on ASM (1): Integrate ArgoCD into Alibaba Cloud Service Mesh to Implement GitOps

Istio Ecosystem on ASM (1): Integrate ArgoCD into Alibaba Cloud Service Mesh to Implement GitOps

Part 1 of this 3-part series explains how to use ArgoCD with Alibaba Cloud ASM to manage Resource Orchestration Service and simplify O&M management costs.

Background

You can use ArgoCD to release and update applications in Alibaba Cloud Service Mesh (ASM), which simplifies O&M costs. The developer submits the application definition (Deployment and Service) and traffic management (VirtualService, Gateway, and DestinationRule) written in YAML to the Git repository. ArgoCD monitors the current status of resources (such as Deployment, Service, and VirtualService) of applications in the cluster. It compares with the expected orchestration of resources in the Git repository based on the content in the Git repository. It can automatically/manually synchronize and deploy applications when the Git repository changes.

1

2. Prerequisites

  • Create an ASM enterprise edition instance whose Istio version is 1.12.4.50 or later
  • Create a container service for the Kubernetes (ACK) cluster
  • Add an ACK cluster to an ASM instance
  • ArgoCD is installed.
  • Git warehouse

3. Instructions

  1. Install ArgoCD
  2. Enable the KubeAPI access capability on the data plane of ASM
  3. Create an ASM gateway
  4. Add an ACK cluster to an ASM instance
  5. Deploy Istio resources using ArgoCD
  6. GitOps process demonstration

3.1 Install ArgoCD

If you have installed ArgoCD, skip this step. Please refer to the homepage for the installation and deployment of ArgoCD.

Alibaba Cloud Container Service (ACK) application center has the built-in ArgoCD feature. You can avoid manually installing ArgoCD. The ACK application center allows you to check the status of applications. You can use Git repositories and Helm charts to deploy application versions to Kubernetes clusters. You can roll back and publish application versions.

2

3.2 The KubeAPI Access Capability That Enables the Data Plane of ASM

Note: Alibaba Cloud Service Mesh (ASM) is a control plane that is compatible with managing Istio. An ArgoCD-managed ASM control plane and data plane (Kubernetes Container Service ACK) are not in the same Kubernetes cluster environment. We need to enable Data Plane KubeAPI Access in ASM. Then, ArgoCD can access Istio resources in the ASM cluster (just like accessing resources in the ACK cluster).

In managed mode, ASM and the Container Service ACK managed by ArgoCD are not in the same cluster environment. You need to enable the data plane KubeAPI access capability of ASM to enable ArgoCD to access the Istio resources in the ASM cluster (just like accessing the resources in the ACK cluster). You can enable this capability in the ASM console, as shown in the following figure:

3

3.3. Create an ASM Gateway

In Alibaba Cloud Service Mesh → ASM Gateways → Create

Create an ASM Gateway and provide ports 80 and 443:

4
5

3.4 Add the ACK Cluster to ArgoCD as External Cluster (Optional)

If ArgoCD and the ACK cluster managed by ASM are not in the same cluster, you must add the ACK cluster to ArgoCD.

You can add ACK clusters o ArgoCD using the Kubernetes secret as an external cluster. The tlsClientConfig can be obtained from the ACK KubeConfig file:

caData=certificate authority data
certData=client certificate data
keyData=client key data

6

3.5 Deploy Istio Resources through the ArgoCD Application

Now, Istio resources can be defined as Kubernetes inventory. They are pushed to the Git repository used to deploy application Kubernetes orchestration.

3.5.1 Create APP

Let's take Istio book-info as an example. The address of the Git repository is available here.

Fork this repository to your local first

Select argocd-asm for the branch and set Path to argo-cd/bookinfo:

7
8
9

3.5.2 View Application Status

This figure shows the creation after completion:

10

Click bookinfo to view the status of the created resource:

11

3.5.3 View the Resource Status in the Alibaba Cloud Console

You can view the created resources in the ASM console, as shown in the following VirtualService:

12

You can click the bookinfo name to view the specific YAML file:

13

You can also view the created resources in the ACK console, as shown in the following figure:

14

3.5.4 Access Test

Obtain the address of the ASM gateway from the ASM console and enter the http://{ASM-Gateway-IP}/productpage in the browser for access:

15
16

There are three versions of Istio book-info reviews, but we have not specified a version yet. The data display on the right will be different every time you refresh. We can specify through the GitOps process.

17
18

3.6 GitOps Demo

After configuring traffic rules, the v1 version reviews are displayed normally. Only when the logon username is jason, the v2 version is displayed. Change the copy of the Deployment reviews-v1 to 2. Add the following content to the argo-cd/bookinfo/istio-route.yaml file of Git repository. Change the number of reviews-v1 Deployment replicas in argo-cd/bookinfo/bookinfo.yaml to 2.

3.6.1 Modify Local Files

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
    - reviews
  http:
  - match:
    - headers:
        end-user:
          exact: jason
    route:
    - destination:
        host: reviews
        subset: v2
  - route:
    - destination:
        host: reviews
        subset: v1
---

19

3.6.2 Commit & Push

$ git add *
$ git commit -m "reviews-v1"
 reviews-v1
 2 files changed, 22 insertions(+), 22 deletions(-)
$ git push 

3.6.3 Synchronization

If automatic synchronization is enabled, ArgoCD automatically synchronizes Git configurations to the cluster. If not, you can manually click the Sync button. As shown below, since the file has changed, the Argo console will automatically prompt the OutOfSync status. Click the Sync button to complete the synchronization.

20
21

After synchronization, you can view the resources created in the ASM console, as shown in the following figure:

22

You can click the reviews name to view the specific YAML content:

23

You can also view the updated resources in the ACK console. The number of Deployment reviews-v1 replicas is updated to 2:

24

3.6.4 Effect View

According to the routing rules, the access http://{ASM-Gateway-IP}/productpage is fixed to the review-v1 version when you are not logged on.

25
26

The number of reviews-v1 replicas also takes effect to 2. If we log in with jason as the user name (any password), we will see the v2 version.

27

4. Summary

Use ArgoCD in practice (combined with the latest features of Alibaba Cloud Service Mesh (ASM)) to manage Resource Orchestration Service (ROS) in GitOps mode, which simplifies O&M management costs.

0 0 0
Share on

Alibaba Cloud Native

208 posts | 12 followers

You may also like

Comments