All Products
Search
Document Center

Container Service for Kubernetes:Getting started with GitOps

最終更新日:Aug 26, 2024

Distributed Cloud Container Platform for Kubernetes (ACK One) allows you to use GitOps on a Fleet instance to manage applications deployed from Git repositories in terms of version management, multi-cluster distribution, and continuous deployment. GitOps supports applications orchestrated by using YAML manifests, Helm charts, and Kustomize. GitOps is compatible with open source ArgoCD and provides highly available control planes. This topic describes how to use GitOps on a Fleet instance to deploy a multi-cluster application.

Prerequisites

Billing rules

After you enable GitOps, ACK One automatically creates the following cloud resources.

  • A Server Load Balancer (SLB) instance, which is used to expose the endpoints of the ArgoCD API and ArgoCD UI.

  • A pay-as-you-go elastic container instance with 2 vCores and 4 GB of memory, which is used to run the ArgoCD service.

For more information, see Cloud resource billing for multi-cluster management.

Supported regions

All regions that have the Fleet management feature of ACK One enabled. For more information, see Regions supported by multi-cluster Fleets and workflow clusters.

Step 1: Enable Internet access for the GitOps console on the Fleet instance

ACK One automatically enables GitOps when you create a Fleet instance. By default, you can access the GitOps console through a virtual private cloud (VPC). To do this, make sure that your office network is connected to the VPC.

To enable Internet access for the GitOps console to submit and view applications, perform the following steps.

Important

Security risks may arise after you enable Internet access for the GitOps console. Make sure that access control list (ACL) rules are configured before you perform this operation.

Use the ACK console

  1. Log on to the ACK One console. In the left-side navigation pane, choose Fleet > Multi-cluster Applications.

  2. On the Multi-cluster Applications page, click Dingtalk_20231226104633.jpg to the right of the Fleet instance name in the upper-left corner and select a Fleet instance from the drop-down list.

  3. By default, GitOps is enabled for newly created Fleet instances. If GitOps is disabled for your Fleet instance, click Enable GitOps. In the message that appears, click OK.

    If GitOps is enabled for your Fleet instance, the Multi-cluster Applications page displays GitOps Console and Access Control.

  4. On the Multi-cluster Applications page, click Access Control. In the dialog box that appears, enable access control, enter the IP addresses or CIDR blocks that you want to add to the whitelist, and then click OK.

  5. After Internet access is enabled, click GitOps Console to access the GitOps console over the Internet.

Use Alibaba Cloud CLI

  1. Make sure that the latest version of Alibaba Cloud CLI is installed and run the following command to enable GitOps and Internet access.

    • Replace <your_clusterid> with the ID of your Fleet instance.

    • Replace AccessControlList with the public IP address of the user agent. For more information about how to query the public IP address of the user agent, see Enable public access to Argo CD.

    aliyun adcp UpdateHubClusterFeature --ClusterId <your_clusterid> --PublicAccessEnabled true --AccessControlList "[\"10.100.XX.XX/24\"]" --ArgoCDEnabled true 
  2. Optional: If you use the AccessKey pair of a RAM user, you must attach the AliyunAdcpFullAccess policy to the RAM user. For more information, see Grant permissions to a RAM user.

Step 2: Create an application and deploy the application

Use the ACK console

  1. On the Multi-cluster Applications page, click GitOps Console to open the ArgoCD UI logon page and click LOG IN VIA ALIYUN. Then, log on to the ArgoCD UI with your Alibaba Cloud account.

  2. Connect to a Git repository.

    1. In the left-side navigation pane of the ArgoCD UI, click Settings and then choose Repositories > + Connect Repo.

    2. In the panel that appears, configure the following parameters and click CONNECT.

      Section

      Parameter

      Value

      Choose your connection method

      VIA HTTPS

      CONNECT REPO USING HTTPS

      Type

      git

      Project

      default

      Repository URL

      https://github.com/AliyunContainerService/gitops-demo.git

      Skip server verification

      Select the check box.

      image.png

      After the Git repository is connected, CONNECTION STATUS displays Successful.

      image.png

  3. Create an application.

    1. In the left-side navigation pane of the ArgoCD UI, click Applications and then click + NEW APP.

    2. In the panel that appears, configure the following parameters and click CREATE.

      Section

      Parameter

      Value

      GENERAL

      Application Name

      echo-server-demo

      Project Name

      default

      SYNC POLICY

      Select Automatic from the drop-down list.

      Valid values:

      • Manual: You need to manually synchronize changes from the Git repository to the cluster where the application is deployed.

      • Automatic: ArgoCD Server scans the Git repository every 3 minutes and synchronizes changes to the cluster where the application is deployed.

      SYNC OPTIONS

      Select AUTO-CREATE NAMESPACE.

      SOURCE

      Repository URL

      Select a Git repository from the drop-down list. In this example, https://github.com/AliyunContainerService/gitops-demo.git is selected.

      Revision

      HEAD

      Path

      manifests/helm/echo-server

      DESTINATION

      Cluster URL/Cluster Name

      Select a cluster from the drop-down list.

      Namespace

      echo-server-demo

      HELM

      VALUES FILES

      values.yaml

    3. After the application named echo-server-demo is created, you can view the status of the application on the Application page.

      If SYNC POLICY is set to Manual, you need to click SYNC to manually deploy the application in the specified cluster. After the status of the application changes to Healthy and Synced, the application is deployed.

      image.png

    4. Click the name of the application to view the application details. The details page displays the topology and status of Kubernetes resources used by the application.

      image.png

Use the ArgoCD CLI

  1. Log on to ArgoCD.

    1. Access ArgoCD v2.8.7. Download and install ArgoCD CLI v2.8.7.

    2. Run the following command on the Fleet instance to obtain the initial password of ArgoCD:

      kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
    3. Run the following command on the Fleet instance to log on to ArgoCD by using port-forward. The default username is admin.

      export ARGOCD_OPTS='--port-forward-namespace argocd --port-forward'
      
      argocd login
      Username: admin
      Password:

      Expected output:

      'admin:login' logged in successfully
      Context 'port-forward' updated
    4. Run the following command on the Fleet instance to change the password of the default user admin:

      argocd account update-password
      *** Enter password of currently logged in user (admin):
      *** Enter new password for user admin:
      *** Confirm new password for user admin:

      Expected output:

      Password updated
      Context 'port-forward' updated
  2. Connect to a Git repository.

    1. Run the following command to add a Git repository:

      argocd repo add https://github.com/AliyunContainerService/gitops-demo.git --name echo-server

      Expected output:

      Repository 'https://github.com/AliyunContainerService/gitops-demo.git' added
    2. Run the following command to query Git repositories:

      argocd repo list

      Expected output:

      TYPE  NAME  REPO                                                       INSECURE  OCI    LFS    CREDS  STATUS      MESSAGE  PROJECT
      git         https://github.com/AliyunContainerService/gitops-demo.git  false     false  false  false  Successful           default
    3. Run the following command to query clusters:

      argocd cluster list

      Expected output: The ArgoCD cluster list displays all clusters associated with the Fleet instance.

      SERVER                          NAME                                        VERSION  STATUS      MESSAGE                                                  PROJECT
      https://47.97.XX.XX:6443      c83f3cbc90a****-temp02   1.22+    Successful
      https://kubernetes.default.svc  in-cluster                                           Unknown     Cluster has no applications and is not being monitored.
  3. Create an application.

    1. Run the following command to create an application:

      argocd app create echo-server --repo https://github.com/AliyunContainerService/gitops-demo.git --path  manifests/helm --dest-namespace echo-server-cli --dest-server https://47.97.XX.XX:6443

      Expected output:

      application 'echo-server' created
    2. Run the following command to deploy the application in the specified cluster:

      argocd app sync echo-server

      Expected output:

      TIMESTAMP                  GROUP        KIND   NAMESPACE                       NAME    STATUS    HEALTH        HOOK  MESSAGE
      2022-09-22T14:32:45+08:00            Service  echo-server-cli           echo-server  OutOfSync  Missing
      2022-09-22T14:32:45+08:00   apps  Deployment  echo-server-cli           echo-server  OutOfSync  Missing
      2022-09-22T14:32:45+08:00            Service  echo-server-cli           echo-server    Synced  Progressing
      2022-09-22T14:32:45+08:00            Service  echo-server-cli           echo-server    Synced   Progressing              service/echo-server created
      2022-09-22T14:32:45+08:00   apps  Deployment  echo-server-cli           echo-server  OutOfSync  Missing                  deployment.apps/echo-server created
      2022-09-22T14:32:45+08:00   apps  Deployment  echo-server-cli           echo-server    Synced  Progressing              deployment.apps/echo-server created
      
      Name:               echo-server
      Project:            default
      Server:             https://47.97.XX.XX:6443
      Namespace:          echo-server-cli
      URL:                https://127.0.0.1:52742/applications/echo-server
      Repo:               https://github.com/AliyunContainerService/gitops-demo.git
      Target:
      Path:               manifests/helm
      SyncWindow:         Sync Allowed
      Sync Policy:        <none>
      Sync Status:        Synced to  (e5c2618)
      Health Status:      Progressing
      
      Operation:          Sync
      Sync Revision:      e5c261880a4072cdbfa5173add2be426f7f3****
      Phase:              Succeeded
      Start:              2022-09-22 14:32:44 +0800 CST
      Finished:           2022-09-22 14:32:45 +0800 CST
      Duration:           1s
      Message:            successfully synced (all tasks run)
      
      GROUP  KIND        NAMESPACE        NAME         STATUS  HEALTH       HOOK  MESSAGE
             Service     echo-server-cli  echo-server  Synced  Progressing        service/echo-server created
      apps   Deployment  echo-server-cli  echo-server  Synced  Progressing        deployment.apps/echo-server created
    3. Run the following command to query applications:

      argocd app list

      Expected output:

      NAME             CLUSTER                     NAMESPACE        PROJECT  STATUS  HEALTH   SYNCPOLICY  CONDITIONS  REPO                                                     PATH              TARGET
      echo-server      https://47.97.XX.XX:6443  echo-server-cli  default  Synced  Healthy  <none>      <none>      https://github.com/AliyunContainerService/gitops-demo.git  manifests/helm

Step 3: Disable GitOps for the Fleet instance

When you no longer need to use GitOps, you can delete the application managed by GitOps and then disable GitOps.

Note

To delete a Fleet instance, you must first disable GitOps for the Fleet instance.

Use the ACK console

  1. Log on to the ACK One console. In the left-side navigation pane, choose Fleet > Multi-cluster Applications.

  2. On the Multi-cluster Applications page, click Dingtalk_20231226104633.jpg to the right of the Fleet instance name in the upper-left corner and select your Fleet instance from the drop-down list.

  3. In the upper-right corner of the Multi-cluster Applications page, click Disable. In the message that appears, click OK.

Use Alibaba Cloud CLI

Make sure that the latest version of Alibaba Cloud CLI is installed and run the following command to disable GitOps for the Fleet instance:

aliyun adcp UpdateHubClusterFeature --ClusterId <your_clusterid> --ArgoCDEnabled false