ArgoCD 安装 & Istio 集成

按官方手册安装：

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

然后下载 argocd CLI：

wget https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
chmod +x argocd-linux-amd64
sudo mv argocd-linux-amd64 /usr/local/bin/argocd

修改 argocd server 启动为 –insecure 模式：

curl -kLs -o install.yaml https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

新建 kustomization.yml 文件：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./install.yaml

patches:
- path: ./patch.yml

新建 patch.yml 文件：

# Use --insecure so Ingress can send traffic with HTTP
# --bashref /argocd is the subpath like https://IP/argocd
# env was added because of https://github.com/argoproj/argo-cd/issues/3572 error
---
apiVersion: apps/v1
kind: Deployment
metadata:
 name: argocd-server
spec:
 template:
   spec:
     containers:
     - args:
       - /usr/local/bin/argocd-server
       - --staticassets
       - /shared/app
       - --redis
       - argocd-redis:6379
       - --insecure
       name: argocd-server
       env:
       - name: ARGOCD_MAX_CONCURRENT_LOGIN_REQUESTS_COUNT
         value: "0"

然后在当前目录执行：

kubectl apply -k ./ -n argocd --wait=true

接下来和 istio 进行集成并申请对应的证书：

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: argocd-doraemonext-net-cert-prod
  namespace: istio-system
spec:
  dnsNames:
  - argocd.doraemonext.net
  duration: 2160h0m0s
  issuerRef:
    group: cert-manager.io
    kind: ClusterIssuer
    name: letsencrypt
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
  renewBefore: 360h0m0s
  secretName: argocd-doraemonext-net-cert-prod
  usages:
  - server auth
  - client auth
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: argocd-doraemonext-net-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "argocd.doraemonext.net"
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      credentialName: argocd-doraemonext-net-cert-prod
    hosts:
    - "argocd.doraemonext.net"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: argocd-doraemonext-net-vs
  namespace: istio-system
spec:
  hosts:
  - "argocd.doraemonext.net"
  gateways:
  - argocd-doraemonext-net-gateway
  http:
  - match:
    - port: 80
    redirect:
      authority: "argocd.doraemonext.net:443"
      scheme: https
  - match:
    - port: 443
    route:
    - destination:
        host: argocd-server.argocd.svc.cluster.local
        port:
          number: 80

最后通过 argocd CLI 来初始化密码：

argocd admin initial-password -n argocd

用初始化的密码登录即可。