메뉴 닫기

ArgoCD – GAR(Google Artifact Resistry) 연동

김진태

 

 

ArgoCD Google Artifact Resitry 연동을 통한 CICD

 

CICD 인프라

  • 사전 설정
    • GitLab CI 구성
    • ArgoCD 설치
    • Helm Chart Package 구성

 

  1. Argocd Image-Updater 설치

https://argocd-image-updater.readthedocs.io/en/stable/install/installation/

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj-labs/argocd-image-updater/stable/manifests/install.yaml

 

2. Google Artfact Registry 연동 하기 위한 Secret 생성

  • 사용할 네임스페이스 적용
  • gcp.json -> gcp sa 계정에서 권한 부여 받은 키 값
kubectl create secret docker-registry gar-helm-repo \
  --namespace=네임스페이스 \
  --docker-server=asia-northeast3-docker.pkg.dev \
  --docker-username=_json_key \
  --docker-password="$(cat gcp.json)" \
  --docker-email=evan.kim1992@gmail.com

 

3. RBAC 권한 부여

  • Role 생성
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: argocd-image-updater-secret-reader
  namespace: "네임스페이스"
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "list", "watch"]
  • Argocd RoleBinding 설정
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: argocd-image-updater-secret-reader-binding
  namespace: "네임스페이스"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: argocd-image-updater-secret-reader
subjects:
- kind: ServiceAccount
  name: argocd-image-updater      
  namespace: argocd

4. Argocd Image Updater Configmap 수정

kubectl edit cm -n argocd argocd-image-updater-config
apiVersion: v1
data:
  kube.events: "false"
  log.level: info
  registries.conf: |
    registries:
      - api_url: https://us-central1-docker.pkg.dev
        credentials: pullsecret:dev-lmvs/gar-helm-repo
        credsexpire: 30m
        name: Google Container Registry
        prefix: us-central1-docker.pkg.dev

5. Argocd Application 배포

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: dev-backend-helm
  namespace: argocd
  annotations:
    argocd-image-updater.argoproj.io/image-list: backend=us-central1-docker.pkg.dev/test/test-gar/dev-backend
    argocd-image-updater.argoproj.io/backend.pull-secret: dev-lmvs/gar-helm-repo
    argocd-image-updater.argoproj.io/backend.update-strategy: newest-build
    argocd-image-updater.argoproj.io/backend.values: image.tag
spec:
  destination:
    namespace: "네임스페이스"
    server: https://kubernetes.default.svc
  source:
    repoURL: us-central1-docker.pkg.dev/test/test-gar
    chart: dev-backend-helm
    targetRevision: 1.1.5
  project: test
  syncPolicy:
    automated: {}

6. 이미지 변경 시

  • 자동으로 ArgoCD Image Updater 감지하여 배포

Posted in CICD, IT

Related Posts