Argocd Rollouts
![]()
Argocd 架构
![]()
#ArgoCD Rollouts
Argo Rollouts
◼ 由一个控制器和一组CRD组成,可为Kubernetes提供高级部署功能,包括
◆blue-green
◆canary
◆canary analysis
◆experimentation
◆progressive delivery
◼ 支持与Ingress Controller(Nginx和ALB)及ServiceMesh(Istio、Linkerd和SMI)集成,利用它们的流量治理能
力实现流量迁移过程
◼ 能够查询和解释来自多种指标系统(Prometheus、Kubernetes Jobs、Web、Datadog等)的指标来验证Blue�Green或Canary部署结果,并根据结果自动决定执行升级或回滚
◼ 几个相关的CRD
◆Rollout、AnalysisTemplate、ClusterAnalysisTemplate和AnalysisRun
基本工作机制
◼ 与Deployment相似,Argo Rollouts控制器借助于ReplicaSet完成应用的创建、缩放和删除;
◼ ReplicaSet资源由Rollout的spec.template字段进行定义
#Rollout Controller
◼ 负责管理Rollout CRD资源对象
Rollout CRD
◼ 由Argo Rollout引入的自定义资源类型,与Kubernetes Deployment兼容,但具有控制高级部署方法的阶段、阈
值和方法的额外字段
◼ 并不会对Kubernetes Deployment施加任何影响,或要使用Rollout的功能,用户需要手动将资源从Deployment迁
移至Rollout
Ingress/Service
◼ Argo Rollouts使用标准的Kubernetes Service,但需要一些额外的元数据
◼ 针对Canary部署,Rollouts支持多种不同的ServiceMesh和Ingress Controller,实现精细化的流量分割和迁移
AnalysisTemplate和AnalysisRun
◼ Analysis是将Rollout连接至特定的Metric Provider,并为其支持的某些指标定义特定的阈值的能力,于是,这些
指标的具体值将决定更新操作是否成功进行;
◼ 若指标查询结果满足阈值,则继续进行;若不能满足,则执行回滚;若查询结果不确定,则暂停;
◼ 为了执行Analysis,Argo Rollouts提供了AnalysisTemplate和AnalysisRun两个CRD
#部署
https://argoproj.github.io/argo-rollouts/
https://github.com/argoproj/argo-rollouts/releases
【实验使用1.3.1】
https://github.com/argoproj/argo-rollouts/releases/tag/v1.3.1
#下载yaml文件
https://github.com/argoproj/argo-rollouts/releases/download/v1.3.1/dashboard-install.yaml
https://github.com/argoproj/argo-rollouts/releases/download/v1.3.1/install.yaml
#下载镜像
crictl pull quay.io/argoproj/argo-rollouts:v1.3.1 && \
crictl pull quay.io/argoproj/kubectl-argo-rollouts:v1.3.1
#Official执行
kubectl create namespace argo-rollouts
kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/download/v1.3.1/install.yaml
kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/download/v1.3.1/dashboard-install.yaml
#本地实验执行
[root@xianchaomaster1 KnativeSrc]# kubectl apply -f install.yaml -f dashboard-install.yaml -n argo-rollouts
[root@xianchaomaster1 KnativeSrc]# kubectl get pods -n argo-rollouts
NAME READY STATUS RESTARTS AGE
argo-rollouts-7f75b9fb76-cjdb7 1/1 Running 0 16s
argo-rollouts-dashboard-69c4f8f8dd-8v2gs 1/1 Running 0 16s
[root@xianchaomaster1 KnativeSrc]# kubectl api-resources --api-group=argoproj.io
NAME SHORTNAMES APIVERSION NAMESPACED KIND
analysisruns ar argoproj.io/v1alpha1 true AnalysisRun
analysistemplates at argoproj.io/v1alpha1 true AnalysisTemplate
applications app,apps argoproj.io/v1alpha1 true Application
applicationsets appset,appsets argoproj.io/v1alpha1 true ApplicationSet
appprojects appproj,appprojs argoproj.io/v1alpha1 true AppProject
clusteranalysistemplates cat argoproj.io/v1alpha1 false ClusterAnalysisTemplate
experiments exp argoproj.io/v1alpha1 true Experiment
rollouts ro argoproj.io/v1alpha1 true Rollout
#启动Dashboard
https://argoproj.github.io/argo-rollouts/dashboard/
#外部访问dashboard
【1】通过Istio开放访问
[root@ca-k8s-master01 argo-rollouts]# cat 03-argo-rollouts-dashboard-virtualservice.yaml
---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: argo-rollouts-dashboard
namespace: argo-rollouts
spec:
host: argo-rollouts-dashboard
trafficPolicy:
tls:
mode: DISABLE
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: argo-rollouts-dashboard-gateway
namespace: istio-system
spec:
selector:
app: istio-ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "argo-rollouts.magedu.com"
- "rollouts.magedu.com"
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: argo-rollouts-dashboard-virtualservice
namespace: argo-rollouts
spec:
hosts:
- "argo-rollouts.magedu.com"
- "rollouts.magedu.com"
gateways:
- istio-system/argo-rollouts-dashboard-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: argo-rollouts-dashboard
port:
number: 3100
---
[root@ca-k8s-master01 argo-rollouts]# kubectl apply -f 03-argo-rollouts-dashboard-virtualservice.yaml
#配置域名解析 浏览器访问
http://argo-rollouts.magedu.com/
【2】修改svc NodePort类型
[root@xianchaomaster1 KnativeSrc]# kubectl get svc -n argo-rollouts
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
argo-rollouts-dashboard ClusterIP 10.105.138.153 <none> 3100/TCP 25m
argo-rollouts-metrics ClusterIP 10.97.119.54 <none> 8090/TCP 25m
[root@xianchaomaster1 KnativeSrc]# kubectl edit svc argo-rollouts-dashboard -n argo-rollouts
NodePort
service/argo-rollouts-dashboard edited
[root@xianchaomaster1 KnativeSrc]# kubectl get svc -n argo-rollouts
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
argo-rollouts-dashboard NodePort 10.105.138.153 <none> 3100:31124/TCP 26m
argo-rollouts-metrics ClusterIP 10.97.119.54 <none> 8090/TCP 27m
#访问dashboard
http://192.168.40.180:31124/rollouts/
#部署工具
下载:https://github.com/argoproj/argo-rollouts/releases/download/v1.3.1/kubectl-argo-rollouts-linux-amd64
[root@xianchaomaster1 KnativeSrc]# cp kubectl-argo-rollouts-linux-amd64 /usr/bin/kubectl-argo-rollouts
You have new mail in /var/spool/mail/root
[root@xianchaomaster1 KnativeSrc]# chmod +x /usr/bin/kubectl-argo-rollouts
[root@xianchaomaster1 KnativeSrc]# kubectl-argo-rollouts --help
This command consists of multiple subcommands which can be used to manage Argo Rollouts.
Usage:
kubectl-argo-rollouts COMMAND [flags]
kubectl-argo-rollouts [command]
Examples:
# Get guestbook rollout and watch progress
kubectl argo rollouts get rollout guestbook -w
# Pause the guestbook rollout
kubectl argo rollouts pause guestbook
# Promote the guestbook rollout
kubectl argo rollouts promote guestbook
# Abort the guestbook rollout
kubectl argo rollouts abort guestbook
# Retry the guestbook rollout
kubectl argo rollouts retry guestbook
Available Commands:
abort Abort a rollout
completion Generate completion script
create Create a Rollout, Experiment, AnalysisTemplate, ClusterAnalysisTemplate, or AnalysisRun resource
dashboard Start UI dashboard
get Get details about rollouts and experiments
help Help about any command
lint Lint and validate a Rollout
list List rollouts or experiments
notifications Set of CLI commands that helps manage notifications settings
pause Pause a rollout
promote Promote a rollout
restart Restart the pods of a rollout
retry Retry a rollout or experiment
set Update various values on resources
status Show the status of a rollout
terminate Terminate an AnalysisRun or Experiment
undo Undo a rollout
version Print version
Flags:
--as string Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string UID to impersonate for the operation.
--cache-dir string Default cache directory (default "/root/.kube/cache")
--certificate-authority string Path to a cert file for the certificate authority
--client-certificate string Path to a client certificate file for TLS
--client-key string Path to a client key file for TLS
--cluster string The name of the kubeconfig cluster to use
--context string The name of the kubeconfig context to use
-h, --help help for kubectl-argo-rollouts
--insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
-v, --kloglevel int Log level for kubernetes client library
--kubeconfig string Path to the kubeconfig file to use for CLI requests.
--loglevel string Log level for kubectl argo rollouts (default "info")
-n, --namespace string If present, the namespace scope for this CLI request
--request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-s, --server string The address and port of the Kubernetes API server
--tls-server-name string Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string Bearer token for authentication to the API server
--user string The name of the kubeconfig user to use
Use "kubectl-argo-rollouts [command] --help" for more information about a command.
或者[root@xianchaomaster1 KnativeSrc]# kubectl argo rollouts
![]()
Rollout CRD的资源规范
#Rollout的功能在很大程度上与Deployment兼容,支持的字段也有不少相同之处
#Rollout CRD的spec字段支持使用的字段包括
◼ replicas <integer>:运行的Pod实例数量,默认为1;
◼ selector <Object>:筛选Pod对象的标签选择器;
◼ template <Object>:ReplicaSet模板对象;
◼ revisionHistoryLimit <integer>:更新历史中保留的ReplicaSet Revision数量;
◼ minReadySeconds <integer>:无容器crash的情况下,新建的Pod被视为可用的最短时长,默认为0,即立即转为Ready;
◼ paused <boolean>:是否置为暂停状态;
◼ progressDeadlineSeconds <integer>:更新过程中,更新步骤的最大等待时长,默认为600秒;
◼ progressDeadlineAbort <boolean>: 未使用analysis或experiment而progressDeadlineSeconds超时的情况下,是否中止更新过程,默认为否;
◼ restartAt <string>:重启Pod的时刻,其值为UTC时间戳格式;
◼ strategy <Object>:更新策略,支持canary和blueGreen两种;
Rollout strategy 更新策略之Canary
#通过spec.strategy.canary启用
#支持内嵌的字段
◼ canaryService <string>:由控制器用来匹配到Canary Pods上的Service,trafficRouting依赖于该字段;
◼ stableService <string>:由控制器用来匹配到Stable Pods上的Service, trafficRouting依赖于该字段;
◼ canaryMetadata <Object>:需要添加到Canary版本的Pod上的元数据,仅存于Canary更新期间,更新完成后即成为Stable;
◼ stableMetadata <Object>:需要添加到Stable版本的Pod上的元数据;
◼ maxSurge <>
◼ maxUnavailable <>
◼ scaleDownDelayRevisionLimit <integer>:在旧RS上启动缩容之前,可运行着的旧RS的数量;
◼ abortScaleDownDelaySeconds <integer>:启用了trafficRouting时,因更新中止 而收缩Canary版本Pod数量之前的延迟时长,默认为30s;
◼ scaleDownDelaySeconds <integer>: 启用了trafficRouting时,缩容前一个ReplicaSet规模的延迟时长,默认为30s;
◼ analysis <Object>:在滚动更新期间于后台运行的analysis,可选;
◼ steps <[]Object>:Canary更新期间要执行的步骤,可选;
◼ trafficRouting <Object>:设定Ingress Controller或ServiceMesh如何动态调整配置以完成精细化地流量分割和流量迁移;
◼ antiAffinity <Object>:定义Canary Pod与旧ReplicaSet Pod之间的反亲和关系;
常用的Step
#常用的Step
◼ pause <Object>:暂停step
◆用于暂停滚动过程
◆可内嵌duration字段指定暂停时长,或留空而一直暂停至由用户设定继续进行
◼ setWeight <integer>:设定Canary版本ReplicSet激活的Pod比例,以及调度至Canary版本的流量比例;
◼ setCanaryScale <Object>:设定Canary扩容期间Pod扩增与流量扩增的对应关系,支持如下三种配置之一
◆replicas <integer>:明确设定Canary RS的规模为该处指定的Pod数量,但不改变先前设定的流量比例;
◆weight <integer>:明确设定Canary RS的规模为该处指定的比例,但不改变先前设定的流量比例;
◆matchTrafficWeight <boolean>:设定Canary的Pod规模与调度至这些Pod的流量同比例滚动;
◼ analysis <Object>:内联定义或调用的analysis step;
◆args <[]Object>
◆dryRun <[]Object>
◆templates <[]Object>
◆measurementRetention <[]Object>
◼ experiment <Object>:内联定义或调用的experiment step;
◆analyses <[]Object>
◆duration <string>
◆templates <[]Object>
#analysis的相关配置
◼ args <[]Object>:Canary更新期间,要按需临时设定的参数
◆name <string>:要动态设定其值的参数的名称
◆value <string>:为相关参数指定一个具体值
◆valueFrom <Object>:相关参数的值引用自其它属性或字段的值
◼ templates <[]Object>:要引用的AnalysisTemplate
◆clusterScope <boolean>
◆templateName <string>:引用的AnalysisTemplate的名称
◼ dryRun <[]Object>
◼ startingStep <integer>
◼ measurementRetention <[]Object>
#trafficRouting的相关配置
◼ istio <Object>:与Istio协同完成流量迁移
◆destinationRule <Object>:Canary期间要自动动态调整其配置以完成流量迁移的DestinationRule资源
⚫ name <string>:DestinationRule资源的名称
⚫ canarySubsetName <string>:DestinationRule中临时使用的Canary子集的名称
⚫ stableSubsetName <string>:DestinationRule中临时使用的Stable子集的名称
◆virtualService <Object>:Canary期间要自动动态调整其配置以完成流量迁移的的VirtualService资源
⚫ name <string>:VirtualService资源的名称
⚫ routes <[]string>:指定的VirtualService资源上要动态调整的路由条目的名称列表,仅有一个路由时可省略该字段
⚫ tlsRoutes <[]Object>:指定的VirtualService资源上要动态调整的tls路由条目列表
◆virtualServices <[]Object>:Canary期间要自动动态调整其配置以完成流量迁移的的VirtualService资源列表
◼ nginx <Object>:与Ingress Nginx协同完成流量迁移
◆additionalIngressAnnotations <map[string]string>
◆annotationPrefix <string>
◆stableIngress <string>:要调整的Stable Ingress资源的名称
![]()
Rollout CRD的资源规范
浙公网安备 33010602011771号