├── .github
    └── workflows
    │   └── publish.yaml
├── Dockerfile
├── LICENSE
├── README.md
├── _config.yml
├── examples
    ├── harbor.md
    ├── nexus.md
    ├── skywalking.md
    └── sonarqube.md
└── translation
    └── argocd-v2.6-release-candidate.md


/.github/workflows/publish.yaml:
--------------------------------------------------------------------------------
 1 | name: Publish
 2 | 
 3 | on:
 4 |   schedule:
 5 |   - cron: "0 16 * * *"
 6 |   workflow_dispatch:
 7 | 
 8 | env:
 9 |   REGISTRY: ghcr.io
10 |   IMAGE_NAME: ${{ github.repository }}
11 | 
12 | jobs:
13 |   image:
14 |     runs-on: ubuntu-20.04
15 |     steps:
16 |       - name: Checkout
17 |         uses: actions/checkout@v3.0.0
18 |       - name: Setup Docker buildx
19 |         uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
20 |       - name: Log into registry ${{ env.REGISTRY }}
21 |         if: github.event_name != 'pull_request'
22 |         uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
23 |         with:
24 |           registry: ${{ env.REGISTRY }}
25 |           username: ${{ github.actor }}
26 |           password: ${{ secrets.GH_PUBLISH_SECRETS }}
27 |       - name: Extract Docker metadata
28 |         id: meta
29 |         uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
30 |         with:
31 |           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
32 |       - name: Build and push Docker image
33 |         id: build-and-push
34 |         uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
35 |         with:
36 |           context: .
37 |           push: ${{ github.event_name != 'pull_request' }}
38 |           tags: ${{ steps.meta.outputs.tags }}
39 |           labels: ${{ steps.meta.outputs.labels }}
40 |           cache-from: type=gha
41 |           cache-to: type=gha,mode=max
42 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ghcr.io/linuxsuren/hd:v0.0.70
2 | 
3 | RUN hd i kubernetes-sigs/kubectl
4 | RUN hd get https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
5 | 
6 | CMD ["kubectl", "apply", "--namespace", "argocd", "-f", "install.yaml"]
7 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2022 Rick
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Argo CD Guide
  2 | 
  3 | [Argo CD](https://argo-cd.readthedocs.io/) 是基于 [Kubernetes](https://kubernetes.io/) 的申明式、GitOps 持续部署工具。
  4 | 
  5 | 本教程可以通过 [mde](https://github.com/LinuxSuRen/md-exec) 实现交互式体验。
  6 | 
  7 | ## 安装
  8 | 首先，你需要有一套 [Kubernetes](https://github.com/kubernetes/kubernetes/) 环境。下面的工具可以帮助你快速按照好一套 Kubernetes 环境：
  9 | 
 10 | > 推荐使用 [hd](https://github.com/LinuxSuRen/http-downloader) 安装下面的工具
 11 | >
 12 | > 安装 `hd` 的命令为：`curl https://linuxsuren.github.io/tools/install.sh|bash`
 13 | 
 14 | | 工具 | 工具安装 |使用 |
 15 | |---|---|---|
 16 | | [k3d](https://k3d.io/) | `hd i k3d` | `k3d cluster create` |
 17 | | [kubekey](https://github.com/kubesphere/kubekey) | `hd i kk` | `kk create cluster` |
 18 | | [minikube](https://github.com/kubernetes/minikube) | `hd i minikube` | `minikube start` |
 19 | 
 20 | ```shell
 21 | #!title: Install K3d
 22 | hd i k3d
 23 | ```
 24 | 
 25 | ```shell
 26 | #!title: Reinstall K3d cluster
 27 | k3d cluster delete
 28 | k3d cluster create
 29 | ```
 30 | 
 31 | 当 Kubernetes 环境就绪后，就可以通过下面的命令会在命名空间（`argo`）下安装最新版本的 `Argo CD`：
 32 | 
 33 | ```shell
 34 | #!title: Install ArgoCD
 35 | kubectl create namespace argocd || true
 36 | hd get https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/install.yaml
 37 | kubectl apply -n argocd -f install.yaml || rm -rf install.yaml
 38 | rm -rf install.yaml
 39 | ```
 40 | 
 41 | 如果你的环境访问 GitHub 时有网络问题，可以使用下面的命令来安装：
 42 | 
 43 | ```shell
 44 | docker run -it --rm -v /root/.kube/:/root/.kube --network host --pull always ghcr.io/linuxsuren/argo-cd-guide:master
 45 | ```
 46 | 
 47 | 查看初始化密码：
 48 | ```shell
 49 | #!title: Get Password
 50 | kubectl -n argocd get secret argocd-initial-admin-secret -ojsonpath={.data.password} | base64 -d
 51 | ```
 52 | 
 53 | 设置访问方式：
 54 | ```shell
 55 | kubectl -n argocd patch svc argocd-server --type='json' -p '[{"op":"replace", "path":"/spec/type", "value":"NodePort"}, {"op":"add", "path":"/spec/ports/0/nodePort","value":31518}]'
 56 | # 暴露 k3d 端口
 57 | k3d node edit k3d-k3s-default-serverlb --port-add 31518:31518
 58 | ```
 59 | 
 60 | 推荐使用的工具：
 61 | 
 62 | ||||
 63 | |---|---|---|
 64 | | [k9s](https://k9scli.io/) | `hd i k9s` | K9s is a terminal based UI to interact with your Kubernetes clusters. |
 65 | | `argocd` | `hd i argoproj/argo-cd` |  |
 66 | 
 67 | ## 最佳实践
 68 | 为了确保 YAML 格式正确，可以使用 [kubeconform](https://github.com/yannh/kubeconform) 对 [Argo CD 的 JSON SChema](https://github.com/argoproj/argo-cd/issues/9348) 进行校验。
 69 | 
 70 | ## 一个简单的示例
 71 | 执行下面的命令后
 72 | 
 73 | ```shell
 74 | #!title: Create A Sample App +f
 75 | cat <<EOF | kubectl apply -n argocd -f -
 76 | apiVersion: argoproj.io/v1alpha1
 77 | kind: Application
 78 | metadata:
 79 |   name: learn-pipeline-go
 80 | spec:
 81 |   destination:
 82 |     namespace: default
 83 |     server: https://kubernetes.default.svc
 84 |   project: default
 85 |   source:
 86 |     repoURL: https://gitee.com/devops-ws/learn-pipeline-go   # 示例工程
 87 |     path: kustomize                                           # 从该目录下查找 Kubernetes 文件
 88 |     targetRevision: HEAD
 89 |     kustomize:
 90 |       namePrefix: foo
 91 | EOF
 92 | ```
 93 | 
 94 | 更多应用的例子请查看：
 95 | 
 96 | * [SonarQube](examples/sonarqube.md)
 97 | * [Harbor](examples/harbor.md)
 98 | 
 99 | ## 概念
100 | TODO
101 | 
102 | ## 同步策略
103 | 
104 | Argo CD 可以[指定 Git 仓库中的特定目录](https://argo-cd.readthedocs.io/en/stable/user-guide/directory/)，已经一些通用配置：
105 | ```yaml
106 | apiVersion: argoproj.io/v1alpha1
107 | kind: Application
108 | metadata:
109 |   name: sample
110 | spec:
111 |   source:
112 |     repoURL: https://github.com/devops-ws/learn-pipeline-go
113 |     targetRevision: HEAD
114 |     path: kustomize                           # 指定父目录
115 |     directory:
116 |       recurse: true                           # 支持遍历子目录
117 |       exclude: '{config.json,env-usw2/*}'     # 忽略部分
118 |       include: '*.yaml'                       # 包含所有 YAML 文件
119 |   syncPolicy:
120 |     syncOptions:
121 |     - CreateNamespace=true
122 |     automated:
123 |       prune: true
124 |       selfHeal: true
125 | ```
126 | 
127 | 设置[同步策略](https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/)：
128 | ```yaml
129 | apiVersion: argoproj.io/v1alpha1
130 | kind: Application
131 | metadata:
132 |   name: sample
133 | spec:
134 |   syncPolicy:
135 |     syncOptions:
136 |     - CreateNamespace=true      # 自动创建命名空间
137 |     automated:
138 |       prune: true               # Git 库中删除的资源，也会在集群中删除
139 |       selfHeal: true
140 | ```
141 | 
142 | ## 模板工具
143 | TODO
144 | 
145 | ## Git 仓库
146 | Argo CD 支持 HTTPS、SSH 协议的 Git 仓库，下面的例子中使用的是 SSH 协议：
147 | 
148 | ```yaml
149 | apiVersion: v1
150 | data:
151 |   insecure: dHJ1ZQ==
152 |   project: ZGVmYXVsdA==
153 |   sshPrivateKey: eW91ci12YWx1ZQ==
154 |   type: Z2l0
155 |   url: Z2l0QGdpdGh1Yi5jb206ZGV2b3BzLXdzL2FyZ28tY2QtZ3VpZGUuZ2l0
156 | kind: Secret
157 | metadata:
158 |   labels:
159 |     argocd.argoproj.io/secret-type: repository # 表明这会被 Argo CD 识别为仓库（Git、Helm 等）
160 |   name: repo-1108037796 # 以 repo- 为前缀的名称，通过 UI 创建时会自动生成
161 |   namespace: argocd
162 | type: Opaque
163 | ```
164 | 
165 | ## Helm 仓库
166 | > 截至 v2.5.2 Argo CD 界面还支持添加 Helm 类型的仓库，可以通过命令行或者 YAML 的方式来添加。
167 | 
168 | ```yaml
169 | apiVersion: v1
170 | data:
171 |   enableOCI: dHJ1ZQ==
172 |   name: c2staGVsbQ==
173 |   project: ZGVmYXVsdA==
174 |   type: aGVsbQ==
175 |   url: cmVnaXN0cnktMS5kb2NrZXIuaW8=
176 | kind: Secret
177 | metadata:
178 |   labels:
179 |     argocd.argoproj.io/secret-type: repository
180 |   name: repo-skywalking-helm
181 |   namespace: argocd
182 | type: Opaque
183 | ```
184 | 
185 | OCI 类型的 Helm 仓库安装示例请查看 [examples/skywalking](examples/skywalking.md)
186 | 
187 | ## Webhook
188 | TODO
189 | 
190 | ```
191 | https://ip:port/api/webhook
192 | ```
193 | 
194 | ## 配置管理插件
195 | 配置管理工具（Config Management Plugin，CMP）使得 Argo CD 可以支持 Helm、Kustomize 以外的（可转化为 Kubernetes 资源）格式。
196 | 
197 | 例如：我们可以将 [GitHub Actions 的配置文件转为 Argo Workflows](https://github.com/LinuxSuRen/github-action-workflow/) 的文件，从而实现在不了解 Argo Workflows 的 `WorkflowTemplate` 写法的前提下，也可以把 Argo Workflows 作为 CI 工具。
198 | 
199 | > 下面的例子中需要用到 Argo Workflows，请自行安装，或查看[这篇中文教程](https://github.com/LinuxSuRen/argo-workflows-guide)。
200 | 
201 | 我们只需要将插件作为 sidecar 添加到 `argocd-repo-server` 即可。下面是 sidecar 的配置：
202 | 
203 | ```yaml
204 | apiVersion: apps/v1
205 | kind: Deployment
206 | metadata:
207 |   name: argocd-repo-server
208 |   namespace: argocd
209 | spec:
210 |   template:
211 |     spec:
212 |       containers:
213 |       - args:
214 |         - --loglevel
215 |         - debug
216 |         command:
217 |         - /var/run/argocd/argocd-cmp-server
218 |         image: ghcr.io/linuxsuren/github-action-workflow:master
219 |         imagePullPolicy: IfNotPresent
220 |         name: tool
221 |         resources: {}
222 |         securityContext:
223 |           runAsNonRoot: true
224 |           runAsUser: 999
225 |         volumeMounts:
226 |         - mountPath: /var/run/argocd
227 |           name: var-files
228 |         - mountPath: /home/argocd/cmp-server/plugins
229 |           name: plugins
230 | ```
231 | 
232 | 然后，再添加如下 Argo CD Application 后，我们就可以看到已经有多个 Argo Workflows 被创建出来了。
233 | 
234 | ```yaml
235 | apiVersion: argoproj.io/v1alpha1
236 | kind: Application
237 | metadata:
238 |   name: yaml-readme
239 |   namespace: argocd
240 | spec:
241 |   destination:
242 |     namespace: default
243 |     server: https://kubernetes.default.svc
244 |   project: default
245 |   source:
246 |     path: .github/workflows/                            # It will generate multiple Argo CD application manifests 
247 |                                                         # base on YAML files from this directory.
248 |                                                         # Please make sure the path ends with slash.
249 |     plugin: {}                                          # Argo CD will choose the corresponding CMP automatically
250 |     repoURL: https://gitee.com/linuxsuren/yaml-readme   # a sample project for discovering manifests
251 |     targetRevision: HEAD
252 |   syncPolicy:
253 |     automated:
254 |       selfHeal: true
255 | ```
256 | 
257 | 由于用到 PVC 作为 Pod 之间的共享存储，我们还需要安装对应的依赖。如果是测试环境，可以安装 [OpenEBS](https://openebs.io/docs/user-guides/installation)。并设置其中的 为[默认存储卷](https://kubernetes.io/zh-cn/docs/tasks/administer-cluster/change-default-storage-class/)：
258 | 
259 | ```shell
260 | kubectl patch storageclass openebs-hostpath -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
261 | ```
262 | 
263 | 如果需要用到 Git 凭据的话，可以通过下面的命令拿到：
264 | 
265 | ```shell
266 | kubectl create secret generic git-secret --from-file=id_rsa=/root/.ssh/id_rsa --from-file=known_hosts=/root/.ssh/known_hosts --dry-run=client -oyaml
267 | ```
268 | 
269 | 这一点对于 Argo Workflows 落地为持续集成（CI）工具时，非常有帮助。如果您觉得 GitHub Actions 的语法足够清晰，那么，可以直接使用上面的插件。或者，您希望能定义出更简单的 YAML，也可以自行实现插件。插件的核心逻辑就是将目标文件（集）转为 Kubernetes 的 YAML 文件，在这里就是 `WorkflowTemplate`。
270 | 
271 | 如果再发散性地思考下，我们也可以通过自定义格式的 YAML（或 JSON 等任意格式）文件转为 Jenkins 可以识别的 Jenkinsfile，或其他持续集成工具的配置文件格式。
272 | 
273 | ## 凭据管理
274 | 可以通过下面的命令，生成一个加密后的 Secret：
275 | ```shell
276 | kubectl create secret generic test --from-literal=username=admin --from-literal=password=admin --dry-run=client -oyaml -n default | kubeseal -oyaml
277 | ```
278 | 
279 | 下面是生成 Docker 认证信息的命令：
280 | ```shell
281 | kubectl create secret docker-registry harbor --docker-server='10.121.218.184:30002' \
282 |   --docker-username=admin --docker-password=password \
283 |   --dry-run=client -oyaml -n default | kubeseal -oyaml
284 | ```
285 | 
286 | ## 单点登录
287 | Argo CD [内置了 Dex 服务](https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#dex)，我们可以参考如下的配置来对接外部身份认证服务：
288 | 
289 | ```yaml
290 | apiVersion: v1
291 | kind: ConfigMap
292 | metadata:
293 |   name: argocd-cm
294 |   namespace: argocd
295 | data:
296 |   url: https://10.121.218.184:31392 # argo-cd server 的地址
297 |   dex.config: |
298 |     logger:
299 |       level: debug
300 |     connectors:
301 |       - type: gitlab
302 |         id: gitlab
303 |         name: GitLab
304 |         config:
305 |           baseURL: http://10.121.218.82:6080
306 |           clientID: b9119ac2313f62625d8b1e9648f7b10b9dad9c5198f19e5df731b09ffa5d008d
307 |           clientSecret: a0c1bef745da758609acceb5beba3c0104f04c3b0a491aee7c7c479ed3e26309
308 |           redirectURI: https://10.121.218.184:31392/api/dex/callback
309 |           groups:
310 |           - dev               # 只允许 dev 用户组
311 |           useLoginAsID: false
312 | ```
313 | 
314 | ```yaml
315 | apiVersion: v1
316 | kind: ConfigMap
317 | metadata:
318 |   name: argocd-rbac-cm
319 |   namespace: argocd
320 | data:
321 |   policy.csv: |
322 |     # 只允许 dev 组的用户查看 application
323 |     p, role:org-readonly, applications, get, default/*, allow
324 | 
325 |     g, dev, role:org-readonly           # 假如用户组名为 dev
326 |   policy.default: role:org-readonly
327 |   scopes: '[groups, email]' 
328 | ```
329 | 
330 | 对于通用的 OAuth 认证，可以访问下面地址获取相关信息：
331 | 
332 | `https://10.121.218.184:31392/api/dex/.well-known/openid-configuration`
333 | 
334 | ## 多集群
335 | ```shell
336 | #!title: Create New Cluster
337 | cat <<EOF | kubectl apply -n argocd -f -
338 | apiVersion: v1
339 | data:
340 |   config: eyJ0bHNDbGllbnRDb25maWciOnsiaW5zZWN1cmUiOnRydWUsImNhRGF0YSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVU0xZWtORFFXTXJaMEYzU1VKQlowbENRVVJCVGtKbmEzRm9hMmxIT1hjd1FrRlJjMFpCUkVGV1RWSk5kMFZSV1VSV1VWRkVSWGR3Y21SWFNtd0tZMjAxYkdSSFZucE5RalJZUkZSSmVVMVVTWGRPVkVGNlRXcFJNRTFXYjFoRVZFMTVUVlJKZDAxcVFYcE5hbEV3VFZadmQwWlVSVlJOUWtWSFFURlZSUXBCZUUxTFlUTldhVnBZU25WYVdGSnNZM3BEUTBGVFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUlZCQlJFTkRRVkZ2UTJkblJVSkJUVXBzQ21OdVNHc3pORkVyVUhWdVRFeG9PV1pIZVdoaGVVRXdXbEoyYmxncmNqSkZXa2xZTTJzeWFTOXhSVTExWnpWRlRXMTVWMWxuU0d4YU4xQnZNVWR5UkZBS2VsZFdXbGx4Tm1sblozSmFOWGN3Um1JMWRtVkNjRmhDTUhOWFJVRXpiVVpOUVdFNEszWlhhRmxvTDI5UU1uSldWMEkxZFdwQ2NIa3piMDFNWWpGamNRcGtSWFoxUjBsQ1IxTlFSV0YwVUZsbmJYbHZjbXRHUkZKWksxZFlOVVpyWVUwNU5VUTNWbE14Wm1seE5qWndOR0oyTm5wbFNHSjNUM1prYWk4clZVMWxDbWxTWmpGR01WQXpWSGxqUVcxdFR6Vmthall2UTBWdE5tWkhURXBKYUZWUVNqWldRbE51V0c5MldESmtVekZUZDJ4dU56UlBZbU5PTlVZekt6VllPRmtLVm1wSU9UazJiQzgyWlcxVFIzZGlUMEpFVGxGTVlrUkJVR1JSTm14bU5GUlNPRE5EZEdGdVMzSlFha1l5VGpCV1ZGTTNUV1JoVUhRNVMwWnJjRlZ3YVFwcE9XNXViWFI1VWpWUVdWQXhjREl6VGxORlEwRjNSVUZCWVU1RFRVVkJkMFJuV1VSV1VqQlFRVkZJTDBKQlVVUkJaMHRyVFVFNFIwRXhWV1JGZDBWQ0NpOTNVVVpOUVUxQ1FXWTRkMGhSV1VSV1VqQlBRa0paUlVaRFMxbFhTR3N6VVVGS1ZtMUJiV1E1UzJsQlRsWTBiMDQzYjBkTlFUQkhRMU54UjFOSllqTUtSRkZGUWtOM1ZVRkJORWxDUVZGRGRFbDNjVlJRU0VjeFIxTlBZMGNyYlhrdmJXSlVWM2d3YmpKMFRYaEhUbnBWTjB4RGIzY3JhblJsTm5FdmJuRkVZZ3AxTDNOd1ZXb3JabXRVZGtkWVRuSmpWbTlYVW5sTVZqVlNhbWN5Y0VwTFdYQmpRMlExYXpReGVEVkhXbEJZTUZKbWVXeHFPRVJKYlhOaGNqRXJaRGxhQ20xTE9YRndSM0k0VEVRNGRrdFZUMVJCTW1seU5tUnRVMDlyV1U1WlNHNWtOM015Uml0b1JYY3pRMWc1YXpacGMwaFlSVGxCZW05WWVVODRZelV3Um1zS1NXOHZkMmhRYVhSUVpIQmphbE5WV0hjNFVVUmlTMk5RT0Zwdk4zZGllRTFyTDBsc2NtWmFRVVJ2UVdZMVRERnhNRmRQWW14RFZWSlZlVTVrTTNkd1RncFVlR2QzZDBNM1NVWmhiUzl0SzNSM1MwVnNjVlZOWm1WRFNGVkljemR2Tm1aS2RtdGFZa1JzYVV4eWMyeEJlVmRzUldzMFZVdFFhVkoxWkVOVVVrdE5DamRHVDBKcmMwbEtPRlU1ZHl0TmRsbEpjMGc1TURFNFoyNDNiVU5sZVVKSE1UbHNhQW90TFMwdExVVk9SQ0JEUlZKVVNVWkpRMEZVUlMwdExTMHRDZz09IiwiY2VydERhdGEiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VSSlZFTkRRV2R0WjBGM1NVSkJaMGxKWkVwclNISnlibTFvVXpCM1JGRlpTa3R2V2tsb2RtTk9RVkZGVEVKUlFYZEdWRVZVVFVKRlIwRXhWVVVLUVhoTlMyRXpWbWxhV0VwMVdsaFNiR042UVdWR2R6QjVUV3BGZVUxRVZYZE5la2t3VGtSR1lVWjNNSGxOZWtWNVRVUlZkMDE2U1RCT1JGSmhUVVJSZUFwR2VrRldRbWRPVmtKQmIxUkViazQxWXpOU2JHSlVjSFJaV0U0d1dsaEtlazFTYTNkR2QxbEVWbEZSUkVWNFFuSmtWMHBzWTIwMWJHUkhWbnBNVjBackNtSlhiSFZOU1VsQ1NXcEJUa0puYTNGb2EybEhPWGN3UWtGUlJVWkJRVTlEUVZFNFFVMUpTVUpEWjB0RFFWRkZRVFZDWkhVelpFeGlMMngyWjFwNmVUZ0tSVTFCUTBKM1VqVTFaR2RYU2tjMFVHczNTV1J1TVRkQk1Ib3hVbWRJTlhCS1dETjZObFV2ZDJWQ2VrdEtTbXhUYlhaaWF6VjNNV1FyV1VzMk5HcEJhZ3BzTDJsT1NtMXVkVlJzYlZnNVprRjZUbkpLWm5CemMxQnFhbFUyVlVkSmFGVndTa0ZTTkhnNGNpOXpkblY1UldGaWJuQlhlRzR5VmxGeWRtNXJiMG92Q2xwWlpFTklRMWR5Y0Vadk5IZEVhSFJGVUZaSVdrOTRTVUl5VjBOTFRGTnRibnBrZUhRMFJIUkJZbmQxWXpsRGFXUnVPRTFvTW1SM1dYWXdNR3hWTlRRS05Ua3haa05uU21zeU9VUkdWU3MxYzJwUk16QnBSa3RKVVhwbGVEazNkQ3RhVFdsYVpqRndWVzFpVEhBMWVqWXJLMUJ1TUZGNk56QXdZa3RyVGt0ak5BcFhWMUpIY0ZGTGMyUlZiR3gwTDNwYWFuSjZaaTl6Wm5wUmFVbFFielJKV0VvMGVGQlZlbXQyVEhWMVVHVjJVbEpOVlhVclV6VnVaMFZKZWxwamVGVmtDa0pXWXpSRGQwbEVRVkZCUW04eFdYZFdSRUZQUW1kT1ZraFJPRUpCWmpoRlFrRk5RMEpoUVhkRmQxbEVWbEl3YkVKQmQzZERaMWxKUzNkWlFrSlJWVWdLUVhkSmQwUkJXVVJXVWpCVVFWRklMMEpCU1hkQlJFRm1RbWRPVmtoVFRVVkhSRUZYWjBKUmFXMUdhRFZPTUVGRFZscG5TbTVtVTI5blJGWmxTMFJsTmdwQ2FrRk9RbWRyY1docmFVYzVkekJDUVZGelJrRkJUME5CVVVWQmJtZzBSemhJV1d4bGMyazVTR2haZGxReE5ETmxOU3RCY0hSTFNGVjJaMlEyUnpod0NtNHZXSEZ2V0dFdmFHb3diamxZTW1GU1RrSXpNVnBaWVc4ME1qZHpibFZKWVc5UlpXMTZaVWhLZEVaUlRrODRWMU5YYjBRclZsQkVORGhsWVZOMk4yUUtPR3hvTTBkNFNsaFhkVWxpV1ZZMWQyTnBOM2xRYnpsR1dXOTRRMnhNWlROVE5HeFdiVVYwVERkdFZqVlBVbnBxVVU5WlFVMHZkV1pIVVdsdWQyOTRUUW95U1ZKc1ZsVjBjRVZ5VmxSUGMwZDBRMGR3WjJsRGN6Y3hTVUpLVTJnemNUZzNjbXRLYm1abU1XSnlZa1owZHpSdk5GSkhlVFlyTVRGQmVFVjJNak0wQ21wSVR6VjJha3RwTTBJd1RubHNSMlkwWW1WSWVtWkNSVTFSTDNWRVIyZHBibVYzV0hKVFVFWlZRbXRXUmsxVlFWWlhiVmxNZG1WemJXbG1aMWMwTVdVS2NYaFZWa3R6SzJ0RlJHUkhaMGRMUVRCa2VFUkdUbUV5TDFaSWVEQk1jbHBvUVZvNGIwRjFhM2hxYW1kMWRtcFNTMUU5UFFvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PSIsImtleURhdGEiOiJMUzB0TFMxQ1JVZEpUaUJTVTBFZ1VGSkpWa0ZVUlNCTFJWa3RMUzB0TFFwTlNVbEZiM2RKUWtGQlMwTkJVVVZCTlVKa2RUTmtUR0l2YkhablducDVPRVZOUVVOQ2QxSTFOV1JuVjBwSE5GQnJOMGxrYmpFM1FUQjZNVkpuU0RWd0NrcFlNM28yVlM5M1pVSjZTMHBLYkZOdGRtSnJOWGN4WkN0WlN6WTBha0ZxYkM5cFRrcHRiblZVYkcxWU9XWkJlazV5U21ad2MzTlFhbXBWTmxWSFNXZ0tWWEJLUVZJMGVEaHlMM04yZFhsRllXSnVjRmQ0YmpKV1VYSjJibXR2U2k5YVdXUkRTRU5YY25CR2J6UjNSR2gwUlZCV1NGcFBlRWxDTWxkRFMweFRiUXB1ZW1SNGREUkVkRUZpZDNWak9VTnBaRzQ0VFdneVpIZFpkakF3YkZVMU5EVTVNV1pEWjBwck1qbEVSbFVyTlhOcVVUTXdhVVpMU1ZGNlpYZzVOM1FyQ2xwTmFWcG1NWEJWYldKTWNEVjZOaXNyVUc0d1VYbzNNREJpUzJ0T1MyTTBWMWRTUjNCUlMzTmtWV3hzZEM5NldtcHllbVl2YzJaNlVXbEpVRzgwU1ZnS1NqUjRVRlY2YTNaTWRYVlFaWFpTVWsxVmRTdFROVzVuUlVsNldtTjRWV1JDVm1NMFEzZEpSRUZSUVVKQmIwbENRVkZEZVRsdlVHaG1iR3h2VTFCU1dRcGlSRzUyVG05blozTXlNV3hZZEdRMGRTOWFlVE42VlVrek5VdFNOamRIZDBSUU9EVkZTWE0xVXpaVFZYbGFiamxtTWs1c0wxVlFOakpsTUdKSlYzazJDbTVwVXk5VU5rTkpVRWRPYW1wRU5rVkdTRkpMWmxWbk5XMVhabUZJTXpscGNFdDNZVzF0TDJVNE5tRTVaVmQxYnl0eU9DOVpZbEZIVWpOREsycExjVlVLZEU1c05tTjBZak5QVFU1cmVpOXNjRTFLZVRaNWIyazJPR1l4VGpsMVlXSlVZVmRFV1hRMk9HZFZSR3h1VkVoNlVuSkhObE5wYkdwaVFscEVOVXc0Y3dwM01WcHBTRVZWVDBnM1pXTktZWHBOZGxRMVUxcHlTV1ZqYW5aNVNrNVhWbGxhTWxRclozTXJWMVpLU1hsV1dHNXljVzUxUm5oUk9HSm1kRWt6UlRoU0NrY3plbmRDU1VaUWJDOW1TRmd2VEVkUWRDczFUMVJMWlhadVlrSjZRVU01YWtrdk1rOTZObFpLWjB0VWNraFJlVkJITXpRMFpWbEJRMmhzVFhRM2QyY0thaXRRV2sxaUwxSkJiMGRDUVU5VU9VVkZWMEo1VGpoQ2JWUk5kSGxGT1hBNFNsUkJWRE5oTVZGQ1JtSkhkR1JCZEZNMVowOWhhbWRuZVRSVldDdE9XUXBaVkdsSFZFVnJWamxUU25abE0wWk5WVUpoWkhkM1RFUlNia3cyVFdOdE1rVklNazFrTTFkeE1DdEVNMlppWVVoa05WQjVWQzlhZVZJMFRUY3hVRGR1Q25oak4yUk1hMDV0ZGpKMmMwTnRSMVpUYVZwd1dGZEpWV2QwUkVKNldIZHNUMm92ZEV4WVJrWk1RVUY1YkZkV1QwNXNUVTB3TUVKS1FXOUhRa0ZRTnk4S1UwVllXVGxsWkVFNWQyMXphVVZZWVU5UlJYUkNUSGxsTW14VFVHOHlSMUJTWlVaclRrVlhVMDVOVERsVmJYUnJaSEZyUlhBNE9FcHJNSGhVVWxZek9BcHhkbWxvUmxJeVpHdHJOakpNZGs4eFozWjBWMkpvVXpoSGJXYzVTMWRKTURKUllXUjJkMVZTU2xGdFJIWkZWa3BtYTJWS1JsRnRTWE5IY1dWak5IbzBDbVZKZEVSRlJUbFJhaTlrVEVGVGRrTXdRbGxpZW5Sc2VrSlNNWFZ3ZFZKdVMyWTBSMnRTTW5wQmIwZEJTazlYYUN0YVJYZEVURGN4VFVsdWRpOU9kbFlLUzBOTVZYRjNkMHBvYzBwdVZVMW1ZMkZrZVZoaVpEWXZVa2N5UlVKa016TjZSMUJZV25VNWFUQkhiVzFQYkhSU2FrWk9abGRPUzJWU01tbEtTRlJrTkFvNFRVaDRabU5TU1RNM1kwSlRjV2RLV0VreGRURlJZMVV2ZEVKc1VXRXlWemhtTkhoMGFYRlpURmwxWWtsS05IUnNTVXhzZVZOblJUZENOVTlRWmt4Q0NuTkJkRWhvZW1wbFNHbHZTV0ZKY0hoMGJrRmhiV2RGUTJkWlFsQm1ObU0wYmpOMVMzSlhXbGhVWTB4MWFFTndhR2N6WlVkc2NpOWhkbE14YVhKU2FFMEtVRTFHVUV3eFdHcDBUR0ZPV2t4VVdqTlBiVEJWYm1ad2R6aDRUV3RSYkRodGFuWk1SQ3RWWkZKUk9DdFRPR2xoVFRCbUsycDFXbk4xVTFNNWVWWjNad3BCS3pSYU1XczJSblZPZUhCbVdrRjRTRlIyUW5wVGRYcEZaRTVWYWl0TFJrTkdUamxhZEVJM1pVcGlWVE5rWldsRVQyeG5VV04yUjJOVmFqSjZTRXczQ2tRelJVOXZVVXRDWjBOWlYxcE1NRVJ4VURWRU5HUk9NMngxVG5OblFreGtUMkppTmpSUmQwVlBUM3BzVGtNeWRuRk5iak5aVFM5UFFqRndUVGNyVFdvS1FVTk1TRVV6VFZGM2NITldiRUV6ZVV0VFdGUklXVlUySzJsa01taElVVE15U2paRVdVaG5SRFIzZFVsQlIyRTFOVEpwVlRoWWFUZGFPVlZwZW1Od1NRcElZazF1TkZndlEweGplV3dyUWxKdmEzaGpXbWw2VERCR1RUZDRkMGwyV1RWUlEzVm9OazV4U0haNlVHVlhaamQ2WTNWcUNpMHRMUzB0UlU1RUlGSlRRU0JRVWtsV1FWUkZJRXRGV1MwdExTMHRDZz09In19
341 |   name: ZGV2
342 |   server: aHR0cHM6Ly8xOTIuMTY4LjEyMy4yNDU6NjQ0Mw==
343 | kind: Secret
344 | metadata:
345 |   annotations:
346 |     managed-by: argocd.argoproj.io
347 |   labels:
348 |     argocd.argoproj.io/secret-type: cluster
349 |   name: cluster-dev
350 |   namespace: argocd
351 | type: Opaque
352 | EOF
353 | ```
354 | 
355 | ```JSON
356 | {
357 |   "username": "",
358 |   "password": "",
359 |   "bearerToken": "token", # 必须字段
360 |   "tlsClientConfig": {
361 |     "insecure": true,
362 |     "caData": "sample",
363 |     "certData": "sample",
364 |     "keyData": "sample"
365 |   }
366 | }
367 | ```
368 | 
369 | ```
370 | cat <<EOF | kubectl apply -n argocd -f -
371 | apiVersion: v1
372 | kind: Secret
373 | metadata:
374 |   name: cluster-dev
375 |   namespace: argocd
376 |   labels:
377 |     argocd.argoproj.io/secret-type: cluster
378 | type: Opaque
379 | stringData:
380 |   name: dev
381 |   server: https://192.168.123.245:6443
382 |   config: |
383 |     {
384 |       "bearerToken": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImdwQ20yZjZlTzRKeGdNNVRTUlRKak5DWTlFUVpDT09sSTBEWHBPckNUUkEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJjbHVzdGVyLXRva2VuLWxzN2NkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImNsdXN0ZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2ZGZiMjVhOC1iZDU4LTQ2YzQtOWUwMy00NmExZDViZDBhYmMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06Y2x1c3RlciJ9.wDmF85TPCLCtBvj7OQDNP6ZXPuS96CI0ajB2iRKTMP9yTy5xqcffWko4ajEYknha5hr4u1kj-PaVS92dAmeG7h8dibgBALPL3uwACC1aZ7OZbWDVXHBW8ttBP-VYfMC07K0GPbUgaAEE8OdZ4HEtntpHOshiJqIVRBkT4QrGmjdGmbuJ3HAq6SQL4n0gQ09C5lKzk3e1VTQOJtG25mqj0-CSmlydDsM49AUTD3Sd2Bz6Fdy9uFjufwxLySSnNka4mkHWzdsrQ3istYSJaZZtQwnY4C4ZRqyV-hqMDOl8jQND5HivjGez-DgdoffrW_tK6kCZAmIl9gal44yhE7hgaA",
385 |       "tlsClientConfig": {
386 |         "insecure": false,
387 |         "caData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1USXdOVEF6TWpRME1Wb1hEVE15TVRJd01qQXpNalEwTVZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTUpsCmNuSGszNFErUHVuTExoOWZHeWhheUEwWlJ2blgrcjJFWklYM2syaS9xRU11ZzVFTW15V1lnSGxaN1BvMUdyRFAKeldWWllxNmlnZ3JaNXcwRmI1dmVCcFhCMHNXRUEzbUZNQWE4K3ZXaFloL29QMnJWV0I1dWpCcHkzb01MYjFjcQpkRXZ1R0lCR1NQRWF0UFlnbXlvcmtGRFJZK1dYNUZrYU05NUQ3VlMxZmlxNjZwNGJ2NnplSGJ3T3Zkai8rVU1lCmlSZjFGMVAzVHljQW1tTzVkajYvQ0VtNmZHTEpJaFVQSjZWQlNuWG92WDJkUzFTd2xuNzRPYmNONUYzKzVYOFkKVmpIOTk2bC82ZW1TR3diT0JETlFMYkRBUGRRNmxmNFRSODNDdGFuS3JQakYyTjBWVFM3TWRhUHQ5S0ZrcFVwaQppOW5ubXR5UjVQWVAxcDIzTlNFQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZDS1lXSGszUUFKVm1BbWQ5S2lBTlY0b043b0dNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDdEl3cVRQSEcxR1NPY0crbXkvbWJUV3gwbjJ0TXhHTnpVN0xDb3cranRlNnEvbnFEYgp1L3NwVWorZmtUdkdYTnJjVm9XUnlMVjVSamcycEpLWXBjQ2Q1azQxeDVHWlBYMFJmeWxqOERJbXNhcjErZDlaCm1LOXFwR3I4TEQ4dktVT1RBMmlyNmRtU09rWU5ZSG5kN3MyRitoRXczQ1g5azZpc0hYRTlBem9YeU84YzUwRmsKSW8vd2hQaXRQZHBjalNVWHc4UURiS2NQOFpvN3dieE1rL0lscmZaQURvQWY1TDFxMFdPYmxDVVJVeU5kM3dwTgpUeGd3d0M3SUZhbS9tK3R3S0VscVVNZmVDSFVIczdvNmZKdmtaYkRsaUxyc2xBeVdsRWs0VUtQaVJ1ZENUUktNCjdGT0Jrc0lKOFU5dytNdllJc0g5MDE4Z243bUNleUJHMTlsaAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
388 |       }
389 |     }
390 | EOF
391 | ```
392 | 
393 | 详情请查看 https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
394 | 
395 | ## 自动更新镜像
396 | 借助 [argocd-image-updater](https://github.com/argoproj-labs/argocd-image-updater) 可以自动更新应用的镜像，参考配置如下：
397 | 
398 | ```yaml
399 | apiVersion: argoproj.io/v1alpha1
400 | kind: Application
401 | metadata:
402 |   name: server
403 |   namespace: argocd
404 |   annotations:
405 |     argocd-image-updater.argoproj.io/image-list: 10.121.218.184:30002/al-cloud/console:master
406 |     argocd-image-updater.argoproj.io/update-strategy: digest
407 | ```
408 | 
409 | ## 通知
410 | Argo CD 内置了[消息通知模块](https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/)，只要添加下面的 ConfigMap 即可，这里以发送消息到钉钉为例：
411 | 
412 | ```yaml
413 | apiVersion: v1
414 | kind: ConfigMap
415 | metadata:
416 |   name: argocd-notifications-cm
417 | data:
418 |   subscriptions: |
419 |     - recipients:
420 |       - status
421 |       triggers:
422 |       - sync-operation-change
423 |   defaultTriggers: |
424 |     - sync-operation-change
425 |   trigger.sync-operation-change: |
426 |     - when: app.status.operationState.phase in ['Succeeded', 'Running', 'Error', 'Failed']
427 |       oncePer: app.status.sync.revision
428 |       send: [status]
429 |   template.status: |
430 |     webhook:
431 |       status:
432 |         method: POST
433 |         path: /send?access_token=token
434 |         body: |
435 |           {"msgtype": "text", "text": {"content": "Application {{.app.metadata.name}} sync is {{.app.status.sync.status}}."}}
436 |     message: |
437 |       Application {{.app.metadata.name}} sync is {{.app.status.sync.status}}.
438 |       Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
439 |   service.webhook.status: |
440 |     url: https://oapi.dingtalk.com/robot
441 |     headers:
442 |     - name: Content-Type
443 |       value: application/json
444 | ```
445 | 
446 | ## 组件介绍
447 | TODO
448 | 
449 | ## FAQ
450 | 
451 | | 组件 | 日志 | 方案 |
452 | |---|---|---|
453 | | `argocd-repo-server` | `gpg --no-permission-warning --logger-fd 1 --batch --gen-key /tmp/gpg-k ││ ey-recipe1158238699 failed exit status 2` | 删除 `seccompProfile` |
454 | 
455 | ## 其他资料
456 | * [Argo CD 视频教程](https://www.bilibili.com/video/BV17F411h7Zh/)
457 | 


--------------------------------------------------------------------------------
/_config.yml:
--------------------------------------------------------------------------------
1 | remote_theme: linuxsuren/minimal@v0.0.1
2 | lang: zh-cn
3 | title: Argo CD Guide
4 | description: Argo CD Guide
5 | google_analytics: G-ZED59BWBPL
6 | 


--------------------------------------------------------------------------------
/examples/harbor.md:
--------------------------------------------------------------------------------
 1 | 下面是在 Argo CD 中通过 Helm 安装 [Harbor](https://goharbor.io/) 的例子：
 2 | 
 3 | ```shell
 4 | apiVersion: argoproj.io/v1alpha1
 5 | kind: Application
 6 | metadata:
 7 |   name: harbor
 8 |   namespace: argocd
 9 | spec:
10 |   project: default
11 |   source:
12 |     chart: harbor
13 |     repoURL: https://helm.goharbor.io
14 |     targetRevision: 1.10.2
15 |     helm:
16 |       releaseName: harbor
17 |       parameters:
18 |       - name: expose.type
19 |         value: nodePort
20 |       - name: expose.tls.enabled
21 |         value: "false"
22 |       - name: externalURL
23 |         value: http://10.121.218.184:30002
24 |   destination:
25 |     server: "https://kubernetes.default.svc"
26 |     namespace: harbor
27 |   syncPolicy:
28 |     syncOptions:
29 |     - CreateNamespace=true
30 |     - RespectIgnoreDifferences=true
31 |     automated:
32 |       prune: true
33 |       selfHeal: true
34 | ```
35 | 
36 | 备注：
37 | * 建议设置访问地址，也就是：`externalURL`
38 | 


--------------------------------------------------------------------------------
/examples/nexus.md:
--------------------------------------------------------------------------------
 1 | ```yaml
 2 | apiVersion: argoproj.io/v1alpha1
 3 | kind: Application
 4 | metadata:
 5 |   name: nexus
 6 |   namespace: argocd
 7 | spec:
 8 |   project: default
 9 |   source:
10 |     chart: nexus-repository-manager
11 |     repoURL: https://sonatype.github.io/helm3-charts
12 |     targetRevision: "58.1.0"
13 |     helm:
14 |       releaseName: sonarqube
15 |       parameters:
16 |       - name: service.type
17 |         value: NodePort
18 |   destination:
19 |     server: "https://kubernetes.default.svc"
20 |     namespace: sonarqube
21 |   syncPolicy:
22 |     syncOptions:
23 |     - CreateNamespace=true
24 |     automated:
25 |       prune: true
26 |       selfHeal: true
27 | ```
28 | 


--------------------------------------------------------------------------------
/examples/skywalking.md:
--------------------------------------------------------------------------------
 1 | 以下是通过 Helm 来安装 SkyWalking 的例子：
 2 | 
 3 | ```yaml
 4 | apiVersion: argoproj.io/v1alpha1
 5 | kind: Application
 6 | metadata:
 7 |   name: skywalking
 8 |   namespace: argocd
 9 | spec:
10 |   project: default
11 |   source:
12 |     chart: "skywalking-helm"
13 |     repoURL: registry-1.docker.io/apache
14 |     targetRevision: 4.3.0
15 |     helm:
16 |       releaseName: skywalking
17 |       parameters:
18 |       - name: oap.image.tag
19 |         value: "9.2.0"
20 |       - name: oap.storageType
21 |         value: elasticsearch
22 |       - name: ui.image.tag
23 |         value: "9.2.0"
24 |       - name: ui.service.type
25 |         value: "NodePort"
26 |       - name: ui.service.nodePort
27 |         value: "30113"
28 |   destination:
29 |     server: "https://kubernetes.default.svc"
30 |     namespace: skywalking
31 |   syncPolicy:
32 |     syncOptions:
33 |     - CreateNamespace=true
34 |     - RespectIgnoreDifferences=true
35 |     automated:
36 |       prune: true
37 |       selfHeal: true
38 | ````
39 | 


--------------------------------------------------------------------------------
/examples/sonarqube.md:
--------------------------------------------------------------------------------
 1 | 下面是在 Argo CD 中通过 Helm 安装 [SonarQube](https://docs.sonarqube.org/latest/) 的例子：
 2 | 
 3 | ```shell
 4 | cat <<EOF | kubectl apply -n argocd -f -
 5 | apiVersion: argoproj.io/v1alpha1
 6 | kind: Application
 7 | metadata:
 8 |   name: sonarqube
 9 | spec:
10 |   project: default
11 |   source:
12 |     chart: sonarqube
13 |     repoURL: https://SonarSource.github.io/helm-chart-sonarqube
14 |     targetRevision: 6.0.1+425
15 |     helm:
16 |       releaseName: sonarqube
17 |       parameters:
18 |       - name: service.type
19 |         value: NodePort
20 |       - name: sonarProperties.sonar\.auth\.gitlab\.enabled
21 |         value: 'true'
22 |       - name: sonarProperties.sonar\.auth\.gitlab\.url
23 |         value: http://10.121.218.82:6080/
24 |       - name: sonarProperties.sonar\.auth\.gitlab\.applicationId\.secured
25 |         value: 5ad8f157979f497231074b77b3734a3daa02ed73620e741a0e1b27c2c9903530
26 |       - name: sonarProperties.sonar\.auth\.gitlab\.secret\.secured
27 |         value: 23b1c7bc3583e8454c6a42a1d3bca232a8ada9ceea6913aaf565a50dadb7ea58
28 |       - name: sonarProperties.sonar\.auth\.gitlab\.groupsSync
29 |         value: 'true'
30 |       - name: sonarProperties.sonar\.core\.serverBaseURL
31 |         value: http://10.121.218.184:30008
32 |       - name: plugins.install[0]
33 |         value: https://github.com/vaulttec/sonar-auth-oidc/releases/download/v2.1.1/sonar-auth-oidc-plugin-2.1.1.jar
34 |       - name: plugins.install[1]
35 |         value: https://ghproxy.com/https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/1.14.0/sonarqube-community-branch-plugin-1.14.0.jar
36 |       - name: sonarProperties.sonar\.auth\.oidc\.enabled
37 |         value: 'true'
38 |       - name: sonarProperties.sonar\.auth\.oidc\.issuerUri
39 |         value: 'https://10.121.218.184:31392/api/dex'
40 |       - name: sonarProperties.sonar\.auth\.oidc\.clientId\.secured
41 |         value: 'sonarqube'
42 |       - name: sonarProperties.sonar\.auth\.oidc\.clientSecret\.secured
43 |         value: 'rick'
44 |       - name: sonarProperties.sonar\.auth\.oidc\.scopes
45 |         value: 'openid email profile'
46 |   destination:
47 |     server: "https://kubernetes.default.svc"
48 |     namespace: sonarqube
49 |   syncPolicy:
50 |     syncOptions:
51 |     - CreateNamespace=true
52 |     automated:
53 |       prune: true
54 |       selfHeal: true
55 | EOF
56 | ```
57 | 


--------------------------------------------------------------------------------
/translation/argocd-v2.6-release-candidate.md:
--------------------------------------------------------------------------------
  1 | ---
  2 | link: https://blog.argoproj.io/draft-argo-cd-v2-6-release-candidate-ced1853bbfdb
  3 | ---
  4 | 
  5 | # Argo CD v2.6 Release Candidate
  6 | 
  7 | Argo CD v2.6 Release Candidate 发布了。在这个版本中，你会发现一些很赞的 Argo CD 功能以及改进。
  8 | 有超过 83 名人员参与到了新功能开发、缺陷修复以及改进易用性。当然，正式版本的发布前还希望大家多多尝试。
  9 | 我们非常开心地宣布 v2.6 的首个候选版本，并期待听到您的反馈。您可以反馈对新的变更的看法，以及发现了的缺陷。
 10 | 
 11 | ![Photo by Mathieu Stern](https://miro.medium.com/max/720/1*Go_t0XBjnOlKfRnkDMyfyg.webp)
 12 | Photo by Mathieu Stern
 13 | 
 14 | ## 参数化配置管理插件
 15 | 配置管理插件（CMP）的参数化，使得插件可以申明并使用参数。
 16 | 申明参数使得 CMPs 可以提供类似于内置配置管理工具（例如：Helm、Kustomize 等）的体验。
 17 | 在此之前，只能通过设置环境变量给 CMPs 提供参数。
 18 | 
 19 | ![](https://miro.medium.com/max/720/0*OrZrhoGvQYLXd9rS.webp)
 20 | 
 21 | 感谢来自 Intuit 的 Michael Crenshaw 和 Zach Aller 在这个特性上做出的贡献。
 22 | 
 23 | ## 通过选项 syncOptions `CreateNamespace=true` 创建的命名空间支持添加元信息
 24 | 现在，你可以通过 `managedNamespaceMetadatain` 向 Application 所在的命名空间添加标签（label）和注解（annotation）。
 25 | 这个特性会在命名空间是由 Argo CD 创建时添加自定义标签。下面是一个该功能的例子。
 26 | 
 27 | ```yaml
 28 | apiVersion: argoproj.io/v1alpha1
 29 | kind: Application
 30 | metadata:
 31 |   namespace: test
 32 | spec:
 33 |   syncPolicy:
 34 |     managedNamespaceMetadata:
 35 |       labels: # The labels to set on the application namespace
 36 |         any: label
 37 |         you: like
 38 |       annotations: # The annotations to set on the application namespace
 39 |         the: same
 40 |         applies: for
 41 |         annotations: on-the-namespace
 42 |     syncOptions:
 43 |     - CreateNamespace=true
 44 | ```
 45 | 
 46 | 感谢来自 Krobier 的 Blake Pettersson 在这个功能上做出的贡献。
 47 | 
 48 | ## 支持 Google Cloud Source 仓库
 49 | Argo CD 现在支持连接托管在 Google Cloud Source 上的仓库了。
 50 | 这为依赖 Google Cloud Source 的应用打开了可能性，这是一个值得期待的功能。
 51 | 
 52 | ![](https://miro.medium.com/max/720/0*jEZTNAF_dMALWDjm.webp)
 53 | 
 54 | 感谢来自 GetYourGuide 的 Alex Eftimie 在这功能上做出的贡献。
 55 | 
 56 | ## Application 支持多源
 57 | Application 对多源支持的支持是一个 beta 功能。
 58 | UI 和 CLI 任然只支持第一个源，完整的支持会在后续的版本中出现。
 59 | 该功能在稳定之前可能会有不兼容的情况出现。
 60 | 
 61 | Argo CD 可以在单个 Application 中指定多个源。
 62 | Argo CD 会合并源后进行同步资源。该功能的一个使用场景是，Helm Chart 应用通常会
 63 | 将 Helm Chart 与 values 文件分别存储。任何一个源有变化后，将会更新 Argo CD application。
 64 | 
 65 | 下面指定多个源的例子。当您设置字段 `sources` 后，Argo CD 会忽略字段 `source`。
 66 | 
 67 | ```yaml
 68 | apiVersion: argoproj.io/v1alpha1
 69 | kind: Application
 70 | metadata:
 71 |   name: guestbook
 72 |   namespace: argocd
 73 | spec:
 74 |   project: default
 75 |   destination:
 76 |     server: https://kubernetes.default.svc
 77 |     namespace: default
 78 |   sources:
 79 |     - chart: elasticsearch
 80 |       repoURL: https://helm.elastic.co
 81 |       targetRevision: 7.6.0
 82 |     - repoURL: https://github.com/argoproj/argocd-example-apps.git
 83 |       path: guestbook
 84 |       targetRevision: HEAD
 85 | ```
 86 | 
 87 | 感谢来自 Red Hat 的 Ishita Sequeira 在这个功能上做出的贡献。
 88 | 
 89 | ## ApplicationSet 资源的渐进式 Rollouts
 90 | 这是实验性并处于 alpha 阶段的功能，在后续的版本中可能会以不兼容的方式移除或修改。
 91 | 
 92 | 借助这功能，ApplicationSet 控制器可以有序地创建、更新由 ApplicationSet 控制的资源。
 93 | 
 94 | 作为实验性功能，渐进式 Rollouts 必须要通过以下方式显式地启用。
 95 | 
 96 | 1. 传递参数 `--enable-progressive-rollouts` 给 ApplicationSet 控制器
 97 | 1. 在 ApplicationSet 控制器中设置环境变量 `ARGOCD_APPLICATIONSET_ENABLE_PROGRESSIVE_ROLLOUTS=true`
 98 | 1. 在 ArgoCD ConfigMap 中设置 `applicationsetcontroller.enable.progressive.rollouts: true`
 99 | 
100 | 为了使用渐进式 Rollouts，需要在 ApplicattionSet 中设置字段 `strategy`。
101 | 字段 `strategy` 允许你对生成的 Application 资源通过标签进行分组。
102 | 当 ApplicationSet 发生改变时，变更会顺序地应用到每组 Application 上。
103 | 
104 | ```yaml
105 | apiVersion: argoproj.io/v1alpha1
106 | kind: ApplicationSet
107 | metadata:
108 |   name: guestbook
109 | spec:
110 |   generators:
111 |   - list:
112 |      ...
113 |   strategy:
114 |     type: RollingSync
115 |     rollingSync:
116 |     ...
117 | ```
118 | 
119 | 感谢 wmgroot 在这功能上的贡献。
120 | 
121 | ## 其他显著的变更
122 | 在 v2.6 版本中，包含了 84 位 contributor 的 183 个（其中 53 名是新加入的） contribution，36 个功能以及 15 个缺陷修复。下面是其中的一部分：
123 | 
124 | * CMPv2 支持显示的 plugin.name（由 IBM 的 Sujeily Fonseca 提供）。这个新功能确保了 CMPv2 与 CMPv1 保持兼容。
125 | * 在 Application 详情页面显示自动同步状态（由 GetYourGuide 的 Alex Eftimie 提供）。
126 | * OCI Helm 仓库的 targetRevision 支持通配符（由 GetYourGuide 的 Alex Eftimie 提供）。
127 | * 支持代理扩展 (#11307) (由 Intuit 的 Leonardo Almeida 提供）。
128 | * 增加新的 admin 命令来打印 Argo CD 初始密码（由 RedHat 的 Abhishek Veeramalla 提供）。
129 | * 在冲突的情况下，Matrix 生成器支持两个 Git 子生成器 (#10522) (#10523) （由 Matthew Bennett 提供）。
130 | 


--------------------------------------------------------------------------------