OpenShift 4 之 GitOps（4）用ArgoCD向Multi-Cluster发布应用

运行环境

1. 需要准备2个OpenShift 4.x集群，它们的API-Server地址分别为：
   https://api-cluster-beijing-b510-beijing-b510-example-opentlc-com:6443
   https://api-cluster-beijing-7536-beijing-7536-example-opentlc-com:6443
2. 在第一个集群上部署ArgoCD服务器环境。

通过Config Context访问不同OpenShift集群

1. 执行以下命令，用OpenShift客户端先后登录2个OpenShift集群。

$ oc login https://api-cluster-beijing-b510-beijing-b510-example-opentlc-com:6443 -u admin -p PASSWORD
$ oc login https://api.cluster-beijing-7536.beijing-7536.example.opentlc.com:6443 -u admin -p PASSWORD

2. 查看OpenShift的Config Context，确认有两条，分别是

$ oc config get-contexts
CURRENT   NAME                                                                                  CLUSTER                                                          AUTHINFO                                                                      NAMESPACE
          default/api-cluster-beijing-7536-beijing-7536-example-opentlc-com:6443/system:admin   api-cluster-beijing-7536-beijing-7536-example-opentlc-com:6443   opentlc-mgr/api-cluster-beijing-7536-beijing-7536-example-opentlc-com:6443    default
*         default/api-cluster-beijing-b510-beijing-b510-example-opentlc-com:6443/opentlc-mgr    api-cluster-beijing-b510-beijing-b510-example-opentlc-com:6443   opentlc-mgr/api-cluster-beijing-b510-beijing-b510-example-opentlc-com:6443    default

3. 修改2个Config Context的名称，分别改为cluster1和cluster2，然后重新查看Config Context。

$ oc config rename-context quay-enterprise/api-cluster-beijing-b510-beijing-b510-example-opentlc-com:6443/opentlc-mgr cluster1
Context "quay-enterprise/api-cluster-beijing-b510-beijing-b510-example-opentlc-com:6443/opentlc-mgr" renamed to "cluster1".
 
$ oc config rename-context quay-enterprise/api-cluster-beijing-7536-beijing-7536-example-opentlc-com:6443/opentlc-mgr cluster1
Context "quay-enterprise/api-cluster-beijing-7536-beijing-7536-example-opentlc-com:6443/opentlc-mgr" renamed to "cluster2".
 
$ oc config get-contexts
CURRENT   NAME       CLUSTER                                                          AUTHINFO                                                                      NAMESPACE
*         cluster1   api-cluster-beijing-b510-beijing-b510-example-opentlc-com:6443   opentlc-mgr/api-cluster-beijing-b510-beijing-b510-example-opentlc-com:6443    default
          cluster2   api-cluster-beijing-7536-beijing-7536-example-opentlc-com:6443   opentlc-mgr/api-cluster-beijing-7536-beijing-7536-example-opentlc-com:6443    default

4. 分别在cluster1和cluster2中创建测试项目。

$ oc --context cluster1 new-project reverse-words 
$ oc --context cluster2 new-project reverse-words

在ArgoCD注册OpenShift集群

1. 查看ArgoCD当前的注册的集群。注意：由于ArgoCD服务器运行在cluster1上，所以缺省有https://kubernetes.default.svc本地集群。

$ argocd cluster list
SERVER                          NAME  VERSION  STATUS      MESSAGE
https://kubernetes.default.svc                 Successful

2. 根据Config Context，将cluster1和cluster2注册到ArgoCD。然后查看ArgoCD管理的集群列表。

$ argocd cluster add cluster1
INFO[0000] ServiceAccount "argocd-manager" created in namespace "kube-system"
INFO[0000] ClusterRole "argocd-manager-role" created
INFO[0000] ClusterRoleBinding "argocd-manager-role-binding" created
Cluster 'https://api.cluster-beijing-b510.beijing-b510.example.opentlc.com:6443' added
 
$ argocd cluster add cluster2
INFO[0000] ServiceAccount "argocd-manager" created in namespace "kube-system"
INFO[0000] ClusterRole "argocd-manager-role" created
INFO[0000] ClusterRoleBinding "argocd-manager-role-binding" created
Cluster 'https://api.cluster-beijing-7536.beijing-7536.example.opentlc.com:6443' added
 
$ argocd cluster list
SERVER                                                                  NAME     VERSION  STATUS      MESSAGE
https://kubernetes.default.svc                                                            Successful
https://api.cluster-beijing-b510.beijing-b510.example.opentlc.com:6443  cluster  1.14+    Successful
https://api.cluster-beijing-7536.beijing-7536.example.opentlc.com:6443  cluster  1.16+    Successful

通过ArgoCD向Multi-Cluster集群发布应用

1. 执行命令，在cluster1和cluster2上部署reverse-words应用。

$ argocd app create --project default --name cluster1-reverse-words-app \
>  --repo https://github.com/liuxiaoyu-git/gitops-on-openshift.git \
>  --path simple-app/reversewords_app/ \
>  --dest-server $(argocd cluster list | grep cluster1 | awk '{print $1}') \
>  --dest-namespace reverse-words \
>  --revision master --sync-policy automated
application 'cluster1-reverse-words-app' created
 
$ argocd app create --project default --name cluster2-reverse-words-app \
>  --repo https://github.com/liuxiaoyu-git/gitops-on-openshift.git \
>  --path simple-app/reversewords_app/ \
>  --dest-server $(argocd cluster list | grep cluster2 | awk '{print $1}') \
>  --dest-namespace reverse-words \
>  --revision master --sync-policy automated
application 'cluster1-reverse-words-app' created

2. 查看ArgoCD的应用列表，并查看每个应用的详细信息。

$ argocd app list
NAME                        CLUSTER                                                                 NAMESPACE      PROJECT  STATUS  HEALTH       SYNCPOLICY  CONDITIONS  REPO                                                      PATH                TARGET
cluster1-reverse-words-app  https://api.cluster-beijing-b510.beijing-b510.example.opentlc.com:6443  reverse-words  default  Synced  Healthy      Auto        <none>      https://github.com/liuxiaoyu-git/gitops-on-openshift.git  simple-app/reversewords_app/  master
cluster2-reverse-words-app  https://api.cluster-beijing-7536.beijing-7536.example.opentlc.com:6443  reverse-words  default  Synced  Healthy      Auto        <none>      https://github.com/liuxiaoyu-git/gitops-on-openshift.git  simple-app/reversewords_app/  master
 
$ argocd app get cluster1-reverse-words-app
Name:               cluster1-reverse-words-app
Project:            default
Server:             https://api.cluster-beijing-b510.beijing-b510.example.opentlc.com:6443
Namespace:          reverse-words
URL:                https://argocd-server-argocd.apps.cluster-beijing-b510.beijing-b510.example.opentlc.com/applications/pre-reverse-words-app
Repo:               https://github.com/liuxiaoyu-git/gitops-on-openshift.git
Target:             master
Path:               simple-app/reversewords_app/
SyncWindow:         Sync Allowed
Sync Policy:        Automated
Sync Status:        Synced to master (36306dc)
Health Status:      Healthy
 
GROUP  KIND        NAMESPACE      NAME           STATUS   HEALTH   HOOK  MESSAGE
       Namespace   reverse-words  reverse-words  Running  Synced         namespace/reverse-words created
       Service     reverse-words  reverse-words  Synced   Healthy        service/reverse-words created
apps   Deployment  reverse-words  reverse-words  Synced   Healthy        deployment.apps/reverse-words created
       Namespace                  reverse-words  Synced
 
$ argocd app get cluster2-reverse-words-app
Name:               cluster2-reverse-words-app
Project:            default
Server:             https://api.cluster-beijing-7536.beijing-7536.example.opentlc.com:6443
Namespace:          reverse-words
URL:                https://argocd-server-argocd.apps.cluster-beijing-b510.beijing-b510.example.opentlc.com/applications/pro-reverse-words-app
Repo:               https://github.com/liuxiaoyu-git/gitops-on-openshift.git
Target:             master
Path:               simple-app/reversewords_app/
SyncWindow:         Sync Allowed
Sync Policy:        Automated
Sync Status:        Synced to master (36306dc)
Health Status:      Healthy
 
GROUP  KIND        NAMESPACE      NAME           STATUS   HEALTH   HOOK  MESSAGE
       Namespace   reverse-words  reverse-words  Running  Synced         namespace/reverse-words created
       Service     reverse-words  reverse-words  Synced   Healthy        service/reverse-words created
apps   Deployment  reverse-words  reverse-words  Synced   Healthy        deployment.apps/reverse-words created

3. 为cluster1和cluster2中的应用生成Route，然后分别通过Route访问2个集群中运行的应用。

$ oc --context cluster1 -n reverse-words expose service reverse-words
route.route.openshift.io/reverse-words exposed

$ oc --context cluster2 -n reverse-words expose service reverse-words
route.route.openshift.io/reverse-words exposed

$  curl -X POST http://$(oc --context cluster1 -n reverse-words get route reverse-words -o jsonpath='{.spec.host}') -d '{"word":"PALC"}'
{"reverse_word":"CLAP"}

$  curl -X POST http://$(oc --context cluster2 -n reverse-words get route reverse-words -o jsonpath='{.spec.host}') -d '{"word":"PALC"}'
{"reverse_word":"CLAP"}