Ssoon

Argo CD - Cluster Management 본문

CICD Study [1기]

Argo CD - Cluster Management

구구달스 2025. 11. 20. 14:57

 

✅ 클러스터 관리란?

  • Argo CD에서 클러스터 관리는, Argo CD가 애플리케이션을 배포하고 동기화할 대상 Kubernetes 클러스터를 등록(add)하거나 제거(remove)하는 과정을 말합니다.

➕ 클러스터 추가하기 (Adding a Cluster)

  • argocd cluster add context-name 명령어를 사용합니다. (Argo CD)
  • 현재 사용 중인 kubeconfig에 어떤 컨텍스트(context)가 있는지 모를 때는 kubectl config get-contexts로 확인 (Argo CD)
  • 이 명령을 실행하면 해당 컨텍스트의 클러스터에 연결하고, Argo CD가 해당 클러스터와 통신하기 위해 필요한 리소스(예: ServiceAccount)를 설치합니다. (Argo CD)
  • 주의: 클러스터에 대한 권한이 높아야 합니다 (privileged access 필요). (Argo CD)
  • 이 과정에서 argocd-manager라는 ServiceAccount가 생성되고, 이 계정은 클러스터 관리자 권한(ClusterRole)과 바인딩됩니다. (Argo CD)

"클러스터를 추가하면 Argo CD가 대상 클러스터에 필요한 권한과 리소스를 자동으로 설치한다."

➖ 클러스터 제거하기 (Removing a Cluster)

  • argocd cluster rm context-name 명령어로 클러스터를 제거할 수 있습니다. (Argo CD)
  • 단, in-cluster (즉 Argo CD가 설치되어 있는 클러스터 자체)의 경우는 이 명령어로는 제거할 수 없습니다. (Argo CD)
  • 만약 in-cluster 구성을 비활성화하고 싶다면, argocd-cm (ConfigMap)에서 cluster.inClusterEnabled 항목을 "false"로 설정해야 합니다. (Argo CD)

"in-cluster 클러스터는 기본적으로 제거할 수 없으며, 설정을 바꿔서 비활성화해야 한다."

🔍 왜 클러스터 관리가 중요할까?

  • Argo CD는 멀티 클러스터(multi-cluster) 환경에서 매우 유용합니다. 즉, 여러 Kubernetes 클러스터에 걸쳐 애플리케이션을 “한 곳에서” 관리할 수 있습니다.
  • 클러스터를 적절히 등록해야만 Argo CD가 각 클러스터의 상태를 모니터링하고, Git 리포지토리의 선언(desired state)와 실제 상태를 비교해 자동으로 동기화(sync)할 수 있습니다.
  • 반대로, 더 이상 사용하지 않거나 보안상 문제 있는 클러스터는 제거해 클러스터의 수를 관리하고 보안을 유지할 수 있습니다.

📌 핵심 요약

  • Argo CD는 CLI(argocd cluster add/rm)를 통해 클러스터를 등록하거나 제거할 수 있다.
  • 클러스터를 추가하면 Argo CD 전용 ServiceAccount와 권한이 자동으로 설정된다.
  • in-cluster는 기본적으로 제거할 수 없으며, 비활성화는 설정(ConfigMap) 변경으로 가능하다..

실습환경 (kind mgmt k8s)

  • kind mgmt k8s 배포
(⎈|N/A:N/A) ssoon@DESKTOP-72C919S:~$ kind create cluster --name mgmt --image kindest/node:v1.32.8 --config - <<EOF
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  labels:
    ingress-ready: true
  extraPortMappings:
  - containerPort: 80
    hostPort: 80
    protocol: TCP
  - containerPort: 443
    hostPort: 443
    protocol: TCP
  - containerPort: 30000
    hostPort: 30000
EOF
Creating cluster "mgmt" ...
 ✓ Ensuring node image (kindest/node:v1.32.8) 🖼
 ✓ Preparing nodes 📦
 ✓ Writing configuration 📜
 ✓ Starting control-plane 🕹️
 ✓ Installing CNI 🔌
 ✓ Installing StorageClass 💾
Set kubectl context to "kind-mgmt"
You can now use your cluster with:

kubectl cluster-info --context kind-mgmt

Have a nice day! 👋
  • NGINX ingress 배포
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
...
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ kubectl get deployment ingress-nginx-controller -n ingress-nginx -o yaml \
| sed '/- --publish-status-address=localhost/a\
        - --enable-ssl-passthrough' | kubectl apply -f -
deployment.apps/ingress-nginx-controller configured
  • OpenSSL로 argocd.example.com 도메인에 대한 자체 서명(Self-signed) SSL 인증서와 개인키를 생성
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout argocd.example.com.key \
  -out argocd.example.com.crt \
  -subj "/CN=argocd.example.com/O=argocd"
..+.......+.....+.+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+.......+......+.....+.........+.............+..+.+..................+.....+....+............+...+..+...+.+.....+..........+......+.....+.+.....+.........+....+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+..+..........+........+.+..+....+...+............+.........+..+...+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+..+.........+...+......+.........+.......+...+..+.+..+......+......+....+............+...+..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+...+..+....+........+...+....+...+....................+.+............+........+......+.+........+.......+.....+.......+..+...+...+............+.....................+....+..+..........+......+..+.+............+........+.....................+...+..........+..+....+............+...+............+..+.+......+......+...+......+.....+...+..........+..+.+...+..+...+........................+.+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
  • argocd 네임스페이스 생성
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ kubectl create ns argocd
namespace/argocd create
  • TLS Secret을 생성 >  Argo CD 서버의 HTTPS 설정에 사용
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ kubectl -n argocd create secret tls argocd-server-tls \
  --cert=argocd.example.com.crt \
  --key=argocd.example.com.key
secret/argocd-server-tls created
  • Argo CD Helm Chart 설치 시 사용할 values.yaml > Argo CD 서버를 Ingress + TLS로 외부에 노출
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ cat <<EOF > argocd-values.yaml
global:
  domain: argocd.example.com

server:
  ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    tls: true
EOF
  • Argo CD Helm Chart 설치
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ helm repo add argo https://argoproj.github.io/argo-helm
"argo" already exists with the same configuration, skipping
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ helm install argocd argo/argo-cd --version 9.0.5 -f argocd-values.yaml --namespace argocd
NAME: argocd
LAST DEPLOYED: Thu Nov 20 17:20:13 2025
NAMESPACE: argocd
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
In order to access the server UI you have the following options:

1. kubectl port-forward service/argocd-server -n argocd 8080:443

    and then open the browser on http://localhost:8080 and accept the certificate

2. enable ingress in the values file `server.ingress.enabled` and either
      - Add the annotation for ssl passthrough: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
      - Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts


After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli)
  • C:\Windows\System32\drivers\etc\hosts > 로컬 PC에서 argocd.example.com 도메인을 127.0.0.1로 매핑
127.0.0.1 argocd.example.com
  • 최초 접속 암호 확인
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d ;echo
fq8IpR4mY9-3FDGa
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ ARGOPW=fq8IpR4mY9-3FDGa
  • argocd 서버 cli 로그인
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ argocd login argocd.example.com --insecure --username admin --password $ARGOPW
'admin:login' logged in successfully
Context 'argocd.example.com' updated
  • admin 계정 암호 변경 : qwe12345
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ argocd account update-password --current-password $ARGOPW --new-password qwe12345
Password updated
Context 'argocd.example.com' updated

 실습환경 (kind dev/prd k8s)

  • kind dev/prd k8s 배포
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ kind create cluster --name dev --image kindest/node:v1.32.8 --config - <<EOF
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  extraPortMappings:
  - containerPort: 31000
    hostPort: 31000
EOF
Creating cluster "dev" ...
 ✓ Ensuring node image (kindest/node:v1.32.8) 🖼
 ✓ Preparing nodes 📦
 ✓ Writing configuration 📜
 ✓ Starting control-plane 🕹️
 ✓ Installing CNI 🔌
 ✓ Installing StorageClass 💾
Set kubectl context to "kind-dev"
You can now use your cluster with:

kubectl cluster-info --context kind-dev

Have a nice day! 👋
(⎈|kind-dev:N/A) ssoon@DESKTOP-72C919S:~$ kind create cluster --name prd --image kindest/node:v1.32.8 --config - <<EOF
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  extraPortMappings:
  - containerPort: 32000
    hostPort: 32000
EOF
Creating cluster "prd" ...
 ✓ Ensuring node image (kindest/node:v1.32.8) 🖼
 ✓ Preparing nodes 📦
 ✓ Writing configuration 📜
 ✓ Starting control-plane 🕹️
 ✓ Installing CNI 🔌
 ✓ Installing StorageClass 💾
Set kubectl context to "kind-prd"
You can now use your cluster with:

kubectl cluster-info --context kind-prd

Have a nice day! 👋
  • alias 설정
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ alias k8s1='kubectl --context kind-mgmt'
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ alias k8s2='kubectl --context kind-dev'
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ alias k8s3='kubectl --context kind-prd'
  • 도커 네트워크 확인 : 컨테이너 IP 확인
(⎈|kind-prd:N/A) ssoon@DESKTOP-72C919S:~$ docker network inspect kind | grep -E 'Name|IPv4Address'
        "Name": "kind",
                "Name": "dev-control-plane",
                "IPv4Address": "172.19.0.2/16",
                "Name": "prd-control-plane",
                "IPv4Address": "172.19.0.4/16",
                "Name": "mgmt-control-plane",
                "IPv4Address": "172.19.0.3/16",

 Argo CD에 다른 K8S Cluster 등록

  • local 에서 ping 통신 확인
(⎈|kind-prd:N/A) ssoon@DESKTOP-72C919S:~$ ping -c 1 172.19.0.2
PING 172.19.0.2 (172.19.0.2) 56(84) bytes of data.
64 bytes from 172.19.0.2: icmp_seq=1 ttl=64 time=0.090 ms

--- 172.19.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.090/0.090/0.090/0.000 ms
(⎈|kind-prd:N/A) ssoon@DESKTOP-72C919S:~$ ping -c 1 172.19.0.3
PING 172.19.0.3 (172.19.0.3) 56(84) bytes of data.
64 bytes from 172.19.0.3: icmp_seq=1 ttl=64 time=0.083 ms

--- 172.19.0.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.083/0.083/0.083/0.000 ms
(⎈|kind-prd:N/A) ssoon@DESKTOP-72C919S:~$ ping -c 1 172.19.0.4
PING 172.19.0.4 (172.19.0.4) 56(84) bytes of data.
64 bytes from 172.19.0.4: icmp_seq=1 ttl=64 time=0.077 ms

--- 172.19.0.4 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.077/0.077/0.077/0.000 ms
  • dev/prd k8s 에 api server 주소 컨테이너 IP로 변경
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJTEFmVE1MRFlETTB3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRFeE1qQXhNVEEzTVROYUZ3MHpOVEV4TVRneE1URXlNVE5hTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURQdU8vc1VNcytDNnlZUDc2K00rNEpYdDBOaFExY3JjTkVTcFJudklqajlOa1YzYlZKZlZhQVUzajQKcXVGS1hxSDhWWFpZRUNTN3kvRDc2ajdCb1hCazBQa2UyeEZrVjV5OEJSQWlsTUh3OVJSRWFvMjg1NXdDMVBDZgpsaHk3KzVqVUp1MDc3WFJRVCtOcUFzRG1KenpVRnpVVmtWakNXdGozRmFIeWFNbTZvay80d0RFbGJtWnRoTzZWCkgzcTZ2Qjl1RzB2VDNCZXJyb2FnbWlXTmdUU3VQQndtOG9RSFlGVU43VEJ6dG5sY0pHdTAvMkFnSGgyY2pjb3YKZjlHUlM3cHVHQ1FXbEdGK0dIR21PeVF0WnBDbHRUWWkwOW5sUDlCaUNIUDludHlNWG8vOWc3M0ptbUFsRnBsLwpiVy94b0hZT2xMWkQzNnZtQTBaOUEraDk0UnE5QWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJTM2FSekNFUi9Jb2E1Q1NnNkUxYThMMHMvTWJqQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQkYxUXNDaHVJVgoyMGxiVzJwTU5SWTlFOUtCeDFyeHhXeitzSDViQzhrK012dWtMVGwxNXZadmROc0k1SGZEY3lRYk9HaDljWlZICnEzTmtsbDN2MjVKYko3Vndma3FaOTkwVWdyR2JreDBjL3NXOXNhU1ZNTDdjYVhEREZFOTJsdWY5aHA2N2RGT04KZ0VxNGppcmxrcVljb3VncGR3YUwzSHp6TElZakZCMzJXTVl1NDJwanR4RDBja0xTTVdCdjJZN2tadFpnZEpLNwpkcWo1L2dOSEx1UGJFUnA4bWg5bW5ienhhazg2SElwUjA4QWJ3SCtkMkNqUUl0THV2S3JtWCs3eEo2RVZOTnJOCkQ1RFp5V3ZvUmxzcmp2cFdPY01aQ25EUEZwZ09ZbExZbWZXR3RZZ1l4RzJpSTQ4VCswS3Q1eWZUN2loNjdHSTEKUzJtSkhOTS9rai90Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://172.19.0.2:6443
  name: kind-dev
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJQ2J6RDYyOExuekF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRFeE1qQXhNVEEwTXpkYUZ3MHpOVEV4TVRneE1UQTVNemRhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURGM2dXN2pYRGVLYXU1dEVVQ2dVdUVXM3Z6OW9RUk1uQUVVVVNpVi9sUWl5NDZmM3UybnhrcGpMeGgKQUtGM3FDU20za28xUGRrV0M1bkpqUUp3SGRnaTFKYzhYa3JnbnZ6WVMwRVdLYlZUTnNybW1hMkhHbHp1N21TNwo0bm9BN2tZYjBDeUZtQ1gzaXllaUlFS2g3RmI3RjNDMHVVVlVYNlVMdEdMOXNkSW9NTE9JYVhKZjRGT2YyUXFXCng0RU03aGdsQUhIVGhuT1Z0bVk0bEhWSkRsRE5FNE0zNzFPZWFZRFdwcm9qWXZBY0ZtQ2JTT3FyK1VJVmhMVEcKRmpLSHl1R2dXNVpvWkhSMnd2Y3VXTUxyUFkzcDhuOHVVOXR5RVM4TWEydC9xMVZsMmU1SjZBT2ovYWc4SEh3ago3a0ZUZ25DTEZUNkhFQ3Q4NVh2WkpiL0JNcmgxQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJRcDhaOXhuUExxZGxVay9TQnNRYUlSc21ma2hUQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ1AxeDN6WGRyQQp5QlNiaWxBck1BSGZzc2c1dVhvcmt1dHBTK0dxeGtNZVFHVmh1Ylpnbm4xRGQ1TTN1RWpPZmx3NlZOQ2ZmZnJnCjdFbUFscnpZa1hJSWVSRm5nNWhVSTR1MlZqamVRSUVoc29MWFQxUXpiUzlwaHlwcjdHVWFTUmM3UmdMMGJmY0wKUlJHY28zN0NlZHFaell5VnZLM2VCUE41Y1hvSXFjMDBLeEV2Q1Q3dStEbmx2QkE4ZFpUd3kwVmc5R2t6WTZ3UQpvVjZySnVoNm1JcUh1K2pEb0l5S0MxbGJJbnFyV1I5aU00QUlZYmwwUjNqU242SGRaOVBMMEF0SjUyMHYrMVNrClZHZHNjNlJDcm1DR1ZVOGVxNndRMlNnTkR5bXNjTnJzZHFKRnlJV0hKL01NODNSbEh4RjJWZVBhMTI2V0x3MkYKT1RBQ0hodlBxZlkwCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://127.0.0.1:44769
  name: kind-mgmt
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJQSs5WVQxOXM0bzB3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRFeE1qQXhNVEUyTURsYUZ3MHpOVEV4TVRneE1USXhNRGxhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUMzMFF2TlBTU0hHakQvVWZQZ1djSjBYN20xSjVPaE5STVVjSzJxclR3c3ZkOTFhK1ExWFNRUWtIVDQKZjRrRFN2TW5aTUJxR2l6a2VkbGZUMHppUlFpQXJ5T2E2UnpQTUI5dlE5QnptelA0OWhwZENTL1pLeFFmQTYyVgptVlhkSm54TWlheEM3dVJEVnczaGNYbXBvS1d0N2JDZ0RhQW52ZUFPK0RyVGJ3T2dnWE5DeE9GVkdudHhDVHd4Ci85ck51UWFJR1hXQ3JzRkRXbHgyV3A1eWRoMVNvNjFkNW5kNTdwOXNmUXFvQWQvc24xbENVSzBtUWUvdGdPR2UKU1JHUndpTUEyTy80MC9ZNjVCOGxMU3hZZ3I1RXFyUzBFZ0d3TnJZb0RGcExrelhzU1F0SGI5TTUxZzZ4cUZVRQpHYjUzRE05VmpWU2FRVk5kbHNtZ1lXTGp6b25IQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJTaWhRSU01RWVENnQvNGIxWFVwSTRmUUpjditqQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQUl5VmpiaVowUApKdnJBclNGU29jU1RQQlBiTU5YdnRBeXl2WkFQVFBxcmo5amMrREhycUlsZHcwdVdkSzdsRjdCQ05EKytGNEN5CkVhamhYVTIwbENGUFlGcm1MSDBGTStydG9kWUhhbExoY09XNnBhclZIYmZVZ2VOU2RZMklGckIvYzVRbUsvV0EKTmV2MXUvMGxjYmQxdTFGdnhvaFZxcm5mYTJPa0JRN3BPbkkzdDJBY2w3N3h6czZDdmlFOVN2ck0zT05FVmF4NwpnSkpaRXp3cjc2czRlcUt4VG9XZTg1eWpLS1J2WmJKUHRqRUFXTzlKcHh2bmo3cW50c3NTUkxabkJUVEZTemdSCktVZncvVTVDNjZBNkV3NXg2eVZwZnpuWDVqb3Y1dVBqS1V2SmFLb1ZyNnhXcjY0R0NBQVIzWEpPcFBxcW0wZUIKa2JKVUZuK2svMmxnCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://172.19.0.4:6443
  • dev k8s 등록
(⎈|kind-prd:N/A) ssoon@DESKTOP-72C919S:~$ argocd cluster add kind-dev --name dev-k8s
WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `kind-dev` with full cluster level privileges. Do you want to continue [y/N]? y
{"level":"info","msg":"ServiceAccount \"argocd-manager\" created in namespace \"kube-system\"","time":"2025-11-20T20:27:40+09:00"}
{"level":"info","msg":"ClusterRole \"argocd-manager-role\" created","time":"2025-11-20T20:27:40+09:00"}
{"level":"info","msg":"ClusterRoleBinding \"argocd-manager-role-binding\" created","time":"2025-11-20T20:27:40+09:00"}
{"level":"info","msg":"Created bearer token secret \"argocd-manager-long-lived-token\" for ServiceAccount \"argocd-manager\"","time":"2025-11-20T20:27:40+09:00"}
Cluster 'https://172.19.0.2:6443' added
  • Argo CD에 클러스터 연결 정보가 Secret으로 등록된 상태 > 172.19.0.2 는 dev-k8s
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ kubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster
NAME                            TYPE     DATA   AGE
cluster-172.19.0.2-4278303179   Opaque   3      2m9s
  • 클러스터가 등록 확인  > 172.19.0.2 는 dev-k8s
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ argocd cluster list
SERVER                          NAME        VERSION  STATUS   MESSAGE                                                  PROJECT
https://172.19.0.2:6443         dev-k8s              Unknown  Cluster has no applications and is not being monitored.
https://kubernetes.default.svc  in-cluster           Unknown  Cluster has no applications and is not being monitored.
  • prd k8s 등록
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ argocd cluster add kind-prd --name prd-k8s --yes
{"level":"info","msg":"ServiceAccount \"argocd-manager\" created in namespace \"kube-system\"","time":"2025-11-20T20:32:34+09:00"}
{"level":"info","msg":"ClusterRole \"argocd-manager-role\" created","time":"2025-11-20T20:32:34+09:00"}
{"level":"info","msg":"ClusterRoleBinding \"argocd-manager-role-binding\" created","time":"2025-11-20T20:32:34+09:00"}
{"level":"info","msg":"Created bearer token secret \"argocd-manager-long-lived-token\" for ServiceAccount \"argocd-manager\"","time":"2025-11-20T20:32:34+09:00"}
Cluster 'https://172.19.0.4:6443' added
  • 클러스터가 등록 확인  > 172.19.0.2 는 dev-k8s / 1 72.19.0.4 는 prd-k8s 
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ argocd cluster list
SERVER                          NAME        VERSION  STATUS   MESSAGE                                                  PROJECT
https://172.19.0.2:6443         dev-k8s              Unknown  Cluster has no applications and is not being monitored.
https://172.19.0.4:6443         prd-k8s              Unknown  Cluster has no applications and is not being monitored.
https://kubernetes.default.svc  in-cluster           Unknown  Cluster has no applications and is not being monitored.

Argo CD로 3개의 K8S Cluster 에 각각 Nginx 배포

  • 환경 변수로 DEVK8SIP와 PRDK8SIP 설정 
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ docker network inspect kind | grep -E 'Name|IPv4Address'
        "Name": "kind",
                "Name": "dev-control-plane",
                "IPv4Address": "172.19.0.2/16",
                "Name": "prd-control-plane",
                "IPv4Address": "172.19.0.4/16",
                "Name": "mgmt-control-plane",
                "IPv4Address": "172.19.0.3/16",
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ DEVK8SIP=172.19.0.2
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ PRDK8SIP=172.19.0.4
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ echo $DEVK8SIP $PRDK8SIP
172.19.0.2 172.19.0.4
  • argocd app 배포
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ cat <<EOF | kubectl apply -f -
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: mgmt-nginx
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    helm:
      valueFiles:
      - values.yaml
    path: nginx-chart
    repoURL: https://github.com/gasida/cicd-study
    targetRevision: HEAD
  syncPolicy:
    automated:
      prune: true
    syncOptions:
    - CreateNamespace=true
  destination:
    namespace: mgmt-nginx
    server: https://kubernetes.default.svc
EOF
Warning: metadata.finalizers: "resources-finalizer.argocd.argoproj.io": prefer a domain-qualified finalizer name including a path (/) to avoid accidental conflicts with other finalizer writers
application.argoproj.io/mgmt-nginx created
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ cat <<EOF | kubectl apply -f -
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: dev-nginx
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    helm:
      valueFiles:
      - values-dev.yaml
    path: nginx-chart
    repoURL: https://github.com/gasida/cicd-study
    targetRevision: HEAD
  syncPolicy:
    automated:
      prune: true
    syncOptions:
    - CreateNamespace=true
  destination:
    namespace: dev-nginx
    server: https://$DEVK8SIP:6443
EOF
Warning: metadata.finalizers: "resources-finalizer.argocd.argoproj.io": prefer a domain-qualified finalizer name including a path (/) to avoid accidental conflicts with other finalizer writers
application.argoproj.io/dev-nginx created
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ cat <<EOF | kubectl apply -f -
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: prd-nginx
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    helm:
      valueFiles:
      - values-prd.yaml
    path: nginx-chart
    repoURL: https://github.com/gasida/cicd-study
    targetRevision: HEAD
  syncPolicy:
    automated:
      prune: true
    syncOptions:
    - CreateNamespace=true
  destination:
    namespace: prd-nginx
    server: https://$PRDK8SIP:6443
EOF
Warning: metadata.finalizers: "resources-finalizer.argocd.argoproj.io": prefer a domain-qualified finalizer name including a path (/) to avoid accidental conflicts with other finalizer writers
application.argoproj.io/prd-nginx created
  • 3개의 Application(dev-nginx, mgmt-nginx, prd-nginx)이 각각 다른 클러스터에 배포
(⎈|kind-mgmt:N/A) ssoon@DESKTOP-72C919S:~$ argocd app list
NAME               CLUSTER                         NAMESPACE   PROJECT  STATUS  HEALTH   SYNCPOLICY  CONDITIONS  REPO                                  PATH         TARGET
argocd/dev-nginx   https://172.19.0.2:6443         dev-nginx   default  Synced  Healthy  Auto-Prune  <none>      https://github.com/gasida/cicd-study  nginx-chart  HEAD
argocd/mgmt-nginx  https://kubernetes.default.svc  mgmt-nginx  default  Synced  Healthy  Auto-Prune  <none>      https://github.com/gasida/cicd-study  nginx-chart  HEAD
argocd/prd-nginx   https://172.19.0.4:6443         prd-nginx   default  Synced  Healthy  Auto-Prune  <none>      https://github.com/gasida/cicd-study  nginx-chart  HEAD

 

 

 

 

저작자표시 (새창열림)

'CICD Study [1기]' 카테고리의 다른 글

Argo CD - OpenLDAP + KeyCloak + Argo CD + Jenkins  (0) 2025.11.20
Argo CD - ApplicationSet  (0) 2025.11.20
Argo Rollouts 설치 및 Sample 테스트  (0) 2025.10.26
Argo Rollouts - HPA & VPA  (0) 2025.10.19
Argo Rollouts - 배포 전략  (0) 2025.10.19
'CICD Study [1기]' Related Articles more
Comments