[Argocd] Run “bash/sh” to execute pods on kubernetes via Argocd.

Posted on By nim No Comments on [Argocd] Run “bash/sh” to execute pods on kubernetes via Argocd.

Bạn đã có thể chạy command để exec vào pod trên k8s thông qua argocd

https://argo-cd.readthedocs.io/en/stable/operator-manual/web_based_terminal/#enabling-the-terminal

Bước 1 bạn sửa config map của argocd
thêm dòng này vào data: exec.enabled: 'true'

apiVersion: v1
data:
  exec.enabled: 'true'
kind: ConfigMap
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"v1","kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"argocd-cm","app.kubernetes.io/part-of":"argocd"},"name":"argocd-cm","namespace":"argocd"}}
  creationTimestamp: '2022-08-14T02:25:42Z'
  labels:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd
  name: argocd-cm
  namespace: argocd
  resourceVersion: '3096402'
  uid: 86418642-3767-490f-86fe-2f1bab1145d2

Bước 2 bạn sửa clusterRole

  - apiGroups:
      - ''
    resources:
      - pods/exec
    verbs:
      - create

File hoàn thiện sẽ như sau:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"labels":{"app.kubernetes.io/component":"server","app.kubernetes.io/name":"argocd-server","app.kubernetes.io/part-of":"argocd"},"name":"argocd-server"},"rules":[{"apiGroups":["*"],"resources":["*"],"verbs":["delete","get","patch"]},{"apiGroups":[""],"resources":["events"],"verbs":["list"]},{"apiGroups":[""],"resources":["pods","pods/log"],"verbs":["get"]}]}
  creationTimestamp: '2022-08-08T10:49:30Z'
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/name: argocd-server
    app.kubernetes.io/part-of: argocd
  name: argocd-server
  resourceVersion: '3098604'
  uid: 6bbfe45d-f6be-4f66-9193-494f23fc4009
rules:
  - apiGroups:
      - '*'
    resources:
      - '*'
    verbs:
      - delete
      - get
      - patch
  - apiGroups:
      - ''
    resources:
      - events
    verbs:
      - list
  - apiGroups:
      - ''
    resources:
      - pods
      - pods/log
    verbs:
      - get
  - apiGroups:
      - ''
    resources:
      - pods/exec
    verbs:
      - create
giờ bạn click vào dấu 3 chấm ở pod
Hiện tại mình đang test với user admin.

Nếu bạn muốn limit trên từng user thì bạn có thể tạo group và role trên argocd.

https://faun.pub/enable-web-shell-in-argo-cd-81aca811f1eb

ArgoCD

More Related Articles

[ArgoCD]Hướng dẫn cấu hình argocd deploy application trên k8s bằng helm ArgoCD
[ArgoCD/KSOPS/AWS] Encrypt secrets before pushing them to GitHub. ArgoCD
[ArgoCD] Thiết kế App of Apps trong ArgoCD ArgoCD
[ArgoCD/KSOPS] Encrypting Resource on kustomize and Argocd. ArgoCD
[ArgoCD] Failed to wait for service account secret: timed out waiting for the condition ArgoCD
[ArgoCD] Hướng dẫn tạo “local user” trên argocd ArgoCD

Leave a Reply

Your email address will not be published. Required fields are marked *