#!/bin/bash set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_DIR="$(dirname "$SCRIPT_DIR")" CONFIG_FILE="$PROJECT_DIR/config/cluster-vars.yml" # Source common library if available if [ -f "$SCRIPT_DIR/lib/common.sh" ]; then source "$SCRIPT_DIR/lib/common.sh" else # Fallback logging functions log() { echo "[INFO] $1"; } log_error() { echo "[ERROR] $1" >&2; } log_warn() { echo "[WARN] $1"; } fi log "=== 部署ArgoCD ===" # Check and install required tools if [ -f "$SCRIPT_DIR/lib/common.sh" ]; then ensure_yq || exit 1 ensure_htpasswd || exit 1 else # Fallback: Install yq with retry if ! command -v yq &> /dev/null; then log "安装yq..." for attempt in 1 2 3; do if sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 && \ sudo chmod +x /usr/local/bin/yq; then log "✓ yq安装成功" break else log_warn "yq安装失败 (尝试 $attempt/3)" [ $attempt -lt 3 ] && sleep 5 fi done if ! command -v yq &> /dev/null; then log_error "yq安装失败,请手动安装" exit 1 fi fi # Install htpasswd if not present if ! command -v htpasswd &> /dev/null; then log "安装htpasswd (apache2-utils)..." if sudo apt update && sudo apt install -y apache2-utils; then log "✓ htpasswd安装成功" else log_error "htpasswd安装失败,请手动安装: sudo apt install apache2-utils" exit 1 fi fi fi # 读取配置变量 ARGOCD_DOMAIN=$(yq eval '.argocd_domain' "$CONFIG_FILE") ARGOCD_PASSWORD=$(yq eval '.argocd_admin_password' "$CONFIG_FILE") # 创建命名空间 kubectl create namespace argocd --dry-run=client -o yaml | kubectl apply -f - # 安装ArgoCD with retry log "安装ArgoCD..." ARGOCD_MANIFEST_URL="https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml" if [ -f "$SCRIPT_DIR/lib/common.sh" ]; then retry 3 5 "kubectl apply -n argocd -f $ARGOCD_MANIFEST_URL" || { log_error "ArgoCD安装失败" exit 1 } else for attempt in 1 2 3; do if kubectl apply -n argocd -f "$ARGOCD_MANIFEST_URL"; then log "✓ ArgoCD清单应用成功" break else log_warn "ArgoCD清单应用失败 (尝试 $attempt/3)" [ $attempt -lt 3 ] && sleep 5 fi done fi # 等待就绪 log "等待ArgoCD就绪..." kubectl wait --for=condition=available --timeout=600s deployment/argocd-server -n argocd || { log_error "ArgoCD部署超时" log_error "请检查: kubectl get pods -n argocd" exit 1 } # 配置NodePort访问 kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}' || { log_warn "NodePort配置可能已存在" } # 更新admin密码 log "设置admin密码..." BCRYPT_PASSWORD=$(htpasswd -nbBC 10 "" "$ARGOCD_PASSWORD" | tr -d ':\n' | sed 's/$2y/$2a/') if [ -z "$BCRYPT_PASSWORD" ]; then log_error "密码加密失败" exit 1 fi kubectl -n argocd patch secret argocd-secret \ -p "{\"stringData\": {\"admin.password\": \"$BCRYPT_PASSWORD\", \"admin.passwordMtime\": \"$(date +%FT%T%Z)\"}}" || { log_error "密码设置失败" exit 1 } # 重启argocd-server log "重启ArgoCD服务器..." kubectl -n argocd rollout restart deployment argocd-server kubectl -n argocd rollout status deployment argocd-server --timeout=300s || { log_error "ArgoCD服务器重启超时" exit 1 } # 获取访问信息 NODEPORT=$(kubectl get svc argocd-server -n argocd -o jsonpath='{.spec.ports[0].nodePort}') NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="ExternalIP")].address}') if [ -z "$NODE_IP" ]; then NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}') fi log "=== ArgoCD部署完成 ===" echo "🌐 访问地址: https://$NODE_IP:$NODEPORT" echo "🌐 域名访问: https://$ARGOCD_DOMAIN (需配置Ingress)" echo "👤 用户名: admin" echo "🔑 密码: $ARGOCD_PASSWORD" echo "" log "提示: 首次访问可能需要接受自签名证书"