This tutorial shows how to build CI/CD pipeline with DroneCI and ArgoCD. In this demo, we use DroneCI for running tests, publishing new images, and update image tags in the manifest repository. We then use ArgoCD for continuous delivery, synchronizing application states in the Kubernetes cluster with manifests maintained in the Git repository.
This way of doing Kubernetes cluster management and application delivery is kown as GitOps. By applying GitOps, we can maintain a 'source of truth' for both the application code and infrastructure, improving system reliability and efficiency for your team.
Architecture overview:
- A Drone server
- A K8s cluster
- ArgoCD deployment
- A Github account and a Dockerhub account
After you have connected your Github account with Drone, you can browse all your repositories on Drone dashboard. Next, clone this repo, activate it and navigate to Repositories -> cicd-demo -> settings
to add the following secrets:
docker_username
: your Dockerhub accountdocker_password
: your Dockerhub passwordssh_key
: base64-encoded RSA private key for accessing Github
To access Github using SSH, you should first upload a RSA public key, such as ~/.ssh/id_rsa.pub
, to Github. Then, you could generate base64-encoded RSA private key by running cat ~/.ssh/id_rsa | base64
.
Finally, replace minghsu0107
with your Github and Dockerhub account in .drone.yml
. Now any push or pull request will trigger a Drone pipeline. You can check details via your repo -> setting -> webhook
on Github.
For local development, you will not want to push every change to your repo just for testing whether .drone.yml
works. Instead, you can use Drone CLI to execute pipeline locally.
Login to Drone:
export DRONE_SERVER=<drone-server-url>
export DRONE_TOKEN=<drone-token> # check token under dashboard -> user setting
drone info
For example, you can run step test
only by executing the following script under the project root:
drone exec --include=<pipline-step-name>
Please clone the application manifest repository first. This repo holds the application manifests and will be synced with ArgoCD later. The manifests are maintained by Kustomize, which is supported by ArgoCD out-of-the-box.
If your repository is set to private, you need to configure access credentials on ArgoCD. Otherwise you can skip this step and create new app directly.
Credentials can be configured using Argo CD CLI:
argocd repo add <repo-url> --username <username> --password <password>
Or you can configure via UI. Navigate to Settings/Repositories
; click Connect Repo using HTTPS
and enter credentials:
You will see something like:
Create new app:
Remember to place the repository with your own repo.
Now we have finish all preparations, and it's time to let the magic happen. Navigate to /applications
and click SYNC button on your app in order to synchronize the cluster state:
You can click your app to view details:
As we can see, ArgoCD automatically sync the application to our desired state specified in production
base. It also shows how all resources roll out in the cluster. With ArgoCD, we can not only have complete control over the entire application deployment but also track updates to branches, tags, or pinned to a specific version of manifests at a Git commit.