一、官方数据¶
官方数据:https://argocd.devops.gold/operator-manual/notifications/
ArgoCD Notifications 是一个强大的通知系统,它持续监控ArgoCD应用程序的状态,并提供了一种灵活 的方式,让用户能够及时了解应用程序状态的重要变化。
通过使用灵活的触发器和模板机制,我们可以利用预定义的触发器和模板,无需重新造轮子,即可实现 灵活和高效的监控与通知机制。
这里我们就以 ArgoCD Notifications 为例来说明如何使用 企业微信 来通知 Argo CD 的同步状态通知。
二、ArgoCD Notifications¶
这里我们就以 ArgoCD Notifications 为例来说明如何使用 企业微信 来通知 Argo CD 的同步状态通知。
ArgoCD Notifications 默认已经随着 Argo CD 安装了:
[root@master01 17]# kubectl get pods -n argocd |grep notifications
argocd-notifications-controller-6c4b6b59d4-5tzqm 1/1 Running 1 (9h ago) 23h
三、企微群里创建一个机器人¶
企业微信管理后台:https://work.weixin.qq.com/wework_admin/frame#contacts
to_party获取位置
agent_id获取位置
api_secret获取位置
corp_id获取位置
访问令牌获取
curl -H "Content-Type: application/json" \
-d '{"corpid": "<corp-id>", "corpsecret": "<corp-secret>"}' \
"https://qyapi.weixin.qq.com/cgi-bin/gettoken"
# 回显内容
{"errcode":0,"errmsg":"ok","access_token":"<qywx-access-token>","expires_in":7200}
企业可信IP获取
curl -H "Content-Type: application/json" -d '{
"toparty": 4,
"msgtype": "text",
"agentid": 1000005,
"text": {
"content": "告警测试"
},
"safe": 0
}' "https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=<qywx-access-token>"
# 回显内容
{"errcode":60020,"errmsg":"not allow to access from your ip, hint: [1744441094419152176073175], from ip: <trusted-ip>, more info at https://open.work.weixin.qq.com/devtool/query?e=60020"}
最终汇总获取信息:
-
to_party:4
-
agent_id:1000005
-
api_secret:<corp-secret>
- corp_id:<corp-id>
- 企业可信IP:<trusted-ip>
- 访问令牌:<qywx-access-token>
四、配置基于企微的webhook¶
下载 install.yaml
[root@master01 17]# mkdir notifications && cd notifications/
[root@master01 notifications]# wget https://raw.githubusercontent.com/argoproj-labs/argocd-notifications/stable/manifests/install.yaml
修改 install.yaml 文件中的镜像为国内镜像
[root@master01 notifications]# sed -i s#argoprojlabs/argocd-notifications:v1.2.1#registry.cn-hangzhou.aliyuncs.com/abroad_images/argocd-notifications:v1.2.1#g install.yaml
# 验证
[root@master01 notifications]# grep -ri "image:" install.yaml
image: registry.cn-hangzhou.aliyuncs.com/abroad_images/argocd-notifications:v1.2.1
修改 install.yaml 文件中的 argocd-notifications-cm 添加相关配置才能支持企业微信机器人。
# 在官网下载的配置文件下新增如下内容
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-notifications-cm
data:
service.webhook.qywx: |
url: https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=<qywx-webhook-key>
headers:
- name: Content-Type
value: application/json
context: |
argocdUrl: https://argocd.example.com
template.app-sync-change: |
webhook:
qywx:
method: POST
body: |
{
"msgtype": "markdown",
"markdown": {
"content": "
### ArgoCD服务发版成功
> <font color=\"info\">服务名称</font>: {{.app.metadata.name}}
> <font color=\"info\">app同步状态</font>: {{.app.status.operationState.phase}}
> <font color=\"info\">app服务状态</font>: {{.app.status.health.status}}
> <font color=\"info\">时间</font>: {{.app.status.operationState.startedAt}}
> <font color=\"info\">URL</font>: [点击跳转ArgoCD]({{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true)"
}
}
template.app-sync-degraded: |
webhook:
qywx:
method: POST
body: |
{
"msgtype": "markdown",
"markdown": {
"content": "
### ArgoCD服务发版失败
> <font color=\"warning\">服务名称</font>: {{.app.metadata.name}}
> <font color=\"warning\">app同步状态</font>: {{.app.status.operationState.phase}}
> <font color=\"warning\">app服务状态</font>: {{.app.status.health.status}}
> <font color=\"warning\">时间</font>: {{.app.status.operationState.startedAt}}
> <font color=\"warning\">URL</font>: [点击跳转ArgoCD]({{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true)"
}
}
trigger.on-deployed: |
- description: Application is synced and healthy. Triggered once per commit.
send: [app-sync-change] # template names
# trigger condition
when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
trigger.on-health-degraded: |
- description: Application has degraded
send: [app-sync-degraded]
when: app.status.health.status == 'Degraded'
trigger.on-sync-failed: |
- description: Application syncing has failed
send: [app-sync-degraded] # template names
when: app.status.operationState.phase in ['Error', 'Failed']
trigger.on-sync-running: |
- description: Application is being synced
send: [app-sync-change] # template names
when: app.status.operationState.phase in ['Running']
trigger.on-sync-status-unknown: |
- description: Application status is 'Unknown'
send: [app-sync-degraded] # template names
when: app.status.sync.status == 'Unknown'
trigger.on-sync-succeeded: |
- description: Application syncing has succeeded
send: [app-sync-change] # template names
when: app.status.operationState.phase in ['Succeeded']
subscriptions: |
- recipients: [qywx]
triggers: [on-deployed, on-sync-failed, on-health-degraded]
# 完整配置文件
[root@master01 notifications]# vim install.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: argocd-notifications-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argocd-notifications-controller
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resourceNames:
- argocd-notifications-cm
resources:
- configmaps
verbs:
- get
- apiGroups:
- ""
resourceNames:
- argocd-notifications-secret
resources:
- secrets
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argocd-notifications-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-notifications-controller
subjects:
- kind: ServiceAccount
name: argocd-notifications-controller
---
apiVersion: v1
kind: ConfigMap
metadata:
creationTimestamp: null
name: argocd-notifications-cm
---
apiVersion: v1
kind: Secret
metadata:
name: argocd-notifications-secret
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: argocd-notifications-controller-metrics
name: argocd-notifications-controller-metrics
spec:
ports:
- name: metrics
port: 9001
protocol: TCP
targetPort: 9001
selector:
app.kubernetes.io/name: argocd-notifications-controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-notifications-controller
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-notifications-controller
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: argocd-notifications-controller
spec:
containers:
- command:
- /app/argocd-notifications-backend
- controller
image: registry.cn-hangzhou.aliyuncs.com/abroad_images/argocd-notifications:v1.2.1
imagePullPolicy: Always
livenessProbe:
tcpSocket:
port: 9001
name: argocd-notifications-controller
volumeMounts:
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
workingDir: /app
securityContext:
runAsNonRoot: true
serviceAccountName: argocd-notifications-controller
volumes:
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
---
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-notifications-cm
data:
service.webhook.qywx: |
url: https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=<qywx-webhook-key>
headers:
- name: Content-Type
value: application/json
subscriptions: |
- recipients:
- qywx
triggers: [on-sync-running, on-deployed, on-sync-failed, on-sync-succeeded]
context: |
argocdUrl: https://argocd.example.com
template.app-sync-change: |
webhook:
qywx:
method: POST
body: |
{
"msgtype": "markdown",
"markdown": {
"content": "
### ArgoCD服务发版成功
> <font color=\"info\">服务名称</font>: {{.app.metadata.name}}
> <font color=\"info\">app同步状态</font>: {{.app.status.operationState.phase}}
> <font color=\"info\">app服务状态</font>: {{.app.status.health.status}}
> <font color=\"info\">时间</font>: {{.app.status.operationState.startedAt}}
> <font color=\"info\">URL</font>: [点击跳转ArgoCD]({{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true)"
}
}
template.app-sync-degraded: |
webhook:
qywx:
method: POST
body: |
{
"msgtype": "markdown",
"markdown": {
"content": "
### ArgoCD服务发版失败
> <font color=\"warning\">服务名称</font>: {{.app.metadata.name}}
> <font color=\"warning\">app同步状态</font>: {{.app.status.operationState.phase}}
> <font color=\"warning\">app服务状态</font>: {{.app.status.health.status}}
> <font color=\"warning\">时间</font>: {{.app.status.operationState.startedAt}}
> <font color=\"warning\">URL</font>: [点击跳转ArgoCD]({{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true)"
}
}
trigger.on-deployed: |
- description: Application is synced and healthy. Triggered once per commit.
send: [app-sync-change] # template names
# trigger condition
when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
trigger.on-health-degraded: |
- description: Application has degraded
send: [app-sync-degraded]
when: app.status.health.status == 'Degraded'
trigger.on-sync-failed: |
- description: Application syncing has failed
send: [app-sync-degraded] # template names
when: app.status.operationState.phase in ['Error', 'Failed']
trigger.on-sync-running: |
- description: Application is being synced
send: [app-sync-change] # template names
when: app.status.operationState.phase in ['Running']
trigger.on-sync-status-unknown: |
- description: Application status is 'Unknown'
send: [app-sync-degraded] # template names
when: app.status.sync.status == 'Unknown'
trigger.on-sync-succeeded: |
- description: Application syncing has succeeded
send: [app-sync-change] # template names
when: app.status.operationState.phase in ['Succeeded']
配置完成,更新整个资源清单文件:
[root@master01 notifications]# kaf install.yaml -nargocd
查看验证 argocd-notifications :
[root@master01 notifications]# kubectl get po -nargocd |grep notification
argocd-notifications-controller-7f87584d78-hlrmz 1/1 Running 0 2m58s
4.1 配置解析¶
4.1.1 Webhook配置¶
这部分配置指定了一个企业微信(QYWX,即企业微信的缩写)的 Webhook URL,用于接收来自 Argo CD 的通知。
service.webhook.qywx: |
url: https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=<qywx-webhook-key>
headers:
- name: Content-Type
value: application/json
-
url : 企业微信的 Webhook URL。
-
headers : 设置请求头,这里指定了内容类型为 application/json 。
4.1.2 上下文信息¶
这部分配置定义了一个上下文变量,用于在通知模板中引用 Argo CD 的URL。
context: |
argocdUrl: https://argocd.example.com
- argocdUrl : Argo CD 的访问 URL。
4.1.3 通知模板¶
这里有两个模板,分别用于处理同步成功和同步失败的情况。
template.app-sync-change: |
webhook:
qywx:
method: POST
body: |
...
template.app-sync-degraded: |
webhook:
qywx:
method: POST
body: |
...
-
webhook : 指定使用 Webhook 方式发送通知。
-
method : HTTP 请求的方法,这里是 POST 。
-
body : 发送的 JSON 格式的消息体,包含消息的内容。
4.1.4 触发器¶
这部分定义了不同状态下的触发条件和相应的通知模板。
trigger.on-deployed: |
- send: [app-sync-change]
when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
trigger.on-health-degraded: |
- send: [app-sync-degraded]
when: app.status.health.status == 'Degraded'
trigger.on-sync-failed: |
- send: [app-sync-degraded]
when: app.status.operationState.phase in ['Error', 'Failed']
trigger.on-sync-running: |
- send: [app-sync-change]
when: app.status.operationState.phase in ['Running']
trigger.on-sync-status-unknown: |
- send: [app-sync-degraded]
when: app.status.sync.status == 'Unknown'
trigger.on-sync-succeeded: |
- send: [app-sync-change]
when: app.status.operationState.phase in ['Succeeded']
-
send : 当触发条件满足时发送的通知模板名称。
-
when : 触发条件,描述了应用状态满足何种条件时触发通知。
4.1.5 订阅¶
最后,订阅部分指定了哪些触发器会发送通知到哪些接收者。
subscriptions: |
- recipients: [qywx]
triggers: [on-deployed, on-sync-failed, on-health-degraded]
-
recipients : 接收通知的服务列表,这里只有一个企业微信的 Webhook。
-
triggers : 当这些触发器被激活时,将会发送通知给指定的接收者。
4.2 测试验证¶
安装完成后重新去修改下 APP 服务的副本数量, Sync APP 服务,正常就可以在企业微信中收到如下所示的消息通知了
1)代码更新
- 新增 replicas:2 --> 4
[root@master01 ~]# cd /root/17/myapp/dev/
[root@master01 dev]# vim deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
namespace: demo
spec:
selector:
matchLabels:
app: myapp
replicas: 4
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: registry.cn-hangzhou.aliyuncs.com/abroad_images/nginx:1.15.12
ports:
- containerPort: 80
2)代码提交
[root@master01 ~]# cd /root/17/myapp/
[root@master01 myapp]# git commit -am "update myapp"
[root@master01 myapp]# git push
...
Username for 'http://gitlab.example.com': root
Password for 'http://root@gitlab.example.com': <gitlab-password>
...
五、基于钉钉的 webhook¶
5.1 配置解析¶
下载 install.yaml
[root@master01 17]# mkdir notifications && cd notifications/
[root@master01 notifications]# wget https://raw.githubusercontent.com/argoproj-labs/argocd-notifications/stable/manifests/install.yaml
修改 install.yaml 文件中的镜像为国内镜像
[root@master01 notifications]# sed -i s#argoprojlabs/argocd-notifications:v1.2.1#registry.cn-hangzhou.aliyuncs.com/abroad_images/argocd-notifications:v1.2.1#g install.yaml
# 验证
[root@master01 notifications]# grep -ri "image:" install.yaml
image: registry.cn-hangzhou.aliyuncs.com/abroad_images/argocd-notifications:v1.2.1
修改 install.yaml 文件中的 argocd-notifications-cm 添加相关配置才能支持企业微信机器人。
# 在官网下载的配置文件下新增如下内容
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-notifications-cm
data:
service.webhook.dingtalk: |
url: https://oapi.dingtalk.com/robot/send?access_token=<dingtalk-access-token>
headers:
- name: Content-Type
value: application/json
context: |
argocdUrl: https://argocd.example.com
template.app-sync-change: |
webhook:
dingtalk:
method: POST
body: |
{
"msgtype": "markdown",
"markdown": {
"title": "ArgoCD同步状态",
"text": "### ArgoCD同步状态\n> - app名称: {{.app.metadata.name}}\n> - app同步状态: {{ .app.status.operationState.phase}}\n> - 时间: {{.app.status.operationState.startedAt}}\n> - URL: [点击跳转ArgoCD]({{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true) \n"
}
}
trigger.on-deployed: |
- description: Application is synced and healthy. Triggered once per commit.
oncePer: app.status.sync.revision
send: [app-sync-change] # template names
# trigger condition
when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
trigger.on-health-degraded: |
- description: Application has degraded
send: [app-sync-change]
when: app.status.health.status == 'Degraded'
trigger.on-sync-failed: |
- description: Application syncing has failed
send: [app-sync-change] # template names
when: app.status.operationState.phase in ['Error', 'Failed']
trigger.on-sync-running: |
- description: Application is being synced
send: [app-sync-change] # template names
when: app.status.operationState.phase in ['Running']
trigger.on-sync-status-unknown: |
- description: Application status is 'Unknown'
send: [app-sync-change] # template names
when: app.status.sync.status == 'Unknown'
trigger.on-sync-succeeded: |
- description: Application syncing has succeeded
send: [app-sync-change] # template names
when: app.status.operationState.phase in ['Succeeded']
subscriptions: |
- recipients: [dingtalk]
triggers: [on-sync-running, on-deployed, on-sync-failed, on-sync-succeeded]
# 完整配置文件
[root@master01 notifications]# vim install.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: argocd-notifications-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argocd-notifications-controller
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resourceNames:
- argocd-notifications-cm
resources:
- configmaps
verbs:
- get
- apiGroups:
- ""
resourceNames:
- argocd-notifications-secret
resources:
- secrets
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argocd-notifications-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-notifications-controller
subjects:
- kind: ServiceAccount
name: argocd-notifications-controller
---
apiVersion: v1
kind: ConfigMap
metadata:
creationTimestamp: null
name: argocd-notifications-cm
---
apiVersion: v1
kind: Secret
metadata:
name: argocd-notifications-secret
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: argocd-notifications-controller-metrics
name: argocd-notifications-controller-metrics
spec:
ports:
- name: metrics
port: 9001
protocol: TCP
targetPort: 9001
selector:
app.kubernetes.io/name: argocd-notifications-controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-notifications-controller
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-notifications-controller
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: argocd-notifications-controller
spec:
containers:
- command:
- /app/argocd-notifications-backend
- controller
image: registry.cn-hangzhou.aliyuncs.com/abroad_images/argocd-notifications:v1.2.1
imagePullPolicy: Always
livenessProbe:
tcpSocket:
port: 9001
name: argocd-notifications-controller
volumeMounts:
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
workingDir: /app
securityContext:
runAsNonRoot: true
serviceAccountName: argocd-notifications-controller
volumes:
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
---
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-notifications-cm
data:
service.webhook.dingtalk: |
url: https://oapi.dingtalk.com/robot/send?access_token=<dingtalk-access-token>
headers:
- name: Content-Type
value: application/json
context: |
argocdUrl: https://argocd.example.com
template.app-sync-change: |
webhook:
dingtalk:
method: POST
body: |
{
"msgtype": "markdown",
"markdown": {
"title": "ArgoCD同步状态",
"text": "### ArgoCD同步状态\n> - app名称: {{.app.metadata.name}}\n> - app同步状态: {{ .app.status.operationState.phase}}\n> - 时间: {{.app.status.operationState.startedAt}}\n> - URL: [点击跳转ArgoCD]({{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true) \n"
}
}
trigger.on-deployed: |
- description: Application is synced and healthy. Triggered once per commit.
oncePer: app.status.sync.revision
send: [app-sync-change] # template names
# trigger condition
when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
trigger.on-health-degraded: |
- description: Application has degraded
send: [app-sync-change]
when: app.status.health.status == 'Degraded'
trigger.on-sync-failed: |
- description: Application syncing has failed
send: [app-sync-change] # template names
when: app.status.operationState.phase in ['Error', 'Failed']
trigger.on-sync-running: |
- description: Application is being synced
send: [app-sync-change] # template names
when: app.status.operationState.phase in ['Running']
trigger.on-sync-status-unknown: |
- description: Application status is 'Unknown'
send: [app-sync-change] # template names
when: app.status.sync.status == 'Unknown'
trigger.on-sync-succeeded: |
- description: Application syncing has succeeded
send: [app-sync-change] # template names
when: app.status.operationState.phase in ['Succeeded']
subscriptions: |
- recipients: [dingtalk]
triggers: [on-sync-running, on-deployed, on-sync-failed, on-sync-succeeded]
配置完成,更新整个资源清单文件:
[root@master01 notifications]# kaf install.yaml -nargocd
查看验证 argocd-notifications :
[root@master01 notifications]# kubectl get po -nargocd |grep notification
argocd-notifications-controller-7f87584d78-hlrmz 1/1 Running 0 2m58s
5.2 测试验证¶
钉钉机器人的Webhook:
- https://oapi.dingtalk.com/robot/send?access_token=<dingtalk-access-token>
钉钉机器人需要自定义关键字为ArgoCD同步
安装完成后重新去修改下 APP 服务的副本数量, Sync APP 服务,正常就可以在钉钉中收到如下所示的消息通知了
1)代码更新
- 新增 replicas:2 --> 4
[root@master01 ~]# cd /root/17/myapp/dev/
[root@master01 dev]# vim deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
namespace: demo
spec:
selector:
matchLabels:
app: myapp
replicas: 2
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: registry.cn-hangzhou.aliyuncs.com/abroad_images/nginx:1.15.12
ports:
- containerPort: 80
2)代码提交
[root@master01 ~]# cd /root/17/myapp/
[root@master01 myapp]# git commit -am "update myapp"
[root@master01 myapp]# git push
...
Username for 'http://gitlab.example.com': root
Password for 'http://root@gitlab.example.com': <gitlab-password>
...
