All Products
Search

This Product

    Container Service for Kubernetes:Migrate data from self-managed ArgoCD to ACK One GitOps

    Document Center

    Container Service for Kubernetes:Migrate data from self-managed ArgoCD to ACK One GitOps

    Last Updated:Dec 02, 2024

    This topic describes how to migrate a self-managed ArgoCD master cluster to ACK One.

    Overview

    When you migrate data from self-managed ArgoCD to Distributed Cloud Container Platform for Kubernetes (ACK One) GitOps, it takes a long time to manually migrate data one by one because a large number of clusters, repositories, and applications are involved. Therefore, you can use onectl to perform fast data migration from self-managed ArgoCD to ACK One. The following figure shows the architecture of the migration.

    image

    • Based on the specified Fleet ID and ACK cluster ID (including the registered cluster) of the self-managed ArgoCD master cluster, onectl migrates the cluster Secrets, repository Secrets, and applications from the self-managed ArgoCD master cluster to the ACK One Fleet instance by using the kubeconfig files.

      Note

      If the self-managed ArgoCD master cluster is an on-premises cluster, connect it to the registered cluster before migration. For more information, see Create a registered cluster.

    • If you have modified the ConfigMap of the self-managed ArgoCD master cluster, modify the corresponding configurations in the ACK One Fleet instance before migration.

    • If you have added custom labels to the cluster Secrets, configure the labels on the ArgoCD UI in ACK One GitOps after the cluster is migrated.

    • After the applications are migrated by using onectl, you can delete the applications from the self-managed ArgoCD master cluster in a non-cascading manner to disconnect them from the cluster where they reside. The applications are exclusively managed by ACK One GitOps.

    Prerequisites

    Step 1: Configure a RAM user for onectl

    You must log on as a Resource Access Management (RAM) user so that you can migrate applications from the Application Center of the self-managed ArgoCD to ACK One GitOps. onectl uses the AccessKey ID and AccessKey secret of the RAM user to manage cloud resources. Therefore, you must grant the following permissions to the RAM user by using your Alibaba Cloud account.

    1. Grant the AliyunAdcpFullAccess permission. For more information, see Attach a system permission policy to a RAM user or RAM role.

    2. Grant the AliyunCSReadOnly permission, or add the ACK template permission. The following code provides an example of the ACK template policy: 

      {
    "Action": [
        "cs:DescribeTemplates",
        "cs:DescribeTemplateAttribute",
        "cs:DescribeClusterUserKubeconfig"
    ],
    "Resource": [
        "*"
    ],
    "Effect": "Allow"
}

    3. Grant the administrator permissions to the self-managed ArgoCD cluster. For more information, see Use RBAC to manage the operation permissions on resources in a cluster.

    4. Run the following command to configure the AccessKey ID and AccessKey secret for the RAM user of onectl. Access Key Id and Access Key Secret must be configured. 

      onectl configure

      Expected output:

      Configuring profile default ...
Access Key Id [*********************NaY]: 
Access Key Secret [***************************HUd]: 
Ram Username []: 
Default Kubeconfig Path (default is ~/.kube/config) []: 
Saving profile[default] ...
Done.

    Step 2: Migrate clusters

    1. To simplify the migration command, the ID of the ACK One Fleet instance and the ID of the master cluster are specified as environment variables. onectl obtains the kubeconfig files of the Fleet instance and master cluster based on the clusterid parameter and saves the files to the ~/.onectl/ directory. 

      export ACKONE_HUB_CLUSTER_ID=ccc47ca148d0147519f229bba********
export ARGOCD_CLUSTER_ID=ce4bb2004bb0e409eaa4c593d********

    2. You can migrate the cluster by using one of the following methods:

      1. Method 1: Associate the cluster (non-master cluster) of the self-managed ArgoCD environment with the ACK One Fleet instance in the ACK One console.

      2. Method 2: Migrate the cluster by using onectl.

        1. Add the ack_cluster_id: <your ack cluster id> label to all cluster Secrets in the self-managed ArgoCD master cluster to specify the corresponding ACK cluster. You can use the self-managed ArgoCD UI or kubectl to modify the Secret.

        2. Run the following onectl command to migrate the cluster in the self-managed ArgoCD master cluster to ACK One GitOps: 

          onectl migrate clusters -n argocd
          Note

          If you have added label or annotation to Cluster Secret in the self-managed ArgoCD environment, you can add them on the ArgoCD UI in ACK One GitOps after you complete this step.

    Step 3: Migrate Git repository configurations

    1. Run the following command to migrate Git resources from the master cluster to ACK One GitOps: 

      onectl migrate repos -n argocd

    2. Run the following command to check the status of a specific type of resource or all types of resources: 

      #onectl migrate status [clusters|repos|apps] -nargocd

# Query the status of all types of resources. 
onectl migrate status -nargocd

# Query the status of a specific type of resource. 
onectl migrate status clusters -nargocd
onectl migrate status repos -nargocd
onectl migrate status apps -nargocd

      Expected output:

      #################### Clusters Status ####################
All 1 clusters were attached successfully to ACK One ccc47****** !
CLUSTER       STATE    MESSAGE
ce4b******    Succeed  

#################### Repositories Status ####################
All 1 repos were migrated successfully to ACK One ccc47****** !
STATE    REPO                                     									TYPE  NAME              MESSAGE
Succeed  https://github.com/AliyunContainerService/gitops-demo.git  git 

#################### Applications Status ####################
-------------------- Git/Helm Applications --------------------
Total 'Git/Helm' type applications: 1, success to migrate: 0, pending to migrate: 1
STATE    NAME       NAMESPACE  CLUSTER  STATUS  HEALTH  REPO  PATH  TARGET  MESSAGE
Pending  app-git-2  argocd                                                  application has not been migrated to ACK One ccc47******

-------------------- Template Applications --------------------
STATE    NAME            NAMESPACE  TEMPLATEID                            TEMPLATEPATH  MESSAGE

    Step 4: Migrate applications

    1. onectl allows you to migrate one or more applications or all applications at the same time. We recommend that you select a method based on your business requirements.

      Migrate all applications

      Run the following command to migrate all applications: 

      onectl migrate apps -n argocd --all

      Expected output: 

      Applications in source cluster (ArgoCD or AppCenter cluster):
NAME            NAMESPACE  TYPE      TEMPLATEID
app-git-2       argocd     Git/Helm  
will be migrated to ACK One ccc47******. Please checking the source cluster and ACK One cluster. Are you sure to migrate the Applications?  [Y/n] y

Total 1 applications will be migrated to ACK One ccc47****** ...
-------------------- Git/Helm Applications --------------------
Application argocd/app-git-2 was migrated succeessfully.
All 1 'Git/Helm' type applications has been migrated successfully o ACK One ccc47******.
STATE    NAME       NAMESPACE  CLUSTER                     STATUS  HEALTH   REPO                                     PATH                        TARGET  MESSAGE
Succeed  app-git-2  argocd     https://172.16.**.**:6443  Synced  Healthy  git@github.com:**/gitops-demo.git  manifests/helm/echo-server  main    

-------------------- Template Applications --------------------
No 'Template' type applications need to be migrated.

      Migrate one or more applications

      Run the following command to migrate one or more applications: 

      onectl migrate apps ${app1Name} -n argocd  
# Replace ${app1Name} with the name of the application that you want to migrate.

      Expected output: 

      Applications in source cluster (ArgoCD or AppCenter cluster):
NAME       NAMESPACE  TYPE      TEMPLATEID
app-git-2  argocd     Git/Helm  
will be migrated to ACK One ccc47******. Please checking the source cluster and ACK One cluster. Are you sure to migrate the Applications?  [Y/n] y

Total 1 applications will be migrated to ACK One ccc47****** ...
-------------------- Git/Helm Applications --------------------
Application argocd/app-git-2 was migrated succeessfully.
All 1 'Git/Helm' type applications has been migrated successfully o ACK One ccc47ca148d0147519f229bbaea2963b6.
STATE    NAME       NAMESPACE  CLUSTER                     STATUS  HEALTH   REPO                                     PATH                        TARGET  MESSAGE
Succeed  app-git-2  argocd     https://172.16.**.**:6443   Synced  Healthy  git@github.com:**/gitops-demo.git  manifests/helm/echo-server  main    

-------------------- Template Applications --------------------
No 'Template' type applications need to be migrated.

    2. Run the following command in the master cluster of the Application Center to remove the application resources from the self-managed ArgoCD in a non-cascading manner. This ensures that your business is not affected. 

      kubectl --kubeconfig ${ARGOCD_CLUSTER_KUBECONFIG_PATH} delete app ${appName}  -n argocd --cascade=false
      Note

      You must specify the --cascade=false parameter in the delete command. Otherwise, the Kubernetes resources related to the applications are also deleted.

    FAQ

    The value of the CONNECTION STATUS parameter of the repository added to ACK One GitOps is Failed.

    1. Connect to the ACK One Fleet instance and run the following command to view logs: 

      kubectl -nargocd get pod

kubectl -nargocd logs argocd-server-xx -c argocd-repo-server

      If the context deadline exceeded (Client.Timeout exceeded while awaiting headers) error message appears in the log, network connectivity issues may have occurred. We recommend that you check whether the ACK One Fleet instance can access the Internet.

    2. Check whether Internet NAT gateways are created in the virtual private cloud (VPC) that you selected.

      1. Log on to the ACK One console. In the left-side navigation pane, choose Fleet > Fleet Information.

      2. Click the Basic Information tab. Find the VPC and click the link next to VPC to go to the VPC details page.

      3. On the VPC page, click the Resource Management tab to view the Access to Internet section.

    What containers are included in argocd-server?

    Container name

    Description

    argocd-server

    Specifies the API server of ArgoCD, which is used to expose APIs to Web UI, CLI, and continuous integration or continuous delivery (CI/CD) systems.

    argocd-application-controller

    Specifies a Kubernetes controller, which is used to coordinate application and project resources in the cluster and synchronize the application status from the Git repository to the Kubernetes cluster.

    argocd-applicationset-controller

    This container is used to coordinate ApplicationSets in clusters. An ApplicationSet is used to create and deploy applications to multiple clusters.

    argocd-repo-server

    This container can interact with the Git repository and generate and return Kubernetes manifests.

    redis

    This container is used to provide a caching layer for ArgoCD to reduce the requests sent to the Kubernetes API server and Git repository server.

    dex

    ArgoCD relies on this container to authenticate external OpenID Connect (OIDC) providers. You can also use other tools.

    argocd-image-updater

    This container is used to detect changes to the container images of Kubernetes workloads managed by ArgoCD, such as Deployments, and automatically update the images to the latest version.