Kubernetes持续集成与持续交付最佳实践:构建自动化部署流水线
Kubernetes持续集成与持续交付最佳实践:构建自动化部署流水线
一、CI/CD概述
**CI/CD(持续集成/持续交付)**是一种自动化软件交付的方法论,在Kubernetes环境中集成CI/CD可以实现应用的自动化构建、测试和部署。
1.1 CI/CD流程
代码提交 → CI构建 → 测试 → 镜像推送 → CD部署 → 验证 ↓ ↓ ↓ ↓ ↓ GitLab Jenkins SonarQube Harbor Kubernetes1.2 CI/CD工具链
| 环节 | 工具 | 说明 |
|---|---|---|
| 源码管理 | Git、GitHub、GitLab | 代码版本控制 |
| 持续集成 | Jenkins、GitLab CI、GitHub Actions | 自动化构建测试 |
| 代码质量 | SonarQube | 代码质量检测 |
| 镜像管理 | Harbor、Docker Hub | 容器镜像仓库 |
| 持续部署 | Argo CD、Flux CD | GitOps部署 |
二、GitHub Actions配置
2.1 基础CI/CD流水线
name: CI/CD Pipeline on: push: branches: [ main ] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Login to Docker Hub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push uses: docker/build-push-action@v4 with: context: . push: true tags: ${{ secrets.DOCKER_USERNAME }}/my-app:${{ github.sha }} test: needs: build runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Run tests run: npm test deploy: needs: test runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Set up Kubectl uses: azure/setup-kubectl@v3 - name: Deploy to Kubernetes run: | echo "${{ secrets.KUBE_CONFIG }}" | base64 -d > kubeconfig kubectl --kubeconfig=kubeconfig set image deployment/my-app app=${{ secrets.DOCKER_USERNAME }}/my-app:${{ github.sha }}2.2 多环境部署
name: Multi-Environment Deploy on: push: branches: [ main ] jobs: build: runs-on: ubuntu-latest outputs: image-tag: ${{ steps.build.outputs.tag }} steps: - uses: actions/checkout@v3 - name: Build image id: build run: | TAG=$(git rev-parse --short HEAD) echo "tag=$TAG" >> $GITHUB_OUTPUT docker build -t my-app:$TAG . deploy-dev: needs: build environment: development runs-on: ubuntu-latest steps: - name: Deploy to dev run: kubectl set image deployment/my-app app=my-app:${{ needs.build.outputs.image-tag }} -n dev deploy-staging: needs: deploy-dev environment: staging runs-on: ubuntu-latest steps: - name: Deploy to staging run: kubectl set image deployment/my-app app=my-app:${{ needs.build.outputs.image-tag }} -n staging deploy-prod: needs: deploy-staging environment: production runs-on: ubuntu-latest steps: - name: Deploy to prod run: kubectl set image deployment/my-app app=my-app:${{ needs.build.outputs.image-tag }} -n prod三、GitLab CI配置
3.1 基础CI配置
image: docker:latest services: - docker:dind stages: - build - test - deploy build: stage: build script: - docker build -t my-app:$CI_COMMIT_SHA . - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - docker push my-app:$CI_COMMIT_SHA test: stage: test script: - docker run my-app:$CI_COMMIT_SHA npm test deploy: stage: deploy script: - kubectl set image deployment/my-app app=my-app:$CI_COMMIT_SHA only: - main3.2 环境变量配置
variables: DOCKER_HOST: tcp://docker:2376 DOCKER_TLS_CERTDIR: "/certs" KUBECONFIG: /etc/kubernetes/config stages: - build - test - deploy build: stage: build image: docker:latest services: - docker:dind script: - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA . - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA test: stage: test image: node:latest script: - npm install - npm test deploy: stage: deploy image: bitnami/kubectl:latest script: - kubectl apply -f deployment.yaml - kubectl set image deployment/my-app app=$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA四、Jenkins配置
4.1 Jenkins Pipeline
pipeline { agent any stages { stage('Checkout') { steps { git branch: 'main', url: 'https://github.com/example/app.git' } } stage('Build') { steps { sh 'docker build -t my-app:${BUILD_NUMBER} .' } } stage('Test') { steps { sh 'docker run my-app:${BUILD_NUMBER} npm test' } } stage('Push') { steps { sh 'docker push my-app:${BUILD_NUMBER}' } } stage('Deploy') { steps { sh 'kubectl set image deployment/my-app app=my-app:${BUILD_NUMBER}' } } } post { success { echo 'Deployment successful!' } failure { echo 'Deployment failed!' } } }4.2 Kubernetes Jenkins Agent
apiVersion: v1 kind: Pod metadata: name: jenkins-agent spec: containers: - name: docker image: docker:latest command: - cat tty: true volumeMounts: - name: docker-sock mountPath: /var/run/docker.sock - name: kubectl image: bitnami/kubectl:latest command: - cat tty: true volumes: - name: docker-sock hostPath: path: /var/run/docker.sock五、Argo CD配置
5.1 Argo CD应用配置
apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: my-app namespace: argocd spec: project: default source: repoURL: https://github.com/example/gitops-repo targetRevision: HEAD path: apps/my-app destination: server: https://kubernetes.default.svc namespace: default syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true5.2 Argo CD项目配置
apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: name: my-project namespace: argocd spec: description: My project sourceRepos: - https://github.com/example/* destinations: - namespace: default server: https://kubernetes.default.svc clusterResourceWhitelist: - group: '*' kind: '*'六、Flux CD配置
6.1 Flux CD安装
flux bootstrap github \ --owner=my-github-username \ --repository=fleet-infra \ --branch=main \ --path=./clusters/my-cluster \ --personal6.2 Flux CD Kustomization
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: my-app namespace: flux-system spec: interval: 10m0s path: ./apps/my-app prune: true sourceRef: kind: GitRepository name: flux-system healthChecks: - apiVersion: apps/v1 kind: Deployment name: my-app namespace: default七、代码质量检测
7.1 SonarQube集成
name: SonarQube Analysis on: push: branches: [ main ] jobs: sonarqube: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@master env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}7.2 代码覆盖率
name: Code Coverage on: push: branches: [ main ] jobs: coverage: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Install dependencies run: npm install - name: Run tests with coverage run: npm test -- --coverage - name: Upload coverage to Codecov uses: codecov/codecov-action@v3 with: files: ./coverage/lcov.info八、部署验证
8.1 健康检查集成
apiVersion: apps/v1 kind: Deployment metadata: name: my-app spec: template: spec: containers: - name: app image: my-app:latest livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: /ready port: 8080 initialDelaySeconds: 5 periodSeconds: 58.2 部署验证脚本
#!/bin/bash kubectl rollout status deployment/my-app kubectl get pods -l app=my-app curl -f http://my-app:8080/health || exit 1九、总结
CI/CD最佳实践可以实现:
- 自动化构建:代码提交自动触发构建流程
- 自动化测试:集成代码质量和安全检测
- 自动化部署:GitOps实现持续交付
- 部署验证:自动验证部署结果
建议根据团队需求选择合适的CI/CD工具链,并结合GitOps实现可追溯、可回滚的部署流程。
参考资料:
- GitHub Actions文档
- GitLab CI文档
- Argo CD文档
- Flux CD文档