当前位置: 首页 > news >正文

Kubernetes持续集成与持续交付最佳实践:构建自动化部署流水线

news 2026/5/27 0:09:30
Kubernetes持续集成与持续交付最佳实践构建自动化部署流水线一、CI/CD概述**CI/CD持续集成/持续交付**是一种自动化软件交付的方法论在Kubernetes环境中集成CI/CD可以实现应用的自动化构建、测试和部署。1.1 CI/CD流程代码提交 → CI构建 → 测试 → 镜像推送 → CD部署 → 验证 ↓ ↓ ↓ ↓ ↓ GitLab Jenkins SonarQube Harbor Kubernetes1.2 CI/CD工具链环节工具说明源码管理Git、GitHub、GitLab代码版本控制持续集成Jenkins、GitLab CI、GitHub Actions自动化构建测试代码质量SonarQube代码质量检测镜像管理Harbor、Docker Hub容器镜像仓库持续部署Argo CD、Flux CDGitOps部署二、GitHub Actions配置2.1 基础CI/CD流水线name: CI/CD Pipeline on: push: branches: [ main ] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkoutv3 - name: Set up Docker Buildx uses: docker/setup-buildx-actionv2 - name: Login to Docker Hub uses: docker/login-actionv2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push uses: docker/build-push-actionv4 with: context: . push: true tags: ${{ secrets.DOCKER_USERNAME }}/my-app:${{ github.sha }} test: needs: build runs-on: ubuntu-latest steps: - uses: actions/checkoutv3 - name: Run tests run: npm test deploy: needs: test runs-on: ubuntu-latest steps: - uses: actions/checkoutv3 - name: Set up Kubectl uses: azure/setup-kubectlv3 - name: Deploy to Kubernetes run: | echo ${{ secrets.KUBE_CONFIG }} | base64 -d kubeconfig kubectl --kubeconfigkubeconfig set image deployment/my-app app${{ secrets.DOCKER_USERNAME }}/my-app:${{ github.sha }}2.2 多环境部署name: Multi-Environment Deploy on: push: branches: [ main ] jobs: build: runs-on: ubuntu-latest outputs: image-tag: ${{ steps.build.outputs.tag }} steps: - uses: actions/checkoutv3 - name: Build image id: build run: | TAG$(git rev-parse --short HEAD) echo tag$TAG $GITHUB_OUTPUT docker build -t my-app:$TAG . deploy-dev: needs: build environment: development runs-on: ubuntu-latest steps: - name: Deploy to dev run: kubectl set image deployment/my-app appmy-app:${{ needs.build.outputs.image-tag }} -n dev deploy-staging: needs: deploy-dev environment: staging runs-on: ubuntu-latest steps: - name: Deploy to staging run: kubectl set image deployment/my-app appmy-app:${{ needs.build.outputs.image-tag }} -n staging deploy-prod: needs: deploy-staging environment: production runs-on: ubuntu-latest steps: - name: Deploy to prod run: kubectl set image deployment/my-app appmy-app:${{ needs.build.outputs.image-tag }} -n prod三、GitLab CI配置3.1 基础CI配置image: docker:latest services: - docker:dind stages: - build - test - deploy build: stage: build script: - docker build -t my-app:$CI_COMMIT_SHA . - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - docker push my-app:$CI_COMMIT_SHA test: stage: test script: - docker run my-app:$CI_COMMIT_SHA npm test deploy: stage: deploy script: - kubectl set image deployment/my-app appmy-app:$CI_COMMIT_SHA only: - main3.2 环境变量配置variables: DOCKER_HOST: tcp://docker:2376 DOCKER_TLS_CERTDIR: /certs KUBECONFIG: /etc/kubernetes/config stages: - build - test - deploy build: stage: build image: docker:latest services: - docker:dind script: - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA . - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA test: stage: test image: node:latest script: - npm install - npm test deploy: stage: deploy image: bitnami/kubectl:latest script: - kubectl apply -f deployment.yaml - kubectl set image deployment/my-app app$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA四、Jenkins配置4.1 Jenkins Pipelinepipeline { agent any stages { stage(Checkout) { steps { git branch: main, url: https://github.com/example/app.git } } stage(Build) { steps { sh docker build -t my-app:${BUILD_NUMBER} . } } stage(Test) { steps { sh docker run my-app:${BUILD_NUMBER} npm test } } stage(Push) { steps { sh docker push my-app:${BUILD_NUMBER} } } stage(Deploy) { steps { sh kubectl set image deployment/my-app appmy-app:${BUILD_NUMBER} } } } post { success { echo Deployment successful! } failure { echo Deployment failed! } } }4.2 Kubernetes Jenkins AgentapiVersion: v1 kind: Pod metadata: name: jenkins-agent spec: containers: - name: docker image: docker:latest command: - cat tty: true volumeMounts: - name: docker-sock mountPath: /var/run/docker.sock - name: kubectl image: bitnami/kubectl:latest command: - cat tty: true volumes: - name: docker-sock hostPath: path: /var/run/docker.sock五、Argo CD配置5.1 Argo CD应用配置apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: my-app namespace: argocd spec: project: default source: repoURL: https://github.com/example/gitops-repo targetRevision: HEAD path: apps/my-app destination: server: https://kubernetes.default.svc namespace: default syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespacetrue5.2 Argo CD项目配置apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: name: my-project namespace: argocd spec: description: My project sourceRepos: - https://github.com/example/* destinations: - namespace: default server: https://kubernetes.default.svc clusterResourceWhitelist: - group: * kind: *六、Flux CD配置6.1 Flux CD安装flux bootstrap github \ --ownermy-github-username \ --repositoryfleet-infra \ --branchmain \ --path./clusters/my-cluster \ --personal6.2 Flux CD KustomizationapiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: my-app namespace: flux-system spec: interval: 10m0s path: ./apps/my-app prune: true sourceRef: kind: GitRepository name: flux-system healthChecks: - apiVersion: apps/v1 kind: Deployment name: my-app namespace: default七、代码质量检测7.1 SonarQube集成name: SonarQube Analysis on: push: branches: [ main ] jobs: sonarqube: runs-on: ubuntu-latest steps: - uses: actions/checkoutv3 with: fetch-depth: 0 - name: SonarQube Scan uses: SonarSource/sonarqube-scan-actionmaster env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}7.2 代码覆盖率name: Code Coverage on: push: branches: [ main ] jobs: coverage: runs-on: ubuntu-latest steps: - uses: actions/checkoutv3 - name: Install dependencies run: npm install - name: Run tests with coverage run: npm test -- --coverage - name: Upload coverage to Codecov uses: codecov/codecov-actionv3 with: files: ./coverage/lcov.info八、部署验证8.1 健康检查集成apiVersion: apps/v1 kind: Deployment metadata: name: my-app spec: template: spec: containers: - name: app image: my-app:latest livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: /ready port: 8080 initialDelaySeconds: 5 periodSeconds: 58.2 部署验证脚本#!/bin/bash kubectl rollout status deployment/my-app kubectl get pods -l appmy-app curl -f http://my-app:8080/health || exit 1九、总结CI/CD最佳实践可以实现自动化构建代码提交自动触发构建流程自动化测试集成代码质量和安全检测自动化部署GitOps实现持续交付部署验证自动验证部署结果建议根据团队需求选择合适的CI/CD工具链并结合GitOps实现可追溯、可回滚的部署流程。参考资料GitHub Actions文档GitLab CI文档Argo CD文档Flux CD文档
http://www.zskr.cn/news/1397026.html

相关文章:

  • 【通信】对集成中继+可重构智能表面(RIS)辅助无人机通信系统采用选择合并(SC)技术的性能分析模拟附matlab代码
  • LVGL绘制平滑曲线避坑指南:为什么你的贝塞尔函数有毛刺?
  • pandas实战入门:从数据导入到工程化部署的完整闭环
  • 4 硬件工程师笔面试高频知识考点真题解析——二极管
  • 2026年 荆州学电脑/电脑培训机构TOP榜:零基础实战课程与高薪就业口碑之选 - 品牌企业推荐师(官方)
  • 3种波浪算法深度解析:如何在Gazebo中创建逼真的海洋环境
  • 3大技术突破解密:OpenArm开源机械臂如何重塑协作机器人生态
  • 影刀RPA店群自动化:数据驱动的运营决策系统与实时分析架构实战
  • Claude Code + Deepseek V4 Pro 整合教程:在 VSCode 中高效部署 AI 编程助手!
  • 2026年 电池/电芯/锂电池厂家推荐排行榜:18650/21700无人机电芯,比克/松下/亿纬/LG品牌与电动工具锂电池深度解析 - 品牌企业推荐师(官方)
  • TensorFlow模型迁移到昇腾NPU,到底要改多少代码
  • 草莓成熟度检测数据集VOC+YOLO格式1487张3类别有增强
  • 岩石分类火成岩变质岩沉积岩检测数据集VOC+YOLO格式1223张3类别
  • 2026年 宁波奢侈品回收推荐榜:包包回收/二奢/二手奢侈品诚信与高价变现之选 - 企业推荐官【官方】
  • 2026年 超硬涂层刀具厂家推荐榜:类金刚石/DLC/氮化钛涂层,模具与石墨加工首选品牌深度解析 - 企业推荐官【官方】
  • 终极指南:如何用Textractor轻松提取游戏文本并实时翻译
  • 内容创作团队整合大模型API为不同环节匹配最佳模型的实践
  • 国内主流膜结构停车棚厂家综合能力排行盘点 - 资讯纵览
  • 如何用Nucleus Co-op实现PC游戏分屏:5个步骤轻松开启多人同乐
  • 深度解析:2026做什么副业靠谱?为什么优先选格行随身WiFi? - 格行官方招商总部
  • 如何安全部署离线AI写作工具:3种终极方案详解
  • OkHttp拦截器Hook实战:安卓逆向最稳网络层切入方式
  • 2026年 PP/FRPP管件厂家推荐:PP弯头三通法兰阀门、PP水箱喷淋塔洗涤塔罐实力工厂精选 - 企业推荐官【官方】
  • 终极指南:如何在电脑上免费畅玩任天堂3DS游戏
  • :昇腾NPU算子层性能突围——DeepSeek推理优化实战与ops-transformer深度解析
  • 5分钟搞定AlphaPose:快速上手高精度人体姿态检测系统
  • EnlightenGAN实战教程:如何准备数据集并优化模型性能
  • RT-Thread Studio + CH32V307V-R1实战:如何快速搭建一个带msh命令行的LED控制项目
  • 3个简单设置让你的Mac电池寿命延长2倍:智能充电管理指南
  • 2026年RNA提取品牌:核心指标与主流品牌选择参考 - 资讯纵览