使用GitHub/Jenkins/Kubernetes实现CI/CD管道的最佳实践 [英] Best practices when implementing CI/CD pipeline using GitHub/Jenkins/Kubernetes
问题描述
该问题与更多建议相关,因此我希望不要提出任何疑问.只是真的需要帮助:(
This question is more advice related so I hope its not flagged for anything. Just really need help :(
尝试使用GitHub/Jenkins/Kubernetes实施CI/CD.
Trying to implement CI/CD using GitHub/Jenkins/Kubernetes.
总的来说,这应该发生:
On a highlevel this is what should happen:
- 基于Jenkins
- 推送到容器注册表
- 在Kubernetes开发集群上部署构建的映像
- 在开发集群上完成测试后,将其部署在客户端上 测试集群,最后是生产集群
- Build on Jenkins
- Push to container registry
- Deploy built image on Kubernetes development cluster
- Once testing finished on Development cluster, deploy it on a client testing cluster and finally production cluster
到目前为止,这就是我在Jenkins上创建的作业,该作业将使用Github钩子触发. 这项工作负责以下事情:
So far this is what I have created a job on Jenkins which will be triggered using a Github hook. This job is responsible for the following things:
- 从GitHub结帐
- 运行单元测试/调用REST API并发送单元测试结果
- 使用Maven构建工件/调用REST API并告知是否构建 成功或失败
- 构建docker映像
- 将docker镜像推送到容器注册表(docker镜像将具有 与BUILD_NUMBER环境变量匹配的版本增加
- Checkout from GitHub
- Run unit tests / call REST API and send unit test results
- Build artifacts using maven / call REST API and inform if build success or fail
- Build docker image
- Push docker image to container registry (docker image will have incremented versions which match with the BUILD_NUMBER environment variable)
上述任务或多或少已经完成,我不需要太多帮助(除非有人认为上述步骤不是最佳实践)
The above stated tasks are more or less completed and I dont need much assitance with it (unless anyone thinks the aforementioned steps are not best practice)
在部署到Kubernetes集群的部分上,我确实需要帮助.
I do need help with the part where I deploy to the Kubernetes cluster.
对于本地测试,我已经使用Vagrant框设置了本地群集,并且可以正常工作.为了在开发集群上部署构建的映像,我正在考虑这样做: 将Jenkins构建服务器指向Kubernetes开发集群 使用deployment.yml和service.yml进行部署(在我的仓库中可用) 这部分需要我的帮助...
For local testing, I have set up a local cluster using Vagrant boxes and it works. In order to deploy the built image on the development cluster, I am thinking about doing it like this: Point Jenkins build server to Kubernetes development cluster Deploy using deployment.yml and service.yml (available in my repo) This part I need help with...
这是错误的做法吗?有没有更好/更容易的方法?
Is this wrong practice? Is there a better/easier way to do it?
还有一种在集群之间迁移的方法吗?例如:开发集群到客户端测试集群,客户端测试集群到生产集群等
Also is there a way to migrate between clusters? Ex: Development cluster to client testing cluster and client testing cluster to production cluster etc
在Internet上搜索时,Helm这个名字出现了很多,但是我不确定它是否适用于我的用例.我会对其进行测试,然后看到,但是我对时间的需求有点紧张,这就是为什么我不能
When searching on the internet, the name Helm comes up a lot but I am not sure if it will be applicable to my use case. I would test it and see but I am a bit hard pressed for time which is why I cant
非常感谢大家提供的帮助.
Would appreciate any help y'all could provide.
非常感谢
推荐答案
有很多方法可以做到这一点.刚开始时,立即将Helm拿出来.
There are countless ways of doing this. Take Helm out for now as you are just starting.
如果您已经在使用Github和docker,那么我建议您将代码/更改/配置/Dockerfile推送到Github,这将自动触发Dockerhub上的docker构建(如果您不想的话,可能是jenkins)使用dockerhub进行构建),它可以是一个多阶段的docker构建,您可以在其中构建代码,运行测试,丢弃dev environmenet,最终生成生产docker映像,一旦生成映像,它将触发一个Web钩子到您的kubernetes部署作业/清单将部署到测试evironmenet上,然后是手动triiger部署到生产中.
If you are already using Github and docker , then I would just recommend you to push your code/changes/config/Dockerfile to Github that will auto trigger a docker build on Dockerhub ( maybe jenkins in ur case if u dont want to use dockerhub for builds ) , it can be a multi-stage docker build where you can build code , run tests , throw away dev environmenet , and finally produce a producion docker image , once the image is produced , it will triger a web hook to your kubernetes deployment job/manifests to deploy on to test evironmenet , followed by manual triiger to deploy to production.
可以基于Github/Git中提交的SHA标记docker映像,以便您可以基于提交进行部署和回滚.
The docker images can be tagged based on SHA of the commits in Github/Git so that you can deploy and rollback based on commits.
参考: https://cloud.google.com /kubernetes-engine/docs/tutorials/gitops-cloud-build
这是我的Gtips工作流程的Gitlab实现:
Here is my Gitlab implementation of Gtips workflow:
# Author , IjazAhmad
image: docker:latest
stages:
- build
- test
- deploy
services:
- docker:dind
variables:
CI_REGISTRY: dockerhub.example.com
CI_REGISTRY_IMAGE: $CI_REGISTRY/$CI_PROJECT_PATH
DOCKER_DRIVER: overlay2
before_script:
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
docker-build:
stage: build
script:
- docker pull $CI_REGISTRY_IMAGE:latest || true
- docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA --tag $CI_REGISTRY_IMAGE:latest .
docker-push:
stage: build
script:
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
- docker push $CI_REGISTRY_IMAGE:latest
unit-tests:
stage: test
script:
- echo "running unit testson the image"
- echo "running security testing on the image"
- echo "pushing the results to build/test pipeline dashboard"
sast:
stage: test
script:
- echo "running security testing on the image"
- echo "pushing the results to build/test pipeline dashboard"
dast:
stage: test
script:
- echo "running security testing on the image"
- echo "pushing the results to build/test pipeline dashboard"
testing:
stage: deploy
script:
- sed -i "s|CI_IMAGE|$CI_REGISTRY_IMAGE|g" k8s-configs/deployment.yaml
- sed -i "s|TAG|$CI_COMMIT_SHA|g" k8s-configs/deployment.yaml
- kubectl apply --namespace webproduction-test -f k8s-configs/
environment:
name: testing
url: https://testing.example.com
only:
- branches
staging:
stage: deploy
script:
- sed -i "s|CI_IMAGE|$CI_REGISTRY_IMAGE|g" k8s-configs/deployment.yaml
- sed -i "s|TAG|$CI_COMMIT_SHA|g" k8s-configs/deployment.yaml
- kubectl apply --namespace webproduction-stage -f k8s-configs/
environment:
name: staging
url: https://staging.example.com
only:
- master
production:
stage: deploy
script:
- sed -i "s|CI_IMAGE|$CI_REGISTRY_IMAGE|g" k8s-configs/deployment.yaml
- sed -i "s|TAG|$CI_COMMIT_SHA|g" k8s-configs/deployment.yaml
- kubectl apply --namespace webproduction-prod -f k8s-configs/
environment:
name: production
url: https://production.example.com
when: manual
only:
- master
链接:
詹金斯:使用GitHub Push Notifications启动CI构建
这篇关于使用GitHub/Jenkins/Kubernetes实现CI/CD管道的最佳实践的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
