DevOps流水线详解
本文将深入介绍DevOps流水线的构建和最佳实践,帮助你实现自动化部署。
Jenkins流水线
- Jenkinsfile配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
pipeline {
agent any
environment {
DOCKER_REGISTRY = 'registry.example.com'
IMAGE_NAME = 'my-app'
IMAGE_TAG = 'latest'
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Build') {
steps {
sh 'mvn clean package'
}
}
stage('Test') {
steps {
sh 'mvn test'
}
post {
always {
junit '**/target/surefire-reports/*.xml'
}
}
}
stage('Docker Build') {
steps {
script {
docker.build("${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG}")
}
}
}
stage('Deploy') {
steps {
sh """
kubectl apply -f k8s/deployment.yaml
kubectl rollout status deployment/${IMAGE_NAME}
"""
}
}
}
post {
success {
slackSend channel: '#devops',
color: 'good',
message: "Pipeline succeeded: ${env.JOB_NAME} ${env.BUILD_NUMBER}"
}
failure {
slackSend channel: '#devops',
color: 'danger',
message: "Pipeline failed: ${env.JOB_NAME} ${env.BUILD_NUMBER}"
}
}
}
|
- 多分支流水线
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
pipeline {
agent any
stages {
stage('Determine Environment') {
steps {
script {
switch(env.BRANCH_NAME) {
case 'master':
env.DEPLOY_ENV = 'production'
break
case 'develop':
env.DEPLOY_ENV = 'staging'
break
default:
env.DEPLOY_ENV = 'development'
break
}
}
}
}
stage('Deploy to Environment') {
steps {
script {
def deployScript = "deploy-${env.DEPLOY_ENV}.sh"
sh "chmod +x ${deployScript}"
sh "./${deployScript}"
}
}
}
}
}
|
GitLab CI/CD
- GitLab CI配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
# .gitlab-ci.yml
image: docker:latest
services:
- docker:dind
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
stages:
- build
- test
- deploy
build:
stage: build
script:
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
test:
stage: test
image: node:14
script:
- npm install
- npm test
artifacts:
reports:
junit: junit.xml
deploy:
stage: deploy
script:
- kubectl config use-context $KUBE_CONTEXT
- envsubst < k8s/deployment.yaml | kubectl apply -f -
only:
- master
|
- 环境部署
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
.deploy_template: &deploy_definition
script:
- echo "Deploying to $CI_ENVIRONMENT_NAME"
- kubectl config use-context $KUBE_CONTEXT
- helm upgrade --install $CI_PROJECT_NAME ./helm
--namespace $CI_ENVIRONMENT_NAME
--set image.tag=$CI_COMMIT_SHA
--set environment=$CI_ENVIRONMENT_NAME
deploy_staging:
<<: *deploy_definition
environment:
name: staging
only:
- develop
deploy_production:
<<: *deploy_definition
environment:
name: production
when: manual
only:
- master
|
自动化测试
- 单元测试集成
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
test:unit:
stage: test
image: node:14
script:
- npm install
- npm run test:unit
coverage: '/Statements\s*:\s*([^%]+)/'
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: coverage/cobertura-coverage.xml
test:integration:
stage: test
services:
- postgres:latest
variables:
POSTGRES_DB: test_db
POSTGRES_USER: test_user
POSTGRES_PASSWORD: test_pass
script:
- npm install
- npm run test:integration
|
- 性能测试
1
2
3
4
5
6
7
8
9
10
|
performance:
stage: test
image: artillery:latest
script:
- artillery run performance-test.yml
artifacts:
reports:
performance: performance.json
only:
- master
|
监控与告警
- Prometheus配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: 'jenkins'
static_configs:
- targets: ['jenkins:8080']
- job_name: 'kubernetes'
kubernetes_sd_configs:
- role: node
relabel_configs:
- source_labels: [__meta_kubernetes_node_name]
target_label: node
|
- Grafana仪表板
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
{
"dashboard": {
"id": null,
"title": "CI/CD Pipeline Metrics",
"panels": [
{
"title": "Build Duration",
"type": "graph",
"datasource": "Prometheus",
"targets": [
{
"expr": "jenkins_job_duration_seconds{job=\"my-pipeline\"}",
"legendFormat": "{{stage}}"
}
]
}
]
}
}
|
安全扫描
- 代码扫描
1
2
3
4
5
6
7
8
|
security_scan:
stage: test
image: owasp/zap2docker-stable
script:
- zap-baseline.py -t https://staging.example.com -r report.html
artifacts:
paths:
- report.html
|
- 容器扫描
1
2
3
4
5
6
7
|
container_scan:
stage: test
image: aquasec/trivy
script:
- trivy image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
only:
- master
|
最佳实践
-
流水线设计
- 保持简单明了
- 实现并行执行
- 合理使用缓存
- 设置超时限制
-
运维建议
- 实现回滚机制
- 监控关键指标
- 自动化文档
- 定期安全审计
掌握这些DevOps流水线技巧,将帮助你构建高效、可靠的自动化部署流程。