下载源代码的网站,wordpress支持代码,成都网站建设v芯ee8888e,泊美网站建设总目的DevOps实战#xff1a;用Kubernetes和Argo打造自动化CI/CD流程#xff08;2#xff09;
背景
架构图 正片开始之前#xff0c;请一定先熟悉上面的架构图#xff0c;跟着我的步骤#xff0c;一步一步执行成功#xff0c;相信后续根据自己特定的需求定制CI/CD。
需求
…DevOps实战用Kubernetes和Argo打造自动化CI/CD流程2
背景
架构图 正片开始之前请一定先熟悉上面的架构图跟着我的步骤一步一步执行成功相信后续根据自己特定的需求定制CI/CD。
需求
用户更新代码提交commit 到 master branchDevOps Argo自动进行服务的测试构建更新服务。
正片开始
文件目录
GitHub - jackwillsmith/go-gin
.
|-- Dockerfile
|-- Dockerfile-bk
|-- Makefile
|-- ab_test.md
|-- docker-compose.yaml
|-- go.mod
|-- go.sum
|-- install_argo.sh
|-- main.go # 程序入口
|-- main_test.go # 单元测试文件
|-- manifest
| |-- argo-events-clusterrolebinding.yaml # argo-events sa default
| |-- argo-workflow-clusterrole.yaml # argo clusterrole
| |-- argo-workflow-clusterrolebinding.yaml # argo clusterrolebinding
| |-- github-eventsources.yaml # github eventsource
| |-- github-sensor.yaml # github webhook
| |-- go-gin-deployment-workflow.yaml # go-gin workflow
| |-- mani.yaml # go-gin deployments,service
|-- readme.mdgo-gin manifest都创建在 argo-events namespace下
ArgoCD
1. 登录argocd UI
rootmaster:/home/eilinge/argo-cd# kubectl -n argocd get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
argocd-server NodePort 10.43.238.233 none 80:30878/TCP,443:32063/ TCP 11d # ClusterIP - NodePort# 获取argocd admin 密码
rootmaster:/home/eilinge/argo-cd# kubectl -n argocd get secret argocd-initial-admin-secret --outputjsonpath{.data.password} |base64 -d2. 创建go-gin的deployment,service
创建成功 等待同步。点击进入详情 rootmaster:/home/eilinge# kubectl -n argo-events get all|grep go-gin
pod/go-gin-577b868bd6-79cf7 1/1 Running 0 24hservice/go-gin ClusterIP 10.43.245.228 none 8080/TCP 46hdeployment.apps/go-gin 1/1 1 1 46hreplicaset.apps/go-gin-577b868bd6 1 1 1 24h
Argo Workflow
部署Argo Workflow
DevOps实战用Kubernetes和Argo打造自动化CI/CD流程1-CSDN博客
rootmaster:/home/eilinge/argo-cd# kubectl -n argo get all
NAME READY STATUS RESTARTS AGE
pod/argo-server-67bfcbc559-bxqwd 1/1 Running 3 (2d4h ago) 9d
pod/workflow-controller-b84cc4f5b-fg5ss 1/1 Running 9 (3h43m ago) 30hNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/argo-server NodePort 10.43.242.65 none 2746:30865/TCP 9dNAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/argo-server 1/1 1 1 9d
deployment.apps/workflow-controller 1/1 1 1 9dNAME DESIRED CURRENT READY AGE
replicaset.apps/argo-server-58f9864f85 0 0 0 9d
replicaset.apps/argo-server-67bfcbc559 1 1 1 9d
replicaset.apps/argo-server-b99696f87 0 0 0 9d
replicaset.apps/workflow-controller-b84cc4f5b 1 1 1 9d
登录argo workflow UI 第一次登录时需要进行token认证。 Access Token - Argo Workflows - The workflow engine for Kubernetes
go-gin-workflow.yaml
apiVersion: argoproj.io/v1alpha1
kind: WorkflowTemplate
metadata:name: buildkit
spec:arguments:parameters:- name: repovalue: https://github.com/jackwillsmith/go-gin.git- name: branchvalue: master- name: pathvalue: .- name: imagevalue: eilinge/go-gin:v1.2- name: servernamevalue: go-gin- name: namespacevalue: argo-events- name: portvalue: 8080entrypoint: main# We use a volume claim template so that we can have a shared workspace.volumeClaimTemplates:- metadata:name: workspec:accessModes: [ ReadWriteOnce ]resources:requests:storage: 64Mitemplates:- name: maindag:tasks: # 部署的流程- name: clone # 1. clone 从远程仓库下载到本地template: clonearguments:parameters:- name: repovalue: {{workflow.parameters.repo}}- name: branchvalue: {{workflow.parameters.branch}}- name: gotest # 2. gotest 执行go test,进行单元测试template: gotestarguments:parameters:- name: pathvalue: {{workflow.parameters.path}}depends: clone- name: build # 3. 在pod中构建go build -o 可执行文件template: buildarguments:parameters:- name: pathvalue: {{workflow.parameters.path}}depends: gotest- name: image # 4. 在pod中构建 imagetemplate: imagearguments:parameters:- name: pathvalue: {{workflow.parameters.path}}- name: imagevalue: {{workflow.parameters.image}}depends: build- name: workload # 5. 更新go-gin deployment服务template: go-gin-serverarguments:parameters:- name: servernamevalue: {{workflow.parameters.servername}}- name: namespacevalue: {{workflow.parameters.namespace}}- name: imagevalue: {{workflow.parameters.image}}depends: image- name: cloneinputs:parameters:- name: repo- name: branchcontainer:volumeMounts:- mountPath: /workname: workimage: docker.m.daocloud.io/alpine/git:v2.26.2workingDir: /work # 不同task 之间通过/work 目录进行传递文件# Do a shallow clone, which is the fastest way to clone, by using the# --depth, --branch, and --single-branch optionsargs:- clone- --depth # 根据具体项目进行调整- 1- --branch- {{inputs.parameters.branch}}- --single-branch- {{inputs.parameters.repo}}- .- name: gotestinputs:parameters:- name: pathcontainer:image: golang:1.22.5volumeMounts:- mountPath: /workname: workworkingDir: /work/{{inputs.parameters.path}}env: # golang容器中执行 go test -v ./...# Because this is not a Gomodule, we must turn modules off.- name: GO111MODULEvalue: on- name: CGO_ENABLEDvalue: 0- name: GOPROXYvalue: https://goproxy.cn,directcommand:- goargs:- test- -v- ./...- name: buildinputs:parameters:- name: pathcontainer:image: golang:1.22.5volumeMounts:- mountPath: /workname: workworkingDir: /work/{{inputs.parameters.path}}env: # golang容器中执行 go build -o# Because this is not a Gomodule, we must turn modules off.- name: GO111MODULEvalue: on- name: CGO_ENABLEDvalue: 0- name: GOPROXYvalue: https://goproxy.cn,directcommand:- goargs:- build- -v- -o- /work/out/app # golang main.go可执行文件- name: imageinputs:parameters:- name: path- name: image# Mount the configuration so we can push the image.# This should create the /.docker/config.json file.volumes:- name: buildkitd-sockethostPath:path: /run/buildkit/buildkitd.sock # 需要将k3s节点的builkitd.sock 挂载到容器中type: Socketcontainer:readinessProbe:exec:command: [ sh, -c, buildctl debug workers ]image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/moby/buildkit:latestvolumeMounts:- name: workmountPath: /work- name: buildkitd-socketmountPath: /run/buildkit/buildkitd.sock # 构建image的buildkitd.sockworkingDir: /work/{{inputs.parameters.path}}env:- name: BUILDKITD_FLAGSvalue: --oci-worker-no-process-sandboxcommand:- buildctl-daemonless.sh # 可进入容器查看详情 相当于执行 docker buildargs:- build- --frontend- dockerfile.v0- --local- context.- --local- dockerfile.- --output- typeimage,namedocker.io/{{inputs.parameters.image}},pushfalse- name: go-gin-serverdaemon: trueinputs:parameters:- name: servername- name: namespace- name: imageresource:action: patch # 这里通过patch 修改argocd创建的deployment资源而不是createmanifest: |apiVersion: apps/v1kind: Deploymentmetadata:name: {{inputs.parameters.servername}}namespace: {{inputs.parameters.namespace}}spec:template:metadata:creationTimestamp: {{workflow.creationTimestamp}} # 只修改创建时间即可可以使最新image生效spec:containers:- image: {{inputs.parameters.image}}name: {{inputs.parameters.servername}} # 执行pod中具体container
创建workflow argo-events
部署 github-eventsource
kubectl -n argo-events apply -f github-eventsources.yaml
apiVersion: argoproj.io/v1alpha1
kind: EventSource
metadata:name: github
spec:service: # 创建service :12000ports:- name: exampleport: 12000targetPort: 12000github:example:repositories: # 关联github 仓库- owner: jackwillsmithnames:- go-ginwebhook: # 监听 :12000/push 路由# endpoint to listen to events onendpoint: /push# port to run internal HTTP server onport: 12000# HTTP request method to allow. In this case, only POST requests are acceptedmethod: POSTevents: # 监听 events:push- push# type of the connection between event-source and Github.# You should set it to false to avoid man-in-the-middle and other attacks.insecure: true# Determines if notifications are sent when the webhook is triggeredactive: true# The media type used to serialize the payloadscontentType: jsonrootmaster:/home/eilinge/argo-cd# kubectl -n argo-events get all |grep github-eventsource
pod/github-eventsource-d6zmx-665c64c5c8-59svh 1/1 Running 0 30hservice/github-eventsource-svc NodePort 10.43.229.201 none 12000:31906/TCP 5d1hdeployment.apps/github-eventsource-d6zmx 1/1 1 1 5d1hreplicaset.apps/github-eventsource-d6zmx-665c64c5c8 1 1 1 5d1h
ch创建Sensor
部署github-sensor
kubectl -n argo-events apply -f github-sensor.yaml
apiVersion: argoproj.io/v1alpha1
kind: Sensor
metadata:name: github
spec:template:serviceAccountName: operate-workflow-sadependencies:- name: test-depeventSourceName: githubeventName: examplefilters:data:# Type of Github event that triggered the delivery: [pull, push, issues, label, test,...]# https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads- path: headers.X-Github-Event # 定义监听 webhook event pushtype: stringvalue:- push- path: body.ref # 定义github go-gin master branchtype: stringvalue:- master- refs/heads/mastertriggers:- template:name: github-workflow-triggerargoWorkflow:operation: resubmit # resubmit argo workflowsource:resource:apiVersion: argoproj.io/v1alpha1kind: Workflowmetadata:name: buildkit # workflow name exists in argo workflowretryStrategy:steps: 3
rootmaster:/home/eilinge/argo-cd# kubectl -n argo-events get all |grep github-sensor
pod/github-sensor-jwwvn-654f5d584-p9cvz 1/1 Running 0 25h
deployment.apps/github-sensor-jwwvn 1/1 1 1 28h
replicaset.apps/github-sensor-jwwvn-654f5d584 1 1 1 25h
github go-gin项目创建webhook 由于作者是在自己电脑的虚拟机中部署的k3s节点github无法直接进行访问需要内网穿透才能在公网进行访问。可以通过Frp服务实现。
开发个人Ollama-Chat–9 Frp穿透_ollama api frps-CSDN博客
测试
经常上述的部署流程已经将架构图中所需的资源都创建成功了现在进行测试。 ISSUE
Argo Rollouts 实现蓝绿发布未写明
蓝绿发布属于网关层后续会更新通过专业网关服务Higress进行发布
Argo Workflow资源创建后会有用户权限不足无法操作kubernetes 资源。
解决方法放置在go-gin项目的manifest文件夹下的clusterrole.yaml, clusterrolebinding.ayml
