首页 > 资源 > 文章详情
玩转 Google Cloud Deploy(一):实现持续交付服务
Cloud Deploy 是一项 Google Cloud 托管的持续交付服务,可按照定义的升级顺序自动将应用程序交付到一系列目标环境(如 Cloud Run,GKE 等)。 当您想要部署更新的应用程序时,您可以创建一个版本,其生命周期由交付管道管理。
下面我们来向您展示如何设置和使用 Cloud Deploy 服务。您将使用 test > staging > production 交付管道将应用程序部署到 Google Kubernetes Engine 集群。
设置你的 GCP 项目
gcloud config set project <PROJECT_ID> |
克隆教程 Git Repo
git clone https://github.com/GoogleCloudPlatform/cloud-deploy-tutorials cd cloud-deploy-tutorials/tutorials/e2e-gke |
部署 GKE 集群
你将会在项目下部署3个GKE的集群
test
staging
prod
执行 setup.sh 来创建相关GCP资源
./setup.sh |
这个脚本会帮您
启动所需的 APIs
创建一个 Artifact Registry 容器镜像仓库
创建所需的 service accounts
创建 GKE 集群和相关资源
执行以下命令
gcloud container clusters list |
你将会看到类似的输出
NAME: prod LOCATION: us-central1 MASTER_VERSION: 1.20.11-gke.1300 MASTER_IP: 34.134.12.248 MACHINE_TYPE: n1-standard-2 NODE_VERSION: 1.20.11-gke.1300 NUM_NODES: 3 STATUS: RUNNING
NAME: staging LOCATION: us-central1 MASTER_VERSION: 1.20.11-gke.1300 MASTER_IP: 35.193.89.33 MACHINE_TYPE: n1-standard-2 NODE_VERSION: 1.20.11-gke.1300 NUM_NODES: 3 STATUS: RUNNING
NAME: test LOCATION: us-central1 MASTER_VERSION: 1.20.11-gke.1300 MASTER_IP: 104.197.215.105 MACHINE_TYPE: n1-standard-2 NODE_VERSION: 1.20.11-gke.1300 NUM_NODES: 3 STATUS: RUNNING |
使用 Skaffold 构建应用
这是一个很简单的 web 应用,提供了 HTTP 响应和添加了一些日志。执行下面的命令来进行构建并推送到 Artifact Registry Repo
cd web && skaffold build \\ --interactive=false \\ --default-repo $(gcloud config \\ get-value \\ compute/region)-docker.pkg.dev//web-app \\ --file-output artifacts.json \\ && cd .. |
检查容器镜像
gcloud artifacts docker images \\ list $(gcloud config get-value \\ compute/region)-docker.pkg.dev/$(gcloud \\ config get-value \\ project)/web-app \\ --include-tags --format yaml |
你也可以在 Artifact Registry repository 中查看
接下来,我们来使用 Cloud Deploy 创建交付管道并部署到 GKE 集群中去。
创建交付管道 (delivery pipeline)
gcloud deploy apply \\ --file=clouddeploy-config/delivery-pipeline.yaml |
检查是否创建成功
gcloud deploy delivery-pipelines \\ describe web-app |
创建 staging 和 prod 部署环境 (target)
gcloud deploy apply --file \\ clouddeploy-config/target-staging.yaml gcloud deploy apply --file \\ clouddeploy-config/target-prod.yaml |
查看交付管道
创建一个 release
Cloud Deploy release 是与特定交付管道关联的一个或多个容器映像的特定 release。创建 release 后,可以通过多个 target(升级序列)对其进行升级。此外,创建 release 会使用 skaffold 根据不同部署环境渲染您的应用程序,并将输出保存为在该 release 期间使用的时间点参考。
gcloud deploy releases create \\ web-app-001 \\ --delivery-pipeline web-app \\ --build-artifacts \\ web/artifacts.json --source web/ |
我们把第一个 release 命名为 web-app-001。
--build-artifacts 参数指向了之前我们用 skaffold 生成的 artifacts.json 文件。
--source 参数指向了应用程序的源码文件夹,且放置了 skaffold.yaml 文件。
检查 release 是否完成创建
gcloud deploy releases list \\ --delivery-pipeline web-app \\ --format \\ "yaml(targetRenders, targetArtifacts)" |
看见输出 renderingState: SUCCEEDED,说明创建成功了。
--- targetArtifacts: prod: artifactUri: gs://us-central1.deploy-artifacts.<PROJECT-ID>.appspot.com/web-app-001-16fa966910de4bf2a2201a707f26f996/prod manifestPath: manifest.yaml skaffoldConfigPath: skaffold.yaml staging: artifactUri: gs://us-central1.deploy-artifacts.<PROJECT-ID>.appspot.com/web-app-001-16fa966910de4bf2a2201a707f26f996/staging manifestPath: manifest.yaml skaffoldConfigPath: skaffold.yaml test: artifactUri: gs://us-central1.deploy-artifacts.<PROJECT-ID>.appspot.com/web-app-001-16fa966910de4bf2a2201a707f26f996/test manifestPath: manifest.yaml skaffoldConfigPath: skaffold.yaml targetRenders: prod: renderingBuild: projects/411602021768/locations/us-central1/builds/4d89f560-a644-4a94-b244-3feddb5c559d renderingState: SUCCEEDED staging: renderingBuild: projects/411602021768/locations/us-central1/builds/aecbf390-0eec-4661-a1aa-995f59f7f94e renderingState: SUCCEEDED test: renderingBuild: projects/411602021768/locations/us-central1/builds/7eaee9bf-0e27-4f54-bac8-4a2fe2ffecd7 renderingState: SUCCEEDED |
发布应用程序
创建 release 后,您可以发布您的应用程序。在上一步中创建 release 时,它会自动将您的应用程序推出到初始target。要确认您的 test target 已部署应用程序,请运行以下命令:
gcloud deploy rollouts list \\ --delivery-pipeline web-app \\ --release web-app-001 |
你可以看见创建成功的状态:state: SUCCEEDED
--- approvalState: DOES_NOT_NEED_APPROVAL createTime: '2022-10-04T08:57:57.762022Z' deployEndTime: '2022-10-04T08:58:40.855749Z' deployStartTime: '2022-10-04T08:58:21.785360236Z' deployingBuild: projects/411602021768/locations/us-central1/builds/42639d4e-e19d-4524-8e03-7c6732e4dea9 enqueueTime: '2022-10-04T08:58:21.194487Z' etag: 9705e8babfe372df name: projects/<PROJECT-ID>/locations/us-central1/deliveryPipelines/web-app/releases/web-app-001/rollouts/web-app-001-to-test-0001 phases: - deploymentJobs: deployJob: deployJob: {} id: deploy jobRun: projects/411602021768/locations/us-central1/deliveryPipelines/web-app/releases/web-app-001/rollouts/web-app-001-to-test-0001/jobRuns/36365336-7c9a-48a5-8a3a-59309b4bdcd8 state: SUCCEEDED verifyJob: id: verify state: DISABLED verifyJob: {} id: stable state: SUCCEEDED state: SUCCEEDED targetId: test uid: 666f6e059ef047fea022b5c304cad421 |
验证在 GKE 集群 test 中的状态
kubectx test kubectl get pods -n web-app |
输出应该类似如下
NAME READY STATUS RESTARTS AGE leeroy-app-7b8d48f794-svl6g 1/1 Running 0 19s leeroy-web-5498c5b7fd-czvm8 1/1 Running 0 20s |
要将您的应用程序提升到 staging target,请运行以下命令。可选的 --to-target 参数可以指定要提升到的 target。如果不包含此选项,则 release 将提升到交付管道中的下一个 target。
gcloud deploy releases promote \\ --delivery-pipeline web-app \\ --release web-app-001 |
要确认您的应用程序已升级到 staging target,请运行以下命令:
gcloud deploy rollouts describe \\ --delivery-pipeline web-app \\ --release web-app-001 \\ Web-app-001-to-staging-0001 |
将看到如下输出
approvalState: DOES_NOT_NEED_APPROVAL createTime: '2022-10-04T09:36:32.160321776Z' deployEndTime: '2022-10-04T09:36:50.291264Z' deployStartTime: '2022-10-04T09:36:33.202197472Z' deployingBuild: projects/411602021768/locations/us-central1/builds/43292749-8763-4e11-bc19-12e1668eaf99 enqueueTime: '2022-10-04T09:36:32.280841Z' etag: c4ec913a0e006eef name: projects/<PROJECT-ID>/locations/us-central1/deliveryPipelines/web-app/releases/web-app-001/rollouts/web-app-001-to-staging-0001 phases: - deploymentJobs: deployJob: deployJob: {} id: deploy jobRun: projects/411602021768/locations/us-central1/deliveryPipelines/web-app/releases/web-app-001/rollouts/web-app-001-to-staging-0001/jobRuns/3e8a431d-0548-4bae-b62d-1c0644bba0a6 state: SUCCEEDED verifyJob: id: verify state: DISABLED verifyJob: {} id: stable state: SUCCEEDED state: SUCCEEDED targetId: staging uid: 95b349c332194f9885c53780f0c26064 |
验证 GKE 集群 staging 的部署状态
kubectx staging kubectl get pods -n web-app |
输出应该类似如下
NAME READY STATUS RESTARTS AGE leeroy-app-7b8d48f794-svl6g 1/1 Running 0 19s leeroy-web-5498c5b7fd-czvm8 1/1 Running 0 |
批准发布
任何 target 都可以设置需要获得批准才能进行发布升级。这样做的目的是为了防止生产和敏感 target 在经过全面审查和测试之前意外地发布某个版本。
需要批准才能晋升到 target
当您创建生产环境时,配置已就位,需要对此目标的批准。要验证这一点,请运行此命令并查找 requireApproval 参数。
gcloud deploy targets describe \\ prod --delivery-pipeline web-app
Target: createTime: '2022-10-04T08:56:34.251746058Z' description: prod cluster etag: 4660b14f44aff8cd executionConfigs: - artifactStorage: gs://us-central1.deploy-artifacts.<PROJECT-ID>.appspot.com defaultPool: artifactStorage: gs://us-central1.deploy-artifacts.<PROJECT-ID>.appspot.com serviceAccount: 411602021768-compute@developer.gserviceaccount.com executionTimeout: 3600s serviceAccount: 411602021768-compute@developer.gserviceaccount.com usages: - RENDER - DEPLOY - VERIFY gke: cluster: projects/<PROJECT-ID>/locations/us-central1/clusters/prod name: projects/<PROJECT-ID>/locations/us-central1/targets/prod requireApproval: true uid: cc233670ee1f49bd885eaad0b3e20689 updateTime: '2022-10-04T08:56:34.567459132Z' |
当你尝试把 staging 推到 prod 时
gcloud deploy releases promote \\ --delivery-pipeline web-app \\ --release web-app-001 |
输出中 approvalState 为 NEEDS_APPROVAL 且这个发布的状态为 PENDING_APPROVAL
approvalState: NEEDS_APPROVAL createTime: '2022-10-04T09:42:06.497470606Z' etag: 6c68c09f58e7b2c2 name: projects/<PROJECT-ID>/locations/us-central1/deliveryPipelines/web-app/releases/web-app-001/rollouts/web-app-001-to-prod-0001 phases: - deploymentJobs: deployJob: deployJob: {} id: deploy state: PENDING verifyJob: id: verify state: DISABLED verifyJob: {} id: stable state: PENDING state: PENDING_APPROVAL targetId: prod uid: 804010ae3e914180bd9fa3f3c9346e4b |
创建审批人
Cloud Deploy 旨在与 IT 组织内的多个角色集成。对于批准生产变更的产品所有者或团队负责人,有一个特殊的 IAM 角色可以绑定到用户和服务帐户,使他们能够批准管道升级。
创建服务账号
gcloud iam service-accounts create \\ pipeline-approver \\ --display-name \\ 'Web-App Pipeline Approver' |
添加审批权限
给这个服务账号绑定 clouddeploy.approver 角色
gcloud projects \\ add-iam-policy-binding \\ --member=serviceAccount:pipeline-approver@.iam.gserviceaccount.com\\ --role=roles/clouddeploy.approver |
部署到 Prod
审批到 Prod 的发布
gcloud deploy rollouts approve \\ web-app-001-to-prod-0001 \\ --delivery-pipeline web-app \\ --release web-app-001 |
检查发布状态
gcloud deploy rollouts describe \\ --delivery-pipeline web-app \\ --release web-app-001 \\ web-app-001-to-prod-0001 |
输出应类似于
approvalState: APPROVED approveTime: '2022-10-04T09:43:44.343328Z' createTime: '2022-10-04T09:42:06.497470606Z' deployEndTime: '2022-10-04T09:44:03.075430Z' deployStartTime: '2022-10-04T09:43:44.994038818Z' deployingBuild: projects/411602021768/locations/us-central1/builds/5df9be29-c42f-46bd-b572-00c2649ac88b enqueueTime: '2022-10-04T09:43:44.343328Z' etag: b5485065aa1a79e name: projects/<PROJECT-ID>/locations/us-central1/deliveryPipelines/web-app/releases/web-app-001/rollouts/web-app-001-to-prod-0001 phases: - deploymentJobs: deployJob: deployJob: {} id: deploy jobRun: projects/411602021768/locations/us-central1/deliveryPipelines/web-app/releases/web-app-001/rollouts/web-app-001-to-prod-0001/jobRuns/56dcd84c-925d-4a1f-a7c7-1776dc3c4f01 state: SUCCEEDED verifyJob: id: verify state: DISABLED verifyJob: {} id: stable state: SUCCEEDED state: SUCCEEDED targetId: prod uid: 804010ae3e914180bd9fa3f3c9346e4b |
检查 GKE 集群的部署状态
kubectx prod kubectl get pod -n web-app |
文章信息
相关推荐
