OpenShift 4 - DevSecOps Workshop (10) - 向Stage環境部署應用鏡像

《OpenShift 4.x HOL教程彙總》

說明：本文已經在OpenShift 4.8環境中驗證

本節将應用鏡像部署到“”STAGE區域的項目中。

設定環境變量

$ USER=$(oc whoami)
$ DEV=${USER}-dev
$ CICD=${USER}-cicd
$ STAGE=${USER}-stage

建立“stage-tekton-tasks”任務，将應用鏡像部署到STAGE區域。

$ oc apply -f - << EOF
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: stage-tekton-tasks
  namespace: ${CICD}
spec:
  params:
    - default: tasks
      description: The name of the app
      name: app_name
      type: string
    - description: The name dev project
      name: dev_project
      type: string
    - description: The name stage project
      name: stage_project
      type: string
    - description: The app revision/gitsha to send to Stage
      name: app_revision
      type: string
  steps:
  - name: cleanup-stage-project
    script: >
      #!/bin/sh
 
      set -e -o pipefail
 
      echo "Tagging image stream in \$(params.stage_project)/\$(params.app_name):\$(params.app_revision)"          
 
      oc tag 
      \$(params.dev_project)/\$(params.app_name):\$(params.app_revision)
      \$(params.stage_project)/\$(params.app_name):\$(params.app_revision)          
 
      if oc get dc/\$(params.app_name) -n \$(params.stage_project); then
 
        echo "Tasks dc exists, cleaning up resources " 
         
        oc delete -n \$(params.stage_project) dc/\$(params.app_name) svc/\$(params.app_name) route/\$(params.app_name) || echo "Some resources didn't clean up as expected"; 
 
      fi
 
    image: 'quay.io/openshift/origin-cli:latest'
 
  - name: deploy-new-version-to-stage
    script: >
      #!/bin/sh
 
      set -e -o pipefail
 
      echo "Deploying new version into \$(params.stage_project)  project "  
 
      oc new-app --image-stream=\$(params.app_name):\$(params.app_revision) -n \$(params.stage_project) 
      --as-deployment-config=true -o yaml | oc apply -n \$(params.stage_project)  -f -   
 
      if ! oc get route/\$(params.app_name) -n \$(params.stage_project) ; then
         
        echo "Route not found, creating a new one" 
 
        oc expose svc \$(params.app_name) -n \$(params.stage_project); 
 
      fi  
 
    image: 'quay.io/openshift/origin-cli:latest'
EOF

（可選）在測試運作“stage-tekton-tasks”任務前可先手動删除STAGE區域的資源。

$ oc delete deploymentconfig tekton-tasks -n ${STAGE}
$ oc delete route tekton-tasks -n ${STAGE}

測試運作“stage-tekton-tasks”任務，确認可以運作成功。其中的“user1-stage/tekton-tasks:bde3105 set to user1-dev/[email protected]:dfeb236854a1326d2aba2e95e41ad678715531c3060610a35dc59013fd13c947”是指向應用鏡像。注意：參數中“**bde3105 **”為前面獲得的“gitsha”。

$ tkn task start stage-tekton-tasks -n ${CICD} --showlog \
	--param app_name=tekton-tasks \
	--param dev_project=${DEV} \
	--param stage_project=${STAGE} \
	--param app_revision=bde3105 
。。。
[cleanup-stage-project] Tagging image stream in  user1-stage/tekton-tasks:bde3105
[cleanup-stage-project] Tag user1-stage/tekton-tasks:bde3105 set to user1-dev/[email protected]:dfeb236854a1326d2aba2e95e41ad678715531c3060610a35dc59013fd13c947.
[cleanup-stage-project] Error from server (NotFound): deploymentconfigs.apps.openshift.io "tekton-tasks" not found
 
[deploy-new-version-to-stage] Deploying new version into user1-stage  project
[deploy-new-version-to-stage] deploymentconfig.apps.openshift.io/tekton-tasks created
[deploy-new-version-to-stage] service/tekton-tasks created
[deploy-new-version-to-stage] Error from server (NotFound): routes.route.openshift.io "tekton-tasks" not found
[deploy-new-version-to-stage] Route not found, creating a new one
[deploy-new-version-to-stage] route.route.openshift.io/tekton-tasks exposed

确認已經在“STAGE”項目中生成新的DeploymentConfig和Route等對象。

$ oc get all -n $STAGE
NAME                        READY   STATUS      RESTARTS   AGE
pod/tekton-tasks-1-deploy   0/1     Completed   0          2m38s
pod/tekton-tasks-1-mfrkb    1/1     Running     0          2m35s
 
NAME                                   DESIRED   CURRENT   READY   AGE
replicationcontroller/tekton-tasks-1   1         1         1       2m38s
 
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
service/tekton-tasks   ClusterIP   172.30.164.21   <none>        8080/TCP,8443/TCP,8778/TCP   2m39s
 
NAME                                              REVISION   DESIRED   CURRENT   TRIGGERED BY
deploymentconfig.apps.openshift.io/tekton-tasks   1          1         1         config,image(tekton-tasks:bde3105)
 
NAME                                          IMAGE REPOSITORY                                                                                                TAGS      UPDATED
imagestream.image.openshift.io/tekton-tasks   default-route-openshift-image-registry.apps.cluster-84b8.84b8.sandbox996.opentlc.com/user1-stage/tekton-tasks   bde3105   2 minutes ago
 
NAME                                    HOST/PORT                                                                PATH   SERVICES       PORT       TERMINATION   WILDCARD
route.route.openshift.io/tekton-tasks   tekton-tasks-user1-stage.apps.cluster-84b8.84b8.sandbox996.opentlc.com          tekton-tasks   8080-tcp                 None

執行以下指令建立“tasks-stage-pipeline”管道，在其中調用了“stage-tekton-tasks”任務。

$ oc apply -f - << EOF
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
  name: tasks-stage-pipeline
  namespace: ${CICD}
spec:
  params:
    - description: App version to deploy
      name: app_version
      type: string
  tasks:
    - name: deploy-app-to-stage
      taskRef:
        kind: Task
        name: stage-tekton-tasks
      params:
        - name: app_name
          value: tekton-tasks
        - name: dev_project
          value: ${DEV}
        - name: stage_project
          value: ${STAGE}
        - name: app_revision
          value: \$(params.app_version)
EOF

或者參照下圖在OpenShift控制台中建立名為“tasks-stage-pipeline”的管道，然後在“管道建構器”中建立名為“deploy-app-tasks”的任務，并配置相關參數。

OpenShift 4 - DevSecOps Workshop (10) - 向Stage環境部署應用鏡像

7. 如果需要可以開通從STAGE區域通路CICD區域的通路權限。

執行以下指令運作“tasks-stage-pipeline”管道。

$ tkn pipeline start tasks-stage-pipeline -n ${CICD} --showlog --param app_version=bde3105
PipelineRun started: tasks-stage-pipeline-run-x2qwp
Waiting for logs to be available...
[deploy-app-to-stage : cleanup-stage-project] Tagging image stream in  user1-stage/tekton-tasks:bde3105
[deploy-app-to-stage : cleanup-stage-project] Tag user1-stage/tekton-tasks:bde3105 set to user1-dev/[email protected]:8735953414726498440f475a1b31dc493fd7a5ba9290398a5d0fc099ac6923d5.
[deploy-app-to-stage : cleanup-stage-project] Error from server (NotFound): deploymentconfigs.apps.openshift.io "tekton-tasks" not found
 
[deploy-app-to-stage : deploy-new-version-to-stage] Deploying new version into user1-stage  project
[deploy-app-to-stage : deploy-new-version-to-stage] deploymentconfig.apps.openshift.io/tekton-tasks created
[deploy-app-to-stage : deploy-new-version-to-stage] service/tekton-tasks configured
[deploy-app-to-stage : deploy-new-version-to-stage] NAME           HOST/PORT                                                                 PATH   SERVICES       PORT       TERMINATION   WILDCARD
[deploy-app-to-stage : deploy-new-version-to-stage] tekton-tasks   tekton-tasks-user1-stage.apps.cluster-39c8.39c8.sandbox139.opentlc.com          tekton-tasks   8080-tcp                 None

進入OpenShift控制台的“拓撲”确認在“user1-stage”項目中應用已經部署好，并可通過“路由”位址通路應用。

OpenShift 4 - DevSecOps Workshop (10) - 向Stage環境部署應用鏡像

OpenShift 4 - DevSecOps Workshop (10) - 向Stage環境部署應用鏡像

OpenShift 4 - DevSecOps Workshop (10) - 向Stage環境部署應用鏡像

繼續閱讀

Ansible-實戰指南-LNMP環境部署主機規劃系統架構實戰項目GitHub位址項目任務分解項目編寫與後續驗證步驟

DevOps之持續內建SonarQube代碼品質掃描一、SonarQube介紹二、代碼品質三、SonarQube部署

gateone安裝(web版本ssh)

Docker：可視化管理工具Portainer與分析建立管理者賬号錯誤的原因

評估DevOps産品方案的方法論

你不知道的雲計算

Jenkins系列：5、wsl下的Jenkins編譯Windows下的Qt程式并自動打包成exe

【DEVOPS】SVN Server遷移 - 從VisualSvnServer到iF.SVNAdmin

flow.ci - 簡單強大的開源 CI/CD 工具，Jenkins 之外的另一種選擇！flow.ci - 開源 CI/CD 工具

美團彈性伸縮系統的技術演進與落地實踐

雲原生技術系列：業務引領的DevOps持續傳遞體系

EASYOPS系列｜謹慎！勿讓持續傳遞變成bug自動化釋出

docker插件之docker-plugin實作slave的動态擴容與縮容

全球案例 | 一家财富500強公司利用 Jira 和 Jira Align 将萬人級團隊的生産力提高了 30%

puppet基礎學習(二)puppet基礎學習(二)

最小化DevOps自動化流程(Golang)