An Overview of CI/CD Pipelines With Kubernetes
Take a look at CI/CD approaches in a Kubernetes ecosystem, best practices for implementing an efficient CI/CD framework, and popular open-source CI/CD tools. 了解 Kubernetes 生态系统中的 CI/CD 方法、实现高效 CI/CD 框架的最佳实践以及流行的开源 CI/CD 工具。
Automation and cross-functional collaboration are two fundamental features of a DevOps model. 自动化和跨职能协作是 DevOps 模型的两个基本特征。
As one of the core components of a DevOps framework, continuous integration and continuous delivery (CI/CD) pipelines speed up application delivery by automating various stages of the software development lifecycle. 作为 DevOps 框架的核心组件之一,持续集成和持续交付 (CI/CD) 管道通过自动化软件开发生命周期的各个阶段来加快应用程序交付速度。
Although Kubernetes inherently automates the delivery, scaling, and management of applications by deploying and orchestrating them in flexible, portable containers, adopting a CI/CD-based workflow brings a plethora of additional features by offering an iterative cycle of configuration merges and testing. 尽管 Kubernetes 通过在灵活的可移植容器中部署和编排应用程序来固有地自动化应用程序的交付、扩展和管理,但采用基于 CI/CD 的工作流通过提供配置合并和测试的迭代周期带来了大量附加功能。
In this article, we discuss CI/CD approaches in a Kubernetes ecosystem, best practices for implementing an efficient CI/CD framework, and popular open-source CI/CD tools. 在本文中,我们将讨论 Kubernetes 生态系统中的 CI/CD 方法、实现高效 CI/CD 框架的最佳实践以及流行的开源 CI/CD 工具。
CI/CD Pipelines in a Kubernetes Ecosystem
Kubernetes 生态系统中的 CI/CD 管道 Kubernetes provides a combination of deployment objects, rollout strategies, and resource controllers to help automate the build, test, and integration processes of a CI/CD pipeline. Kubernetes 提供部署对象、推出策略和资源控制器的组合,以帮助自动执行 CI/CD 管道的生成、测试和集成过程。 Beyond container-based deployments, Kubernetes powers modern CI/CD pipelines using efficient orchestration algorithms that schedule batch jobs, enable gradual rollouts, and autoscale workloads. 除了基于容器的部署之外,Kubernetes 还使用高效的编排算法为现代 CI/CD 管道提供支持,这些算法可计划批处理作业、实现逐步推出和自动缩放工作负载。
With containerized deployments, DevOps teams can efficiently automate the design, testing, coding, integration, delivery, and deployment of applications for comprehensive automation. 借助容器化部署,DevOps 团队可以高效地自动化应用程序的设计、测试、编码、集成、交付和部署,以实现全面自动化。
image.png
Kubernetes CI/CD Approaches
Kubernetes CI/CD 方法
Kubernetes supports two approaches to implement a CI/CD pipeline that essentially define how configuration changes are implemented in a workflow. These include pull-based pipelines and push-based pipelines. Kubernetes 支持两种实现 CI/CD 管道的方法,这些管道实质上定义了如何在工作流中实现配置更改。其中包括基于拉取的管道和基于推送的管道。
Pull-Based Pipeline 基于拉取的管道
In a pull-based CI/CD pipeline, code and infrastructure changes are applied within the cluster. 在基于请求的 CI/CD 管道中,代码和基础结构更改在群集内应用。
This architecture relies on an agent (often referred to as a controller) within the cluster that scans the cluster state and compares it with a declarative desired state. 此体系结构依赖于群集中的代理(通常称为控制器),该代理扫描群集状态并将其与声明性所需状态进行比较。
In instances where there is a difference between the desired configuration and cluster state, the controller automatically applies changes. 在所需配置与群集状态之间存在差异的情况下,控制器会自动应用更改。
To help further understand how a pull-based CI/CD pipeline can support your cloud-native workloads, let us learn some of its advantages and disadvantages: 为了帮助进一步了解基于拉取的 CI/CD 管道如何支持云原生工作负载,让我们了解它的一些优点和缺点:
PULL-BASED CI/CD PIPELINE 基于拉取的 CI/CD 管道 | |
优势 Advantages | 弊端 Disadvantages |
- It ensures continuous security by removing manual overheads to grant admin access for every cluster change. 它通过消除手动开销来为每个群集更改授予管理员访问权限,从而确保持续的安全性。- It is easier to scale identical deployments since the controller automatically applies changes to the cluster without requiring manual efforts. 扩展相同的部署更容易,因为控制器会自动将更改应用于群集,而无需手动操作。 | - It only works for Kubernetes deployments. 它仅适用于 Kubernetes 部署。- In a multi-cluster framework, each Kubernetes cluster should adopt the pull-based framework 在多集群框架中,每个 Kubernetes 集群都应该采用基于拉取的框架。 |
Push-Based Pipeline 基于推送的管道
This is an agentless pipeline architecture that uses an external system to trigger deployments. 这是一种无代理管道体系结构,它使用外部系统来触发部署。
In a push-based pipeline, configuration changes are committed in a repository, which then updates the environment by adding commits to a pipeline that was already successfully executed. 在基于推送的管道中,配置更改在存储库中提交,然后存储库通过将提交添加到已成功执行的管道来更新环境。
In spite of its quick implementation and popularity, organizations should assess a push-based pipeline's use cases before choosing it for their cloud-native workloads. Listed below are some of its advantages and disadvantages: 尽管其快速实施和受欢迎程度,但组织在为其云原生工作负载选择基于推送的管道之前,应评估其用例。下面列出了它的一些优点和缺点:
PUSH-BASED CI/CD PIPELINE 基于推送的 CI/CD 管道 | |
优势 Advantages | 弊端 Disadvantages |
- It is simpler to implement when compared to a pull-based pipeline. 与基于拉取的管道相比,它更易于实现。- It offers flexibility and can be applied to environments other than Kubernetes. 它提供了灵活性,可以应用于 Kubernetes 以外的环境。- Push pipelines standardize the deployment of workloads for both cloud and traditional environments, making it ideal for hybrid/multi-cluster models. 推送管道可标准化云和传统环境的工作负载部署,使其成为混合/多集群模型的理想选择。 | - It requires external admin access to the CI/CD pipeline. 它需要对 CI/CD 管道的外部管理员访问权限。- It compromises security as the architecture relies on opening of the cluster firewall for external services. 它损害了安全性,因为体系结构依赖于为外部服务打开群集防火墙。 |
Considerations for Kubernetes CI/CD Pipelines
Kubernetes CI/CD 管道的注意事项 Developing and deploying applications on a Kubernetes-based CI/CD pipeline relies on an autonomous framework of various Kubernetes tools, services, and best practices that ensure security, high performance, and agility. 在基于 Kubernetes 的 CI/CD 管道上开发和部署应用程序依赖于各种 Kubernetes 工具、服务和最佳实践的自治框架,以确保安全性、高性能和敏捷性。
Some key considerations for implementing efficient Kubernetes CI/CD pipelines are automated testing, validation, and rollbacks. 实现高效的 Kubernetes CI/CD 管道的一些关键考虑因素是自动化测试、验证和回滚。
Automated Testing 自动化测试
Detecting errors and defects during early stages of a workflow helps enhance application agility. 在工作流的早期阶段检测错误和缺陷有助于提高应用程序的敏捷性。
As a recommended design, the test environment should match the production environment to streamline the build, test, and deploy cycles across different environments. 作为建议的设计,测试环境应与生产环境匹配,以简化跨不同环境的生成、测试和部署周期。
Continuous, automated testing also helps create sustainable application builds that ensure the code is readable, debuggable, and maintainable. 持续的自动化测试还有助于创建可持续的应用程序构建,以确保代码可读、可调试和维护。
Validation 验证
Since a CI/CD pipeline may have multiple builds deployed simultaneously, it is crucial to have an automated validation process to track points of failure in large-scale deployments. 由于 CI/CD 管道可能同时部署多个生成,因此具有自动验证过程来跟踪大规模部署中的故障点至关重要。
With appropriate validation, the pipeline integrates code changes seamlessly, thereby reducing vulnerability detection overhead. 通过适当的验证,管道可以无缝集成代码更改,从而减少漏洞检测开销。
Rollbacks 回滚
Rollbacks ensure code sanity by restoring a previous, stable deployment if there are flaws with a new commit/version. 回滚通过恢复以前的稳定部署来确保代码的健全性,如果新提交/版本存在缺陷。
As one of the most critical considerations of designing a workflow, it is important to adopt a planned roll-back strategy that safeguards the availability of workloads in production. 作为设计工作流的最关键考虑因素之一,采用计划的回滚策略来保护生产中工作负载的可用性非常重要。
Benefits of CI/CD Pipelines in a Kubernetes Ecosystem
CI/CD 管道在 Kubernetes 生态系统中的优势 Advantages of using Kubernetes-based CI/CD pipelines include: 使用基于 Kubernetes 的 CI/CD 管道的优势包括:
- Shorter release cycles – Automated testing and deployment eliminate delays in pushing changes to production. 更短的发布周期 – 自动化测试和部署消除了将更改推送到生产的延迟。Iterative CI/CD validation also avoids code merge collisions, subsequently expediting the frequent patching and updating of workflows in production. 迭代 CI/CD 验证还可以避免代码合并冲突,从而加快生产中工作流的频繁修补和更新。
- Autoscaling – Containerizing applications makes it easy to scale and replicate workloads with changing traffic demands. 自动缩放 – 容器化应用程序可以轻松扩展和复制工作负载,以满足不断变化的流量需求。Kubernetes deployment objects such as ReplicaSet, Deployment, and StatefulSet help automatically spin up replicas of containerized workloads to ensure efficient load balancing and near-zero downtime. Kubernetes 部署对象(如 ReplicaSet、Deployment 和 StatefulSet)有助于自动启动容器化工作负载的副本,以确保高效的负载均衡和接近零的停机时间。
- Node-usage efficiency – With Kubernetes-based workflows, administrators can set optimum resource limits and requests, ensuring efficient utilization of server compute, memory, and storage resources. 节点使用效率 – 借助基于 Kubernetes 的工作流,管理员可以设置最佳资源限制和请求,确保有效利用服务器计算、内存和存储资源。
- Microservices-based deployments – Kubernetes enforces the deployment of applications in portable containers with all necessary libraries and resources. 基于微服务的部署 – Kubernetes 强制在具有所有必要库和资源的可移植容器中部署应用程序。The framework allows developers to leverage microservices for simpler, cloud-native application deployment and management.该框架允许开发人员利用微服务进行更简单的云原生应用程序部署和管理。
Popular Open-Source Kubernetes CI/CD Tools
流行的开源 Kubernetes CI/CD 工具 Open-source CI/CD tools are known to offer flexibility in the deployment, scaling, and management of workloads in Kubernetes CI/CD pipelines. 众所周知,开源 CI/CD 工具在 Kubernetes CI/CD 管道中为工作负载的部署、扩展和管理提供了灵活性。 While organizations often tend to adopt the most popular platforms, it is imperative to analyze business and technical requirements before choosing one. 虽然组织通常倾向于采用最流行的平台,但在选择一个平台之前必须分析业务和技术要求。 Some popular open-source CI/CD tools include Spinnaker, Jenkins X, and Argo CD: 一些流行的开源 CI/CD 工具包括 Spinnaker、Jenkins X 和 Argo CD:
Spinnaker
A multi-cloud CI/CD platform that relies on JSON to implement and configure software delivery pipelines. 依赖 JSON 实现和配置软件交付管道的多云 CI/CD 平台。The platform implements in-built, production-safe deployment strategies to help deliver composite applications to their target environments without having to write any scripts. 该平台实施内置的生产安全部署策略,以帮助将复合应用程序交付到其目标环境,而无需编写任何脚本。
By following an API-based modular architecture, Spinnaker allows DevOps teams to integrate external services seamlessly for enhanced security, visibility, and cost efficiency. 通过遵循基于 API 的模块化架构,Spinnaker 允许 DevOps 团队无缝集成外部服务,以增强安全性、可见性和成本效率。
优势 ADVANTAGES
- Rapid releases and deployments 快速发布和部署
- Integrated deployment strategies 集成部署策略
- Rollbacks can be implemented with a single click 只需单击一下即可实现回滚
- Out-of-the-box support for multi-cloud and hybrid models 对多云和混合模型的开箱即用支持
弊端 DISADVANTAGES
- Adds operational overhead for orchestration of multiple underlying microservices 增加多个底层微服务的编排运营开销
- Allows only immutable deployments 仅允许不可变部署
Jenkins X
Helps accelerate software delivery by creating previews on pull requests while using Git as the single source of truth. 通过使用 Git 作为单一事实来源,通过创建拉取请求的预览来帮助加速软件交付。As the platform provides an official Kubernetes plugin, it is considered one of the most adopted CI/CD tools for Kubernetes workloads. 由于该平台提供了一个官方的 Kubernetes 插件,它被认为是 Kubernetes 工作负载中采用最多的 CI/CD 工具之一。
优势 ADVANTAGES
- Provides automated feedback on pull requests and issues 提供有关拉取请求和问题的自动反馈
- Relies on Git as a single source of truth 依赖 Git 作为单一事实来源
弊端 DISADVANTAGES
- Limited to Kubernetes clusters and works purely on GitHub 仅限于 Kubernetes 集群,纯粹在 GitHub 上工作
- Inefficient UI and dashboard view UI 和仪表板视图效率低下
ArgoCD
A declarative, Kubernetes-centric continuous delivery tool that fetches commits made in a centralized repository and applies them to the production cluster. 一种以 Kubernetes 为中心的声明式持续交付工具,用于获取在集中式存储库中进行的提交并将其应用于生产集群。
The platform relies on an agent that is installed directly within the cluster to implement pull-based GitOps for managing application updates and infrastructure configuration. 该平台依赖于直接安装在群集内的代理来实现基于拉取的 GitOps,以管理应用程序更新和基础结构配置。
优势 ADVANTAGES
- Kubernetes-native deployments Kubernetes-native 部署
- Enforces portability and flexibility 增强便携性和灵活性
- Uses standard, declarative patterns for application delivery 使用标准的声明性模式进行应用程序交付
弊端 DISADVANTAGES
- Being dependent on a pull-based mechanism, it requires a longer implementation cycle 依赖于基于拉动的机制,因此需要更长的实施周期
- Does not offer continuous integration out of the box 不提供开箱即用的持续集成
Best Practices for Implementing CI/CD With Kubernetes
使用 Kubernetes 实现 CI/CD 的最佳实践
Although approaches toward adoption of a DevOps model may differ with varying use cases, let's discuss some commonly recommended practices for implementing efficient Kubernetes CI/CD pipelines. 尽管采用 DevOps 模型的方法可能因不同的用例而异,但让我们讨论一些用于实现高效 Kubernetes CI/CD 管道的常用做法。
Diligently Choosing an Ideal Environment
选择理想环境
Developers should diligently choose the appropriate version of Kubernetes as this further defines the choice of CI/CD tools and methodologies. 开发人员应该努力选择合适的 Kubernetes 版本,因为这进一步定义了 CI/CD 工具和方法的选择。Depending on the complexity of workloads deployed, developers should also be sure to choose the ideal setup between managed, self-hosted, cloud-based, or on-premises since these influence critical aspects of a CI/CD workflow including scaling, security, and cost. 根据部署的工作负载的复杂性,开发人员还应确保在托管、自承载、基于云的或本地之间选择理想的设置,因为这些会影响 CI/CD 工作流的关键方面,包括缩放、安全性和成本。
Secure Secrets 安全机密
Cluster Secrets and configurations are recommended not to be included within container images or Pod definitions. 建议不要将集群密钥和配置包含在容器镜像或 Pod 定义中。 As an alternative, Secrets should be stored in an encrypted vault or defined as Kubernetes Secret objects. 作为替代方案,机密应存储在加密的保管库中或定义为 Kubernetes 机密对象。 Additionally, configuration settings are recommended to be declared in a ConfigMap, which is then mounted to the container. 此外,建议在 ConfigMap 中声明配置设置,然后将其装载到容器中。The approach helps define specific configurations for each environment without exposing data in the container. 该方法有助于为每个环境定义特定配置,而无需公开容器中的数据。
Utilizing GitOps Workflows 利用 GitOps 工作流
GitOps is a modern integration workflow that ensures predictability, visibility, and ease of use. GitOps 是一个现代集成工作流,可确保可预测性、可见性和易用性。 Using a single source of truth simplifies CI/CD-based application delivery and infrastructure control, while streamlining code integration and eliminating redundancy. 使用单一事实来源可简化基于 CI/CD 的应用程序交付和基础架构控制,同时简化代码集成并消除冗余。
Summary 总结
Kubernetes continues to maintain favorable adoption in modern DevOps workflows as it offers seamless scalability and flexibility in modern application delivery. Kubernetes 继续在现代 DevOps 工作流中保持良好的采用,因为它在现代应用程序交付中提供了无缝的可扩展性和灵活性。 When configuring clusters at scale, managing a Kubernetes ecosystem can quickly become challenging. 在大规模配置集群时,管理 Kubernetes 生态系统很快就会变得具有挑战性。Overcoming such complexities often requires a combination of recommended practices, diligently designed architecture, and efficient tools that help achieve agility, scalability, and comprehensive automation. 克服这些复杂性通常需要结合推荐的做法、精心设计的架构和高效的工具,以帮助实现敏捷性、可扩展性和全面的自动化。Although Kubernetes powers CI/CD workflows, open-source platforms are also recommended to reduce testing and deployment overhead toward configuring native pipelines. 尽管 Kubernetes 为 CI/CD 工作流提供支持,但也建议使用开源平台来减少配置本机管道的测试和部署开销。