我有一个 deployment.yaml,其中包含 3 个容器 + LB 服务 和 cloudbuild.yaml 的部署包含每次对 Bitbucket git repo 上的某个分支进行新提交时构建容器映像的步骤。
一切正常,除了每当有新的映像版本时我的部署没有更新(我在部署中使用 :latest 标签)并且要更改这一点,我知道我的部署映像应该使用除 :latest 之外的独特的东西,例如 git commit SHA。
问题: 我不确定如何在 GCB CI 过程中执行映像声明更新以包含新的提交 SHA。
YAML 的:https://paste.ee/p/CsETr
【问题讨论】:
标签: kubernetes google-cloud-platform google-kubernetes-engine google-container-registry google-container-builder
通过在部署中使用图像标签或 URI 变量找到解决方案,并在构建时用 sed 替换它们。
deplyment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: dev
name: app
labels:
app: app
spec:
replicas: 3
selector:
matchLabels:
app: app
template:
metadata:
labels:
app: app
spec:
initContainers:
- name: init
image: INIT_IMAGE_NAME
imagePullPolicy: Always
command: ['sh', '-c', 'cp -r /app /srv; chown -R 82:82 /srv/app']
volumeMounts:
- name: code
mountPath: /srv
containers:
- name: nginx
image: NGINX_IMAGE_NAME
imagePullPolicy: Always
ports:
- containerPort: 80
volumeMounts:
- name: code
mountPath: /srv
- name: php-socket
mountPath: /var/run
livenessProbe:
httpGet:
path: /health.html
port: 80
httpHeaders:
- name: X-Healthcheck
value: Checked
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 15
readinessProbe:
httpGet:
path: /health.html
port: 80
httpHeaders:
- name: X-Healthcheck
value: Checked
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 15
- name: php
image: PHP_IMAGE_NAME
imagePullPolicy: Always
volumeMounts:
- name: code
mountPath: /srv
- name: php-socket
mountPath: /var/run
livenessProbe:
httpGet:
path: /health.html
port: 80
httpHeaders:
- name: X-Healthcheck
value: Checked
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 15
readinessProbe:
httpGet:
path: /health.html
port: 80
httpHeaders:
- name: X-Healthcheck
value: Checked
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 15
volumes:
- name: code
emptyDir: {}
- name: php-socket
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
namespace: dev
name: app-service
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: app
cloudbuild.yaml
steps:
# Build Images
- id: Building Init Image
name: gcr.io/cloud-builders/docker
args: ['build','-t', 'eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA', '-f', 'init.dockerfile', '.']
- id: Building Nginx Image
name: gcr.io/cloud-builders/docker
args: ['build','-t', 'eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA', '-f', 'nginx.dockerfile', '.']
waitFor: ['-']
- id: Building PHP-FPM Image
name: gcr.io/cloud-builders/docker
args: ['build','-t', 'eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA', '-f', 'php.dockerfile', '.']
waitFor: ['-']
# Push Images
- id: Pushing Init Image
name: gcr.io/cloud-builders/docker
args: ['push','eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA']
- id: Pushing Nginx Image
name: gcr.io/cloud-builders/docker
args: ['push','eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA']
- id: Pushing PHP-FPM Image
name: gcr.io/cloud-builders/docker
args: ['push','eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA']
# Update Image Tags
- id: 'Setting Init Image Tag'
name: ubuntu
args: ['bash','-c','sed -i "s,INIT_IMAGE_NAME,eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA," deployment.yaml']
- id: 'Setting Nginx Image Tag'
name: ubuntu
args: ['bash','-c','sed -i "s,NGINX_IMAGE_NAME,eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA," deployment.yaml']
- id: 'Setting PHP Image Tag'
name: ubuntu
args: ['bash','-c','sed -i "s,PHP_IMAGE_NAME,eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA," deployment.yaml']
# Update Deployment
- id: Updating Deployment
name: gcr.io/cloud-builders/kubectl
args: ['apply','-f','deployment.yaml']
env:
- CLOUDSDK_COMPUTE_ZONE=europe-west2-b
- CLOUDSDK_CONTAINER_CLUSTER=clusterx
# Images
images:
- eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA
- eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA
- eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA
# Tags
tags:
- master
- dev
- init
【讨论】:
我相信 Kubernetes 不会提取它已经拥有的镜像(因为它使用相同的标签 :latest)。
我认为您的系统将受益于使用新标签:
- id: Updating Deployment
name: gcr.io/cloud-builders/kubectl
args: ['set', 'image', 'deployment/app', 'nginx=eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA']
env:
- CLOUDSDK_COMPUTE_ZONE=europe-west1-b
- CLOUDSDK_CONTAINER_CLUSTER=cluster-1
(您还必须为其他容器设置图像。
另一种技术是使用新标签更新您的部署文件,并应用整个文件。
【讨论】: