环境准备
Azure资源
- Azure AKS
- Azure CR
- Azure DevOps
代码准备
.NET Core示例
Dockerfile
#See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
WORKDIR /app
EXPOSE 80
#ENV ConnectionStrings:Default=""
#ENV ConnectionStrings:Log=""
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /src
COPY . .
#RUN dotnet restore
#RUN dotnet build MyProject.API.csproj -c Release -o /app
FROM build AS publish
RUN dotnet publish MyProject.API.csproj -c Release -o /app/publish
COPY MyProject.API.xml /app/publish/MyProject.API.xml
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "MyProject.API.dll"]
deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: awesome-api
spec:
replicas: 1
selector:
matchLabels:
app: awesome-api
template:
metadata:
labels:
app: awesome-api
spec:
nodeSelector:
"kubernetes.io/os": linux
containers:
- name: awesome-api
image: dataplatformacr.azurecr.cn/awesomeapi:latest
env:
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
---
apiVersion: v1
kind: Service
metadata:
name: awesome-api
spec:
ports:
- port: 80
type: LoadBalancer
selector:
app: awesome-api
Java示例
Dockerfile
FROM java:8
EXPOSE 8080
VOLUME /tmp
ADD target/*.jar /app.jar
RUN bash -c 'touch /app.jar'
ENTRYPOINT ["java","-jar","-Xms128m","-Xmx300m","/app.jar","--spring.profiles.active=prod"]
deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: awesomemall-gateway
namespace: awesomemall
labels:
app: awesomemall-gateway
spec:
replicas: 1
selector:
matchLabels:
app: awesomemall-gateway
template:
metadata:
labels:
app: awesomemall-gateway
spec:
containers:
- name: awesomemall-gateway
image: $REGISTRY/$DOCKERHUB_NAMESPACE/$PROJECT_NAME:latest
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 8080
protocol: TCP
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
restartPolicy: Always
---
kind: Service
apiVersion: v1
metadata:
name: awesomemall-gateway
namespace: awesomemall
labels:
app: awesomemall-gateway
spec:
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
selector:
app: awesomemall-gateway
type: NodePort
构建CICD流水线
应用授权
注册Azure AD应用
-
打开Azure portal,导航到Azure AD
-
选择应用注册,点击新注册
-
输入应用名称,点击注册
-
创建客户端密码
分配应用订阅的参与者角色
- 导航到订阅,选择Access control(IAM),点击添加按钮,添加角色分配,将此应用分配为订阅的参与者权限
配置Service Connection
配置gitee的链接服务
- 导航到Project Settings页面,选择Service Connection选项卡,点击New Service Connection按钮,创建连接服务
配置AKS的链接服务
-
点击创建链接服务,选择Azure Resource Manager
-
选择Service principal (manual)
-
选择Azure Cloud China,输入必要信息
-
验证并保存。
创建Pipeline
选择模板
-
导航到Pipeline,点击New Pipeline
-
选择手动编辑器方式创建Pipeline,不使用yaml方式
选择代码仓库
-
如果是Azure代码仓库
-
如果是gitee代码仓库
选择Agent
- 保存默认即可。
构建镜像
- 使用Docker作业来构建一个服务镜像
推送镜像
- 将构建出来的镜像推送到Azure镜像仓库
临时禁用IP地址范围限制
- 临时禁用IP Range限制。
- shell脚本
# Get authorized ip ranges allowed to access API server of AKS cluster
current_authorized_ip=`az aks show -n $(aks.clusterName) -g $(aks.resourceGroupName) --query [apiServerAccessProfile.authorizedIpRanges] -o table|sed -n '3,1p' |sed 's/\s\+/,/g'`
echo ${current_authorized_ip}
# Get self public IP
# self_ip=$(curl ifconfig.co)
# echo "Self public IP address: $self_ip"
# Set current authorized ips as output variable
echo "##vso[task.setvariable variable=authorized_ip;isOutput=true]${current_authorized_ip}"
# Temperarily disable authorized IP ranges
arrIPs=(${current_authorized_ip//,/ })
if [ ${#arrIPs[@]} -gt 0 ];then
echo "Temperarily disable authorized IP ranges..."
az aks update -n $(aks.clusterName) -g $(aks.resourceGroupName) --api-server-authorized-ip-ranges ""
else
echo "Authorized IP is already disabled, skip temperary disable"
fi
部署服务
- 更新部署服务。
- Command Arguments
image deploy $(deploymentName) *=xxxazurecr.cn/$(imageNameWithTag)
启用IP地址范围限制
- 启用IP Range限制。
文章来源:https://www.toymoban.com/news/detail-484016.html
- shell 脚本
original_authorized_ip=$(aks.authorized_ip)
echo Original Authorized IP ranges: ${original_authorized_ip}
# Recover authorized IP ranges if need
arrIPs=(${original_authorized_ip//,/ })
if [ ${#arrIPs[@]} -gt 0 ];then
echo "Recover authorized IP ranges to original configuration ..."
az aks update -n $(aks.clusterName) -g $(aks.resourceGroupName) --api-server-authorized-ip-ranges ${original_authorized_ip}
else
echo "Authorized IP ranges is disabled orginally, skip recover step"
fi
设置CD
- 设置自动触发
文章来源地址https://www.toymoban.com/news/detail-484016.html
到了这里,关于Azure DevOps构建CICD流水线的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!