通过 CloudBuilder 更新图像标签以提交 SHA 的最佳方法是什么?
What is best method to update image tag to commit SHA via CloudBuilder?
-
google-cloud-platform
-
kubernetes
-
google-kubernetes-engine
-
google-container-registry
-
google-container-builder
我有一个 deployment.yaml 包含部署 3 个容器 + LB 服务 和 cloudbuild.yaml 包含 每次在 Bitbucket git repo[=27= 上的某个分支有新提交时构建容器镜像的步骤].
除了我的部署在有新图像版本时不会更新(我在部署中使用了 :latest 标签)之外,一切正常我的部署映像应该使用一些独特的东西,而不是 :latest,例如 git 提交 SHA。
问题:
我不确定如何在 GCB CI 过程中执行映像声明更新以包含新的提交 SHA。
YAML 的:https://paste.ee/p/CsETr
我相信 Kubernetes 不会拉取它已有的镜像(因为它使用相同的标签 :latest)。
我认为您的系统将受益于使用新标签:
- id: Updating Deployment
name: gcr.io/cloud-builders/kubectl
args: ['set', 'image', 'deployment/app', 'nginx=eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA']
env:
- CLOUDSDK_COMPUTE_ZONE=europe-west1-b
- CLOUDSDK_CONTAINER_CLUSTER=cluster-1
(您还必须为其他容器设置图像。
另一种方法是使用新标签更新您的部署文件,然后应用整个文件。
通过在部署中使用图像标记或 URI 变量并在构建时用 sed 替换它们找到了解决方案。
deplyment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: dev
name: app
labels:
app: app
spec:
replicas: 3
selector:
matchLabels:
app: app
template:
metadata:
labels:
app: app
spec:
initContainers:
- name: init
image: INIT_IMAGE_NAME
imagePullPolicy: Always
command: ['sh', '-c', 'cp -r /app /srv; chown -R 82:82 /srv/app']
volumeMounts:
- name: code
mountPath: /srv
containers:
- name: nginx
image: NGINX_IMAGE_NAME
imagePullPolicy: Always
ports:
- containerPort: 80
volumeMounts:
- name: code
mountPath: /srv
- name: php-socket
mountPath: /var/run
livenessProbe:
httpGet:
path: /health.html
port: 80
httpHeaders:
- name: X-Healthcheck
value: Checked
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 15
readinessProbe:
httpGet:
path: /health.html
port: 80
httpHeaders:
- name: X-Healthcheck
value: Checked
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 15
- name: php
image: PHP_IMAGE_NAME
imagePullPolicy: Always
volumeMounts:
- name: code
mountPath: /srv
- name: php-socket
mountPath: /var/run
livenessProbe:
httpGet:
path: /health.html
port: 80
httpHeaders:
- name: X-Healthcheck
value: Checked
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 15
readinessProbe:
httpGet:
path: /health.html
port: 80
httpHeaders:
- name: X-Healthcheck
value: Checked
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 15
volumes:
- name: code
emptyDir: {}
- name: php-socket
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
namespace: dev
name: app-service
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: app
cloudbuild.yaml
steps:
# Build Images
- id: Building Init Image
name: gcr.io/cloud-builders/docker
args: ['build','-t', 'eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA', '-f', 'init.dockerfile', '.']
- id: Building Nginx Image
name: gcr.io/cloud-builders/docker
args: ['build','-t', 'eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA', '-f', 'nginx.dockerfile', '.']
waitFor: ['-']
- id: Building PHP-FPM Image
name: gcr.io/cloud-builders/docker
args: ['build','-t', 'eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA', '-f', 'php.dockerfile', '.']
waitFor: ['-']
# Push Images
- id: Pushing Init Image
name: gcr.io/cloud-builders/docker
args: ['push','eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA']
- id: Pushing Nginx Image
name: gcr.io/cloud-builders/docker
args: ['push','eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA']
- id: Pushing PHP-FPM Image
name: gcr.io/cloud-builders/docker
args: ['push','eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA']
# Update Image Tags
- id: 'Setting Init Image Tag'
name: ubuntu
args: ['bash','-c','sed -i "s,INIT_IMAGE_NAME,eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA," deployment.yaml']
- id: 'Setting Nginx Image Tag'
name: ubuntu
args: ['bash','-c','sed -i "s,NGINX_IMAGE_NAME,eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA," deployment.yaml']
- id: 'Setting PHP Image Tag'
name: ubuntu
args: ['bash','-c','sed -i "s,PHP_IMAGE_NAME,eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA," deployment.yaml']
# Update Deployment
- id: Updating Deployment
name: gcr.io/cloud-builders/kubectl
args: ['apply','-f','deployment.yaml']
env:
- CLOUDSDK_COMPUTE_ZONE=europe-west2-b
- CLOUDSDK_CONTAINER_CLUSTER=clusterx
# Images
images:
- eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA
- eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA
- eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA
# Tags
tags:
- master
- dev
- init
google-cloud-platform
kubernetes
google-kubernetes-engine
google-container-registry
google-container-builder
我有一个 deployment.yaml 包含部署 3 个容器 + LB 服务 和 cloudbuild.yaml 包含 每次在 Bitbucket git repo[=27= 上的某个分支有新提交时构建容器镜像的步骤].
除了我的部署在有新图像版本时不会更新(我在部署中使用了 :latest 标签)之外,一切正常我的部署映像应该使用一些独特的东西,而不是 :latest,例如 git 提交 SHA。
问题: 我不确定如何在 GCB CI 过程中执行映像声明更新以包含新的提交 SHA。
YAML 的:https://paste.ee/p/CsETr
我相信 Kubernetes 不会拉取它已有的镜像(因为它使用相同的标签 :latest)。
我认为您的系统将受益于使用新标签:
- id: Updating Deployment
name: gcr.io/cloud-builders/kubectl
args: ['set', 'image', 'deployment/app', 'nginx=eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA']
env:
- CLOUDSDK_COMPUTE_ZONE=europe-west1-b
- CLOUDSDK_CONTAINER_CLUSTER=cluster-1
(您还必须为其他容器设置图像。
另一种方法是使用新标签更新您的部署文件,然后应用整个文件。
通过在部署中使用图像标记或 URI 变量并在构建时用 sed 替换它们找到了解决方案。
deplyment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: dev
name: app
labels:
app: app
spec:
replicas: 3
selector:
matchLabels:
app: app
template:
metadata:
labels:
app: app
spec:
initContainers:
- name: init
image: INIT_IMAGE_NAME
imagePullPolicy: Always
command: ['sh', '-c', 'cp -r /app /srv; chown -R 82:82 /srv/app']
volumeMounts:
- name: code
mountPath: /srv
containers:
- name: nginx
image: NGINX_IMAGE_NAME
imagePullPolicy: Always
ports:
- containerPort: 80
volumeMounts:
- name: code
mountPath: /srv
- name: php-socket
mountPath: /var/run
livenessProbe:
httpGet:
path: /health.html
port: 80
httpHeaders:
- name: X-Healthcheck
value: Checked
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 15
readinessProbe:
httpGet:
path: /health.html
port: 80
httpHeaders:
- name: X-Healthcheck
value: Checked
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 15
- name: php
image: PHP_IMAGE_NAME
imagePullPolicy: Always
volumeMounts:
- name: code
mountPath: /srv
- name: php-socket
mountPath: /var/run
livenessProbe:
httpGet:
path: /health.html
port: 80
httpHeaders:
- name: X-Healthcheck
value: Checked
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 15
readinessProbe:
httpGet:
path: /health.html
port: 80
httpHeaders:
- name: X-Healthcheck
value: Checked
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 15
volumes:
- name: code
emptyDir: {}
- name: php-socket
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
namespace: dev
name: app-service
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: app
cloudbuild.yaml
steps:
# Build Images
- id: Building Init Image
name: gcr.io/cloud-builders/docker
args: ['build','-t', 'eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA', '-f', 'init.dockerfile', '.']
- id: Building Nginx Image
name: gcr.io/cloud-builders/docker
args: ['build','-t', 'eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA', '-f', 'nginx.dockerfile', '.']
waitFor: ['-']
- id: Building PHP-FPM Image
name: gcr.io/cloud-builders/docker
args: ['build','-t', 'eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA', '-f', 'php.dockerfile', '.']
waitFor: ['-']
# Push Images
- id: Pushing Init Image
name: gcr.io/cloud-builders/docker
args: ['push','eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA']
- id: Pushing Nginx Image
name: gcr.io/cloud-builders/docker
args: ['push','eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA']
- id: Pushing PHP-FPM Image
name: gcr.io/cloud-builders/docker
args: ['push','eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA']
# Update Image Tags
- id: 'Setting Init Image Tag'
name: ubuntu
args: ['bash','-c','sed -i "s,INIT_IMAGE_NAME,eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA," deployment.yaml']
- id: 'Setting Nginx Image Tag'
name: ubuntu
args: ['bash','-c','sed -i "s,NGINX_IMAGE_NAME,eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA," deployment.yaml']
- id: 'Setting PHP Image Tag'
name: ubuntu
args: ['bash','-c','sed -i "s,PHP_IMAGE_NAME,eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA," deployment.yaml']
# Update Deployment
- id: Updating Deployment
name: gcr.io/cloud-builders/kubectl
args: ['apply','-f','deployment.yaml']
env:
- CLOUDSDK_COMPUTE_ZONE=europe-west2-b
- CLOUDSDK_CONTAINER_CLUSTER=clusterx
# Images
images:
- eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA
- eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA
- eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA
# Tags
tags:
- master
- dev
- init