GitOps工作流实践
GitOps工作流实践
什么是GitOps
GitOps是一种以Git为中心的运维方法,通过Git仓库管理基础设施和应用配置。
核心原则
- 声明式配置:所有配置以声明式方式定义
- 版本控制:所有配置存储在Git中
- 自动同步:系统自动将实际状态同步到期望状态
- 持续调和:持续检测和修复配置漂移
GitOps工具
| 工具 | 特点 |
|---|---|
| ArgoCD | 功能强大,UI友好 |
| Flux | 轻量级,CNCF项目 |
| Jenkins X | 与Jenkins集成 |
| Codefresh | SaaS平台 |
ArgoCD
安装ArgoCD
# 创建命名空间
kubectl create namespace argocd
# 安装ArgoCD
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# 获取初始密码
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
# 访问UI
kubectl port-forward svc/argocd-server -n argocd 8080:443
Application配置
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: myapp
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/user/k8s-manifests.git
targetRevision: HEAD
path: apps/myapp/production
destination:
server: https://kubernetes.default.svc
namespace: production
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
AppProject配置
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: production
namespace: argocd
spec:
description: Production applications
sourceRepos:
- 'https://github.com/user/*'
destinations:
- namespace: production
server: https://kubernetes.default.svc
clusterResourceWhitelist:
- group: ''
kind: Namespace
Flux
安装Flux
# 安装Flux CLI
brew install fluxcd/tap/flux
# 引导安装
flux bootstrap github \
--owner=github-user \
--repository=fleet-infra \
--branch=main \
--path=./clusters/production
Kustomization
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: myapp
namespace: flux-system
spec:
interval: 5m
path: ./apps/myapp
prune: true
sourceRef:
kind: GitRepository
name: flux-system
healthChecks:
- apiVersion: apps/v1
kind: Deployment
name: myapp
namespace: production
实践:完整GitOps工作流
# 1. 创建Git仓库结构
mkdir -p apps/myapp/base apps/myapp/production
# 2. 编写基础配置
cat > apps/myapp/base/deployment.yaml << 'EOF'
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
replicas: 3
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: myapp:v1
EOF
# 3. 创建生产环境覆盖
cat > apps/myapp/production/kustomization.yaml << 'EOF'
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
patchesStrategicMerge:
- replicas-patch.yaml
EOF
cat > apps/myapp/production/replicas-patch.yaml << 'EOF'
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
replicas: 5
EOF
# 4. 提交到Git
git add .
git commit -m "feat: add myapp configuration"
git push
# 5. ArgoCD自动同步
# 访问ArgoCD UI查看同步状态
GitOps最佳实践
仓库结构
gitops-repo/
├── apps/
│ ├── app-a/
│ │ ├── base/
│ │ └── production/
│ └── app-b/
├── clusters/
│ ├── staging/
│ └── production/
└── infrastructure/
├── monitoring/
└── ingress
配置管理
# 使用Kustomize
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
- ingress.yaml
configMapGenerator:
- name: app-config
literals:
- DB_HOST=mysql
- CACHE_HOST=redis
secretGenerator:
- name: app-secrets
literals:
- DB_PASSWORD=secret
总结
GitOps是现代运维的最佳实践。通过以Git为中心的配置管理,可以实现可审计、可追溯、自动化的基础设施和应用管理。