DevOps宸ュ叿閾惧埌搴曞寘鍚摢浜涘伐鍏凤紵
鍓嶈█
涓嶇鏄潰璇曘€佸弬鍔犳妧鏈氦娴佷細杩樻槸鍚屼簨涔嬮棿娌熼€氾紝缁忓父鍚埌鈥淒evOps宸ュ叿閾锯€濊繖涓瘝锛屽綋鐒朵簡锛屾垜鑷繁涔熻銆傞偅DevOps宸ュ叿閾惧埌搴曞寘鍚摢浜涘伐鍏峰憿锛熻繖浜涘伐鍏锋槸鎬庝箞琚娇鐢ㄧ殑鍛紵鎴戝皾璇曟⒊鐞嗕竴涓嬭繖浜涗俊鎭€?
璋堝埌DevOps宸ュ叿閾撅紝鍙兘寰堝浜轰細棣栧厛鎯冲埌绫讳技涓嬮潰杩欏紶鍥撅紙鍥剧墖鏉ユ簮浜嶽杩欓噷](https://blog.csdn.net/qq_21816375/article/details/79120669)锛夛細
![DevOps宸ュ叿閾綸(../images/DevOps宸ュ叿閾?png)
鎴戝叾瀹炰笉鍠滄杩欑鍥剧墖锛屼綔鑰呭緢澶氭椂鍊欓兘鏄敖鍙兘澶氬湴鎶婃湁鐐瑰叧绯荤殑鍥炬爣閮藉杩涘幓锛屽ソ浣垮緱鍥剧墖鐪嬭捣鏉ラ珮澶т笂锛屽疄闄呬笂骞朵笉鑳藉緢濂藉湴瑙i噴娓呮DevOps宸ュ叿閾俱€?
鎴戝湪杩欑瘒鏂囩珷涓細灏濊瘯鏍规嵁鑷繁鐨勭粡楠屾寜鐓у嚑涓ā鍧楁潵姊崇悊锛屽苟鍦ㄦ瘡涓ā鍧椾腑缁欏嚭涓€浜涘叿浣撶殑宸ュ叿妗堜緥銆?
DevOps宸ュ叿閾惧彲浠ュ垎涓哄摢鍑犱釜妯″潡锛?
鎸夌収鎴戠殑缁忛獙鍜岃繃鍘荤殑涓€浜涘疄璺碉紝DevOps宸ュ叿閾惧彲浠ュ垎涓轰互涓嬪嚑涓ā鍧楋細
- 浠g爜绠$悊锛堜篃鍙互鍙仛鐗堟湰绠$悊锛?
- CICD
- 閰嶇疆绠$悊
- 瀹瑰櫒鍖栧拰瀹瑰櫒缂栨帓
- 鐩戞帶涓庢棩蹇?
- 瀹夊叏鍒嗘瀽
- 鍒跺搧绠$悊
- 椤圭洰绠$悊锛屽崗浣滀笌娌熼€?
- 鑷姩鍖栨祴璇?
涓€鍏辨湁9涓ā鍧楋紝姣忎釜妯″潡鍙兘鍖呭惈澶氫釜宸ュ叿銆備笅闈㈠氨鎸夌収姣忎釜妯″潡閫愪竴浠嬬粛銆?
浠g爜绠$悊
鐜板湪鏈€娴佽鐨勪唬鐮佺鐞嗗伐鍏疯偗瀹氬氨鏄痝it浜嗭紝鑷充簬鏈嶅姟绔紝姣旇緝甯歌鐨勬湁GitLab銆丟ithub銆丟itee杩欎笁涓紝姣忎釜浼佷笟浼氬嚭浜庝笉鍚岀殑鍥犵礌閫夋嫨涓嶅悓鐨勫钩鍙般€?
涓嶈繃锛屼笉绠¢€夋嫨鍝釜骞冲彴锛岀洰鍓嶅ぇ閮ㄥ垎浼佷笟閮戒細閫夋嫨绉佹湁閮ㄧ讲锛岃€屼笉鏄娇鐢⊿aaS鏈嶅姟锛屽ぇ瀹惰繕鏄細鎷呭績浠g爜瀹夊叏闂銆?
褰撶劧锛屼篃鏈変竴浜涢潪甯稿ぇ鐨勪紒涓氫細閫夋嫨鎸夌収鑷繁闇€姹傝嚜寮€鍙戜竴涓猤it鏈嶅姟绔紝姣斿鍗庝负灏辨槸鑷繁寮€鍙戠殑銆?
杩樻湁涓€涓瘮杈冨皬浼楃殑閫夋嫨銆傜幇鍦ㄤ富娴佺殑鍏湁浜戝巶鍟嗗熀鏈笂涔熼兘鎻愪緵浜嗗熀浜巊it鍗忚鐨勪唬鐮佺鐞嗗姛鑳斤紝鍚勫閮戒笉涓€鏍枫€傚鏋滄病鏈夐潪甯哥壒鍒殑鍘熷洜锛屾垜鏄潪甯?涓嶆帹鑽愯繖绉嶉€夋嫨鐨勶紝鍥犱负浠g爜绠$悊骞冲彴鍦ㄥ緢澶х▼搴︿笂浼氬奖鍝岲evOps宸ュ叿閾句腑鍏跺畠宸ュ叿鐨勯€夋嫨銆備簯鍘傚晢鐨勪唬鐮佺鐞嗗姛鑳介兘鏄皝闂紡鐨勶紝浼氶檺鍒跺叾浠栧伐鍏风殑閫夋嫨鑼冨洿锛岃€屼笖寰堝彲鑳戒細鏈夐€傞厤闂銆?
CICD
CICD鏄寚鎸佺画闆嗘垚鍜屾寔缁儴缃诧紙鎸佺画鍙戝竷锛夈€?
鏈€钁楀悕鐨勫伐鍏峰彲鑳藉氨鏄?*Jenkins**浜嗭紝鍔熻兘寮哄ぇ锛屾彃浠堕潪甯稿锛屽彲浠ユ弧瓒崇粷澶ч儴鍒嗛渶姹傦紝濡傛灉浣犱笉鐭ラ亾搴旇浣跨敤鍝釜CICD宸ュ叿鐨勮瘽锛屽彲浠ヨ瘯璇曞畠銆?
濡傛灉浣犵殑浠g爜绠$悊宸ュ叿浣跨敤鐨勬槸Github鐨勮瘽锛屽挨鍏舵槸Github浼佷笟鐗堢殑璇濓紝閭d箞Github Action瀵逛綘鏉ヨ鍙兘鏄竴涓洿濂界殑CICD宸ュ叿锛屽畠璺烥ithub鍘熺敓闆嗘垚锛岄厤缃畝鍗曘€?
濡傛灉浣犱滑鍏徃/鍥㈤槦涓昏搴旂敤閮芥槸鍩轰簬k8s閮ㄧ讲鐨勮瘽锛岄偅涔?*argoCD**鍙兘鏇撮€傚悎浣犮€俛rgoCD鍙互璇存槸涓撲负k8s璁捐鐨勪竴涓狢D宸ュ叿锛岄伒寰猤itops鐞嗗康銆?
閰嶇疆绠$悊
閰嶇疆绠$悊宸ュ叿涓昏鐢ㄤ簬缁熶竴绠$悊鍜岄厤缃湇鍔″櫒鍜屽簲鐢ㄧ▼搴忚缃紝甯歌鐨勬湁Ansible, Chef, Puppet, SaltStack銆?
鐜板湪鍏跺疄杩樻湁涓€涓伐鍏锋垜瑙夊緱涔熷簲璇ョ畻鍦ㄩ厤缃鐞嗛噷闈紝閭e氨鏄疶erraform銆?
鍑嗙‘鍦拌锛?*Terraform**鏄竴涓狪aC锛堝熀纭€璁炬柦鍗充唬鐮侊級宸ュ叿锛屼絾鏄彲浠ュ皢鍏惰涓哄叕鏈変簯鏃朵唬鐨勯厤缃鐞嗗伐鍏枫€?
閰嶇疆绠$悊绫荤殑宸ュ叿锛屽線寰€涓嶄粎浠匘evOps鍥㈤槦鍦ㄤ娇鐢紝浜у搧鍥㈤槦锛堥」鐩洟闃燂級涔熺粡甯镐細浣跨敤銆傚洜涓烘湇鍔″櫒杩欎簺璧勬簮鏈夌殑鏃跺€欐槸鐢遍」鐩洟闃熺洿鎺ョ鐞嗙殑锛屼篃鏈夊彲鑳芥槸涓€涓笓闂ㄧ殑杩愮淮鍥㈤槦鍦ㄧ鐞嗭紝姣忓鍏徃鍙兘閮戒笉澶竴鏍枫€?
瀹瑰櫒鍖栧拰瀹瑰櫒缂栨帓
杩欓儴鍒嗕及璁″ぇ瀹堕兘娌′粈涔堝お澶х殑浜夎锛宒ocker鍜宬8s鏄渶娴佽鐨勪簡銆?
docker涓嶇敤璇村お澶氾紝浣嗘槸k8s閲岄潰鍏跺疄杩樻湁寰堝缁嗚妭銆傛瘮濡俴8s閲岄潰鐨勬潈闄愮鎺с€佺綉缁滈殧绂汇€佹棩蹇楄褰曘€佺洃鎺х瓑绛夐兘鏈変笓闂ㄧ殑宸ュ叿锛屼竴涓瘮杈冨ソ鐨凞evOps鍥㈤槦锛岃繖浜涢兘搴旇瑕佹彁渚涚殑銆?
鐩戞帶涓庢棩蹇?
鐩戞帶涓庢棩蹇楃殑閮ㄥ垎浼氭湁鐐瑰鏉傘€傚洜涓鸿繖閲屼細瀛樺湪涓€涓晫闄愮殑闂銆?
鍦ㄦ垜鐪嬫潵锛屼綔涓篋evOps鍥㈤槦锛岃鎻愪緵鍩虹鐨勭洃鎺у拰鏃ュ織銆?
鍏蜂綋鏉ヨ锛岀洃鎺у簲璇ヨ鍖呭惈CPU銆佸唴瀛樼瓑璁$畻璧勬簮锛岀綉缁滐紝鏈嶅姟鍣ㄧ姸鎬侊紝pod鐘舵€佽繖浜涳紝鍙互涓嶅寘鍚玈LO銆丼LI绛夋洿楂樺眰绾х殑鍐呭锛屽洜涓鸿繖浜涘簲璇ユ槸SRE鏉ュ仛銆傦紙浣嗘槸瀹為檯涓婂緢澶氭椂鍊欐槸鏃㈣鍋欴evOps涔熻鍋歋RE…锛?
鏃ュ織搴旇瑕佸寘鍚В鏋愬ソ鐨勫簲鐢ㄦ棩蹇楀拰绯荤粺鏃ュ織銆備笉杩囪В鏋愪竴鑸簲璇ユ湁椤圭洰鍥㈤槦鑷繁鍋氾紝姣曠珶浠栦滑瀵硅嚜宸辩殑鏃ュ織鏇寸啛鎮夈€?
瀹夊叏鍒嗘瀽
鍦―evOps宸ュ叿閾句腑锛屾牴鎹畨鍏ㄦ€ф鏌ョ殑涓嶅悓闃舵鍜岀洰鏍囷紝瀹夊叏鍒嗘瀽鍙互杩涗竴姝ョ粏鍒嗕负浠ヤ笅鍑犵被锛?
浠g爜闈欐€佸垎鏋愶紙SAST锛?
- *鐢ㄩ€?: 鍦ㄤ笉杩愯绋嬪簭鐨勬儏鍐典笅鍒嗘瀽婧愪唬鐮佹垨浜岃繘鍒朵唬鐮佷互鍙戠幇娼滃湪鐨勫畨鍏ㄦ紡娲炪€?
- 绀轰緥宸ュ叿:
- SonarQube: 涓嶄粎鍙互妫€娴嬩唬鐮佽川閲忛棶棰橈紝涔熻兘璇嗗埆瀹夊叏婕忔礊鍜屼唬鐮佸紓鍛?code smell)銆?
- Checkmarx: 鎻愪緵鍏ㄩ潰鐨凷AST瑙e喅鏂规锛屾敮鎸佸绉嶇紪绋嬭瑷€鍜屾鏋躲€?
渚濊禆鎬ф壂鎻忥紙SCA锛?
- *鐢ㄩ€?: 妫€鏌ラ」鐩緷璧栫殑搴撳拰妗嗘灦鏄惁鏈夊凡鐭ョ殑瀹夊叏婕忔礊銆?
- 绀轰緥宸ュ叿:
- Snyk: 涓撴敞浜庡彂鐜板拰淇渚濊禆搴撲腑鐨勫畨鍏ㄦ紡娲炪€?
- WhiteSource: 鎻愪緵骞挎硾鐨勮瑷€鍜屾鏋舵敮鎸侊紝鑷姩妫€娴嬪苟淇寮€婧愬畨鍏ㄦ紡娲炪€?
瀹瑰櫒瀹夊叏涓庢壂鎻?
- *鐢ㄩ€?: 鍦ㄥ鍣ㄥ寲鐜涓‘淇濆鍣ㄩ暅鍍忕殑瀹夊叏锛屽寘鎷暅鍍忔壂鎻忓拰杩愯鏃朵繚鎶ゃ€?
- 绀轰緥宸ュ叿:
- Aqua Security: 鎻愪緵瀹瑰櫒瀹夊叏骞冲彴锛屽寘鎷暅鍍忔壂鎻忋€佽繍琛屾椂闃叉姢绛夊姛鑳姐€?
- Clair 銆?Trivy*: 寮€婧愰」鐩紝涓撴敞浜庡鍣ㄩ暅鍍忕殑婕忔礊鎵弿銆?
浠g爜椋庢牸鍜岃鑼冩鏌?
- *鐢ㄩ€?: 纭繚浠g爜閬靛惊涓€瀹氱殑缂栫爜鏍囧噯鍜岄鏍硷紝鏈夊姪浜庡噺灏戝畨鍏ㄩ闄┿€傝繖绫诲伐鍏蜂竴鑸彧鏄竴涓彃浠舵垨鑰呭懡浠よ宸ュ叿锛屾病鏈塻erver绔紝涓嶉渶瑕侀泦涓淮鎶ゃ€?
- 绀轰緥宸ュ叿:
- ESLint: JavaScript鐨勪竴涓彃浠跺寲鐨勯潤鎬佷唬鐮佸垎鏋愬伐鍏凤紝鍙互鐢ㄦ潵妫€鏌ュ父瑙佺殑浠g爜闂鍜岄鏍奸棶棰樸€?
- Pylint: Python缂栫▼璇█鐨勪竴涓潤鎬佷唬鐮佸垎鏋愬伐鍏凤紝鐢ㄤ簬鏌ユ壘缂栫爜閿欒锛屽疄鏂界紪鐮佹爣鍑嗗拰鎺ㄨ崘缂栫爜椋庢牸銆?
鍒跺搧绠$悊
- *鐢ㄩ€?: 绠$悊銆佸瓨鍌ㄣ€佸垎鍙戣蒋浠跺寘鐨勫伐鍏枫€傝繖浜涜蒋浠跺寘鍙兘鏄涓夋柟杞欢搴撱€佹鏋舵垨浣犺嚜宸卞紑鍙戠殑绋嬪簭銆?
- 绀轰緥宸ュ叿:
- JFrog Artifactory: 鏀寔澶氱杞欢鍖呬粨搴撶被鍨嬬殑閫氱敤鍒跺搧搴擄紝濡侻aven, Docker, npm绛夛紝杩欐槸涓€涓晢涓氫骇鍝併€?
- Harbor: 涓€涓紑婧愮殑浼佷笟绾ocker闀滃儚浠撳簱锛屾敮鎸侀暅鍍忕殑瀛樺偍銆佹壂鎻忓拰绛惧悕銆?
- Sonatype Nexus: 鎻愪緵鏀寔澶氱鎶€鏈殑鍒跺搧瀛樺偍鍜屽垎鍙戯紝濡侻aven, npm, Docker绛夈€?
椤圭洰绠$悊锛屽崗浣滀笌娌熼€?
鍏跺疄鏈夌姽璞涓嶈鎶婅繖閮ㄥ垎鏀惧湪DevOps宸ュ叿閾句腑锛屽洜涓轰竴鑸悊瑙d笂锛岃繖搴旇鍏徃閲孖T閮ㄩ棬鎻愪緵鐨勶紝浣嗘槸杩欑被宸ュ叿鐨勯€夋嫨鏈夋椂鍊欎細瀵笵evOps娴佺▼鏈夊緢澶х殑褰卞搷锛岃繘鑰屽奖鍝嶅紑鍙戞晥鐜囷紝鎵€浠ヨ繕鏄畻鍦―evOps宸ュ叿閾句腑鍚с€?
杩欑被宸ュ叿鐜板湪寰堝锛屽浗浜х殑鏈夐拤閽夈€侀涔﹁繖浜涳紝杩樻湁鑰佺墝鐨凧ira锛孋onfluence wiki绛?
鑷姩鍖栨祴璇?
鑷姩鍖栨祴璇曚綔涓篋evOps涓笉鍙皯鐨勪竴鐜紝搴旇琚撼鍏evOps宸ュ叿閾捐寖鍥达紝浣嗘槸锛岃繖涓€閮ㄥ垎宸ヤ綔鍩烘湰涓婁笉闇€瑕丏evOps鍥㈤槦鍋氾紝搴斾负娴嬭瘯宸ヤ綔涓€鑸兘鏄敱椤圭洰鍥㈤槦鎴栬€呬笓闂ㄧ殑娴嬭瘯鍥㈤槦鍋氱殑銆?
姣旇緝濂界殑DevOps鍥㈤槦浼氬湪CICD鐨剋orkflow涓姞涓婁竴浜涙娴嬪拰鎺у埗锛屾瘮濡傦紝濡傛灉鏌愪竴娆ICD杩囩▼涓紝娌℃湁鍋氭祴璇曪紝灏变笉鍏佽璧板埌CD鐜妭銆?
缁撳熬
浠ヤ笂灏辨槸鎴戝叧浜嶥evOps宸ュ叿閾剧殑绠€鍗曟⒊鐞嗭紝鍦ㄥ疄闄呬娇鐢ㄤ腑锛屾瘡涓€涓伐鍏风殑閫夊瀷鍏跺疄閮借鑰冭檻寰堝鍥犵礌锛屾瘮濡傝窡鐜版湁娴佺▼鐨勬槸涓嶆槸濂戝悎銆侀」鐩洟闃熷浜庤繖涓伐鍏风殑鎺ュ彈绋嬪害銆佸畨鍏ㄧ瓥鐣ユ槸鍚﹀悎瑙勭瓑绛夈€