GitLab CI Docker 至 Kubernetes 部署

DevOps
6 個節點 · 5 條連接devops
視覺化
在編輯器開啟
ex-gitlab-ci-deploy.osop.yaml
# GitLab CI Pipeline with Docker and Kubernetes
# Build Docker image, push to registry, deploy to k8s cluster
osop_version: "2.0"
id: gitlab-ci-deploy
name: "GitLab CI Docker 至 Kubernetes 部署"

nodes:
  - id: ci_trigger
    type: cicd
    purpose: Trigger pipeline on merge to main
    subtype: gitlab-ci
    runtime:
      platform: gitlab-ci
      trigger: merge_request_merged
      branches: [main]
    outputs: [commit_sha, project_name]

  - id: docker_build
    type: docker
    purpose: Build Docker image from Dockerfile
    runtime:
      action: build
      dockerfile: Dockerfile
      context: "."
      tags: ["{{project_name}}:{{commit_sha}}", "{{project_name}}:latest"]
    inputs: [commit_sha, project_name]
    outputs: [image_tag]
    timeout_sec: 600
    explain: |
      Builds a multi-stage Docker image. The image is tagged with
      both the commit SHA (for traceability) and latest.

  - id: docker_scan
    type: docker
    purpose: Scan built image for vulnerabilities
    runtime:
      action: scan
      scanner: trivy
      severity_threshold: HIGH
    inputs: [image_tag]
    outputs: [scan_report]
    timeout_sec: 180

  - id: docker_push
    type: docker
    purpose: Push image to GitLab container registry
    runtime:
      action: push
      registry: registry.gitlab.com
    inputs: [image_tag]
    outputs: [registry_url]
    security:
      credentials_source: ci_variables

  - id: k8s_deploy
    type: infra
    purpose: Deploy image to Kubernetes cluster via kubectl
    runtime:
      tool: kubectl
      action: apply
      manifests: k8s/deployment.yaml
      namespace: production
    inputs: [registry_url]
    outputs: [deployment_status]
    explain: |
      Applies Kubernetes manifests with the new image tag.
      Uses kustomize overlays for environment-specific config.

  - id: k8s_rollout_check
    type: infra
    purpose: Wait for rollout to complete and verify pod health
    runtime:
      tool: kubectl
      action: rollout status
      resource: deployment/app
      namespace: production
    inputs: [deployment_status]
    outputs: [rollout_result]
    timeout_sec: 300
    retry_policy:
      max_retries: 2
      backoff_sec: 30

edges:
  - from: ci_trigger
    to: docker_build
    mode: sequential

  - from: docker_build
    to: docker_scan
    mode: sequential

  - from: docker_scan
    to: docker_push
    mode: conditional
    condition: "scan_report.critical_count == 0"

  - from: docker_push
    to: k8s_deploy
    mode: sequential

  - from: k8s_deploy
    to: k8s_rollout_check
    mode: sequential
上一個
GitHub Actions CI/CD 管線
下一個
Jenkins 多階段建置與部署管線