一、我见过的最混乱的团队2018年我入职了一家创业公司。第一天leader让我部署一下某个服务。我问他文档在哪里他说“文档没写过但代码在Git上服务器密码我发你。”那天下午我经历了在20多台服务器上逐一登录部署用U盘拷贝更新包没看错真的是U盘凌晨3点回滚因为新版本有bug回滚后发现代码和数据库不一致那个项目10个人开发部署一次要3小时发布一次要全团队通宵。后来我接触了DevOps才知道原来部署可以这么简单。二、DevOps从概念到落地2.1 什么是DevOpsDevOps Development Operations 开发Dev和运维Ops的融合 核心理念 - 开发即运维开发者自己负责部署和运维 - 自动化一切构建、测试、部署全部自动化 - 持续改进快速迭代小步快跑 - 以业务价值为导向减少浪费提高交付效率2.2 DevOps的价值没有DevOps - 代码写完要等2周才能上线 - 部署靠手工出错率高 - 环境不一致在我电脑上是好的 - 问题定位靠猜测排查时间长 有DevOps - 代码提交后自动构建、自动测试、自动部署 - 部署时间从3小时缩短到5分钟 - 环境标准化所有人的环境都一样 - 问题可追溯快速定位三、CICD流水线设计3.1 流水线核心阶段# Jenkinsfile (Jenkins Pipeline)pipeline{agent any environment{REGISTRY registry.example.com APP_NAME order-service DOCKER_IMAGE ${REGISTRY}/${APP_NAME}:${BUILD_NUMBER}}stages{stage(Checkout){steps{checkout scm script{env.GIT_COMMIT_SHORT sh(script:git rev-parse --short HEAD,returnStdout:true).trim()}}}stage(Build){steps{sh mvn clean package-DskipTests if[!-f target/*.jar]; then echo 构建失败未找到JAR文件 exit 1 fi }}stage(Unit Tests){steps{sh mvn test}post{always{junit target/surefire-reports/*.xml}}}stage(Code Quality){steps{sh mvn sonar:sonar \-Dsonar.projectKey${APP_NAME}\-Dsonar.host.urlhttp://sonar:9000 \-Dsonar.login${SONAR_TOKEN}}}stage(Security Scan){steps{sh # OWASP依赖检查mvn org.owasp:dependency-check-maven:check }post{always{archiveArtifacts artifacts:target/dependency-check-report.html}}}stage(Build Docker Image){steps{sh docker build-t ${DOCKER_IMAGE}. docker tag ${DOCKER_IMAGE}${REGISTRY}/${APP_NAME}:${GIT_COMMIT_SHORT}docker push ${REGISTRY}/${APP_NAME}:${GIT_COMMIT_SHORT}}}stage(Deploy to Test){when{branch develop}steps{sh kubectl set image deployment/${APP_NAME}\ ${APP_NAME}${DOCKER_IMAGE}\-n test kubectl rollout status deployment/${APP_NAME}-n test }}stage(Deploy to Staging){when{branch main}steps{sh kubectl set image deployment/${APP_NAME}\ ${APP_NAME}${DOCKER_IMAGE}\-n staging kubectl rollout status deployment/${APP_NAME}-n staging input message:人工审批,ok:确认部署}}stage(Deploy to Production){when{tag *}steps{sh kubectl set image deployment/${APP_NAME}\ ${APP_NAME}${DOCKER_IMAGE}\-n production kubectl rollout status deployment/${APP_NAME}-n production }}}post{always{echo 清理工作...}success{echo 流水线执行成功 // 发送通知 dingtalk ✅ ${APP_NAME}构建成功\n版本:${DOCKER_IMAGE}}failure{echo 流水线执行失败 // 发送告警 dingtalk ❌ ${APP_NAME}构建失败\n版本:${DOCKER_IMAGE}\n日志:${env.BUILD_URL}}}}3.2 GitLab CI配置# .gitlab-ci.ymlstages:-build-test-security-package-deployvariables:DOCKER_DRIVER:overlay2MAVEN_OPTS:-Dmaven.repo.local.m2/repositorycache:paths:-.m2/repository-target/# 构建阶段build:stage:buildimage:maven:3.8-openjdk-11script:-mvn clean package-DskipTestsartifacts:paths:-target/*.jarexpire_in:1 hour# 单元测试test:stage:testimage:maven:3.8-openjdk-11script:-mvn test-mvn jacoco:reportcoverage:/Total.*?([0-9]{1,3})%/artifacts:reports:junit:target/surefire-reports/*.xmlcoverage_report:coverage_format:jacocopath:target/site/jacoco/jacoco.xml# 安全扫描security:stage:securityimage:aquasec/trivy:latestscript:-trivy image--exit-code 0--severity HIGH,CRITICAL $IMAGE_NAMEallow_failure:true# 允许失败不阻断流水线# Docker打包docker:stage:packageimage:docker:latestservices:-docker:dindscript:-docker login-u $CI_REGISTRY_USER-p $CI_REGISTRY_PASSWORD $CI_REGISTRY-docker build-t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .-docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHAonly:-develop-main# 开发环境部署deploy-test:stage:deployimage:bitnami/kubectl:latestscript:-kubectl config set-cluster k8s-test--server$K8S_TEST_SERVER-kubectl config set-credentials gitlab--token$K8S_TEST_TOKEN-kubectl config set-context gitlab-test--clusterk8s-test--usergitlab-kubectl config use-context gitlab-test-kubectl set image deployment/order-service order-service$CI_REGISTRY_IMAGE:$CI_COMMIT_SHAenvironment:name:testurl:https://test.example.comonly:-develop# 生产环境部署deploy-prod:stage:deployimage:bitnami/kubectl:latestscript:-kubectl config set-cluster k8s-prod--server$K8S_PROD_SERVER-kubectl config set-credentials gitlab--token$K8S_PROD_TOKEN-kubectl config set-context gitlab-prod--clusterk8s-prod--usergitlab-kubectl config use-context gitlab-prod-kubectl set image deployment/order-service order-service$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA-kubectl rollout status deployment/order-serviceenvironment:name:productionurl:https://prod.example.comwhen:manual# 手动触发only:-tags四、Docker镜像优化4.1 多阶段构建# Dockerfile (多阶段构建) # 阶段1构建 FROM maven:3.8-openjdk-11 AS builder WORKDIR /build # 复制依赖加速构建 COPY pom.xml . RUN mvn dependency:go-offline -B # 复制源码并构建 COPY src ./src RUN mvn clean package -DskipTests # 阶段2运行 FROM openjdk:11-jre-slim WORKDIR /app # 从构建阶段复制JAR COPY --frombuilder /build/target/*.jar app.jar # 添加健康检查 HEALTHCHECK --interval30s --timeout10s --start-period60s \ CMD wget --quiet --tries1 --spider http://localhost:8080/actuator/health || exit 1 # 创建非root用户 RUN addgroup -S appgroup adduser -S appuser -G appgroup USER appuser ENTRYPOINT [java, -Xms256m, -Xmx512m, -jar, app.jar]4.2 镜像大小对比# 普通镜像 vs 优化后镜像# openjdk:11 → 800MB# openjdk:11-jre → 400MB# openjdk:11-jre-slim → 200MB# amazoncorretto:11-alpine → 180MB# 优化策略# 1. 使用精简基础镜像# 2. 多阶段构建# 3. 减少层数# 4. .dockerignore排除不需要的文件# .dockerignore.git .gitignore *.md target/*.jar.original *.log .java-version .idea .vscode node_modules五、环境管理与配置5.1 多环境配置# config.yamlenvironments:dev:api_url:http://dev-api.example.comdb_host:dev-mysql.example.comredis_host:dev-redis.example.comlog_level:DEBUGreplicas:1test:api_url:http://test-api.example.comdb_host:test-mysql.example.comredis_host:test-redis.example.comlog_level:INFOreplicas:2staging:api_url:http://staging-api.example.comdb_host:staging-mysql.example.comredis_host:staging-redis.example.comlog_level:INFOreplicas:3production:api_url:http://api.example.comdb_host:prod-mysql.example.comredis_host:prod-redis.example.comlog_level:WARNreplicas:105.2 K8s环境隔离# namespace.yamlapiVersion:v1kind:Namespacemetadata:name:productionlabels:env:productionteam:backend---apiVersion:v1kind:Namespacemetadata:name:staginglabels:env:stagingteam:backend---# deployment.yamlapiVersion:apps/v1kind:Deploymentmetadata:name:order-servicenamespace:productionspec:replicas:5selector:matchLabels:app:order-servicetemplate:metadata:labels:app:order-serviceversion:v1spec:containers:-name:order-serviceimage:registry.example.com/order-service:latestports:-containerPort:8080env:-name:SPRING_PROFILES_ACTIVEvalue:productionresources:requests:memory:256Micpu:100mlimits:memory:512Micpu:500mreadinessProbe:httpGet:path:/actuator/health/readinessport:8080initialDelaySeconds:30periodSeconds:10livenessProbe:httpGet:path:/actuator/health/livenessport:8080initialDelaySeconds:60periodSeconds:15六、蓝绿部署与金丝雀发布6.1 蓝绿部署# 蓝绿部署示意图# 当前Blue版本处理所有流量# 发布Green版本部署完成后一次性切换流量# 1. 当前状态Blue版本处理100%流量kubectl get svc order-service# NAME TYPE CLUSTER-IP PORT(S) SELECTOR# order-service ClusterIP 10.0.1.100 8080 apporder-service,versionblue# 2. 部署Green版本kubectl apply-forder-service-green.yaml# Green版本已部署但流量还是Blue# 3. 切换流量蓝绿切换kubectl patchserviceorder-service\-p{spec:{selector:{version:green}}}# 4. 验证Green版本# 如果有问题快速回滚kubectl patchserviceorder-service\-p{spec:{selector:{version:blue}}}# 5. 确认无误后删除Blue版本kubectl delete deployment order-service-blue6.2 金丝雀发布# 金丝雀发布只让小部分用户使用新版本# 概念用一只金丝雀先试探新版本是否有问题apiVersion:v1kind:ConfigMapmetadata:name:nginx-confignamespace:productiondata:default.conf:|upstream order_backend { server order-service-blue:8080; }# 金丝雀10%流量到Green版本upstream order_backend_canary{server order-service-green:8080;}server{listen 80;# 路径匹配基于URLlocation /api/v1/{# 10%流量到金丝雀版本set $targetBackend order_backend; if ($request_uri ~ ^/test.*){set $targetBackend order_backend_canary;}proxy_pass http://$targetBackend;}}---# 基于权重的ServiceapiVersion:v1kind:Servicemetadata:name:order-service-canaryspec:selector:app:order-serviceversion:greenports:-port:80targetPort:80806.3 Argo Rollouts金丝雀更专业的方案# Rollout配置apiVersion:argoproj.io/v1alpha1kind:Rolloutmetadata:name:order-servicespec:replicas:10strategy:canary:steps:-setWeight:5# 先5%流量-pause:{duration:10m}# 暂停10分钟观察-setWeight:20# 20%-pause:{}# 手动确认-setWeight:50# 50%-pause:{duration:5m}-setWeight:100# 100%canaryMetadata:labels:role:canarystableMetadata:labels:role:stabletrafficRouting:nginx:stableIngress:order-stableadditionalIngressAnnotations:canary-by-header:X-Canaryanalysis:templates:-templateName:success-ratestartingStep:1args:-name:service-namevalue:order-service-canary七、测试自动化7.1 测试金字塔┌─────────────────────────────────┐ │ E2E Tests端到端测试 │ 少量、关键路径 │ 模拟真实用户操作覆盖核心流程 │ ├─────────────────────────────────┤ │ Integration Tests集成测试 │ 中等数量 │ 测试多个组件协作 │ ├─────────────────────────────────┤ │ Unit Tests单元测试 │ 大量、快速 │ 测试单个类/方法的正确性 │ └─────────────────────────────────┘ 建议比例单元测试70%集成测试20%E2E测试10%7.2 自动化测试配置// 单元测试示例classOrderServiceTest{MockprivateOrderRepositoryorderRepository;MockprivateInventoryClientinventoryClient;InjectMocksprivateOrderServiceorderService;TestvoidtestCreateOrder_success(){// givenOrderordernewOrder();order.setId(123);when(orderRepository.save(any())).thenReturn(order);when(inventoryClient.check(any(),anyInt())).thenReturn(Inventory.builder().available(true).build());// whenOrderresultorderService.createOrder(CreateOrderRequest.builder().userId(user1).skuId(sku1).quantity(1).build());// thenassertNotNull(result);assertEquals(123,result.getId());verify(orderRepository,times(1)).save(any());}}// 集成测试示例SpringBootTestAutoConfigureMockMvcclassOrderControllerIntegrationTest{AutowiredprivateMockMvcmockMvc;AutowiredprivateObjectMapperobjectMapper;TestvoidtestCreateOrder_endpoint()throwsException{CreateOrderRequestrequestnewCreateOrderRequest();request.setUserId(user1);request.setSkuId(sku1);request.setQuantity(1);mockMvc.perform(post(/api/orders).contentType(MediaType.APPLICATION_JSON).content(objectMapper.writeValueAsString(request))).andExpect(status().isOk()).andExpect(jsonPath($.code).value(0)).andExpect(jsonPath($.data.orderId).exists());}}八、踩坑实录坑1流水线执行太慢每次构建要30分钟开发者等不起。解决优化构建缓存拆分为并行阶段。# 优化前30分钟# 优化后8分钟# 优化策略# 1. Maven依赖缓存cache:paths:-.m2/repository# 2. Docker层缓存docker build:script:-docker build--cache-from $PREV_IMAGE...# 3. 并行执行独立任务parallel:-stage:test-unit-stage:test-integration-stage:security-scan坑2环境不一致开发环境好好的测试环境就挂了。解决使用容器化环境Docker Compose启动完整测试环境。# docker-compose.test.ymlversion:3.8services:app:build:.depends_on:mysql:condition:service_healthyredis:condition:service_startedenvironment:SPRING_PROFILES_ACTIVE:testSPRING_DATASOURCE_URL:jdbc:mysql://mysql:3306/testSPRING_REDIS_HOST:redismysql:image:mysql:8.0environment:MYSQL_DATABASE:testMYSQL_ROOT_PASSWORD:testhealthcheck:test:[CMD,mysqladmin,ping,-h,localhost]interval:5stimeout:3sretries:10redis:image:redis:7-alpine坑3回滚不及时发布后发现问题手动回滚花了1小时。解决提前准备回滚脚本自动化回滚。# 回滚脚本#!/bin/bashDEPLOYMENT$1NAMESPACE${2:-production}# 获取当前版本CURRENT_IMAGE$(kubectl get deployment $DEPLOYMENT-n$NAMESPACE\-ojsonpath{.spec.template.spec.containers[0].image})# 获取历史版本PREVIOUS_IMAGE$(kubectl rollouthistorydeployment/$DEPLOYMENT-n$NAMESPACE\|grep-A1$CURRENT_IMAGE|tail-1|awk{print $2})# 回滚kubectl rollout undo deployment/$DEPLOYMENT-n$NAMESPACE# 验证kubectl rollout status deployment/$DEPLOYMENT-n$NAMESPACEecho已回滚到版本:$PREVIOUS_IMAGE九、总结DevOps让交付更高效流水线自动化代码提交→自动构建→自动测试→自动部署环境标准化开发、测试、生产环境一致快速反馈问题早发现早解决安全集成安全扫描成为流水线的一部分可追溯每次部署都有记录可快速回滚最佳实践流水线要快用缓存并行执行自动化一切减少人工操作回滚要快提前准备回滚方案监控要全能看到部署前后的变化文化要变开发者也要懂运维血的教训DevOps不仅是工具更是文化。如果团队不愿意改变习惯再好的工具也没用。推广DevOps要从培训开始让大家理解它的价值。思考题你的团队现在部署一次要多久有哪些环节可以自动化个人观点仅供参考
【架构实战】DevOps工程化:从需求到上线的完整闭环
发布时间:2026/5/24 10:15:38
一、我见过的最混乱的团队2018年我入职了一家创业公司。第一天leader让我部署一下某个服务。我问他文档在哪里他说“文档没写过但代码在Git上服务器密码我发你。”那天下午我经历了在20多台服务器上逐一登录部署用U盘拷贝更新包没看错真的是U盘凌晨3点回滚因为新版本有bug回滚后发现代码和数据库不一致那个项目10个人开发部署一次要3小时发布一次要全团队通宵。后来我接触了DevOps才知道原来部署可以这么简单。二、DevOps从概念到落地2.1 什么是DevOpsDevOps Development Operations 开发Dev和运维Ops的融合 核心理念 - 开发即运维开发者自己负责部署和运维 - 自动化一切构建、测试、部署全部自动化 - 持续改进快速迭代小步快跑 - 以业务价值为导向减少浪费提高交付效率2.2 DevOps的价值没有DevOps - 代码写完要等2周才能上线 - 部署靠手工出错率高 - 环境不一致在我电脑上是好的 - 问题定位靠猜测排查时间长 有DevOps - 代码提交后自动构建、自动测试、自动部署 - 部署时间从3小时缩短到5分钟 - 环境标准化所有人的环境都一样 - 问题可追溯快速定位三、CICD流水线设计3.1 流水线核心阶段# Jenkinsfile (Jenkins Pipeline)pipeline{agent any environment{REGISTRY registry.example.com APP_NAME order-service DOCKER_IMAGE ${REGISTRY}/${APP_NAME}:${BUILD_NUMBER}}stages{stage(Checkout){steps{checkout scm script{env.GIT_COMMIT_SHORT sh(script:git rev-parse --short HEAD,returnStdout:true).trim()}}}stage(Build){steps{sh mvn clean package-DskipTests if[!-f target/*.jar]; then echo 构建失败未找到JAR文件 exit 1 fi }}stage(Unit Tests){steps{sh mvn test}post{always{junit target/surefire-reports/*.xml}}}stage(Code Quality){steps{sh mvn sonar:sonar \-Dsonar.projectKey${APP_NAME}\-Dsonar.host.urlhttp://sonar:9000 \-Dsonar.login${SONAR_TOKEN}}}stage(Security Scan){steps{sh # OWASP依赖检查mvn org.owasp:dependency-check-maven:check }post{always{archiveArtifacts artifacts:target/dependency-check-report.html}}}stage(Build Docker Image){steps{sh docker build-t ${DOCKER_IMAGE}. docker tag ${DOCKER_IMAGE}${REGISTRY}/${APP_NAME}:${GIT_COMMIT_SHORT}docker push ${REGISTRY}/${APP_NAME}:${GIT_COMMIT_SHORT}}}stage(Deploy to Test){when{branch develop}steps{sh kubectl set image deployment/${APP_NAME}\ ${APP_NAME}${DOCKER_IMAGE}\-n test kubectl rollout status deployment/${APP_NAME}-n test }}stage(Deploy to Staging){when{branch main}steps{sh kubectl set image deployment/${APP_NAME}\ ${APP_NAME}${DOCKER_IMAGE}\-n staging kubectl rollout status deployment/${APP_NAME}-n staging input message:人工审批,ok:确认部署}}stage(Deploy to Production){when{tag *}steps{sh kubectl set image deployment/${APP_NAME}\ ${APP_NAME}${DOCKER_IMAGE}\-n production kubectl rollout status deployment/${APP_NAME}-n production }}}post{always{echo 清理工作...}success{echo 流水线执行成功 // 发送通知 dingtalk ✅ ${APP_NAME}构建成功\n版本:${DOCKER_IMAGE}}failure{echo 流水线执行失败 // 发送告警 dingtalk ❌ ${APP_NAME}构建失败\n版本:${DOCKER_IMAGE}\n日志:${env.BUILD_URL}}}}3.2 GitLab CI配置# .gitlab-ci.ymlstages:-build-test-security-package-deployvariables:DOCKER_DRIVER:overlay2MAVEN_OPTS:-Dmaven.repo.local.m2/repositorycache:paths:-.m2/repository-target/# 构建阶段build:stage:buildimage:maven:3.8-openjdk-11script:-mvn clean package-DskipTestsartifacts:paths:-target/*.jarexpire_in:1 hour# 单元测试test:stage:testimage:maven:3.8-openjdk-11script:-mvn test-mvn jacoco:reportcoverage:/Total.*?([0-9]{1,3})%/artifacts:reports:junit:target/surefire-reports/*.xmlcoverage_report:coverage_format:jacocopath:target/site/jacoco/jacoco.xml# 安全扫描security:stage:securityimage:aquasec/trivy:latestscript:-trivy image--exit-code 0--severity HIGH,CRITICAL $IMAGE_NAMEallow_failure:true# 允许失败不阻断流水线# Docker打包docker:stage:packageimage:docker:latestservices:-docker:dindscript:-docker login-u $CI_REGISTRY_USER-p $CI_REGISTRY_PASSWORD $CI_REGISTRY-docker build-t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .-docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHAonly:-develop-main# 开发环境部署deploy-test:stage:deployimage:bitnami/kubectl:latestscript:-kubectl config set-cluster k8s-test--server$K8S_TEST_SERVER-kubectl config set-credentials gitlab--token$K8S_TEST_TOKEN-kubectl config set-context gitlab-test--clusterk8s-test--usergitlab-kubectl config use-context gitlab-test-kubectl set image deployment/order-service order-service$CI_REGISTRY_IMAGE:$CI_COMMIT_SHAenvironment:name:testurl:https://test.example.comonly:-develop# 生产环境部署deploy-prod:stage:deployimage:bitnami/kubectl:latestscript:-kubectl config set-cluster k8s-prod--server$K8S_PROD_SERVER-kubectl config set-credentials gitlab--token$K8S_PROD_TOKEN-kubectl config set-context gitlab-prod--clusterk8s-prod--usergitlab-kubectl config use-context gitlab-prod-kubectl set image deployment/order-service order-service$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA-kubectl rollout status deployment/order-serviceenvironment:name:productionurl:https://prod.example.comwhen:manual# 手动触发only:-tags四、Docker镜像优化4.1 多阶段构建# Dockerfile (多阶段构建) # 阶段1构建 FROM maven:3.8-openjdk-11 AS builder WORKDIR /build # 复制依赖加速构建 COPY pom.xml . RUN mvn dependency:go-offline -B # 复制源码并构建 COPY src ./src RUN mvn clean package -DskipTests # 阶段2运行 FROM openjdk:11-jre-slim WORKDIR /app # 从构建阶段复制JAR COPY --frombuilder /build/target/*.jar app.jar # 添加健康检查 HEALTHCHECK --interval30s --timeout10s --start-period60s \ CMD wget --quiet --tries1 --spider http://localhost:8080/actuator/health || exit 1 # 创建非root用户 RUN addgroup -S appgroup adduser -S appuser -G appgroup USER appuser ENTRYPOINT [java, -Xms256m, -Xmx512m, -jar, app.jar]4.2 镜像大小对比# 普通镜像 vs 优化后镜像# openjdk:11 → 800MB# openjdk:11-jre → 400MB# openjdk:11-jre-slim → 200MB# amazoncorretto:11-alpine → 180MB# 优化策略# 1. 使用精简基础镜像# 2. 多阶段构建# 3. 减少层数# 4. .dockerignore排除不需要的文件# .dockerignore.git .gitignore *.md target/*.jar.original *.log .java-version .idea .vscode node_modules五、环境管理与配置5.1 多环境配置# config.yamlenvironments:dev:api_url:http://dev-api.example.comdb_host:dev-mysql.example.comredis_host:dev-redis.example.comlog_level:DEBUGreplicas:1test:api_url:http://test-api.example.comdb_host:test-mysql.example.comredis_host:test-redis.example.comlog_level:INFOreplicas:2staging:api_url:http://staging-api.example.comdb_host:staging-mysql.example.comredis_host:staging-redis.example.comlog_level:INFOreplicas:3production:api_url:http://api.example.comdb_host:prod-mysql.example.comredis_host:prod-redis.example.comlog_level:WARNreplicas:105.2 K8s环境隔离# namespace.yamlapiVersion:v1kind:Namespacemetadata:name:productionlabels:env:productionteam:backend---apiVersion:v1kind:Namespacemetadata:name:staginglabels:env:stagingteam:backend---# deployment.yamlapiVersion:apps/v1kind:Deploymentmetadata:name:order-servicenamespace:productionspec:replicas:5selector:matchLabels:app:order-servicetemplate:metadata:labels:app:order-serviceversion:v1spec:containers:-name:order-serviceimage:registry.example.com/order-service:latestports:-containerPort:8080env:-name:SPRING_PROFILES_ACTIVEvalue:productionresources:requests:memory:256Micpu:100mlimits:memory:512Micpu:500mreadinessProbe:httpGet:path:/actuator/health/readinessport:8080initialDelaySeconds:30periodSeconds:10livenessProbe:httpGet:path:/actuator/health/livenessport:8080initialDelaySeconds:60periodSeconds:15六、蓝绿部署与金丝雀发布6.1 蓝绿部署# 蓝绿部署示意图# 当前Blue版本处理所有流量# 发布Green版本部署完成后一次性切换流量# 1. 当前状态Blue版本处理100%流量kubectl get svc order-service# NAME TYPE CLUSTER-IP PORT(S) SELECTOR# order-service ClusterIP 10.0.1.100 8080 apporder-service,versionblue# 2. 部署Green版本kubectl apply-forder-service-green.yaml# Green版本已部署但流量还是Blue# 3. 切换流量蓝绿切换kubectl patchserviceorder-service\-p{spec:{selector:{version:green}}}# 4. 验证Green版本# 如果有问题快速回滚kubectl patchserviceorder-service\-p{spec:{selector:{version:blue}}}# 5. 确认无误后删除Blue版本kubectl delete deployment order-service-blue6.2 金丝雀发布# 金丝雀发布只让小部分用户使用新版本# 概念用一只金丝雀先试探新版本是否有问题apiVersion:v1kind:ConfigMapmetadata:name:nginx-confignamespace:productiondata:default.conf:|upstream order_backend { server order-service-blue:8080; }# 金丝雀10%流量到Green版本upstream order_backend_canary{server order-service-green:8080;}server{listen 80;# 路径匹配基于URLlocation /api/v1/{# 10%流量到金丝雀版本set $targetBackend order_backend; if ($request_uri ~ ^/test.*){set $targetBackend order_backend_canary;}proxy_pass http://$targetBackend;}}---# 基于权重的ServiceapiVersion:v1kind:Servicemetadata:name:order-service-canaryspec:selector:app:order-serviceversion:greenports:-port:80targetPort:80806.3 Argo Rollouts金丝雀更专业的方案# Rollout配置apiVersion:argoproj.io/v1alpha1kind:Rolloutmetadata:name:order-servicespec:replicas:10strategy:canary:steps:-setWeight:5# 先5%流量-pause:{duration:10m}# 暂停10分钟观察-setWeight:20# 20%-pause:{}# 手动确认-setWeight:50# 50%-pause:{duration:5m}-setWeight:100# 100%canaryMetadata:labels:role:canarystableMetadata:labels:role:stabletrafficRouting:nginx:stableIngress:order-stableadditionalIngressAnnotations:canary-by-header:X-Canaryanalysis:templates:-templateName:success-ratestartingStep:1args:-name:service-namevalue:order-service-canary七、测试自动化7.1 测试金字塔┌─────────────────────────────────┐ │ E2E Tests端到端测试 │ 少量、关键路径 │ 模拟真实用户操作覆盖核心流程 │ ├─────────────────────────────────┤ │ Integration Tests集成测试 │ 中等数量 │ 测试多个组件协作 │ ├─────────────────────────────────┤ │ Unit Tests单元测试 │ 大量、快速 │ 测试单个类/方法的正确性 │ └─────────────────────────────────┘ 建议比例单元测试70%集成测试20%E2E测试10%7.2 自动化测试配置// 单元测试示例classOrderServiceTest{MockprivateOrderRepositoryorderRepository;MockprivateInventoryClientinventoryClient;InjectMocksprivateOrderServiceorderService;TestvoidtestCreateOrder_success(){// givenOrderordernewOrder();order.setId(123);when(orderRepository.save(any())).thenReturn(order);when(inventoryClient.check(any(),anyInt())).thenReturn(Inventory.builder().available(true).build());// whenOrderresultorderService.createOrder(CreateOrderRequest.builder().userId(user1).skuId(sku1).quantity(1).build());// thenassertNotNull(result);assertEquals(123,result.getId());verify(orderRepository,times(1)).save(any());}}// 集成测试示例SpringBootTestAutoConfigureMockMvcclassOrderControllerIntegrationTest{AutowiredprivateMockMvcmockMvc;AutowiredprivateObjectMapperobjectMapper;TestvoidtestCreateOrder_endpoint()throwsException{CreateOrderRequestrequestnewCreateOrderRequest();request.setUserId(user1);request.setSkuId(sku1);request.setQuantity(1);mockMvc.perform(post(/api/orders).contentType(MediaType.APPLICATION_JSON).content(objectMapper.writeValueAsString(request))).andExpect(status().isOk()).andExpect(jsonPath($.code).value(0)).andExpect(jsonPath($.data.orderId).exists());}}八、踩坑实录坑1流水线执行太慢每次构建要30分钟开发者等不起。解决优化构建缓存拆分为并行阶段。# 优化前30分钟# 优化后8分钟# 优化策略# 1. Maven依赖缓存cache:paths:-.m2/repository# 2. Docker层缓存docker build:script:-docker build--cache-from $PREV_IMAGE...# 3. 并行执行独立任务parallel:-stage:test-unit-stage:test-integration-stage:security-scan坑2环境不一致开发环境好好的测试环境就挂了。解决使用容器化环境Docker Compose启动完整测试环境。# docker-compose.test.ymlversion:3.8services:app:build:.depends_on:mysql:condition:service_healthyredis:condition:service_startedenvironment:SPRING_PROFILES_ACTIVE:testSPRING_DATASOURCE_URL:jdbc:mysql://mysql:3306/testSPRING_REDIS_HOST:redismysql:image:mysql:8.0environment:MYSQL_DATABASE:testMYSQL_ROOT_PASSWORD:testhealthcheck:test:[CMD,mysqladmin,ping,-h,localhost]interval:5stimeout:3sretries:10redis:image:redis:7-alpine坑3回滚不及时发布后发现问题手动回滚花了1小时。解决提前准备回滚脚本自动化回滚。# 回滚脚本#!/bin/bashDEPLOYMENT$1NAMESPACE${2:-production}# 获取当前版本CURRENT_IMAGE$(kubectl get deployment $DEPLOYMENT-n$NAMESPACE\-ojsonpath{.spec.template.spec.containers[0].image})# 获取历史版本PREVIOUS_IMAGE$(kubectl rollouthistorydeployment/$DEPLOYMENT-n$NAMESPACE\|grep-A1$CURRENT_IMAGE|tail-1|awk{print $2})# 回滚kubectl rollout undo deployment/$DEPLOYMENT-n$NAMESPACE# 验证kubectl rollout status deployment/$DEPLOYMENT-n$NAMESPACEecho已回滚到版本:$PREVIOUS_IMAGE九、总结DevOps让交付更高效流水线自动化代码提交→自动构建→自动测试→自动部署环境标准化开发、测试、生产环境一致快速反馈问题早发现早解决安全集成安全扫描成为流水线的一部分可追溯每次部署都有记录可快速回滚最佳实践流水线要快用缓存并行执行自动化一切减少人工操作回滚要快提前准备回滚方案监控要全能看到部署前后的变化文化要变开发者也要懂运维血的教训DevOps不仅是工具更是文化。如果团队不愿意改变习惯再好的工具也没用。推广DevOps要从培训开始让大家理解它的价值。思考题你的团队现在部署一次要多久有哪些环节可以自动化个人观点仅供参考
:测试如何提前在代码提交阶段发现 Bug?)
)
