淘客返利系统的CI/CD流水线搭建:Docker镜像构建与K8s部署实践
大家好,我是 微赚淘客系统3.0 的研发者省赚客!
在微赚淘客系统3.0的演进过程中,为提升交付效率与系统稳定性,我们基于 GitLab CI + Harbor + Kubernetes 构建了完整的 CI/CD 流水线。从代码提交到生产环境部署,全程自动化,确保每次发布可追溯、可回滚、高可靠。
一、项目结构与Dockerfile设计
系统采用 Spring Boot 构建,主模块位于 juwatech.cn.rebate 包下。项目根目录包含标准 Dockerfile:
dockerfile
# 使用官方 OpenJDK 17 镜像
FROM openjdk:17-jdk-slim
# 设置工作目录
WORKDIR /app
# 复制 JAR 文件
COPY target/rebate-system-3.0.jar rebate-system.jar
# 暴露端口
EXPOSE 8080
# 启动应用
ENTRYPOINT ["java", "-jar", "rebate-system.jar"]Maven 打包配置确保生成可执行 JAR:
xml
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<mainClass>juwatech.cn.rebate.RebateApplication</mainClass>
</configuration>
</plugin>
</plugins>
</build>二、GitLab CI 流水线定义
.gitlab-ci.yml 定义四阶段流水线:build → test → build-image → deploy:
yaml
stages:
- build
- test
- build-image
- deploy
variables:
DOCKER_IMAGE: harbor.juwatech.cn/rebate/rebate-system:${CI_COMMIT_SHORT_SHA}
K8S_NAMESPACE: rebate-prod
# 构建阶段
build:
stage: build
image: maven:3.8-openjdk-17
script:
- mvn clean package -DskipTests
artifacts:
paths:
- target/*.jar
# 单元测试
test:
stage: test
image: maven:3.8-openjdk-17
script:
- mvn test
coverage: '/Total.*?([0-9]{1,3})%/'
# 构建并推送镜像
build-image:
stage: build-image
image: docker:20.10
services:
- docker:20.10-dind
before_script:
- echo "$HARBOR_PASSWORD" | docker login harbor.juwatech.cn -u "$HARBOR_USER" --password-stdin
script:
- docker build -t $DOCKER_IMAGE .
- docker push $DOCKER_IMAGE
only:
- main
# 生产部署
deploy-prod:
stage: deploy
image: bitnami/kubectl:latest
script:
- sed "s|{{IMAGE}}|$DOCKER_IMAGE|g" k8s/deployment.yaml | kubectl apply -f -
- kubectl rollout status deployment/rebate-deployment -n $K8S_NAMESPACE --timeout=300s
environment:
name: production
only:
- main三、Kubernetes 部署清单
k8s/deployment.yaml 模板使用占位符 {``{IMAGE}} 供 CI 替换:
yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: rebate-deployment
namespace: rebate-prod
spec:
replicas: 3
selector:
matchLabels:
app: rebate-system
template:
metadata:
labels:
app: rebate-system
spec:
containers:
- name: rebate-app
image: {{IMAGE}}
ports:
- containerPort: 8080
env:
- name: SPRING_PROFILES_ACTIVE
value: "prod"
- name: DB_HOST
valueFrom:
secretKeyRef:
name: rebate-db-secret
key: host
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1Gi"
cpu: "500m"
livenessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 10
periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: rebate-service
namespace: rebate-prod
spec:
selector:
app: rebate-system
ports:
- protocol: TCP
port: 80
targetPort: 8080数据库凭证通过 Secret 管理:
bash
kubectl create secret generic rebate-db-secret \
--from-literal=host=db.juwatech.cn \
--from-literal=username=rebate_user \
--from-literal=password='S3cr3tP@ss!' \
-n rebate-prod四、Java 应用启动类示例
主启动类位于指定包路径,确保与 Dockerfile 一致:
java
package juwatech.cn.rebate;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class RebateApplication {
public static void main(String[] args) {
SpringApplication.run(RebateApplication.class, args);
}
}五、回滚与版本追踪
每次部署均基于 Git Commit ID 构建唯一镜像标签,支持快速回滚:
bash
# 查看历史 ReplicaSet
kubectl get rs -n rebate-prod
# 回滚至上一版本
kubectl rollout undo deployment/rebate-deployment -n rebate-prod同时,Prometheus + Grafana 监控 Pod 状态、CPU、内存及 HTTP 错误率,确保部署质量。
本文著作权归 微赚淘客系统3.0 研发团队,转载请注明出处!