您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

适用于微服务的 DevTest 和 DevOps 解决方案

Azure
Boards
Azure DevOps
监视
管道
Repos
.NET
GitHub
Visual Studio

微服务体系结构设计应用程序作为松散耦合服务的集合。Microservice architectures design applications as collections of loosely coupled services. 在微服务体系结构中,服务是精细的,而协议是轻型的。In a microservices architecture, services are fine-grained and protocols are lightweight. 微服务提供了一些权益,如清晰地分离关注点和分离依赖关系。Microservices offer benefits such as clear separation of concerns and decoupling of dependencies.

与传统的单一应用程序相比,微服务在开发周期中引入了复杂性。Microservices introduce complexities in the development cycle compared to traditional monolithic applications. 传统上,开发发生在应用程序堆栈的本地副本或虚拟副本中,后者在本地配置和运行计算和存储组件。Traditionally, development occurs in a local or virtual replica of the application stack, which configures and runs compute and storage components locally in isolation. 在微服务模型中,开发人员需要根据现有的体系结构来测试其服务,及早捕获集成问题,以便在生成和部署时节省时间,并在应用程序的整个生命周期内保持集成的生成干净。In a microservice model, developers need to test their services against the existing architecture, catch integration issues early to save on build and deployment time, and keep integrated builds clean over the lifecycle of the application.

(开发测试) 的开发测试 是一种软件开发方法,它在开发阶段的初期集成测试,以加快开发速度。Development testing (DevTest) is a software development approach that integrates testing early in the development phase to speed development. DevOps 是一组实践,它们将软件开发和 IT 操作组合起来以缩短开发周期,并提供高质量的持续交付。DevOps is a set of practices that combine software development and IT operations to shorten the development cycle and provide high-quality continuous delivery. Kubernetes 是一个开源容器业务流程系统,用于自动执行应用程序部署。Kubernetes is an open-source container orchestration system for automating application deployments.

此解决方案体系结构对开发和部署环境进行建模,该环境使用开发测试中的 DevOps 来快速迭代开发 Azure Kubernetes 服务 (AKS) 微服务应用程序。This solution architecture models a development and deployment environment that uses DevOps in DevTest for rapid iterative development of an Azure Kubernetes Service (AKS) microservice application.

体系结构Architecture

显示微服务应用程序的开发测试和 DevOps 配置的关系图。

  1. 开发人员使用 带有 Kubernetes 的本地进程 在开发 Kubernetes 群集的上下文中运行其本地微服务版本。Developers use Local Process with Kubernetes to run their local microservice versions within the context of the development Kubernetes cluster. 在调试服务的同时连接到群集,可以在完整的应用程序上下文中快速进行测试和开发。Connecting to the cluster while debugging the service allows quick testing and development in the full application context.

  2. 每个微服务基本代码使用单独的 GitHub 代码存储库进行源代码管理。Each microservice codebase uses a separate GitHub code repository for source control.

  3. GitHub 操作 生成微服务容器映像并将其推送到 Azure 容器注册表GitHub Actions builds the microservice container images and pushes them to Azure Container Registries. GitHub 操作还会更新存储库的 最新 标记,以便 (CI) 或标记存储库进行发布。GitHub Actions also updates the latest tag of repositories for continuous integration (CI), or tags repositories for release.

  4. GitHub 操作自动测试为 Azure Boards生成工作项,从而使所有工作项可在同一位置进行管理。GitHub Actions automated testing generates work items for Azure Boards, making all work items manageable in one place.

  5. Visual Studio Code 扩展支持 Azure Boards 和 GitHub 集成。Visual Studio Code extensions support Azure Boards and GitHub integration. 将 Azure Boards 工作项与 GitHub 存储库将需求关联到代码,推动开发循环。Associating Azure Boards work items with GitHub repos ties requirements to code, driving the development loop forward.

  6. 合并到集成分支中的提交将触发 GitHub 操作 生成并推送 到开发测试容器注册表。Commits merged into the integration branch trigger GitHub Actions builds and Docker pushes to the DevTest container registries. 每个微服务在容器注册表中都有自己的存储库,并行 GitHub 存储库。Each microservice has its own repository in Container Registries, paralleling the GitHub repositories. CI 生成通常标记为 最新,表示最新的成功微服务生成。CI builds are usually tagged with latest, representing the most recent successful microservice builds.

  7. Azure Pipelines 运行 Kubernetes apply 命令,以触发将更新的容器注册表映像部署到开发测试 Kubernetes 群集。Azure Pipelines runs the Kubernetes apply command to trigger deployment of the updated Container Registry images to the DevTest Kubernetes clusters. Azure 可以对 AKS 进行身份验证,以运行无人参与的容器注册表请求,简化持续部署 (CD) 过程。Azure can authenticate AKS to run unattended Container Registry pulls, simplifying the continuous deployment (CD) process.

    Azure Pipelines 使用 Azure Key Vault 安全地使用密码,如发布和部署配置所需的凭据和连接字符串。Azure Pipelines uses Azure Key Vault to securely consume secrets like credentials and connection strings required for release and deployment configurations.

  8. 当某个版本的应用程序准备好进行质量保证时 (QA) 测试,Azure Pipelines 会触发 QA 版本。When a version of the application is ready for quality assurance (QA) testing, Azure Pipelines triggers a QA release. 管道用下一个增量版本标记所有相应的映像,更新 Kubernetes 清单以反映图像标记,并运行 apply 命令。The pipeline tags all appropriate images with the next incremental version, updates the Kubernetes manifest to reflect the image tags, and runs the apply command. 在此示例中,虽然开发人员可能以隔离的方式循环访问服务,但只有通过 CI/CD 集成的生成才会移到部署中。In this example, while a developer may be iterating on a service in isolation, only builds integrated via CI/CD are moved over to deployment.

  9. 在测试批准部署服务版本后,GitHub 操作会将发布从开发测试容器注册表升级到生产容器注册表。After testing has approved a version of the service for deployment, GitHub Actions promotes a release from the DevTest Container Registry to a Production Container Registry. GitHub 操作用适当的版本标记映像,并将其推送到生产容器注册表中(遵循 容器注册表的最佳做法)。GitHub Actions tags the images with the appropriate version and pushes them into the Production Container Registry, following container registry best practices.

  10. Azure Pipelines 创建生产版本。Azure Pipelines creates a release to Production. 该管道会施加批准入口和预阶段和后阶段条件,以保护生产环境免于疏忽或不正确的部署。The pipeline imposes approval gates and pre-stage and post-stage conditions to protect the Production environment from inadvertent or incorrect deployment.

应用程序将 Azure Cosmos DB 用于其全球分布式数据库层。The application uses Azure Cosmos DB for its globally distributed database tier.

所有服务和环境都报告要 Azure Monitor的指标。All services and environments report metrics to Azure Monitor.

在此解决方案中,单个 Azure Active Directory (Azure AD) 管理开发测试和生产订阅的标识。In this solution, a single Azure Active Directory (Azure AD) manages identity for both the DevTest and Production subscriptions. Azure RBAC) 的 azure 基于角色的访问控制可限制对受保护资源的访问,以防未经授权或无意修改生产资源。( ()Azure role-based access control (Azure RBAC) restricts access to protected resources, preventing unauthorized or inadvertent modification of Production resources. 开发人员在生产中的访问控制级别与开发测试沙盒中的不同。Developers don't have the same access control levels in Production as in their DevTest sandboxes.

组件Components

  • Azure 开发测试实验室 提供了实验室,其中包含创建环境所需的所有工具和软件。Azure DevTest Labs provides labs that have all the necessary tools and software to create environments. 开发人员无需等待批准即可有效地自行管理资源。Developers can efficiently self-manage resources without waiting for approvals. 借助开发测试实验室,团队可以控制每个实验室的成本和控制资源,授予开发人员权限,并灵活地在成本限制内操作其沙箱。With DevTest Labs, teams can control costs and regulate resources per lab, granting developers permission and flexibility to operate their sandboxes within cost constraints.

  • GitHub 是用于版本控制和协作的代码托管平台。GitHub is a code hosting platform for version control and collaboration. GitHub 源代码管理 存储库 包含所有项目文件及其修订历史记录。A GitHub source-control repository contains all project files and their revision history. 开发人员可协同工作,在存储库中参与、讨论和管理代码。Developers can work together to contribute, discuss, and manage code in the repository.

  • GitHub 操作 提供一套生成和发布工作流,涵盖 CI、自动测试和容器部署。GitHub Actions provides a suite of build and release workflows, covering CI, automated testing, and container deployments.

  • Azure Boards 是一种用于管理软件项目工作的服务。Azure Boards is a service for managing work for software projects. Azure Boards 提供了一组丰富的功能,包括对 Scrum 和看板方法、可自定义仪表板和集成报表的本机支持。Azure Boards brings a rich set of capabilities including native support for Scrum and Kanban methodologies, customizable dashboards, and integrated reporting.

  • Azure Pipelines 是一种功能完备的 CI/CD 服务,可以自动将更新的容器注册表映像部署到 Kubernetes 群集。Azure Pipelines is a fully featured CI/CD service that can automatically deploy updated Container Registry images to Kubernetes clusters.

  • Azure Key Vault 安全地存储和严格控制对机密(如 API 密钥、密码和证书)的访问。Azure Key Vault securely stores and tightly controls access to secrets like API keys, passwords, and certificates. 有关 DevOps 方案中 Key Vault 的详细信息,请参阅 GitHub 中的 DevSecOpsDevSecOpsFor more information about Key Vault in DevOps scenarios, see DevSecOps in Azure and DevSecOps in GitHub.

  • Azure 容器注册表 支持生成、存储和管理所有类型的容器部署的私有注册表中的容器映像和项目。Azure Container Registry supports building, storing, and managing container images and artifacts in private registries for all types of container deployments.

  • 使用Azure Kubernetes 服务,可以轻松地通过将大部分复杂性、责任和运营开销分担到 Azure 来部署托管 Kubernetes 群集。Azure Kubernetes Service makes it simple to deploy managed Kubernetes clusters by offloading much of the complexity, responsibility, and operational overhead to Azure.

  • Azure Active Directory (Azure AD) 企业标识平台提供单一登录和多重身份验证来控制用户访问。Azure Active Directory (Azure AD) enterprise identity platform provides single sign-on and multifactor authentication to govern user access. 单个 Azure AD 可以管理所有订阅环境的标识。A single Azure AD can manage identity for all environments across subscriptions. Azure RBAC) 的 azure 基于角色的访问控制可限制对受保护资源的访问,以防未经授权或无意修改生产资源。( ()Azure role-based access control (Azure RBAC) restricts access to protected resources, preventing unauthorized or inadvertent modification of production resources.

  • Azure Cosmos DB 是一种完全托管的、广泛分布式的数据库即服务,支持高可用性、多区域应用程序以及 SQL 和 NoSQL api。Azure Cosmos DB is a fully managed, widely distributed database-as-a-service that supports high availability, multi-region applications, and both SQL and NoSQL APIs. Azure Cosmos DB 包括与 Azure DevOps 集成的本地 Cosmos DB 模拟器等开发测试功能,以及用于在开发测试沙盒中管理成本的低成本层。Azure Cosmos DB includes DevTest features like a local Cosmos DB emulator that integrates with Azure DevOps, and low-cost tiers for managing costs in DevTest sandboxes.

  • Azure Monitor 可以监视生产环境和开发测试环境。Azure Monitor can monitor both Production and DevTest environments. Azure Monitor 从 VM 操作系统和崩溃转储文件收集日志数据,并将它们聚合起来以便在 Azure 安全中心查看。Azure Monitor collects log data from VM operating systems and crash dump files, and aggregates them for viewing in Azure Security Center.

备选项Alternatives

  • Azure Repos 是 GitHub 用于托管 Git 存储库的替代方法。Azure Repos is an alternative to GitHub for Git repository hosting. 使用 Azure Repos、Azure Boards 和 Azure Pipelines,所有 Azure DevOps Services 都使用相同的门户和用户界面,以便整合 DevOps 活动所需的服务开发人员。With Azure Repos, Azure Boards, and Azure Pipelines, all Azure DevOps Services use the same portal and user interface, consolidating the services developers need for DevOps activities.

  • 某些可在 Azure Pipelines 中使用的集成(例如,直接连接到 Azure 主干的服务连接或身份验证)当前不存在于 GitHub 操作中。Some integrations available in Azure Pipelines, such as service connection or authentication directly into the Azure backbone, don't currently exist in GitHub Actions. 为满足这些需求,请考虑使用 Azure Pipelines 而不是 GitHub 操作来执行 CI 和生成活动。For these needs, consider using Azure Pipelines instead of GitHub Actions for CI and build activities.

  • 在广泛的分布式系统中,将微服务分隔到各个存储库有一些好处。In a widely distributed system, there are benefits to separating microservices into individual repositories. 区分所有权和权限更简单,使用不同语言的项目比使用单个存储库更容易维护。Separation of ownership and permission is simpler, and projects in different languages are easier to maintain than with a single repository. 但是,在使用相同语言或运行时的微服务的解决方案中,为项目保留一个 Git 存储库可能会更容易。However, in solutions with fewer microservices all in the same language or runtime, maintaining a single Git repository for the project may be easier.

后续步骤Next steps