教學課程:使用藍/綠部署模式來部署至 Azure Kubernetes Service (AKS)Tutorial: Deploy to Azure Kubernetes Service (AKS) using the blue/green deployment pattern

Azure Kubernetes Service (AKS) 可管理裝載 Kubernetes 的環境,以便快速、輕鬆地部署及管理容器化應用程式。Azure Kubernetes Service (AKS) manages your hosted Kubernetes environment, making it quick and easy to deploy and manage containerized applications. 您不需具備容器協調流程專業知識。You don't need expertise in container orchestration. AKS 也可透過佈建、升級與依需求調整資源,消除進行中作業及維護之間的界線。AKS also eliminates the burden of ongoing operations and maintenance, by provisioning, upgrading, and scaling resources on demand. 您不需要讓應用程式離線。You don't need to take your applications offline. 如需有關 AKS 的詳細資訊,請參閱 AKS 文件For more information about AKS, see the AKS documentation.

藍/綠部署是 Azure DevOps 的持續傳遞模式,此模式仰賴在部署新版本 (綠色) 時,仍讓現有版本 (藍色) 持續運作的方式。Blue/green deployment is an Azure DevOps Continuous Delivery pattern that relies on keeping an existing (blue) version live, while a new (green) one is deployed. 一般而言,此模式會運用負載平衡將增加的流量導向綠色部署。Typically, this pattern employs load balancing to direct increasing amounts of traffic to the green deployment. 當監視功能發現事件時,流量就會路由到仍在執行中的藍色部署。If monitoring discovers an incident, traffic can be rerouted to the blue deployment, which is still running. 如需有關持續傳遞的詳細資訊,請參閱什麼是持續傳遞For more information about Continuous Delivery, see What is Continuous Delivery.

在本教學課程中,您會了解如何執行下列工作:In this tutorial, you learn how to perform the following tasks:

  • 了解藍/綠部署模式Learn about the blue/green deployment pattern
  • 建立受控 Kubernetes 叢集Create a managed Kubernetes cluster
  • 執行指令碼範例來設定 Kubernetes 叢集Run a sample script to configure a Kubernetes cluster
  • 手動設定 Kubernetes 叢集Manually configure a Kubernetes cluster
  • 建立及執行 Jenkins 作業Create and run a Jenkins job

PrerequisitesPrerequisites

  • GitHub 帳戶:您需要 GitHub 帳戶來複製範例存放庫。GitHub account : You need a GitHub account to clone the sample repo.
  • Azure CLI 2.0:您可使用 Azure CLI 2.0 來建立 Kubernetes 叢集。Azure CLI 2.0 : You use the Azure CLI 2.0 to create the Kubernetes cluster.
  • Chocolatey:用來安裝 kubectl 的套件管理員。Chocolatey: A package manager you use to install kubectl.
  • kubectl:用來對 Kubernetes 叢集執行命令的命令列介面。kubectl: A command-line interface you use for running commands against Kubernetes clusters.
  • jq:輕量級的命令列 JSON 處理器。jq: A lightweight, command-line JSON processor.

從 GitHub 複製範例應用程式Clone the sample app from GitHub

在 GitHub 中的 Microsoft 存放庫上,您可以找到一個範例應用程式,說明如何使用 Jenkins 和藍/綠模式來部署到 AKS。On the Microsoft repo in GitHub, you can find a sample app that illustrates how to deploy to AKS by using Jenkins and the blue/green pattern. 在本節中,您會在您的 GitHub 中建立該存放庫的分支,並將應用程式複製到本機系統。In this section, you create a fork of that repo in your GitHub, and clone the app to your local system.

  1. 瀏覽至 GitHub 存放庫以找出 todo-app-java-on-azure 範例應用程式。Browse to the GitHub repo for the todo-app-java-on-azure sample app.

    Microsoft GitHub 存放庫上範例應用程式的螢幕擷取畫面

  2. 若要建立此存放庫的分支,請選取頁面右上角的 [派生] ,並遵循指示來將存放庫派生至您的 GitHub 帳戶中。Fork the repo by selecting Fork in the upper right of the page, and follow the instructions to fork the repo in your GitHub account.

    可分支處理的 GitHub 選項螢幕擷取畫面

  3. 建立好存放庫的分支後,您會看到帳戶名稱已變更為您的帳戶名稱,並有標示此存放庫從何處派生的附註 (Microsoft)。After you fork the repo, you see that the account name changes to your account name, and a note indicates from where the repo was forked (Microsoft).

    GitHub 帳戶名稱和附註的螢幕擷取畫面

  4. 選取 [複製或下載] 。Select Clone or download.

    可複製或下載存放庫的 GitHub 選項螢幕擷取畫面

  5. 在 [使用 HTTPS 複製] 視窗中,選取複製圖示。In the Clone with HTTPS window, select the copy icon.

    可將複製 URL 複製到剪貼簿的 GitHub 選項螢幕擷取畫面

  6. 開啟終端機或 Git Bash 視窗。Open a terminal or Git Bash window.

  7. 將目錄變更為您想要用來儲存存放庫本機複本 (複製項目) 的位置。Change directories to the desired location where you want to store the local copy (clone) of the repo.

  8. 使用 git clone 命令來複製先前的 URL 副本。Using the git clone command, clone the URL you copied previously.

    Git Bash git 複製命令的螢幕擷取畫面

  9. 按 Enter 鍵以啟動複製程序。Press the Enter key to start the clone process.

    Git Bash git 複製命令結果的螢幕擷取畫面

  10. 將目錄變更為新建立的目錄,其中包含應用程式來源的複本。Change directories to the newly created directory that contains the clone of the app source.

建立和設定受控 Kubernetes 叢集Create and configure a managed Kubernetes cluster

在本節中,您將執行下列步驟:In this section, you perform the following steps:

  • 使用 Azure CLI 2.0 建立受控 Kubernetes 叢集。Use the Azure CLI 2.0 to create a managed Kubernetes cluster.
  • 了解如何使用安裝指令碼或手動設定叢集。Learn how to set up a cluster, either by using the setup script or manually.
  • 建立 Azure Container Registry 服務的執行個體。Create an instance of the Azure Container Registry service.

使用 Azure CLI 2.0 建立受控 Kubernetes 叢集Use the Azure CLI 2.0 to create a managed Kubernetes cluster

若要使用 Azure CLI 2.0 建立受控 Kubernetes 叢集,請確定您是使用 Azure CLI 2.0.25 版或更新版本。In order to create a managed Kubernetes cluster with the Azure CLI 2.0, ensure that you are using the Azure CLI version 2.0.25 or later.

  1. 登入您的 Azure 帳戶。Sign in to your Azure account. 輸入下列命令後,您會收到說明如何完成登入的指示。After you enter the following command, you receive instructions that explain how to complete the sign-in.

    az login
    
  2. 當您在上一個步驟中執行 az login 時,包含您所有 Azure 訂用帳戶的清單會隨即出現 (連同它們的訂用帳戶識別碼)。When you run the az login command in the previous step, a list of all your Azure subscriptions appears (along with their subscription IDs). 在此步驟中,您可以設定預設 Azure 訂用帳戶。In this step, you set the default Azure subscription. 以所需的 Azure 訂用帳戶識別碼取代 <your-subscription-id> 預留位置。Replace the <your-subscription-id> placeholder with the desired Azure subscription ID.

    az account set -s <your-subscription-id>
    
  3. 建立資源群組。Create a resource group. 以新資源群組的名稱取代 <your-resource-group-name> 預留位置,並以您的位置取代 <your-location> 預留位置。Replace the <your-resource-group-name> placeholder with the name of your new resource group, and replace the <your-location> placeholder with the location. az account list-locations 命令會顯示所有 Azure 位置。The command az account list-locations displays all Azure locations. 在 AKS 還是預覽版的期間,並非所有位置都可使用。During the AKS preview, not all locations are available. 如果您目前輸入的位置無效,則錯誤訊息會列出可用的位置。If you enter a location that is not valid at this time, the error message lists the available locations.

    az group create -n <your-resource-group-name> -l <your-location>
    
  4. 建立 Kubernetes 叢集。Create the Kubernetes cluster. 以上一個步驟中建立的資源群組名稱取代 <your-resource-group-name>,並以新叢集的名稱取代 <your-kubernetes-cluster-name>。Replace the <your-resource-group-name> with the name of the resource group created in the previous step, and replace the <your-kubernetes-cluster-name> with the name of your new cluster. (此程序可能需要數分鐘的時間才能完成。)(This process can take several minutes to complete.)

    az aks create -g <your-resource-group-name> -n <your-kubernetes-cluster-name> --generate-ssh-keys --node-count 2
    

設定 Kubernetes 叢集Set up the Kubernetes cluster

您可以在 AKS 中手動設定藍/綠部署,或者使用稍早所複製範例中提供的安裝指令碼。You can set up a blue/green deployment in AKS manually, or with a setup script provided in the sample cloned earlier. 在本節中,您將了解如何使用這兩個方式。In this section, you see how to do both.

透過安裝指令碼範例設定 Kubernetes 叢集Set up the Kubernetes cluster via the sample setup script

  1. 編輯 deploy/aks/setup/setup.sh 檔案,以適用您環境的值取代下列預留位置:Edit the deploy/aks/setup/setup.sh file, replacing the following placeholders with the appropriate values for your environment:

    • <your-resource-group-name><your-resource-group-name>

    • <your-kubernetes-cluster-name><your-kubernetes-cluster-name>

    • <your-location><your-location>

    • <your-dns-name-suffix><your-dns-name-suffix>

      bash 中已醒目提示數個預留位置的 setup.sh 指令碼螢幕擷取畫面

  2. 執行安裝指令碼。Run the setup script.

    sh setup.sh
    

手動設定 Kubernetes 叢集Set up a Kubernetes cluster manually

  1. 將 Kubernetes 組態下載到您的設定檔資料夾。Download the Kubernetes configuration to your profile folder.

    az aks get-credentials -g <your-resource-group-name> -n <your-kubernetes-cluster-name> --admin
    
  2. 將目錄變更為 deploy/aks/setup 目錄。Change the directory to the deploy/aks/setup directory.

  3. 執行下列 kubectl 命令,為公用端點和兩個測試端點設定服務。Run the following kubectl commands to set up the services for the public endpoint, and the two test endpoints.

    kubectl apply -f  service-green.yml
    kubectl apply -f  test-endpoint-blue.yml
    kubectl apply -f  test-endpoint-green.yml
    
  4. 更新公用和測試端點的 DNS 名稱。Update the DNS name for the public and test endpoints. 當您建立 Kubernetes 叢集時,您也會建立額外的資源群組,其命名模式為 MC_<your-resource-group-name> <your-kubernetes-cluster-name> <your-location>When you create a Kubernetes cluster, you also create an additional resource group, with the naming pattern of MC_<your-resource-group-name><your-kubernetes-cluster-name><your-location>.

    找出資源群組中的公用 IP。Locate the public IPs in the resource group.

    資源群組中公用 IP 的螢幕擷取畫面

    執行下列命令可找出每個服務的外部 IP 位址︰For each of the services, find the external IP address by running the following command:

    kubectl get service todoapp-service
    

    使用下列命令更新對應 IP 位址的 DNS 名稱:Update the DNS name for the corresponding IP address with the following command:

    az network public-ip update --dns-name aks-todoapp --ids /subscriptions/<your-subscription-id>/resourceGroups/MC_<resourcegroup>_<aks>_<location>/providers/Microsoft.Network/publicIPAddresses/kubernetes-<ip-address>
    

    重複 todoapp-test-bluetodoapp-test-green 的呼叫:Repeat the call for todoapp-test-blue and todoapp-test-green:

    az network public-ip update --dns-name todoapp-blue --ids /subscriptions/<your-subscription-id>/resourceGroups/MC_<resourcegroup>_<aks>_<location>/providers/Microsoft.Network/publicIPAddresses/kubernetes-<ip-address>
    
    az network public-ip update --dns-name todoapp-green --ids /subscriptions/<your-subscription-id>/resourceGroups/MC_<resourcegroup>_<aks>_<location>/providers/Microsoft.Network/publicIPAddresses/kubernetes-<ip-address>
    

    訂用帳戶中的 DNS 名稱必須是唯一的。The DNS name needs to be unique in your subscription. 若要確保唯一性,您可以使用 <your-dns-name-suffix>To ensure the uniqueness, you can use <your-dns-name-suffix>.

建立 Container Registry 的執行個體Create an instance of Container Registry

  1. 執行 az acr create 命令以建立 Container Registry 的執行個體。Run the az acr create command to create an instance of Container Registry. 在下一節中,您可以接著使用 login server 作為 Docker 登錄 URL。In the next section, you can then use login server as the Docker registry URL.

    az acr create -n <your-registry-name> -g <your-resource-group-name>
    
  2. 執行 az acr credential 命令可顯示您的 Container Registry 認證。Run the az acr credential command to show your Container Registry credentials. 請記下 Docker 登錄使用者名稱和密碼,因為您會在下一節中用到。Note the Docker registry username and password, as you need them in the next section.

    az acr credential show -n <your-registry-name>
    

準備 Jenkins 伺服器Prepare the Jenkins server

在本節中,您會了解如何準備 Jenkins 伺服器來執行適合測試的組建。In this section, you see how to prepare the Jenkins server to run a build, which is fine for testing. 不過,您應該使用 Azure VM 代理程式Azure 容器代理程式,加速 Azure 中的代理程式執行您的組建。However, you should use an Azure VM agent or Azure Container agent to spin up an agent in Azure to run your builds. 如需詳細資訊,請參閱有關在主要節點上建置的安全性含意的 Jenkins 文章。For more information, see the Jenkins article on the security implications of building on master.

  1. 在 Azure 上部署 Jenkins 主要伺服器Deploy a Jenkins Master on Azure.

  2. 透過 SSH 連線到伺服器,並在執行您組建的伺服器上安裝組建工具。Connect to the server via SSH, and install the build tools on the server where you run your build.

    sudo apt-get install git maven 
    
  3. 安裝 DockerInstall Docker. 確定使用者 jenkins 有權執行 docker 命令。Ensure that the user jenkins has permission to run the docker commands.

  4. 安裝 kubectlInstall kubectl.

  5. 下載 jqDownload jq.

  6. 使用下列命令安裝 jq:Install jq with the following command:

    sudo apt-get install jq
    
  7. 在 Jenkins 儀表板中執行下列步驟,即可在 Jenkins 中安裝外掛程式:Install the plugins in Jenkins by performing the following steps within the Jenkins dashboard:

    1. 選取 [管理 Jenkins] > [管理外掛程式] > [可用項目] 。Select Manage Jenkins > Manage Plugins > Available.
    2. 搜尋和安裝 Azure Container Service 外掛程式。Search for and install the Azure Container Service plug-in.
  8. 新增認證以在 Azure 中管理資源。Add credentials to manage resources in Azure. 如果您還沒有此外掛程式,請安裝 Azure 認證外掛程式。If you don’t already have the plug-in, install the Azure Credential plug-in.

  9. 將您的 Azure 服務主體認證新增為 Microsoft Azure 服務主體類型。Add your Azure Service Principal credential as the type Microsoft Azure Service Principal.

  10. 新增您的 Azure Docker Registry 使用者名稱和密碼 (已在「建立 Container Registry 的執行個體」一節中取得) 作為 [使用者名稱與密碼] 類型。Add your Azure Docker registry username and password (as obtained in the section, "Create an instance of Container Registry") as the type Username with password.

編輯 JenkinsfileEdit the Jenkinsfile

  1. 在您自己的存放庫中,移至 /deploy/aks/ 並開啟 JenkinsfileIn your own repo, go to /deploy/aks/, and open Jenkinsfile.

  2. 請更新檔案為下列內容:Update the file as follows:

    def servicePrincipalId = '<your-service-principal>'
    def resourceGroup = '<your-resource-group-name>'
    def aks = '<your-kubernetes-cluster-name>'
    
    def cosmosResourceGroup = '<your-cosmodb-resource-group>'
    def cosmosDbName = '<your-cosmodb-name>'
    def dbName = '<your-dbname>'
    
    def dockerRegistry = '<your-acr-name>.azurecr.io'
    

    更新容器登錄認證識別碼:Update the Container Registry credential ID:

    def dockerCredentialId = '<your-acr-credential-id>'
    

建立工作Create the job

  1. 管線類型中新增作業。Add a new job in type Pipeline.

  2. 選取 [管線] > [定義] > [來自 SCM 的管線指令碼] 。Select Pipeline > Definition > Pipeline script from SCM.

  3. 輸入您的 <your-forked-repo> 作為 SCM 存放庫 URL。Enter the SCM repo URL with your <your-forked-repo>.

  4. 輸入指令碼路徑 deploy/aks/JenkinsfileEnter the script path as deploy/aks/Jenkinsfile.

執行作業Run the job

  1. 請確認您可以在本機環境中成功執行專案。Verify that you can run your project successfully in your local environment. 方法:在本機電腦上執行專案Here's how: Run project on local machine.

  2. 執行 Jenkins 作業。Run the Jenkins job. 第一次執行作業時,Jenkins 會將 Todo 應用程式部署到藍色環境,也就是預設非使用中環境。The first time you run the job, Jenkins deploys the todo app to the blue environment, which is the default inactive environment.

  3. 若要確認作業是否已執行,請移到下列 URL:To verify that the job ran, go to these URLs:

    • 公用端點:http://aks-todoapp<your-dns-name-suffix>.<your-location>.cloudapp.azure.comPublic end point: http://aks-todoapp<your-dns-name-suffix>.<your-location>.cloudapp.azure.com
    • 藍色端點 - http://aks-todoapp-blue<your-dns-name-suffix>.<your-location>.cloudapp.azure.comBlue end point - http://aks-todoapp-blue<your-dns-name-suffix>.<your-location>.cloudapp.azure.com
    • 綠色端點 - http://aks-todoapp-green<your-dns-name-suffix>.<your-location>.cloudapp.azure.comGreen end point - http://aks-todoapp-green<your-dns-name-suffix>.<your-location>.cloudapp.azure.com

當綠色端點顯示預設的 Tomcat 影像時,公用和藍色測試端點會有相同的更新。The public and the blue test end points have the same update, while the green end point shows the default tomcat image.

如果您會多次執行組建,則該組建會在藍色與綠色部署中循環。If you run the build more than once, it cycles through blue and green deployments. 換句話說,如果目前的環境是藍色,作業會部署到綠色環境並加以測試。In other words, if the current environment is blue, the job deploys and tests to the green environment. 然後,如果測試狀況良好,則作業會更新應用程式公用端點,以將流量路由傳送至綠色環境。Then, if tests are good, the job updates the application public endpoint to route traffic to the green environment.

其他資訊Additional information

如需零停機部署的詳細資訊,請參閱此快速入門範本For more on zero-downtime deployment, see this quickstart template.

清除資源Clean up resources

當您不再需要您在本教學課程中建立的資源時,您可加以刪除。When you no longer need the resources you created in this tutorial, you can delete them.

az group delete -y --no-wait -n <your-resource-group-name>

疑難排解Troubleshooting

如果您遇到任何有關 Jenkins 外掛程式的錯誤,請在 Jenkins JIRA 的特定元件中提交問題。If you encounter any bugs with the Jenkins plugins, file an issue in the Jenkins JIRA for the specific component.

後續步驟Next steps

在此教學課程中,您已了解如何使用 Jenkins 和藍/綠部署模式來部署到 AKS。In this tutorial, you learned how to deploy to AKS by using Jenkins and the blue/green deployment pattern. 若要深入了解 Azure Jenkins 提供者,請參閱 Azure 網站上的 Jenkins。To learn more about the Azure Jenkins provider, see the Jenkins on Azure site.