1. zadig简介
Zadig是KodeRover公司开源的一个CICD平台,支持K8s、Helm、云主机等方式部署, 无缝集成GitHub/GitLab、Jenkins、Harbor、多云等
核心能力:
- 高并发的工作流
- 以服务为核心的环境
- 无侵入的自动化测试
- 开发本地联调 CLI
核心功能:
- 项目:工作流、环境、服务、构建、测试、版本管理
- 测试中心:自动化测试管理
- 交付中心:版本管理、交付物追踪
- 数据视图:数据概览、效能洞察 - 构建效能、测试效能、部署效能
- 集成管理:GitHub/GitLab/Gerrit/CodeHub 集成、SSO/LDAP/AD 账号系统集成、Jenkins/Jira 集成、软件包管理、构建镜像管理
- 基础设施:镜像仓库、对象存储、Helm 仓库、集群管理、主机管理
- 系统配置:RBAC 权限、操作日志、公告管理
2. 业务架构
3. 系统架构
核心组件介绍
用户入口:
- zadig-portal:Zadig 前端组件
- kodespace:Zadig 开发者命令行工具
- Zadig Toolkit:vscode开发者插件
API 网关:
- Gloo Edge: Zadig的API网关组件
- OPA: 认证和授权组件
- Dex: Zadig的身份认证服务,用于连接其他第三方认证系统,比如AD/LDAP / OAuth2 / GitHub / ..
- User:用户管理,Token 生成
Zadig 核心业务:
- Picket:数据聚合服务
- Aslan:项目 / 环境 / 服务 / 工作流 / 构建配置 / 系统配置等系统功能
- Policy:OPA 数据源,策略注册中心
- Config:系统配置
- Workflow Runner:
- warpdrive:工作流引擎,负责 reaper、predator 实例的创建销毁等管理操作
- reaper:负责执行单个工作流作业中的构建、测试等任务
- predator:负责执行单个工作流作业中的镜像分发任务
- plugins:工作流插件
- Jenkins-plugin:用于触发 Jenkins job,显示状态和结果等
- Cron:定时任务,包括环境的回收,K8s 资源的清理等
- NSQ:消息队列(第三方组件)
数据平面:
- MongoDB:业务数据数据库
- MySQL:存储 dex 配置、用户信息的数据库
K8s 集群:
- Zadig 业务运行在各种云厂商的标准K8s集群
4. zadig代码结构
XIABINGYAO-MB2:zadig iceyao$ tree -L 2
.
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING-zh-CN.md
├── CONTRIBUTING.md
├── GOVERNANCE.md
├── LICENSE
├── Makefile
├── README-zh-CN.md
├── README.md
├── System-Architecture-Overview-zh-CN.md # 系统架构
├── System-Architecture-Overview.md
├── Zadig-Business-Architecture-zh.jpg # 业务架构
├── Zadig-Business-Architecture.jpg
├── Zadig-System-Architecture.svg
├── action.yml # github action元数据文件
├── cmd # 服务启动程序,大多服务都是独立的启动程序
│ ├── aslan
│ ├── config
│ ├── cron
│ ├── hub-agent
│ ├── hub-server
│ ├── init
│ ├── jenkins-plugin
│ ├── packager-plugin
│ ├── picket
│ ├── podexec
│ ├── policy
│ ├── predator-plugin
│ ├── reaper
│ ├── ua
│ ├── user
│ ├── warpdrive
│ └── zgctl
├── community # 社区开发指导文档
│ ├── dev
│ └── rfc
├── docker # Dockerfile文件
│ ├── base
│ └── service
├── examples # 一些demo示例
│ ├── jMeter-demo
│ ├── microservice-demo
│ ├── multi-service-demo
│ ├── nginx
│ ├── pytest-demo
│ ├── simple-service
│ ├── spring-boot-acme-financial
│ ├── spring-boot-demo
│ ├── spring-cloud-piggymetrics
│ ├── test-demo
│ ├── voting-app
│ ├── webhook
│ └── website
├── go.mod
├── go.sum
├── hack # 更新Copyright的脚本
│ ├── boilerplate.go.txt
│ └── update-copyright.sh
├── pkg # 核心库文件
│ ├── cli
│ ├── config
│ ├── handler
│ ├── microservice
│ ├── middleware
│ ├── setting
│ ├── shared
│ ├── tool
│ ├── types
│ └── util
├── resource-server-nginx.conf
├── ut.file
├── version # 版本文件
│ └── version.go
└── zadig-ci.yaml
5. 如何调试zadig代码
zadig使用gloo当作api网关进行路由分发,gloo是一个基于envoy的云原生网关实现,gloo提供很多crd定义,通过virtualservices 可以配置zadig路由分发
# kubectl -n zadig get virtualservices.gateway.solo.io zadig -o yaml
[root@devops ~]# kubectl -n zadig get virtualservices.gateway.solo.io zadig -o yaml
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
annotations:
meta.helm.sh/release-name: zadig
meta.helm.sh/release-namespace: zadig
creationTimestamp: "2022-06-21T06:06:55Z"
generation: 7
labels:
app.kubernetes.io/managed-by: Helm
name: zadig
namespace: zadig
resourceVersion: "4820737"
uid: f16efa4e-4c41-4d30-a0f1-7de860f8faef
spec:
virtualHost:
domains:
- '*'
options:
extauth:
customAuth: {}
routes:
- matchers:
- prefix: /dex
options:
timeout: 30s
routeAction:
single:
kube:
port: 5556
ref:
name: zadig-dex
namespace: zadig
- matchers:
- prefix: /api/v1/callback
- prefix: /api/v1/users
- prefix: /api/v1/login
- prefix: /api/v1/signup
- prefix: /api/v1/retrieve
- prefix: /api/v1/reset
routeAction:
single:
kube:
port: 80
ref:
name: user
namespace: zadig
- matchers:
- prefix: /api/v1/policy/permission
options:
autoHostRewrite: true
prefixRewrite: /api/v1/permission
routeAction:
single:
kube:
port: 80
ref:
name: policy
namespace: zadig
- matchers:
- prefix: /api/v1/picket
options:
prefixRewrite: /api/v1
routeAction:
single:
kube:
port: 80
ref:
name: picket
namespace: zadig
- matchers:
- prefix: /api/v1/roles
- prefix: /api/v1/preset-roles
- prefix: /api/v1/system-roles
- prefix: /api/v1/rolebindings
- prefix: /api/v1/userbindings
- prefix: /api/v1/system-rolebindings
- prefix: /api/v1/policy-definitions
- prefix: /api/v1/policies
routeAction:
single:
kube:
port: 80
ref:
name: policy
namespace: zadig
- matchers:
- prefix: /api/v1/connectors
- prefix: /api/v1/emails
- prefix: /api/v1/jira
- prefix: /api/v1/codehosts
- prefix: /public-api/v1
- prefix: /api/v1/features
routeAction:
single:
kube:
port: 80
ref:
name: config
namespace: zadig
- matchers:
- prefix: /api/hub
- prefix: /api/callback
routeAction:
single:
kube:
port: 25000
ref:
name: aslan
namespace: zadig
- matchers:
- prefix: /api/directory/codehosts/callback
options:
prefixRewrite: /api/v1/codehosts/callback
timeout: 30s
routeAction:
single:
kube:
port: 80
ref:
name: config
namespace: zadig
- matchers:
- prefix: /api/directory
options:
prefixRewrite: /public-api/v1
routeAction:
single:
kube:
port: 80
ref:
name: picket
namespace: zadig
- matchers:
- prefix: /api/aslan
options:
prefixRewrite: /api
timeout: 3600s
routeAction:
single:
kube:
port: 25000
ref:
name: aslan
namespace: zadig
- matchers:
- prefix: /api/podexec
options:
prefixRewrite: /api
routeAction:
single:
kube:
port: 27000
ref:
name: podexec
namespace: zadig
- matchers:
- prefix: /
routeAction:
single:
kube:
port: 80
ref:
name: zadig-portal
namespace: zadig
status:
statuses:
zadig:
reportedBy: gateway
state: 1
subresourceStatuses:
'*v1.Proxy.zadig.gateway-proxy':
reportedBy: gloo
state: 1
以为config模块为例,首先在本地启动config模块代码,配置参数参考zadig config deployment,通过
kubectl -n zadig get deployments.apps config -o yaml查看env环境变量配置。
根据环境依赖,这几个服务需要开启nodePort服务
[root@devops ~]# kubectl -n zadig get svc |grep NodePort
aslan NodePort 10.233.17.73 <none> 25000:25000/TCP 9d
gateway-proxy NodePort 10.233.55.73 <none> 80:30001/TCP,443:31954/TCP 9d
zadig-mongodb NodePort 10.233.2.202 <none> 27017:30682/TCP 9d
zadig-mysql NodePort 10.233.56.165 <none> 3306:31127/TCP 9d
本地config模块已启动
如何让zadig portal能够访问到本地的config服务?需要在gloo virtualservices把路由转发至config-debug服务(实际上转发至本地config)
1.本地config服务80端口映射到远端服务器上的9999端口
XIABINGYAO-MB2:koderover iceyao$ ssh -R 9999:localhost:80 root@172.16.80.95
root@172.16.80.95's password:
2.创建headless service config-debug,指向远端服务器上的9999端口
[root@devops ~]# cat zadig-config-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: config-debug
namespace: zadig
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
---
apiVersion: v1
kind: Endpoints
metadata:
name: config-debug
namespace: zadig
subsets:
- addresses:
- ip: 172.16.80.95
ports:
- port: 9999
3.修改zadig virtualservices,把config路由转发至config-debug服务
[root@devops ~]# kubectl -n zadig edit virtualservices.gateway.solo.io zadig
- matchers:
- prefix: /api/v1/connectors
- prefix: /api/v1/emails
- prefix: /api/v1/jira
- prefix: /api/v1/codehosts
- prefix: /public-api/v1
- prefix: /api/v1/features
routeAction:
single:
kube:
port: 80
ref:
name: config-debug # 修改处
namespace: zadig
- matchers:
- prefix: /api/directory/codehosts/callback
options:
prefixRewrite: /api/v1/codehosts/callback
timeout: 30s
routeAction:
single:
kube:
port: 80
ref:
name: config-debug # 修改处
namespace: zadig
4.浏览器点击系统设置->系统集成->账号系统集成,捕获断点
参考链接
「真诚赞赏,手留余香」
爱折腾的工程师真诚赞赏,手留余香
使用微信扫描二维码完成支付
