CI / CD process implementation and environment deployment (Theory)


Kunetes supports multiple running environments:DockercontainerdCRI-OAnd any implementationKubernetes CRI (container running environment interface)
Kubernetes officially announced that it would give up its support for docker from v1.20. At present, the docker support function in kubelet has been deprecated and will be deleted in later versions. Gradually transfer to containerd. However, this article is still based on docker to kubernetes~

1、 Docker

Docker Engine

Docker engine is an open source containerization technology used to build and containerize your applications. It is a C / S architecture application, which mainly includes the following components:
① Resident daemon dockerd
② A rest API server used to interact with the daemon dockerd
③ Command line interface (CLI) client (docker command we often use)

CI / CD process implementation and environment deployment (Theory)

docker engine.png
Docker architecture

Docker uses a client server architecture. The docker client talks to the docker daemon, which is responsible for the heavy work of building, running and distributing docker containers. The docker client and the daemon can run on the same system, or you can connect the docker client to the remote docker daemon. Docker clients and daemons communicate using rest APIs, UNIX sockets, or network interfaces. Another docker client is docker compose, which allows you to use an application composed of a set of containers.

CI / CD process implementation and environment deployment (Theory)

Docker architecture png


Install Docker Engine on Ubuntu

2、 Kubernetes

brief introduction

Kubernetes is Google’s Borg based open source container orchestration system. Its goal is to manage containers across multiple hosts for automatic deployment, expansion and management of containerized applications. The main implementation language is go language.


When you deploy kubernetes, you have a complete cluster. A kubernetes cluster consists of a group of machines called nodes:

  • Master is responsible for managing the cluster and coordinating all activities in the cluster, such as scheduling applications, maintaining the required state of applications, expanding applications and rolling updates
  • Nodes are working machines in kubernetes cluster, which can be physical machines or virtual machines. Each work node has a kubelet, which is the agent that manages the node and communicates with k8s master node. Run the containerized application managed by kubernetes on these nodes.
  • The cluster has at least one work node.

    CI / CD process implementation and environment deployment (Theory)

    k8s cluster.png


Pod is the smallest deployable cell that can be created and managed in kubernetes.
A pod is a collection of closely related containers that share storage, networks, and declarations of how to run these containers. You don’t even need to create pod instances directly. Instead, you will use workload resources such as deployment or job to create a pod. If the pod needs to track the status, you can consider the statefulset resource.

CI / CD process implementation and environment deployment (Theory)



Label is a label that identifies the kubernetes object and is attached to the object in the form of key / value. Label does not provide uniqueness, and in fact, many objects (such as pods) often use the same label to mark specific applications. After the label is defined, other objects can use the label selector to select a group of objects with the same label (for example, service uses label to select a group of POD). Label selector supports the following methods:

  • Equations, such as app = nginx and env= production
  • Set, such as env in (production, QA)
  • Multiple labels (and relationship between them), such as app = nginx, env = Test


Kubernetes supports multiple virtual clusters, which depend on the same physical cluster at the bottom. These virtual clusters are called namespaces. A namespace is an abstract collection of a set of resources and objects.
The namespace resource itself and the underlying resources (node and persistent volume PV) do not belong to any namespace.


A deployment provides declarative update capabilities for pods and replicatsets. Deployment ensures that a specified number of pod “copies” are running at any time. Deployment also supports rollback and rolling upgrade.
When creating a deployment, you need to specify two things:

  • Pod template: a template used to create a copy of the pod
  • Label label: the label of pod to be monitored by deployment.
    Now that some copies of pod have been created, how to balance the load on these copies? What we need is service.


Service is the abstraction of application services. It provides load balancing and service discovery for applications through labels. The pod IP and port list of matching labels form endpoints, and Kube proxy is responsible for balancing the service IP load to these endpoints.

Each service will automatically assign a cluster IP (a virtual address that can only be accessed within the cluster) and DNS name. Other containers can access the service through this address or DNS without knowing the operation of the back-end container.

CI / CD process implementation and environment deployment (Theory)

Picture png

Install kubernetes

Can refer toK8s installation and deployment

3、 Harbor

brief introduction

Harbor is an open-source trusted cloud native docker registry project hosted by CNCF foundation, which can be used to store, sign and scan image content. Harbor extends the docker registry project by adding some common functions such as security and identity permission management. In addition, it also supports copying images between registries and provides more advanced security functions, such as user management, access control and activity audit, Helm warehouse hosting support has also been added in the new version.
The core function of harbor is to add a layer of permission protection to docker registry. Docker registry V2 has provided support for us. V2 integrates a function of security authentication to expose the security authentication to external services for external services to implement.

CI / CD process implementation and environment deployment (Theory)

docker login.png

Install harbor

Can refer toBuild on 8khelm through harbor

4、 Jenkins

brief introduction

Jenkins is an open source CI & CD software used to automate various tasks, including building, testing and deploying software.


Jenkins pipeline is a set of plug-ins, which supports the implementation and integration of continuous delivery pipelines to Jenkins. The definition of Jenkins pipeline is written in a text file (called Jenkins file), which can be submitted to the source code control warehouse of the project. This is the basis of “pipeline is code”; The CD pipeline is used as a part of the application, which is versioned and reviewed like other code.
Pipeline is a user-defined CD pipeline model. Pipelined code defines the whole construction process, which usually includes the stages of building, testing and delivering applications.

Install Jenkins

Can refer toInstalling Jenkins on k8s

5、 CI / CD

Describe the whole CI / CD process with the following practical process

  • Developers submit code to gitlab code repository
  • SCM triggers pipeline auto build through Jenkins’ polling
  • Jenkins triggers the build task and builds it step by step according to the pipeline script definition
  • First conduct code static analysis and unit test (this article skips)
  • Build docker image according to the build result
  • Push docker image to harbor warehouse
  • Trigger update service phase
  • Check whether the service is updated successfully
CI / CD process implementation and environment deployment (Theory)

CI/CD demo.png

Deployment process can refer toJenkins pipeline deployment k8s application