CI/CD Plan
CI : build and push the image to ecr.
CD : deploy the new image to eks cluster.
1-1. build image with github action
- set a self hosted machine to run the action(build)
- run an ec2 instance and set up the runner and build tool like docker.(cli install)
linux type can be get using uname -m command. - add runner to the repo.
Commands for that are well described at (repo setting - action - runner -add new runner) - branch protection rule is also needed.
name: build image and push to ecr
on:
workflow_dispatch:
push:
branches:
- main
- dev
- action-test
paths:
- 'testapp/**'
pull_request:
paths:
- 'testapp/**'
jobs:
build-simple-api:
name: Build and push simple-api image
environment: dev
runs-on: [self-hosted, linux, x64]
steps:
- uses: actions/checkout@v2
- run: docker build -t simple-api testapp/ This is sample workflow to build.
1-2. push the image to ecr
Building and pushing the image with just action is fine, but skaffold can provide better practice in case of k8s.
Install skaffold to the runner(+ awscli).
And write skaffold file which builds the image -
apiVersion: skaffold/v3
kind: Config
metadata:
name: simple-api
build:
artifacts:
- image: simple-api
context: testapp
# cacheFrom:
docker:
dockerfile: Dockerfile
local:
useBuildkit: true
profiles:
- name: main
# deploy:
# helm:
# kubectl:
# manifests:
# - deploy/k8s/simple-api.yamlThis is simple skaffold setting.
It will build /testapp/Dockerfile using docker and docker buildkt.
More options are in api docs.
To run this skaffold file, workflow file should be modified.
name: build image and push to ecr
on:
workflow_dispatch:
push:
branches:
- main
- dev
- action-test
paths:
- 'testapp/**'
pull_request:
paths:
- 'testapp/**'
jobs:
build-simple-api:
name: Build and push simple-api image
environment: main
env:
region: ap-northeast-1
BUILD_ENV: main
runs-on: [self-hosted, linux, x64]
steps:
- uses: actions/checkout@v2
- name: Configure AWS credentails
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.region }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Skaffold appy
id: skaffold-apply
# run: skaffold run ...
run: skaffold build -n ${{ env.BUILD_ENV }} -f deploy/skaffold/simple-api.yaml --default-repo {ecr repo uri} -p ${{ env.BUILD_ENV }}More skaffold cli options are in this docs..
The skaffold will deploy app in specified k8s namespaces(-n).
Alsp the profile(-p) setting will be needed in deploy step.
In this case, I specified teh repo uri in workflow file, but it can be specified in skaffold file.
build:
artifacts:
- image: {repo uri}/simple-apiNow, if action is triggerd, the image will be built and pushed to ecr repo
Further Improvement
Docker, kubectl, skaffold, awscli auto-install when launch using terraform.
- Automatic auth with ec2 iam metadata <- not working in aws cli.
