Hey all! It’s been a long time since I haven’t written a blog about Kubernetes. So I was wandering in r/devops in Reddit and saw a post where the digital ocean is hosting a Kubernetes challenge and guess what they’re giving away free credits of $120 to try it out free!!!
This blog is written in multiple sections from steps to apply to steps to deploy your app in Digital Ocean Kubernetes via CI/CD. Let’s get started!
Challenge Details
- Link of the challenge page Here
- Pick one challenge from the list mention in above link based on your knowledge.
- Create a GitHub or GitLab repo for your project
- Fill out the code challenge form to get DigitalOcean credits for your project
- Join the #kubernetes-challenge channel in the DigitalOcean Deploy Discord
- Complete your challenge
- Write about what you’ve built and share it on a blog or in your project README.
- Make a pull request against the Kubernetes Challenge Github Repo with information about your project
- Let them know you’ve completed your challenge by filling out this form
Now that we’ve applied let’s take a look at one of the challenges I chose :
Deploy a GitOps CI/CD implementation
GitOps is the (only) way automate deployment pipelines for Kubernetes environments in 2022, and ArgoCD is currently one of the leading player. Install it to create a CI/CD solution, using GH Actions for actual image building.
Cluster Creation
- Sign in to your DO console.
- Click on NEW button and create a Kubernetes cluster with default values.
- You can customize the location of cluster nearest to your location to avoid altency issues to API server.
- Once you submit, it’ll take around 10-15 min for the worker nodes and API server to become ready.
- Click on the Actions button and download the kubeconfig file.
- Once you download, install kubectl binary by following steps in the Getting started section of *overview *tab.
- Once, kubectl in installed in your local, you can save / move the config file downloaded to your
~/.kube/configlocation. - Now, you can connect to your API server, test it by running :
kubectl get node -o wide
Project setup
- Clone this repository using below command :
git clone https://github.com/tanmay-bhat/DigitalOcean-Kubernetes-Challenge-argoCD
This project contains below:
- go app
- Dockerfile
- github actions file ( CI)
- Kubernetes manifest files
Let’s Look mainly kustomize/base :
- Here, Deployment.yaml file contains the deployment resource YAML file.
containers:
- image: registry.digitalocean.com/tanmaybhat/saymyname
name: saymyname
ports:
- name: http
containerPort: 8080
imagePullSecrets:
- name: tanmaybhat
Notice the image registry I’m using is the Digital Ocean registry itself and not the mostly used Docker Hub.
The ImagePullSecrets has a name: Tanmay Bhat. This is the Kubernetes secret which has the Digital Ocean registry credentials which we will use to pull the image.
Now let’s look at our Github actions config file :
name: Go
on:
push:
branches: [ main ]
tags:
- 'v*.*.*'
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.x
uses: actions/setup-go@v2
with:
go-version: ^1.14
- name: Check out code
uses: actions/checkout@v2
- name: Extract Git Tag
run: echo "GIT_TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
- name: Login to Digitalocean
uses: docker/login-action@v1
with:
registry: registry.digitalocean.com
username: ${{ secrets.DIGITAL_OCEAN_TOKEN }}
password: ${{ secrets.DIGITAL_OCEAN_TOKEN }}
- name: push image to digitalocean
run: |
docker build -t registry.digitalocean.com/tanmaybhat/saymyname:${{ env.GIT_TAG }} .
docker push registry.digitalocean.com/tanmaybhat/saymyname:${{ env.GIT_TAG }}
deploy:
name: Deploy
runs-on: ubuntu-latest
needs: build
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Extract Git Tag
run: echo "GIT_TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
- name: update image tag in manifest
uses: imranismail/setup-kustomize@v1
- run: |
cd kustomize/base
kustomize edit set image registry.digitalocean.com/tanmaybhat/saymyname:${{ env.GIT_TAG }}
- name: Commit files
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git commit -am "update image tag to ${{ env.GIT_TAG }}"
- name: Push changes
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
I’m gonna explain the above section since the main goal of this article is to do CI/CD :
- The on section says trigger this piepline if the chnages has been pushed to **Main branch with a tag in format : vx.x.x ( i.e v1.0.0 etc)
- On each tag push, pipeline will run 2 jobs. Build and Deploy.
- In Build section, the follwing steps will run on ubuntu image.
- Check out code step uses pre-build action
actions/checkout@v2to clone current repository into the piepline container i.e ubuntu. - Extract Git Tag is used to get the latest tag pusued to main branch and store it in th environmental variable GIT_TAG.
- In Login to Digitalocean, since we need to push our build docker images to a private registry like Digital Ocean, I’m using docker login action to auttenticate to the DO registry.
- In push image to digitalocean, I’m buidling the docker image and tagging it to latest pushed tag version and pushing to my registry.
- Next comes, the Deploy section. here again I’m using ubuntu as base image and again getting the repository from main branch and extracting tag version from the repositiry.
- Once that is done, I’ll use a tool called Kustomize to update my manifest file’s docker image tag to the latest tag version.
- If you’re using helm charts only but not kustomize with Helm, you need to use Sed command and update the image tag in manifest file ( deployment.yaml).
- Later, I’m doing the commit of latest tag edit and pushing the changes back to my repo.
To sum up, what the exact pipeline does whenever a new tag is pushed to main branch :
- clone the repository, build the docker image, tag it and push it to registry.
- update the tag in manifest file and push it back to gthe repository.
You might have this question, Tanmay, this is just CI, where’s CD ? well, that’s the magic ArgoCD solves for us.
ArgoCD
- Setup ArgoCD by running the below commands :
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
- Once done, you can verify its running status by running the command
- Next step is to retrieve the password of argocd. For that, run :
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
- By default argocd service type will be ClusterIP. That means you cant access argocd outside of your cluster. So, Let’s change that to LoadBalancer by running :
kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'
- Now, wait for couple more minutes for LoadBalancer to start in Digital Ocean and get the endpoint of it by running :
- Open the external IP in your browser and voila, you should see argocd UI login page. Login with username: admin password got from step 3.
ArgoCD Configuration
- Once logged in to ArgoCD UI, click on new app and set the below values:
application name : demo-argocd
Project : default
Sync Policy : Automatic
Repository URL : <GITHUB REPO URL OF YOUR PROJECT>
Rivision : HEAD
Path : kustomize/base
Destination Cluster : https://kubernetes.default.svc
Namespace : default
Click create and see your app glowing in your cluster.
the ArgoCD magic here is that, it watches for any new changes to your repo every 3 minutes ( default ) and new changes will be auto-applied in your cluster.
See the comment that says: update the tag to v1.0.12 ? that was my last commit. If a new tag is committed, here’s how it’s gonna update and look
Conclusion
I found DOKS to be extreme easy to set up and straightforward. From click to integrate Registry to a Kubernetes cluster, easy cluster creation and scaling up.