Azure/k8s-deploy Image substitution

Question

I've set up a cluster in Azure, and with the help of the "Automated deployments" menu I've created a workflow in my Github Repo which makes use of Github actions.

First, it builds the image and pushes it to the azure container registry, this first step goes well, but when I get to the deploy step, it doesn't replace the deployment image with the built image.

Instead, I do see the manifests pop up in the cluster. The service which requires no changes goes fine, but the image, which I expect to be replaced by the newly built one is still the same. The workflow is mostly the same from how it is generated by Azure. I think it must have something to do with the Azure Container Registry or the way I'm using the final step (Azure/k8s-deploy@v4). Is there something i'm missing? link to docs of final step

(I've changed the Azure login step before posting to here, it used to show a long hash, but thats irrelevant)

name: deploy_to_ota
"on":
    push:
        branches:
            - main
    workflow_dispatch: {}
env:
    ACR_RESOURCE_GROUP: ota
    AZURE_CONTAINER_REGISTRY: otaRegistry
    CLUSTER_NAME: ota
    CLUSTER_RESOURCE_GROUP: ota
    CONTAINER_NAME: portfolio-image
    DEPLOYMENT_MANIFEST_PATH: |
        ./kubernetes/my-deployment.yaml
        ./kubernetes/my-service.yaml
jobs:
    buildImage:
        permissions:
            contents: read
            id-token: write
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v3
            - name: Set up Java
              uses: actions/setup-java@v4
              with:
                distribution: 'adopt'
                java-version: '21'
            - name: Build with Maven
              run: mvn clean package
            - uses: azure/login@HASH
              name: Azure login
              with:
                client-id: ${{ secrets.AZURE_CLIENT_ID }}
                subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
                tenant-id: ${{ secrets.AZURE_TENANT_ID }}
            - name: Build and push image to ACR
              run: az acr build --image ${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.ACR_RESOURCE_GROUP }} -f ./Dockerfile ./
    deploy:
        permissions:
            actions: read
            contents: read
            id-token: write
        runs-on: ubuntu-latest
        needs:
            - buildImage
        steps:
            - uses: actions/checkout@v3
            - uses: azure/login@HASH
              name: Azure login
              with:
                client-id: ${{ secrets.AZURE_CLIENT_ID }}
                subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
                tenant-id: ${{ secrets.AZURE_TENANT_ID }}
            - uses: azure/use-kubelogin@v1
              name: Set up kubelogin for non-interactive login
              with:
                kubelogin-version: v0.0.25
            - uses: azure/aks-set-context@v3
              name: Get K8s context
              with:
                admin: "false"
                cluster-name: ${{ env.CLUSTER_NAME }}
                resource-group: ${{ env.CLUSTER_RESOURCE_GROUP }}
                use-kubelogin: "true"
            - uses: Azure/k8s-deploy@v4
              name: Deploys application
              with:
                action: deploy
                images: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
                manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
                namespace: portfolio

The manifests I've specified is a deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: portfolio-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: portfolio
  template:
    metadata:
      labels:
        app: portfolio
    spec:
      containers:
      - name: portfolio-app
        image: WILL_I_BE_REPLACED

Answer 1

In the deployment manifest (my-deployment.yaml), you have the following section:

containers:
  - name: portfolio-app
    image: WILL_I_BE_REPLACED

• The image field is set to a placeholder (WILL_I_BE_REPLACED). This needs to be dynamically updated with the actual image tag during deployment. Here's a modification to your GitHub Actions workflow that achieves this:

deploy:
  permissions:
    actions: read
    contents: read
    id-token: write
  runs-on: ubuntu-latest
  needs:
    - buildImage
  steps:
    - uses: actions/checkout@v3
    - uses: azure/login@HASH
      name: Azure login
      with:
        client-id: ${{ secrets.AZURE_CLIENT_ID }}
        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
    - uses: azure/use-kubelogin@v1
      name: Set up kubelogin for non-interactive login
      with:
        kubelogin-version: v0.0.25
    - uses: azure/aks-set-context@v3
      name: Get K8s context
      with:
        admin: "false"
        cluster-name: ${{ env.CLUSTER_NAME }}
        resource-group: ${{ env.CLUSTER_RESOURCE_GROUP }}
        use-kubelogin: "true"
    - name: Update deployment manifest
      run: sed -i "s|WILL_I_BE_REPLACED|${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}|g" ${{ env.DEPLOYMENT_MANIFEST_PATH }}
    - uses: Azure/k8s-deploy@v4
      name: Deploys application
      with:
        action: deploy
        images: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
        manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
        namespace: portfolio

• GitHub Actions workflow is successfully build a Docker image, pushed it to the Azure Container Registry (ACR). kubectl apply -f deployment.yaml

Deployed the updated image to the Azure Kubernetes Service (AKS) cluster. kubectl get service my-app-api-service