Reputation: 863
Build and deploy image to Kubernetes cluster in one step with ARC self-hosted runner
I'm writing a Github action to build a docker image and deploy it to a k8s cluster, and currently am having to build, push the image to a repo, and then kubectl apply in the standard way to deploy it.
I have set up a self-hosted GitHub actions runner using ARC (actions-runner-controller) to run on my k8s cluster. Since the runner doing the work itself lives on the cluster, is there any way I can build the image and then immediately deploy it to the cluster, without having to push and pull to a repo only to get back to where the image was built in the first place?
Upvotes: 1
Views: 593
Answers (2)
Reputation: 552
This depends on your workflow, but I think using a repo is more sufficient and useful in the long run. You may use the following tools on creating your image:
Upvotes: 0
Reputation: 71
What you want to do is below
build container image inside container
without push and pull process, use builded image to change or deploy it to k8s cluster
To do this, you need to know about
1. DIND (Docker in Docker) <- to build image inside a container Need privileged options to run dind
services:
docker:
image: docker:dind
options: --privileged
2. RBAC (for deploy or change your image by using kubectl on your cluster)
your github action runner need role to deploy on your kubernetes make serviceaccount,role (or clusterrole) and bind it to your runner
Examples
serviceaccounts
apiVersion: v1
kind: ServiceAccount
metadata:
name: your-service-account-name
namespace: your-namespace
Role ( or ClusterRole)
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: your-namespace
name: runner-deployment-role
rules:
- apiGroups: ["", "apps"]
resources: ["deployments", "services"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: runner-deployment-role-binding
namespace: your-namespace
subjects:
- kind: ServiceAccount
name: your-service-account-name
namespace: default
roleRef:
kind: Role
name: runner-deployment-role
apiGroup: rbac.authorization.k8s.io
3. Proper Workflow setup and image name on github actions
you also need kubeconfig to use kubectl
And deployment's imagepullPolicy has to be set ifNotPresent
Examples
jobs:
build-and-deploy:
runs-on: self-hosted
services:
docker:
image: docker:dind
options: --privileged
steps:
- name: check code
uses: actions/checkout@v2
- name: build image by inside dind
run: |
docker build -t my-app:latest .
- name: deploy on your cluster
run: |
kubectl --kubeconfig /path/to/kubeconfig apply -f k8s-deployment.yaml
Cautions : Be aware that using privileged option for DinD and uploading the kubeconfig for use can pose security risks. It's important to understand these implications and thoroughly research before implementing them in your setup
Upvotes: 1
Related Questions
- At least one invalid signature was encountered
- Github actions share workspace/artifacts between jobs?
- GitHub Actions Runner Controller on Azure AKS and VM serving as a proxy for the AKS cluster not able to push using docker/build-push-action@v6 action
- How to run a github-actions step, even if the previous step fails, while still failing the job
- GitHub action docker build (self-hosted runner) fails on push to GH registry
- Reuse Github Actions self hosted runner on multiple repositories
- Does Github Action supports the on-demand self-hosted runner?