Question 325572 in Docker Question posted in
The official documentation can be found here.

Docker – Build and deploy image to Kubernetes cluster in one step with ARC self-hosted runner

I’m writing a Github action to build a docker image and deploy it to a k8s cluster, and currently am having to build, push the image to a repo, and then kubectl apply in the standard way to deploy it.

I have set up a self-hosted GitHub actions runner using ARC (actions-runner-controller) to run on my k8s cluster. Since the runner doing the work itself lives on the cluster, is there any way I can build the image and then immediately deploy it to the cluster, without having to push and pull to a repo only to get back to where the image was built in the first place?

Tags:

2

Answers


  1. 0

    What you want to do is below

    1. build container image inside container

    2. without push and pull process, use builded image to change or deploy it to k8s cluster

    To do this, you need to know about

    1. DIND (Docker in Docker) <- to build image inside a container
    Need privileged options to run dind

    services:
  docker:
    image: docker:dind
    options: --privileged

    2. RBAC (for deploy or change your image by using kubectl on your cluster)

    your github action runner need role to deploy on your kubernetes
    make serviceaccount,role (or clusterrole) and bind it to your runner

    Examples

    serviceaccounts

    apiVersion: v1
kind: ServiceAccount
metadata:
  name: your-service-account-name
  namespace: your-namespace

    Role ( or ClusterRole)

    kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: your-namespace
  name: runner-deployment-role
rules:
- apiGroups: ["", "apps"]
  resources: ["deployments", "services"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: runner-deployment-role-binding
  namespace: your-namespace
subjects:
- kind: ServiceAccount
  name: your-service-account-name
  namespace: default
roleRef:
  kind: Role
  name: runner-deployment-role
  apiGroup: rbac.authorization.k8s.io

    3. Proper Workflow setup and image name on github actions

    you also need kubeconfig to use kubectl

    And deployment’s imagepullPolicy has to be set ifNotPresent

    Examples

    jobs:
  build-and-deploy:
    runs-on: self-hosted
    services:
      docker:
        image: docker:dind
        options: --privileged
    steps:
    - name: check code
      uses: actions/checkout@v2

    - name: build image by inside dind
      run: |
        docker build -t my-app:latest .

    - name: deploy on your cluster
      run: |
        kubectl --kubeconfig /path/to/kubeconfig apply -f k8s-deployment.yaml

    Cautions : Be aware that using privileged option for DinD and
    uploading the kubeconfig for use can pose security risks. It’s
    important to understand these implications and thoroughly research
    before implementing them in your setup

    Login or Signup to reply.
  2. 0

    This depends on your workflow, but I think using a repo is more sufficient and useful in the long run. You may use the following tools on creating your image:

    Kaniko

    Skopeo

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search