Continuous Deployment of an application using CircleCI
The CircleCI config.yml file in this repository is configured to build an image and deploy to both the live-1 and live clusters with a unique ingress identifier for each cluster and a weighting of 50/50.
The application is deployed using Kubernetes manifest files.
- A cloud platform namespace
- An ECR in your namespace, to store your docker images
- A serviceaccount in your namespace
- Build your Docker image using the following command.
docker build -t cloud-platform/github-action-reference-app .
- After the build completes, tag your image so you can push the image to this repository:
docker tag cloud-platform/github-action-reference-app:latest 754256621582.dkr.ecr.eu-west-2.amazonaws.com/cloud-platform/github-action-reference-app:latest
- Run the following command to push this image to your newly created AWS repository:
docker push 754256621582.dkr.ecr.eu-west-2.amazonaws.com/cloud-platform/github-action-reference-app:latest
The serviceaccount has permissions to deploy to your namespace, so we will use its ca.crt and token in the pipeline. Guidence on Using your serviceaccount to authenticate to the cluster here
Following every commit to the Main branch a job kicks off, which builds the Dockerfile on root, tags/pushes to ECR and deploys the reference application on the Cloud Platform.
The configuration for this job is in the directory .circleci/config.
A set of env vars must be defined for Circle to access the ECR and K8s cluster. ECR credentials are obtained following using the Terraform module
A Kubernetes token and certificate need to be copied from the CircleCI serviceaccount within your Namespace. Click HERE for instructions on how to retrieve these credentials using the cloud-platform-cli
You can also run the following using kubectl:
kubectl --context ${CLUSTER_NAME_LIVE} -n ${NAMESPACE} get secret circleci-token -o json | jq -r '(.data.token | @base64d), .data."ca.crt"'