How to set flux to deploy latest image tag for every build?

I have added github actions to build a docker image for every latest commit and push it to our container registry in azure.

We have created yaml files to deploy the docker image to kubernetes on azure. And deployed flux in to for auto-sync if any changes in the yaml files.

How to set flux to get the latest image from container registry when a new build comes?


Solution 1:

This describes a solution where you keep your yaml files in a GitHub repository separate from the repo where you keep your project code. So, the two repos are:

  1. Project GitHub repo
  2. Infrastructure GitHub repo (IaC)

My assumption is that Flux is then pointed at the Infrastructure repo so that when changes are made there, Flux brings the cluster inline with the desired changes now declared in the repo. (We use ArgoCD). When you make changes to your project repo and the GitHub Action builds the new image (with a new tag) and pushes to your Azure Container Registry.

You question then asks how to let the CI/CD tool (i.e. Flux) know about the new image tag so it can pull the fresh image.

The recommendation is to consider using Kustomize to manage the updating of the tag in the Infrastructure repo so that the CI/CD tool automatically detects that change in the repo and updates the cluster accordingly using the new image.

This will require the following:

Add a Kustomization.yaml file into your Infrastructure repo which contains a) the yaml manifests that describe your infrastructure for the project and b) the image tag to be replaced.

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- resource1.yaml
- resource2.yaml
- ...

images:
- name: image-name in your deployment manifest
  newTag: to-be-replaced

Then, in the GitHub Action workflow in your Project Repo, use the actions/checkout@v2 action to pull the remote Infrastructure repo. Then add the imranismail/setup-kustomize@v1 action and use it to replace the image tab. Then push changes back to the Infrastructure repo. Example below, modify to fit your situation:

build steps here

deploy:
  needs: build
  runs-on: ubuntu-latest

  steps:
  - name: Checkout remote repo
    uses: actions/checkout@v2
    with:
      repository: {your github repo}
      token: ${{ secrets.INFRA_REPO_TOKEN }}
      path: infra-repo

  - name: Setup Kustomize
    uses: imranismail/setup-kustomize@v1
    with:
      kustomize-version: "3.6.1"

  - name: Switch out image tag
    run: |
      cd infra-repo/{repo name}
      kustomize edit set image {image name}:{tag}

  - name: Commit and push
    run: |
      cd infra-repo/{repo name}
      git config --local user.email [email protected]
      git config --local user.name github-actions
      git commit -am "updates image tag"
      git push

These relevant links should also give you the info you need to correctly build your workflow:

  • https://github.com/actions/checkout
  • https://github.com/marketplace/actions/setup-kustomize
  • https://kustomize.io/