.svg)
.svg)
Kubernetes is getting adopted rapidly across the software industry and is becoming the most preferred option for deploying and managing containerized applications. Once we have a fully functional Kubernetes cluster we need to have an automated process to deploy our applications on it. In this blog post, we will create a fully automated “commit to deploy” pipeline for Kubernetes. We will use CircleCI & helm for it.
CircleCI is a fully managed saas offering which allows us to build, test or deploy our code on every check in. For getting started with circle we need to log into their web console with our GitHub or bitbucket credentials then add a project for the repository we want to build and then add the CircleCI config file to our repository. The CircleCI config file is a yaml file which lists the steps we want to execute on every time code is pushed to that repository.
Some salient features of CircleCI is:
Helm is chart manager where chart refers to package of Kubernetes resources. Helm allows us to bundle related Kubernetes objects into charts and treat them as a single unit of deployment referred to as release. For example, you have an application app1 which you want to run on Kubernetes. For this app1 you create multiple Kubernetes resources like deployment, service, ingress, horizontal pod scaler, etc. Now while deploying the application you need to create all the Kubernetes resources separately by applying their manifest files. What helm does is it allows us to group all those files into one chart (Helm chart) and then we just need to deploy the chart. This also makes deleting and upgrading the resources quite simple.
Some other benefits of Helm is:
Note: Helm is composed of two components one is helm client and the other one is tiller server. Tiller is the component which runs inside the cluster as deployment and serves the requests made by helm client. Tiller has potential security vulnerabilities thus we will use tillerless helm in our pipeline which runs tiller only when we need it.
We will create the pipeline for a Golang application. The pipeline will first build the binary, create a docker image from it, push the image to ECR, then deploy it on the Kubernetes cluster using its helm chart.
We will use a simple app which just exposes a `hello` endpoint and returns the hello world message:
| package main | |
| import ( | |
| "encoding/json" | |
| "net/http" | |
| "log" | |
| "github.com/gorilla/mux" | |
| ) | |
| type Message struct { | |
| Msg string | |
| } | |
| func helloWorldJSON(w http.ResponseWriter, r *http.Request) { | |
| m := Message{"Hello World"} | |
| response, _ := json.Marshal(m) | |
| w.Header().Set("Content-Type", "application/json") | |
| w.WriteHeader(http.StatusOK) | |
| w.Write(response) | |
| } | |
| func main() { | |
| r := mux.NewRouter() | |
| r.HandleFunc("/hello", helloWorldJSON).Methods("GET") | |
| if err := http.ListenAndServe(":8080", r); err != nil { | |
| log.Fatal(err) | |
| } | |
| } |
We will create a docker image for hello app using the following Dockerfile:
| FROM centos/systemd | |
| MAINTAINER "Akash Gautam" <akash.gautam@velotio.com> | |
| COPY hello-app / | |
| ENTRYPOINT ["/hello-app"] |
Now we need to create the helm chart for hello app.
First, we create the Kubernetes manifest files. We will create a deployment and a service file:
| apiVersion: apps/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| name: helloapp | |
| spec: | |
| replicas: 1 | |
| strategy: | |
| type: RollingUpdate | |
| rollingUpdate: | |
| maxSurge: 1 | |
| maxUnavailable: 1 | |
| template: | |
| metadata: | |
| labels: | |
| app: helloapp | |
| env: {{ .Values.labels.env }} | |
| cluster: {{ .Values.labels.cluster }} | |
| spec: | |
| containers: | |
| - name: helloapp | |
| image: {{ .Values.image.repository }}:{{ .Values.image.tag }} | |
| imagePullPolicy: {{ .Values.image.imagePullPolicy }} | |
| readinessProbe: | |
| httpGet: | |
| path: /hello | |
| port: 8080 | |
| initialDelaySeconds: 5 | |
| periodSeconds: 5 | |
| successThreshold: 1 |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: helloapp | |
| spec: | |
| type: {{ .Values.service.type }} | |
| ports: | |
| - name: helloapp | |
| port: {{ .Values.service.port }} | |
| protocol: TCP | |
| targetPort: {{ .Values.service.targetPort }} | |
| selector: | |
| app: helloapp |
In the above file, you must have noticed that we have used .Values object. All the values that we specify in the values.yaml file in our helm chart can be accessed using the .Values object inside the template.
Let’s create the helm chart now:
| helm create helloapp |
Above command will create a chart helm chart folder structure for us.
| helloapp/ | |
| | | |
| |- .helmignore # Contains patterns to ignore when packaging Helm charts. | |
| | | |
| |- Chart.yaml # Information about your chart | |
| | | |
| |- values.yaml # The default values for your templates | |
| | | |
| |- charts/ # Charts that this chart depends on | |
| | | |
| |- templates/ # The template files |
We can remove the charts/ folder inside our helloapp chart as our chart won’t have any sub-charts. Now we need to move our Kubernetes manifest files to the template folder and update our values.yaml and Chart.yaml
Our values.yaml looks like:
| image: | |
| tag: 0.0.1 | |
| repository: 123456789870.dkr.ecr.us-east-1.amazonaws.com/helloapp | |
| imagePullPolicy: Always | |
| labels: | |
| env: "staging" | |
| cluster: "eks-cluster-blog" | |
| service: | |
| port: 80 | |
| targetPort: 8080 | |
| type: LoadBalancer |
This allows us to make our deployment more configurable. For example, here we have set our service type as LoadBalancer in values.yaml but if we want to change it to nodePort we just need to set is as NodePort while installing the chart (--set service.type=NodePort). Similarly, we have set the image pull policy as Always which is fine for development/staging environment but when we deploy to production we may want to set is as ifNotPresent. In our chart, we need to identify the parameters/values which may change from one environment to another and make them configurable. This allows us to be flexible with our deployment and reuse the same chart
Finally, we need to update Chart.yaml file. This file mostly contains metadata about the chart like the name, version, maintainer, etc, where name & version are two mandatory fields for Chart.yaml.
| version: 1.0.0 | |
| appVersion: 0.0.1 | |
| name: helloapp | |
| description: Helm chart for helloapp | |
| source: | |
| - https://github.com/akash-gautam/helloapp |
Now our Helm chart is ready we can start with the pipeline. We need to create a folder named .circleci in the root folder of our repository and create a file named config.yml in it. In our config.yml we have defined two jobs one is build&pushImage and deploy.
| build&pushImage: | |
| working_directory: /go/src/hello-app (1) | |
| docker: | |
| - image: circleci/golang:1.10 (2) | |
| steps: | |
| - checkout (3) | |
| - run: (4) | |
| name: build the binary | |
| command: go build -o hello-app | |
| - setup_remote_docker: (5) | |
| docker_layer_caching: true | |
| - run: (6) | |
| name: Set the tag for the image, we will concatenate the app verson and circle build number with a `-` char in between | |
| command: echo 'export TAG=$(cat VERSION)-$CIRCLE_BUILD_NUM' >> $BASH_ENV | |
| - run: (7) | |
| name: Build the docker image | |
| command: docker build . -t ${CIRCLE_PROJECT_REPONAME}:$TAG | |
| - run: (8) | |
| name: Install AWS cli | |
| command: export TZ=Europe/Minsk && sudo ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > sudo /etc/timezone && sudo apt-get update && sudo apt-get install -y awscli | |
| - run: (9) | |
| name: Login to ECR | |
| command: $(aws ecr get-login --region $AWS_REGION | sed -e 's/-e none//g') | |
| - run: (10) | |
| name: Tag the image with ECR repo name | |
| command: docker tag ${CIRCLE_PROJECT_REPONAME}:$TAG ${HELLOAPP_ECR_REPO}:$TAG | |
| - run: (11) | |
| name: Push the image the ECR repo | |
| command: docker push ${HELLOAPP_ECR_REPO}:$TAG |
Now we will deploy our helm charts. For this, we have a separate job deploy.
| deploy: | |
| docker: (1) | |
| - image: circleci/golang:1.10 | |
| steps: (2) | |
| - checkout | |
| - run: (3) | |
| name: Install AWS cli | |
| command: export TZ=Europe/Minsk && sudo ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > sudo /etc/timezone && sudo apt-get update && sudo apt-get install -y awscli | |
| - run: (4) | |
| name: Set the tag for the image, we will concatenate the app verson and circle build number with a `-` char in between | |
| command: echo 'export TAG=$(cat VERSION)-$CIRCLE_PREVIOUS_BUILD_NUM' >> $BASH_ENV | |
| - run: (5) | |
| name: Install and confgure kubectl | |
| command: sudo curl -L https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && sudo chmod +x /usr/local/bin/kubectl | |
| - run: (6) | |
| name: Install and confgure kubectl aws-iam-authenticator | |
| command: curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-07-26/bin/linux/amd64/aws-iam-authenticator && sudo chmod +x ./aws-iam-authenticator && sudo cp ./aws-iam-authenticator /bin/aws-iam-authenticator | |
| - run: (7) | |
| name: Install latest awscli version | |
| command: sudo apt install unzip && curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip" && unzip awscli-bundle.zip &&./awscli-bundle/install -b ~/bin/aws | |
| - run: (8) | |
| name: Get the kubeconfig file | |
| command: export KUBECONFIG=$HOME/.kube/kubeconfig && /home/circleci/bin/aws eks --region $AWS_REGION update-kubeconfig --name $EKS_CLUSTER_NAME | |
| - run: (9) | |
| name: Install and configuire helm | |
| command: sudo curl -L https://storage.googleapis.com/kubernetes-helm/helm-v2.11.0-linux-amd64.tar.gz | tar xz && sudo mv linux-amd64/helm /bin/helm && sudo rm -rf linux-amd64 | |
| - run: (10) | |
| name: Initialize helm | |
| command: helm init --client-only --kubeconfig=$HOME/.kube/kubeconfig | |
| - run: (11) | |
| name: Install tiller plugin | |
| command: helm plugin install https://github.com/rimusz/helm-tiller --kubeconfig=$HOME/.kube/kubeconfig | |
| - run: (12) | |
| name: Release helloapp using helm chart | |
| command: bash scripts/release-helloapp.sh $TAG |
In the release-helloapp.sh script we first start tiller, after this, we check if the release is already present or not if it is present then we upgrade otherwise we make a new release. Here we override the value of tag for the image present in the chart by setting it to the tag of the newly built image, finally, we stop the tiller server.
| #!/bin/bash | |
| TAG=$1 | |
| echo "start tiller" | |
| export KUBECONFIG=$HOME/.kube/kubeconfig | |
| helm tiller start-ci | |
| export HELM_HOST=127.0.0.1:44134 | |
| result=$(eval helm ls | grep helloapp) | |
| if [ $? -ne "0" ]; then | |
| helm install --timeout 180 --name helloapp --set image.tag=$TAG charts/helloapp | |
| else | |
| helm upgrade --timeout 180 helloapp --set image.tag=$TAG charts/helloapp | |
| fi | |
| echo "stop tiller" | |
| helm tiller stop |
The complete CircleCI config.yml file looks like:
| version: 2 | |
| jobs: | |
| build&pushImage: | |
| working_directory: /go/src/hello-app | |
| docker: | |
| - image: circleci/golang:1.10 | |
| steps: | |
| - checkout | |
| - run: | |
| name: build the binary | |
| command: go build -o hello-app | |
| - setup_remote_docker: | |
| docker_layer_caching: true | |
| - run: | |
| name: Set the tag for the image, we will concatenate the app verson and circle build number with a `-` char in between | |
| command: echo 'export TAG=$(cat VERSION)-$CIRCLE_BUILD_NUM' >> $BASH_ENV | |
| - run: | |
| name: Build the docker image | |
| command: docker build . -t ${CIRCLE_PROJECT_REPONAME}:$TAG | |
| - run: | |
| name: Install AWS cli | |
| command: export TZ=Europe/Minsk && sudo ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > sudo /etc/timezone && sudo apt-get update && sudo apt-get install -y awscli | |
| - run: | |
| name: Login to ECR | |
| command: $(aws ecr get-login --region $AWS_REGION | sed -e 's/-e none//g') | |
| - run: | |
| name: Tag the image with ECR repo name | |
| command: docker tag ${CIRCLE_PROJECT_REPONAME}:$TAG ${HELLOAPP_ECR_REPO}:$TAG | |
| - run: | |
| name: Push the image the ECR repo | |
| command: docker push ${HELLOAPP_ECR_REPO}:$TAG | |
| deploy: | |
| docker: | |
| - image: circleci/golang:1.10 | |
| steps: | |
| - attach_workspace: | |
| at: /tmp/workspace | |
| - checkout | |
| - run: | |
| name: Install AWS cli | |
| command: export TZ=Europe/Minsk && sudo ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > sudo /etc/timezone && sudo apt-get update && sudo apt-get install -y awscli | |
| - run: | |
| name: Set the tag for the image, we will concatenate the app verson and circle build number with a `-` char in between | |
| command: echo 'export TAG=$(cat VERSION)-$CIRCLE_PREVIOUS_BUILD_NUM' >> $BASH_ENV | |
| - run: | |
| name: Install and confgure kubectl | |
| command: sudo curl -L https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && sudo chmod +x /usr/local/bin/kubectl | |
| - run: | |
| name: Install and confgure kubectl aws-iam-authenticator | |
| command: curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-07-26/bin/linux/amd64/aws-iam-authenticator && sudo chmod +x ./aws-iam-authenticator && sudo cp ./aws-iam-authenticator /bin/aws-iam-authenticator | |
| - run: | |
| name: Install latest awscli version | |
| command: sudo apt install unzip && curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip" && unzip awscli-bundle.zip &&./awscli-bundle/install -b ~/bin/aws | |
| - run: | |
| name: Get the kubeconfig file | |
| command: export KUBECONFIG=$HOME/.kube/kubeconfig && /home/circleci/bin/aws eks --region $AWS_REGION update-kubeconfig --name $EKS_CLUSTER_NAME | |
| - run: | |
| name: Install and configuire helm | |
| command: sudo curl -L https://storage.googleapis.com/kubernetes-helm/helm-v2.11.0-linux-amd64.tar.gz | tar xz && sudo mv linux-amd64/helm /bin/helm && sudo rm -rf linux-amd64 | |
| - run: | |
| name: Initialize helm | |
| command: helm init --client-only --kubeconfig=$HOME/.kube/kubeconfig | |
| - run: | |
| name: Install tiller plugin | |
| command: helm plugin install https://github.com/rimusz/helm-tiller --kubeconfig=$HOME/.kube/kubeconfig | |
| - run: | |
| name: Release helloapp using helm chart | |
| command: bash scripts/release-helloapp.sh $TAG | |
| workflows: | |
| version: 2 | |
| primary: | |
| jobs: | |
| - build&pushImage | |
| - deploy: | |
| requires: | |
| - build&pushImage |
At the end of the file, we see the workflows, workflows control the order in which the jobs specified in the file are executed and establishes dependencies and conditions for the job. For example, we may want our deploy job trigger only after my build job is complete so we added a dependency between them. Similarly, we may want to exclude the jobs from running on some particular branch then we can specify those type of conditions as well.
We have used a few environment variables in our pipeline configuration some of them were created by us and some were made available by CircleCI. We created AWS_REGION, HELLOAPP_ECR_REPO, EKS_CLUSTER_NAME, AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY variables. These variables are set via. CircleCI web console by going to the projects settings. Other variables that we have used are made available by CircleCI as a part of its environment setup process. Complete list of environment variables set by CircleCI can be found here.
Once everything is set up properly then our application will get deployed on the k8s cluster and should be available for access. Get the external IP of the helloapp service and make a curl request to the hello endpoint
| $ curl http://a31e25e7553af11e994620aebe144c51-242977608.us-west-2.elb.amazonaws.com/hello && printf "\n" | |
| {"Msg":"Hello World"} |
Now update the code and change the message “Hello World” to “Hello World Returns” and push your code. It will take a few minutes for the pipeline to complete execution and once it is complete make the curl request again to see the changes getting reflected.
| $ curl http://a31e25e7553af11e994620aebe144c51-242977608.us-west-2.elb.amazonaws.com/hello && printf "\n" | |
| {"Msg":"Hello World Returns"} |
Also, verify that a new tag is also created for the helloapp docker image on ECR.
In this blog post, we explored how we can set up a CI/CD pipeline for kubernetes and got basic exposure to CircleCI and Helm. Although helm is not absolutely necessary for building a pipeline, it has lots of benefits and is widely used across the industry. We can extend the pipeline to consider the cases where we have multiple environments like dev, staging & production and make the pipeline deploy the application to any of them depending upon some conditions. We can also add more jobs like integration tests. All the codes used in the blog post are available here.
Related Reads:
Did you like the blog? If yes, we're sure you'll also like to work with the people who write them - our best-in-class engineering team.
We're looking for talented developers who are passionate about new emerging technologies. If that's you, get in touch with us.
Kubernetes is getting adopted rapidly across the software industry and is becoming the most preferred option for deploying and managing containerized applications. Once we have a fully functional Kubernetes cluster we need to have an automated process to deploy our applications on it. In this blog post, we will create a fully automated “commit to deploy” pipeline for Kubernetes. We will use CircleCI & helm for it.
CircleCI is a fully managed saas offering which allows us to build, test or deploy our code on every check in. For getting started with circle we need to log into their web console with our GitHub or bitbucket credentials then add a project for the repository we want to build and then add the CircleCI config file to our repository. The CircleCI config file is a yaml file which lists the steps we want to execute on every time code is pushed to that repository.
Some salient features of CircleCI is:
Helm is chart manager where chart refers to package of Kubernetes resources. Helm allows us to bundle related Kubernetes objects into charts and treat them as a single unit of deployment referred to as release. For example, you have an application app1 which you want to run on Kubernetes. For this app1 you create multiple Kubernetes resources like deployment, service, ingress, horizontal pod scaler, etc. Now while deploying the application you need to create all the Kubernetes resources separately by applying their manifest files. What helm does is it allows us to group all those files into one chart (Helm chart) and then we just need to deploy the chart. This also makes deleting and upgrading the resources quite simple.
Some other benefits of Helm is:
Note: Helm is composed of two components one is helm client and the other one is tiller server. Tiller is the component which runs inside the cluster as deployment and serves the requests made by helm client. Tiller has potential security vulnerabilities thus we will use tillerless helm in our pipeline which runs tiller only when we need it.
We will create the pipeline for a Golang application. The pipeline will first build the binary, create a docker image from it, push the image to ECR, then deploy it on the Kubernetes cluster using its helm chart.
We will use a simple app which just exposes a `hello` endpoint and returns the hello world message:
| package main | |
| import ( | |
| "encoding/json" | |
| "net/http" | |
| "log" | |
| "github.com/gorilla/mux" | |
| ) | |
| type Message struct { | |
| Msg string | |
| } | |
| func helloWorldJSON(w http.ResponseWriter, r *http.Request) { | |
| m := Message{"Hello World"} | |
| response, _ := json.Marshal(m) | |
| w.Header().Set("Content-Type", "application/json") | |
| w.WriteHeader(http.StatusOK) | |
| w.Write(response) | |
| } | |
| func main() { | |
| r := mux.NewRouter() | |
| r.HandleFunc("/hello", helloWorldJSON).Methods("GET") | |
| if err := http.ListenAndServe(":8080", r); err != nil { | |
| log.Fatal(err) | |
| } | |
| } |
We will create a docker image for hello app using the following Dockerfile:
| FROM centos/systemd | |
| MAINTAINER "Akash Gautam" <akash.gautam@velotio.com> | |
| COPY hello-app / | |
| ENTRYPOINT ["/hello-app"] |
Now we need to create the helm chart for hello app.
First, we create the Kubernetes manifest files. We will create a deployment and a service file:
| apiVersion: apps/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| name: helloapp | |
| spec: | |
| replicas: 1 | |
| strategy: | |
| type: RollingUpdate | |
| rollingUpdate: | |
| maxSurge: 1 | |
| maxUnavailable: 1 | |
| template: | |
| metadata: | |
| labels: | |
| app: helloapp | |
| env: {{ .Values.labels.env }} | |
| cluster: {{ .Values.labels.cluster }} | |
| spec: | |
| containers: | |
| - name: helloapp | |
| image: {{ .Values.image.repository }}:{{ .Values.image.tag }} | |
| imagePullPolicy: {{ .Values.image.imagePullPolicy }} | |
| readinessProbe: | |
| httpGet: | |
| path: /hello | |
| port: 8080 | |
| initialDelaySeconds: 5 | |
| periodSeconds: 5 | |
| successThreshold: 1 |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: helloapp | |
| spec: | |
| type: {{ .Values.service.type }} | |
| ports: | |
| - name: helloapp | |
| port: {{ .Values.service.port }} | |
| protocol: TCP | |
| targetPort: {{ .Values.service.targetPort }} | |
| selector: | |
| app: helloapp |
In the above file, you must have noticed that we have used .Values object. All the values that we specify in the values.yaml file in our helm chart can be accessed using the .Values object inside the template.
Let’s create the helm chart now:
| helm create helloapp |
Above command will create a chart helm chart folder structure for us.
| helloapp/ | |
| | | |
| |- .helmignore # Contains patterns to ignore when packaging Helm charts. | |
| | | |
| |- Chart.yaml # Information about your chart | |
| | | |
| |- values.yaml # The default values for your templates | |
| | | |
| |- charts/ # Charts that this chart depends on | |
| | | |
| |- templates/ # The template files |
We can remove the charts/ folder inside our helloapp chart as our chart won’t have any sub-charts. Now we need to move our Kubernetes manifest files to the template folder and update our values.yaml and Chart.yaml
Our values.yaml looks like:
| image: | |
| tag: 0.0.1 | |
| repository: 123456789870.dkr.ecr.us-east-1.amazonaws.com/helloapp | |
| imagePullPolicy: Always | |
| labels: | |
| env: "staging" | |
| cluster: "eks-cluster-blog" | |
| service: | |
| port: 80 | |
| targetPort: 8080 | |
| type: LoadBalancer |
This allows us to make our deployment more configurable. For example, here we have set our service type as LoadBalancer in values.yaml but if we want to change it to nodePort we just need to set is as NodePort while installing the chart (--set service.type=NodePort). Similarly, we have set the image pull policy as Always which is fine for development/staging environment but when we deploy to production we may want to set is as ifNotPresent. In our chart, we need to identify the parameters/values which may change from one environment to another and make them configurable. This allows us to be flexible with our deployment and reuse the same chart
Finally, we need to update Chart.yaml file. This file mostly contains metadata about the chart like the name, version, maintainer, etc, where name & version are two mandatory fields for Chart.yaml.
| version: 1.0.0 | |
| appVersion: 0.0.1 | |
| name: helloapp | |
| description: Helm chart for helloapp | |
| source: | |
| - https://github.com/akash-gautam/helloapp |
Now our Helm chart is ready we can start with the pipeline. We need to create a folder named .circleci in the root folder of our repository and create a file named config.yml in it. In our config.yml we have defined two jobs one is build&pushImage and deploy.
| build&pushImage: | |
| working_directory: /go/src/hello-app (1) | |
| docker: | |
| - image: circleci/golang:1.10 (2) | |
| steps: | |
| - checkout (3) | |
| - run: (4) | |
| name: build the binary | |
| command: go build -o hello-app | |
| - setup_remote_docker: (5) | |
| docker_layer_caching: true | |
| - run: (6) | |
| name: Set the tag for the image, we will concatenate the app verson and circle build number with a `-` char in between | |
| command: echo 'export TAG=$(cat VERSION)-$CIRCLE_BUILD_NUM' >> $BASH_ENV | |
| - run: (7) | |
| name: Build the docker image | |
| command: docker build . -t ${CIRCLE_PROJECT_REPONAME}:$TAG | |
| - run: (8) | |
| name: Install AWS cli | |
| command: export TZ=Europe/Minsk && sudo ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > sudo /etc/timezone && sudo apt-get update && sudo apt-get install -y awscli | |
| - run: (9) | |
| name: Login to ECR | |
| command: $(aws ecr get-login --region $AWS_REGION | sed -e 's/-e none//g') | |
| - run: (10) | |
| name: Tag the image with ECR repo name | |
| command: docker tag ${CIRCLE_PROJECT_REPONAME}:$TAG ${HELLOAPP_ECR_REPO}:$TAG | |
| - run: (11) | |
| name: Push the image the ECR repo | |
| command: docker push ${HELLOAPP_ECR_REPO}:$TAG |
Now we will deploy our helm charts. For this, we have a separate job deploy.
| deploy: | |
| docker: (1) | |
| - image: circleci/golang:1.10 | |
| steps: (2) | |
| - checkout | |
| - run: (3) | |
| name: Install AWS cli | |
| command: export TZ=Europe/Minsk && sudo ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > sudo /etc/timezone && sudo apt-get update && sudo apt-get install -y awscli | |
| - run: (4) | |
| name: Set the tag for the image, we will concatenate the app verson and circle build number with a `-` char in between | |
| command: echo 'export TAG=$(cat VERSION)-$CIRCLE_PREVIOUS_BUILD_NUM' >> $BASH_ENV | |
| - run: (5) | |
| name: Install and confgure kubectl | |
| command: sudo curl -L https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && sudo chmod +x /usr/local/bin/kubectl | |
| - run: (6) | |
| name: Install and confgure kubectl aws-iam-authenticator | |
| command: curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-07-26/bin/linux/amd64/aws-iam-authenticator && sudo chmod +x ./aws-iam-authenticator && sudo cp ./aws-iam-authenticator /bin/aws-iam-authenticator | |
| - run: (7) | |
| name: Install latest awscli version | |
| command: sudo apt install unzip && curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip" && unzip awscli-bundle.zip &&./awscli-bundle/install -b ~/bin/aws | |
| - run: (8) | |
| name: Get the kubeconfig file | |
| command: export KUBECONFIG=$HOME/.kube/kubeconfig && /home/circleci/bin/aws eks --region $AWS_REGION update-kubeconfig --name $EKS_CLUSTER_NAME | |
| - run: (9) | |
| name: Install and configuire helm | |
| command: sudo curl -L https://storage.googleapis.com/kubernetes-helm/helm-v2.11.0-linux-amd64.tar.gz | tar xz && sudo mv linux-amd64/helm /bin/helm && sudo rm -rf linux-amd64 | |
| - run: (10) | |
| name: Initialize helm | |
| command: helm init --client-only --kubeconfig=$HOME/.kube/kubeconfig | |
| - run: (11) | |
| name: Install tiller plugin | |
| command: helm plugin install https://github.com/rimusz/helm-tiller --kubeconfig=$HOME/.kube/kubeconfig | |
| - run: (12) | |
| name: Release helloapp using helm chart | |
| command: bash scripts/release-helloapp.sh $TAG |
In the release-helloapp.sh script we first start tiller, after this, we check if the release is already present or not if it is present then we upgrade otherwise we make a new release. Here we override the value of tag for the image present in the chart by setting it to the tag of the newly built image, finally, we stop the tiller server.
| #!/bin/bash | |
| TAG=$1 | |
| echo "start tiller" | |
| export KUBECONFIG=$HOME/.kube/kubeconfig | |
| helm tiller start-ci | |
| export HELM_HOST=127.0.0.1:44134 | |
| result=$(eval helm ls | grep helloapp) | |
| if [ $? -ne "0" ]; then | |
| helm install --timeout 180 --name helloapp --set image.tag=$TAG charts/helloapp | |
| else | |
| helm upgrade --timeout 180 helloapp --set image.tag=$TAG charts/helloapp | |
| fi | |
| echo "stop tiller" | |
| helm tiller stop |
The complete CircleCI config.yml file looks like:
| version: 2 | |
| jobs: | |
| build&pushImage: | |
| working_directory: /go/src/hello-app | |
| docker: | |
| - image: circleci/golang:1.10 | |
| steps: | |
| - checkout | |
| - run: | |
| name: build the binary | |
| command: go build -o hello-app | |
| - setup_remote_docker: | |
| docker_layer_caching: true | |
| - run: | |
| name: Set the tag for the image, we will concatenate the app verson and circle build number with a `-` char in between | |
| command: echo 'export TAG=$(cat VERSION)-$CIRCLE_BUILD_NUM' >> $BASH_ENV | |
| - run: | |
| name: Build the docker image | |
| command: docker build . -t ${CIRCLE_PROJECT_REPONAME}:$TAG | |
| - run: | |
| name: Install AWS cli | |
| command: export TZ=Europe/Minsk && sudo ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > sudo /etc/timezone && sudo apt-get update && sudo apt-get install -y awscli | |
| - run: | |
| name: Login to ECR | |
| command: $(aws ecr get-login --region $AWS_REGION | sed -e 's/-e none//g') | |
| - run: | |
| name: Tag the image with ECR repo name | |
| command: docker tag ${CIRCLE_PROJECT_REPONAME}:$TAG ${HELLOAPP_ECR_REPO}:$TAG | |
| - run: | |
| name: Push the image the ECR repo | |
| command: docker push ${HELLOAPP_ECR_REPO}:$TAG | |
| deploy: | |
| docker: | |
| - image: circleci/golang:1.10 | |
| steps: | |
| - attach_workspace: | |
| at: /tmp/workspace | |
| - checkout | |
| - run: | |
| name: Install AWS cli | |
| command: export TZ=Europe/Minsk && sudo ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > sudo /etc/timezone && sudo apt-get update && sudo apt-get install -y awscli | |
| - run: | |
| name: Set the tag for the image, we will concatenate the app verson and circle build number with a `-` char in between | |
| command: echo 'export TAG=$(cat VERSION)-$CIRCLE_PREVIOUS_BUILD_NUM' >> $BASH_ENV | |
| - run: | |
| name: Install and confgure kubectl | |
| command: sudo curl -L https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && sudo chmod +x /usr/local/bin/kubectl | |
| - run: | |
| name: Install and confgure kubectl aws-iam-authenticator | |
| command: curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-07-26/bin/linux/amd64/aws-iam-authenticator && sudo chmod +x ./aws-iam-authenticator && sudo cp ./aws-iam-authenticator /bin/aws-iam-authenticator | |
| - run: | |
| name: Install latest awscli version | |
| command: sudo apt install unzip && curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip" && unzip awscli-bundle.zip &&./awscli-bundle/install -b ~/bin/aws | |
| - run: | |
| name: Get the kubeconfig file | |
| command: export KUBECONFIG=$HOME/.kube/kubeconfig && /home/circleci/bin/aws eks --region $AWS_REGION update-kubeconfig --name $EKS_CLUSTER_NAME | |
| - run: | |
| name: Install and configuire helm | |
| command: sudo curl -L https://storage.googleapis.com/kubernetes-helm/helm-v2.11.0-linux-amd64.tar.gz | tar xz && sudo mv linux-amd64/helm /bin/helm && sudo rm -rf linux-amd64 | |
| - run: | |
| name: Initialize helm | |
| command: helm init --client-only --kubeconfig=$HOME/.kube/kubeconfig | |
| - run: | |
| name: Install tiller plugin | |
| command: helm plugin install https://github.com/rimusz/helm-tiller --kubeconfig=$HOME/.kube/kubeconfig | |
| - run: | |
| name: Release helloapp using helm chart | |
| command: bash scripts/release-helloapp.sh $TAG | |
| workflows: | |
| version: 2 | |
| primary: | |
| jobs: | |
| - build&pushImage | |
| - deploy: | |
| requires: | |
| - build&pushImage |
At the end of the file, we see the workflows, workflows control the order in which the jobs specified in the file are executed and establishes dependencies and conditions for the job. For example, we may want our deploy job trigger only after my build job is complete so we added a dependency between them. Similarly, we may want to exclude the jobs from running on some particular branch then we can specify those type of conditions as well.
We have used a few environment variables in our pipeline configuration some of them were created by us and some were made available by CircleCI. We created AWS_REGION, HELLOAPP_ECR_REPO, EKS_CLUSTER_NAME, AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY variables. These variables are set via. CircleCI web console by going to the projects settings. Other variables that we have used are made available by CircleCI as a part of its environment setup process. Complete list of environment variables set by CircleCI can be found here.
Once everything is set up properly then our application will get deployed on the k8s cluster and should be available for access. Get the external IP of the helloapp service and make a curl request to the hello endpoint
| $ curl http://a31e25e7553af11e994620aebe144c51-242977608.us-west-2.elb.amazonaws.com/hello && printf "\n" | |
| {"Msg":"Hello World"} |
Now update the code and change the message “Hello World” to “Hello World Returns” and push your code. It will take a few minutes for the pipeline to complete execution and once it is complete make the curl request again to see the changes getting reflected.
| $ curl http://a31e25e7553af11e994620aebe144c51-242977608.us-west-2.elb.amazonaws.com/hello && printf "\n" | |
| {"Msg":"Hello World Returns"} |
Also, verify that a new tag is also created for the helloapp docker image on ECR.
In this blog post, we explored how we can set up a CI/CD pipeline for kubernetes and got basic exposure to CircleCI and Helm. Although helm is not absolutely necessary for building a pipeline, it has lots of benefits and is widely used across the industry. We can extend the pipeline to consider the cases where we have multiple environments like dev, staging & production and make the pipeline deploy the application to any of them depending upon some conditions. We can also add more jobs like integration tests. All the codes used in the blog post are available here.
Related Reads:
.svg)
.svg)
