CI / CD - how to deploy ment from docker registry

You need to create certificate that you will upload to CloudUX machine and to your PC.
To generate certificate.

1
2
3
4
5
$ mkdir -p certs

$ openssl req \
  -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
  -x509 -days 365 -out certs/domain.crt

Follow instruction to the end!

Linux: Copy the domain.crt file to /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt on every Docker host. You do not need to restart Docker.

Windows:
Open Windows Explorer, right-click the domain.crt file, and choose Install certificate. When prompted, select the following options:

Store location local machine
Place all certificates in the following store selected

  • Click Browser and select Trusted Root Certificate | Authorities.

  • Click Finish. Restart Docker.

SSH into mediacentral-machine:

In etc/hosts change your registry-ip to dome domain

1
vim  /usr/lib/systemd/system/docker.service

And add:

1
ExecStart= ... --insecure-registry <your-domain>

Create docker registry.

Instruction

1
2
3
4
5
6
7
8
9
$ docker run -d \
  --restart=always \
  --name registry \
  -v `pwd`/certs:/certs \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  -p 443:443 \
  registry:2

Create your local docker image and push it to your registry

Instruction

You on check your uploaded image under https:///v2/_catalog

Or check by docker ps if it’s running.

Create example deployment.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
apiVersion: apps/v1
kind: Deployment
metadata:
  name: helloexpress
  labels:
    app: express
spec:
  replicas: 1
  selector:
    matchLabels:
      app: express
  template:
    metadata:
      labels:
        app: express
    spec:
      containers:
      - name: express
        image: <your-registry>:443/hello_express

Copy file to root of your CloudUX machine and install deployment

1
kubectl create -f path/to/deployment.yaml

Your deployment should be working you can upgrade it with script deployment.sh for example:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#!/bin/bash

DIR=$(readlink -f $(dirname "$0"))

# Default token for our machines
KUBE_TOKEN="XXX"
KUBE_API_SERVER="https://xxxxx:18443"

# prepare kubernetes config with authentication
kubectl config set-cluster default --server="$KUBE_API_SERVER" --insecure-skip-tls-verify=true
kubectl config set-context default --user=admin --namespace=default --cluster default
kubectl config set-credentials admin --user=admin --token="$KUBE_TOKEN"
kubectl config use-context default
echo $DIR

# patch the deployment to use the latest docker image
kubectl patch deployment clouduxtestservice-deployment -p "$(cat $DIR/clouduxtestservice-deployment.yaml)"

# force kubernetes to re-pull images with 'latest' tag and roll out new deployment
kubectl patch deployment clouduxtestservice-deployment -p '{"spec":{"template":{"metadata":{"labels":{"date":"'$(date +'%s')'"}}}}}'

It connects to external cluster and executes commands on it. Last line forces kuberneted to re-deploy and in that case pull image because of changed timestamp.

Remember

Your deployment.sh script needs to have access to kubectl kubernetes tool.

You can run it inside docker container.