Gitlab CI: Build & push Docker image to AWS ECR, Deploy to EKS.
Introduction :
Gitlab CI pipeline has two big stages : Publish, Deploy.
Publish : We will use AWS CLI to get docker password, to build and push docker image you must pass by several stages : build, login, and push but with EKS things will be different.
Deploy : After build and push image to EKS, we will generate yml files to create a deployment and load balancer service in EKS cluster integrated with Gitlab CI.
Publish Steps :
- Create new Docker repository from the AWS console using the Elastic Container Registry service.
2. From AWS Console using the IAM service, you need to create a new user that has programatic access and also the following policy attached: AmazonEC2ContainerRegistryPowerUser.
3. You will get a key id and a secret from AWS IAM, Define the variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY and set the value obtained from AWS IAM.
4. Put all the information in a GitLab CI pipeline file (.gitlab-ci.yml) :
variables:
DOCKER_REGISTRY: XXXXXXXX.dkr.ecr.us-east-1.amazonaws.com
AWS_DEFAULT_REGION: us-east-1
APP_NAME: mywebsite
DOCKER_HOST: tcp://docker:2375 publish:
image:
name: amazon/aws-cli
entrypoint: [""]
services:
- docker:dind
before_script:
- amazon-linux-extras install docker
- aws --version
- docker --version
script:
- docker build -t $DOCKER_REGISTRY/$APP_NAME:$CI_PIPELINE_IID .
- aws ecr get-login-password | docker login --username AWS --
password-stdin $DOCKER_REGISTRY
- docker push $DOCKER_REGISTRY/$APP_NAME:$CI_PIPELINE_IID
Deploy Steps :
- Create kubernetes folder contains two files : Deployment.yaml
and Public-ip-service.yaml
2. Integrate your EKS cluster with Gitlab CI :
Gitlab CI => Operations => Kubernetes => Integrate with a cluster cetificate => Connect existing cluster.
1.Kubernetes cluster name : Same as EKS cluster.
2.API URL :kubectl cluster-info | grep -E 'Kubernetes master|Kubernetes control plane' | awk '/http/ {print $NF}'
3.CA Certificate : kubectl get secret <secret name> -o jsonpath="{['data']['ca\.crt']}" | base64 --decode
4. Service Token :
You can follow instructions in gitlab official Doc to integrate you EKS cluster : https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html#add-existing-cluster
The .gitlab-ci.yml file section responsable for deployment to EKS cluster :
deploy:
stage: deploy
image: alpine
environment:
name: staging
script:
- mkdir $HOME/.kube
- cp $KUBECONFIG $HOME/.kube/config
- cat $HOME/.kube/config
- apk update && apk add --no-cache curl
- curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
- chmod +x ./kubectl && mv ./kubectl /usr/local/bin/kubectl
- kubectl config set-context $(kubectl config current-context)
- sed -i 's/_APP_NAME_/'"$CI_PROJECT_NAME"'/g; s/_VERSION_/'"$CI_COMMIT_SHA"'/g' kubernetes/deployment.yaml;
- sed -i 's/_APP_NAME_/'"$CI_PROJECT_NAME"'/g; s/_VERSION_/'"$CI_COMMIT_SHA"'/g' kubernetes/public_ip_service.yaml;
- kubectl apply -f kubernetes/deployment.yaml
- kubectl apply -f kubernetes/public_ip_service.yaml
only:
- masterConclusion
I hope this tutorial helped you get started with building Docker images from Gitlab CI and pushing them to AWS ECR, and to integrate your gitlab CI project to EKS cluster and deploy your Docker image to EKS cluster using deployment and load balancer service.
