Setup CI/CD to push images to Artifact Registry and deploy to Google Kubernetes Engine (GKE) using Github Actions
This tutorial assumes that you have already created a project on Google Cloud and setup your kubernetes cluster. If you haven’t yet, follow this guide deploy your app on GKE. Also, if you haven’t yet created a repository on Artifact Registry, search on Google Cloud dashboard for “Artifact Registry”, and then it is straightforward to create a repository and specify your region.
If you’re all set, let’s move forward then 😉😉👍
Step 1: Create a service account
We need this service account in order to authenticate with GCP when we run the workflow from Github Actions to pull/push images and to deploy to
GKE.
- From the Google Cloud dashboard, search for “service account”, then once in it, click on “create service account”, you can give it as a name “github-actions” for instance, or whatever name you like, and gives it as a role “Artifact Registry Writer”. Once the account is created, go the “action” where there is the dotted menu, and click on “manage keys”. After that, click on “Add key”, and downalod the json file that contains the crendetials that we’ll use to authenticate with the service account and push our docker images to Artifact Registry.
- On your Github repository, go to secrets, and create a new secret, you can call it for example, GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY, copy and paste the content of the json file of the key that you downloaded as a value of this secret.
If we stop at this, when you run the github workflow to push the image to the Artifact Registry, you’ll notice such kind of error when your Github action build process runs:
❗❗❗ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required “container.clusters.get” permission(s) for “projects/your-project/zones/us-central1-a/clusters/your-project
In order to solve this error, you need to create a custom role. So, go to service accounts again, select the Github service account, and in the actions menu, click on permissions, click on grant access, click on add role, in the bottom, you see MANAGE ROLES, click on it, and then click on create role, you can name it “CustomRole” and give it the permission “container.clusters.get”, save your changes. Then, add this “CustomRole” to your service accounts roles.
Step 2: Create ci.yaml
Under your the root directory of your app project, create .gitub/workflow.ci.yaml
.Then, copy paste the following in the ci.yaml
file:
name: CI
on:
push:
branches:
- main
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up environment
- id: "auth"
uses: "google-github-actions/auth@v1"
with:
credentials_json: "${{ secrets.GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY }}"
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
- name: "Use gcloud CLI"
run: "gcloud info"
- name: "Docker auth"
run: |-
gcloud auth configure-docker ${{secrets.YOUR_LOCATION_ZONE}}-docker.pkg.dev --quiet
- name: Install Docker Compose
run: |
sudo apt-get update
sudo apt-get install -y docker-compose
- name: Build Docker image
run: docker-compose build
- name: Tag Docker image as latest
run: docker tag ${{secrets.YOUR_IMAGE_NAME}} ${{secrets.YOUR_LOCATION_ZONE}}-docker.pkg.dev/${{secrets.GCP_PROJECT_NAME}}/${{secrets.YOUR_ARTIFACT_REPOSITORY}}/${{secrets.YOUR_IMAGE_NAME}}:latest
- name: Push Docker image with latest tag
run: |
docker push ${{secrets.YOUR_LOCATION_ZONE}}-docker.pkg.dev/${{secrets.YOUR_GCP_PROJECT_NAME}}/${{secrets.YOUR_ARTIFACT_REPOSITORY}}/${{secrets.YOUR_IMAGE_NAME}}
- name: Set up GKE credentials
uses: google-github-actions/get-gke-credentials@v2
with:
cluster_name: ${{secrets.YOUR_GKE_CLUSTER_NAME}}
location: ${{secrets.YOUR_LOCATION_ZONE}}
- name: deploy image on Kubernetes
run: |
kubectl rollout restart deployment <your-deployment-name>
Now you’re all good to push images from Github to Artifact Registry and then deploy them to your GKE cluster 😊😄
Happy reading 🥳