Build & Deploy Using Azure DevOps from AWS ECR to Kubernetes On premises
2 min readDec 19, 2021
Some Clarifications of the variables :
imageRepository: the Name of the repo in AWS ECR
containerRegistry: the url of the AWS ECR service, in your account
tag: the tag of the image
imagePullSecret: the name of the kubernetes secret
awsServiceAccount: the service connection name to your aws account
vmImageName: the build machine os type
awsRegion: the aws region for your ecr.
kubeSvcConfig: kubernetes service connection(kubeconfig)
kubeNamespace: kubernetes namespace to deploy in
envName: the name of the environmentScreen of the Service Connection, if you didn’t find AWS in service connections you can install it from link.
This is the YAML Code (read it carefully and change in it if you need)
# Deploy from AWS ECR to Kubernetes on premisestrigger: none
pr: none
resources:
- repo: selfvariables:
imageRepository: 'ecr-repo-name'
containerRegistry: 'AmazonAccountId.dkr.ecr.Region.amazonaws.com'
tag: '$(Build.BuildId)'
imagePullSecret: 'docker-secret'
awsServiceAccount: 'aws-service-account-name'
vmImageName: 'ubuntu-latest'
awsRegion: "eu-west-1"
kubeSvcConfig: "kubernetes-service-account-kubeconfig-name"
kubeNamespace: "deployment-namespace"
envName: 'to-deploy-to-environment-name'stages:
- stage: Build
displayName: Build stage
jobs:
- job: Build
displayName: Build
pool:
vmImage: $(vmImageName)steps:
- task: Docker@2
inputs:
repository: '$(imageRepository)'
command: 'build'
Dockerfile: './Dockerfile'
tags: |
$(tag)- task: ECRPushImage@1
inputs:
awsCredentials: $(awsServiceAccount)
regionName: $(awsRegion)
imageSource: 'imagename'
sourceImageName: '$(imageRepository)'
sourceImageTag: '$(tag)'
repositoryName: '$(imageRepository)'
pushTag: '$(tag)'- stage: Deploy
displayName: Deploy stage
dependsOn: Build
jobs:
- deployment: Deploy
displayName: Deploy
pool:
vmImage: $(vmImageName)
environment: $(envName)
strategy:
runOnce:
deploy:
steps:
- task: AWSShellScript@1
inputs:
awsCredentials: $(awsServiceAccount)
regionName: $(awsRegion)
scriptType: 'inline'
inlineScript: |
export secretname=$(aws ecr get-authorization-token --output text --query authorizationData[].authorizationToken | base64 -d | cut -d: -f2)
echo "##vso[task.setvariable variable=secretKey;isOutput=true]$(echo $secretname)"
name: ECR- task: Kubernetes@1
inputs:
connectionType: 'Kubernetes Service Connection'
kubernetesServiceEndpoint: $(kubeSvcConfig)
namespace: $(kubeNamespace)
command: 'login'
- task: Bash@3
inputs:
targetType: 'inline'
script: |
kubectl delete secret --ignore-not-found $(imagePullSecret);
kubectl create secret docker-registry $(imagePullSecret) --docker-server=$(containerRegistry) --docker-username=AWS --docker-password=$(ECR.secretKey);# This task deploy the manifests that are located in the gitRoot/aws-manifests/
- task: KubernetesManifest@0
displayName: Deploy to Kubernetes cluster
inputs:
action: 'deploy'
kubernetesServiceConnection: $(kubeSvcConfig)
namespace: $(kubeNamespace)
manifests: |
$(Pipeline.Workspace)/aws-manifests/deployment.yml
$(Pipeline.Workspace)/aws-manifests/service.yml
$(Pipeline.Workspace)/aws-manifests/ingress.yml
Enjoy Deploying,
Mouaad elmaslouhy
