What is best method to update image tag to commit SHA via CloudBuilder?

Question

I have a deployment.yaml containing deployment of 3 containers + LB service and the cloudbuild.yaml containing steps to build container images every time there's new commit to a certain branch on Bitbucket git repo .

All is working fine except the fact that my deplyment isn't updated whenever there's a new image version ( I used :latest tag in deployment ) and to change this I understood that my deployment images should use something unique, other than :latest, such as a git commit SHA.

Problem: I'm not sure how to perform image declaration update during GCB CI process to contain new commit SHA.

YAML's: https://paste.ee/p/CsETr

Answer 1

Found a solution by using image tag or URI variables in deployment fine and substituting them with sed during build-time.

deplyment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: dev
  name: app
  labels:
    app: app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: app
  template:
    metadata:
      labels:
        app: app
    spec:
      initContainers:
      - name: init
        image: INIT_IMAGE_NAME
        imagePullPolicy: Always
        command: ['sh', '-c', 'cp -r /app /srv; chown -R 82:82 /srv/app']
        volumeMounts:
        - name: code
          mountPath: /srv
      containers:
      - name: nginx
        image: NGINX_IMAGE_NAME
        imagePullPolicy: Always
        ports:
        - containerPort: 80
        volumeMounts:
        - name: code
          mountPath: /srv
        - name: php-socket
          mountPath: /var/run
        livenessProbe:
          httpGet:
            path: /health.html
            port: 80
            httpHeaders:
            - name: X-Healthcheck
              value: Checked
          initialDelaySeconds: 5
          timeoutSeconds: 1
          periodSeconds: 15
        readinessProbe:
          httpGet:
            path: /health.html
            port: 80
            httpHeaders:
            - name: X-Healthcheck
              value: Checked
          initialDelaySeconds: 5
          timeoutSeconds: 1
          periodSeconds: 15
      - name: php
        image: PHP_IMAGE_NAME
        imagePullPolicy: Always
        volumeMounts:
        - name: code
          mountPath: /srv
        - name: php-socket
          mountPath: /var/run
        livenessProbe:
          httpGet:
            path: /health.html
            port: 80
            httpHeaders:
            - name: X-Healthcheck
              value: Checked
          initialDelaySeconds: 5
          timeoutSeconds: 1
          periodSeconds: 15
        readinessProbe:
          httpGet:
            path: /health.html
            port: 80
            httpHeaders:
            - name: X-Healthcheck
              value: Checked
          initialDelaySeconds: 5
          timeoutSeconds: 1
          periodSeconds: 15
      volumes:
        - name: code
          emptyDir: {}
        - name: php-socket
          emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  namespace: dev
  name: app-service
spec:
  type: LoadBalancer
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
  selector:
    app: app

cloudbuild.yaml

steps:

# Build Images
- id: Building Init Image
  name: gcr.io/cloud-builders/docker
  args: ['build','-t', 'eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA', '-f', 'init.dockerfile', '.']

- id: Building Nginx Image
  name: gcr.io/cloud-builders/docker
  args: ['build','-t', 'eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA', '-f', 'nginx.dockerfile', '.']
  waitFor: ['-']

- id: Building PHP-FPM Image
  name: gcr.io/cloud-builders/docker
  args: ['build','-t', 'eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA', '-f', 'php.dockerfile', '.']
  waitFor: ['-']


# Push Images
- id: Pushing Init Image
  name: gcr.io/cloud-builders/docker
  args: ['push','eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA']

- id: Pushing Nginx Image
  name: gcr.io/cloud-builders/docker
  args: ['push','eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA']

- id: Pushing PHP-FPM Image
  name: gcr.io/cloud-builders/docker
  args: ['push','eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA']


# Update Image Tags
- id: 'Setting Init Image Tag'
  name: ubuntu
  args: ['bash','-c','sed -i "s,INIT_IMAGE_NAME,eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA," deployment.yaml']

- id: 'Setting Nginx Image Tag'
  name: ubuntu
  args: ['bash','-c','sed -i "s,NGINX_IMAGE_NAME,eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA," deployment.yaml']

- id: 'Setting PHP Image Tag'
  name: ubuntu
  args: ['bash','-c','sed -i "s,PHP_IMAGE_NAME,eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA," deployment.yaml']


# Update Deployment
- id: Updating Deployment
  name: gcr.io/cloud-builders/kubectl
  args: ['apply','-f','deployment.yaml']

  env:
    - CLOUDSDK_COMPUTE_ZONE=europe-west2-b
    - CLOUDSDK_CONTAINER_CLUSTER=clusterx

# Images
images:
  - eu.gcr.io/$PROJECT_ID/init:$SHORT_SHA
  - eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA
  - eu.gcr.io/$PROJECT_ID/php:$SHORT_SHA

# Tags
tags:
  - master
  - dev
  - init

Answer 2

I believe Kubernetes won't pull an image that it has already (as it uses the same tag :latest ).

I think your system would benefit of using the new tag:

- id: Updating Deployment
  name: gcr.io/cloud-builders/kubectl
  args: ['set', 'image', 'deployment/app', 'nginx=eu.gcr.io/$PROJECT_ID/nginx:$SHORT_SHA']
  env:
    - CLOUDSDK_COMPUTE_ZONE=europe-west1-b
    - CLOUDSDK_CONTAINER_CLUSTER=cluster-1

(You would have to also set the image for the other containers.

Another technique would be to update your deployment file with the new tags, and apply the whole file.