github actions GKE workflow - deployment clarification

Question

I have set up a Google Cloud Platform kubernetes cluster (and Container Registry) with source code on GitHub. Source code is divided into folders with separate Dockerfiles for each microservice.

I want to set up CI/CD using GitHub actions.

As far as I understand, the default GKE workflow will connect to gcloud using secrets, build the images and push them to Container Registry. And then perform an update.

My questions

• How is the deployment performed?
• What is kustomize for?
• Do I have to configure on gcloud anything else than GKE key / token
• Suppose I want to update multiple docker images. Will it suffice to build multiple images and push them? Like below (a little bit simplified for clarity), or do I have to also modify the Deploy job:

    - name: Build
      run: |-
        docker build -t "gcr.io/$PROJECT_ID/$IMAGE_1:$GITHUB_SHA" service1/.
        docker build -t "gcr.io/$PROJECT_ID/$IMAGE_2:$GITHUB_SHA" service2/.
        docker build -t "gcr.io/$PROJECT_ID/$IMAGE_3:$GITHUB_SHA" service3/.

    - name: Publish
      run: |-
        docker push "gcr.io/$PROJECT_ID/$IMAGE_1:$GITHUB_SHA"
        docker push "gcr.io/$PROJECT_ID/$IMAGE_2:$GITHUB_SHA"
        docker push "gcr.io/$PROJECT_ID/$IMAGE_3:$GITHUB_SHA"

---

This is the deploy fragment from the GKE workflow:

    # Deploy the Docker image to the GKE cluster
    - name: Deploy
      run: |-
        ./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA
        ./kustomize build . | kubectl apply -f -
        kubectl rollout status deployment/$DEPLOYMENT_NAME
        kubectl get services -o wide

Answer 1

How is the deployment performed?

To know how to deploy or run this workflow please refer this documentation

What is kustomize for?

kustomize is a configuration mangement for application configuration

Do I have to configure on gcloud anything else than GKE key / token

You don't have to unless you are adding additional layer of security for authenticating the workflow.

Suppose I want to update multiple docker images. Will it suffice to build multiple images and push them? Like below (a little bit simplified for clarity), or do I have to also modify the Deploy job

I think no need for modification of deploy job. It is enough to build multiple images and push them into the GCR

Answer 2

I just wanted to share my experience with GKE after posting this question and then implementing the GitHub action.

How is the deployment performed?

Basically, the workflow sets up a connection to GKE via gcloud CLI (this also sets up kubectl context).
After the connection is established and the correct cluster targeted you are free to do whatever you like.

Do I have to configure on gcloud anything else than GKE key / token

Nothing else is required. Just remember to hash it correctly and store it in a secret on GitHub.

Suppose I want to update multiple docker images...

Doing it the way it is in a question is absolutely valid and fully functional.

...or do I have to also modify the Deploy job

I decided to change the Deploy a little bit.

# Deploy update to services
- name: Deploy
  run: |-
    kubectl set image deployment dep1 dep1="gcr.io/$PROJECT_ID/$IMAGE_1:$GITHUB_SHA"
    kubectl set image deployment dep2 dep2="gcr.io/$PROJECT_ID/$IMAGE_2:$GITHUB_SHA"

This way I don't have to use Kustomize that I am not familiar with.
If you have the update strategy set to RollingUpdate - - which I believe is the default - - the change in image tag will trigger the rolling update (other strategies may work as well). But to use this approach you have to use the same image tag in building Docker images and deploying them using the code above. Using the $GITHUB_SHA will provide a distinct hash for a commit that can be used to differentiate docker images.

This may not be the most elegant solution but I am sure you can come up with a better solution (like obtaining the release Tag) because this is just a variable.