This plugin allows to update a container image of a Kubernetes deployment.
This pipeline will update the web-server deployment with the image docker.io/username/webserver:0.0.1
- name: deploy
image: docker.io/abogatikov/drone-kubernetes-image-updater
settings:
kubernetes_server: https://lb.example.com
kubernetes_token: PS1...
kubernetes_cert: YVdObF...
kubernetes_cluster: cluster.local
kubernetes_user: drone-deploy
namespace: web
deployment: web-server
repo: docker.io/username/webserver
container: server
tag: 0.0.1- Multiple deployments (e.g. deployment: [
web-test,web-stage]) - Multiple containers (e.g. containers: [
server,worker]) - Receive tag from previous steps (
echo -n "0.0.1" > /drone/srs/.tags)
If your cluster is protected by RBAC (role-based access control), it is necessary to create a custom ServiceAccount with the appropriate permissions (ClusterRole and ClusterRoleBinding).
As an example (for the web namespace):
apiVersion: v1
kind: ServiceAccount
metadata:
name: drone-deploy
namespace: web
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: drone-deploy
namespace: web
rules:
- apiGroups: ["extensions"]
resources: ["deployments"]
verbs: ["get","list","patch","update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: drone-deploy
subjects:
- kind: ServiceAccount
name: drone-deploy
namespace: web
roleRef:
kind: ClusterRole
name: drone-deploy
apiGroup: rbac.authorization.k8s.io- Get token of secret
drone
kubectl -n web describe secret $(kubectl -n web get secret |grep drone |awk '{print $1}')- Get data of k8s cert
SECRET_NAME=$(kubectl -n web get secret |grep drone |awk '{print $1}')
kubectl -n web get secret $SECRET_NAME -o "jsonpath={.data['ca\.crt']}"