开发者可以集成此action到workflow,将镜像部署到华为云容器实例。
容器镜像服务(SoftWare Repository for Container,下面简称SWR)和 云容器实例(Cloud Container Instance, CCI)
使用Deploy CCI Action前需要在CCI服务完成下面前置步骤操作。
1)服务权限管理设置
推荐使用最新版本的huaweicloud/auth-action进行华为云部署容器实例的鉴权认证。
- name: Authenticate to Huawei Cloud
uses: huaweicloud/auth-action@v1.1.0
with:
access_key_id: ${{ secrets.ACCESSKEY }}
secret_access_key: ${{ secrets.SECRETACCESSKEY }}
region: '<region>'
project_id: '<project_id>'
Name | Require | Default | Description |
---|---|---|---|
access_key | false | 华为访问密钥即AK。如果使用华为云统一鉴权huaweicloud/auth-action可以不填写该参数。 | |
secret_key | false | 访问密钥即SK。如果使用华为云统一鉴权huaweicloud/auth-action可以不填写该参数。 | |
project_id | false | 项目ID。如果使用华为云统一鉴权huaweicloud/auth-action可以不填写该参数。 | |
region | false | cn-north-4 | region:华北-北京四 cn-north-4;华东-上海二 cn-east-2;华东-上海一 cn-east-3;华南-广州 cn-south-1。如果使用华为云统一鉴权huaweicloud/auth-action可以不填写该参数。 |
namespace | true | CCI命名空间 | |
deployment | true | CCI负载名称 | |
image | true | 镜像地址,如1)swr镜像中心:nginx:latest; 2) swr我的镜像:swr.cn-north-4.myhuaweicloud.com/demo/demo:v1.1 | |
manifest | false | 负载deployment描述yaml文件 |
action片段默认使用华为云统一鉴权huaweicloud/auth-action。
- name: Deploy to CCI
uses: huaweicloud/deploy-cci-action@v1.2.0
id: deploy-to-cci
with:
namespace: 'namespace-name'
deployment: 'deployment-name'
image: nginx:latest
- name: Deploy to CCI
uses: huaweicloud/deploy-cci-action@v1.2.0
id: deploy-to-cci
with:
namespace: 'namespace-name'
deployment: 'deployment-name'
image: swr.cn-north-4.myhuaweicloud.com/demo/demo:v1.1
- name: Deploy to CCI
uses: huaweicloud/deploy-cci-action@v1.2.0
id: deploy-to-cci
with:
namespace: 'namespace-name'
deployment: 'deployment-name'
image: swr.cn-north-4.myhuaweicloud.com/demo/demo:v1.1
manifest: ./deployment.yml
以下示例为一个名为cci-deployment的Deployment负载,负载在命名空间是cci-namespace-70395701,使用swr.cn-north-4.myhuaweicloud.com/namespace/demo:v1.1t镜像创建两个Pod,每个Pod占用500m core CPU、1G内存。
apiVersion: apps/v1 # 注意这里与Pod的区别,Deployment是apps/v1而不是v1
kind: Deployment # 资源类型为Deployment
metadata:
name: cci-deployment # 必填,Deployment的名称即是负载的名称
spec:
replicas: 2 # Pod的数量,Deployment会确保一直有2个Pod运行
selector: # Label Selector
matchLabels:
app: cci-deployment # Deployment的名称即是负载的名称
template: # Pod的定义,用于创建Pod,也称为Pod template
metadata:
labels:
app: cci-deployment # Deployment的名称即是负载的名称
spec:
containers:
- image: swr.cn-north-4.myhuaweicloud.com/namespace/demo:v1.1 # 镜像地址,传入参数image会将次镜像地址替换
name: container-0
ports:
- containerPort: 80
resources:
limits:
cpu: 500m
memory: 1024Mi
requests:
cpu: 500m
memory: 1024Mi
imagePullSecrets: # 拉取镜像使用的证书,必须为imagepull-secret
- name: imagepull-secret
负载Deployment yaml文件更多介绍:Deployment
以下示例为将镜像部署到华为云容器实例workflow过程。workflow包含的步骤:
一、代码容器构建build
- 代码检出
- 打包maven项目
- SWR容器镜像服务鉴权
- 制作并推送镜像到SWR
二、部署容器实例deploy
- 华为云统一鉴权
- 安装Kubectl工具
- 部署镜像到CCI
name: Deploy CCI Actions Demo
on:
push:
branches:
master
env:
REGION_ID: region_id # set this to your preferred huaweicloud region, e.g. cn-north-4
PROJECT_ID: project_id # 项目ID,可以在华为云我的凭证获取
ACCESS_KEY_ID: ${{ secrets.ACCESSKEY }} # set this to your huaweicloud access-key-id
ACCESS_KEY_SECRET: ${{ secrets.SECRETACCESSKEY }} # set this to your huaweicloud access-key-secret
SWR_ORGANIZATION: swr_organization # SWR 组织名
IMAGE_NAME: image_name # 镜像名称
jobs:
build:
runs-on: ubuntu-latest
outputs:
image: ${{ steps.build-image.outputs.image }}
steps:
- uses: actions/checkout@v2
- name: Build with Maven
id: build-project
run: mvn package -Dmaven.test.skip=true -U -e -X -B
- name: Log in to Huawei Cloud SWR
uses: huaweicloud/swr-login@v2.1.0
with:
region: ${{ env.REGION_ID }}
access-key-id: ${{ secrets.ACCESSKEY }}
access-key-secret: ${{ secrets.SECRETACCESSKEY }}
- name: Build, Tag, and Push Image to Huawei Cloud SWR
id: build-image
env:
SWR_REGISTRY: swr.${{ env.REGION_ID }}.myhuaweicloud.com
SWR_ORGANIZATION: ${{ env.SWR_ORGANIZATION }}
IMAGE_TAG: ${{ github.sha }}
IMAGE_NAME: ${{ env.IMAGE_NAME }}
run: |
docker build -t $SWR_REGISTRY/$SWR_ORGANIZATION/$IMAGE_NAME:$IMAGE_TAG .
docker push $SWR_REGISTRY/$SWR_ORGANIZATION/$IMAGE_NAME:$IMAGE_TAG
echo "::set-output name=image::$SWR_REGISTRY/$SWR_ORGANIZATION/$IMAGE_NAME:$IMAGE_TAG"
deploy:
needs: build
runs-on: ubuntu-latest
steps:
- name: Authenticate to Huawei Cloud
uses: huaweicloud/auth-action@v1.1.0
with:
access_key_id: ${{ secrets.ACCESSKEY }}
secret_access_key: ${{ secrets.SECRETACCESSKEY }}
region: ${{ env.REGION_ID }}
project_id: ${{env.PROJECT_ID}}
- name: Kubectl Tool Installer
id: install-kubectl
uses: Azure/setup-kubectl@v2.1
# 通过镜像新建或者更新负载
- name: Deploy to CCI
uses: huaweicloud/deploy-cci-action@v1.2.0
id: deploy-to-cci
with:
namespace: action-namespace-name
deployment: action-deployment-name
image: ${{ needs.build.outputs.image }}
详情可参考 deploy-cci-workflow-sample
1.此Action是部署云容器实例CCI, 使用过程会调用华为云服务OpenAPI,涉及到云服务是: 统一身份认证服务 IAM,云容器实例 CCI,虚拟私有云 VPC,弹性负载均衡 ELB。华为云服务OpenAPI统一公网汇总页面华为云地区和终端节点