| title | intro | redirect_from | versions | type | topics | shortTitle | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Deploying to Google Kubernetes Engine | You can deploy to Google Kubernetes Engine as part of your continuous deployment (CD) workflows. |
|
| tutorial |
| Deploy to Google Kubernetes Engine |
{% data reusables.actions.enterprise-github-hosted-runners %}
This guide explains how to use {% data variables.product.prodname_actions %} to build a containerized application, push it to Google Container Registry (GCR), and deploy it to Google Kubernetes Engine (GKE) when there is a push to the main branch.
GKE is a managed Kubernetes cluster service from Google Cloud that can host your containerized workloads in the cloud or in your own datacenter. For more information, see Google Kubernetes Engine.
Note
{% data reusables.actions.about-oidc-short-overview %}
Before you proceed with creating the workflow, you will need to complete the following steps for your Kubernetes project. This guide assumes the root of your project already has a Dockerfile and a Kubernetes Deployment configuration file.
To create the GKE cluster, you will first need to authenticate using the gcloud CLI. For more information on this step, see the following articles:
For example:
$ gcloud container clusters create $GKE_CLUSTER \ --project=$GKE_PROJECT \ --zone=$GKE_ZONEEnable the Kubernetes Engine and Container Registry APIs. For example:
$ gcloud services enable \ containerregistry.googleapis.com \ container.googleapis.comThis procedure demonstrates how to create the service account for your GKE integration. It explains how to create the account, add roles to it, retrieve its keys, and store them as a base64-encoded {% ifversion fpt or ghec %}encrypted {% endif %}repository secret named GKE_SA_KEY.
Create a new service account:
gcloud iam service-accounts create $SA_NAMERetrieve the email address of the service account you just created:
gcloud iam service-accounts list
Add roles to the service account.
[!NOTE] Apply more restrictive roles to suit your requirements.
gcloud projects add-iam-policy-binding $GKE_PROJECT \ --member=serviceAccount:$SA_EMAIL \ --role=roles/container.admin gcloud projects add-iam-policy-binding $GKE_PROJECT \ --member=serviceAccount:$SA_EMAIL \ --role=roles/storage.admin gcloud projects add-iam-policy-binding $GKE_PROJECT \ --member=serviceAccount:$SA_EMAIL \ --role=roles/container.clusterViewer
Download the JSON keyfile for the service account:
gcloud iam service-accounts keys create key.json --iam-account=$SA_EMAILStore the service account key as a secret named
GKE_SA_KEY:export GKE_SA_KEY=$(cat key.json | base64)
For more information about how to store a secret, see AUTOTITLE.
Store the name of your project as a secret named GKE_PROJECT. For more information about how to store a secret, see AUTOTITLE.
Kustomize is an optional tool used for managing YAML specs. After creating a kustomization file, the workflow below can be used to dynamically set fields of the image and pipe in the result to kubectl. For more information, see kustomize usage.
{% data reusables.actions.about-environments %}
Once you've completed the prerequisites, you can proceed with creating the workflow.
The following example workflow demonstrates how to build a container image and push it to GCR. It then uses the Kubernetes tools (such as kubectl and kustomize) to pull the image into the cluster deployment.
Under the env key, change the value of GKE_CLUSTER to the name of your cluster, GKE_ZONE to your cluster zone, DEPLOYMENT_NAME to the name of your deployment, and IMAGE to the name of your image.
{% data reusables.actions.delete-env-key %}
{% data reusables.actions.actions-not-certified-by-github-comment %}{% data reusables.actions.actions-use-sha-pinning-comment %}name: Build and Deploy to GKEon: push: branches: - mainenv: PROJECT_ID: {% raw %}${{ secrets.GKE_PROJECT }}{% endraw %}GKE_CLUSTER: cluster-1 # Add your cluster name here.GKE_ZONE: us-central1-c # Add your cluster zone here.DEPLOYMENT_NAME: gke-test # Add your deployment name here.IMAGE: static-sitejobs: setup-build-publish-deploy: name: Setup, Build, Publish, and Deployruns-on: ubuntu-latestenvironment: productionsteps: - name: Checkoutuses: {% data reusables.actions.action-checkout %}# Setup gcloud CLI - uses: google-github-actions/setup-gcloud@1bee7de035d65ec5da40a31f8589e240eba8fde5with: service_account_key: {% raw %}${{ secrets.GKE_SA_KEY }}{% endraw %}project_id: {% raw %}${{ secrets.GKE_PROJECT }}{% endraw %}# Configure Docker to use the gcloud command-line tool as a credential# helper for authentication - run: |- gcloud --quiet auth configure-docker# Get the GKE credentials so we can deploy to the cluster - uses: google-github-actions/get-gke-credentials@db150f2cc60d1716e61922b832eae71d2a45938fwith: cluster_name: {% raw %}${{ env.GKE_CLUSTER }}{% endraw %}location: {% raw %}${{ env.GKE_ZONE }}{% endraw %}credentials: {% raw %}${{ secrets.GKE_SA_KEY }}{% endraw %}# Build the Docker image - name: Buildrun: |- docker build \ --tag "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" \ --build-arg GITHUB_SHA="$GITHUB_SHA" \ --build-arg GITHUB_REF="$GITHUB_REF" \ .# Push the Docker image to Google Container Registry - name: Publishrun: |- docker push "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA"# Set up kustomize - name: Set up Kustomizerun: |- curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64 chmod u+x ./kustomize# Deploy the Docker image to the GKE cluster - name: Deployrun: |- ./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA ./kustomize build . | kubectl apply -f - kubectl rollout status deployment/$DEPLOYMENT_NAME kubectl get services -o wideFor more information on the tools used in these examples, see the following documentation:
- For the full workflow template, see the "Build and Deploy to GKE" workflow.
- The Kubernetes YAML customization engine: Kustomize.
- Deploying a containerized web application in the Google Kubernetes Engine documentation.
