DEV Community: Thodoris Velmachos

Do you want to change Storageclass to your PVs?

Thodoris Velmachos — Fri, 17 Jan 2025 18:45:57 +0000

If the answer is yes, then keep reading, in the past few days one of my clients ask me to migrate the Kubernetes Cluster from GKE to a different Cloud provider as an unmanaged cluster, I believe the most difficult and time consuming task is to migrate the data from the GKE cluster to a unmanaged cluster, so I decided to use Longhorn as part of my solution to the problem but in the GKE cluster we didn’t use Longhorn as a result the Persistent volumes was the gcp native storageclass (kubernetes.io/gce-pd) after googling the problem I have decided to use Rsync to copy the data between pvs. So the approach I have followed is the following

I provision the respective pvc/pv with storageclass longhorn.
I have build a simple rsync docker image.
I have deployed a simple pod to copy the data from the original pvc to the new pvc.

cat << EOF | k apply -f-
apiVersion: v1
kind: Pod
metadata:
  name: migrate-pv-1
  namespace: default
spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
          - matchExpressions:
              - key: kubernetes.io/hostname
                operator: In
                values:
                  - "<nodename>"
  containers:
    - command:
      - sh
      - -c
      - |
        set -x
        n=0
        rc=1
        retries=10
        attempts=$((retries+1))
        period=5

        while [[ $n -le $retries ]]
        do
          rsync -av --info=progress2,misc0,flist0 --no-inc-recursive -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=5" -z /source// /dest//  && rc=0 && break
          n=$((n+1))
          echo "rsync attempt $n/$attempts failed, waiting $period seconds before trying again"
          sleep $period
        done

        if [[ $rc -ne 0 ]]; then
          echo "rsync job failed after $retries retries"
        fi
        exit $rc
      image: <registry>/rsync-image:v1
      name: rsync
      volumeMounts:
      - mountPath: /source
        name: vol-0
        readOnly: true
      - mountPath: /dest
        name: vol-1
  restartPolicy: Never
  volumes:
  - name: vol-0
    persistentVolumeClaim:
      claimName: data-minio-distributed-0
      readOnly: true
  - name: vol-1
    persistentVolumeClaim:
      claimName: minio-distributed-0
EOF

Another option is to use the folowing awesome project https://github.com/utkuozdemir/pv-migrate

Thank you.

Do you want to upgrade MongoDB from version 5 to 7 on K8s?

Thodoris Velmachos — Fri, 19 Jul 2024 13:59:36 +0000

Are you wondering how you can upgrade MongoDB from version 5 to 7 without affecting old MongoDB instance and without spending time and resource to migrate the data from the old MongoDB instance to the new one?

The answer to the question at least regarding the data is Velero, as you can see from the following snippet I am using Velero to take incremental snapshots of the stateful workloads running in the K8s Clusters (GKE) and helm to deploy a new instance of MongoDB (just to mention the values found bellow is just for testing), it goes without saying that if you want to deploy any workload to K8s you will use Gitops tools like FluxCD / ArgoCD instead of just deploy them imperatively using the cli tools helm, kubectl.

# Clone Volume
1. velero restore create test-mongorestore-only-pvc-pv --include-resources PersistentVolume,PersistentVolumeClaim --from-backup backup-app-mongodb-auto-20240719020007 --namespace-mappings default:dblabs
2. 
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm upgrade --install test-mongo-upgrade-7 bitnami/mongodb --version 12.1.31 -f values.yaml
---
image:
  tag: "6.0"
auth:
  enabled: true
  rootPassword: "<same pass>"
persistence:
  enabled: true
  existingClaim: datadir-mongodb-0
3. Set featureCompatibilityVersion = 6.0
db.adminCommand({ setFeatureCompatibilityVersion: "6.0" });
db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } ).featureCompatibilityVersion.version
4 helm upgrade --install test-mongo-upgrade-6 my-repo/mongodb --version 12.1.31 -f values.yaml
---
image:
  tag: "7.0"
auth:
  enabled: true
  rootPassword: "<same pass>"
persistence:
  enabled: true
  existingClaim: datadir-mongodb-0
5. Set featureCompatibilityVersion = 7.0
db.adminCommand({ setFeatureCompatibilityVersion: "7.0", confirm: true });
db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } ).featureCompatibilityVersion.version

More information can be found in the following links

https://www.digitalocean.com/community/questions/mongodb-updated-this-morning-to-7-0-1-now-wont-restart

https://www.mongodb.com/docs/manual/reference/command/setFeatureCompatibilityVersion/

I hope it helps. Cheers!

Reindex Indices with Python

Thodoris Velmachos — Fri, 15 Dec 2023 21:18:43 +0000

Hello, do you want to re index multiple indices and until now you are doing it manually, then checkout the repo I have created this simple Python Script to automate this time consuming process.

Link to the repo: reindex script

Give it try, I hope it helps, Cheers!

Consul Service Discovery on Prometheus.

Thodoris Velmachos — Fri, 31 Mar 2023 17:45:51 +0000

Hello, I hope you are well and safe, I don't know if you scrape Metrics from your Kubernetes workloads dynamically using Consul Service Catalog as Service Discovery Method.

I would like to mention that all the workloads are running on Kubernetes, so in order to monitor them I am using Prometheus Operator, as a result, I have configured it to identify the pods that match specific criteria in the metadata fields.

Finally, in the following example, I will try to show you how you can define a Prometheus scraper that uses Consul Service Catalog as a Service Registry.

Let's Dive in...

          - job_name: "test-consul-sd-backend"
            consul_sd_configs:
              - server: "consul-server.consul-system.svc.cluster.local:8500"
            relabel_configs:
              - source_labels: [__meta_consul_service]
                regex: .*backend.*
                action: keep
              - source_labels: [__meta_consul_service]
                target_label: job
            scrape_interval: 60s
            metrics_path: "/api/metrics"

of course, you can any of the fields found in the Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config

I hope you like the tutorial, if you do give it a thumps up! and follow me on Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.

Media Attribution

I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.

Thank you, Cheers!!!

Do you want to enforce Least Privilege Principle to k8s Api Server?

Thodoris Velmachos — Mon, 05 Dec 2022 22:23:47 +0000

Hello, in this tutorial I will describe the steps needed to be followed in order to provide access to the Kubernetes Clusters easier in more controlled way by leveraging Kubernetes RBAC in order to Fine Grain the assigned permissions to k8s users i.e Development Teams.

Teleport in the rescue, let's Dive in...

Prerequisite Steps:
A Teleport Instance, please see the following links:

Lets proceed with the next steps.

On the k8s Cluster lets create a Service Account a Cluster Role and a Cluster Role Binding.

# The imperative way
cat << EOF | kubectl delete -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: developers-view-sa
  namespace: default

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: developers-view-cr 
rules:
- verbs: ["get", "list", "watch"]
  resources: 
  - namespaces
  - services
  - endpoints
  - pods
  - deployments
  - configmaps
  - jobs
  - cronjobs
  - daemonsets
  - statefulsets
  - replicasets
  - persistentvolumes
  apiGroups: ["","apps","batch"]
- verbs: ["get", "list", "watch"]
  resources:
  - pods/portforward
  - svc/portforward
  apiGroups: [""]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: developers-view-rb
  namespace: default
subjects:
- kind: ServiceAccount
  name: developers-view-sa
  namespace: default
roleRef:
  kind: ClusterRole
  name: developers-view-cr
  apiGroup: rbac.authorization.k8s.io
EOF

Finally, you need to create a Role and assign it to the members of your Development team, personally I prefer to leverage Github SSO in order to avoid creating manually the Users see the following link: - https://goteleport.com/docs/kubernetes-access/controls/.

kind: github
metadata:
  name: github
spec:
  client_id: xxxxxxxxxxxxxxx
  client_secret: xxxxxxxxxxxxxxx
  display: GitHub
  endpoint_url: ""
  redirect_url: https://<domain>/v1/webapi/github/callback
  teams_to_logins:
  - logins:
    - access
    - <k8s-role> i.e kube-dev-access
    organization: <GithubOrg>
    team: <GithubTeam>
  teams_to_roles: null
version: v3

Then go to Roles and create an a new Role.

kind: role
metadata:
  id: 1670274429591976402
  name: kube-dev-access
spec:
  allow:
    kubernetes_groups:
    - developers-view-cr
    kubernetes_labels:
      '*': '*'
    kubernetes_users:
    - system:serviceaccount:default:developers-view-sa
    rules:
    - resources:
      - '*'
      verbs:
      - get
      - list
      - watch
  deny: {}
  options:
    cert_format: standard
    create_host_user: false
    desktop_clipboard: true
    desktop_directory_sharing: true
    enhanced_recording:
    - command
    - network
    forward_agent: false
    max_session_ttl: 30h0m0s
    pin_source_ip: false
    port_forwarding: true
    record_session:
      default: best_effort
      desktop: true
    ssh_file_copy: true
version: v5

I hope you like the tutorial, if you do give a thumps up! and follow me in Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.

Media Attribution

I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.

Happy Teleporting, Thank you, Cheers!!!

How to Migrate Indices from Elasticsearch.

Thodoris Velmachos — Mon, 14 Nov 2022 22:01:39 +0000

Hello, in this tutorial I will describe the steps needed to be follow in order to migrate Indices from Elasticsearch to another Elasticsearch Instance. To accomplish this goal I will use this fantastic cli called elasticsearch-dump to perform the necessary operations (PUT/GET) and Minio S3 Compatible Object Storage to temporarily store the ES indices.

Lets Dive in...

Step1. Clone the repository and build the image.

1. git clone https://github.com/elasticsearch-dump/elasticsearch-dump

2. cd elasticsearch-dump 

3. Add any missing packages like curl nano e.t.c
### Start DockerFile 
FROM node:14-buster-slim
LABEL maintainer="ferronrsmith@gmail.com"
ARG ES_DUMP_VER
ENV ES_DUMP_VER=${ES_DUMP_VER:-latest}
ENV NODE_ENV production

RUN npm install elasticdump@${ES_DUMP_VER} -g
RUN apt-get update \
    && apt-get install -y curl \
    && rm -rf /var/lib/{apt,dpkg,cache,log}
COPY docker-entrypoint.sh /usr/local/bin/

ENTRYPOINT ["docker-entrypoint.sh"]

CMD ["elasticdump"]

4. docker build . -t <docherhub-user>/<image-name>:<release-version> 

5. docker login -u <username> 

6. docker push <docherhub-user>/<image-name>:<release-version>

Step2. Create a Persistent Volume for the Kubernetes job

cat << EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  labels:
    app.kubernetes.io/name: elasticdumpclient-pvc
  name: elasticdumpclient-pvc
  namespace: default
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: <depends on the Cloud Provider>
  volumeMode: Filesystem
EOF

Step3. Create a new Kubernetes Job and mount the previously provisioned Persistent Volume.

cat << EOF | kubectl apply -f -
apiVersion: batch/v1
kind: Job
metadata:
  name: elasticdumpclient
  labels:
    app: elasticdumpclient
spec:
  template:
    spec:
      initContainers:
        - name: fix-data-dir-permissions
          image: alpine:3.16.2
          command:
            - chown
            - -R  
            - 1001:1001
            - /data
          volumeMounts:
            - name: elasticdumpclient-pvc
              mountPath: /data
      containers:
        - name: elasticdumpclient
          image:  thvelmachos/elasticdump:6.68.0-v1
          command: ["/bin/sh", "-ec", "sleep 460000"] 
          imagePullPolicy: Always
          volumeMounts:
            - name: elasticdumpclient-pvc
              mountPath: /data
      restartPolicy: Never
      volumes:
        - name: elasticdumpclient-pvc
          persistentVolumeClaim:
            claimName: elasticdumpclient-pvc
  backoffLimit: 1
EOF

Step3. Upload a Script to the Kubernetes Job

kubectl cp <local-path>/migrate-es-indices.sh <pod-name>:/data/migrate-es-indices.sh

# cat migrate-es-indices.sh
#!/bin/sh
arr=$(curl -X GET -L 'http://elasticsearch-master.default.svc.cluster.local:9200/_cat/indices/?pretty&s=store.size:desc' | grep -E '[^access](logs-)' | awk '{print $3}')

for idx in $arr; do
  echo "Working: $idx"
  elasticdump --s3AccessKeyId "<access-key>" --s3SecretAccessKey "<secret-key>" --input=http://http://elasticsearch-master.default.svc.cluster.local:9200/$idx --output "s3://migrate-elastic-indices/$idx.json" --s3ForcePathStyle true --s3Endpoint https://<minio-endpoint>:<port>
done

Step4. Execute the Script.

chmod +x /data/migrate-es-indices.sh
# Send job to the Background with nohup
nohup sh /data/migrate-es-indices.sh  > /data/migrate.out  2>&1  &

That's it, Enjoy!!!

I hope you like the tutorial, if you do give a thumps up! and follow me in Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.

Media Attribution

I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.

Deploy Promtail as a Sidecar to you Main App.

Thodoris Velmachos — Sat, 12 Nov 2022 11:48:27 +0000

Hello, in this tutorial the goal is to describe the steps needed to deploy Promtail as a Sidecar container to your app in order to ship only the logs you will need to the Log Management System in our case we will use Grafana Loki.

Before we start, I would like to explain to you the reasoning behind the use of the two Kubernetes Objects a Configmap and emptyDir Volume. So we will use a emptyDir Volume create a shared temporary space between Containers in which the app logs will reside, also we will use a Configmap to store the necessary configuration used by Promtail in order to know which files need to monitor and where we want to ship the Logs in our case the Loki Url.

So, lets Dive in…

Step1. Create the ConfigMap to store the configuration (promtail.yaml) for Promtail.

apiVersion: v1
kind: ConfigMap
metadata:
  name: promtail-sidecar-config-map
data:
  promtail.yaml: |
      server:
        http_listen_port: 9080
        grpc_listen_port: 0
        log_level: "debug"
      positions:
        filename: /tmp/positions.yaml
      clients: # Specify target
        - url: http://loki.monitoring.svc.cluster.local:3100/loki/api/v1/push
      scrape_configs:
        - job_name:  "<app-name>" 
          static_configs: 
            - targets: 
                - localhost 
              labels:
                app: "storage-service"
                environment: "<environment-name>" 
                __path__: /app/logs/*.log # Any file .log in the EmptyDir Volume.

Step2. Make the necessary changes in the Deployment Manifest.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: <app-service>
  labels:
    app: <app-service>
spec:
  replicas: 1
  selector:
    matchLabels:
      app: <app-service>
  template:
    metadata:
      labels:
        app: <app-service>
    spec:
      containers:
        - name: <app-service>
          image: <your-name>/<app-service>
          imagePullPolicy: Always
          ports:
            - containerPort: <app-port>
          readinessProbe:
            exec:
              command: ["<your health-check>"]
            initialDelaySeconds: 5
          livenessProbe:
            exec:
              command: ["<your health-check>"]
            initialDelaySeconds: 10
          env:
            - name: <ENV-VAR-1>
              valueFrom:
                configMapKeyRef:
                  name: <app-service>-config-map
                  key: appName
            - name:  <ENV-VAR-2>
              valueFrom:
                secretKeyRef:
                  name: <app-service>-secret
                  key: <secret-key>
          volumeMounts:
           - name: shared-logs # shared space monitored with Promtail
             mountPath: /app/logs
        # Sidecar Container Promtail
        - name: promtail
          image: grafana/promtail:master
          args: 
            - "-config.file=/etc/promtail/promtail.yaml" # Found in the ConfigMap
          volumeMounts:
            - name: config
              mountPath: /etc/promtail
            - name: shared-logs # shared space
              mountPath: /app/logs
      imagePullSecrets:
        - name: <registry-secret> # if needed
      volumes:
         - name: config
           configMap:
            name: promtail-sidecar-config-map
         - name: shared-logs  # shared space monitored with Promtail
           emptyDir: 
          sizeLimit: 500Mi

I hope you like the tutorial, if you do give a thumps up! and follow me in Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.

Media Attribution

I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.

How to Backup a Mongo DB In K8s.

Thodoris Velmachos — Fri, 11 Nov 2022 19:39:33 +0000

Hello, in this tutorial the goal is to describe the steps needed to backup a Mongo Database in a simple straight forward way, so I will leverage the use of the Kubernetes Job to perform this task.

The Commands for Mongo Backup/Restore is the following.

- mongodump --uri 'mongodb://root:$MONGODB_ROOT_PASSWORD@mongo-mongodb.default.svc.cluster.local:27017/org1?authSource=admin&ext.auth.askPassword=true' --gzip --archive > /data/dump_<db-name>.gz

- mongorestore --uri "mongodb://root:<password>@mongodb.default.svc.cluster.local:27017/<sdb-name>?authMechanism=SCRAM-SHA-256&authSource=admin"  --gzip --archive=/data/mongo/dump_<db-name>.gz

So, Lets Start...

Step1. Provision a Persistent Volume.

cat << EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  labels:
    app.kubernetes.io/name: pgdumpclient-pvc
  name: mongodumpclient-pvc
  namespace: default
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 20Gi
  mongodumpclient: standard #GKE -- Depends on the Cloud Provider
  volumeMode: Filesystem
EOF

Step2. Start a Kubernetes Job in which we are referencing the previously provision PVC (aka Persistent Volume Claim) and before starting the process we are changing the owner of the volume mount i.e "/data" in order the mongodump to be able to save the dump.

# Kubernetes Dump Job
cat << EOF | kubectl apply -f -
apiVersion: batch/v1
kind: Job
metadata:
  name: mongodump
  labels:
    app: mongodump
spec:
  template:
    spec:
      initContainers:
        - name: fix-data-dir-permissions
          image: alpine:3.16.2
          command:
            - chown
            - -R  
            - 1001:1001
            - /data
          volumeMounts:
            - name: mongodumpclient-pvc
              mountPath: /data
      containers:
        - name: mongodump
          image: docker.io/bitnami/mongodb:5.0.3 
          command: ["/bin/sh", "-ec", "sleep 120","mongodump --uri 'mongodb://root:$MONGODB_ROOT_PASSWORD@mongo-mongodb.default.svc.cluster.local:27017/org1?authSource=admin&ext.auth.askPassword=true' --gzip --archive > /data/dump_<db-name>.gz"] 
          imagePullPolicy: Always
          env:
            - name: MONGODB_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: mongodb
                  key: mongodb-root-password
          volumeMounts:
            - name: mongodumpclient-pvc
              mountPath: /data
      restartPolicy: Never
      volumes:
        - name: mongodumpclient-pvc
          persistentVolumeClaim:
            claimName: mongodumpclient-pvc
  backoffLimit: 1
EOF

Step3. Finally we are retrieving the MongoDB Dump file from the Pod.

kubectl cp mongodump-<random>:/data/dump_<db-name>.gz /<local-path>/

Now In the New Cluster we will follow the same approach in order to restore the Mongo Database to the other MongoDB Instance.

I hope you like the tutorial, if you do give a thumps up! and follow me in Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.

Media Attribution

I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.

Pods running in GKE are not mounting their PVs.

Thodoris Velmachos — Thu, 03 Nov 2022 21:17:49 +0000

If you have faced the following problem (see the screenshot), then you know probably the specific node where the persistent volume resides is not working properly and more specifically the kubelet is not working properly!

So, I would suggest the following two actions:

Check the Volume Attachments more details can be found in the following link: https://veducate.co.uk/kubelet-unable-attach-volumes/

See also the Google Documentation how to add a new node to the nodepool
https://cloud.google.com/kubernetes-engine/docs/how-to/node-pools

Add a new node in the nodepool and drain the problematic one!

kubectl drain <node-name> --ignore daemonsets -- delete-emptydir-data

I hope you like the tutorial, if you do give a thumps up! and follow me in Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.

Media Attribution

I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.

Do you know the project called Otomi?

Thodoris Velmachos — Thu, 03 Nov 2022 20:34:06 +0000

Have you heard this awesome project called Otomi (https://otomi.io/) by Red Kubes (https://www.redkubes.com/).

Documentation: https://otomi.io/docs/installation/get-started

The Installation is super easy (a simple Helm install), I have installed on top of a k3s (https://k3s.io/)!

The most Awesome thing about Otomi is that it comes with all the goodies baked in!

Visit the following url to see all the Features:
https://www.redkubes.com/features-otomi-container-platform/

Security Best Practices

A Complete Suite of Applications

Also the best thing is that everything is managed the GitOps Way! Literally any change is pushed to the management Gitea and are being deployed with Drone(https://docs.drone.io/) of course you can integrate your favorite CD tool like ArgoCD or FluxCD!

I think it is Awesome, Check it out and tell in the comments if you like it !

I hope you like the tutorial, if you do give a thumps up! and follow me in Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.

Media Attribution

I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.

How to execute Ansible Playbook with a Github Action.

Thodoris Velmachos — Thu, 03 Nov 2022 20:14:34 +0000

Hello, are you wondering if you can execute an Ansible Playbook with a Github action, then please continue reading.

In the particular case I needed to build a Docker image and push it on Dockerhub and after that manipulate the Docker Compose Manifest in order to update the service of the Stacks running in Swarm Mode.

So, Let's Dive In...


name: Build-Push-Deploy-Docker-Image
on:
  workflow_dispatch:
    inputs:
      imageTag:
        description: "Image Tag"
        required: true
        default: "0.0.0"
      action:
        description: "Both runs CI/CD Stages"
        required: true
        default: "both"
jobs:
  build:
    if: inputs.action == 'both'
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USER }}
          password: ${{ secrets.DOCKER_PASS }}
      - name: Prep Docker Image (Metadata)
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: # <specify the image name>
          tags: ${{ inputs.imageTag }} # Tag
      - name: Build and push
        uses: docker/build-push-action@v3
        with:
          context: ./
          platforms: linux/amd64
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

  deployAnsible:
    if: inputs.action == 'both'
    needs: build
    runs-on: ubuntu-latest
    env: 
      SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} 
      NEW_IMAGE_TAG: app:${{ inputs.imageTag }}
    steps:
      - uses: actions/checkout@v3
      - uses: ./.github/actions/ansible
        with: 
          playbook: ./.github/ansible/playbook.yml
          inventory: ./.github/ansible/inventory

  testDeployAnsible:
    if: inputs.action == 'test-cd'
    runs-on: ubuntu-latest
    env: 
      SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} 
      NEW_IMAGE_TAG: app:${{ inputs.imageTag }}
    steps:
      - uses: actions/checkout@v3
      - uses: ./.github/actions/ansible
        with: 
          playbook: ./.github/ansible/playbook.yml
          inventory: ./.github/ansible/inventory


#./.github/ansible/playbook.yml
---
- hosts: all
  remote_user: deploy
  gather_facts: false

  pre_tasks:
    - name: Loading environment variables
      tags: always
      set_fact:
        SSH_PRIVATE_KEY: "{{ lookup('env', 'SSH_PRIVATE_KEY') }}"
        NEW_IMAGE_TAG: "{{ lookup('env', 'NEW_IMAGE_TAG') }}"

  tasks:
    - name: create .ssh directory
      file:
        path: /root/.ssh/
        state: directory
        mode: '0600'
      delegate_to: localhost
      delegate_facts: true

    - name: Write SSH Key 
      copy:
        content: "{{ SSH_PRIVATE_KEY }}"
        dest: /root/.ssh/ansible_key
        mode: 0400 
      delegate_to: localhost
      delegate_facts: true

    - name: Get hostname
      shell: echo "$(hostname)"
      register: result

    ### Actual Deploy of the app new version
    - name: Backup Stack File
      shell: "cp -vf /home/deploy/<app>/<stack>.yaml /home/deploy/<app>/<stack>.yaml.bak"
      when:  result.stdout == "<hostname>"

    - name: Modify the App Version
      shell: sed -i -E 's/app:[0-9\.]+/{{ NEW_IMAGE_TAG }}/g' /home/deploy/<app>/<stack>.yaml
      when:  result.stdout == "<hostname>"

    - name: Restart Stack to Pull Image
      shell: "docker stack deploy -c /home/deploy/<app>/<stack>.yaml <app>-stack --with-registry-auth"
      when:  result.stdout == "<hostname>"

    - name: Sleep for 10 seconds 
      ansible.builtin.wait_for:
        timeout: 10
      delegate_to: localhost

    - name:  List the deployed Docker Swarm Serv
      shell: "docker service ls"
      when:  result.stdout == "<hostname>"

    - name:  List the deployed Docker Swarm Serv
      shell: "docker ps -a --filter status=running"
      when:  result.stdout == "<hostname>"

I hope you like the tutorial, if you do give a thumps up! and follow me in Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.

Media Attribution

I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.

How to Update an Kubernetes Image Imperatively.

Thodoris Velmachos — Thu, 03 Nov 2022 19:33:08 +0000

In the rare case you need to update the Container Images Manually instead of managing the Deployment the GitOps Way via FluxCD or ArgoCD. Then see the commands bellow.

With FluxCD you can do the following:

Ask FluxCD to stop managing the Deployment / Statefulset.

flux suspend kustomization <kustomization-name>

Update the image with the following commands.

kubectl set image statefulsets.apps/<statefulset-name> <container-name>=<image-name>
OR
kubectl patch statefulsets.apps/<statefulset-name> -p '{"spec":{"containers":[{"name":"<container-name>","image":"<image-name>"}]}}'

Ensure the Image has been updated.

kubectl get statefulsets.apps/<statefulset-name>-o=jsonpath='{$.spec.template.spec.containers[:1].image}'

I hope you like the tutorial, if you do give a thumps up! and follow me in Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.

Media Attribution

I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.