GithubAction HOL - 정리중

  • Category : Azure
  • Tag : Azure

GithubAction CICD Webapp SpringBoot Project 배포

1.

# Create Resource Group
az group create -l KoreaCentral -n cicd-0804-kms-rg

# Deploy template with in-line parameters
az deployment group create -g cicd-0804-kms-rg  --template-uri https://github.com/Azure/AKS-Construction/releases/download/0.10.0/main.json --parameters \
	resourceName=aks0804-kms \
	agentCount=1 \
	upgradeChannel=stable \
	JustUseSystemPool=true \
	agentVMSize=Standard_DS2_v2 \
	osDiskType=Managed \
	custom_vnet=true \
	enable_aad=true \
	AksDisableLocalAccounts=true \
	enableAzureRBAC=true \
	adminPrincipalId=$(az ad signed-in-user show --query id --out tsv) \
	registries_sku=Basic \
	acrPushRolePrincipalId=$(az ad signed-in-user show --query id --out tsv) \
	keyVaultAksCSI=true \
	keyVaultCreate=true \
	keyVaultOfficerRolePrincipalId=$(az ad signed-in-user show --query id --out tsv) \
	automationAccountScheduledStartStop=Weekday

2.

$ az group show -n cicd-0804-kms-rg
Location      Name
------------  ----------------
koreacentral  cicd-0804-kms-rg

3.

$ az group show -n cicd-0804-kms-rg --output json
{
  "id": "/subscriptions/5c557d7b-891b-4506-b3a1-a76d259641ed/resourceGroups/cicd-0804-kms-rg",
  "location": "koreacentral",
  "managedBy": null,
  "name": "cicd-0804-kms-rg",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null,
  "type": "Microsoft.Resources/resourceGroups"
}

4.

az ad sp create-for-rbac --name cicd0804-sp --role Contributor --scope "/subscriptions/5c557d7b-891b-4506-b3a1-a76d259641ed/resourceGroups/cicd-0804-kms-rg" --sdk-auth

5.

az role assignment create --assignee $(az ad sp list --display-name "cicd0804-sp" --query '[0].appId' -o tsv) --role "Azure Kubernetes Service RBAC Admin" --scope /subscriptions/5c557d7b-891b-4506-b3a1-a76d259641ed/resourceGroups/cicd-0804-kms-rg --output json

5. Result

{
  "canDelegate": null,
  "condition": null,
  "conditionVersion": null,
  "description": null,
  "id": "/subscriptions/5c557d7b-891b-4506-b3a1-a76d259641ed/resourceGroups/cicd-0804-kms-rg/providers/Microsoft.Authorization/roleAssignments/d81ff3cb-7a85-4e39-863d-541a62745db1",
  "name": "d81ff3cb-7a85-4e39-863d-541a62745db1",
  "principalId": "50b424b1-ef02-4f15-9dc3-47636ffa35a3",
  "principalName": "3850d7e3-ff51-4634-8586-16b720a05d17",
  "principalType": "ServicePrincipal",
  "resourceGroup": "cicd-0804-kms-rg",
  "roleDefinitionId": "/subscriptions/5c557d7b-891b-4506-b3a1-a76d259641ed/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7",
  "roleDefinitionName": "Azure Kubernetes Service RBAC Admin",
  "scope": "/subscriptions/5c557d7b-891b-4506-b3a1-a76d259641ed/resourceGroups/cicd-0804-kms-rg",
  "type": "Microsoft.Authorization/roleAssignments"
}

6.

az resource list -g cicd-0804-kms-rg -o table

build.yml

name: Build and Push to ACR

on:
  workflow_call:
      secrets:
        AZURE_CREDENTIALS:
          required: true
permissions:
  contents: read
  id-token: write

env:
  AZURE_CONTAINER_REGISTRY: $
  CONTAINER_NAME: $
  RESOURCE_GROUP: $

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      # Checks out the repository this file is in
      - uses: actions/checkout@v3

      # Logs in with your Azure credentials
      - name: Azure login
        uses: azure/login@v1
        with:
          creds: '$'

      # Builds and pushes an image up to your Azure Container Registry
      - name: Build and push image to ACR
        run: |
          az acr build --image $.azurecr.io/$:$ --registry $ -g $ ./demo-jar

deploy.yml

name: Deploy to AKS

on:
  workflow_call:
      secrets:
        AZURE_CREDENTIALS:
          required: true
permissions:
  actions: read
  contents: read
  id-token: write

env:
  AZURE_CONTAINER_REGISTRY: $
  CONTAINER_NAME: $
  RESOURCE_GROUP: $
  CLUSTER_NAME: $
  DEPLOYMENT_MANIFEST_PATH: $

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      # Checks out the repository this file is in
      - uses: actions/checkout@v3

      # Logs in with your Azure credentials
      - name: Azure login
        uses: azure/login@v1
        with:
          creds: '$'

      # Use kubelogin to configure your kubeconfig for Azure auth
      - name: Set up kubelogin for non-interactive login
        uses: azure/use-kubelogin@v1
        with:
          kubelogin-version: 'v0.0.25'

      # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
      - name: Get K8s context
        uses: azure/aks-set-context@v3
        with:
          resource-group: $
          cluster-name: $
          admin: 'false'
          use-kubelogin: 'true'
      
      # Update YAML Image
      - name: Update YAML Image
        run: |
          sed -i 's|acrname.azurecr.io/imagename:v1|$.azurecr.io/$:$|g' $

      # Deploys application based on given manifest file
      - name: Deploys application
        uses: Azure/k8s-deploy@v4
        with:
          action: deploy
          manifests: $

main.yml

name: Workflow Call

on:
  push:
    branches: ["master"]
  workflow_dispatch:

jobs:
  buildImage:
    permissions:
      contents: read
      id-token: write
    uses: ./.github/workflows/build.yml
    secrets:
      AZURE_CREDENTIALS: $
      
  deployToAKS:
    permissions:
      actions: read
      contents: read
      id-token: write
    uses: ./.github/workflows/deploy.yml
    needs: [buildImage]
    secrets:
      AZURE_CREDENTIALS: $

8.

az aks get-credentials -g cicd-0804-kms-rg -n aks-aks0804-kms

Share this post

김민서's photo

By

The BlackCode got Dream