We have a GKE cluster with 4 deployments/pods that need to be updated when we deploy new code. I know it's best practice to deploy the image with the latest digest for the images we are deploying but I'm wondering if anyone knows of a better way of updating the yaml file with that digest other than manually updating it. I can get the fully_qualified_digest using:
gcloud container images describe gcr.io/xxxx/uwsgi
It really sucks to have to manually update yaml files with the latest digest hash each time we deploy. If someone knows a better way I'd love to hear it.
Side note: It's 2019 and Kubernetes should be able to grab the digest hash form /latest without having to explicitly define it.
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
labels:
io.kompose.service: uwsgi
name: uwsgi
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
minReadySeconds: 5
template:
metadata:
labels:
io.kompose.service: uwsgi
spec:
containers:
- env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: certs/gcp.json
- name: ENV
value: prod
image: gcr.io/xxxx/uwsgi:latest <------ needs to be fully_qualified_digest
name: uwsgi
ports:
- containerPort: 9040
readinessProbe:
httpGet:
path: /health/
port: 9040
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 15
livenessProbe:
httpGet:
path: /health/
port: 9040
initialDelaySeconds: 60
timeoutSeconds: 1
periodSeconds: 15
resources:
requests:
memory: "1000Mi"
cpu: "1800m"
limits:
memory: "1200Mi"
cpu: "2000m"
hostname: uwsgi
restartPolicy: Always
terminationGracePeriodSeconds: 60
status: {}
There's a number of tools which will watch your Docker repository and will update things when a new image is available. The most commonly used is probably https://github.com/weaveworks/flux/. Kubernetes itself does not provide this feature as it would potentially be non-convergent.
That said, you can use :latest
in a pod spec just fine. The reason to avoid it is Kubernetes won't know to restart your pods when the image changes (also cache issues but you can avoid those with an image pull policy in spec). If you don't actually want automatic deployment of new images, then what you have is fine.