K
Q

How to use tag in kubernetes yaml file so the system knows a new image is pushed

7/8/2020

I am trying to setup CI using Azure DevOps and CD using GitOps for my AKS cluster. When CI completes the image is pushed to Azure Container Registry. My issue is the name of the image in my yaml file is <containername>:latest. When I push the image to container registry, Flux CD is not able to determine if there are any changes to the image or not because the name of the image remains same. I tried to look up the issue in github and came up with the below link: https://github.com/GoogleCloudPlatform/cloud-builders/issues/22#issuecomment-316181326 But I dont know how to implement it. Can someone please help me?

-- Sormita Chakraborty
azure-container-registry
gitops
kubernetes

Similar Questions

Auto delete persistant volume claim when a kubernetes job gets completed
how can I iteratively create pods from list using Helm?
Load balancing K8s Pods with operator-framework
Add admin user for Jenkins to kubeadm kubernetes cluster
Running a command on all kubernetes pods of a service

2 Answers

7/8/2020

From the docs of FluxCD here

Note: that Flux only works with immutable image tags (:latest is not supported). Every image tag must be unique, for this you can use the Git commit SHA or semver when tagging images.

Turn on automation based on timestamp:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    fluxcd.io/automated: "true"
spec:
  template:
    spec:
      containers:
      - name: app
        image: docker.io/org/my-app:1.0.0

The above configuration will make Flux update the app container when you push a new image tag, be it my-app:1.0.1 or my-app:9e3bdaf.

Restrict image updates with sem ver:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    fluxcd.io/automated: "true"
    fluxcd.io/tag.app: semver:~1.0
spec:
  template:
    spec:
      containers:
      - name: app
        image: docker.io/org/my-app:1.0.0

The above configuration will make Flux update the image when you push an image tag that matches the semantic version expression e.g my-app:1.0.1 but not my-app:1.2.0

You should use Git commit SHA or semver when tagging images in azure DevOps Pipeline docker task

steps:
- task: Docker@2
  displayName: Build and Push
  inputs:
    command: buildAndPush
    containerRegistry: dockerRegistryServiceConnection1
    repository: contosoRepository
    tags: |
      tag1
      tag2
-- Arghya Sadhu
Source: StackOverflow
7/8/2020

We had the similar issue and we fixed it by adding the checksum to the annotation in the deployment file with a unique value generator. It works like this for us:

Generate Helm Template -> Deployment manifest is created with unique checksum -> Trigger deployment.

We had the RollingUpdate enabled in our manifest which eliminated the downtime of the application. Below is our helm template config. deployment.yaml

  template:
    metadata:
      labels:
        app: {{ .Values.appName }}
      annotations:
        checksum/commonconfig: {{ .Values.CommonConfig | toJson | sha256sum | trunc 63 }}
        checksum/podconfig: {{ .Values.PodConfig | toJson | sha256sum | trunc 63 }}

We have this in the helm chart which will generate the unique value in the deployment manifest. This will make the deployment to happen everytime even the latest tag of image is the same. Also, have the imagePullPolicy as Always.

-- Vamshi Siddarth
Source: StackOverflow