I am trying to setup CI using Azure DevOps and CD using GitOps for my AKS cluster. When CI completes the image is pushed to Azure Container Registry. My issue is the name of the image in my yaml file is <containername>:latest. When I push the image to container registry, Flux CD is not able to determine if there are any changes to the image or not because the name of the image remains same. I tried to look up the issue in github and came up with the below link: https://github.com/GoogleCloudPlatform/cloud-builders/issues/22#issuecomment-316181326 But I dont know how to implement it. Can someone please help me?
From the docs of FluxCD here
Note: that Flux only works with immutable image tags (:latest is not supported). Every image tag must be unique, for this you can use the Git commit SHA or semver when tagging images.
Turn on automation based on timestamp:
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
fluxcd.io/automated: "true"
spec:
template:
spec:
containers:
- name: app
image: docker.io/org/my-app:1.0.0
The above configuration will make Flux update the app container when you push a new image tag, be it my-app:1.0.1 or my-app:9e3bdaf.
Restrict image updates with sem ver:
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
fluxcd.io/automated: "true"
fluxcd.io/tag.app: semver:~1.0
spec:
template:
spec:
containers:
- name: app
image: docker.io/org/my-app:1.0.0
The above configuration will make Flux update the image when you push an image tag that matches the semantic version expression e.g my-app:1.0.1 but not my-app:1.2.0
You should use Git commit SHA or semver when tagging images in azure DevOps Pipeline docker task
steps:
- task: Docker@2
displayName: Build and Push
inputs:
command: buildAndPush
containerRegistry: dockerRegistryServiceConnection1
repository: contosoRepository
tags: |
tag1
tag2
We had the similar issue and we fixed it by adding the checksum to the annotation in the deployment file with a unique value generator. It works like this for us:
Generate Helm Template -> Deployment manifest is created with unique checksum -> Trigger deployment.
We had the RollingUpdate enabled in our manifest which eliminated the downtime of the application. Below is our helm template config. deployment.yaml
template:
metadata:
labels:
app: {{ .Values.appName }}
annotations:
checksum/commonconfig: {{ .Values.CommonConfig | toJson | sha256sum | trunc 63 }}
checksum/podconfig: {{ .Values.PodConfig | toJson | sha256sum | trunc 63 }}
We have this in the helm chart which will generate the unique value in the deployment manifest. This will make the deployment to happen everytime even the latest tag of image is the same. Also, have the imagePullPolicy as Always.