/aws-eks-gitops

GitOps on Amazon EKS

Primary LanguageHTMLMIT LicenseMIT

Example GitHub Actions workflow with Flux and Amazon EKS

An example workflow that uses GitHub Actions to build a static website into a Docker container, push that image to Amazon Elastic Container Registry, and uses Flux to automatically update an existing Amazon Elastic Kubernetes Service cluster with that image.

Prerequisites

  1. Create an EKS cluster, e.g. using eksctl create cluster
  2. Set up Flux on the cluster, e.g. using this guide. Note that you must set --git-path to point to where your manifests are. For example:
export GHUSER=<github user account where your fork lives>
export GHREPO=example-actions-flux-eks

kubectl create ns flux

fluxctl install \
    --git-user=${GHUSER} \
    --git-email=${GHUSER}@users.noreply.github.com \
    --git-url=git@github.com:${GHUSER}/${GHREPO} \
    --git-path=manifests \
    --namespace=flux | kubectl apply -f -
  1. Give Flux read/write access to the GitHub repository using a deploy key
  2. Create a repository called example-eks in Amazon Elastic Container Registry, in the same AWS region as the EKS cluster
  3. Update the image in deployment.yml to use your REGISTRY, IMAGE, and TAG. TAG will be replaced by Flux as new images are available in the registry.

Secrets

The following secrets are required to be set on the repository:

  1. AWS_ACCOUNT_ID: The AWS account ID that owns the EKS cluster
  2. AWS_ACCESS_KEY_ID: An AWS access key ID for an account having the EKS IAM role
  3. AWS_SECRET_ACCESS_KEY: An AWS secret sccess key for an account having the EKS IAM role

Workflow

The example workflow will trigger on every push to this repo.

For pull requests, the workflow will:

  1. Build and tag the Docker image
    • The image will be tagged with the feature branch's HEAD commit SHA

For pushes to the default branch (master), in addition to the above, the workflow will:

  1. Push the image to Amazon Elastic Container Registry

Beyond the workflow

Flux watches ECR for changes to the image listed in our deployment configuration. When it detects a change, it updates the EKS cluster with the new image, no manual kubectl apply needed!

Contributions

We welcome contributions! See how to contribute.

License

MIT