部署到 Google Kubernetes Engine

注：GitHub Enterprise Server 2.22 上的 GitHub Actions 支持是有限的公测版。测试已结束。 GitHub Actions 现在一般可用于 GitHub Enterprise Server 3.0 或更新版本。更多信息请参阅 GitHub Enterprise Server 3.0 发行说明。

有关升级到 GitHub Enterprise Server 3.0 或更新版本的更多信息，请参阅“升级 GitHub Enterprise Server”。
有关在升级后配置 GitHub Actions 的更多信息，请参阅 GitHub Enterprise Server 3.0 的文档。

注： GitHub 托管的运行器目前在 GitHub Enterprise Server 上不受支持。您可以在 GitHub 公共路线图上查看有关未来支持计划的更多信息。

简介

This guide explains how to use GitHub Actions to build a containerized application, push it to Google Container Registry (GCR), and deploy it to Google Kubernetes Engine (GKE) when a release is created.

GKE 是 Google Cloud 的托管 Kubernetes 群集服务，可以在云中或您自己的数据中心中托管您的容器化工作负载。更多信息请参阅 Google Kubernetes Engine。

基本要求

在继续创建工作流程之前，您需要完成 Kubernetes 项目的以下步骤。本指南假定项目的根目录已有 Dockerfile 和 Kubernetes 部署配置文件。例如，请参阅 google-github-。

创建 GKE 群集

要创建 GKE 群集，首先需要使用 gcloud CLI 进行身份验证。有关此步骤的更多信息，请参阅以下文章：

例如：

Shell

$ gcloud container clusters create $GKE_CLUSTER \
    --project=$GKE_PROJECT \
    --zone=$GKE_ZONE

启用 API

启用 Kubernetes Engine 和 Container Registry API。例如：

Shell

$ gcloud services enable \
    containerregistry.googleapis.com \
    container.googleapis.com

配置服务帐户并存储其凭据

此程序显示如何为您的 GKE 集成创建服务帐户。 It explains how to create the account, add roles to it, retrieve its keys, and store them as a base64-encoded encrypted repository secret named GKE_SA_KEY.

创建新服务帐户：

$ gcloud iam service-accounts create $SA_NAME

检索您刚刚创建的服务帐户的电子邮件地址：
```
$ gcloud iam service-accounts list
```

向服务帐户添加角色。注意：应用限制更严格的角色以满足您的要求。

$ gcloud projects add-iam-policy-binding $GKE_PROJECT \
  --member=serviceAccount:$SA_EMAIL \
  --role=roles/container.admin \
  --role=roles/storage.admin \
  --role=roles/container.clusterViewer

下载服务帐户的 JSON 密钥文件：

$ gcloud iam service-accounts keys create key.json --iam-account=$SA_EMAIL

Store the service account key as a secret named GKE_SA_KEY:
```
$ export GKE_SA_KEY=$(cat key.json | base64)
```
For more information about how to store a secret, see "Encrypted secrets."

Storing your project name

Store the name of your project as a secret named GKE_PROJECT. For more information about how to store a secret, see "Encrypted secrets."

（可选）配置 kustomize

Kustomize 是用于管理 YAML 规范的可选工具。在创建 kustomization 文件之后，下面的工作流可用于将结果中的图像和管道字段动态设置为 kubectl。更多信息请参阅 kustomize 的用法。

(Optional) Configure a deployment environment

Environments are used to describe a general deployment target like production, staging, or development. When a GitHub Actions workflow deploys to an environment, the environment is displayed on the main page of the repository. You can use environments to require approval for a job to proceed, restrict which branches can trigger a workflow, or limit access to secrets. For more information about creating environments, see "Using environments for deployment."

创建工作流程

完成先决条件后，可以继续创建工作流程。

下面的示例工作流程演示如何生成容器映像并推送到 GCR。然后，它使用 Kubernetes 工具（如 kubectl 和 kustomize）将映像拉入群集部署。

Under the env key, change the value of GKE_CLUSTER to the name of your cluster, GKE_ZONE to your cluster zone, DEPLOYMENT_NAME to the name of your deployment, and IMAGE to the name of your image.

If you configured a deployment environment, change the value of environment to be the name of your environment. If you did not configure an environment, delete the environment key.

YAML

# 此工作流使用未经 GitHub 认证的操作。
# 它们由第三方提供，并受
# 单独的服务条款、隐私政策和支持
# 文档管理。

name: Build and Deploy to GKE

on:
  release:
    types: [created]

env:
  PROJECT_ID: ${{ secrets.GKE_PROJECT }}
  GKE_CLUSTER: cluster-1    # Add your cluster name here.
  GKE_ZONE: us-central1-c   # Add your cluster zone here.
  DEPLOYMENT_NAME: gke-test # Add your deployment name here.
  IMAGE: static-site

jobs:
  setup-build-publish-deploy:
    name: Setup, Build, Publish, and Deploy
    runs-on: ubuntu-latest
    environment: production

    steps:
    - name: Checkout
      uses: actions/checkout@v2

    # Setup gcloud CLI
    - uses: google-github-actions/setup-gcloud@94337306dda8180d967a56932ceb4ddcf01edae7
      with:
        service_account_key: ${{ secrets.GKE_SA_KEY }}
        project_id: ${{ secrets.GKE_PROJECT }}

    # Configure Docker to use the gcloud command-line tool as a credential
    # helper for authentication
    - run: |-
        gcloud --quiet auth configure-docker

    # Get the GKE credentials so we can deploy to the cluster
    - uses: google-github-actions/get-gke-credentials@fb08709ba27618c31c09e014e1d8364b02e5042e
      with:
        cluster_name: ${{ env.GKE_CLUSTER }}
        location: ${{ env.GKE_ZONE }}
        credentials: ${{ secrets.GKE_SA_KEY }}

    # Build the Docker image
    - name: Build
      run: |-
        docker build \
          --tag "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" \
          --build-arg GITHUB_SHA="$GITHUB_SHA" \
          --build-arg GITHUB_REF="$GITHUB_REF" \
          .

    # Push the Docker image to Google Container Registry
    - name: Publish
      run: |-
        docker push "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA"

    # Set up kustomize
    - name: Set up Kustomize
      run: |-
        curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
        chmod u+x ./kustomize

    # Deploy the Docker image to the GKE cluster
    - name: Deploy
      run: |-
        ./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA
        ./kustomize build . | kubectl apply -f -
        kubectl rollout status deployment/$DEPLOYMENT_NAME
        kubectl get services -o wide

其他资源

有关这些示例中使用的工具的详细信息，请参阅以下文档：

For the full starter workflow, see the "Build and Deploy to GKE" workflow.
有关更多入门工作流程和随附代码，请参阅 Google 的 GitHub Actions 示例工作流程。
Kubernetes YAML 定制引擎：Kustomize。
Google Kubernetes Engine 文档中的“部署容器化的 web 应用程序”。

按产品浏览

本文内容