patternkubernetesMinor
What is the idiomatic way to reload EKS/Kube configs when a new image is pushed to ECR
Viewed 0 times
theimagenewwhatreloadpushedidiomaticwaykubeconfigs
Problem
We are using CircleCI to automate the building of images when merges are detected on our release branch. Those images are then being pushed to ECR, but I am unsure of the best way to refresh some or all of the pods running the outdated images, and additionally how to do it in a way that does not disrupt service, ie: rolling restarts etc.
We are looking into using Flux for this, but I'm not sure if that is the best approach.
I was hoping to get some insight from people running this or similar pipelines in production.
We are looking into using Flux for this, but I'm not sure if that is the best approach.
I was hoping to get some insight from people running this or similar pipelines in production.
Solution
The 'best approach' in a theory (coming from the perspective of k8s) would be GitOps: Cloud-native Continuous Deployment.
Your question lack some important information, how are you doing your deployments right now ? Do you have some limitations in terms of security and auditability ?
Sharing my personal 2 cents, using GitOps with ArgoCD outsource and guarantees the continious-running of all of your
workloads(pods as an example). Argo will take care for them, even if somebody deletes a pod, it will re-store the previous number of pods, essentially maintaining the desired vs real state. Another benefit is that you could really easily track your appps by version, commit, tag ... you could even roll-back(this works only under a specific circumstance). Going in an example,
by simply changing the image inside a pod spec in a directory that Argo keeps track of it is enough for the new version to be
roll out as safe as possibble.
In our case we have a separate service (it's just a repo with tags) that acts as a wrapper for all the services, once we have a new release we deploy under a pattern of a directory layout and Argo catches it, everything is re/deployed automatically. The UI is great and they even expose a REST API.
Now once you have Argo(or some other tool), you get additional efforts in tracking the releases of the tool, versions, backward-comptability, helm metadata support, security, access, password rotations, best way to drop Argo in the cluster ... but this is another story that comes
naturally, once you decide to go this path.
Your question lack some important information, how are you doing your deployments right now ? Do you have some limitations in terms of security and auditability ?
Sharing my personal 2 cents, using GitOps with ArgoCD outsource and guarantees the continious-running of all of your
workloads(pods as an example). Argo will take care for them, even if somebody deletes a pod, it will re-store the previous number of pods, essentially maintaining the desired vs real state. Another benefit is that you could really easily track your appps by version, commit, tag ... you could even roll-back(this works only under a specific circumstance). Going in an example,
by simply changing the image inside a pod spec in a directory that Argo keeps track of it is enough for the new version to be
roll out as safe as possibble.
In our case we have a separate service (it's just a repo with tags) that acts as a wrapper for all the services, once we have a new release we deploy under a pattern of a directory layout and Argo catches it, everything is re/deployed automatically. The UI is great and they even expose a REST API.
Now once you have Argo(or some other tool), you get additional efforts in tracking the releases of the tool, versions, backward-comptability, helm metadata support, security, access, password rotations, best way to drop Argo in the cluster ... but this is another story that comes
naturally, once you decide to go this path.
Context
StackExchange DevOps Q#14767, answer score: 2
Revisions (0)
No revisions yet.