The final step in your sample bitbucket-pipelines.yml file will be to take the container image that you have scanned with Snyk and securely stored in Amazon ECR and deploy this to your Amazon EKS cluster.
deploy-app: &deploy-app
- step:
name: "Deploy application"
deployment: staging
script:
- pipe: atlassian/aws-eks-kubectl-run:1.2.4
variables:
AWS_ACCESS_KEY_ID: '$AWS_ACCESS_KEY_ID'
AWS_SECRET_ACCESS_KEY: '$AWS_SECRET_ACCESS_KEY'
AWS_DEFAULT_REGION: '$AWS_DEFAULT_REGION'
CLUSTER_NAME: '$AWS_EKS_CLUSTER'
KUBECTL_COMMAND: 'apply'
RESOURCE_PATH: "./deployment/goof-service.yaml"
- envsubst < ./deployment/goof-deployment-template.yaml > ./deployment/goof-deployment.yaml
- cat ./deployment/goof-deployment.yaml
- pipe: atlassian/aws-eks-kubectl-run:1.2.4
variables:
AWS_ACCESS_KEY_ID: '$AWS_ACCESS_KEY_ID'
AWS_SECRET_ACCESS_KEY: '$AWS_SECRET_ACCESS_KEY'
AWS_DEFAULT_REGION: '$AWS_DEFAULT_REGION'
CLUSTER_NAME: '$AWS_EKS_CLUSTER'
KUBECTL_COMMAND: 'apply'
RESOURCE_PATH: './deployment/goof-deployment.yaml'
In this example, we are leveraging the aws-eks-kubectl-run pipe to apply our
service and deployment manifests
against our running cluster. Here, we are referencing some of our previously defined repository variables but we are also invoking
the envsubst
linux command to substitute
the value of one of our variables.
The goof-deployment-template.yaml file in the ./deployments
directory
of our repository contains two variables ${AWS_ECR_URI}
and ${BITBUCKET_COMMIT} which we are substituting with the value of our docker tag, allowing us to pull the correct image from Amazon ECR.
spec:
containers:
- name: goof
image: ${AWS_ECR_URI}:${BITBUCKET_COMMIT}
The goof-service.yaml
file is creating our service
and deploying our frontend app as type: LoadBalancer
, exposing this on the standard http
port 80
.
apiVersion: v1
kind: Service
metadata:
name: goof
spec:
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 3001
name: "http"
- protocol: TCP
port: 9229
targetPort: 9229
name: "debug"
selector:
app: goof
tier: frontend
---
apiVersion: v1
kind: Service
metadata:
name: goof-mongo
spec:
ports:
- protocol: TCP
port: 27017
targetPort: 27017
name: "mongo"
selector:
app: goof
tier: backend
Let’s proceed to the next section.