AWS Modernization Workshop: DevSecOps with Atlassian & Snyk > Module 3 > Deploying your app

Deploying your app

The final step in your sample bitbucket-pipelines.yml file will be to take the container image that you have scanned with Snyk and securely stored in Amazon ECR and deploy this to your Amazon EKS cluster.

deploy-app: &deploy-app
  - step:
      name: "Deploy application"
      deployment: staging
      script:
        - pipe: atlassian/aws-eks-kubectl-run:1.2.4
          variables:
            AWS_ACCESS_KEY_ID: '$AWS_ACCESS_KEY_ID'
            AWS_SECRET_ACCESS_KEY: '$AWS_SECRET_ACCESS_KEY'
            AWS_DEFAULT_REGION: '$AWS_DEFAULT_REGION'
            CLUSTER_NAME: '$AWS_EKS_CLUSTER'
            KUBECTL_COMMAND: 'apply'
            RESOURCE_PATH: "./deployment/goof-service.yaml"
        - envsubst < ./deployment/goof-deployment-template.yaml > ./deployment/goof-deployment.yaml
        - cat ./deployment/goof-deployment.yaml
        - pipe: atlassian/aws-eks-kubectl-run:1.2.4
          variables:
            AWS_ACCESS_KEY_ID: '$AWS_ACCESS_KEY_ID'
            AWS_SECRET_ACCESS_KEY: '$AWS_SECRET_ACCESS_KEY'
            AWS_DEFAULT_REGION: '$AWS_DEFAULT_REGION'
            CLUSTER_NAME: '$AWS_EKS_CLUSTER'
            KUBECTL_COMMAND: 'apply'
            RESOURCE_PATH: './deployment/goof-deployment.yaml'

In this example, we are leveraging the aws-eks-kubectl-run pipe to apply our service and deployment manifests against our running cluster. Here, we are referencing some of our previously defined repository variables but we are also invoking the envsubst linux command to substitute the value of one of our variables.

The goof-deployment-template.yaml file in the ./deployments directory of our repository contains two variables ${AWS_ECR_URI} and ${BITBUCKET_COMMIT} which we are substituting with the value of our docker tag, allowing us to pull the correct image from Amazon ECR.

    spec:
      containers:
        - name: goof
          image: ${AWS_ECR_URI}:${BITBUCKET_COMMIT}

The goof-service.yaml file is creating our service and deploying our frontend app as type: LoadBalancer, exposing this on the standard http port 80.

apiVersion: v1
kind: Service
metadata:
  name: goof
spec:
  type: LoadBalancer
  ports:
    - protocol: TCP
      port: 80
      targetPort: 3001
      name: "http"
    - protocol: TCP
      port: 9229
      targetPort: 9229
      name: "debug"
  selector:
    app: goof
    tier: frontend
---
apiVersion: v1
kind: Service
metadata:
  name: goof-mongo
spec:
  ports:
    - protocol: TCP
      port: 27017
      targetPort: 27017
      name: "mongo"
  selector:
    app: goof
    tier: backend

Let’s proceed to the next section.