Dockerfile
Onboardbase can be used in a Dockerfile to manage the secrets of any program the Dockerfile is running.
Generating a Service Token
From your Onboardbase dashboard, go to the account page, click on Generate service tokens and give it a name (based on the service you want to use it for). Copy the generated service token and store it as a config variable for the service.
TIP
You can authenticate the CLI with Environment variables.
Supported environment variables are:
ONBOARDBASE_TOKEN
- A service tokenONBOARDBASE_PROJECT
- an onboardbase project nameONBOARDBASE_ENVIRONMENT
- an environment in the specified project
Below is a Dockerfile that inherits from the latest nodejs
image.
The highlights are from lines 16 to 26
, which installs Onboardbase CLI into the image, then authorizes the CLI with an environment variable ONBOARDBASE_TOKEN
, finally creating the setup file using an environment variable as well.
This Dockerfile assumes that the npm scripts in the package.json
file have been modified to run through Onboardbase CLI build command.
FROM node:lts-stretch-slim
# Create and set the working directory for image
RUN mkdir /app
WORKDIR /app
# Copy package.json and package-lock.json to allow using cached packages
COPY package*.json ./
# Install node dependencies
RUN npm install
# Copy source files to the working directory
COPY . .
#install onboardbase
RUN wget https://onboardbase-cli.fra1.digitaloceanspaces.com/apt/onboardbase-latest.deb \
sudo dpkg -i ./onboardbase-latest.deb \
onboardbase --version
# Use ENV to setup the CLI
RUN onboardbase config:set --token $ONBOARDBASE_TOKEN
# Copy Setup from env
RUN echo $ONBOARDBASE_SETUP > ./.onboardbase.yml
# Run a build alias for 'onboardbase run -c="ts-node"'
RUN /usr/local/bin/npm build
# Define command for starting app process
CMD ["/usr/local/bin/npm", "start"]
Building the Image
To successfully build the image, we will use the --build-arg
option of the Docker build command to pass environment variables to the Dockerfile. Below shows the full command passing the ONBOARDBASE_TOKEN
and ONBOARDBASE_SETUP
variables.
docker build \
--tag "managed-docker-image" \
--build-arg ONBOARDBASE_TOKEN="STRING" \
--build-arg ONBOARDBASE_SETUP="STRING" \
./Dockerfile
Deploying to Kubernetes through Github Actions
We can deploy managed Onboardbase Docker image through GitHub Actions and Dockerhub to a Google Cloud Kubernetes cluster.
The below Github workflow file uses Github secrets to manage the sensitive build credentials, like the ONBOARDBASE_TOKEN
and ONBOARDBASE_SETUP
It sets up Google Cloud SDK and authenticates it in the runner, we then build the Managed Dockerfile with the build command passing it the required environment variables and finally pushing the image to Docker hub.
# This is a workflow to deploy the api part of this project to docker
name: Managed App Build
on:
push:
branches:
- "main"
env:
PROJECT_ID: ${{ secrets.GKE_PROJECT }}
GKE_CLUSTER: '*******' # Add your cluster name here.
GKE_ZONE: us-east1-c # Add your cluster zone here.
DEPLOYMENT_NAME: '*******' # Add your deployment name here
IMAGE: Managed-Onboard
GKE_SA_KEY: ${{ secrets.GKE_SA_KEY }}
GKE_PROJECT: ${{ secrets.GKE_PROJECT }}
REGISTRY_HOSTNAME: registry.hub.docker.com
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PWD: ${{ secrets.DOCKER_PWD }}
ONBOARDBASE_TOKEN: ${{ secrets.ONBOARDBASE_TOKEN }}
ONBOARDBASE_SETUP: ${{ secrets.ONBOARDBASE_SETUP }}
jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
# Setup gcloud CLI
- uses: google-github-actions/[email protected]
with:
service_account_key: ${{ env.GKE_SA_KEY }}
project_id: ${{ env.GKE_PROJECT }}
# Configure docker to use the gcloud command-line tool as a credential helper
- run: |-
gcloud --quiet auth configure-docker
# Get the GKE credentials so we can deploy to the cluster
- uses: google-github-actions/[email protected]
with:
cluster_name: ${{ env.GKE_CLUSTER }}
location: ${{ env.GKE_ZONE }}
credentials: ${{ secrets.GKE_SA_KEY }}
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PWD }}
# Build the Docker image using the Dockefile
- name: Build
run: |-
docker build \
--tag "$IMAGE" \
--build-arg ONBOARDBASE_TOKEN="${{ env.ONBOARDBASE_TOKEN }}" \
--build-arg ONBOARDBASE_SETUP="${{ env.ONBOARDBASE_SETUP }}" \
--build-arg GITHUB_REF="$GITHUB_REF" \
./Dockerfile
# Push the Docker image to Docker Registry
- name: Publish
run: |-
docker push "$IMAGE"
Updated 8 months ago