Multi Build Stage Dockerfile
Onboardbase can be used in a Multi Build Stage Dockerfile to manage the secrets of any program the Dockerfile is running.
Generating a Service Token
From your Onboardbase dashboard, go to the account page, click on Generate service tokens and give it a name (based on the service you want to use it for). Copy the generated service token and store it as a config variable for the service.
TIP
You can authenticate the CLI with Environment variables.
Supported environment variables are:
ONBOARDBASE_TOKEN
- A service tokenONBOARDBASE_PROJECT
- an onboardbase project nameONBOARDBASE_ENVIRONMENT
- an environment in the specified project
In a multi-stage docker build, setting up your stages depends on the requirements of your image.
For Onboardbase, it means that you need to have the right configuration for your environment variables
Below is a Dockerfile that inherits from a nodejs
image.
The highlights are from lines 3 to 4
, which accepts the environment variables as an argument in the global scope, and line 26 to 33
which is in a builder stage that accepts the same Onboardbase config as the global stage but sets it as the stage environment variable.
# accept all arguments in the global stage
ARG ONBOARDBASE_TOKEN
ARG ONBOARDBASE_PROJECT
ARG ONBOARDBASE_ENVIRONMENT
# Stage 1: Install dependencies
FROM node:16-alpine AS deps
RUN apk add --no-cache libc6-compat
WORKDIR /app
COPY package.json yarn.lock ./
RUN yarn --frozen-lockfile
FROM node:lts-stretch-slim as builder
RUN apk add --no-cache libc6-compat
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
# Disable telemetry
ENV NEXT_TELEMETRY_DISABLED 1
# Install Onboardbase
RUN yarn global add @onboardbase/cli
# accept onboardbase system environment argument variables to this build stage
ARG ONBOARDBASE_TOKEN
ARG ONBOARDBASE_PROJECT
ARG ONBOARDBASE_ENVIRONMENT
# set the argument variables on the build stage environment
ENV ONBOARDBASE_TOKEN=${ONBOARDBASE_TOKEN}
ENV ONBOARDBASE_PROJECT=${ONBOARDBASE_PROJECT}
ENV ONBOARDBASE_ENVIRONMENT=${ONBOARDBASE_ENVIRONMENT}
# Copy package.json and package-lock.json to allow using cached packages
COPY package*.json ./
# Install node dependencies
RUN npm install
# successfully run a command against onboardbase
RUN onboardbase run "yarn build"
# Define command for starting app process
CMD ["/usr/local/bin/npm", "start"]
Building the Image
To successfully build the image, we will use the --build-arg
option of the Docker build command to pass environment variables to the Dockerfile. Below is the full command passing the ONBOARDBASE_TOKEN
and ONBOARDBASE_PROJECT
and ONBOARDBASE_ENVIRONMENT
variables.
docker build \
--tag "managed-docker-image" \
--build-arg ONBOARDBASE_TOKEN="STRING" \
--build-arg ONBOARDBASE_PROJECT="STRING" \
--build-arg ONBOARDBASE_ENVIRONMENT="STRING" \
./Dockerfile
Deploying to Kubernetes through Github Actions
We can deploy managed Onboardbase Docker image through GitHub Actions and Dockerhub to a Google Cloud Kubernetes cluster.
The below Github workflow file uses Github secrets to manage the sensitive build credentials, like the ONBOARDBASE_TOKEN
and ONBOARDBASE_PROJECT
and ONBOARDBASE_ENVIRONMENT
It sets up Google Cloud SDK and authenticates it in the runner; we then build the Managed Dockerfile with the build command passing the required environment variables and finally pushing the image to the Docker hub.
# This is a workflow to deploy the api part of this project to docker
name: Managed App Build
on:
push:
branches:
- "main"
env:
PROJECT_ID: ${{ secrets.GKE_PROJECT }}
GKE_CLUSTER: '*******' # Add your cluster name here.
GKE_ZONE: us-east1-c # Add your cluster zone here.
DEPLOYMENT_NAME: '*******' # Add your deployment name here
IMAGE: Managed-Onboard
GKE_SA_KEY: ${{ secrets.GKE_SA_KEY }}
GKE_PROJECT: ${{ secrets.GKE_PROJECT }}
REGISTRY_HOSTNAME: registry.hub.docker.com
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PWD: ${{ secrets.DOCKER_PWD }}
ONBOARDBASE_TOKEN: ${{ secrets.ONBOARDBASE_TOKEN }}
ONBOARDBASE_PROJECT: ${{ secrets.ONBOARDBASE_PROJECT }}
ONBOARDBASE_ENVIRONMENT: ${{secrets.ONBOARDBASE_ENVIRONMENT}}
jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
# Setup gcloud CLI
- uses: google-github-actions/[email protected]
with:
service_account_key: ${{ env.GKE_SA_KEY }}
project_id: ${{ env.GKE_PROJECT }}
# Configure docker to use the gcloud command-line tool as a credential helper
- run: |-
gcloud --quiet auth configure-docker
# Get the GKE credentials so we can deploy to the cluster
- uses: google-github-actions/[email protected]
with:
cluster_name: ${{ env.GKE_CLUSTER }}
location: ${{ env.GKE_ZONE }}
credentials: ${{ secrets.GKE_SA_KEY }}
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PWD }}
# Build the Docker image using the Dockefile
- name: Build
run: |-
docker build \
--tag "$IMAGE" \
--build-arg ONBOARDBASE_TOKEN="${{ env.ONBOARDBASE_TOKEN }}" \
--build-arg ONBOARDBASE_PROJECT="${{ env.ONBOARDBASE_PROJECT }}" \
--build-arg ONBOARDBASE_ENVIRONMENT="${{ env.ONBOARDBASE_ENVIRONMENT }}" \
--build-arg GITHUB_REF="$GITHUB_REF" \
./Dockerfile
# Push the Docker image to Docker Registry
- name: Publish
run: |-
docker push "$IMAGE"
Updated 8 months ago