Janik von Rotz


3 min read

Forgejo action to update Kubernetes deployment

In the last post I showed how you can build a Docker image in a Kubernetes cluster using with Forgejo runner. One missing step was the actual deployment of the new Docker image.

In the context of Kubernetes to deploy means to update a deployment config and thus restart the life cycle of pods. There are many ways to do that. The simplest way is to kill a pod. If the imagePullPolicy of a container is set to Always, Kubernetes will pull the latest image before every container initialization. So whenever a pod is deleted, Kubernetes pulls the image and deploys a new pod.

Deploy kubeconfig

We use this approach to make a deployment update. In order to access the deployment of Kubernetes cluster, a new service account is required. I created another Helm Chart that provides exactly this: https://kubernetes.build/deploymentUpdater/README.html

Deploy the Chart and you’ll get a new account called deploy. Export the kubeconfig for this account like this: https://kubernetes.build/deploymentUpdater/README.html#forgejo-deployment-action

Codeberg setup

Setup the kubeconfig as a secret for your organisation- or personal account. If you are using Codeberg, copen Settings > Actions > Secrets and click Add secret. Enter KUBECONFIG_DEPLOY as name enter the content of the kubeconfig.

Forgejo action

We already reached the final step. For your repo we assume that your a build workflflow, f.g. .forgejo/workflows/build.yml. Rename the file to something like .forgejo/workflows/build-and-deploy.yml. In addition to the build step, we add a deploy step:

  deploy:
    name: Deploy to Kubernetes
    runs-on: ubuntu-latest
    container: catthehacker/ubuntu:act-latest
    needs: build

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Install kubectl
        run: |
          curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          chmod +x kubectl
          sudo mv kubectl /usr/local/bin/          

      - name: Create Kubeconfig for Deployment
        run: |
          mkdir -p $HOME/.kube
          echo "${{ secrets.KUBECONFIG_DEPLOY }}" > $HOME/.kube/config          

      - name: Verify kubectl version
        run: kubectl version --client

      - name: Deploy to Kubernetes
        run: kubectl delete pods -l app=hugo -n <namespace>

The deploy step depends on the build step (needs: build). It installs kubectl and sets up the kubeconfig to access the cluster. It then deletes all pods for a namespace and a label. Update according to your configuration.

Checkout the full reference of the build-and-deploy.yml: https://codeberg.org/janikvonrotz/janikvonrotz.ch/src/branch/main/.forgejo/workflows/build-and-deploy.yml

Run the action

Commit and push the workflow file. The following should happen:

  1. Codeberg creates a new action run
  2. The Forgejo runner receives the task and runs the build step
  3. Once the build step is completed it starts the deploy step
  4. It installs kubectl and adds the kubeconfig
  5. Then it outputs the verion of kubectl
  6. Finally it deletes the pods matching the label and namespace
  7. Kubernetes will pull the image and deploy new pods
  8. Your application has been updated

Categories: Continuous Delivery
Tags: kubernetes , forgejo , runner , action
Edit this page
Show statistic for this page