Kubernetes + Travis CI/CD with DigitalOcean - https://medium.com/p/c0c4058b7734

aws.yaml

# https://gist.github.com/cablespaghetti/b5343b04dd5bdc68dcb62754986a34ed

# this file along with ecr-red-updater.sh is a one time run thing. it is used to setup a crontask in k8s
# to get auth details from AWS so that we can fetch docker repo. once called, no need to call again
# to use, just call the bash file ./ecr-cred-updater.sh [namespace-here]
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: ecr-cred-updater
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "create", "delete"]
  - apiGroups: [""]
    resources: ["serviceaccounts"]
    verbs: ["get", "patch"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ecr-cred-updater


---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: ecr-cred-updater
subjects:
  - kind: ServiceAccount
    name: ecr-cred-updater
roleRef:
  kind: Role
  name: ecr-cred-updater
  apiGroup: rbac.authorization.k8s.io

---
apiVersion: batch/v1
kind: Job
metadata:
  name: ecr-cred-updater
spec:
  backoffLimit: 4
  template:
    spec:
      serviceAccountName: ecr-cred-updater
      terminationGracePeriodSeconds: 0
      restartPolicy: Never
      containers:
        - name: kubectl
          image: xynova/aws-kubectl
          command:
            - "/bin/sh"
            - "-c"
            - |
              AWS_ACCOUNT=AWS_ACCOUNT_ID_HERE
              export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
              export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
              export AWS_REGION=eu-west-2
              DOCKER_REGISTRY_SERVER=https://${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com
              DOCKER_USER=AWS
              DOCKER_PASSWORD=`aws ecr get-login --region ${AWS_REGION} --registry-ids ${AWS_ACCOUNT} | cut -d' ' -f6`
              kubectl delete secret --ignore-not-found eu-west-2-ecr-registry || true
              kubectl create secret docker-registry eu-west-2-ecr-registry \
              --docker-server=$DOCKER_REGISTRY_SERVER \
              --docker-username=$DOCKER_USER \
              --docker-password=$DOCKER_PASSWORD \
              [email protected]
              kubectl patch serviceaccount default -p '{"imagePullSecrets":[{"name":"eu-west-2-ecr-registry"}]}'
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: ecr-cred-updater
spec:
  schedule: "* */8 * * *"
  successfulJobsHistoryLimit: 1
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      backoffLimit: 4
      template:
        spec:
          serviceAccountName: ecr-cred-updater
          terminationGracePeriodSeconds: 0
          restartPolicy: Never
          containers:
            - name: kubectl
              image: xynova/aws-kubectl
              command:
                - "/bin/sh"
                - "-c"
                - |
                  AWS_ACCOUNT=AWS_ACCOUNT_ID_HERE
                  export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
                  export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
                  export AWS_REGION=eu-west-2
                  DOCKER_REGISTRY_SERVER=https://${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com
                  DOCKER_USER=AWS
                  DOCKER_PASSWORD=`aws ecr get-login --region ${AWS_REGION} --registry-ids ${AWS_ACCOUNT} | cut -d' ' -f6`
                  kubectl delete secret --ignore-not-found eu-west-2-ecr-registry || true
                  kubectl create secret docker-registry eu-west-2-ecr-registry \
                  --docker-server=$DOCKER_REGISTRY_SERVER \
                  --docker-username=$DOCKER_USER \
                  --docker-password=$DOCKER_PASSWORD \
                  [email protected]
                  kubectl patch serviceaccount cicd -p '{"imagePullSecrets":[{"name":"eu-west-2-ecr-registry"}]}'
                  kubectl patch serviceaccount default -p '{"imagePullSecrets":[{"name":"eu-west-2-ecr-registry"}]}'