Tencent Cloud TKE Image Update Plugin

Scenario-based encapsulation of Tencent Cloud Container Service API for implementing image updates operations for Deployment and StatefulSet workloads

• Using Tencent Cloud Container Service (TKE) cluster with deployed Deployment or StatefulSet resources
• Tencent Cloud secret_id and secret_key with proper cluster permissions are required. For setup instructions, see doc/access.md

• secret_id Secret ID, see doc/access.md
• secret_key Secret Key
• region Cluster region, format: ap-nanjing. See doc/regions.md
• cluster_id Cluster ID, format: cls-m9miwj4u
• namespace Namespace where the workload is located, e.g., default
• workload_kind Workload type. Supports deployment, statefulset
• workload_name Workload name
• container_names Container names, multiple names separated by ,
• container_images Latest container images to update, multiple images separated by ,

• With correct permissions and configuration, the plugin exits successfully if image update succeeds, otherwise fails. Similar to kubectl set image mechanism
• After updating the image, pod rolling status will be monitored and printed for 10 minutes for pipeline log review. This step doesn't affect plugin exit status; final pod rolling results can be viewed in the cluster
• Operating mechanism: Similar to kubectl set image, this plugin doesn't verify if the update image exists or is valid. It directly updates the image field in workload yaml, with K8s handling async scheduling like pod rolling

# Example image update configuration
main:
  push:
    - stages:
      - name: Update image using tke plugin
        image: tencentcom/deploy-to-tke
        settings:
          secret_id: AKID***MpL4
          secret_key: mRH1***wu0C
          region: ap-***
          cluster_id: cls-***
          namespace: default
          workload_kind: deployment
          workload_name: my-***-deployment
          container_names: container-***-1
          # Can use variables like container_images: ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:${CNB_COMMIT}
          container_images: nginx-***:v1

# End of quick usage

If you don't want to write secret keys in plain text, add a secret information file your_secrets.yaml in your private repository:

# your_secrets.yml
secret_id: AKID***MpL4
secret_key: mRH1***wu0C

Configure .cnb.yml to import environment variables from the above file:

# Update example image
main:
  push:
    - stages:
      - name: Update image using tke plugin
        image: tencentcom/deploy-to-tke
        settingsFrom: https://cnb.cool/***/my-secret-repo/-/blob/main/your_secrets.yaml
        settings:
          region: ap-***
          cluster_id: cls-***
          namespace: default
          workload_kind: deployment
          workload_name: my-***-deployment
          container_names: container-***-1
          container_images: ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:${CNB_COMMIT}
# End of advanced usage

docker run --rm  \
    -e PLUGIN_SECRET_ID="***" \
    -e PLUGIN_SECRET_KEY="***" \
    -e PLUGIN_REGION="ap-shanghai" \
    -e PLUGIN_CLUSTER_ID="cls-***" \
    -e PLUGIN_NAMESPACE="development" \
    -e PLUGIN_WORKLOAD_KIND="deployment" \
    -e PLUGIN_WORKLOAD_NAME="my-***-deployment" \
    -e PLUGIN_CONTAINER_NAMES="container-***-1,container-***-2" \
    -e PLUGIN_CONTAINER_IMAGES="nginx-***:v1,nginx-***:v2" \
    tencentcom/deploy-to-tke

This plugin has been verified to work with TKE clusters purchased on both Tencent Cloud cloud.tencent.com and Tencent Cloud International www.tencentcloud.com.