-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Google Container Engine clarifications #2142
Merged
Merged
Changes from all commits
Commits
Show all changes
20 commits
Select commit
Hold shift + click to select a range
04e0779
update code block languages
smart-alek ee45044
rewrite intro and remove whitespace
smart-alek 90ffb01
rewrite prerequisites
smart-alek 75f2056
add CircleCI 2.0 project as prerequisite
smart-alek c28a83d
update bullet style
smart-alek ddab953
rewrite "Base Image" section
smart-alek 87aa166
update product to google kubernetes engine
smart-alek 654f818
add links to authenticate GCP doc
smart-alek 37e8f63
add additional environment variable section
smart-alek f80100c
rename GOOGLE_AUTH
smart-alek a31dd23
clarify where to add variables
smart-alek c1cdd0e
update decode and store service account step
smart-alek e80b32d
add dollar sign to env vars
smart-alek 7aa9165
various typos, newlines and sundry
smart-alek f1ddefb
remove dollar signs
smart-alek 9348d1c
clean and clarify authentication step
smart-alek 69e6cf1
minor typo in google auth doc
smart-alek 43207de
rewrite configuration walkthrough
smart-alek 79fd6ef
add final commands for gcloud config
smart-alek 1df2102
be more explicit about auth differences for images
smart-alek File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,75 +1,110 @@ | ||
--- | ||
layout: classic-docs | ||
title: "Deploying to Google Container Engine" | ||
short-title: "Deploying to Google Container Engine" | ||
title: "Deploying to Google Kubernetes Engine" | ||
short-title: "Deploying to Google Kubernetes Engine" | ||
categories: [containerization] | ||
description: "Deploying to Google Container Engine with CircleCI 2.0." | ||
description: "Deploying to Google Kubernetes Engine with CircleCI 2.0." | ||
order: 60 | ||
--- | ||
|
||
*[Deploy]({{ site.baseurl }}/2.0/deployment-integrations/) > Using Google Container Engine* | ||
*[Deploy]({{ site.baseurl }}/2.0/deployment-integrations/) > Deploying to Google Kubernetes Engine* | ||
|
||
In order to use Google Cloud, you will need to ensure that the [Google Cloud SDK](https://cloud.google.com/sdk/) is installed on your primary container as described in the following sections: | ||
|
||
* TOC | ||
{:toc} | ||
In order to deploy to Google Kubernetes Engine (GKE), | ||
you must install the [Google Cloud SDK](https://cloud.google.com/sdk/) in your primary container. | ||
|
||
## Prerequisites | ||
|
||
This document makes the following assumptions: | ||
- A CircleCI 2.0 project. | ||
- A working knowledge of Docker and building Docker images. | ||
- A registered Google Cloud Platform (GCP) project. Keep the project name handy. | ||
- A GKE cluster connected to your GCP project. Keep the cluster name handy. | ||
|
||
## Steps | ||
|
||
### Select a Base Image | ||
|
||
1. You have a working knowledge of Docker and building Docker images. | ||
1. You already have a GCP project registered. Keep the project name handy. | ||
1. A Container Engine cluster has already been created in your GCP project. Keep the cluster name handy. | ||
1. Your repository has already been configured as a CircleCI 2.0 project. | ||
If Debian is an acceptable operating system for your primary container, | ||
consider using Google's base image. | ||
You can find this image on DockerHub as [`google/cloud-sdk`](https://hub.docker.com/r/google/cloud-sdk/). | ||
Otherwise, follow the [SDK installation instructions](https://cloud.google.com/sdk/) for your base image's operating system. | ||
|
||
## Selecting a Base Image | ||
If Debian is acceptable as a base for your custom primary container, Google's [`google/cloud-sdk`](https://hub.docker.com/r/google/cloud-sdk/) image can be a good base image to use. | ||
### Authenticate `gcloud` | ||
|
||
For those with more complicated custom primary containers, follow the [installation instructions](https://cloud.google.com/sdk/) for the operating system of your base image. | ||
Before you can use the `gcloud` command line tool with CircleCI, | ||
you must authenticate it. | ||
To do this, | ||
follow the instructions in the [Authenticating Google Cloud Platform]({{ site.baseurl }}/2.0/google-auth/) document. | ||
After completing these steps, | ||
you should have created an environment variable called `GCLOUD_SERVICE_KEY`. | ||
Using this particular name is not required, | ||
but it will be used throughout the examples in this document. | ||
|
||
## Setting Up Authentication | ||
### Add More Environment Variables | ||
|
||
### Generating a Service Account Key | ||
After the Google Cloud SDK has been integrated into your primary container (see above), authentication can be achieved with the use of a [service account](https://cloud.google.com/docs/authentication#getting_credentials_for_server-centric_flow). Ensure that you follow the Google Cloud documentation for generating a service account, or create a new key for an existing service account, saving the credentials as a JSON key. | ||
For convenience, add three more environment variables to your project: | ||
|
||
Paste this into a new environment variable's "Value" field, using the name `GOOGLE_AUTH`. Using this particular name is not required, but will be used throughout the examples in this document. | ||
- `GOOGLE_PROJECT_ID`: the ID of your GCP project | ||
- `GOOGLE_COMPUTE_ZONE`: the default [compute zone](https://cloud.google.com/compute/docs/regions-zones/) | ||
- `GOOGLE_CLUSTER_NAME`: the target cluster for all deployments | ||
|
||
Next, simply set up three more environment variables for convenience: | ||
### Authenticate to Google's Container Registry | ||
|
||
* `GOOGLE_PROJECT_ID`: the ID of your GCP project | ||
* `GOOGLE_CLUSTER_NAME`: the cluster to which deployments will occur | ||
* `GOOGLE_COMPUTE_ZONE`: which compute zone to use by default, e.g. `us-central1-a` | ||
If you chose the `google/cloud-sdk` image, | ||
no authentication is needed since this is a public image. | ||
|
||
### Setting Up a Job Step to Decode Credentials | ||
Once the `GOOGLE_AUTH` environment variable has been saved to your project, it will be readily available for use in the steps of your job's primary container. | ||
```yaml | ||
version: 2 | ||
jobs: | ||
deploy-job: | ||
docker: | ||
- image: google/cloud-sdk | ||
``` | ||
|
||
**config.yml** | ||
If you are using a custom image, | ||
authenticate to Google's Container Registry (GCR). | ||
Since you are [using a JSON key file](https://cloud.google.com/container-registry/docs/advanced-authentication#using_a_json_key_file), | ||
use the `auth` key in `config.yml` | ||
to specify credentials: | ||
|
||
```yaml | ||
version: 2 | ||
jobs: | ||
deploy-job: | ||
docker: | ||
- image: gcr.io/project/image-name | ||
auth: | ||
username: _json_key # default username when using a JSON key file to authenticate | ||
password: $GCLOUD_SERVICE_KEY # encoded service account you created | ||
``` | ||
|
||
```yml | ||
docker: | ||
- image: gcr.io/project/image-name | ||
auth: | ||
#Put the contents of keyfile.json into an environment variable for the build called GCR_CREDS, which is then passed in. | ||
username: _json_key | ||
password: $GOOGLE_AUTH | ||
- steps: | ||
# ... | ||
- run: | ||
name: Dump Google Cloud Credentials to file | ||
command: echo ${GOOGLE_AUTH} > ${HOME}/gcp-key.json | ||
# ... | ||
### Add a Job Step to Decode Credentials | ||
|
||
To authenticate the `gcloud` tool, | ||
add a job step to decode the `GCLOUD_SERVICE_KEY` environment variable: | ||
|
||
```yaml | ||
version: 2 | ||
jobs: | ||
deploy-job: | ||
docker: | ||
- image: google/cloud-sdk | ||
steps: | ||
- run: | ||
name: Decode and Store Service Account | ||
command: echo $GCLOUD_SERVICE_KEY | base64 --decode --ignore-garbage > ${HOME}/gcloud-service-key.json | ||
``` | ||
|
||
## Configuring `gcloud` | ||
### Configure `gcloud` | ||
|
||
As part of your deployment commands, configure `gcloud` to use the newly-configured service account and set up the appropriate defaults: | ||
Finally, as part of your deployment commands, | ||
update `gcloud`, authenticate, and set appropriate defaults for your project: | ||
|
||
```sh | ||
gcloud auth activate-service-account --key-file ${HOME}/gcp-key.json | ||
```bash | ||
gcloud --quiet components update | ||
gcloud auth activate-service-account --key-file=${HOME}/gcloud-service-key.json | ||
gcloud --quiet config set project ${GOOGLE_PROJECT_ID} | ||
gcloud --quiet config set compute/zone ${GOOGLE_COMPUTE_ZONE} | ||
gcloud --quiet container clusters get-credentials ${GOOGLE_CLUSTER_NAME} | ||
``` | ||
|
||
|
||
Refer to the [Google Cloud](https://circleci.com/docs/2.0/deployment-integrations/#google-cloud) deploy example for further steps. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feels weird to link people to the rest of deploy section, when the page itself is called "deploying to", but its what the deployment-integrations page is for so w/e