Scribd
Upload
41 views32 pages

Googlecloudbuildcloudrun

Uploaded by

avinash j
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
41 views32 pages

Googlecloudbuildcloudrun

Uploaded by

avinash j
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 32
fry and Cloud Run | by tam Luz | CIBT 1019123, 6:04 Pet How to Set Up a Deployment Pipck yogle Cloud with Cloud Bul, Cor How to Set Up a Deployment Pipeline on Google Cloud with Cloud Build, Container Registry and Cloud Run Automatically building and deploying containers into Cloud Run when changes get pushed to your Git repositories. eé Ivam Luz - Follow ‘<8? Published in CI&T » t1minread - Mav17,2020 Openinapp A Gams) Sionin @O) secre mecium Z wite . nips medium, comic. thow4o-setup-2- deployment pipeine-on-gcp-with@cloudbuild.gserviceaccount.com, with some new permissions. To do so: + From the top-left menu, select [AM & Admin; nips medium, comic. thow4o-setup-2- deployment pipeine-on-gcp-with@cloudbuild.gserviceaccount.com; Edit the service account and add the Cloud Run Admin and Service Account User roles. Cloud Run Admin is needed, so Cloud Build has the permissions necessary to deploy the Cloud Run service; Service Account User is necessary, so the Cloud Run service may be configured to allow access from unauthenticated users, as described here. Container Registry Container Registry is a private container image registry that runs on Google Cloud. Container Registry supports Docker Image Manifest V2 and OCI image formats. Many people use Dockerhub as a central registry for storing public Docker images, but to control access to your images you need to use a private registry such as Container Registry. You can access Container Registry through secure HTTPS endpoints, which allow you to push, pull, and manage images from any system, VM instance, or your own hardware. Additionally, you can use the Docker credential helper command-line tool to configure Docker to authenticate directly with Container Registry. Reference: https://cloud.google.com/container-registry/docs/overview Cloud Run nips medium, comic. thow4o-setup-2- deployment pipeine-on-gcp-withSelect repoatory io Select repository Silvas ‘Sect Gitu epostoes to connect to Cod ald Marts of ts GOP projet nl te sb cet anmtngpet en hse reoateres cerns nv account wank =e Y Slot a epostones En repostnee on Gt Uf Y cudrsampleask | lnderstand hat tub content othe selected poston ibe ‘anefred ths GF poet o provide the commeted secs. Marrs of {SCOP poet h suficent permessions willbe able to ceateard ur tigger on ese epstones based on vnafered Ct corer Connecting the GitHub repository to Cloud Build * Select the GitHub repository and click Create push trigger. loud aut € Comectrepostry ese Creating the GitHub repository push trigger + Notice you aren’t able to configure the trigger parameters at the time of its creation, but it’s possible to do so after it’s created: !ntps:stmedium.com/c-thow-to-sel-up-2-deployment-pipeline-on-gcp-with-cloud-buil-container-egisty-and-cloud-run-7339118b7 704 1019123, 6:04PM How to Set Up @ Deployment Pipeline on Google Cloud wth Cloud Bulle, Container Registry and Cloud Run |by Wwam Luz | CIST @ cowoua Tigges eowecraroon + ct © ene Lt Editing the Cloud Build trigger * Configure the trigger as shown in the image below: !ntps:imedium.comic-thow-to.sel-up-2-deployment pipeline-on-gep-with-cloud-bult-containeregisty-and-cloud-run-739911Sb7 704 6192 1019723, 6:04 Pee How to Set Up a Deployment Pipeline on Google Cloud with Cloud Build, Container Registy and Cloud Run | by Wwam Luz | CI8T | @ cowons Here, we speci © tagger ome woe seme Quamatindenamdette eros Poa @ neat © ronnein Pantin pom sous Dette Cloud Build trigger configuration + The Name and Description of the trigger; * That the build should be triggered whenever stuff is pushed into the master branch of the repository; ¢ That the build configuration is provided by the cloudbuild.yaml file from our repository; !ntps:imedium.comic-thow-to.sel-up-2-deployment pipeline-on-gep-with-cloud-bult-containeregisty-and-cloud-run-739911Sb7 704 isa 1019723,6:04PM How to Set Up @ Deployment Pipe on Google Cloud wit Cloud Buld, Container Registry and Cloud Run |by vam Luz | CI8T | + That the SERVICE_NAME variable from our cloudbuild.yaml should be replaced with the pipeline-demo value. As described before, this variable is used for managing our generated Docker image, as well as to set the name of the deployed Cloud Run service. Triggering builds To test the configuration done so far, you have two options: 1. Commit and push any changes to the master branch of your repository; 2, Run the trigger manually by clicking the Run trigger button: G cowauts eagme —— Seernonron! + ore esen Option to run the Cloud Build trigger manually To see your build in action, select Dashboard in the left side menu: GB crow outa Dashboard 1 onions = 2 @ Successful: ivamluz/cloud-run-sample-flask - push-to-deploy-branch suaaassra toon taney Cmntariestonseniets, sat rion aerery rors @ ow inlitnal ween ooto2e 250-758 Cloud Build dashboard !ntps:imedium.comic-thow-to.sel-up-2-deployment pipeline-on-gep-with-cloud-bult-containeregisty-and-cloud-run-739911Sb7 704 8192 1019123, 6:04PM How to Set Up @ Deployment Pipeline on Google Cloud wth Cloud Bulle, Container Registy and Cloud Run |by Wwam Luz | CIST For each configured build, the Dashboard shows: The date and time of the latest build; The build duration; A description of the trigger; Alink to the source repository; The hash of the commit for which the build was triggered; A small chart with the Success/Failure build history; The average duration of the buidls; The percentage of success and failures. To view details about it, click in the link shown under Latest Build. You should see something like this: @ cow out © taiddeite Cnn Ejeoram —— © Successful e35eTbfe ee we on we a caning wanes Tatuiniant Quactutinisecmitede Tor att Cloud Build — Build details Notice you are able to see the output for each of the build steps defined in our cloudbuild. yam! file. Viewing Registered Containers !ntps:imedium.comic-thow-to.sel-up-2-deployment pipeline-on-gep-with-cloud-bult-containeregisty-and-cloud-run-739911Sb7 704 9192 Ifyou want to see / manage the containers generated by your build, you can do so by accessing the Container Registry service from the top-left menu: (2) comamerneciry — € magee = vem Bm eatnedere oan, beni rede Container Registry — List of images From this page, you can see all the registered containers, as well as delete older containers that aren't in use anymore. Accessing the deployed application Now that the application is built and deployed, you should be able to access it through the endpoint generated by Cloud Run. To get its address: + In the GCP Console, select Cloud Run from the top-left menu; * Click on the name of the deployed service; * Copy the URL at the top of the page: nips medium, comic. thow4o-setup-2- deployment pipeine-on-gcp-with CloudRun << _ Service details (7 EDIT DEPLOY NEW REVISION @ pipeline-demo —agien:ue-certrali_ URL: hpe/pipelnedemepmrygnnhaucarnace © Cloud Run — Service details Remember that, as described earlier, our application exposes two endpoints: a public endpoint to test if the application is alive; : a private endpoint protected with Basic Auth. All it does is to return a simple JSON with “Hello, World”. The intent of this endpoint is to demonstrate how we can make use of environment variables on Cloud Run. To test the /health endpoint, run the following curl command: 1 $ curl -i‘https://pipeline-deno-pnrwyanvina-uc.a.run.app/health’ 2 HTTP/2 200 3 content-type: text/html; charsetaut 4 5 6 date: Sat, 16 May 2020 19:56:20 GMT server: Google Frontend content-Length: 13 alt-sve: h3-2 2443"; ma=2592800,h3-25=":443"; ma=2592000,h3-T0S0=":443"; ma=2592800, h3-Q0se 7 8 9 It ds alive! ‘ » istfilettxt hosted with @ by GitHub View raw Testing the deployed application with cur! To test the /hello endpoint, run the following curl command: 1 Seurl -i\ 20> +H "xcapi-key: 1234" \ npe:simedium.convc-thhow-o-sel-up-2-deployment-pipel .on-gep-with-cloud-bulé-containeregisty-and-cloud-run-739911Sb7704 ria 1019123, 6:04 Pet How to Set Up a Deployment Pipeline on Google Cloud with Cloud Build, Container Registy and Cloud Run | by Wwam Luz | CI8T | > *hetps://pipel ine-deno-pmrwygnvha-uc.a.run.app/hello" HTTP/2 aaa content-type: text/html; charset-utf-8 date: Sat, 16 May 2028 19:59:36 Gur server: Google Frontend content-length: 338 alt-sve: h3-27=":443"; ma=2592000, n3-2: 443"; ma=2592000, n3-T05 1443"; ma=2592000, h3-056 Fry 11 12 13° Unauthorized 14

The server could not verify that you are authorized to access the URL requested. You either si 4 > cistfile xt hosted with @ by GitHub view raw Testing the protected application endpoint with curl — HTTP 401 Now, if you remember, the /hello endpoint is protected with a Basic Auth mechanism, and the reason for this is to demonstrate how we can make use of environment variables on Cloud Run. To fix this problem, we can make use of some scripts versioned into our repository. If you have gone through the steps to run and test the application locally, as described in the application README file, you'll remember of the scripts/hash_value.py script, which we can use to hash values in the SHA-512 form. Earlier in this article, we talked about the require_api_key decorator, which is used to secure our /hello endpoint with Basic Auth. Remember that, under the hood, this decorator reads the HASHED_API_KEY environment variable, hashes the received x-api-key HTTP header value with SHA-512 and compares both values to decide whether or not to allow the request to. proceed. To set the HASHED_API_KEY environment variable, follow these steps: nips medium, comic. thow4o-setup-2- deployment pipeine-on-gcp-with Cloud Run < Deploy revision to pipeline-demo (us-central1) Aservice can have multiple revisions. The configurations of each revision are immutable. Container image URL * gerio/iluz-tutorials/pipeline-demo:50ec691 ‘SELECT gcrio/cloudcunvhelo Should listen for HTTP requests on $PORT and not rly on local state, How to build a container? Advanced settings CONTAINER VARIABLES CONNECTIONS: Store and consume secrets using Secret Manager Environment variables Name Value HASHED_APLKEY d404559'602eab6fd602ac7680dac + ADD VARIABLE Setting environment variables manually * Click the DEPLOY button; Wait for the application to be deployed and retest it with the following curl command: 1 2 3 a 5 6 7 8 npe:simedium.convic-thhow-o-sel-up-2-deployment-pipel S curl -4\ > cH txcapi-key: 1236" \. > “https://pipeline-dero-pmrayanvha-uc.a.run.app/hello* HTTP/2 200 content-type: application/json date: Sat, 16 May 2028 21:48:25 GMT server: Google Frontend content-length: 18 .on-gep-with-cloud-builé-containeregisty-and-cloud-run-739911Sb7 704 aia 1019123, 6.04PM How to Set Up @ Deployment Pipeline on Google Cloud wth Cloud Bulle, Container Registry and Cloud Run |by Wwam Luz | CIST fag} ma=zo¥cowe,n4-co= 1484 j MaSe>¥eNOY,N9-Iu>e= ads j MaRco¥LOOe,Ns-WEDE= t 10 3 {hello" world") < > sistfile xt hosted with @ by GitHub view raw Testing the protected application endpoint with curl — HTTP 200 Notice how we now get a 200 response back containing our “Hello, world” JSON. Automating the environnment variable configuration Alternatively, if you have gcloud configured locally, you can use the scripts/set_env_vars.sh script to configure the environment variable configuration. To do so, run the following command from inside the scripts folder: $ -/set_env_vars.sh Enter the Cloud Run Service nare: pipeline-deno ¥ Deploying... Done. Y creating Revision. Done. Service [pipeline-deno] revision [pipeline-deno-800e4-hec] has been deployed and is serving 10@ px 1 2 3 4 5 ¥ Routing traffic. 6 7 4 » sistfilettxt hosted with @ by GitHub view raw Automating the environment variable configuration The command will prompt for the service name to be updated and for the unhashed value of the API Key. It will then update the Cloud Run service with the hashed value for the provided API Key: HI /bin/bash 1 2 3 read -p “Enter the Cloud Run Service name: “ SERVICE NAME 4 read -5 -p “Enter the APT KEY: * APT_KEY !ntps:imecium.comi-thow-to.sel-up-a-deployment pipeline-on-gep-with-cloud-bult-containeregisty-and-cloud-run-739911Sb7 704 25192 1019723, 6:04 Pmt How to Set Up a Deployment Pipeline on Google Cloud with Cloud Build, Container Registy and Cloud Run | by Wwam Luz | CI8T | HASHED_APT_KEV=" ./hash_value.py --value "S{API_KEY} 6 7 8 gcloud run \ 9 services update $SERVICE_NAME \, 10 =-region us-centrala \ 11 ~-platform managed \ 12 --update-env-vars HASHED_API_KEY-SHASHED_API_KEY setenv_vars sh hosted with @ by GitHub view raw The script to update the service environment variables Clean-up To undo the changes done while following this tutorial, make sure to: * Delete the deployed Cloud Run service; * Delete the Container Registry saved images; * Delete the Cloud Build configured triggers; * Disconnect any connected repositories. Final Thoughts In this tutorial, we have gone through the process of setting up a deployment pipeline powered by GitHub, Cloud Build, Container Registry and Cloud Run. The pipeline was configured to be triggered everytime new code was pushed into the master branch of the connected repository. Once that happens, the nips medium, comic. thow4o-setup-2- deployment pipeine-on-gcp-with

You might also like