Page tree
Skip to end of metadata
Go to start of metadata



Overview


- https://cloud.google.com/deploy
- https://kpt.dev/
- https://cloud.google.com/anthos-config-management/docs/concepts/config-controller-overview
- https://cloud.google.com/config-connector/docs/overview
- https://github.com/GoogleCloudPlatform/k8s-config-connector
- https://skaffold.dev/
- https://cloud.google.com/skaffold

https://github.com/GoogleContainerTools/skaffold

Tools and APIs

kcc

kpt

config controller

config connector

cloud deploy

krm

anthos

gke

gcloud


Quickstart

20220617: 

https://cloud.google.com/deploy

https://cloud.google.com/deploy/docs/deploying-application/

ob.sy

using ob.sy account via https://cloud.google.com/deploy/docs/deploy-app-gke?hl=en_US&_ga=2.124984131.-833148768.1648058724

https://console.cloud.google.com/deploy/delivery-pipelines?referrer=search&project=services-os

20220413: ol.dev

https://console.cloud.google.com/deploy/delivery-pipelines?referrer=search&project=clouddeploy-ol&supportedpurview=project

Quickstart

https://cloud.google.com/deploy/docs/deploy-app-gke?_ga=2.243200258.-1098396564.1647194753


enable apis

https://console.cloud.google.com/flows/enableapi?apiid=clouddeploy.googleapis.com,cloudbuild.googleapis.com,storage-component.googleapis.com,container.googleapis.com,cloudresourcemanager.googleapis.com&redirect=https://cloud.google.com/deploy/docs/quickstart-basic&_ga=2.6205427.1702873776.1649854326-1098396564.1647194753

  • Google Cloud Deploy API
  • Cloud Build API
  • Cloud Storage
  • Kubernetes Engine API
  • Cloud Resource Manager API



Add to compute engine SA

michael@cloudshell:~$ gcloud config set project clouddeploy-ol
Updated property [core/project].
michael@cloudshell:~ (clouddeploy-ol)$ gcloud projects add-iam-policy-binding clouddeploy-ol \
    --member=serviceAccount:$(gcloud projects describe clouddeploy-ol \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role="roles/clouddeploy.jobRunner"
Updated IAM policy for project [clouddeploy-ol].
bindings:
- members:
  - serviceAccount:205973482280@cloudbuild.gserviceaccount.com
  role: roles/cloudbuild.builds.builder
- members:
  - serviceAccount:service-205973482280@gcp-sa-cloudbuild.iam.gserviceaccount.com
  role: roles/cloudbuild.serviceAgent
- members:
  - serviceAccount:205973482280-compute@developer.gserviceaccount.com
  role: roles/clouddeploy.jobRunner
- members:
  - serviceAccount:service-205973482280@compute-system.iam.gserviceaccount.com
  role: roles/compute.serviceAgent
- members:
  - serviceAccount:service-205973482280@container-engine-robot.iam.gserviceaccount.com
  role: roles/container.serviceAgent
- members:
  - serviceAccount:service-205973482280@containerregistry.iam.gserviceaccount.com
  role: roles/containerregistry.ServiceAgent
- members:
  - serviceAccount:205973482280-compute@developer.gserviceaccount.com
  - serviceAccount:205973482280@cloudservices.gserviceaccount.com
  role: roles/editor
- members:
  - user:michael@obbs.d
  role: roles/owner
- members:
  - serviceAccount:service-205973482280@gcp-sa-pubsub.iam.gserviceaccount.com
  role: roles/pubsub.serviceAgent


Run the 2 clusters

michael@cloudshell:~ (clouddeploy-ol)$ gcloud container clusters create-auto quickstart-cluster-qsdev --project=clouddeploy-ol --region=us-central1 && gcloud container clusters create-auto quickstart-cluster-qsprod --project=clouddeploy-ol --region=us-central1
Note: The Pod address range limits the maximum size of the cluster. Please refer to https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr to learn how to optimize IP address allocation.
Creating cluster quickstart-cluster-qsdev in us-central1... Cluster is being deployed...working 
5min
Creating cluster quickstart-cluster-qsdev in us-central1... Cluster is being health-checked (master is healthy)...working. 
Created [https://container.googleapis.com/v1/projects/clouddeploy-ol/zones/us-central1/clusters/quickstart-cluster-qsdev].
To inspect the contents of your cluster, go to: https://console.cloud.google.com/kubernetes/workload_/gcloud/us-central1/quickstart-cluster-qsdev?project=clouddeploy-ol
kubeconfig entry generated for quickstart-cluster-qsdev.
NAME: quickstart-cluster-qsdev
LOCATION: us-central1
MASTER_VERSION: 1.21.6-gke.1503
MASTER_IP: 35.188.77.181
MACHINE_TYPE: e2-medium
NODE_VERSION: 1.21.6-gke.1503
NUM_NODES: 3
STATUS: RUNNING
Note: The Pod address range limits the maximum size of the cluster. Please refer to https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr to learn how to optimize IP address allocation.
Creating cluster quickstart-cluster-qsprod in us-central1...working..



20220927: Cloud Deploy Quickstart - Cloud Run


https://console.cloud.google.com/deploy/delivery-pipelines?referrer=search&project=clouddeploy-gz


Welcome to Cloud Shell! Type "help" to get started.
To set your Cloud Platform project in this session use “gcloud config set project [PROJECT_ID]”
michael@cloudshell:~$ gcloud config set project clouddeploy-gz
Updated property [core/project].
michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding clouddeploy-ol \
    --member=serviceAccount:$(gcloud projects describe clouddeploy-ol \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role="roles/clouddeploy.jobRunner"
ERROR: (gcloud.projects.describe) User [michael@gcp.zone] does not have permission to access projects instance [clouddeploy-ol] (or it may not exist): The caller does not have permission
ERROR: (gcloud.projects.add-iam-policy-binding) User [michael@gcp.zone] does not have permission to access projects instance [clouddeploy-ol:getIamPolicy] (or it may not exist): The caller does not have permission
michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding clouddeploy-gz     --member=serviceAccount:$(gcloud projects describe clouddeploy-gz \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com     --role="roles/clouddeploy.jobRunner"
ERROR: Policy modification failed. For a binding with condition, run "gcloud alpha iam policies lint-condition" to identify issues in condition.
ERROR: (gcloud.projects.add-iam-policy-binding) INVALID_ARGUMENT: Service account 400677570484-compute@developer.gserviceaccount.com does not exist.


Enable APIs (get them)


  • Google Cloud Deploy API
  • Cloud Build API
  • Cloud Storage
  • Cloud Run Admin API


michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding clouddeploy-gz     --member=serviceAccount:$(gcloud projects describe clouddeploy-gz \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com     --role="roles/clouddeploy.jobRunner"
Updated IAM policy for project [clouddeploy-gz].
bindings:
- members:
  - serviceAccount:400677570484@cloudbuild.gserviceaccount.com
  role: roles/cloudbuild.builds.builder
- members:
  - serviceAccount:service-400677570484@gcp-sa-cloudbuild.iam.gserviceaccount.com
  role: roles/cloudbuild.serviceAgent
- members:
  - serviceAccount:400677570484-compute@developer.gserviceaccount.com
  role: roles/clouddeploy.jobRunner
- members:
  - serviceAccount:service-400677570484@containerregistry.iam.gserviceaccount.com
  role: roles/containerregistry.ServiceAgent
- members:
  - serviceAccount:400677570484-compute@developer.gserviceaccount.com
  role: roles/editor
- members:
  - user:michael@gcp.zone
  role: roles/owner
- members:
  - serviceAccount:service-400677570484@gcp-sa-pubsub.iam.gserviceaccount.com
  role: roles/pubsub.serviceAgent
- members:
  - serviceAccount:service-400677570484@serverless-robot-prod.iam.gserviceaccount.com
  role: roles/run.serviceAgent
etag: BwXpqM


Review

20220927-1: add PROJECT_ID var


https://cloud.google.com/deploy/docs/deploy-app-run

michael@cloudshell:~ (clouddeploy-gz)$ export PROJECT_ID=clouddeploy-gz
michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding PROJECT_ID \
    --member=serviceAccount:$(gcloud projects describe PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role="roles/clouddeploy.jobRunner"
ERROR: (gcloud.projects.describe) INVALID_ARGUMENT: Request contains an invalid argument.
ERROR: (gcloud.projects.add-iam-policy-binding) INVALID_ARGUMENT: Request contains an invalid argument.

michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding $PROJECT_ID     --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com     --role="roles/clouddeploy.jobRunner"
Updated IAM policy for project [clouddeploy-gz].
bindings:
- members:
  - serviceAccount:400677570484@cloudbuild.gserviceaccount.com
  role: roles/cloudbuild.builds.builder
- members:
  - serviceAccount:service-400677570484@gcp-sa-cloudbuild.iam.gserviceaccount.com
  role: roles/cloudbuild.serviceAgent
- members:
  - serviceAccount:400677570484-compute@developer.gserviceaccount.com
  role: roles/clouddeploy.jobRunner
- members:
  - serviceAccount:service-400677570484@containerregistry.iam.gserviceaccount.com
  role: roles/containerregistry.ServiceAgent
- members:
  - serviceAccount:400677570484-compute@developer.gserviceaccount.com
  role: roles/editor
- members:
  - user:michael@gcp.zone
  role: roles/owner
- members:
  - serviceAccount:service-400677570484@gcp-sa-pubsub.iam.gserviceaccount.com
  role: roles/pubsub.serviceAgent
- members:
  - serviceAccount:service-400677570484@serverless-robot-prod.iam.gserviceaccount.com
  role: roles/run.serviceAgent
etag: BwXpqN_aKDo=
version: 1





  • No labels