Document cloud build deployment cli #25
Description
for retrofit of https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/docs/google-cloud-landingzone-traffic-generation.md
For role automation see canada-ca/accelerators_accelerateurs-gcp#42 (comment)
set Folder Admin role...
export [email protected]
export ORG_ID=6839210352
service account impersonation
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/iam.serviceAccountTokenCreator
create folders
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/resourcemanager.folderAdmin
listing enabled services on a project
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/resourcemanager.organizationAdmin
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/serviceusage.serviceUsageAdmin
create cloud build triggers
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/cloudbuild.builds.editor
cloud run
gcloud services enable run.googleapis.com
create folder
root_@cloudshell:~$ gcloud resource-manager folders create --display-name=traffic --organization=6839210352
Waiting for [operations/cf.4720145089362488460] to finish...done.
Created [<Folder
createTime: '2022-09-07T00:23:40.991Z'
displayName: 'traffic'
lifecycleState: LifecycleStateValueValuesEnum(ACTIVE, 1)
name: 'folders/64965792995'
parent: 'organizations/6839210352'>].
create project
root_@cloudshell:~$ gcloud projects create traffic-agz --folder=64965792995
Create in progress for [https://cloudresourcemanager.googleapis.com/v1/projects/traffic-agz].
Waiting for [operations/cp.7621766356452603860] to finish...done.
Enabling service [cloudapis.googleapis.com] on project [traffic-agz]...
Operation "operations/acat.p2-783080225319-d6ac0798-5097-4ab6-b12c-0774f2bede74" finished successfully.
switch to project
root_@cloudshell:~$ gcloud config set project traffic-agz
Updated property [core/project].
root_@cloudshell:~ (traffic-agz)$
set region, organization, billing ids
export REGION=northamerica-northeast1
export PROJECT=traffic-agz
export BILLING=$(gcloud alpha billing projects describe $PROJECT '--format=value(billingAccountName)' | sed 's/.*\///')
export ORGANIZATION=$(gcloud projects get-ancestors $PROJECT --format='get(id)' | tail -1)
clone repo
setup CSR mirror
root_@cloudshell:~/traffic (traffic-agz)$ git config --global credential.'https://source.developers.google.com'.helper gcloud.sh
root_@cloudshell:~/traffic (traffic-agz)$ gcloud source repos create magellan
API [sourcerepo.googleapis.com] not enabled on project [783080225319]. Would you like to enable and retry (this will take a few minutes)? (y/N)? y
Enabling service [sourcerepo.googleapis.com] on project [783080225319]...
Operation "operations/acat.p2-783080225319-a5cd4ed4-0400-4350-bcf6-2e7c709f4ece" finished successfully.
ERROR: (gcloud.source.repos.create) ResponseError: status=[PERMISSION_DENIED], code=[403], message=[User [[email protected]] does not have permission to access projects instance [traffic-agz] (or it may not exist): This API method requires billing to be enabled. Please enable billing on project #783080225319 by visiting https://console.developers.google.com/billing/enable?project=783080225319 then retry. If you enabled billing for this project recently, wait a few minutes for the action to propagate to our systems and retry.].
Forgot to setup Billing Administrator - fix billing and reenter - verify billing not set
root_@cloudshell:~/traffic (traffic-agz)$ echo $BILLING
now recheck billing on the project
root_@cloudshell:~/traffic (traffic-agz)$ export BILLING=$(gcloud alpha billing projects describe $PROJECT '--format=value(billingAccountName)' | sed 's/.*\///')
root_@cloudshell:~/traffic (traffic-agz)$ echo $BILLING
011B..169E
rerun csr creation
root_@cloudshell:~/traffic (traffic-agz)$ gcloud source repos create magellan
Created [magellan].
WARNING: You may be billed for this repository. See https://cloud.google.com/source-repositories/docs/pricing for details.
Forgot to enter upstream repo via https://cloud.google.com/source-repositories/docs/adding-repositories-as-remotes
root_@cloudshell:~/traffic (traffic-agz)$ rm -rf magellan/
root_@cloudshell:~/traffic (traffic-agz)$ ls
root_@cloudshell:~/traffic (traffic-agz)$ git clone https://github.com/obrienlabs/magellan.git
Cloning into 'magellan'...
remote: Enumerating objects: 375, done.
remote: Counting objects: 100% (300/300), done.
remote: Compressing objects: 100% (150/150), done.
remote: Total 375 (delta 121), reused 251 (delta 77), pack-reused 75
Receiving objects: 100% (375/375), 54.47 KiB | 3.63 MiB/s, done.
Resolving deltas: 100% (133/133), done.
root_@cloudshell:~/traffic (traffic-agz)$ cd magellan
root_@cloudshell:~/traffic/magellan (traffic-agz)$ git config --global credential.'https://source.developers.google.com'.helper gcloud.sh
root_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud source repos create magellan
Created [magellan].
WARNING: You may be billed for this repository. See https://cloud.google.com/source-repositories/docs/pricing for details.
root_@cloudshell:~/traffic/magellan (traffic-agz)$ git remote add google https://source.developers.google.com/p/traffic-agz/r/magellan
root_@cloudshell:~/traffic/magellan (traffic-agz)$ git push google master
Enumerating objects: 375, done.
Counting objects: 100% (375/375), done.
Delta compression using up to 4 threads
Compressing objects: 100% (151/151), done.
Writing objects: 100% (375/375), 54.48 KiB | 54.48 MiB/s, done.
Total 375 (delta 133), reused 375 (delta 133), pack-reused 0
remote: Resolving deltas: 100% (133/133)
To https://source.developers.google.com/p/traffic-agz/r/magellan
* [new branch] master -> master
root_@cloudshell:~/traffic/magellan (traffic-agz)$ git status
On branch master
Your branch is up to date with 'origin/master'.
nothing to commit, working tree clean
enable services
root_@cloudshell:~ (traffic-agz)$ gcloud services list --enabled --project traffic-agz | grep NAME
NAME: bigquery.googleapis.com
NAME: bigquerymigration.googleapis.com
NAME: bigquerystorage.googleapis.com
NAME: cloudapis.googleapis.com
NAME: clouddebugger.googleapis.com
NAME: cloudtrace.googleapis.com
NAME: datastore.googleapis.com
NAME: logging.googleapis.com
NAME: monitoring.googleapis.com
NAME: servicemanagement.googleapis.com
NAME: serviceusage.googleapis.com
NAME: sourcerepo.googleapis.com
NAME: sql-component.googleapis.com
NAME: storage-api.googleapis.com
NAME: storage-component.googleapis.com
NAME: storage.googleapis.com
root_@cloudshell:~ (traffic-agz)$ gcloud services enable compute.googleapis.com
Operation "operations/acf.p2-783080225319-8340daf4-b2f1-4df4-98c2-77e971a505e0" finished successfully.
git config
root_@cloudshell:~ (traffic-agz)$ git config --global user.email "mich...abs.org"
root_@cloudshell:~ (traffic-agz)$ git config --global user.name "Mic..en"
Create repository
https://cloud.google.com/sdk/gcloud/reference/artifacts/repositories/create
enable service
gcloud services enable artifactregistry.googleapis.com
root_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud artifacts repositories create magellan --location=northamerica-northeast1 --repository-format=docker
Create request issued for: [magellan]
Waiting for operation [projects/traffic-agz/locations/northamerica-northeast1/operations/996356e2-d3ea-488e-886f-d156828b5e8c] to complete...done.
Created repository [magellan].
Create cloud build trigger
enable service
gcloud services enable cloudbuild.googleapis.com
verify role set
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/cloudbuild.builds.editor
Use the default cloud build service account
root_@cloudshell:~/traffic/magellan (traffic-agz)$ vi cloudbuild.yaml
root_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud beta builds triggers create cloud-source-repositories --repo=magellan --branch-pattern=master --build-config=cloudbuild.yaml
Created [https://cloudbuild.googleapis.com/v1/projects/traffic-agz/locations/global/triggers/aef1d124-9943-44cf-90f5-513f398cdbf8].
NAME: trigger
CREATE_TIME: 2022-09-07T02:11:54+00:00
STATUS:
root_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud auth configure-docker \
northamerica-northeast1-docker.pkg.dev
WARNING: Your config file at [/home/root_/.docker/config.json] contains these credential helper entries:
{
"credHelpers": {
"gcr.io": "gcloud",
"us.gcr.io": "gcloud",
"eu.gcr.io": "gcloud",
"asia.gcr.io": "gcloud",
"staging-k8s.gcr.io": "gcloud",
"marketplace.gcr.io": "gcloud"
}
}
Adding credentials for: northamerica-northeast1-docker.pkg.dev
After update, the following will be written to your Docker config file located at [/home/root_/.docker/config.json]:
{
"credHelpers": {
"gcr.io": "gcloud",
"us.gcr.io": "gcloud",
"eu.gcr.io": "gcloud",
"asia.gcr.io": "gcloud",
"staging-k8s.gcr.io": "gcloud",
"marketplace.gcr.io": "gcloud",
"northamerica-northeast1-docker.pkg.dev": "gcloud"
}
}
Do you want to continue (Y/n)? y
Dockerfile
root_@cloudshell:~/traffic/magellan (traffic-agz)$ cat Dockerfile
FROM openjdk:11
ARG USERVICE_HOME=/opt/app/
ARG JARFILE=magellan-nbi/target/magellan-nbi-0.0.3-SNAPSHOT.jar
# Build up the deployment folder structure
RUN mkdir -p $USERVICE_HOME
ADD magellan-nbi/target/magellan-nbi-*.jar $USERVICE_HOME/ROOT.jar
EXPOSE 8080
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/opt/app/ROOT.jar"]
cloudbuild.yaml
root_@cloudshell:~/traffic/magellan (traffic-agz)$ cat cloudbuild.yaml
# [START cloudbuild_maven]
steps:
# - name: maven:3-jdk-11
# entrypoint: mvn
# args: ["test"]
- name: maven:3-jdk-11
entrypoint: mvn
args: ["package", "-Dmaven.test.skip=true -DskipTests=true"]
- name: gcr.io/cloud-builders/docker
## gcr.io/
args: ["build", "-t", "northamerica-northeast1-docker.pkg.dev/$PROJECT_ID/magellan/magellan", "--build-arg=JAR_FILE=magellan-nbi/target/magellan-nbi-0.0.3-SNAPSHOT.jar", "."]
#args: ['build', '-t', 'LOCATION-docker.pkg.dev/$PROJECT_ID/traffic-generation/magellan-nbi', '.' ]
images:
# ["gcr.io/$PROJECT_ID/magellan-nbi:latest"]
["northamerica-northeast1-docker.pkg.dev/$PROJECT_ID/magellan/magellan:latest"]
Update CSR repo with local cloudbuild.yaml - invoke trigger
git add cloudbuild.yaml
git commit -m "#1 - revert to magellan/magellan"
git push google master
Create cloud run instance
get the manifest from https://console.cloud.google.com/artifacts/docker/traffic-agz/northamerica-northeast1/magellan/magellan/sha256:97f7d5a8b1038f467133052052b94327404ecd5bbbe2dc2d43e7e9627548cf60;tab=install?project=traffic-agz&supportedpurview=project
enable cloud run
gcloud services enable run.googleapis.com
oot_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud beta run deploy magellan-target --image=northamerica-northeast1-docker.pkg.dev/traffic-agz/magellan/magellan@sha256:97f7d5a8b1038f467133052052b94327404ecd5bbbe2dc2d43e7e9627548cf60 --allow-unauthenticated --service-account=783080225319-compute@developer.gserviceaccount.com --timeout=30 --cpu=1 --memory=2Gi --execution-environment=gen2 --region=northamerica-northeast1 --project=traffic-agz
Deploying container to Cloud Run service [magellan-target] in project [traffic-agz] region [northamerica-northeast1]
/ Deploying new service... Initializing project for the current region.
/ Creating Revision...
. Routing traffic...
OK Setting IAM Policy...
API [run.googleapis.com] not enabled on project [783080225319]. Would you like to enable and retry (this will take a few minutes)? (y/N)?
- Deploying new service... Deploying Revision. Waiting on revision magellan-target-00001-bip.
- Creating Revision... Deploying Revision.
Check service
https://magellan-target-a....anq-nn.a.run.app/nbi/swagger-ui.html
https://magellan-target-as..nq-nn.a.run.app/nbi/swagger-ui.html#/application-service-controller/getHealthUsingGET_1
Metadata
Metadata
Assignees
Labels
No labels