Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document cloud build deployment cli #25

Open
obriensystems opened this issue Sep 7, 2022 · 0 comments
Open

Document cloud build deployment cli #25

obriensystems opened this issue Sep 7, 2022 · 0 comments
Assignees
@obriensystems

Comments

@obriensystems
Copy link
Member

obriensystems commented Sep 7, 2022
edited
Loading

for retrofit of https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/docs/google-cloud-landingzone-traffic-generation.md
For role automation see canada-ca/accelerators_accelerateurs-gcp#42 (comment)

set Folder Admin role...
export SUPER_ADMIN_EMAIL=root@alternate.gcp.zone
export ORG_ID=6839210352

service account impersonation
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/iam.serviceAccountTokenCreator

create folders
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/resourcemanager.folderAdmin

listing enabled services on a project
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/resourcemanager.organizationAdmin

gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/serviceusage.serviceUsageAdmin

create cloud build triggers
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/cloudbuild.builds.editor

cloud run
gcloud services enable run.googleapis.com

create folder
root_@cloudshell:~$ gcloud resource-manager folders create --display-name=traffic --organization=6839210352
Waiting for [operations/cf.4720145089362488460] to finish...done.    
Created [<Folder
 createTime: '2022-09-07T00:23:40.991Z'
 displayName: 'traffic'
 lifecycleState: LifecycleStateValueValuesEnum(ACTIVE, 1)
 name: 'folders/64965792995'
 parent: 'organizations/6839210352'>].

create project
root_@cloudshell:~$ gcloud projects create traffic-agz --folder=64965792995
Create in progress for [https://cloudresourcemanager.googleapis.com/v1/projects/traffic-agz].
Waiting for [operations/cp.7621766356452603860] to finish...done.    
Enabling service [cloudapis.googleapis.com] on project [traffic-agz]...
Operation "operations/acat.p2-783080225319-d6ac0798-5097-4ab6-b12c-0774f2bede74" finished successfully.

switch to project
root_@cloudshell:~$ gcloud config set project traffic-agz
Updated property [core/project].
root_@cloudshell:~ (traffic-agz)$

set region, organization, billing ids
export REGION=northamerica-northeast1
export PROJECT=traffic-agz
export BILLING=$(gcloud alpha billing projects describe $PROJECT '--format=value(billingAccountName)' | sed 's/.*\///')
export ORGANIZATION=$(gcloud projects get-ancestors $PROJECT --format='get(id)' | tail -1)

clone repo 

setup CSR mirror

root_@cloudshell:~/traffic (traffic-agz)$ git config --global credential.'https://source.developers.google.com'.helper gcloud.sh
root_@cloudshell:~/traffic (traffic-agz)$ gcloud source repos create magellan
API [sourcerepo.googleapis.com] not enabled on project [783080225319]. Would you like to enable and retry (this will take a few minutes)? (y/N)?  y

Enabling service [sourcerepo.googleapis.com] on project [783080225319]...
Operation "operations/acat.p2-783080225319-a5cd4ed4-0400-4350-bcf6-2e7c709f4ece" finished successfully.
ERROR: (gcloud.source.repos.create) ResponseError: status=[PERMISSION_DENIED], code=[403], message=[User [root@alternate.gcp.zone] does not have permission to access projects instance [traffic-agz] (or it may not exist): This API method requires billing to be enabled. Please enable billing on project #783080225319 by visiting https://console.developers.google.com/billing/enable?project=783080225319 then retry. If you enabled billing for this project recently, wait a few minutes for the action to propagate to our systems and retry.].

Forgot to setup Billing Administrator - fix billing and reenter - verify billing not set
root_@cloudshell:~/traffic (traffic-agz)$ echo $BILLING

now recheck billing on the project
root_@cloudshell:~/traffic (traffic-agz)$ export BILLING=$(gcloud alpha billing projects describe $PROJECT '--format=value(billingAccountName)' | sed 's/.*\///')
root_@cloudshell:~/traffic (traffic-agz)$ echo $BILLING
011B..169E

rerun csr creation
root_@cloudshell:~/traffic (traffic-agz)$ gcloud source repos create magellan
Created [magellan].
WARNING: You may be billed for this repository. See https://cloud.google.com/source-repositories/docs/pricing for details.

Forgot to enter upstream repo via https://cloud.google.com/source-repositories/docs/adding-repositories-as-remotes

root_@cloudshell:~/traffic (traffic-agz)$ rm -rf magellan/
root_@cloudshell:~/traffic (traffic-agz)$ ls
root_@cloudshell:~/traffic (traffic-agz)$ git clone https://github.com/obrienlabs/magellan.git
Cloning into 'magellan'...
remote: Enumerating objects: 375, done.
remote: Counting objects: 100% (300/300), done.
remote: Compressing objects: 100% (150/150), done.
remote: Total 375 (delta 121), reused 251 (delta 77), pack-reused 75
Receiving objects: 100% (375/375), 54.47 KiB | 3.63 MiB/s, done.
Resolving deltas: 100% (133/133), done.
root_@cloudshell:~/traffic (traffic-agz)$ cd magellan
root_@cloudshell:~/traffic/magellan (traffic-agz)$ git config --global credential.'https://source.developers.google.com'.helper gcloud.sh
root_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud source repos create magellan
Created [magellan].
WARNING: You may be billed for this repository. See https://cloud.google.com/source-repositories/docs/pricing for details.
root_@cloudshell:~/traffic/magellan (traffic-agz)$ git remote add google https://source.developers.google.com/p/traffic-agz/r/magellan
root_@cloudshell:~/traffic/magellan (traffic-agz)$ git push google master
Enumerating objects: 375, done.
Counting objects: 100% (375/375), done.
Delta compression using up to 4 threads
Compressing objects: 100% (151/151), done.
Writing objects: 100% (375/375), 54.48 KiB | 54.48 MiB/s, done.
Total 375 (delta 133), reused 375 (delta 133), pack-reused 0
remote: Resolving deltas: 100% (133/133)
To https://source.developers.google.com/p/traffic-agz/r/magellan
 * [new branch]      master -> master
root_@cloudshell:~/traffic/magellan (traffic-agz)$ git status
On branch master
Your branch is up to date with 'origin/master'.

nothing to commit, working tree clean

enable services

root_@cloudshell:~ (traffic-agz)$ gcloud services list --enabled --project traffic-agz | grep NAME                                                                                                     
NAME: bigquery.googleapis.com
NAME: bigquerymigration.googleapis.com
NAME: bigquerystorage.googleapis.com
NAME: cloudapis.googleapis.com
NAME: clouddebugger.googleapis.com
NAME: cloudtrace.googleapis.com
NAME: datastore.googleapis.com
NAME: logging.googleapis.com
NAME: monitoring.googleapis.com
NAME: servicemanagement.googleapis.com
NAME: serviceusage.googleapis.com
NAME: sourcerepo.googleapis.com
NAME: sql-component.googleapis.com
NAME: storage-api.googleapis.com
NAME: storage-component.googleapis.com
NAME: storage.googleapis.com

root_@cloudshell:~ (traffic-agz)$ gcloud services enable compute.googleapis.com
Operation "operations/acf.p2-783080225319-8340daf4-b2f1-4df4-98c2-77e971a505e0" finished successfully.

git config

root_@cloudshell:~ (traffic-agz)$ git config --global user.email "mich...abs.org"
root_@cloudshell:~ (traffic-agz)$ git config --global user.name "Mic..en"

Create repository

https://cloud.google.com/sdk/gcloud/reference/artifacts/repositories/create

enable service
 gcloud services enable artifactregistry.googleapis.com

root_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud artifacts repositories create magellan --location=northamerica-northeast1 --repository-format=docker
Create request issued for: [magellan]
Waiting for operation [projects/traffic-agz/locations/northamerica-northeast1/operations/996356e2-d3ea-488e-886f-d156828b5e8c] to complete...done.   
Created repository [magellan].

Create cloud build trigger

enable service
gcloud services enable cloudbuild.googleapis.com

verify role set
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/cloudbuild.builds.editor

Use the default cloud build service account

root_@cloudshell:~/traffic/magellan (traffic-agz)$ vi cloudbuild.yaml
root_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud beta builds triggers create cloud-source-repositories --repo=magellan --branch-pattern=master  --build-config=cloudbuild.yaml 
Created [https://cloudbuild.googleapis.com/v1/projects/traffic-agz/locations/global/triggers/aef1d124-9943-44cf-90f5-513f398cdbf8].
NAME: trigger
CREATE_TIME: 2022-09-07T02:11:54+00:00
STATUS:


root_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud auth configure-docker \
    northamerica-northeast1-docker.pkg.dev
WARNING: Your config file at [/home/root_/.docker/config.json] contains these credential helper entries:

{
  "credHelpers": {
    "gcr.io": "gcloud",
    "us.gcr.io": "gcloud",
    "eu.gcr.io": "gcloud",
    "asia.gcr.io": "gcloud",
    "staging-k8s.gcr.io": "gcloud",
    "marketplace.gcr.io": "gcloud"
  }
}
Adding credentials for: northamerica-northeast1-docker.pkg.dev
After update, the following will be written to your Docker config file located at [/home/root_/.docker/config.json]:
 {
  "credHelpers": {
    "gcr.io": "gcloud",
    "us.gcr.io": "gcloud",
    "eu.gcr.io": "gcloud",
    "asia.gcr.io": "gcloud",
    "staging-k8s.gcr.io": "gcloud",
    "marketplace.gcr.io": "gcloud",
    "northamerica-northeast1-docker.pkg.dev": "gcloud"
  }
}

Do you want to continue (Y/n)?  y

Dockerfile

root_@cloudshell:~/traffic/magellan (traffic-agz)$ cat Dockerfile
FROM openjdk:11
ARG USERVICE_HOME=/opt/app/
ARG JARFILE=magellan-nbi/target/magellan-nbi-0.0.3-SNAPSHOT.jar
# Build up the deployment folder structure
RUN mkdir -p $USERVICE_HOME
ADD magellan-nbi/target/magellan-nbi-*.jar $USERVICE_HOME/ROOT.jar
EXPOSE 8080
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/opt/app/ROOT.jar"]

cloudbuild.yaml

root_@cloudshell:~/traffic/magellan (traffic-agz)$ cat cloudbuild.yaml
# [START cloudbuild_maven]
steps:
#  - name: maven:3-jdk-11
#    entrypoint: mvn
#    args: ["test"]
  - name: maven:3-jdk-11
    entrypoint: mvn
    args: ["package", "-Dmaven.test.skip=true -DskipTests=true"]
  - name: gcr.io/cloud-builders/docker
  ## gcr.io/
    args: ["build", "-t", "northamerica-northeast1-docker.pkg.dev/$PROJECT_ID/magellan/magellan", "--build-arg=JAR_FILE=magellan-nbi/target/magellan-nbi-0.0.3-SNAPSHOT.jar", "."]
    #args: ['build', '-t', 'LOCATION-docker.pkg.dev/$PROJECT_ID/traffic-generation/magellan-nbi', '.' ]
images:
 # ["gcr.io/$PROJECT_ID/magellan-nbi:latest"]
  ["northamerica-northeast1-docker.pkg.dev/$PROJECT_ID/magellan/magellan:latest"]

Update CSR repo with local cloudbuild.yaml - invoke trigger

git add cloudbuild.yaml
git commit -m "#1 - revert to magellan/magellan"
git push google master

Create cloud run instance

get the manifest from https://console.cloud.google.com/artifacts/docker/traffic-agz/northamerica-northeast1/magellan/magellan/sha256:97f7d5a8b1038f467133052052b94327404ecd5bbbe2dc2d43e7e9627548cf60;tab=install?project=traffic-agz&supportedpurview=project

enable cloud run

gcloud services enable run.googleapis.com

oot_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud beta run deploy magellan-target --image=northamerica-northeast1-docker.pkg.dev/traffic-agz/magellan/magellan@sha256:97f7d5a8b1038f467133052052b94327404ecd5bbbe2dc2d43e7e9627548cf60 --allow-unauthenticated --service-account=783080225319-compute@developer.gserviceaccount.com --timeout=30 --cpu=1 --memory=2Gi --execution-environment=gen2 --region=northamerica-northeast1 --project=traffic-agz
Deploying container to Cloud Run service [magellan-target] in project [traffic-agz] region [northamerica-northeast1]
/  Deploying new service... Initializing project for the current region.
  /  Creating Revision...
  .  Routing traffic...
  OK Setting IAM Policy...
API [run.googleapis.com] not enabled on project [783080225319]. Would you like to enable and retry (this will take a few minutes)? (y/N)?

-  Deploying new service... Deploying Revision. Waiting on revision magellan-target-00001-bip.
  -  Creating Revision... Deploying Revision.

Check service

https://magellan-target-a....anq-nn.a.run.app/nbi/swagger-ui.html

https://magellan-target-as..nq-nn.a.run.app/nbi/swagger-ui.html#/application-service-controller/getHealthUsingGET_1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@obriensystems obriensystems

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@obriensystems