GCPでコンテナをデプロイする、一歩手前の話

Slide 1

Slide 1 text

GCPでコンテナをデプロイする、一歩手前の話 #gcpug #okinawa #6 #LT @sakajunquality

Slide 2

Slide 2 text

- Google Developers Experts (最近) - Software Engineer, SRE @ Ubie株式会社 (最近) - 初沖縄！ - 最近やってること #docker #kubernetes - 好きなこと #coffee #beer - 好きなGCPサービス #BigQuery #GKE #Cloud Build @sakajunquality

Slide 3

Slide 3 text

Next’18 SF

Slide 4

Slide 4 text

Next’18 Tokyo @sakajunquality https://www.youtube.com/watch?v=sz9mnwMCHIU

Slide 5

Slide 5 text

番宣: 11/1 GKEハンズオンやります https://gcpug-bt.connpass.com/event/104533/

Slide 6

Slide 6 text

Today’s Topic

Slide 7

Slide 7 text

Today’s Topic - Steps to Deploy Container - Google Container Registry - Google Cloud Build

Slide 8

Slide 8 text

- GCP 123 - Container ABC - Docker hoge hoge - Kubernetes foo bar Not Today’s Topic

Slide 9

Slide 9 text

Steps to Deploy Container

Slide 10

Slide 10 text

Steps to Deploy Container Application Source Code Container Image Container Running Environment

Slide 11

Slide 11 text

Steps to Deploy Container Application Source Code Container Image Container Running Environment Today’s topic

Slide 12

Slide 12 text

Steps to Deploy Container in GCP Application Source Code Container Image Container Running Environment Cloud Source Repositories Github Container Registry Compute Engine App Engine Kubernetes Engine

Slide 13

Slide 13 text

Steps to Deploy Container in GCP Application Source Code Container Image Container Running Environment Cloud Source Repositories Github Container Registry Compute Engine App Engine Kubernetes Engine

Slide 14

Slide 14 text

Steps to Deploy Container in GCP Application Source Code Container Image Container Running Environment Cloud Source Repositories Github Container Registry Compute Engine App Engine Kubernetes Engine Cloud Build

Slide 15

Slide 15 text

Slide 16

Slide 16 text

Slide 17

Slide 17 text

Google Container Registry

Slide 18

Slide 18 text

Google Container Registry (GCR) - Private Container Registry - https://cloud.google.com/container-registry/ - Native Docker Support - Vulnerabilities Analysis

Slide 19

Slide 19 text

Google Container Registry (GCR) - Private Container Registry - https://cloud.google.com/container-registry/ - Native Docker Support - Vulnerabilities Analysis beta (Next’18 Tokyo)

Slide 20

Slide 20 text

Vulnerabilities Analysis: Config 1 gcloud services enable containeranalysis.googleapis.com

Slide 21

Slide 21 text

Vulnerabilities Analysis: Config 2

Slide 22

Slide 22 text

Vulnerabilities Analysis: Example みんな大好きglibc...

Slide 23

Slide 23 text

Vulnerabilities Analysis: Integration - Analysis events are published to Cloud Pub/Sub Topic - container-analysis-occurrences-v1beta1 - Usage example - Slack Notification - JIRA ticket - etc.

Slide 24

Slide 24 text

GCR for Multi Project - Common Private Repository for Multiple Clusters GCR (Project A) Dev GKE (Project B) Prod GKE (Project C)

Slide 25

Slide 25 text

GCR for Multi Project - Push Application Container to GCR GCR (Project A) Dev GKE (Project B) Prod GKE (Project C) my-app:v1

Slide 26

Slide 26 text

GCR for Multi Project - Use the image in Dev Cluster GCR (Project A) Dev GKE (Project B) Prod GKE (Project C) my-app:v1 my-app:v1

Slide 27

Slide 27 text

GCR for Multi Project - Use the same image in Prod GCR (Project A) Dev GKE (Project B) Prod GKE (Project C) my-app:v1 my-app:v1 my-app:v1

Slide 28

Slide 28 text

GCR for Multi Project - Allow roles/storage.objectViewer to Compute SA of each project GCR (Project A) Dev GKE (Project B) Prod GKE (Project C)

Slide 29

Slide 29 text

GCR for Multi Project

Slide 30

Slide 30 text

Google Cloud Build

Slide 31

Slide 31 text

Google Cloud Build - Full-managed CI - https://cloud.google.com/cloud-build/ - Formanly Container Builder in GCR - Configuration - Dockerfile - cloudbuild.yaml

Slide 32

Slide 32 text

Configuration: cloudbuild.yaml Building Docker Image and Push to GCR // cloudbuild.yaml steps: # build - name: 'gcr.io/cloud-builders/docker' args: [ 'build', '-t', 'gcr.io/$PROJECT_ID/my-app:$REVISION_ID', '.' ] # push images: ["push", "gcr.io/$PROJECT_ID/my-app:$REVISION_ID"]

Slide 33

Slide 33 text

Configuration: Adding Test Building Docker Image and Push to GCR // cloudbuild.yaml steps: # build - name: 'gcr.io/cloud-builders/docker' args: [ 'build', '-t', 'gcr.io/$PROJECT_ID/my-nginx:$REVISION_ID', '.' ] # test - name: 'gcr.io/cloud-builders/docker' args: [ 'run', '--rm', 'gcr.io/$PROJECT_ID/my-nginx:$REVISION_ID', 'nginx', '-t' ] # push images: ["push", "gcr.io/$PROJECT_ID/my-nginx:$REVISION_ID"]

Slide 34

Slide 34 text

Build Images - https://github.com/GoogleCloudPlatform/cloud-builders - Images Provided by Google - e.g. - gcr.io/cloud-builders/docker - gcr.io/cloud-builders/bash - gcr.io/cloud-builders/gcloud

Slide 35

Slide 35 text

Images for Deployment - gcr.io/cloud-builders/kubectl

Slide 36

Slide 36 text

- Community Images - Build on you own - Kubernetes Tools like kustomize, helm etc. - e.g. - gcr.io/my-cool-project/kustomize - https://github.com/GoogleCloudPlatform/cloud-builders-community Community Image

Slide 37

Slide 37 text

Start Build - Create Triggered by Git tag or branch - Manually Submit Submit

Slide 38

Slide 38 text

Start Build: Trigger by Git tag or branch

Slide 39

Slide 39 text

Manually Submit Build gcloud builds submit --config cloudbuild.yaml --project my-supper-project .

Slide 40

Slide 40 text

Notification / Integration - Build steps events are published to Cloud Pub/Sub Topic - cloud-builds - e.g. Slack Notification via Cloud Functions