GCPでコンテナをデプロイする、一歩手前の話

Transcript

1. GCPでコンテナをデプロイす る、一歩手前の話 #gcpug #okinawa #6 #LT @sakajunquality

2. - Google Developers Experts (最近) - Software Engineer, SRE @

   Ubie株式会社 (最近) - 初沖縄！ - 最近やってること #docker #kubernetes - 好きなこと #coffee #beer - 好きなGCPサービス #BigQuery #GKE #Cloud Build @sakajunquality

3. Next’18 SF

4. Next’18 Tokyo @sakajunquality https://www.youtube.com/watch?v=sz9mnwMCHIU

5. 番宣: 11/1 GKEハンズオンやります https://gcpug-bt.connpass.com/event/104533/

6. Today’s Topic

7. Today’s Topic - Steps to Deploy Container - Google Container

   Registry - Google Cloud Build

8. - GCP 123 - Container ABC - Docker hoge hoge

   - Kubernetes foo bar Not Today’s Topic

9. Steps to Deploy Container

10. Steps to Deploy Container Application Source Code Container Image Container

    Running Environment

11. Steps to Deploy Container Application Source Code Container Image Container

    Running Environment Today’s topic

12. Steps to Deploy Container in GCP Application Source Code Container

    Image Container Running Environment Cloud Source Repositories Github Container Registry Compute Engine App Engine Kubernetes Engine

13. Steps to Deploy Container in GCP Application Source Code Container

    Image Container Running Environment Cloud Source Repositories Github Container Registry Compute Engine App Engine Kubernetes Engine

14. Steps to Deploy Container in GCP Application Source Code Container

    Image Container Running Environment Cloud Source Repositories Github Container Registry Compute Engine App Engine Kubernetes Engine Cloud Build

15. Steps to Deploy Container in GCP Application Source Code Container

    Image Container Running Environment Cloud Source Repositories Github Container Registry Compute Engine App Engine Kubernetes Engine Cloud Build

16. Steps to Deploy Container in GCP Application Source Code Container

    Image Container Running Environment Cloud Source Repositories Github Container Registry Compute Engine App Engine Kubernetes Engine Cloud Build Cloud Build

17. Google Container Registry

18. Google Container Registry (GCR) - Private Container Registry - https://cloud.google.com/container-registry/

    - Native Docker Support - Vulnerabilities Analysis

19. Google Container Registry (GCR) - Private Container Registry - https://cloud.google.com/container-registry/

    - Native Docker Support - Vulnerabilities Analysis beta (Next’18 Tokyo)

20. Vulnerabilities Analysis: Config 1 gcloud services enable containeranalysis.googleapis.com

21. Vulnerabilities Analysis: Config 2

22. Vulnerabilities Analysis: Example みんな大好きglibc...

23. Vulnerabilities Analysis: Integration - Analysis events are published to Cloud

    Pub/Sub Topic - container-analysis-occurrences-v1beta1 - Usage example - Slack Notification - JIRA ticket - etc.

24. GCR for Multi Project - Common Private Repository for Multiple

    Clusters GCR (Project A) Dev GKE (Project B) Prod GKE (Project C)

25. GCR for Multi Project - Push Application Container to GCR

    GCR (Project A) Dev GKE (Project B) Prod GKE (Project C) my-app:v1

26. GCR for Multi Project - Use the image in Dev

    Cluster GCR (Project A) Dev GKE (Project B) Prod GKE (Project C) my-app:v1 my-app:v1

27. GCR for Multi Project - Use the same image in

    Prod GCR (Project A) Dev GKE (Project B) Prod GKE (Project C) my-app:v1 my-app:v1 my-app:v1

28. GCR for Multi Project - Allow roles/storage.objectViewer to Compute SA

    of each project GCR (Project A) Dev GKE (Project B) Prod GKE (Project C)

29. GCR for Multi Project

30. Google Cloud Build

31. Google Cloud Build - Full-managed CI - https://cloud.google.com/cloud-build/ - Formanly

    Container Builder in GCR - Configuration - Dockerfile - cloudbuild.yaml

32. Configuration: cloudbuild.yaml Building Docker Image and Push to GCR //

    cloudbuild.yaml steps: # build - name: 'gcr.io/cloud-builders/docker' args: [ 'build', '-t', 'gcr.io/$PROJECT_ID/my-app:$REVISION_ID', '.' ] # push images: ["push", "gcr.io/$PROJECT_ID/my-app:$REVISION_ID"]

33. Configuration: Adding Test Building Docker Image and Push to GCR

    // cloudbuild.yaml steps: # build - name: 'gcr.io/cloud-builders/docker' args: [ 'build', '-t', 'gcr.io/$PROJECT_ID/my-nginx:$REVISION_ID', '.' ] # test - name: 'gcr.io/cloud-builders/docker' args: [ 'run', '--rm', 'gcr.io/$PROJECT_ID/my-nginx:$REVISION_ID', 'nginx', '-t' ] # push images: ["push", "gcr.io/$PROJECT_ID/my-nginx:$REVISION_ID"]

34. Build Images - https://github.com/GoogleCloudPlatform/cloud-builders - Images Provided by Google -

    e.g. - gcr.io/cloud-builders/docker - gcr.io/cloud-builders/bash - gcr.io/cloud-builders/gcloud

35. Images for Deployment - gcr.io/cloud-builders/kubectl

36. - Community Images - Build on you own - Kubernetes

    Tools like kustomize, helm etc. - e.g. - gcr.io/my-cool-project/kustomize - https://github.com/GoogleCloudPlatform/cloud-builders-community Community Image

37. Start Build - Create Triggered by Git tag or branch

    - Manually Submit Submit

38. Start Build: Trigger by Git tag or branch

39. Manually Submit Build gcloud builds submit --config cloudbuild.yaml --project my-supper-project

    .

40. Notification / Integration - Build steps events are published to

    Cloud Pub/Sub Topic - cloud-builds - e.g. Slack Notification via Cloud Functions

41. Conclusion

42. Conclusion - GCRとCloudBuildの組み合わせよい！

43. Thank you