shakr - container ci/cd with google cloud platform
TRANSCRIPT
GitHub
DEVELOPMENT
Travis CI
CONTINUOUS INTEGRATION
Container Registry
IMAGE REGISTRY
Compute Engine & Container Engine
INFRASTRUCTURE
.travis.yml
sudo: required
services: - docker
before_script: - docker build -t videobox:$TRAVIS_BUILD_NUMBER . - docker images
script: - docker run videobox:$TRAVIS_BUILD_NUMBER bundle exec rubocop - docker run videobox:$TRAVIS_BUILD_NUMBER bundle exec rspec - openssl aes-256-cbc -K $encrypt_key -iv $encrypt_iv -in service_account.json.enc \ -out service_account.json -d - docker login -e [email protected] -u _json_key -p "$(cat service_account.json)" https://us.gcr.io - docker tag videobox:$TRAVIS_BUILD_NUMBER gcr.io/shakr/videobox:$TRAVIS_BUILD_NUMBER - docker push gcr.io/shakr/videobox:$TRAVIS_BUILD_NUMBER
notifications: slack: "..."
Docker
sudo: required
services: - docker
https://docs.travis-ci.com/user/docker
script: - docker run videobox:$TRAVIS_BUILD_NUMBER bundle exec rubocop - docker run videobox:$TRAVIS_BUILD_NUMBER bundle exec rspec
Container Registry
- docker login -e [email protected] -u _json_key \ -p "$(cat service_account.json)" \ https://us.gcr.io
- docker tag videobox:$TRAVIS_BUILD_NUMBER \ gcr.io/shakr/videobox:$TRAVIS_BUILD_NUMBER
- docker push gcr.io/shakr/videobox:$TRAVIS_BUILD_NUMBER
https://cloud.google.com/container-registry/docs/advanced-authentication
gcloud CLI
$ gcloud docker pull gcr.io/google_appengine/nodejs
Using 'pull gcr.io/google_appengine/nodejs' for DOCKER_ARGS.
Using default tag: latest
latest: Pulling from google_appengine/nodejs
a3ed95caeb02: Pull complete
..
Digest: sha256:a7fcfb84b..
Status: Downloaded newer image for gcr.io/google_appengine/nodejs:latest
gcloud CLI
$ docker login -e [email protected] -u _json_key \ -p "$(cat service_account.json)" \ https://us.gcr.io
$ docker pull gcr.io/my_gcp_project/private_image:latest
https://cloud.google.com/container-registry/docs/advanced-authentication
Google Container Engine
Container Scheduling Auto-healing Service Discovery
Config Management
Load Balancing
pod.yaml
apiVersion: v1 kind: Pod metadata: name: Videobox labels: name: videobox spec: containers: - name: videobox image: gcr.io/shakr/videobox:xxx imagePullPolicy: IfNotPresent env: - name: RACK_ENV value: production restartPolicy: Always dnsPolicy: default
rc.yaml
apiVersion: v1 kind: ReplicationController metadata: name: videobox spec: replicas: 3 selector: app: videobox template: metadata: name: videobox labels: app: videobox spec: # Pod spec here...
PodsNodes
Replication Controllers
Persistent Volumes
Stateful Sets (Pet Set)
Cron JobsSecrets
Services
Volumes
Replica Sets
PodsNodes
Replication Controllers
Persistent Volumes
Stateful Sets (Pet Set)
Cron JobsSecrets
Services
Volumes
Replica Sets
Podgcr.io/shakr/videobox:1
Podgcr.io/shakr/videobox:1
Podgcr.io/shakr/videobox:1
ReplicationControllervideobox replicas=3
replica scale-up/
scale-down
k8s worker
worker
Podgcr.io/shakr/videobox:1
Podgcr.io/shakr/videobox:1
Podgcr.io/shakr/videobox:1
ReplicationControllervideobox replicas=3
Podgcr.io/shakr/vault:1
ReplicationControllervault replicas=1
gcloud CLI
$ gcloud compute instances create gci-instance-test \
--image-project google-containers \
--image-family gci-stable \
--zone asia-northeast1-a \
--machine-type n1-standard-1
cloud-init
$ gcloud compute instances create gci-instance-test \
--image-project google-containers \
--image-family gci-stable \
--zone asia-northeast1-a \
--machine-type n1-standard-1 \
--metadata-from-file user-data=cloud-init.yml
cloud-init.yml#cloud-config
users: - name: myservice uid: 2000
write_files: - path: /etc/systemd/system/myservice.service permissions: 0644 owner: root content: | [Unit] Description=Start a simple docker container
[Service] ExecStartPre=/usr/share/google/dockercfg_update.sh ExecStart=/usr/bin/docker run --rm -u 2000 --net=host --name=myservice -e RACK_ENV=production -p 80:80 \ gcr.io/project/myservice:latest ExecStop=/usr/bin/docker stop myservice ExecStopPost=/usr/bin/docker rm myservice
runcmd: - systemctl daemon-reload - systemctl enable myservice.service - systemctl start myservice.service
GitHub
DEVELOPMENT
Travis CI
CONTINUOUS INTEGRATION
Container Registry
IMAGE REGISTRY
Compute Engine & Container Engine
INFRASTRUCTURE