CircleCi - 使用云部署到 GKE 运行
CircleCi - Deploy to GKE using cloud run
我正在尝试使用 circleci 将示例应用程序部署到使用 google cloudrun 的 gke。我在 google 云中创建了一个集群,想构建一个镜像并将其部署到容器中。如果我手动操作,它会完美运行。但是我想建立一个自动化的 CI/CD 管道,因此使用 CircleCI 来完成它。
暂时跳过测试和代码覆盖部分,我想为 gke 部署构建一个管道
这是 circleci 的 config.yaml 文件。我正在尝试使用已经可用的认证球体,因为从头开始创建一个球体需要更长的时间
version: 2.1
orbs:
gcp-gcr: circleci/gcp-gcr@0.6.1
cloudrun: circleci/gcp-cloud-run@1.0.2
executors:
node-executor:
docker:
- image: node:12.8.1-stretch
gcloud-executor:
docker:
- image: google/cloud-sdk
machine-executor:
machine: true
jobs:
build:
description: initial build
executor: machine-executor
steps:
- checkout
build_push_image_cloud_run_mangaged:
executor: node-executor
steps:
- checkout
- setup_remote_docker:
docker_layer_caching: false
- run:
name: Prepare env vars
command: |
echo 'export PATH=~$PATH:~/.local/bin' >> $BASH_ENV
echo 'export GOOGLE_PROJECT_ID=$GCLOUD_PROJECT' >> $BASH_ENV
echo 'export GOOGLE_COMPUTE_ZONE=us-east1-b' >> BASH_ENV
echo ${GCP_PROJECT_KEY} > ${HOME}/gcloud-service-key.json
echo 'export GOOGLE_CLOUD_KEYS=$(cat $HOME/gcloud-service-key.json)' >> $BASH_ENV
echo 'export TAG=${CIRCLE_SHA1}' >> $BASH_ENV
echo 'export IMAGE_NAME=$CIRCLE_PROJECT_REPONAME' >> $BASH_ENV && source $BASH_ENV
- gcp-gcr/gcr-auth:
gcloud-service-key: GOOGLE_CLOUD_KEYS # this is throwing error
google-project-id: GOOGLE_PROJECT_ID
google-compute-zone: GOOGLE_COMPUTE_ZONE
- gcp-gcr/build-image:
dockerfile: Dockerfile
google-project-id: GOOGLE_PROJECT_ID
image: $IMAGE_NAME
registry-url: "gcr.io"
tag: $CIRCLE_SHA1
- gcp-gcr/push-image:
google-project-id: GOOGLE_PROJECT_ID
image: $IMAGE_NAME
registry-url: "gcr.io"
tag: $CIRCLE_SHA1
- cloudrun/init:
gcloud-service-key: GCLOUD_SERVICE_KEY
google-project-id: GOOGLE_PROJECT_ID
google-compute-zone: GOOGLE_COMPUTE_ZONE
- cloudrun/deploy:
cluster: "new-cluster"
cluster-location: "us-east1-b"
platform: "gke"
image: "gcr.io/$GOOGLE_PROJECT_ID/$IMAGE_NAME"
service-name: "orb-gcp-cloud-run"
workflows:
build_gcloud_deploy:
jobs:
- build
- build_push_image_cloud_run_mangaged:
requires:
- build
我在项目设置中使用 GCLOUD_SERVICE_KEY 和 GCP_PROJECT_KEY 设置了环境变量,它们都具有我的服务帐户 json 文件的编码版本。我还分别设置了 GOOGLE_PROJECT_ID & GOOGLE_COMPUTE_ZONE 环境值。
现在,当我触发构建以进行检查时(配置 webhook 以执行成功的签入 - 稍后将修改以成功合并),它总是在步骤中出错:初始化 gcloud
#!/bin/bash -eo pipefail
# Store service account
echo $GOOGLE_CLOUD_KEYS > ${HOME}/gcloud-service-key.json
# Initialize gcloud CLI
gcloud auth activate-service-account --key-file=${HOME}/gcloud-service-key.json
gcloud --quiet config set project $GOOGLE_PROJECT_ID
gcloud --quiet config set compute/zone $GOOGLE_COMPUTE_ZONE
ERROR: (gcloud.auth.activate-service-account) Could not read json file /root/gcloud-service-key.json: No JSON object could be decoded
Exited with code exit status 1
CircleCI received exit code 1
我尝试使用我在 circleci 步骤中的 gcloud-service-key.json 变量中设置的 GOOGLE_CLOUD_KEYS env var,但这也会导致相同的错误。我还尝试指定一个 env 变量,该变量具有 json 文件的实际值(未解码),但这也会导致相同的错误。如您所见,我使用了 orb: gcp-gcr: circleci/gcp-gcr@0.6.1 。你能告诉我错误的原因以及如何纠正吗?
编辑:
正如 Ahmet 正确指出的那样,问题在于文件不包含任何数据。我进行了更改,以便为项目创建一个环境变量 GCLOUD_SERVICE_KEY 并直接访问它而无需编码(这不是推荐的方法,因为最好对其进行编码然后存储密钥)。
正如@AhmetB-Google 所指出的,问题在于服务密钥没有正确加载到 tne 环境变量中。所以我做了这样的改变。始终建议对其进行编码并将其添加到环境变量中。
所以在项目设置中我有一个名为 -GCLOUD_SERVICE_KEY 的键,这是我的 circleci 配置
version: 2.1
orbs:
gcp-gcr: circleci/gcp-gcr@0.6.1
cloudrun: circleci/gcp-cloud-run@1.0.1
gcp-gke: circleci/gcp-gke@0.2.0
executors:
gcloud-executor:
docker:
- image: google/cloud-sdk
machine-executor:
machine: true
jobs:
build:
description: initial build - Can make use of test coverage and tests
executor: machine-executor
steps:
- checkout
- run:
name: Test the source
command: |
echo "test"
- run:
name: Coverage report
command: |
echo "npm coverage"
build_push_image_gcr:
description: Build docker image and push to gcr registry
executor: machine-executor
steps:
- checkout
- run:
name: Prepare env vars
command: |
echo $GCLOUD_SERVICE_KEY > base64 --decode --ignore-garbage > ${HOME}/gcloud-service-key.json
echo $GCP_PROJECT_KEY > ./gcloud-service-key.json
cat ./gcloud-service-key.json
cat ${HOME}/gcloud-service-key.json
export $GCP_SERVICE_KEY=cat(${HOME}/gcloud-service-key.json)
pwd
- gcp-gcr/gcr-auth:
gcloud-service-key: GCLOUD_SERVICE_KEY
google-project-id: GOOGLE_PROJECT_ID
google-compute-zone: GOOGLE_COMPUTE_ZONE
- gcp-gcr/build-image:
dockerfile: Dockerfile
google-project-id: GOOGLE_PROJECT_ID
image: $IMAGE_NAME
registry-url: "gcr.io"
tag: $CIRCLE_SHA1
- gcp-gcr/push-image:
google-project-id: GOOGLE_PROJECT_ID
image: $IMAGE_NAME
registry-url: "gcr.io"
tag: $CIRCLE_SHA1
gcp_cloudrun_deploy:
description: Deploy using cloud run
executor: machine-executor
steps:
- cloudrun/init
- cloudrun/deploy:
cluster: 'new-cluster'
cluster-location: us-east1-b
platform: 'gke'
image: 'gcr.io/$GOOGLE_PROJECT_ID/$IMAGE_NAME:$CIRCLE_SHA1'
service-name: 'feedback-ui-service'
workflows:
build_gcloud_deploy:
jobs:
- build
- build_push_image_gcr:
requires:
- build
- gcp_cloudrun_deploy:
requires:
- build_push_image_gcr
我正在尝试使用 circleci 将示例应用程序部署到使用 google cloudrun 的 gke。我在 google 云中创建了一个集群,想构建一个镜像并将其部署到容器中。如果我手动操作,它会完美运行。但是我想建立一个自动化的 CI/CD 管道,因此使用 CircleCI 来完成它。
暂时跳过测试和代码覆盖部分,我想为 gke 部署构建一个管道
这是 circleci 的 config.yaml 文件。我正在尝试使用已经可用的认证球体,因为从头开始创建一个球体需要更长的时间
version: 2.1
orbs:
gcp-gcr: circleci/gcp-gcr@0.6.1
cloudrun: circleci/gcp-cloud-run@1.0.2
executors:
node-executor:
docker:
- image: node:12.8.1-stretch
gcloud-executor:
docker:
- image: google/cloud-sdk
machine-executor:
machine: true
jobs:
build:
description: initial build
executor: machine-executor
steps:
- checkout
build_push_image_cloud_run_mangaged:
executor: node-executor
steps:
- checkout
- setup_remote_docker:
docker_layer_caching: false
- run:
name: Prepare env vars
command: |
echo 'export PATH=~$PATH:~/.local/bin' >> $BASH_ENV
echo 'export GOOGLE_PROJECT_ID=$GCLOUD_PROJECT' >> $BASH_ENV
echo 'export GOOGLE_COMPUTE_ZONE=us-east1-b' >> BASH_ENV
echo ${GCP_PROJECT_KEY} > ${HOME}/gcloud-service-key.json
echo 'export GOOGLE_CLOUD_KEYS=$(cat $HOME/gcloud-service-key.json)' >> $BASH_ENV
echo 'export TAG=${CIRCLE_SHA1}' >> $BASH_ENV
echo 'export IMAGE_NAME=$CIRCLE_PROJECT_REPONAME' >> $BASH_ENV && source $BASH_ENV
- gcp-gcr/gcr-auth:
gcloud-service-key: GOOGLE_CLOUD_KEYS # this is throwing error
google-project-id: GOOGLE_PROJECT_ID
google-compute-zone: GOOGLE_COMPUTE_ZONE
- gcp-gcr/build-image:
dockerfile: Dockerfile
google-project-id: GOOGLE_PROJECT_ID
image: $IMAGE_NAME
registry-url: "gcr.io"
tag: $CIRCLE_SHA1
- gcp-gcr/push-image:
google-project-id: GOOGLE_PROJECT_ID
image: $IMAGE_NAME
registry-url: "gcr.io"
tag: $CIRCLE_SHA1
- cloudrun/init:
gcloud-service-key: GCLOUD_SERVICE_KEY
google-project-id: GOOGLE_PROJECT_ID
google-compute-zone: GOOGLE_COMPUTE_ZONE
- cloudrun/deploy:
cluster: "new-cluster"
cluster-location: "us-east1-b"
platform: "gke"
image: "gcr.io/$GOOGLE_PROJECT_ID/$IMAGE_NAME"
service-name: "orb-gcp-cloud-run"
workflows:
build_gcloud_deploy:
jobs:
- build
- build_push_image_cloud_run_mangaged:
requires:
- build
我在项目设置中使用 GCLOUD_SERVICE_KEY 和 GCP_PROJECT_KEY 设置了环境变量,它们都具有我的服务帐户 json 文件的编码版本。我还分别设置了 GOOGLE_PROJECT_ID & GOOGLE_COMPUTE_ZONE 环境值。 现在,当我触发构建以进行检查时(配置 webhook 以执行成功的签入 - 稍后将修改以成功合并),它总是在步骤中出错:初始化 gcloud
#!/bin/bash -eo pipefail
# Store service account
echo $GOOGLE_CLOUD_KEYS > ${HOME}/gcloud-service-key.json
# Initialize gcloud CLI
gcloud auth activate-service-account --key-file=${HOME}/gcloud-service-key.json
gcloud --quiet config set project $GOOGLE_PROJECT_ID
gcloud --quiet config set compute/zone $GOOGLE_COMPUTE_ZONE
ERROR: (gcloud.auth.activate-service-account) Could not read json file /root/gcloud-service-key.json: No JSON object could be decoded
Exited with code exit status 1
CircleCI received exit code 1
我尝试使用我在 circleci 步骤中的 gcloud-service-key.json 变量中设置的 GOOGLE_CLOUD_KEYS env var,但这也会导致相同的错误。我还尝试指定一个 env 变量,该变量具有 json 文件的实际值(未解码),但这也会导致相同的错误。如您所见,我使用了 orb: gcp-gcr: circleci/gcp-gcr@0.6.1 。你能告诉我错误的原因以及如何纠正吗?
编辑:
正如 Ahmet 正确指出的那样,问题在于文件不包含任何数据。我进行了更改,以便为项目创建一个环境变量 GCLOUD_SERVICE_KEY 并直接访问它而无需编码(这不是推荐的方法,因为最好对其进行编码然后存储密钥)。
正如@AhmetB-Google 所指出的,问题在于服务密钥没有正确加载到 tne 环境变量中。所以我做了这样的改变。始终建议对其进行编码并将其添加到环境变量中。 所以在项目设置中我有一个名为 -GCLOUD_SERVICE_KEY 的键,这是我的 circleci 配置
version: 2.1
orbs:
gcp-gcr: circleci/gcp-gcr@0.6.1
cloudrun: circleci/gcp-cloud-run@1.0.1
gcp-gke: circleci/gcp-gke@0.2.0
executors:
gcloud-executor:
docker:
- image: google/cloud-sdk
machine-executor:
machine: true
jobs:
build:
description: initial build - Can make use of test coverage and tests
executor: machine-executor
steps:
- checkout
- run:
name: Test the source
command: |
echo "test"
- run:
name: Coverage report
command: |
echo "npm coverage"
build_push_image_gcr:
description: Build docker image and push to gcr registry
executor: machine-executor
steps:
- checkout
- run:
name: Prepare env vars
command: |
echo $GCLOUD_SERVICE_KEY > base64 --decode --ignore-garbage > ${HOME}/gcloud-service-key.json
echo $GCP_PROJECT_KEY > ./gcloud-service-key.json
cat ./gcloud-service-key.json
cat ${HOME}/gcloud-service-key.json
export $GCP_SERVICE_KEY=cat(${HOME}/gcloud-service-key.json)
pwd
- gcp-gcr/gcr-auth:
gcloud-service-key: GCLOUD_SERVICE_KEY
google-project-id: GOOGLE_PROJECT_ID
google-compute-zone: GOOGLE_COMPUTE_ZONE
- gcp-gcr/build-image:
dockerfile: Dockerfile
google-project-id: GOOGLE_PROJECT_ID
image: $IMAGE_NAME
registry-url: "gcr.io"
tag: $CIRCLE_SHA1
- gcp-gcr/push-image:
google-project-id: GOOGLE_PROJECT_ID
image: $IMAGE_NAME
registry-url: "gcr.io"
tag: $CIRCLE_SHA1
gcp_cloudrun_deploy:
description: Deploy using cloud run
executor: machine-executor
steps:
- cloudrun/init
- cloudrun/deploy:
cluster: 'new-cluster'
cluster-location: us-east1-b
platform: 'gke'
image: 'gcr.io/$GOOGLE_PROJECT_ID/$IMAGE_NAME:$CIRCLE_SHA1'
service-name: 'feedback-ui-service'
workflows:
build_gcloud_deploy:
jobs:
- build
- build_push_image_gcr:
requires:
- build
- gcp_cloudrun_deploy:
requires:
- build_push_image_gcr