To configure authentication with user credentials, run the following command:
Build this project
- Git clone the repository
- Install virtualenv
virtualenv -p python3 . - Install django requirements
pip install -r requirements.txt - Add the env variable
- For Production, we will use managed postgresql server so try to put the env variable separetely and add it to the kubernetes secrets using
kubectl create secret generic djang-k8s-web-prod-env --from-env-file=web/.env.prod - Make sure to include .env.prod file in .gitignore and .dockerignore
- We will use Google cloud source repository to build CI/CD pipeline using Cloud build.
- Make sure to have permissions for your service account ( read/write access to artifact repository) and create key to authenticate with docker login and kubernetes deploy using gcloud command.
gcloud auth activate-service-account SA-ID--key-file=KEY-FILEThis will create a config file in ~/.docker/config.json
gcloud auth configure-docker HOSTNAME-LISTEg. HOSTNAME-LIST https://{GCP-REGION}-docker.pkg.dev
VERSION=2.1.14
OS=linux # or "darwin" for OSX, "windows" for Windows.
ARCH=amd64 # or "386" for 32-bit OSs
curl -fsSL "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${VERSION}/docker-credential-gcr_${OS}_${ARCH}-${VERSION}.tar.gz"
| tar xz docker-credential-gcr
&& chmod +x docker-credential-gcr && sudo mv docker-credential-gcr /usr/bin/
3. Activate service account to authenticate with Artifact registry use this gcloud cli command. Also make sure this SA is having necessary permissions
gcloud auth activate-service-account {SA-user}@{PROJECT_ID}.iam.gserviceaccount.com --key-file={key_name}.json
This uses token which expires in 1 hour.
gcloud auth print-access-token --impersonate-service-account {SA-USER}@{PROJECT_ID}.iam.gserviceaccount.com | docker login -u oauth2accesstoken --password-stdin https://{REGION}-docker.pkg.dev
4. Create dedicated service accounts that are only used to interact with repositories. Get a service account key and then base64 encode and run this command to login
To put this in the pipeline, add the variable for the key in secrets.
cat newkey.json | docker login -u _json_key_base64 --password-stdin
https://us-central1-docker.pkg.dev
<<<<<<< HEAD
gcloud container clusters create {Cluster_name}
Create a secret to store artifact_registry as a registry which will later be used to pull the docker image.
develop
<<<<<<< HEAD
kubectl create secret docker-registry artifact-registry \
develop
--docker-server=https://{REGION}-docker.pkg.dev
--docker-email={SA_ID}@{PROJECT_ID}.iam.gserviceaccount.com
--docker-username=_json_key
--docker-password="$(cat KEY-FILE)"
Open your default service account:
kubectl edit serviceaccount default --namespace default
Every namespace in your Kubernetes cluster has a default service account called default. This default service account is used to pull your container image.
Add the newly created imagePullSecret secret to your default service account:
imagePullSecrets:
- name: artifact-registry
Your service account should now look like this:
<<<<<<< HEAD
docker build -t us-central1-docker.pkg.dev/production-api-enabill/artifact-k8s/django-k8s:latest .
docker build -t us-central1-docker.pkg.dev/production-api-enabill/artifact-k8s/django-k8s:latest .
docker push us-central1-docker.pkg.dev/production-api-enabill/artifact-k8s/django-k8s --all-tags
develop
- Clone the code from GCP repo
- Build container image
- Pushes the image to Artifact Registry
Run the following gcloud command to deploy
<<<<<<< HEAD
gcloud build submit
=======
develop
gcloud build submit