jmhbnz/gitlab-gcp-deployment
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Process updated for GitHub CLI and gcp service account.

Browse Source 
Co-authored-by: jmhbnz <mail@jamesblair.net>
This commit is contained in:
Daljit Singh
2021-02-17 18:15:07 +13:00
parent bd70187287
commit f7c3a796b4
10 changed files with 87 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
key.json

5
1-install-gcp-sdk.sh → 1-install-utilities.sh
View File

@ -18,3 +18,8 @@ curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyr
# Update and install the SDK # Update and install the SDK
sudo apt-get update && sudo apt-get install -y google-cloud-sdk sudo apt-get update && sudo apt-get install -y google-cloud-sdk
# Install GitHub CLI
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key C99B11DEB97541F0
sudo apt-add-repository https://cli.github.com/packages
sudo apt-get update && sudo apt-get install gh

20
2-configure-gcp-project.sh
View File

@ -1,7 +1,6 @@
#!/bin/bash #!/bin/bash
# Once we have authenticated we can create a project and then create a new virtual machine instance within that project. # Once we have authenticated we can create a project and then create a new virtual machine instance within that project.
# Firstly let's create a new project, a project is the logical boundary all our cloud resources for this deployment will live within. To be able to deploy resources we also need to enable billing. # Firstly let's create a new project, a project is the logical boundary all our cloud resources for this deployment will live within. To be able to deploy resources we also need to enable billing.
@ -11,7 +10,7 @@
# #+NAME: Create a new google cloud project # #+NAME: Create a new google cloud project
# Create a project id based on date # Create a project id based on date
export gcp_project_id="gitlab-gcp-"$(date +"%s") export gcp_project_id="gitlab-gcp-ci-cd"
# Create new project using a random project id # Create new project using a random project id
gcloud projects create $gcp_project_id gcloud projects create $gcp_project_id
@ -22,3 +21,20 @@ gcloud alpha billing projects link $gcp_project_id --billing-account $gcp_billin
# Make sure the project is set active # Make sure the project is set active
gcloud config set project $gcp_project_id gcloud config set project $gcp_project_id
# Create service accounts
gcloud iam service-accounts create $gcp_project_id-sa \
--description="GitHub actions deploy account" \
--display-name="GitHub-Action-Deploy"
# Assign role
gcloud projects add-iam-policy-binding $gcp_project_id \
--member=serviceAccount:$gcp_project_id-sa@$gcp_project_id.iam.gserviceaccount.com \
--role=roles/compute.instanceAdmin.v1
gcloud projects add-iam-policy-binding $gcp_project_id \
--member=serviceAccount:$gcp_project_id-sa@$gcp_project_id.iam.gserviceaccount.com \
--role=roles/iam.serviceAccountUser
gcloud iam service-accounts keys create key.json \
--iam-account $gcp_project_id-sa@$gcp_project_id.iam.gserviceaccount.com

10
3-create-github-secrets.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
# Step 3 - Configure GitHub secrets...
# Once new service account is created and key.json file is created, We will have to upload these details into GitHub and automate the end to end CI/CD workflow.
# Tange the shell block below to a shell script by pressing *, b t* in emacs command mode:
# Once new srvice account is created and key.json file is created, We will have to upload these details into GitHub and automate the end to end CI/CD workflow.
TODO

2
3-create-virtual-machine.sh → 4-create-virtual-machine.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
# Step 3 - Create vertual machine # Step 4 - Create virtual machine
# Once we have a project we can create a new virtual machine. To create a virtual machine we need to ensure compute engine apis are enabled. # Once we have a project we can create a new virtual machine. To create a virtual machine we need to ensure compute engine apis are enabled.

2
4-install-docker.sh → 5-install-docker.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
# Step 4 - Install docker on virtual machine # Step 5 - Install docker on virtual machine
# Next up we need to install [[https://docker.com][Docker]] on the newly created virtual machine so that we can then deploy Gitlab as a container. # Next up we need to install [[https://docker.com][Docker]] on the newly created virtual machine so that we can then deploy Gitlab as a container.

0
5-install-gitlab-via-composer.sh → 6-install-gitlab-via-composer.sh
View File

2
6-teardown-cloud-resources.sh → 7-teardown-cloud-resources.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
# Step 6 - Teardown cloud resources # Step 7 - Teardown cloud resources
# The Google Cloud Platform resources created by this process come at a cost, so it's important we have an easy way to teardown those resources as soon as we're finished with them! # The Google Cloud Platform resources created by this process come at a cost, so it's important we have an easy way to teardown those resources as soon as we're finished with them!

67
README.org
View File

@ -13,7 +13,6 @@ We'll use shell blocks inside this file which can be executed with [[https://org
1. To interact with this org file we're using the [[https://github.com/humacs/humacs][Humacs]] distribution of [[https://www.gnu.org/software/emacs/][Emacs]]. 1. To interact with this org file we're using the [[https://github.com/humacs/humacs][Humacs]] distribution of [[https://www.gnu.org/software/emacs/][Emacs]].
1. This workflow has only been tested on the ~Ubuntu 20.04~ linux distribution, via [[https://ubuntu.com/wsl][WSL 2]]. 1. This workflow has only been tested on the ~Ubuntu 20.04~ linux distribution, via [[https://ubuntu.com/wsl][WSL 2]].
* Step 1 - Ensure GCP SDK is installed * Step 1 - Ensure GCP SDK is installed
To automate our interactions with Google Cloud Platform we'll use the [[https://cloud.google.com/sdk/docs/install#deb][GCP SDK]] which provides us with a number of command line tools to interact with the platform, such as ~gcloud~, ~gsutil~ and ~kubectl~. To automate our interactions with Google Cloud Platform we'll use the [[https://cloud.google.com/sdk/docs/install#deb][GCP SDK]] which provides us with a number of command line tools to interact with the platform, such as ~gcloud~, ~gsutil~ and ~kubectl~.
@ -21,7 +20,7 @@ To automate our interactions with Google Cloud Platform we'll use the [[https://
Tangle the shell block below to a shell script by pressing *, b t* in emacs command mode: Tangle the shell block below to a shell script by pressing *, b t* in emacs command mode:
#+NAME: Install google cloud sdk #+NAME: Install google cloud sdk
#+BEGIN_SRC bash :shebang #!/bin/bash :tangle 1-install-gcp-sdk.sh #+BEGIN_SRC bash :shebang #!/bin/bash :tangle 1-install-utilities.sh
# Add the Cloud SDK distribution URI as a package source # Add the Cloud SDK distribution URI as a package source
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee /etc/apt/sources.list.d/google-cloud-sdk.list echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee /etc/apt/sources.list.d/google-cloud-sdk.list
@ -33,6 +32,11 @@ curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyr
# Update and install the SDK # Update and install the SDK
sudo apt-get update && sudo apt-get install -y google-cloud-sdk sudo apt-get update && sudo apt-get install -y google-cloud-sdk
# Install GitHub CLI
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key C99B11DEB97541F0
sudo apt-add-repository https://cli.github.com/packages
sudo apt-get update && sudo apt-get install gh
#+END_SRC #+END_SRC
@ -49,6 +53,12 @@ In future we could automate this process as part of a continous delivery pipelin
gcloud auth login gcloud auth login
#+END_SRC #+END_SRC
Next step is we need to authenticate with GitHub CLI. This part is the process is currently manual.
We required GitHub CLI to store secrets to automate CI/CD pipeline for gcloud access.
#+NAME: Authenticate with GitHub CLI
#+begin_src bash
gh auth login
#+end_src
Once we have authenticated we can create a project and then create a new virtual machine instance within that project. Once we have authenticated we can create a project and then create a new virtual machine instance within that project.
@ -59,7 +69,7 @@ Tangle the shell block below to a shell script by pressing *, b t* in emacs comm
#+NAME: Create a new google cloud project #+NAME: Create a new google cloud project
#+begin_src bash :shebang #!/bin/bash :tangle 2-configure-gcp-project.sh #+begin_src bash :shebang #!/bin/bash :tangle 2-configure-gcp-project.sh
# Create a project id based on date # Create a project id based on date
export gcp_project_id="gitlab-gcp-"$(date +"%s") export gcp_project_id="gitlab-gcp-ci-cd"
# Create new project using a random project id # Create new project using a random project id
gcloud projects create $gcp_project_id gcloud projects create $gcp_project_id
@ -70,24 +80,45 @@ gcloud alpha billing projects link $gcp_project_id --billing-account $gcp_billin
# Make sure the project is set active # Make sure the project is set active
gcloud config set project $gcp_project_id gcloud config set project $gcp_project_id
#+end_src
#+RESULTS: Create a new google cloud project # Create service accounts
#+begin_src bash gcloud iam service-accounts create $gcp_project_id-sa \
billingAccountName: billingAccounts/0175A9-AC77BE-CE5586 --description="GitHub actions deploy account" \
billingEnabled: true --display-name="GitHub-Action-Deploy"
name: projects/gitlab-gcp-1611720361/billingInfo
projectId: gitlab-gcp-1611720361 # Assign role
gcloud projects add-iam-policy-binding $gcp_project_id \
--member=serviceAccount:$gcp_project_id-sa@$gcp_project_id.iam.gserviceaccount.com \
--role=roles/compute.instanceAdmin.v1
gcloud projects add-iam-policy-binding $gcp_project_id \
--member=serviceAccount:$gcp_project_id-sa@$gcp_project_id.iam.gserviceaccount.com \
--role=roles/iam.serviceAccountUser
gcloud iam service-accounts keys create key.json \
--iam-account $gcp_project_id-sa@$gcp_project_id.iam.gserviceaccount.com
#+end_src #+end_src
* Step 3 - Create vertual machine * Step 3 - Configure GitHub secrets...
Once new service account is created and key.json file is created, We will have to upload these details into GitHub and automate the end to end CI/CD workflow.
Tange the shell block below to a shell script by pressing *, b t* in emacs command mode:
Once new srvice account is created and key.json file is created, We will have to upload these details into GitHub and automate the end to end CI/CD workflow.
#+begin_src bash :shebang #!/bin/bash :tangle 3-create-github-secrets.sh
TODO
#+end_src
* Step 4 - Create virtual machine
Once we have a project we can create a new virtual machine. To create a virtual machine we need to ensure compute engine apis are enabled. Once we have a project we can create a new virtual machine. To create a virtual machine we need to ensure compute engine apis are enabled.
Tangle the shell block below to a shell script by pressing *, b t* in emacs command mode: Tangle the shell block below to a shell script by pressing *, b t* in emacs command mode:
#+begin_src bash :shebang #!/bin/bash :tangle 3-create-virtual-machine.sh #+begin_src bash :shebang #!/bin/bash :tangle 4-create-virtual-machine.sh
# Ensure compute engine apis are enabled in the project # Ensure compute engine apis are enabled in the project
gcloud services enable compute.googleapis.com gcloud services enable compute.googleapis.com
@ -99,13 +130,13 @@ gcloud compute instances create $gcp_machine_name --zone australia-southeast1-a
#+end_src #+end_src
* Step 4 - Install docker on virtual machine * Step 5 - Install docker on virtual machine
Next up we need to install [[https://docker.com][Docker]] on the newly created virtual machine so that we can then deploy Gitlab as a container. Next up we need to install [[https://docker.com][Docker]] on the newly created virtual machine so that we can then deploy Gitlab as a container.
By default the virtual machine operating system for the vm we created on GCP is [[https://debian.org][Debian]]. There are instructions for installing Docker on a debian machine [[https://docs.docker.com/engine/install/debian/#install-using-the-repository][here]]. By default the virtual machine operating system for the vm we created on GCP is [[https://debian.org][Debian]]. There are instructions for installing Docker on a debian machine [[https://docs.docker.com/engine/install/debian/#install-using-the-repository][here]].
#+begin_src bash :shebang #!/bin/bash :tangle 4-install-docker.sh #+begin_src bash :shebang #!/bin/bash :tangle 5-install-docker.sh
# Retrieve the vm name # Retrieve the vm name
export gcp_machine_name=$(gcloud compute instances list --limit=1 --format='value(name.basename())') export gcp_machine_name=$(gcloud compute instances list --limit=1 --format='value(name.basename())')
@ -119,7 +150,7 @@ gcloud compute ssh $gcp_machine_name --ssh-key-file ~/.ssh/$USER -- "sudo chmod
#+end_src #+end_src
* Step 5 - Install gitlab via docker * Step 6 - Install gitlab via docker
Next step to create docker compose file for gitlab Next step to create docker compose file for gitlab
@ -145,7 +176,7 @@ Next step to create docker compose file for gitlab
Next up we need to tranfer file to gcloud vm and install the gitlab via docker composer Next up we need to tranfer file to gcloud vm and install the gitlab via docker composer
#+begin_src bash :shebang #!/bin/bash :tangle 5-install-gitlab-via-composer.sh #+begin_src bash :shebang #!/bin/bash :tangle 6-install-gitlab-via-composer.sh
# Retrieve the vm name # Retrieve the vm name
export gcp_machine_name=$(gcloud compute instances list --limit=1 --format='value(name.basename())') export gcp_machine_name=$(gcloud compute instances list --limit=1 --format='value(name.basename())')
@ -157,7 +188,7 @@ gcloud compute ssh $gcp_machine_name --ssh-key-file ~/.ssh/$USER -- 'sudo docker
#+end_src #+end_src
* Step 6 - Teardown cloud resources * Step 7 - Teardown cloud resources
The Google Cloud Platform resources created by this process come at a cost, so it's important we have an easy way to teardown those resources as soon as we're finished with them! The Google Cloud Platform resources created by this process come at a cost, so it's important we have an easy way to teardown those resources as soon as we're finished with them!
@ -165,7 +196,7 @@ The script below will delete any projects containing ~gitlab~ in the name along
Tangle the shell block below to a shell script by pressing *, b t* in emacs command mode: Tangle the shell block below to a shell script by pressing *, b t* in emacs command mode:
#+begin_src bash :shebang #!/bin/bash :tangle 6-teardown-cloud-resources.sh #+begin_src bash :shebang #!/bin/bash :tangle 7-teardown-cloud-resources.sh
# Iterate over any matching projects # Iterate over any matching projects
for project in $(gcloud projects list | awk '{ print $1 }' | grep gitlab); do for project in $(gcloud projects list | awk '{ print $1 }' | grep gitlab); do

2
docker-compose.yaml
View File

@ -1,4 +1,4 @@
# Step 5 - Install gitlab via docker # Step 6 - Install gitlab via docker
# Next step to create docker compose file for gitlab # Next step to create docker compose file for gitlab