-
[Cloud Hero 2-3] 소프트웨어 공급망 보안: Cloud Build와 Cloud Deploy를 통한 컨테이너 앱 배포하기IT/GCP 2022. 11. 24. 00:32728x90
안녕하세요! 이번 랩은 소프트웨어 공급망 보안에 관한 내용입니다.
환경 변수 세팅하기
export PROJECT=$(gcloud config get-value project)
필요한 서비스 활성화 하기
gcloud services enable run.googleapis.com
artifact registry 만들기
gcloud artifacts repositories create helloworld-repo --location=us-central1 --repository-format=docker --project=$PROJECT
샘플 애플리케이션 만들기
mkdir helloworld cd helloworld
package.json
{ "name": "helloworld", "description": "Simple hello world sample in Node", "version": "1.0.0", "private": true, "main": "index.js", "scripts": { "start": "node index.js" }, "engines": { "node": ">=12.0.0" }, "author": "Google LLC", "license": "Apache-2.0", "dependencies": { "express": "^4.17.1" } }
index.js
{ "name": "helloworld", "description": "Simple hello world sample in Node", "version": "1.0.0", "private": true, "main": "index.js", "scripts": { "start": "node index.js" }, "engines": { "node": ">=12.0.0" }, "author": "Google LLC", "license": "Apache-2.0", "dependencies": { "express": "^4.17.1" } }
cd ~/helloworld
gcloud builds submit --pack image=us-central1-docker.pkg.dev/$PROJECT/helloworld-repo/helloworld
skaffold 환경 구성 준비하기
mkdir ~/deploy-cloudrun cd ~/deploy-cloudrun
skaffold.yaml
apiVersion: skaffold/v3alpha1 kind: Config metadata: name: deploy-run-quickstart profiles: - name: dev manifests: rawYaml: - run-dev.yaml - name: prod manifests: rawYaml: - run-prod.yaml deploy: cloudrun: {}
clouddeploy.yaml
apiVersion: deploy.cloud.google.com/v1 kind: DeliveryPipeline metadata: name: my-run-demo-app-1 description: main application pipeline serialPipeline: stages: - targetId: run-dev profiles: [dev] - targetId: run-prod profiles: [prod] --- apiVersion: deploy.cloud.google.com/v1 kind: Target metadata: name: run-dev description: Cloud Run development service run: location: projects/$PROJECT_ID/locations/us-central1 --- apiVersion: deploy.cloud.google.com/v1 kind: Target metadata: name: run-prod description: Cloud Run production service run: location: projects/$PROJECT_ID/locations/us-central1
gcloud deploy apply --file clouddeploy.yaml --region=us-central1
run-dev.yaml
apiVersion: serving.knative.dev/v1 kind: Service metadata: name: helloworld-dev spec: template: spec: containers: - image: my-app-image
run-prod.yaml
apiVersion: serving.knative.dev/v1 kind: Service metadata: name: helloworld-prod spec: template: spec: containers: - image: my-app-image
릴리즈 생성하고, 컨테이너 배포하기
gcloud deploy releases create run-release-001 --project=$PROJECT --region=us-central1 --delivery-pipeline=my-run-demo-app-1 --images=my-app-image="us-central1-docker.pkg.dev/$PROJECT/helloworld-repo/helloworld"
Cloud run 서비스에 비인가된 액세스 활성화 하기
gcloud run services add-iam-policy-binding helloworld-dev \ --member="allUsers" \ --role="roles/run.invoker" gcloud run services add-iam-policy-binding helloworld-prod \ --member="allUsers" \ --role="roles/run.invoker"
감사합니다.
728x90반응형'IT > GCP' 카테고리의 다른 글
Bigquery 실행 결과를 GCS로 자동 업데이트 (3) 2023.09.09 GCP 키 탈취시 조치 사항 (0) 2022.12.17 [Cloud Hero 1-4] Running a Node.js Container on GKE (0) 2022.11.22 [Cloud Hero 2-4] Kubernetes Engine으로 배포 관리 (0) 2022.11.22 [Cloud Hero 2-2] Google Kubernetes Engine의 NGINX 인그레스 컨트롤러 (0) 2022.11.22