- Tested on
macOS 11.1 (20C69)
- README (this document) - How to run solution
- Approach Taken - Response to approach taken
- Scaling - Plan for scaling
- Monitoring and Alerting - Plan for monitoring and alerting
- Troubleshooting - Dumping ground for troubleshooting commands
- TODO - Progress, planning, notes used throughout solving the problem
... and service account
We need a GCP Project and Service Account with the Project Owner role.
You may already a project and SA account already, but these directions will assume that you are starting from scratch.
# Create project
$ gcloud projects create <PROJECT_ID>
# Get billing ACCOUNT_ID
$ gcloud alpha billing accounts list
# Enable billing
$ gcloud beta billing projects link <PROJECT_ID> --billing-account=<ACCOUNT_ID>
# Set project
$ gcloud config set project <PROJECT_ID>
# Enable Cloud Resource Manager API
gcloud services enable cloudresourcemanager.googleapis.com
# Create project
$ gcloud projects create ozbe-cn-training
# Get billing ACCOUNT_ID
$ gcloud alpha billing accounts list
# Enable billing
$ gcloud alpha billing projects link ozbe-cn-training --billing-account=XXXXXXX
# Set project
$ gcloud config set project ozbe-cn-training
# Enable Cloud Resource Manager API
$ gcloud services enable cloudresourcemanager.googleapis.com
# Create SA
$ gcloud iam service-accounts create <SA_NAME> --display-name "Terraform Account"
# Assign SA owner role
$ gcloud projects add-iam-policy-binding <PROJECT_ID> --member "serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com" --role "roles/owner"
# Create and download SA key
$ gcloud iam service-accounts keys create <SA_KEY>.json --iam-account <SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com
# Activate service account
$ gcloud auth activate-service-account --project=<PROJECT_ID> --key-file=<SA_KEY>.json
# Set gcloud account to SA
$ gcloud config set account <SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com
# Login
$ gcloud auth application-default login
# Create SA
$ gcloud iam service-accounts create terraform --display-name "Terraform Account"
# Assign SA owner role
$ gcloud projects add-iam-policy-binding ozbe-cn-training --member "serviceAccount:[email protected]" --role "roles/owner"
# Create and download SA key
$ gcloud iam service-accounts keys create sa-key.json --iam-account [email protected]
# Activate service account
$ gcloud auth activate-service-account --project=ozbe-cn-training --key-file=sa-key.json
# Set gcloud account to SA
$ gcloud config set account [email protected]
# Login
$ gcloud auth application-default login
Terraform is used to stand up the GCP Project's infrastructure.
Follow the setup and deploy steps in Terraform Setup to setup the training
envrionment.
Don't forget to cd ./terraform
from the project root for the terraform setup!
We will talk about production later.
kubectl
is used for deploying and viewing the WAR assets.
$ terraform -chdir=./terraform workspace select <training|production>
$ GKE_NAME=$(terraform -chdir=./terraform output gke_name | tr -d '"')
$ ZONE=$(terraform -chdir=./terraform output zone | tr -d '"')
$ gcloud container clusters get-credentials --zone=$ZONE $GKE_NAME
$ terraform -chdir=./terraform workspace select training
$ GKE_NAME=$(terraform -chdir=./terraform output gke_name | tr -d '"')
$ ZONE=$(terraform -chdir=./terraform output zone | tr -d '"')
$ gcloud container clusters get-credentials --zone=$ZONE $GKE_NAME
Copy assets, after deploying terraform environments and setting up kubectl
.
These scripts are meant to used when the developers give us their CI build artifacts for deployment. Ideally these scripts would be part of the developers' CI (or another CI) that uses a Service account with the appropriate permissions.
Deploy .zip file with the image and stylesheet used for the application
$ ./scripts/upload_static_assets.sh <training|production> <PATH_TO_ASSETS_ZIP>
$ ./scripts/upload_static_assets.sh training ./tests/assets/static-assets/archive.zip
Deploy war file with the dynamic parts of the application
$ ./scripts/upload_war.sh <training|production> <PATH_TO_WAR>
$ ./scripts/upload_war.sh training ./tests/assets/war/SampleWebApp.war
$ ./scripts/view_static_assets.sh
$ ./scripts/view_war.sh
You have a one of two choices for testing Production environment. You can follow all of the directions starting from GCP Project, where you setup a new GCP project, or you can go through the Clean up and then start at the Terraform setup.
Now to undo everything we did.
See the terraform/README.md for info on how to destroy the resources.
$ kubectl config delete-context <KUBE_CONTEXT>
# List accounts
$ gcloud auth list
# Switch account to one other than SA
$ gcloud config set account <ACCOUNT>
# Revoke SA account
$ gcloud revoke <SA_ACCOUNT>
# List accounts
$ gcloud auth list
# Switch account to one other than SA
$ gcloud config set account [email protected]
# Revoke SA account
$ gcloud revoke [email protected]
% gcloud projects delete <PROJECT_ID>
$ gcloud projects delete ozbe-cn-training
You're done. Take a break. Treat yourself.