Shakr - Container CI/CD with Google Cloud Platform

Container CI/CD with Google Cloud PlatformMinku Lee

CTO, Shakr

GitHub

DEVELOPMENT

GitHub

DEVELOPMENT

Travis CI

CONTINUOUS INTEGRATION

GitHub

DEVELOPMENT

Travis CI

CONTINUOUS INTEGRATION

Container Registry

IMAGE REGISTRY

GitHub

DEVELOPMENT

Travis CI

CONTINUOUS INTEGRATION

Container Registry

IMAGE REGISTRY

Compute Engine & Container Engine

INFRASTRUCTURE

GitHub

Pull Request

Travis CI

Travis CI

Travis CI

.travis.yml

sudo: required

services: - docker

before_script: - docker build -t videobox:$TRAVIS_BUILD_NUMBER . - docker images

script: - docker run videobox:$TRAVIS_BUILD_NUMBER bundle exec rubocop - docker run videobox:$TRAVIS_BUILD_NUMBER bundle exec rspec - openssl aes-256-cbc -K $encrypt_key -iv $encrypt_iv -in service_account.json.enc \ -out service_account.json -d - docker login -e [email protected] -u _json_key -p "$(cat service_account.json)" https://us.gcr.io - docker tag videobox:$TRAVIS_BUILD_NUMBER gcr.io/shakr/videobox:$TRAVIS_BUILD_NUMBER - docker push gcr.io/shakr/videobox:$TRAVIS_BUILD_NUMBER

notifications: slack: "..."

Docker

sudo: required

services: - docker

https://docs.travis-ci.com/user/docker

Docker

before_script: - docker build -t videobox:$TRAVIS_BUILD_NUMBER . - docker images

Dockerfile

Dockerfile

script: - docker run videobox:$TRAVIS_BUILD_NUMBER bundle exec rubocop - docker run videobox:$TRAVIS_BUILD_NUMBER bundle exec rspec

Container Registry

- docker login -e [email protected] -u _json_key \ -p "$(cat service_account.json)" \ https://us.gcr.io

- docker tag videobox:$TRAVIS_BUILD_NUMBER \ gcr.io/shakr/videobox:$TRAVIS_BUILD_NUMBER

- docker push gcr.io/shakr/videobox:$TRAVIS_BUILD_NUMBER

https://cloud.google.com/container-registry/docs/advanced-authentication

Container Registry

Google Container Registry

Google Compute Engine 인스턴스에서

Google Compute Engine 인스턴스에서

US, EU, ASIA

Google Compute Engine 인스턴스에서

US, EU, ASIA

Nearline GCS

gcloud CLI

$ gcloud docker pull gcr.io/google_appengine/nodejs

Using 'pull gcr.io/google_appengine/nodejs' for DOCKER_ARGS.

Using default tag: latest

latest: Pulling from google_appengine/nodejs

a3ed95caeb02: Pull complete

..

Digest: sha256:a7fcfb84b..

Status: Downloaded newer image for gcr.io/google_appengine/nodejs:latest

gcloud CLI

$ docker login -e [email protected] -u _json_key \ -p "$(cat service_account.json)" \ https://us.gcr.io

$ docker pull gcr.io/my_gcp_project/private_image:latest

https://cloud.google.com/container-registry/docs/advanced-authentication

Cloud Console

Google Container Engine

Google Container Engine

as a service

Google Container Engine

Container Scheduling Auto-healing Service Discovery

Config Management

Load Balancing

pod.yaml

apiVersion: v1 kind: Pod metadata: name: Videobox labels: name: videobox spec: containers: - name: videobox image: gcr.io/shakr/videobox:xxx imagePullPolicy: IfNotPresent env: - name: RACK_ENV value: production restartPolicy: Always dnsPolicy: default

rc.yaml

apiVersion: v1 kind: ReplicationController metadata: name: videobox spec: replicas: 3 selector: app: videobox template: metadata: name: videobox labels: app: videobox spec: # Pod spec here...

PodsNodes

Replication Controllers

Persistent Volumes

Stateful Sets (Pet Set)

Cron JobsSecrets

Services

Volumes

Replica Sets

PodsNodes

Replication Controllers

Persistent Volumes

Stateful Sets (Pet Set)

Cron JobsSecrets

Services

Volumes

Replica Sets

Podgcr.io/shakr/videobox:1

Podgcr.io/shakr/videobox:1

GCS PersistentVolume

Podgcr.io/shakr/videobox:1

Podgcr.io/shakr/videobox:1

Podgcr.io/shakr/videobox:1

Podgcr.io/shakr/videobox:1

Podgcr.io/shakr/videobox:1

Podgcr.io/shakr/videobox:1

ReplicationControllervideobox replicas=3

replica scale-up/

scale-down

k8s worker

worker

Podgcr.io/shakr/videobox:1

Podgcr.io/shakr/videobox:1

Podgcr.io/shakr/videobox:1

ReplicationControllervideobox replicas=3

Podgcr.io/shakr/vault:1

ReplicationControllervault replicas=1

(Infrastructure as Code)

Git

(Infrastructure as Code)

Git

On-Premise

(Infrastructure as Code)

Git

On-Premise

PaaS PaaS

(Infrastructure as Code)

Git

On-Premise

PaaS PaaS

master/worker

Preemptible VM

PVM Node Pool (Beta)

Preemptible VM

PVM Node Pool (Beta)

Cluster Autoscaler (Beta)

Preemptible VM

PVM Node Pool (Beta)

Cluster Autoscaler (Beta)

(>50GB per pod)

Local SSD를 Pod

Google Compute Enginewith containers!

Container-Optimized OS (BETA)

Chromium OS Verified Boot

Active-passive

systemd

cloud-init

Google

Container-Optimized OS (BETA)

gcloud CLI

$ gcloud compute instances create gci-instance-test \

--image-project google-containers \

--image-family gci-stable \

--zone asia-northeast1-a \

--machine-type n1-standard-1

cloud-init

$ gcloud compute instances create gci-instance-test \

--image-project google-containers \

--image-family gci-stable \

--zone asia-northeast1-a \

--machine-type n1-standard-1 \

--metadata-from-file user-data=cloud-init.yml

cloud-init.yml#cloud-config

users: - name: myservice uid: 2000

write_files: - path: /etc/systemd/system/myservice.service permissions: 0644 owner: root content: | [Unit] Description=Start a simple docker container

[Service] ExecStartPre=/usr/share/google/dockercfg_update.sh ExecStart=/usr/bin/docker run --rm -u 2000 --net=host --name=myservice -e RACK_ENV=production -p 80:80 \ gcr.io/project/myservice:latest ExecStop=/usr/bin/docker stop myservice ExecStopPost=/usr/bin/docker rm myservice

runcmd: - systemctl daemon-reload - systemctl enable myservice.service - systemctl start myservice.service

systemd

VM

Preemptible VM, Regional Managed Instance Group 등

Kubernetes

GitHub

DEVELOPMENT

Travis CI

CONTINUOUS INTEGRATION

Container Registry

IMAGE REGISTRY

Compute Engine & Container Engine

INFRASTRUCTURE

Google Cloud Platform가장 앞선 컨테이너 기술을 빠르고 쉽게 적용 가능한 플랫폼

Thank youWe're looking for talented engineers!

Minku Lee [email protected]