Production Deployment

[NilsG-S]

• [x] Production Dockerfile
• [x] Deploy to Google Cloud
• [x] Expose port
• [x] $GOOGLE_APPLICATION_CREDENTIALS

Kubernetes Engine vs Docker + Compute Engine

The original tutorial from Go doesn't seem to be current with Google Cloud. Therefore we have a choice to make.

Docker + Compute Engine

https://cloud.google.com/compute/docs/containers/deploying-containers https://cloud.google.com/container-registry/docs/pushing-and-pulling https://cloud.google.com/container-registry/

https://cloud.google.com/container-optimized-os/docs/how-to/ https://cloud.google.com/container-optimized-os/docs/how-to/create-configure-instance https://cloud.google.com/container-optimized-os/docs/how-to/run-container-instance

https://cloud.google.com/compute/docs/instance-groups/updating-managed-instance-groups https://cloud.google.com/compute/docs/instance-groups/ https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances https://cloud.google.com/compute/docs/instance-templates/ https://github.com/GoogleCloudPlatform/terraform-google-managed-instance-group https://github.com/mdb/terraform-example

https://cloud.google.com/deployment-manager/docs/quickstart

https://cloud.google.com/compute/docs/api/how-tos/authorization https://cloud.google.com/docs/authentication/production#howtheywork https://stackoverflow.com/questions/40032678/where-are-google-application-default-credentials-stored

Kubernetes Engine

Dev environment replacer: https://kubernetes.io/docs/getting-started-guides/minikube/ https://medium.com/devopslinks/using-kubernetes-minikube-for-local-development-c37c6e56e3db

https://cloud.google.com/kubernetes-engine/docs/concepts/ https://cloud.google.com/kubernetes-engine/docs/concepts/node-images#container_manifest https://cloud.google.com/kubernetes-engine/docs/concepts/kubernetes-engine-overview https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture#master https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards

[NilsG-S]

@joyellealina The solution seems be using either Kubernetes secrets or Docker runtime file copying. The latter can either take the form of

docker create
docker cp
docker start

or using volumes and setting a environment variable to point to the mount path.

Kubernetes

This method introduces complications because Kubernetes wasn't really meant for single-instance systems. In fact, it requires at least three f1-micro instances, which puts it over free-tier. WebSockets won't work without a bunch of added complexity with load balancing between instances. However, it might be possible to just use one small instance and deploy a single container to it.

https://kubernetes.io/docs/concepts/configuration/secret/ https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform https://cloud.google.com/iam/docs/creating-managing-service-account-keys https://blog.kiloreux.me/2017/11/24/deploying-to-kubernetes-engine-with-travis/ https://cloud.google.com/kubernetes-engine/docs/how-to/updating-apps

Docker

https://github.com/moby/moby/issues/26944 https://www.reddit.com/r/docker/comments/6h2c44/copying_files_into_a_container_when_calling_run/ https://docs.docker.com/storage/volumes/ https://cloud.google.com/datastore/docs/activate#accessing_the_product_name_short_api_from_a_compute_engine_instance

[NilsG-S]

Port

https://stackoverflow.com/questions/21065922/how-to-open-a-specific-port-such-as-9090-in-google-compute-engine

[NilsG-S]

App Engine

https://cloud.google.com/appengine/docs/go/

Flexible environment has no free-tier

[NilsG-S]

Prod Container

https://hub.docker.com/r/nilsgs/antifreeze/ https://docs.docker.com/docker-cloud/builds/push-images/

[NilsG-S]

Single-Instance Automated Deployment

https://github.com/ansible/ansible https://cloud.google.com/solutions/google-compute-engine-management-puppet-chef-salt-ansible https://docs.travis-ci.com/user/docker/

• Use GCloud SDK docker image on Travis CI to run deployment script
• Build secrets into prod container on Travis CI and save to private repo
  • Save credentials as base64 string

Method 1

https://cloud.google.com/compute/docs/instances/restarting-an-instance https://cloud.google.com/compute/docs/startupscript

1. Update startup script
2. Reset the instance (preserves IP)
   • https://github.com/GoogleCloudPlatform/puppet-google (Puppet Bolt)

Method 2

Assumes reserved static IP. https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address#unassign_ip https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address#IP_assign

1. Update startup script
2. Destroy the instance
3. Create a new instance with reserved IP
   • https://groups.google.com/forum/?fromgroups#!topic/ansible-project/b4YnI5Nb_bs

Method 3

Use Terraform.

https://blog.gruntwork.io/why-we-use-terraform-and-not-chef-puppet-ansible-saltstack-or-cloudformation-7989dad2865c https://blog.gruntwork.io/how-to-create-reusable-infrastructure-with-terraform-modules-25526d65f73d

Method 4

https://www.packer.io/docs/builders/googlecompute.html

Terraform + Packer + Puppet + Travis CI

Build a new Compute Engine image for each deployment and load it into GCE

Method 5

https://kubernetes.io/docs/getting-started-guides/minikube/

Terraform + Packer + Puppet + Minikube + Travis CI

Basically make a custom Compute Engine image running Minikube then provision pods with Terraform.

[NilsG-S]

Solution

Remote Terraform state?

Terraform + GKE

https://cloud.google.com/kubernetes-engine/docs/tutorials/configuring-domain-name-static-ip https://stackoverflow.com/questions/45359189/how-to-map-static-ip-to-terraform-google-compute-engine-instance https://www.terraform.io/docs/providers/kubernetes/d/service.html https://www.terraform.io/docs/providers/kubernetes/r/pod.html https://www.terraform.io/docs/providers/google/r/compute_address.html https://www.terraform.io/docs/providers/google/r/storage_bucket.html https://www.terraform.io/docs/backends/types/gcs.html

https://cloud.google.com/iam/docs/understanding-roles https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform https://cloud.google.com/compute/docs/access/service-accounts#accesscopesiam https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#changeserviceaccountandscopes https://cloud.google.com/go/tutorials/bookshelf-on-kubernetes-engine https://developers.google.com/identity/protocols/googlescopes

• [x] Stabilize versions Terraform
• [x] Remote state
• [x] Website bucket
• [x] Secrets (default credentials)
• [x] Merge Kube module
• [x] Clean up unnecessary configs
• [x] Replace literal strings with variables
• [x] Add Docker container tag referencing
• [x] Create Travis config
  • [x] Docker credentials
  • [x] Docker tagging and uploading (keep this updated as versions progress...use environment variables for both this and Terraform?)
  • [x] Service account base64decode (Kubernetes, Storage)
  • [x] Terraform init
  • [x] Terraform apply (auto confirm)
  • [x] Pod service account (Datastore)
• [x] Move docker files to deploy directory

[NilsG-S]

Next Steps

https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform https://www.terraform.io/docs/providers/kubernetes/index.html https://www.terraform.io/docs/providers/kubernetes/r/secret.html https://github.com/terraform-providers/terraform-provider-google/issues/400 https://www.terraform.io/docs/providers/local/index.html https://www.terraform.io/docs/providers/google/r/google_service_account_key.html

• Possibly an issue with the way the secret is being deployed to the container.
• Possibly an API version issue
• Attempt to adapt the pub/sub guide

Solution

https://github.com/GoogleCloudPlatform/google-cloud-go/issues/791

[NilsG-S]

https://docs.travis-ci.com/user/languages/go/ https://docs.travis-ci.com/user/docker/