Document cloud build deployment cli

[obriensystems]

for retrofit of https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/docs/google-cloud-landingzone-traffic-generation.md For role automation see https://github.com/canada-ca/accelerators_accelerateurs-gcp/issues/42#issue-1314932789

set Folder Admin role...
export SUPER_ADMIN_EMAIL=root@alternate.gcp.zone
export ORG_ID=6839210352

service account impersonation
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/iam.serviceAccountTokenCreator

create folders
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/resourcemanager.folderAdmin

listing enabled services on a project
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/resourcemanager.organizationAdmin

gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/serviceusage.serviceUsageAdmin

create cloud build triggers
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/cloudbuild.builds.editor

cloud run
gcloud services enable run.googleapis.com

create folder
root_@cloudshell:~$ gcloud resource-manager folders create --display-name=traffic --organization=6839210352
Waiting for [operations/cf.4720145089362488460] to finish...done.    
Created [<Folder
 createTime: '2022-09-07T00:23:40.991Z'
 displayName: 'traffic'
 lifecycleState: LifecycleStateValueValuesEnum(ACTIVE, 1)
 name: 'folders/64965792995'
 parent: 'organizations/6839210352'>].

create project
root_@cloudshell:~$ gcloud projects create traffic-agz --folder=64965792995
Create in progress for [https://cloudresourcemanager.googleapis.com/v1/projects/traffic-agz].
Waiting for [operations/cp.7621766356452603860] to finish...done.    
Enabling service [cloudapis.googleapis.com] on project [traffic-agz]...
Operation "operations/acat.p2-783080225319-d6ac0798-5097-4ab6-b12c-0774f2bede74" finished successfully.

switch to project
root_@cloudshell:~$ gcloud config set project traffic-agz
Updated property [core/project].
root_@cloudshell:~ (traffic-agz)$

set region, organization, billing ids
export REGION=northamerica-northeast1
export PROJECT=traffic-agz
export BILLING=$(gcloud alpha billing projects describe $PROJECT '--format=value(billingAccountName)' | sed 's/.*\///')
export ORGANIZATION=$(gcloud projects get-ancestors $PROJECT --format='get(id)' | tail -1)

clone repo 

setup CSR mirror

root_@cloudshell:~/traffic (traffic-agz)$ git config --global credential.'https://source.developers.google.com'.helper gcloud.sh
root_@cloudshell:~/traffic (traffic-agz)$ gcloud source repos create magellan
API [sourcerepo.googleapis.com] not enabled on project [783080225319]. Would you like to enable and retry (this will take a few minutes)? (y/N)?  y

Enabling service [sourcerepo.googleapis.com] on project [783080225319]...
Operation "operations/acat.p2-783080225319-a5cd4ed4-0400-4350-bcf6-2e7c709f4ece" finished successfully.
ERROR: (gcloud.source.repos.create) ResponseError: status=[PERMISSION_DENIED], code=[403], message=[User [root@alternate.gcp.zone] does not have permission to access projects instance [traffic-agz] (or it may not exist): This API method requires billing to be enabled. Please enable billing on project #783080225319 by visiting https://console.developers.google.com/billing/enable?project=783080225319 then retry. If you enabled billing for this project recently, wait a few minutes for the action to propagate to our systems and retry.].

Forgot to setup Billing Administrator - fix billing and reenter - verify billing not set
root_@cloudshell:~/traffic (traffic-agz)$ echo $BILLING

now recheck billing on the project
root_@cloudshell:~/traffic (traffic-agz)$ export BILLING=$(gcloud alpha billing projects describe $PROJECT '--format=value(billingAccountName)' | sed 's/.*\///')
root_@cloudshell:~/traffic (traffic-agz)$ echo $BILLING
011B..169E

rerun csr creation
root_@cloudshell:~/traffic (traffic-agz)$ gcloud source repos create magellan
Created [magellan].
WARNING: You may be billed for this repository. See https://cloud.google.com/source-repositories/docs/pricing for details.

Forgot to enter upstream repo via https://cloud.google.com/source-repositories/docs/adding-repositories-as-remotes

root_@cloudshell:~/traffic (traffic-agz)$ rm -rf magellan/
root_@cloudshell:~/traffic (traffic-agz)$ ls
root_@cloudshell:~/traffic (traffic-agz)$ git clone https://github.com/obrienlabs/magellan.git
Cloning into 'magellan'...
remote: Enumerating objects: 375, done.
remote: Counting objects: 100% (300/300), done.
remote: Compressing objects: 100% (150/150), done.
remote: Total 375 (delta 121), reused 251 (delta 77), pack-reused 75
Receiving objects: 100% (375/375), 54.47 KiB | 3.63 MiB/s, done.
Resolving deltas: 100% (133/133), done.
root_@cloudshell:~/traffic (traffic-agz)$ cd magellan
root_@cloudshell:~/traffic/magellan (traffic-agz)$ git config --global credential.'https://source.developers.google.com'.helper gcloud.sh
root_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud source repos create magellan
Created [magellan].
WARNING: You may be billed for this repository. See https://cloud.google.com/source-repositories/docs/pricing for details.
root_@cloudshell:~/traffic/magellan (traffic-agz)$ git remote add google https://source.developers.google.com/p/traffic-agz/r/magellan
root_@cloudshell:~/traffic/magellan (traffic-agz)$ git push google master
Enumerating objects: 375, done.
Counting objects: 100% (375/375), done.
Delta compression using up to 4 threads
Compressing objects: 100% (151/151), done.
Writing objects: 100% (375/375), 54.48 KiB | 54.48 MiB/s, done.
Total 375 (delta 133), reused 375 (delta 133), pack-reused 0
remote: Resolving deltas: 100% (133/133)
To https://source.developers.google.com/p/traffic-agz/r/magellan
 * [new branch]      master -> master
root_@cloudshell:~/traffic/magellan (traffic-agz)$ git status
On branch master
Your branch is up to date with 'origin/master'.

nothing to commit, working tree clean

enable services

root_@cloudshell:~ (traffic-agz)$ gcloud services list --enabled --project traffic-agz | grep NAME                                                                                                     
NAME: bigquery.googleapis.com
NAME: bigquerymigration.googleapis.com
NAME: bigquerystorage.googleapis.com
NAME: cloudapis.googleapis.com
NAME: clouddebugger.googleapis.com
NAME: cloudtrace.googleapis.com
NAME: datastore.googleapis.com
NAME: logging.googleapis.com
NAME: monitoring.googleapis.com
NAME: servicemanagement.googleapis.com
NAME: serviceusage.googleapis.com
NAME: sourcerepo.googleapis.com
NAME: sql-component.googleapis.com
NAME: storage-api.googleapis.com
NAME: storage-component.googleapis.com
NAME: storage.googleapis.com

root_@cloudshell:~ (traffic-agz)$ gcloud services enable compute.googleapis.com
Operation "operations/acf.p2-783080225319-8340daf4-b2f1-4df4-98c2-77e971a505e0" finished successfully.

git config

root_@cloudshell:~ (traffic-agz)$ git config --global user.email "mich...abs.org"
root_@cloudshell:~ (traffic-agz)$ git config --global user.name "Mic..en"

Create repository

https://cloud.google.com/sdk/gcloud/reference/artifacts/repositories/create

enable service
 gcloud services enable artifactregistry.googleapis.com

root_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud artifacts repositories create magellan --location=northamerica-northeast1 --repository-format=docker
Create request issued for: [magellan]
Waiting for operation [projects/traffic-agz/locations/northamerica-northeast1/operations/996356e2-d3ea-488e-886f-d156828b5e8c] to complete...done.   
Created repository [magellan].

Create cloud build trigger

enable service
gcloud services enable cloudbuild.googleapis.com

verify role set
gcloud organizations add-iam-policy-binding $ORG_ID --member=user:$SUPER_ADMIN_EMAIL --role=roles/cloudbuild.builds.editor

Use the default cloud build service account

root_@cloudshell:~/traffic/magellan (traffic-agz)$ vi cloudbuild.yaml
root_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud beta builds triggers create cloud-source-repositories --repo=magellan --branch-pattern=master  --build-config=cloudbuild.yaml 
Created [https://cloudbuild.googleapis.com/v1/projects/traffic-agz/locations/global/triggers/aef1d124-9943-44cf-90f5-513f398cdbf8].
NAME: trigger
CREATE_TIME: 2022-09-07T02:11:54+00:00
STATUS:

root_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud auth configure-docker \
    northamerica-northeast1-docker.pkg.dev
WARNING: Your config file at [/home/root_/.docker/config.json] contains these credential helper entries:

{
  "credHelpers": {
    "gcr.io": "gcloud",
    "us.gcr.io": "gcloud",
    "eu.gcr.io": "gcloud",
    "asia.gcr.io": "gcloud",
    "staging-k8s.gcr.io": "gcloud",
    "marketplace.gcr.io": "gcloud"
  }
}
Adding credentials for: northamerica-northeast1-docker.pkg.dev
After update, the following will be written to your Docker config file located at [/home/root_/.docker/config.json]:
 {
  "credHelpers": {
    "gcr.io": "gcloud",
    "us.gcr.io": "gcloud",
    "eu.gcr.io": "gcloud",
    "asia.gcr.io": "gcloud",
    "staging-k8s.gcr.io": "gcloud",
    "marketplace.gcr.io": "gcloud",
    "northamerica-northeast1-docker.pkg.dev": "gcloud"
  }
}

Do you want to continue (Y/n)?  y

Dockerfile

root_@cloudshell:~/traffic/magellan (traffic-agz)$ cat Dockerfile
FROM openjdk:11
ARG USERVICE_HOME=/opt/app/
ARG JARFILE=magellan-nbi/target/magellan-nbi-0.0.3-SNAPSHOT.jar
# Build up the deployment folder structure
RUN mkdir -p $USERVICE_HOME
ADD magellan-nbi/target/magellan-nbi-*.jar $USERVICE_HOME/ROOT.jar
EXPOSE 8080
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/opt/app/ROOT.jar"]

cloudbuild.yaml

root_@cloudshell:~/traffic/magellan (traffic-agz)$ cat cloudbuild.yaml
# [START cloudbuild_maven]
steps:
#  - name: maven:3-jdk-11
#    entrypoint: mvn
#    args: ["test"]
  - name: maven:3-jdk-11
    entrypoint: mvn
    args: ["package", "-Dmaven.test.skip=true -DskipTests=true"]
  - name: gcr.io/cloud-builders/docker
  ## gcr.io/
    args: ["build", "-t", "northamerica-northeast1-docker.pkg.dev/$PROJECT_ID/magellan/magellan", "--build-arg=JAR_FILE=magellan-nbi/target/magellan-nbi-0.0.3-SNAPSHOT.jar", "."]
    #args: ['build', '-t', 'LOCATION-docker.pkg.dev/$PROJECT_ID/traffic-generation/magellan-nbi', '.' ]
images:
 # ["gcr.io/$PROJECT_ID/magellan-nbi:latest"]
  ["northamerica-northeast1-docker.pkg.dev/$PROJECT_ID/magellan/magellan:latest"]

Update CSR repo with local cloudbuild.yaml - invoke trigger

git add cloudbuild.yaml
git commit -m "#1 - revert to magellan/magellan"
git push google master

Create cloud run instance

get the manifest from https://console.cloud.google.com/artifacts/docker/traffic-agz/northamerica-northeast1/magellan/magellan/sha256:97f7d5a8b1038f467133052052b94327404ecd5bbbe2dc2d43e7e9627548cf60;tab=install?project=traffic-agz&supportedpurview=project

enable cloud run

gcloud services enable run.googleapis.com

oot_@cloudshell:~/traffic/magellan (traffic-agz)$ gcloud beta run deploy magellan-target --image=northamerica-northeast1-docker.pkg.dev/traffic-agz/magellan/magellan@sha256:97f7d5a8b1038f467133052052b94327404ecd5bbbe2dc2d43e7e9627548cf60 --allow-unauthenticated --service-account=783080225319-compute@developer.gserviceaccount.com --timeout=30 --cpu=1 --memory=2Gi --execution-environment=gen2 --region=northamerica-northeast1 --project=traffic-agz
Deploying container to Cloud Run service [magellan-target] in project [traffic-agz] region [northamerica-northeast1]
/  Deploying new service... Initializing project for the current region.
  /  Creating Revision...
  .  Routing traffic...
  OK Setting IAM Policy...
API [run.googleapis.com] not enabled on project [783080225319]. Would you like to enable and retry (this will take a few minutes)? (y/N)?

-  Deploying new service... Deploying Revision. Waiting on revision magellan-target-00001-bip.
  -  Creating Revision... Deploying Revision.   

Check service

https://magellan-target-a....anq-nn.a.run.app/nbi/swagger-ui.html

https://magellan-target-as..nq-nn.a.run.app/nbi/swagger-ui.html#/application-service-controller/getHealthUsingGET_1