This example demonstrates building and deploying an app to Control Plane using the CLI (cpln) as part of a CI/CD pipeline at Google Cloud Build.
The example is a Node.js app that displays the environment variables and start-up arguments.
This example is provided as a starting point and your own unique delivery and/or deployment requirements will dictate the steps needed in your situation.
The Control Plane CLI require a Service Account
with the proper permissions to perform actions against the Control Plane API.
- Follow the Control Plane documentation to create a Service Account and create a key. Take a note of the key. It will be used in the next section.
- Add the Service Account to the
superusers
group. Once the pipeline executes as expected, a policy can be created with a limited set of permissions and the Service Account can be removed from the superusers group.
When triggered, the pipeline will execute the steps defined in the cloudbuild.yaml
file. The example will containerize and push the application to the org's private image repository and create/update a GVC and workload hosted at Control Plane.
Perform the following steps to set up the example:
-
Fork or copy the example into your own workspace at one of the supported Cloud Build repositories.
-
Connect Cloud Build to your workspace and set up the example as a trigger.
-
The following variables are required and must be added as substitution variables within the trigger:
_CPLN_ORG
: Control Plane org._CPLN_GVC_NAME
: The name of the GVC._CPLN_WORKLOAD_NAME
: The name of the workload._CPLN_IMAGE_NAME
: The name of the image that will be deployed. The pipeline will append the short SHA of the commit as the tag when pushing the image to the org's private image repository.
Substitution variables do not offer the ability the mask sensitive values. Use Google Secret Manager to create a secret named
CPLN_TOKEN
using the Service Account Key from the previous section. The example uses the secret for authentication. Follow the steps within this article to grant permissions to Cloud Build to access the secret values. -
Review the
cloudbuild.yaml
file:- This file contains the steps that will be executed when the pipeline is triggered.
- Update line 13 with your PROJECT ID.
- The script,
cpln.bash
will be executed and perform the following:- The Control Plane CLI will be installed.
- The sample application will be containerize and pushed to the org's private registry.
- The
sed
command is used to substitute theORG_NAME
,GVC_NAME
,WORKLOAD_NAME
andIMAGE_NAME_TAG
tokens inside the YAML files in the/cpln
directory. - The GVC and Workload will be created/update.
-
The Control Plane YAML files are located in the
/cpln
directory. No changes are required to execute the example.- The
cpln-gvc.yaml
file defines the GVC to be created/updated. - The
cpln-workload.yaml
file defines the workload to be created/updated.
- The
-
Run the pipeline using one of the methods specified when creating the trigger.
After the pipeline has successfully deployed the application, it can be tested by following these steps:
- Browse to the Control Plane Console.
- Select the GVC that was set in the
CPLN_GVC_NAME
variable. - Select the workload that was set in the
CPLN_WORKLOAD_NAME
variable. - Click the
Open
button. The app will open in a new tab. The container's environment variables and start up arguments will be displayed.
-
The
cpln apply
command creates and updates the resources defined within the YAML files. If the name of a resource is changed,cpln apply
will create a new resource. Any orphaned resources will need to be manually deleted. -
The Control Plane CLI commands use the
CPLN_ORG
andCPLN_TOKEN
environment variables when needed. There is no need to add the --org or --token flags. -
The GVC definition must exists in its own YAML file. The
cpln apply
command executing the file that contains the GVC definition must be executed before any child definition YAML files (workloads, identities, etc.) are executed.
Google Build