From c14617a176902839447c8c2f04233e0422923dd2 Mon Sep 17 00:00:00 2001 From: Eric K Date: Tue, 7 Dec 2021 18:00:42 -0800 Subject: [PATCH] first commit --- Dockerfile | 15 +++++++++ README.md | 75 +++++++++++++++++++++++++++++++++++++++++ app.js | 28 +++++++++++++++ cloudbuild.yaml | 15 +++++++++ cpln.bash | 18 ++++++++++ cpln/cpln-gvc.yaml | 7 ++++ cpln/cpln-workload.yaml | 42 +++++++++++++++++++++++ package.json | 16 +++++++++ 8 files changed, 216 insertions(+) create mode 100644 Dockerfile create mode 100644 README.md create mode 100644 app.js create mode 100644 cloudbuild.yaml create mode 100755 cpln.bash create mode 100644 cpln/cpln-gvc.yaml create mode 100644 cpln/cpln-workload.yaml create mode 100644 package.json diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..efb1457 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,15 @@ +FROM node:16.6.2-bullseye-slim + +# Create app directory +WORKDIR /usr/src/app + +# Install app dependencies +COPY package*.json ./ + +RUN npm install + +# Bundle app source +COPY . . + +EXPOSE 8080 +CMD [ "node", "app.js" ] \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..a5467c3 --- /dev/null +++ b/README.md @@ -0,0 +1,75 @@ +# Control Plane - Google Cloud Build Example Using the CLI + + +This example demonstrates building and deploying an app to Control Plane using the CLI (cpln) as part of a CI/CD pipeline at [Google Cloud Build](https://console.cloud.google.com/cloud-build). + +The example is a Node.js app that displays the environment variables and start-up arguments. + +This example is provided as a starting point and your own unique delivery and/or deployment requirements will dictate the steps needed in your situation. + +## Control Plane Authentication Set Up + +The Control Plane CLI require a `Service Account` with the proper permissions to perform actions against the Control Plane API. + +1. Follow the Control Plane documentation to create a Service Account and create a key. Take a note of the key. It will be used in the next section. +2. Add the Service Account to the `superusers` group. Once the pipeline executes as expected, a policy can be created with a limited set of permissions and the Service Account can be removed from the superusers group. + +## Example Set Up + +When triggered, the pipeline will execute the steps defined in the `cloudbuild.yaml` file. The example will containerize and push the application to the org's private image repository and create/update a GVC and workload hosted at Control Plane. + +**Perform the following steps to set up the example:** + +1. Fork or copy the example into your own workspace at one of the supported Cloud Build repositories. + +2. Connect Cloud Build to your workspace and set up the example as a trigger. + +3. The following variables are required and must be added as substitution variables within the trigger: + + - `_CPLN_ORG`: Control Plane org. + - `_CPLN_GVC_NAME`: The name of the GVC. + - `_CPLN_WORKLOAD_NAME`: The name of the workload. + - `_CPLN_IMAGE_NAME`: The name of the image that will be deployed. The pipeline will append the short SHA of the commit as the tag when pushing the image to the org's private image repository. + + Substitution variables do not offer the ability the mask sensitive values. Use [Google Secret Manager](https://console.cloud.google.com/security/secret-manager) to create a secret named `CPLN_TOKEN` using the Service Account Key from the previous section. The example uses the secret for authentication. Follow the steps within this [article](https://cloud.google.com/build/docs/securing-builds/use-secrets) to grant permissions to Cloud Build to access the secret values. + +4. Review the `cloudbuild.yaml` file: + - This file contains the steps that will be executed when the pipeline is triggered. + - Update line 13 with your PROJECT ID. + - The script, `cpln.bash` will be executed and perform the following: + - The Control Plane CLI will be installed. + - The sample application will be containerize and pushed to the org's private registry. + - The `sed` command is used to substitute the `ORG_NAME`, `GVC_NAME`, `WORKLOAD_NAME` and `IMAGE_NAME_TAG` tokens inside the YAML files in the `/cpln` directory. + - The GVC and Workload will be created/update. + +5. The Control Plane YAML files are located in the `/cpln` directory. No changes are required to execute the example. + - The `cpln-gvc.yaml` file defines the GVC to be created/updated. + - The `cpln-workload.yaml` file defines the workload to be created/updated. + +6. Run the pipeline using one of the methods specified when creating the trigger. + +## Running the App + +After the pipeline has successfully deployed the application, it can be tested by following these steps: + +1. Browse to the Control Plane Console. +2. Select the GVC that was set in the `CPLN_GVC_NAME` variable. +3. Select the workload that was set in the `CPLN_WORKLOAD_NAME` variable. +4. Click the `Open` button. The app will open in a new tab. The container's environment variables and start up arguments will be displayed. + + +## Notes + +* The `cpln apply` command creates and updates the resources defined within the YAML files. If the name of a resource is changed, `cpln apply` will create a new resource. Any orphaned resources will need to be manually deleted. + +* The Control Plane CLI commands use the `CPLN_ORG` and `CPLN_TOKEN` environment variables when needed. There is no need to add the --org or --token flags. + +* The GVC definition must exists in its own YAML file. The `cpln apply` command executing the file that contains the GVC definition must be executed before any child definition YAML files (workloads, identities, etc.) are executed. + + +## Helper Links + +Google Build + +- Overview +- Using secrets from Secret Manager diff --git a/app.js b/app.js new file mode 100644 index 0000000..dfb621d --- /dev/null +++ b/app.js @@ -0,0 +1,28 @@ +const http = require('http'); + +const hostname = '0.0.0.0'; +const port = 8080; + +const server = http.createServer((req, res) => { + res.statusCode = 200; + res.setHeader('Content-Type', 'text/plain'); + + const ordered = Object.keys(process.env).sort().reduce( + (obj, key) => { + obj[key] = process.env[key]; + return obj; + }, + {} + ); + + var myArgs = process.argv; + var newDate = new Date(); + + res.end('Environment Variables\n\n' + JSON.stringify(ordered, null, 4) + '\n\nArguments:\n\n' + myArgs + '\n\nWelcome to Control Plane!\n\nThe time is: ' + newDate.toUTCString()); +}); + + +server.listen(port, hostname, () => { + console.log(`Server running at http://${hostname}:${port}/`); +}); + diff --git a/cloudbuild.yaml b/cloudbuild.yaml new file mode 100644 index 0000000..c639c5e --- /dev/null +++ b/cloudbuild.yaml @@ -0,0 +1,15 @@ +steps: +- name: "gcr.io/cloud-builders/docker" + entrypoint: "bash" + args: ["./cpln.bash"] + secretEnv: ["CPLN_TOKEN"] + env: + - "IMAGE=${_CPLN_IMAGE_NAME}:$SHORT_SHA" + - "CPLN_ORG=${_CPLN_ORG}" + - "CPLN_GVC_NAME=${_CPLN_GVC_NAME}" + - "CPLN_WORKLOAD_NAME=${_CPLN_WORKLOAD_NAME}" +availableSecrets: + secretManager: + - versionName: projects/PROJECT_ID/secrets/CPLN_TOKEN/versions/latest + env: "CPLN_TOKEN" + diff --git a/cpln.bash b/cpln.bash new file mode 100755 index 0000000..a9b03b9 --- /dev/null +++ b/cpln.bash @@ -0,0 +1,18 @@ +#!/bin/bash + +# exit when any command fails +set -e + +apt-get -y update && apt-get -y install npm +npm install -g @controlplane/cli +cpln --version +cpln profile update default --token ${CPLN_TOKEN} +cpln image docker-login +cpln image build --name ${IMAGE} --dockerfile ./Dockerfile --push +cd cpln +sed -i "s/ORG_NAME/${CPLN_ORG}/" cpln-gvc.yaml +sed -i "s/GVC_NAME/${CPLN_GVC_NAME}/" cpln-gvc.yaml +sed -i "s/WORKLOAD_NAME/${CPLN_WORKLOAD_NAME}/" cpln-workload.yaml +sed -i "s/IMAGE_NAME_TAG/${IMAGE}/" cpln-workload.yaml +cpln apply -f cpln-gvc.yaml +cpln apply -f cpln-workload.yaml --gvc ${CPLN_GVC_NAME} diff --git a/cpln/cpln-gvc.yaml b/cpln/cpln-gvc.yaml new file mode 100644 index 0000000..eb6a2bf --- /dev/null +++ b/cpln/cpln-gvc.yaml @@ -0,0 +1,7 @@ +kind: gvc +name: GVC_NAME +description: Actions Example +spec: + staticPlacement: + locationLinks: + - /org/ORG_NAME/location/aws-us-west-2 diff --git a/cpln/cpln-workload.yaml b/cpln/cpln-workload.yaml new file mode 100644 index 0000000..a163fb0 --- /dev/null +++ b/cpln/cpln-workload.yaml @@ -0,0 +1,42 @@ +kind: workload +name: WORKLOAD_NAME +spec: + containers: + - args: [] + cpu: 50m + env: [] + name: "actions-example" + image: "//image/IMAGE_NAME_TAG" + memory: 128Mi + port: 8080 + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: [] + path: / + port: 8080 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + defaultOptions: + autoscaling: + maxConcurrency: 1000 + maxScale: 1 + metric: concurrency + minScale: 1 + scaleToZeroDelay: 300 + target: 100 + capacityAI: false + debug: false + timeoutSeconds: 30 + firewallConfig: + external: + inboundAllowCIDR: + - 0.0.0.0/0 + outboundAllowCIDR: [] + outboundAllowHostname: [] + internal: + inboundAllowType: none + inboundAllowWorkload: [] \ No newline at end of file diff --git a/package.json b/package.json new file mode 100644 index 0000000..82bb71c --- /dev/null +++ b/package.json @@ -0,0 +1,16 @@ +{ + "name": "cpln_app", + "version": "1.0.0", + "description": "", + "main": "app.js", + "scripts": { + "build": "npm i", + "start": "node app.js" + }, + "author": "", + "license": "ISC", + "engines": { + "node": "14.16.0" + } + } + \ No newline at end of file