Skip to content

Commit

Permalink
fixed typo, added firewall rule instructions, separated methods
Browse files Browse the repository at this point in the history
  • Loading branch information
murog committed Apr 10, 2019
1 parent 731bb56 commit 0a7a2b9
Showing 1 changed file with 38 additions and 6 deletions.
44 changes: 38 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Integration Testing on GCB
This is a demo showing how to execute multi-container integration tests as part of a [Google Cloud Build](https://cloud.google.com/cloud-build/) invocation
This is a demo showing how to execute multi-container integration tests as part of a [Google Cloud Build](https://cloud.google.com/cloud-build/) invocation.

Download the latest stable release of this demo [here](https://github.com/GoogleCloudPlatform/cloudbuild-integration-testing/releases).

## Method 1: docker-compose
### Prerequisites
Expand All @@ -13,7 +15,12 @@ Run command:
gcloud builds submit --config=cloudbuild.compose.yaml .
```

## Method 2: Deploy to Existing Kubernetes Cluster
## Method 2: Google Kubernetes Engine
### Overview
2a: Deploying to an existing kubernetes cluster: `cloudbuild.gke.yaml`

2b: Deploying to a new cluster per test: `cloudbuild.gke-per-test.yaml`

### Prerequisites

1. Create a cluster in Google Kubernetes Engine
Expand All @@ -23,21 +30,42 @@ gcloud builds submit --config=cloudbuild.compose.yaml .
NOTE: Update `cloudbuild.gke.yaml` env options if using a cluster with a different name or zone.
1. Update the `image` field in `k8s/db.yaml` and `k8s/web.yaml` with your Project ID to push images to your project's Container Registry.
1. Allow traffic on default potential NodePort range
```
gcloud compute firewall-rules create allow-k8s-nodeports --allow tcp:30000-32767
```
1. Add Kubernetes Engine IAM role to Cloud Build Service Account
1. Add IAM role "Kubernetes Engine Developer" to Cloud Build Service Account
Method 2a: Deploying to existing Kubernetes cluster:
```
gcloud projects add-iam-policy-binding <PROJECT-ID> \
--member serviceAccount:<PROJECT-NUMBER>@cloudbuild.gserviceaccount.com \
--role roles/container.developer
```
Method 2b: Deploying to a new cluster per test:
```
gcloud projects add-iam-policy-binding <PROJECT-ID> \
--member serviceAccount:<PROJECT-NUMBER>@cloudbuild.gserviceaccount.com \
--role roles/container.admin
```
Learn more about the [Cloud Build Service Account](https://cloud.google.com/cloud-build/docs/securing-builds/set-service-account-permissions#what_is_the_service_account), [Kubernetes Engine Permissions](https://cloud.google.com/kubernetes-engine/docs/how-to/iam) and [Granting Roles to Service Accounts](https://cloud.google.com/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource).
### Running Build
Deploying to an existing kubernetes cluster:
```
gcloud builds submit --config cloudbuild.gke.yaml .
```
Using a new kubernetes cluster per test:
```
gcloud builds submit --config cloudbuild.gke-per-test.yaml .
```
### When you're done
1. Delete Kubernetes Cluster
```
Expand All @@ -47,11 +75,15 @@ gcloud builds submit --config cloudbuild.gke.yaml .
```
gcloud projects remove-iam-policy-binding <YOUR-PROJECT-ID> \
--member serviceAccount:<YOUR-PROJECT-NUMBER>@cloudbuild.gserviceaccount.com \
--role roles/container.developer
--role roles/container.<developer-or-admin>
```
1. Remove firewall rule
```
gcloud compute firewall-rules delete allow-k8s-nodeports
```
## Method 3: deploy to self-destructing VM
## Method 3: Deploy to self-destructing VM
Before beginning, update k8s/db.yaml and k8s/web.yaml with your Project ID.
Expand Down

0 comments on commit 0a7a2b9

Please sign in to comment.