Skip to content

Instantly share code, notes, and snippets.

Last active March 8, 2021 22:31
Show Gist options
  • Save jasdeepkhalsa/b745213e2f4864e832564a752b5a7490 to your computer and use it in GitHub Desktop.
Save jasdeepkhalsa/b745213e2f4864e832564a752b5a7490 to your computer and use it in GitHub Desktop.
GCP with Docker, K8s & Jenkins
## This script covers
# * Running Docker containers on a host.
# * Storing Docker images in the Google Container Repository (GCR).
# * Deploying GCR images on Kubernetes.
# * Pushing updates onto Kubernetes.
# * Automating deployments to Kubernetes using Jenkins.
# Clone a repository from the Google Cloud Shell
gsutil cp -r gs://spls/gsp021/* .
gcloud source repos clone valkyrie-app --project=$GCP_PROJECT_ID
# Requires SSH access setup
git clone ssh://
## Docker commands
# Build image from Dockerfile
# Note: the "." means current directory, so you need to run this command from within the directory that has the Dockerfile
# --file option allows to specify a dockerfile not named as the default of "Dockerfile"
# -t or --tag adds us to tag this docker image with a name and version
docker build --tag "app:latest" --file "app.dockerfile" .
docker build -t node-app:0.1 .
docker build -t valkyrie-app:v0.0.1 .
## Run a container
# The --name flag allows you to name the container if you like
# The -p does a port mapping by instructing Docker to map the host's port 4000 to the container's port 80 to access the server at http://localhost:4000
# Without port mapping, you would not be able to reach the container at localhost
docker run -i -t --ipc=host --shm-size="1g" "app:latest"
docker run -p 4000:80 --name my-app node-app:0.1
docker run -p 8080:80 --name my-app-2 -d node-app:0.2
docker run -p 8080:8080 valkyrie-app:v0.0.1 & # Run the background
# See all containers
docker ps -a
# Stop all containers
docker stop $(docker ps -q)
# Remove all containers
docker rm $(docker ps -aq)
# Remove all images
docker rmi $(docker images -aq)
# See logs of a container
docker logs -f <container id>
# Inspect metadata of a container
docker inspect <container id> format='{{.IPAddress}}{{end}}'
# Enter into bash of a container
docker exec -it <container id> bash
## Tag and push a docker image for publishing to e.g. Google Container Registry (gcr):
# [hostname]=
# [project-id]= your project's ID
# [image]= your image name
# [tag]= any string tag of your choice. If unspecified, it defaults to "latest"
# e.g.$(gcloud config list project)/node-app:0.2
docker tag node-app:0.2 "$GCP_PROJECT_ID/node-app:0.2"
docker push "$GCP_PROJECT_ID/node-app:0.2"
docker tag valkyrie-app:v0.0.1 "$GCP_PROJECT_ID/valkyrie-app:v0.0.1"
docker push "$GCP_PROJECT_ID/valkyrie-app:v0.0.1"
docker tag valkyrie-app:v0.0.2 "$GCP_PROJECT_ID/valkyrie-app:v0.0.2"
docker push "$GCP_PROJECT_ID/valkyrie-app:v0.0.2"
## Pull and run a remote docker image e.g. from Google Container Registry (gcr)
docker pull "$GCP_PROJECT_ID/node-app:0.2"
docker run -p 4000:80 -d "$GCP_PROJECT_ID/node-app:0.2"
## General commands
# Get active account name
gcloud auth list
# List the project ID
gcloud config list project
# Find default zone
gcloud compute project-info describe --project <GCP Project ID>
# Set default region
gcloud config set compute/region us-east1
# Set default zone
gcloud config set compute/zone us-east1-b
# Create server / compute instance with a specific machine type
gcloud compute instances create jooli-webserver --machine-type n1-standard-1
## Create a Kubernetes service cluster
# Create a Kubernetes cluster with a specific machine-type (if --num-nodes are omitted, defaults to 3)
# Alternative scope for e.g. to enable Jenkins to access Cloud Source Repositories and Google Container Registry could be,cloud-platform
gcloud container clusters create jooli-cluster --machine-type n1-standard-1 --num-nodes 2 --scopes ",storage-rw"
gcloud container clusters create valkyrie-dev --machine-type n1-standard-1 --scopes ",cloud-platform"
# Get info on the cluster, control plane IP, KubeDNS, metrics etc.
kubectl cluster-info
# Authenticate the Kubernetes cluster
gcloud container clusters get-credentials jooli-cluster
gcloud container clusters get-credentials valkyrie-dev
# Deploy an application to the cluster from a remote Docker image
kubectl create deployment jooli-server --image
# Create a deployment or service from a YAML config file
# To add a GCR image into a deployment add the full path to GCR & version of the image e.g.
kubectl create -f k8s/deployment.yaml
kubectl create -f k8s/service.yaml
kubectl replace --force -f k8s/deployment.yaml # Delete and re-create the pod
kubectl describe pod valkyrie-dev-58dd8cdb67-p8rgj # Drill down into why a pod failed
# Create TLS certs and configmaps for e.g. nginx
kubectl create secret generic tls-certs --from-file tls/
kubectl create configmap nginx-frontend-conf --from-file=nginx/frontend.conf
# Setup Helm for using e.g. Jenkins charts
helm repo add jenkins
# Ensure the helm repo is up to date
helm repo update
# Use the Helm CLI to deploy the chart with your config settings:
helm install cd jenkins/jenkins -f jenkins/values.yaml --version 1.2.2 --wait
# Configure a Jenkins service account to be able to deploy to the cluster
kubectl create clusterrolebinding jenkins-deploy --clusterrole=cluster-admin --serviceaccount=default:cd-jenkins
# Setup port forwarding to the Jenkins UI from the Cloud Shell
export POD_NAME=$(kubectl get pods --namespace default -l "" -l "" -o jsonpath="{.items[0]}")
kubectl port-forward $POD_NAME 8080:8080 >> /dev/null &
# You are using the Kubernetes Plugin ( so that our builder nodes will be automatically launched as necessary when the Jenkins master requests them.
# Upon completion of their work, they will automatically be turned down and their resources added back to the clusters resource pool.
# Notice that this service exposes ports 8080 and 50000 for any pods that match the selector.
# This will expose the Jenkins web UI and builder/agent registration ports within the Kubernetes cluster.
# Additionally, the jenkins-ui services is exposed using a ClusterIP so that it is not accessible from outside the cluster.
# Retrieve Jenkins password
printf $(kubectl get secret cd-jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo
# Creating a repository and push it to a Cloud Source Repository service
gcloud source repos create default
git init
git config credential.helper
git remote add origin$DEVSHELL_PROJECT_ID/r/default
git config --global "[EMAIL_ADDRESS]"
git config --global "[USERNAME]"
# Expose the Kubernetes Service to the outside world
kubectl expose deployment jooli-server --type LoadBalancer --port 8080
# Get pods, services, replicaSets and deployments running
kubectl get pods
kubectl get services
kubectl get replicasets
kubectl get deployments
# Increase the number of replica pods of a deployment
kubectl scale deployment <deployment> --replicas=3
# Trigger, pause, resume, undo and view status of a rolling update on a deployment
kubectl edit deployment <deployment>
kubectl rollout pause deployment/<deployment>
kubectl rollout resume deployment/<deployment>
kubectl rollout undo deployment/<deployment>
kubectl rollout status deployment/<deployment>
# View the rollout history
kubectl rollout history deployment/<deployment>
# See which version of a deployment is in use
curl -ks https://`kubectl get svc <frontend> -o=jsonpath="{.status.loadBalancer.ingress[0].ip}"`/version
# See which version of a container image is deployed to a pod
kubectl get pods -o jsonpath --template='{range .items[*]}{}{"\t"}{"\t"}{.spec.containers[0].image}{"\n"}{end}'
# Create an interactive shell inside a pod
kubectl exec <pod> --stdin --tty -c <pod> /bin/sh
# Check that the service has been exposed
kubectl get service
kubectl get # list resources
kubectl describe # show detailed information about a resource
kubectl logs # print the logs from a container in a pod
kubectl exec # execute a command on a container in a pod
# Get list of compute images
gcloud compute images list
## Set up an HTTP load balancer
# Create a startup script
cat << EOF >
#! /bin/bash
apt-get update
apt-get install -y nginx
service nginx start
sed -i -- 's/nginx/Google Cloud Platform -'"\$HOSTNAME"'/'
# Create an instance template
gcloud compute instance-templates create lb-backend-template \
--region us-east1 \
--network default \
--machine-type n1-standard-1 \
--subnet default \
--tags allow-health-check \
--image-family debian-9 \
--image-project debian-cloud \
# Create a target pool
gcloud compute target-pools create lb-pool
# Create a managed instance group with a target pool,
# that should receive incoming traffic from forwarding rules
gcloud compute instance-groups managed create lb-backend-group \
--template lb-backend-template \
--size 2 \
--target-pool lb-pool
# Check computer instances
gcloud compute instances list
# Create a simple firewall
gcloud compute firewall-rules create fw-allow-health-check --allow tcp:80
# Or a more explicit firewall
gcloud compute firewall-rules create fw-allow-health-check \
--network default \
--action allow \
--direction ingress \
--source-ranges, \
--target-tags allow-health-check \
--rules tcp:80
# Create a forwarding rule from the outside world to the target pool
gcloud compute forwarding-rules create nginx-lb \
--region us-east1 \
--ports 80 \
--target-pool lb-pool
# Create a reserved IPv4 address (optional)
gcloud compute addresses create lb-ipv4-1 \
--ip-version IPV4 \
# Get the IPv4 address (optional)
gcloud compute addresses describe lb-ipv4-1 \
--format "get(address)" \
# Create a HTTP health check
gcloud compute http-health-checks create http-basic-check --port 80
# Ensure the health check service can reach the instance-group on http port 80
# See gcloud compute instance-groups set-named-ports --help for more information
gcloud compute instance-groups managed set-named-ports lb-backend-group \
--named-ports http:80
# Create a backend service...
gcloud compute backend-services create web-backend-service \
--protocol HTTP \
--http-health-checks http-basic-check \
# ...and attach the managed instance group
gcloud compute backend-services add-backend web-backend-service \
--instance-group lb-backend-group \
--instance-group-zone us-east1-b \
# Create a URL map
gcloud compute url-maps create web-map-http --default-service web-backend-service
# Target the HTTP proxy to route requests to your URL map
gcloud compute target-http-proxies create http-lb-proxy --url-map web-map-http
# Create a global forwarding rule from outside world to lb-proxy
gcloud compute forwarding-rules create http-content-rule \
--global \
--target-http-proxy http-lb-proxy \
--ports 80
# --address lb-ipv4-1
# Check the forwarding rule is active
gcloud compute forwarding-rules list
# Undo/Delete all of the created above
gcloud compute forwarding-rules delete http-content-rule --global && gcloud compute target-http-proxies delete http-lb-proxy && gcloud compute url-maps delete web-map-http && gcloud compute backend-services delete web-backend-service --global
gcloud compute health-checks delete http http-basic-check
gcloud compute firewall-rules delete fw-allow-health-check && gcloud compute instance-groups managed delete lb-backend-group && gcloud compute instance-templates delete lb-backend-template
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment