Thursday, October 31, 2024

How to Integrate Gitlab CI/CD Pipeline to Gogle Cloud

The seamless integration of GitLab with Google Cloud has ushered in a new era of software development efficiency and flexibility. GitLab, lauded as the leading DevOps platform by Gartner in 2024, has consistently demonstrated its commitment to pushing the boundaries of innovation. Having used GitLab extensively in a previous role, I was eager to explore the latest enhancements and integration capabilities, especially those offered by Google Cloud.

This article takes you on a guided journey through the official GitLab documentation, complemented by a hands-on demonstration to solidify your understanding.

Google Cloud Integration with GitLab: A Practical Walkthrough

This hands-on exercise focuses on exploring the integration of Google Cloud with GitLab and deploying a web service to Cloud Run. The steps have been streamlined and simplified to ensure a smoother workflow.

Setting Up Federated Identity Workload

To establish authentication between GitLab and Google Cloud, a secure authentication method is needed. Fortunately, GitLab simplifies this process through its Google Cloud IAM integration service. Navigate to "Integrations" -> "Google Cloud IAM".

In this configuration, simply populate the required fields and execute the generated gcloud command.

  • Input Project ID and Project Number

  • Input Pool ID and Provider ID

After entering the Project ID, Project Number, Pool ID, and Provider ID, run the command displayed in the second section. Historically, Federated Identity Workload configuration has been a complex process. I was pleasantly surprised by how effortless GitLab made it — incredibly convenient!

Upon successful configuration, you'll find the newly created Federated Identity Workload in your Google Cloud console.

Configuring Artifact Registry Integration

To seamlessly connect GitLab with Google's container registry services, GitLab provides Google Artifact Management integration within its settings.

Similar to Google Cloud IAM, simply fill in the necessary fields and execute the generated gcloud command.

  • Input details according to your configuration.

Once configured, you can conveniently view the contents of your Artifact Registry under "Deploy" -> "Google Artifact Registry".

Setting Up Cloud Run Integration

Now, let's delve into the GitLab Continuous Integration (CI) Integration. First, grant the necessary roles to the Federated Identity Workload pool by executing the following command:

# Replace ${PROJECT_ID}, ${PROJECT_NUMBER}, ${LOCATION}, ${POOL_ID} with your values below
WORKLOAD_IDENTITY=principalSet://iam.googleapis.com/projects/${PROJECT_NUMBER}/locations/global/workloadIdentityPools/${POOL_ID}/attribute.developer_access/true
PROJECT_ID=YOUR_PROJECT_ID
gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="${WORKLOAD_IDENTITY}" --role="roles/run.sourceDeveloper"
gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="${WORKLOAD_IDENTITY}" --role="roles/iam.serviceAccountUser"
    

Next, prepare your application files using Python and Docker. We'll utilize Flask to create a simple example application that returns a health status response.

requirements.txt

Flask == 3.0.3
flask-cors == 5.0.0
    

main.py

from flask import Flask, request, jsonify
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route("/")
def read_root():
    return {"message": "Health Check OK"}, 200

if __name__ == "__main__":
    app.run(host="0.0.0.0", port = 8080)
    

Dockerfile

FROM python:3.10-slim

ENV PYTHONUNBUFFERED True
ENV PYTHONDONTWRITEBYTECODE True
ENV PYTHONPATH="${PYTHONPATH}:/app"

WORKDIR /app
COPY . ./

# Install python library
RUN pip install -r requirements.txt

CMD ["python", "main.py"]
    

This section outlines the core of the CI pipeline to build, push, and deploy the application to Google Cloud. Much of this setup follows examples provided within the GitLab documentation.

gitlab-ci.yml

stages:
  - build
  - push
  - deploy

variables:
  IMAGE_TAG: latest
  PROJECT: YOUR_PROJECT_ID
  LOCATION: YOUR_LOCATION
  SERVICE: gitlab-test-app
  AR_IMAGE: $LOCATION-docker.pkg.dev/$PROJECT/my-repository/$SERVICE

build-job:
  stage: build
  services:
    - docker:24.0.5-dind
  image: docker:git
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  script:
    - docker build -t $CI_REGISTRY_IMAGE:$IMAGE_TAG --build-arg="name=Cloud Run" .
    - docker push $CI_REGISTRY_IMAGE:$IMAGE_TAG

include:
  - component: gitlab.com/google-gitlab-components/artifact-registry/upload-artifact-registry@0.1.0
    inputs:
      stage: push
      source: $CI_REGISTRY_IMAGE:$IMAGE_TAG
      target: $AR_IMAGE:$IMAGE_TAG

  - component: gitlab.com/google-gitlab-components/cloud-run/deploy-cloud-run@0.1.0
    inputs:
      stage: deploy
      image: $AR_IMAGE:$IMAGE_TAG
      project_id: $PROJECT
      region: $LOCATION
      service: $SERVICE
    

Explanation:

  • stages: Defines each job stage within the pipeline. Here, we divide the pipeline into three stages: build, push, and deploy.

  • variables: Defines variables used repeatedly in jobs to improve YAML readability and minimize typos. GitLab CI/CD provides predefined variables like CI_REGISTRY_USER, CI_REGISTRY, and CI_REGISTRY_PASSWORD.

  • build-job: This is a user-defined job to build the Docker image, utilizing a specific Docker image defined within the services and image fields.

  • include: Uses this clause to reference external CI YAML files within your jobs. GitLab provides specific example CI YAML files for Google Cloud integrations.

After creating these files, your repository structure will appear as follows:

YOUR_REPOSITORY
├── .gitlab-ci.yml
├── Dockerfile
├── README.md
├── main.py
└── requirements.txt
    

Now, it's time to inspect the running CI pipeline. Once you push these files to your repository, the pipeline jobs will automatically kick off.

Conclusion

This article has shed light on the seamless integration of GitLab with Google Cloud. These integration services are incredibly valuable, particularly with their ability to automatically generate gcloud commands, simplifying the setup process. While I initially had reservations about GitLab's capabilities, this hands-on demonstration converted me into an enthusiastic proponent of its user-friendly approach. I highly recommend trying out this demonstration for yourself!

0 comments:

Post a Comment