Last active
July 25, 2021 05:34
-
-
Save Philmod/e18056caac485549bb5339ffa4fd31b5 to your computer and use it in GitHub Desktop.
Deploy a new image from Google Cloud Container Builder to Kubernetes, by storing GKE credentials in GCS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| steps: | |
| - name: 'gcr.io/cloud-builders/npm' | |
| args: ['install'] | |
| - name: 'gcr.io/cloud-builders/npm' | |
| args: ['test'] | |
| - name: 'gcr.io/cloud-builders/docker' | |
| args: ["build", "-t", "gcr.io/$PROJECT_ID/frontend:$REVISION_ID", "."] | |
| - name: 'gcr.io/cloud-builders/docker' | |
| args: ["push", "gcr.io/$PROJECT_ID/frontend:$REVISION_ID"] | |
| - name: 'gcr.io/cloud-builders/gcloud' | |
| entrypoint: 'bash' | |
| args: | |
| - '-c' | |
| - | | |
| gcloud components install kubectl | |
| gsutil cp gs://container-kubernetes-key/kubeconfig . | |
| export KUBECONFIG=kubeconfig | |
| kubectl set image deployment/frontend frontend=gcr.io/$PROJECT_ID/frontend:$REVISION_ID |
I keep hitting this error:
Step #2: ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required "container.clusters.get" permission for "projects/buildanything-io/zones/us-central1-a/clusters/cluster-3".
Finished Step #2
ERROR
ERROR: build step 2 "gcr.io/cloud-builders/kubectl" failed: exit status 1
What shall I do?
@Philmod I am facing below issue which is similar to the above one.
The connection to the server localhost:8080 was refused - did you specify the right host or port?
ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required "container.clusters.get" permission for "projects/PROJECT/zones/ZONE/clusters/CLUSTER_NAME".
Fetching cluster endpoint and auth data.
All components are up to date.
Already have image (with digest): gcr.io/cloud-builders/gcloud
When you get Required "BLABLABLABLA" permission .... message, go into IAM -> Roles -> Create role [ROLE_NAME] -> add container.clusters.get and/or whatever other permissions you need in order to get it done, and assign that role (IAM -> Add) to the Cloud Builder service account [email protected]
Secondly, it works with:
- id: kubectl-set-image
name: gcr.io/cloud-builders/kubectl
args: ['set', 'image', 'deployment/[DEPLOYMENT_NAME]', '[IMAGE_NAME]=gcr.io/$PROJECT_ID/[IMAGE_NAME]:$TAG_NAME']
env:
- 'CLOUDSDK_COMPUTE_ZONE=[ZONE]'
- 'CLOUDSDK_CONTAINER_CLUSTER=[CLUSTER]'
The previous comment worked for me! Thanks for that.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Also, do take a look at http://github.com/weaveworks/flux, it offers a more decoupled approach with where you install a git reconciliation operator into your cluster, and it picks up new images from the registry, makes changes in git and then applies new config to the cluster.
We blogged a lot about our approach too, see e.g. https://www.weave.works/blog/gitops-high-velocity-cicd-for-kubernetes.