debian-mirror-gitlab/doc/cloud_seed/index.md
2022-07-29 14:03:07 +02:00

5.3 KiB

stage group info
Release Incubation Cloud Seed (formerly 5mp) is a GitLab Incubation Engineering program. No technical writer assigned to this group.

Cloud Seed

Cloud Seed is an open-source program led by GitLab Incubation Engineering in collaboration with Google Cloud.

Cloud Seed is in private-testing mode and is available to a select group of users. If you are interested in joining this group, please fill in the Cloud Seed Trusted Testers invitation form and we will reach out to you.

Purpose

We believe that it should be trivial to deploy web applications (and other workloads) from GitLab to major cloud providers.

To support this effort, Cloud Seed makes it simple and intuitive to consume appropriate Google Cloud services within GitLab.

Why Google Cloud

or Why not AWS or Azure?

Cloud Seed is an open-source program that can be extended by anyone, and we'd love to work with every major cloud provider. We chose to work with Google Cloud because their team is accessible, supportive, and collaborative in this effort.

As an open-source project, everyone can contribute and shape our direction.

Deploy to Google Cloud Run

After you have your web application in a GitLab project, follow these steps to deploy your application from GitLab to Google Cloud with Cloud Seed:

  1. Set up deployment credentials
  2. (Optional) Configure your preferred GCP region
  3. Configure the Cloud Run deployment pipeline

Set up deployment credentials

Cloud Seed provides an interface to create Google Cloud Platform (GCP) service accounts from your GitLab project. The associated GCP project must be selected during the service account creation workflow. This process generates a service account, keys, and deployment permissions.

To create a service account:

  1. Go to the Project :: Infrastructure :: Google Cloud page.
  2. Select Create Service Account.
  3. Follow the Google OAuth 2 workflow and authorize GitLab.
  4. Select your GCP project.
  5. Associate a Git reference (such as a branch or tag) for the selected GCP project.
  6. Submit the form to create the service account.

The generated service account, service account key, and associated GCP project ID are stored in GitLab as project CI variables. You can review and manage these in the Project :: Settings :: CI page.

The generated service account has the following roles:

  • roles/iam.serviceAccountUser
  • roles/artifactregistry.admin
  • roles/cloudbuild.builds.builder
  • roles/run.admin
  • roles/storage.admin
  • roles/cloudsql.admin
  • roles/browser

You can enhance security by storing CI variables in secret managers. Learn more about secret management with GitLab.

Configure your preferred GCP region

When you configure GCP regions for your deployments, the list of regions offered is a subset of all GCP regions available.

To configure a region:

  1. Go to the Project :: Infrastructure :: Google Cloud page.
  2. Select Configure GCP Region.
  3. Select your preferred GCP region.
  4. Associate a Git reference (such as a branch or tag) for the selected GCP region.
  5. Submit the form to configure the GCP region.

The configured GCP region is stored in GitLab as a project CI variable. You can review and manage these in the Project :: Settings :: CI page.

Configure the Cloud Run deployment pipeline

You can configure the Google Cloud Run deployment job in your pipeline. A typical use case for such a pipeline is continuous deployment of your web application.

The project pipeline itself could have a broader purpose spanning across several stages, such as build, test, and secure. Therefore, the Cloud Run deployment offering comes packaged as one job that fits into a much larger pipeline.

To configure the Cloud Run deployment pipeline:

  1. Go to the Project :: Infrastructure :: Google Cloud page.
  2. Go to the Deployments tab.
  3. For Cloud Run, select Configure via Merge Request.
  4. Review the changes and submit to create a merge request.

This creates a new branch with the Cloud Run deployment pipeline (or injected into an existing pipeline) and creates an associated merge request where the changes and deployment pipeline execution can be reviewed and merged into the main branch.

Contribute to Cloud Seed

There are several ways you can contribute to Cloud Seed: