Deploy container workloads

This page describes the process of uploading a container image to Harbor, and deploying that image in your GDC Sandbox instance.

Preparation

1. Follow the instructions in Connect to your instance to connect to your instance with Linux command line access. You can connect to your gateway over Remote Desktop, or run sshuttle on your Linux machine.

2. Set environment variables that will be used in the following instructions:

   export TENANT_PROJECT=TENANT_PROJECT # Intended deployment project for the container workflow.
   export HARBOR_INSTANCE_NAME=HARBOR_INSTANCE_NAME # Harbor Container Registry instance name.
   export HARBOR_PROJECT=HARBOR_PROJECT # Container registry project name for your images.
   export AO_USER=AO_USER # Your user name in the instance, e.g.: fop-my-user@example.com.
   export INSTANCE_URL=${HARBOR_INSTANCE_NAME}-${TENANT_PROJECT}.org-1.zone1.google.gdch.test.
   export DOCKER_CONFIG_PATH=DOCKER_CONFIG_PATH # Path to docker config file e.g.: /root/.docker/config.json.
   

3. To create a Harbor registry instance, follow Create a Harbor registry instance, or you can use the pre-created Sandbox Harbor instance: the default user-project in GDC Sandbox comes with an already deployed Harbor Instance, user-haas-instance, which can be used for development.

   export HARBOR_INSTANCE_NAME=user-haas-instance
   export TENANT_PROJECT=user-project
   export INSTANCE_URL=${HARBOR_INSTANCE_NAME}-${TENANT_PROJECT}.org-1.zone1.google.gdch.test
   

Upload image to Harbor

1. Create a Harbor project by following Create a Harbor Project.

   Example:

   gdcloud harbor harbor-projects create HARBOR_PROJECT  \
   --project=TENANT_PROJECT \
   --instance=HARBOR_INSTANCE_NAME 
   

2. Sign-in to Docker. Begin at Sign in to Docker or Helm with CLI secrets.

3. Download or build your container image, and follow the Google Distributed Cloud air-gapped instructions to Push an image to push it to Harbor.

   For example, here is is a workflow for pulling from Gitlab and pushing to Harbor:

   1. Log in and pull from your Gitlab container registry.

      export GITLAB_ID=GITLAB_ID
      export GITLAB_PROJECT_NAME=GITLAB_PROJECT_NAME
      export GITLAB_IMAGE_PATH=registry.gitlab.com/GITLAB_ID/GITLAB_PROJECT_NAME
      docker login registry.gitlab.com
      docker pull ${GITLAB_IMAGE_PATH}
      

   2. Push the Gitlab image to Harbor:

      export TAG=demo-image
      docker tag ${TAG} ${GITLAB_IMAGE_PATH}
      docker push ${INSTANCE_URL}/${HARBOR_PROJECT}/${TAG}
      

Grant roles

Grant your user the ability to create secrets and deployment.

1. Give the user permission to create secrets by adding the secret-admin role.

     gdcloud projects add-iam-policy-binding PROJECT \
       --member="user:${AO_USER}" \
       --role=secret-admin
   

2. Give the user permission to deploy container workloads by adding the namespace-admin role.

     gdcloud projects add-iam-policy-binding PROJECT \
       --member="user:${AO_USER}" \
       --role=namespace-admin
   

Deploy container app

Continue at Create Kubernetes image pull secret to create a secret and deploy your app.