Skip to content

installing-on-cloudrun.md

Latest commit

 

History

History
181 lines (152 loc) · 5.95 KB

installing-on-cloudrun.md

File metadata and controls

181 lines (152 loc) · 5.95 KB
title linkTitle weight description
Installing on Cloud Run
Installing on Cloud Run
3
This page describes how to install `piped` on Cloud Run.

Prerequisites

A registered piped

  • Make sure your piped is registered in the Control Plane and that you have its PIPED_ID and PIPED_KEY.
  • If not, follow the guide to register a new piped.

SSH key for Git repositories

  • If your Git repositories are private, piped requires a private SSH key to access those repositories.
  • Please check out this documentation for how to generate a new SSH key pair. Then add the public key to your repositories. (If you are using GitHub, you can add it to Deploy Keys at the repository’s Settings page.)

Installation

Preparing the piped configuration file

Prepare a piped configuration file like the following:

apiVersion: pipecd.dev/v1beta1
kind: Piped
spec:
  projectID: {PROJECT_ID}
  pipedID: {PIPED_ID}
  pipedKeyData: {BASE64_ENCODED_PIPED_KEY}
  # Write in a format like "host:443" because the communication is done via gRPC.
  apiAddress: {CONTROL_PLANE_API_ADDRESS}

  git:
    sshKeyData: {BASE64_ENCODED_PRIVATE_SSH_KEY}

  repositories:
    - repoId: {REPO_ID_OR_NAME}
      remote: git@github.com:{GIT_ORG}/{GIT_REPO}.git
      branch: {GIT_BRANCH}

  # Optional
  # Enable this piped to handle Cloud Run applications.
  platformProviders:
    - name: cloudrun-in-project
      type: CLOUDRUN
      config:
        project: {GCP_PROJECT_ID}
        region: {GCP_PROJECT_REGION}

  # Optional
  # Uncomment this if you want to enable this piped to handle Terraform applications.
  #  - name: terraform-gcp
  #    type: TERRAFORM

  # Optional
  # Uncomment this if you want to enable Secret Management.
  # See: https://pipecd.dev/docs/user-guide/managing-application/secret-management/
  # secretManagement:
  #   type: KEY_PAIR
  #   config:
  #     privateKeyData: {BASE64_ENCODED_PRIVATE_KEY}
  #     publicKeyData: {BASE64_ENCODED_PUBLIC_KEY}

See the configuration reference for the full list of available fields.

Storing the configuration in Secret Manager

Create a new secret in Secret Manager to store the configuration securely:

gcloud secrets create cloudrun-piped-config --data-file={PATH_TO_CONFIG_FILE}

Then make sure that Cloud Run has permission to access that secret as described in the Cloud Run secret access guide.

Running piped on Cloud Run

Prepare a Cloud Run service manifest as below.

{{< tabpane >}} {{< tab lang="yaml" header="Piped with Remote-upgrade" >}}

Enable remote-upgrade feature of piped.

https://pipecd.dev/docs/user-guide/managing-piped/remote-upgrade-remote-config/#remote-upgrade

This allows upgrading piped to a new version from the web console.

apiVersion: serving.knative.dev/v1 kind: Service metadata: name: piped annotations: run.googleapis.com/ingress: internal run.googleapis.com/ingress-status: internal spec: template: metadata: annotations: autoscaling.knative.dev/maxScale: "1" # This must be 1. autoscaling.knative.dev/minScale: "1" # This must be 1. run.googleapis.com/cpu-throttling: "false" # This is required. spec: containerConcurrency: 1 # This must be 1 to ensure piped works correctly. containers: - image: gcr.io/pipecd/launcher:{{< blocks/latest_version >}} args: - launcher - --launcher-admin-port=9086 - --config-file=/etc/piped-config/config.yaml ports: - containerPort: 9086 volumeMounts: - mountPath: /etc/piped-config name: piped-config resources: limits: cpu: 1000m memory: 2Gi volumes: - name: piped-config secret: secretName: cloudrun-piped-config items: - key: latest path: config.yaml {{< /tab >}}

{{< tab lang="yaml" header="Piped without Remote-upgrade" >}} apiVersion: serving.knative.dev/v1 kind: Service metadata: name: piped annotations: run.googleapis.com/ingress: internal run.googleapis.com/ingress-status: internal spec: template: metadata: annotations: autoscaling.knative.dev/maxScale: "1" autoscaling.knative.dev/minScale: "1" run.googleapis.com/cpu-throttling: "false" spec: containerConcurrency: 1 containers: - image: gcr.io/pipecd/launcher:{{< blocks/latest_version >}} args: - launcher - --launcher-admin-port=9086 - --config-file=/etc/piped-config/config.yaml ports: - containerPort: 9086 volumeMounts: - mountPath: /etc/piped-config name: piped-config resources: limits: cpu: 1000m memory: 2Gi volumes: - name: piped-config secret: secretName: cloudrun-piped-config items: - key: latest path: config.yaml {{< /tab >}} {{< /tabpane >}}

Apply the Cloud Run service:

gcloud run services replace {PATH_TO_CLOUD_RUN_SERVICE_MANIFEST}

Once the service is created, Cloud Run will run the piped agent as a stateless service that connects to your PipeCD Control Plane and deploys applications according to your configuration. Make sure that the created secret is accessible from this piped service as described in the Cloud Run secret access guide.