forked from GoogleCloudPlatform/ai-on-gke
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudbuild.yaml
63 lines (60 loc) · 2.94 KB
/
cloudbuild.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
steps:
- id: Provision Infra with Terraform
name: gcr.io/cloudshell-images/cloudshell:latest
env:
- "PLATFORM_VAR_FILE=${_PLATFORM_VAR_FILE}"
script: |
#!/usr/bin/env bash
if [[ -n ${PLATFORM_VAR_FILE} ]]
then
terraform -chdir="./platform/" init -no-color
terraform -chdir="./platform/" apply -auto-approve -no-color -var-file $PLATFORM_VAR_FILE
else
echo " PLATFORM_VAR_FILE variable not found, skipping this step."
fi
- id: If restricted public cluster, update authorised networks
name: gcr.io/cloudshell-images/cloudshell:latest
env:
- "WORKLOADS_VAR_FILE=${_WORKLOADS_VAR_FILE}"
script: |
#!/usr/bin/env bash
if [[ -n ${WORKLOADS_VAR_FILE} ]]
then
export SHELL_IP=`curl https://ipinfo.io/ip`
echo $SHELL_IP
export CLUSTERNAME=`cat ./workloads/${WORKLOADS_VAR_FILE} | grep -w cluster_name | awk {'print $NF'}| awk -F'["]' '{ print $2 }'`
export LOCATION=`cat ./workloads/${WORKLOADS_VAR_FILE} | grep -w cluster_location | awk {'print $NF'}| awk -F'["]' '{ print $2 }'`
export PROJECT=`cat ./workloads/${WORKLOADS_VAR_FILE} | grep -w project_id | awk {'print $NF'} | awk -F'["]' '{ print $2 }'`
export ISPRIVATE=`gcloud container clusters describe $CLUSTERNAME --location $LOCATION --format "value(privateClusterConfig.enablePrivateEndpoint)"`
if [[ $ISPRIVATE == "True" ]]
then
echo "GKE cluster has private endpoint, skipping this step. Consider using connect gateway!"
else
export EXISTING_AUTH_NETS=`gcloud container clusters describe $CLUSTERNAME --location $LOCATION --project $PROJECT --format "value[delimiter=','](masterAuthorizedNetworksConfig.cidrBlocks[].cidrBlock)"`
echo "$SHELL_IP/32,$EXISTING_AUTH_NETS"
gcloud container clusters update $CLUSTERNAME --location $LOCATION --project $PROJECT --enable-master-authorized-networks --master-authorized-networks "$SHELL_IP/32,$EXISTING_AUTH_NETS"
gcloud container clusters get-credentials $CLUSTERNAME --location $LOCATION --project $PROJECT
kubectl get ns
fi
else
echo " WORKLOADS_VAR_FILE variable not found, skipping this step."
fi
- id: Deploy Workloads to GKE cluster
name: gcr.io/cloudshell-images/cloudshell:latest
env:
- "WORKLOADS_VAR_FILE=${_WORKLOADS_VAR_FILE}"
script: |
#!/usr/bin/env bash
if [[ -n ${WORKLOADS_VAR_FILE} ]]
then
apt-get install google-cloud-sdk-gke-gcloud-auth-plugin -y
terraform -chdir="./workloads/" init -no-color
terraform -chdir="./workloads/" apply -auto-approve -no-color -var-file ${WORKLOADS_VAR_FILE}
else
echo " WORKLOADS_VAR_FILE variable not found, skipping this step."
fi
serviceAccount: 'projects/$PROJECT_ID/serviceAccounts/aiongke@$PROJECT_ID.iam.gserviceaccount.com'
options:
logging: CLOUD_LOGGING_ONLY
dynamicSubstitutions: true
substitutionOption: 'ALLOW_LOOSE'