Hi Nicolas, I think this a great way to provide automation on the deployment of containers.
I followed your steps above to make the first portion of this process work, that is, to build and push a container image to GCR using Jenkins. Now I'm stuck at the very last part, that is, spinning up the container on a cluster/pod (or even doing a rolling update to an existing pod). You mention on your post you would automate this using the gcloud-sdk-plugin. Have you made progress on the implementation? Do you have any step-by-step instructions to share? Thanks!! On Thursday, July 9, 2015 at 3:53:36 AM UTC-7, nicolas de loof wrote: > > Hi guys, > I'm posting this here not as a question but as a "*request for feedback*" > on my current experiments with Docker and Google infrastructure. If there's > any use-case I'm missing, user experience suggestion, etc I'd be happy to > ear from you so I can improve the underlying plugins / documentation. > > > I'm currently experimenting with Google Container Engine > <https://cloud.google.com/container-engine/> (GKE) infrastructure to host > Docker containers. My initial attempts did rely on DockerHub to host my > Docker images, but I also wanted to check how to use a private Docker > registry. > > Google do offer Google Container Registry > <https://cloud.google.com/tools/container-registry/> (GCR) to expose a > Google Cloud Storage bucket as a docker registry. Significant benefit for > my use-case is this registry is hosted by Google so will benefit their > high-speed network when provisioning new containers, better than pulling > over the Internet from DockerHub. > > To test this scenario, I've installed "CloudBees Docker Build and Publish > <https://wiki.jenkins-ci.org/display/JENKINS/CloudBees+Docker+Build+and+Publish+plugin>" > > and "Google Container Registry Auth > <https://wiki.jenkins-ci.org/display/JENKINS/Google+Container+Registry+Auth+Plugin>" > > plugins (tip: search the update center for "registry" to find them). Those > two plugin do rely on docker-commons plugin API for registry authentication > > [image: Images intégrées 1] > > Google infrastructure uses OAuth for authentication, so you have to create > a client "robot" key for non-interactive interaction with Google > Infrastructure. > Browse to Google Cloud Console > API > Credentials and generate a new > Client ID and JSON key. > > [image: Images intégrées 2]. > Upload this key file as a "Google Service Account from Private Key " in > your jenkins credentials store. It will then be exposed as a valid Docker > registry credential to the *Docker Build and Publish* build step > > The build job do checkout my Dockerfile from github and build a Docker > image from it, then publish to GCR - please note the Docker image > repository name must start with your Google project name > > [image: Images intégrées 3] > *Note :* if you're using Docker 1.7 and already have logged in a docker > registry (DockerHub for sample, after running `docker login`) then your > docker installation is using new .docker/config.json config file to store > credentials, which confuses docker-commons - this will result in a 403 > error pushing to GCR. This issue has been fixed in docker-commons 1.1 I > just released, will be available in update center soon. As a workaround, > you can (backup and) delete $HOME/.docker > > > That's it > now I can run this container as a Kubernetes pod (which I plan to automate > using the incoming gcloud-sdk-plugin > <https://github.com/jenkinsci/gcloud-sdk-plugin>) who get provisioned > within seconds > > ➜ ~ kubectl run jenkins-jnlp-slave --image= > gcr.io/nicolas-deloof/jenkins-jnlp-slave > CONTROLLER CONTAINER(S) IMAGE(S) > SELECTOR REPLICAS > jenkins-jnlp-slave jenkins-jnlp-slave > gcr.io/nicolas-deloof/jenkins-jnlp-slave run=jenkins-jnlp-slave 1 > > WDYT ? > > > > > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/23fa127c-168e-4994-8ddb-ab1f9c35df41%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
