kawabatas技術ブログ

試してみたことを書いていきます

HashiCorp Waypoint で GKE へデプロイしてみた

先日、Announcing HashiCorp Waypoint が発表され、早速 GKE へデプロイするチュートリアルをやってみた。

learn.hashicorp.com

Install Waypoint on Local

Homebrew でインストールできる。

$ brew tap hashicorp/tap

$ brew install hashicorp/tap/waypoint
$ waypoint
Welcome to Waypoint
Docs: https://waypointproject.io
Version: v0.1.2

Usage: waypoint [-version] [-help] [-autocomplete-(un)install] <command> [args]

Common commands
  build        Build a new versioned artifact from source
  deploy       Deploy a pushed artifact
  release      Release a deployment
  up           Perform the build, deploy, and release steps for the app

Other commands
  artifact        Artifact and build management
  config          Application configuration management
  context         Server access configurations
  deployment      Deployment creation and management
  destroy         Delete all the resources created for an app
  docs            Show documentation for components
  exec            Execute a command in the context of a running application instance
  hostname        Application URLs
  init            Initialize and validate a project
  install         Install the Waypoint server to Kubernetes, Nomad, or Docker
  logs            Show log output from the current application deployment
  runner          Runner management
  server          Server management
  token           Authenticate and invite collaborators
  ui              Open the web UI
  version         Prints the version of this Waypoint CLI

準備

GKEクラスタ作成

export PROJECT=
export REGION=
export ZONE=
export CLUSTER=

gcloud container clusters create ${CLUSTER} \
  --zone ${ZONE} \
  --scopes "https://www.googleapis.com/auth/cloud-platform" \
  --num-nodes 2 \
  --addons HorizontalPodAutoscaling,HttpLoadBalancing \
  --preemptible \
  --enable-ip-alias \
  --project ${PROJECT}

gcloud container clusters get-credentials ${CLUSTER} --zone ${ZONE} --project ${PROJECT}

サンプルアプリケーションをクローン

$ git clone https://github.com/hashicorp/waypoint-examples.git

$ cd waypoint-examples/kubernetes/nodejs

Install Waypoint server on k8s

Waypoint は CLI や web UI の client と、データの保存や build/deploy の計画を管理する server を必要とするらしい。

今回 CLImac で、server は k8s 上に StatefulSet として作成していた。

$ waypoint install --platform=kubernetes -accept-tos
service/waypoint created
statefulset.apps/waypoint-server created
Waypoint server successfully installed and configured!

The CLI has been configured to connect to the server automatically. This
connection information is saved in the CLI context named "install-1603068782".
Use the "waypoint context" CLI to manage CLI contexts.

The server has been configured to advertise the following address for
entrypoint communications. This must be a reachable address for all your
deployments. If this is incorrect, manually set it using the CLI command
"waypoint server config-set".

Advertise Address: 104.198.117.244:9701
HTTP UI Address: https://104.198.117.244:9702

waypoint install で作成でき、web UI のアドレスも書き出された。

ドキュメント通り、GKE コンソールから waypoint-server StatefulSet を確認できた。

Initialize Waypoint

waypoint.hcl を GKE 用に少し変更する。

project = "example-nodejs"

app "example-nodejs" {
  labels = {
    "service" = "example-nodejs",
    "env"     = "dev"
  }

  build {
    use "pack" {}
    registry {
      use "docker" {
        image = "gcr.io/<PROJECT-NAME-HERE>/example-nodejs"
        tag   = "1.0.0"
      }
    }
  }

  deploy {
    use "kubernetes" {
      probe_path = "/"
    }
  }

  release {
    use "kubernetes" {
      load_balancer = true
      port          = 80
    }
  }
}
$ waypoint init
✓ Configuration file appears valid
✓ Connection to Waypoint server was successful
✓ Project "example-nodejs" and all apps are registered with the server.
✓ Plugins loaded and configured successfully
✓ Authentication requirements appear satisfied.

Project initialized!

You may now call 'waypoint up' to deploy your project or
commands such as 'waypoint build' to perform steps individually.

Build, deploy and release application

$ waypoint up

» Building...
Creating new buildpack-based image using builder: heroku/buildpacks:18
✓ Creating pack client
✓ Building image
 │ [exporter] Adding 1/1 app layer(s)
 │ [exporter] Adding layer 'launcher'
 │ [exporter] Adding layer 'config'
 │ [exporter] Adding label 'io.buildpacks.lifecycle.metadata'
 │ [exporter] Adding label 'io.buildpacks.build.metadata'
 │ [exporter] Adding label 'io.buildpacks.project.metadata'
 │ [exporter] *** Images (a1fc99d29294):
 │ [exporter]       index.docker.io/library/example-nodejs:latest
 │ [exporter] Adding cache layer 'heroku/nodejs-engine:nodejs'
 │ [exporter] Adding cache layer 'heroku/nodejs-engine:toolbox'
✓ Injecting entrypoint binary to image
✓ Tagging Docker image: example-nodejs:latest => asia.gcr.io/<PROJECT-NAME-HERE>/example-nodejs:1.0.0
❌ Pushing Docker image...
 │ The push refers to repository [asia.gcr.io/<PROJECT-NAME-HERE>/example-nodejs]
 │ 34016b9eaf1f: Preparing
 │ 2b6a1fb6e02c: Preparing
 │ 7cffc3c153c7: Preparing
 │ 294cd170ac9e: Preparing
 │ c6380445f8e9: Preparing
 │ 288bed318c52: Waiting
 │ 8db95a325086: Waiting
 │ 8dff7465e43d: Waiting
 │ 17cb30386b24: Waiting
 │ 7a694df0ad6c: Waiting
 │ 3fd9df553184: Waiting
 │ 805802706667: Waiting
 │
! unable to stream Docker logs to terminal: unauthorized: You don't have the
  needed permissions to perform this operation, and you may have invalid
  credentials. To authenticate your request, follow the steps in:
  https://cloud.google.com/container-registry/docs/advanced-authentication

1回目失敗した。ちょっとよくわかっていないが、GCR で必要な認証が足りてなかったようで、下記コマンドを叩く。

$ gcloud auth configure-docker
$ waypoint up

» Building...
Creating new buildpack-based image using builder: heroku/buildpacks:18
✓ Creating pack client
✓ Building image
 │ [exporter] Reusing 1/1 app layer(s)
 │ [exporter] Reusing layer 'launcher'
 │ [exporter] Reusing layer 'config'
 │ [exporter] Adding label 'io.buildpacks.lifecycle.metadata'
 │ [exporter] Adding label 'io.buildpacks.build.metadata'
 │ [exporter] Adding label 'io.buildpacks.project.metadata'
 │ [exporter] *** Images (a1fc99d29294):
 │ [exporter]       index.docker.io/library/example-nodejs:latest
 │ [exporter] Reusing cache layer 'heroku/nodejs-engine:nodejs'
 │ [exporter] Reusing cache layer 'heroku/nodejs-engine:toolbox'
✓ Injecting entrypoint binary to image

Generated new Docker image: example-nodejs:latest
✓ Tagging Docker image: example-nodejs:latest => asia.gcr.io/<PROJECT-NAME-HERE>/example-nodejs:1.0.0
✓ Pushing Docker image...
 │ c6380445f8e9: Pushed
 │ 288bed318c52: Pushed
 │ 8db95a325086: Pushed
 │ 8dff7465e43d: Pushed
 │ 17cb30386b24: Pushed
 │ 7a694df0ad6c: Layer already exists
 │ 3fd9df553184: Layer already exists
 │ 805802706667: Layer already exists
 │ 1.0.0: digest: sha256:53f44e55daeb5b00fc107651a6ed77ab6bd879d9a28d3a8890cdca5117
 │ 29e642 size: 2830
⠹ Docker image pushed: asia.gcr.io/<PROJECT-NAME-HERE>/example-nodejs:1.0.0

» Deploying...
✓ Kubernetes client connected to https://34.85.17.183 with namespace default
✓ Creating deployment...
✓ Deployment successfully rolled out!

» Releasing...
✓ Kubernetes client connected to https://34.85.17.183 with namespace default
✓ Creating service...
⠙ Service is ready!

The deploy was successful! A Waypoint deployment URL is shown below. This
can be used internally to check your deployment and is not meant for external
traffic. You can manage this hostname using "waypoint hostname."

   Release URL: http://35.194.113.175
Deployment URL: https://merely-welcomed-manatee--v1.waypoint.run

成功。

http://35.194.113.175 へアクセスすると無事に表示された。

少し変更を加え、2回目 waypoint up をすると、

   Release URL: http://35.194.113.175
Deployment URL: https://merely-welcomed-manatee--v2.waypoint.run

となり、Deployment URL は waypoint deploy ごとに作成されていた。

終わりに

今回はただチュートリアルをやっただけだが、良さそうだなと感じた。ドキュメントもかなり充実していた。

CI/CD で実行することはもちろん考慮されている。

Integrating Waypoint with GitHub Actions | Waypoint by HashiCorp

しかし、Waypoint server が動いていて、そこに CI/CD 上で waypoint CLI を叩く形だと思っている。

Waypoint server をどう立てるべきだろう。。k8s クラスタを運用していたらそこに立てればいいので悩まないかもだけど。。

Terraform Cloud みたいに、Waypoint Cloud みたいなのも出てくるのかな。

参考

そもそも Waypoint がどういったものなのかは、こちらが参考になった。

deeeet.com

確かに、AppEngine、k8s、CloudRun、他のクラウドサービス... それぞれ専用の CLI や設定ファイルが必要で、久しぶりにデプロイする時にはドキュメントを確認しに行っている気がする。

各インフラを waypoint up waypoint build waypoint deploy waypoint release... と同じ操作が可能になるのはありがたい。

Terraform でサービスリソースの作成、Waypoint でビルド・デプロイ・リリースのワークフロー。

クラウド時代のインフラエンジニアの主なツールとして HashiCorp からは目が離せない。