HashiCorp Waypoint で GKE へデプロイしてみた
先日、Announcing HashiCorp Waypoint が発表され、早速 GKE へデプロイするチュートリアルをやってみた。
Install Waypoint on Local
Homebrew でインストールできる。
$ brew tap hashicorp/tap $ brew install hashicorp/tap/waypoint
$ waypoint Welcome to Waypoint Docs: https://waypointproject.io Version: v0.1.2 Usage: waypoint [-version] [-help] [-autocomplete-(un)install] <command> [args] Common commands build Build a new versioned artifact from source deploy Deploy a pushed artifact release Release a deployment up Perform the build, deploy, and release steps for the app Other commands artifact Artifact and build management config Application configuration management context Server access configurations deployment Deployment creation and management destroy Delete all the resources created for an app docs Show documentation for components exec Execute a command in the context of a running application instance hostname Application URLs init Initialize and validate a project install Install the Waypoint server to Kubernetes, Nomad, or Docker logs Show log output from the current application deployment runner Runner management server Server management token Authenticate and invite collaborators ui Open the web UI version Prints the version of this Waypoint CLI
準備
GKEクラスタ作成
export PROJECT= export REGION= export ZONE= export CLUSTER= gcloud container clusters create ${CLUSTER} \ --zone ${ZONE} \ --scopes "https://www.googleapis.com/auth/cloud-platform" \ --num-nodes 2 \ --addons HorizontalPodAutoscaling,HttpLoadBalancing \ --preemptible \ --enable-ip-alias \ --project ${PROJECT} gcloud container clusters get-credentials ${CLUSTER} --zone ${ZONE} --project ${PROJECT}
サンプルアプリケーションをクローン
$ git clone https://github.com/hashicorp/waypoint-examples.git $ cd waypoint-examples/kubernetes/nodejs
Install Waypoint server on k8s
Waypoint は CLI や web UI の client と、データの保存や build/deploy の計画を管理する server を必要とするらしい。
今回 CLI は mac で、server は k8s 上に StatefulSet として作成していた。
$ waypoint install --platform=kubernetes -accept-tos service/waypoint created statefulset.apps/waypoint-server created Waypoint server successfully installed and configured! The CLI has been configured to connect to the server automatically. This connection information is saved in the CLI context named "install-1603068782". Use the "waypoint context" CLI to manage CLI contexts. The server has been configured to advertise the following address for entrypoint communications. This must be a reachable address for all your deployments. If this is incorrect, manually set it using the CLI command "waypoint server config-set". Advertise Address: 104.198.117.244:9701 HTTP UI Address: https://104.198.117.244:9702
waypoint install
で作成でき、web UI のアドレスも書き出された。
ドキュメント通り、GKE コンソールから waypoint-server
StatefulSet を確認できた。
Initialize Waypoint
waypoint.hcl
を GKE 用に少し変更する。
project = "example-nodejs" app "example-nodejs" { labels = { "service" = "example-nodejs", "env" = "dev" } build { use "pack" {} registry { use "docker" { image = "gcr.io/<PROJECT-NAME-HERE>/example-nodejs" tag = "1.0.0" } } } deploy { use "kubernetes" { probe_path = "/" } } release { use "kubernetes" { load_balancer = true port = 80 } } }
$ waypoint init ✓ Configuration file appears valid ✓ Connection to Waypoint server was successful ✓ Project "example-nodejs" and all apps are registered with the server. ✓ Plugins loaded and configured successfully ✓ Authentication requirements appear satisfied. Project initialized! You may now call 'waypoint up' to deploy your project or commands such as 'waypoint build' to perform steps individually.
Build, deploy and release application
$ waypoint up » Building... Creating new buildpack-based image using builder: heroku/buildpacks:18 ✓ Creating pack client ✓ Building image │ [exporter] Adding 1/1 app layer(s) │ [exporter] Adding layer 'launcher' │ [exporter] Adding layer 'config' │ [exporter] Adding label 'io.buildpacks.lifecycle.metadata' │ [exporter] Adding label 'io.buildpacks.build.metadata' │ [exporter] Adding label 'io.buildpacks.project.metadata' │ [exporter] *** Images (a1fc99d29294): │ [exporter] index.docker.io/library/example-nodejs:latest │ [exporter] Adding cache layer 'heroku/nodejs-engine:nodejs' │ [exporter] Adding cache layer 'heroku/nodejs-engine:toolbox' ✓ Injecting entrypoint binary to image ✓ Tagging Docker image: example-nodejs:latest => asia.gcr.io/<PROJECT-NAME-HERE>/example-nodejs:1.0.0 ❌ Pushing Docker image... │ The push refers to repository [asia.gcr.io/<PROJECT-NAME-HERE>/example-nodejs] │ 34016b9eaf1f: Preparing │ 2b6a1fb6e02c: Preparing │ 7cffc3c153c7: Preparing │ 294cd170ac9e: Preparing │ c6380445f8e9: Preparing │ 288bed318c52: Waiting │ 8db95a325086: Waiting │ 8dff7465e43d: Waiting │ 17cb30386b24: Waiting │ 7a694df0ad6c: Waiting │ 3fd9df553184: Waiting │ 805802706667: Waiting │ ! unable to stream Docker logs to terminal: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
1回目失敗した。ちょっとよくわかっていないが、GCR で必要な認証が足りてなかったようで、下記コマンドを叩く。
$ gcloud auth configure-docker
$ waypoint up » Building... Creating new buildpack-based image using builder: heroku/buildpacks:18 ✓ Creating pack client ✓ Building image │ [exporter] Reusing 1/1 app layer(s) │ [exporter] Reusing layer 'launcher' │ [exporter] Reusing layer 'config' │ [exporter] Adding label 'io.buildpacks.lifecycle.metadata' │ [exporter] Adding label 'io.buildpacks.build.metadata' │ [exporter] Adding label 'io.buildpacks.project.metadata' │ [exporter] *** Images (a1fc99d29294): │ [exporter] index.docker.io/library/example-nodejs:latest │ [exporter] Reusing cache layer 'heroku/nodejs-engine:nodejs' │ [exporter] Reusing cache layer 'heroku/nodejs-engine:toolbox' ✓ Injecting entrypoint binary to image Generated new Docker image: example-nodejs:latest ✓ Tagging Docker image: example-nodejs:latest => asia.gcr.io/<PROJECT-NAME-HERE>/example-nodejs:1.0.0 ✓ Pushing Docker image... │ c6380445f8e9: Pushed │ 288bed318c52: Pushed │ 8db95a325086: Pushed │ 8dff7465e43d: Pushed │ 17cb30386b24: Pushed │ 7a694df0ad6c: Layer already exists │ 3fd9df553184: Layer already exists │ 805802706667: Layer already exists │ 1.0.0: digest: sha256:53f44e55daeb5b00fc107651a6ed77ab6bd879d9a28d3a8890cdca5117 │ 29e642 size: 2830 ⠹ Docker image pushed: asia.gcr.io/<PROJECT-NAME-HERE>/example-nodejs:1.0.0 » Deploying... ✓ Kubernetes client connected to https://34.85.17.183 with namespace default ✓ Creating deployment... ✓ Deployment successfully rolled out! » Releasing... ✓ Kubernetes client connected to https://34.85.17.183 with namespace default ✓ Creating service... ⠙ Service is ready! The deploy was successful! A Waypoint deployment URL is shown below. This can be used internally to check your deployment and is not meant for external traffic. You can manage this hostname using "waypoint hostname." Release URL: http://35.194.113.175 Deployment URL: https://merely-welcomed-manatee--v1.waypoint.run
成功。
http://35.194.113.175
へアクセスすると無事に表示された。
少し変更を加え、2回目 waypoint up
をすると、
Release URL: http://35.194.113.175 Deployment URL: https://merely-welcomed-manatee--v2.waypoint.run
となり、Deployment URL は waypoint deploy ごとに作成されていた。
終わりに
今回はただチュートリアルをやっただけだが、良さそうだなと感じた。ドキュメントもかなり充実していた。
CI/CD で実行することはもちろん考慮されている。
Integrating Waypoint with GitHub Actions | Waypoint by HashiCorp
しかし、Waypoint server が動いていて、そこに CI/CD 上で waypoint CLI を叩く形だと思っている。
Waypoint server をどう立てるべきだろう。。k8s クラスタを運用していたらそこに立てればいいので悩まないかもだけど。。
Terraform Cloud みたいに、Waypoint Cloud みたいなのも出てくるのかな。
参考
そもそも Waypoint がどういったものなのかは、こちらが参考になった。
確かに、AppEngine、k8s、CloudRun、他のクラウドサービス... それぞれ専用の CLI や設定ファイルが必要で、久しぶりにデプロイする時にはドキュメントを確認しに行っている気がする。
各インフラを waypoint up
waypoint build
waypoint deploy
waypoint release
... と同じ操作が可能になるのはありがたい。
Terraform でサービスリソースの作成、Waypoint でビルド・デプロイ・リリースのワークフロー。
クラウド時代のインフラエンジニアの主なツールとして HashiCorp からは目が離せない。