Create Google Cloud Build Trigger (GCP)
- First, make sure you’ve installed and initialized the
gcloud CLI tool.
- Create a build trigger:
gcloud builds triggers create github \
--repo-name=<YOUR_GITHUB_REPO_NAME> \
--repo-owner=<YOUR_GITHUB_USERNAME> \
--branch-pattern="^master$" \
--build-config=<PATH_TO_YOUR_CLoudbuild.yaml>
Replace placeholders like <YOUR_GITHUB_REPO_NAME>, <YOUR_GITHUB_USERNAME>, and <PATH_TO_YOUR_CLOUDBUILD.yaml> with your specific values.
Create AWS CodeBuild Project
- Install and configure the
aws CLI tool.
- Create a CodeBuild project using a JSON build specification:
aws codebuild create-project \
--name <PROJECT_NAME> \
--source "type=GITHUB,location=https://github.com/<GITHUB_USERNAME>/<GITHUB_REPO>.git" \
--artifacts "type=S3,location=<S3_BUCKET_NAME>" \
--environment "type=LINUX_CONTAINER,computeType=BUILD_GENERAL1_SMALL,image=aws/codebuild/standard:5.0" \
--service-role <IAM_ROLE_ARN> \
--buildspec <PATH_TO_YOUR_buildspec.yml>
Replace placeholders like <PROJECT_NAME>, <GITHUB_USERNAME>, <GITHUB_REPO>, <S3_BUCKET_NAME>, <IAM_ROLE_ARN>, and <PATH_TO_YOUR_buildspec.yml> with your specific values.
Run these commands in your terminal to create the respective build setups.
Dockerfile for GCP (Utilizes Google Storage)
# Using base image
FROM python:3.8
# Set environment variables for GCP
ENV GOOGLE_APPLICATION_CREDENTIALS=/path/to/credentials.json
# Install gsutil
RUN apt-get update && apt-get install -y google-cloud-sdk
# Copy files and use gsutil
COPY . .
RUN gsutil cp gs://<your-gcp-bucket>/some-file /some-directory/
Dockerfile for AWS (Utilizes S3)
# Using base image
FROM python:3.8
# Set environment variables for AWS
ENV AWS_ACCESS_KEY_ID=<your-access-key>
ENV AWS_SECRET_ACCESS_KEY=<your-secret-key>
# Install AWS CLI
RUN apt-get update && apt-get install -y awscli
# Copy files and use AWS S3 commands
COPY . .
RUN aws s3 cp s3://<your-aws-bucket>/some-file /some-directory/
Helm Chart Deployment Example for GCP with GCR Image
Here’s a short Helm chart for deploying a Kubernetes Deployment that uses an image from Google Container Registry (GCR).
# gcp-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: gcp-deployment
spec:
replicas: 1
selector:
matchLabels:
app: gcp-app
template:
metadata:
labels:
app: gcp-app
spec:
containers:
- name: gcp-container
image: gcr.io/<PROJECT_ID>/<IMAGE_NAME>:<TAG>
Helm Chart Deployment Example for AWS with ECR Image
Here’s a short Helm chart for deploying a Kubernetes Deployment that uses an image from Amazon Elastic Container Registry (ECR).
# aws-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: aws-deployment
spec:
replicas: 1
selector:
matchLabels:
app: aws-app
template:
metadata:
labels:
app: aws-app
spec:
containers:
- name: aws-container
image: <ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com/<REPO_NAME>:<TAG>
Replace placeholders like <PROJECT_ID>, <IMAGE_NAME>, <TAG>, <ACCOUNT_ID>, <REGION>, and <REPO_NAME> with your specific values.
To deploy these, you’d typically run helm install or helm upgrade with these files as input.
Helm Chart for Ingress in GCP
Manual SSL
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: "your-static-ip"
kubernetes.io/ingress.class: "gce"
spec:
tls:
- secretName: ssl-cert
backend:
service:
name: my-service
port:
number: 80
Auto Managed SSL
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: managed-cert
spec:
domains:
- example.com
- dev.example.com
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: "your-static-ip"
kubernetes.io/ingress.class: "gce"
networking.gke.io/managed-certificates: managed-cert
spec:
backend:
service:
name: my-service
port:
number: 80
Helm Chart for Ingress in AWS
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
kubernetes.io/ingress.class: "alb"
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/certificate-arn: "your-aws-certificate-arn"
spec:
tls:
- hosts:
- "your.domain.com"
secretName: aws-cert
rules:
...
Helm Chart with Standard Storage in GCP
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
Code for Creating and Assigning Storage in AWS (PV and PVC)
aws ec2 create-volume \
--availability-zone us-west-2a \
--size 20 \
--volume-type gp2
# Assign the volume id to a variable
VOLUME_ID="vol-XXXXXXXXXXXXXXXXX"
apiVersion: v1
kind: PersistentVolume
metadata:
name: my-aws-pv
spec:
capacity:
storage: 20Gi
volumeID: ${VOLUME_ID}
storageClassName: gp2
accessModes:
- ReadWriteOnce
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-aws-pvc
spec:
storageClassName: gp2
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
Terraform code to assign GCP Global Load Balancer IP address to A Record
provider "google" {
credentials = file("<PATH_TO_YOUR_SERVICE_ACCOUNT_JSON>")
project = "<PROJECT_ID>"
region = "us-central1"
}
resource "google_dns_managed_zone" "my_zone" {
name = "my-zone"
dns_name = "example.com."
}
resource "google_dns_record_set" "my_a_record" {
name = "sub.example.com."
type = "A"
ttl = 300
managed_zone = google_dns_managed_zone.my_zone.name
rrdatas = [google_compute_global_address.my_global_address.address]
}
resource "google_compute_global_address" "my_global_address" {
name = "my-global-address"
}
Replace <PATH_TO_YOUR_SERVICE_ACCOUNT_JSON> with the path to your Google Cloud service account JSON file, and <PROJECT_ID> with your Google Cloud Project ID.
Terraform code to assign AWS Route53 to Load Balancer (A Record)
provider "aws" {
region = "us-west-2"
}
resource "aws_route53_zone" "my_zone" {
name = "example.com."
}
resource "aws_route53_record" "my_a_record" {
zone_id = aws_route53_zone.my_zone.zone_id
name = "sub.example.com"
type = "A"
alias {
name = aws_lb.my_lb.dns_name
zone_id = aws_lb.my_lb.zone_id
evaluate_target_health = false
}
}
resource "aws_lb" "my_lb" {
name = "my-lb"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.my_group.id]
subnets = [aws_subnet.my_subnet.id]
enable_deletion_protection = false
}
AWS Terraform Code for ALB and EKS with Subnets
provider "aws" {
region = "us-west-2"
}
# Define VPC
resource "aws_vpc" "my_vpc" {
cidr_block = "10.0.0.0/16"
}
# Create two public subnets
resource "aws_subnet" "my_subnet1" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.1.0/24"
map_public_ip_on_launch = true # Public Subnet
}
resource "aws_subnet" "my_subnet2" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.2.0/24"
map_public_ip_on_launch = true # Public Subnet
}
# ALB tied to public subnets
resource "aws_lb" "my_lb" {
name = "my-lb"
internal = false
load_balancer_type = "application"
subnets = [aws_subnet.my_subnet1.id, aws_subnet.my_subnet2.id]
enable_deletion_protection = false
}
# EKS Cluster
resource "aws_eks_cluster" "this" {
name = "my-cluster"
role_arn = aws_iam_role.eks_cluster.arn
vpc_config {
subnet_ids = [aws_subnet.my_subnet1.id, aws_subnet.my_subnet2.id]
}
}
resource "aws_iam_role" "eks_cluster" {
name = "eks-cluster"
assume_role_policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Action = "sts:AssumeRole",
Effect = "Allow",
Principal = {
Service = "eks.amazonaws.com"
}
}
]
})
}
GCP Terraform Code for Global Load Balancer and GKE with Subnets
provider "google" {
credentials = file("<PATH_TO_YOUR_SERVICE_ACCOUNT_JSON>")
project = "<PROJECT_ID>"
region = "us-central1"
}
# Create VPC
resource "google_compute_network" "my_network" {
name = "my-network"
}
# Create public subnet
resource "google_compute_subnetwork" "my_public_subnet" {
name = "my-public-subnet"
ip_cidr_range = "10.0.1.0/24"
network = google_compute_network.my_network.self_link
region = "us-central1" # Public Subnet
}
# Create Global HTTP Load Balancer components
resource "google_compute_global_forwarding_rule" "global_forwarding_rule" {
name = "my-global-lb-forwarding-rule"
target = google_compute_target_http_proxy.default.self_link
port_range = "80"
ip_address = google_compute_global_address.default.address
}
resource "google_compute_global_address" "default" {
name = "my-global-ip"
}
resource "google_compute_target_http_proxy" "default" {
name = "my-http-proxy"
url_map = google_compute_url_map.default.self_link
}
resource "google_compute_url_map" "default" {
name = "my-url-map"
default_service = google_compute_backend_service.default.self_link
}
resource "google_compute_backend_service" "default" {
name = "my-backend-service"
port_name = "http"
protocol = "HTTP"
timeout_sec = 10
backend {
group = google_compute_instance_group_manager.default.instance_group
}
}
resource "google_compute_instance_group_manager" "default" {
name = "my-instance-group"
base_instance_name = "my-instance"
instance_template = google_compute_instance_template.default.self_link
zone = "us-central1-a"
}
resource "google_compute_instance_template" "default" {
name_prefix = "my-instance-template-"
machine_type = "g1-small"
tags = ["http-server"]
network_interface {
network = google_compute_network.my_network.name
}
}
# GKE Cluster
resource "google_container_cluster" "primary" {
name = "my-gke-cluster"
location = "us-central1"
network = google_compute_network.my_network.name
subnetwork = google_compute_subnetwork.my_public_subnet.name # Public Subnet
initial_node_count = 3
}
Public and Private Subnets in Load Balancers
- AWS: You can associate both public and private subnets with an ALB. However, the ALB itself is either internal or internet-facing, not both. You would typically use an internet-facing ALB with public subnets and an internal ALB with private subnets.
- GCP: Google Cloud Load Balancers operate differently than AWS ALBs. The Global Load Balancer doesn’t directly associate with subnets; rather, it directs traffic to instance groups, which can be in different regions and subnets. You can have backend services in both public and private subnets.
