DevOps & SRE

Introducing Cloud Build private pools: Secure CI/CD for private networks

#devops

A recent survey found that developers spend 39% of their time managing the DevOps infrastructure that powers their continuous integration (CI) and continuous delivery (CD) pipelines. Unreliable availability, manual provisioning, limited scaling, breaking upgrades, long queue times, and high fixed costs all slow down development and take valuable time and focus away from DevOps teams. And while cloud-based CI/CD solutions can solve many of these friction points, they largely only work with cloud-hosted resources. 

That’s why we’re excited to announce that starting today, you can take advantage of serverless build environments within your own private network, with new Cloud Build private pools. Launched in 2018, Cloud Build has helped thousands of customers modernize their CI/CD workloads to run on fully managed, secure, pay-as-you-go ‘workers’ with no infrastructure to manage. 

Cloud Build offers on-demand auto-scaling capabilities, active build minute billing, all with no infrastructure to manage. The new private pools feature augments Cloud Build with secure, fully managed CI/CD and DevOps workflow automation that uses network peering to connect into your private networks. Private pools also unlocks a host of new customization options such as new machine types, higher maximum concurrency, regional builds, and network configuration options.

With Cloud Build private pools, you get the benefits of a cloud-hosted, fully managed CI/CD product while meeting enterprise security and compliance requirements—even for highly regulated industries like finance, healthcare, retail, and others. For instance, you can trigger fully managed DevOps workflows from source-code repositories hosted in private networks, including Github Enterprise.

With private pools, Cloud Build now supports:

  • VPC Peering

  • VPC-SC

  • Static IP ranges

  • No public IPs

  • Org policy enforcement

  • Cross-project builds

  • Build from private source repositories with first class integrations, including Github Enterprise

  • Regionalization in 15 regions across the US, EU, Asia, Australia, and South America

  • Hundreds of concurrent builds per pool

  • 15 machine types

And while designed primarily for private networking use cases, private pools work just as well with resources in Google Cloud, if you’re interested in trying out new features like higher concurrency or additional machine types.

Same Cloud Build, new build environment

Private pools introduces a new build environment for executing your builds with Cloud Build while maintaining a consistent product and API experience. All the same great features of Cloud Build are available with private pools, including fully managed workers, pay-as-you-go pricing, Cloud Console UI, source repo integrations, IAM permissions, Secret Manager and Pub/Sub integrations, and native support for Google Cloud runtimes like Google Kubernetes Engine (GKE), Cloud Run, Cloud Functions, App Engine, and Firebase.

Running builds on a private pool is as easy as creating the pool and setting it as your build environment in your cloudbuild.yaml config file. Private networking is optionally configured via Service Networking by peering your private pool to your customer-managed VPC and supports both peered and shared VPCs.

Running your first build is easy:

  # Create your pool
> gcloud builds worker-pools create my-pool --config-from-file workerpool-config.yaml

# Add the pool to your build config
> cat cloudbuild.yaml
options:
  pool:
    name: 'projects/$WORKERPOOL_PROJECT_ID/locations/$REGION/workerPools/my-pool'

# Submit your build
> gcloud builds submit --config=cloudbuild.yaml

We’re excited to share private pools with you, so you can enjoy the secure, fully managed Cloud Build developer automation platform from your private network. The private pools feature is generally available today, and we look forward to introducing per-trigger service accounts and approval gates soon. To get started, try the quickstart or read the overview documentation for more details.

Want to learn more about Cloud Build, and how to use it to improve the security of your software supply chain? On July 29 event Building trust in your software supply chain explores this topic in depth. Click here to register for the live event or to watch it on demand.