Deploying to GKE

This page explains how to deploy an application to Kubernetes using Cloud Build.

Cloud Build provides a gke-deploy builder that enables you to deploy a containerized application to a GKE cluster.

gke-deploy is a wrapper around kubectl, the command-line interface for Kubernetes. It applies Google's recommended practices for deploying applications to Kubernetes by:

Updating the application's Kubernetes resource file to use the container image's digest instead of a tag.
Adding recommended labels to the Kubernetes resource file.
Retrieving credentials for the GKE clusters to which you're deploying the image.
Waiting for the Kubernetes resource file that was submitted to be ready.

If you want to deploy your applications using kubectl directly and do not need additional functionality, Cloud Build also provides a kubectl builder that you can use to deploy your application to a GKE cluster.

Before you begin

Create a GKE cluster, if you do not have one yet.
Have your containerized application in the form of source code and a Dockerfile ready. Your source code needs to be stored in a repository, such as Cloud Source Repositories, GitHub, or Bitbucket.
You'll need at least one Kubernetes resource file describing the Kubernetes resources used to run your application. If you do not have Kubernetes resource files, use the following steps to generate one for your application:
1. Open the Kubernetes Engine clusters page in the Google Cloud console.
2. On the Kubernetes Engine clusters page, click Deploy.
3. Select your container and click Continue. You will see the Configuration section.
4. Under Configuration YAML, click View YAML to get a sample Kubernetes resource file.
Note: If you already have another form of templated Kubernetes resource file such as a Helm chart or a resource in Kustomize format, see the helm builder or kustomize builder for examples of build configurations you can use for deployment.

Required IAM permissions

Add the Google Kubernetes Engine Developer role to your account:

Open the Cloud Build Settings page:

Open the Cloud Build Settings page

You'll see the Service account permissions page:
Set the status of the Kubernetes Engine Developer role to Enabled.

Deploying a pre-built container image

To deploy a particular version of your application with gke-deploy:

Make sure your Kubernetes resource file is referring to the correct container image tag or digest.
Add the gke-deploy step in your build configuration file:
YAML
```
steps:
...
# deploy container image to GKE
- name: "gcr.io/cloud-builders/gke-deploy"
  args:
  - run
  - --filename=kubernetes-resource-file
  - --location=location
  - --cluster=cluster
```
JSON
```
{
  "steps": [
    {
      "name": "gcr.io/cloud-builders/gke-deploy",
      "args": [
        "run",
        "--filename=kubernetes-resource-file",
        "--location=location",
        "--cluster=cluster"
      ]
    }
  ]
}
```
Where:
- kubernetes-resource-file is the file path of your Kubernetes resource file or the directory path containing your Kubernetes resource files.
- cluster is the name of the GKE cluster that the application will be deployed to.
- location is the region/zone of the cluster.
For more information on available flags, see gke-deploy run flags.

Note: When deploying to multiple GKE clusters, Cloud Build persists the home directory across build steps, which means that the kubectl context of the previous step to be used by subsequent steps by default. To avoid this, add an environment variable declaration, KUBECONFIG=/tmp/kubeconfig, to each step of your build config file.
Start your build:
```
gcloud builds submit --region=REGION --project=project-id --config build-config
```
Where:
- project-id is the ID for your project.
- build-config is the name of your build configuration file.
- REGION is one of the supported build regions.

Building and deploying a new container image

To build a new container image and deploy the new container image:

Update your Kubernetes resource file with the new container image using the --image attribute:

YAML

steps:
  # build the container image
- name: "gcr.io/cloud-builders/docker"
  args: ["build", "-t", "gcr.io/project-id/image:tag", "."]
  # push container image
- name: "gcr.io/cloud-builders/docker"
  args: ["push", "gcr.io/project-id/image:tag"]
  # deploy container image to GKE
- name: "gcr.io/cloud-builders/gke-deploy"
  args:
  - run
  - --filename=kubernetes-resource-file
  - --image=gcr.io/project-id/image:tag
  - --location=location
  - --cluster=cluster

JSON

{
  "steps": [
    {
      "name": "gcr.io/cloud-builders/docker",
      "args": [
        "build",
        "-t",
        "gcr.io/project-id/image:tag",
        "."
      ]
    },
    {
      "name": "gcr.io/cloud-builders/docker",
      "args": [
        "push",
        "gcr.io/project-id/image:tag"
      ]
    },
    {
      "name": "gcr.io/cloud-builders/gke-deploy",
      "args": [
        "run",
        "--filename=kubernetes-resource-file",
        "--image=gcr.io/project-id/image:tag",
        "--location=location",
        "--cluster=cluster"
      ]
    }
  ]
}

Where:

project-id is the ID for your project.
image is the desired name of the container image, usually the application name.
tag is the tag of the container image.
- If you are building a new container image with each commit, a good practice is to use the commit short SHA as a tag. Cloud Build makes this available as a default substitution, $SHORT_SHA.
kubernetes-resource-file is the file path of your Kubernetes resource file or the directory path containing your Kubernetes resource files.
cluster is the name of the GKE cluster that the application will be deployed to.
location is the region/zone of the cluster will be deployed to.

Start your build:
```
gcloud builds submit --region=REGION --project=project-id --config build-config
```
Where:
- project-id is the ID for your project.
- build-config is the name of your build configuration file.
- REGION is one of the supported build regions.

Automating deployments

You can automate the deployment of your application to GKE by creating a trigger in Cloud Build. You can configure triggers to build and deploy images whenever you push changes to your code.

To create a build trigger:

Open the Triggers page in the Google Cloud console:

Open the Triggers page
Select your project from the project selector drop-down menu at the top of the page.
Click Open.
Click Create trigger.

On the Create trigger page, enter the following settings:
1. Enter a name for your trigger.
2. Select the repository event to start your trigger.
3. Select the repository that contains your source code and build config file.
4. Specify the regex for the branch or tag name that will start your trigger.ee
5. Choose a Configuration for your trigger.
  
  If you choose a Cloud Build configuration file, you can specify Substitution variables by providing a variable name and the value you want to associate with that variable. In the example below, the user-defined substitution variable _CLOUDSDK_CONTAINER_CLUSTER specifies the cluster to deploy to, and the user-defined substitution variable _CLOUDSDK_COMPUTE_ZONE specifies its location. If you want to deploy to a different cluster, you can use the same build configuration and only need to change the values of the substitution variables:
  YAML
```
steps:
...
# deploy container image to GKE
- name: "gcr.io/cloud-builders/gke-deploy"
  args:
  - run
  - --filename=kubernetes-resource-file
  - --image=gcr.io/project-id/image:tag
  - --location=${_CLOUDSDK_COMPUTE_ZONE}
  - --cluster=${_CLOUDSDK_CONTAINER_CLUSTER}
```
  JSON
```
{
  "steps": [
    {
      "name": "gcr.io/cloud-builders/gke-deploy",
      "args": [
        "run",
        "--filename=kubernetes-resource-file",
        "--image=gcr.io/project-id/image:tag",
        "--location=${_CLOUDSDK_COMPUTE_ZONE}",
        "--cluster=${_CLOUDSDK_CONTAINER_CLUSTER}"
      ]
    }
  ]
}
```
  Where:
  - kubernetes-resource-file is the file path of your Kubernetes configuration file or the directory path containing your Kubernetes resource files.
  - project-id is the ID for your project.
  - image is the desired name of the container image, usually the application name.
  - tag is the tag of the container image.
  To learn more about how to define substitutions for build configuration files, see Using user-defined substitutions.
Click Create to save your build trigger.

When you push code to your repository, Cloud Build will automatically trigger a build. To learn more about build triggers, see Creating and managing build triggers.

What's next

Learn how to configure automated deployments for your workloads on GKE.
Learn how to create a GitOps-style CI/CD pipeline deploying to GKE with Cloud Build.
Learn about additional gke-deploy options.
Learn how to perform blue/green deployments on Compute Engine.
Learn about additional Cloud builders.
Learn how to troubleshoot build errors.