按照「連線至執行個體」一文中的操作說明,連線至執行個體並存取 Linux 指令列。您可以透過遠端桌面連線至閘道,或在 Linux 電腦上執行 sshuttle。
設定下列指令會用到的環境變數:
exportTENANT_PROJECT=TENANT_PROJECT# Intended deployment project for the container workflow.exportHARBOR_INSTANCE_NAME=HARBOR_INSTANCE_NAME# Harbor Container Registry instance name.exportHARBOR_PROJECT=HARBOR_PROJECT# Container registry project name for your images.exportAO_USER=AO_USER# Your user name in the instance, e.g.: fop-my-user@example.com.exportINSTANCE_URL=${HARBOR_INSTANCE_NAME}-${TENANT_PROJECT}.org-1.zone1.google.gdch.test.
exportDOCKER_CONFIG_PATH=DOCKER_CONFIG_PATH# Path to docker config file e.g.: /root/.docker/config.json.
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-04 (世界標準時間)。"],[],[],null,["# Deploy container workloads\n\nThis page describes the process of uploading a container image to Harbor,\nand deploying that image in your GDC Sandbox instance.\n\nPreparation\n-----------\n\n1. Follow the instructions in [Connect to your instance](/distributed-cloud/sandbox/latest/connect)\n to connect to your instance with Linux command line access. You can\n connect to your gateway over Remote Desktop, or run `sshuttle`\n on your Linux machine.\n\n2. Set environment variables that will be used in the following instructions:\n\n export TENANT_PROJECT=\u003cvar translate=\"no\"\u003eTENANT_PROJECT\u003c/var\u003e # Intended deployment project for the container workflow.\n export HARBOR_INSTANCE_NAME=\u003cvar translate=\"no\"\u003eHARBOR_INSTANCE_NAME\u003c/var\u003e # Harbor Container Registry instance name.\n export HARBOR_PROJECT=\u003cvar translate=\"no\"\u003eHARBOR_PROJECT\u003c/var\u003e # Container registry project name for your images.\n export AO_USER=\u003cvar translate=\"no\"\u003eAO_USER\u003c/var\u003e # Your user name in the instance, e.g.: fop-my-user@example.com.\n export INSTANCE_URL=${HARBOR_INSTANCE_NAME}-${TENANT_PROJECT}.org-1.zone1.google.gdch.test.\n export DOCKER_CONFIG_PATH=\u003cvar translate=\"no\"\u003eDOCKER_CONFIG_PATH\u003c/var\u003e # Path to docker config file e.g.: /root/.docker/config.json.\n\n3. To create a Harbor registry instance, follow\n [Create a Harbor registry instance](/distributed-cloud/hosted/docs/latest/gdch/platform-application/pa-ao-operations/create-harbor-instances#create-a-harbor-registry-instance),\n or you can use the pre-created Sandbox Harbor instance: the default `user-project` in GDC Sandbox comes with an already deployed Harbor Instance, `user-haas-instance`, which can be used for development.\n\n export HARBOR_INSTANCE_NAME=user-haas-instance\n export TENANT_PROJECT=user-project\n export INSTANCE_URL=${HARBOR_INSTANCE_NAME}-${TENANT_PROJECT}.org-1.zone1.google.gdch.test\n\nUpload image to Harbor\n----------------------\n\n1. Create a Harbor project by following\n [Create a Harbor Project](/distributed-cloud/hosted/docs/latest/gdch/platform-application/pa-ao-operations/create-harbor-projects#create-a-harbor-project).\n\n Example: \n\n gdcloud harbor harbor-projects create \u003cvar translate=\"no\"\u003eHARBOR_PROJECT\u003c/var\u003e \\\n --project=\u003cvar translate=\"no\"\u003eTENANT_PROJECT\u003c/var\u003e \\\n --instance=\u003cvar translate=\"no\"\u003eHARBOR_INSTANCE_NAME\u003c/var\u003e \n\n2. Sign-in to Docker. Begin at\n [Sign in to Docker or Helm with CLI secrets](/distributed-cloud/hosted/docs/latest/gdch/platform-application/pa-ao-operations/configure-docker-authentication#sign-in-cli-secrets).\n\n3. Download or build your container image, and follow the\n Google Distributed Cloud air-gapped instructions to [Push an image](/distributed-cloud/hosted/docs/latest/gdch/platform-application/pa-ao-operations/push-image) to push it to Harbor.\n\n For example, here is is a workflow for pulling from Gitlab and pushing\n to Harbor:\n 1. Log in and pull from your Gitlab container registry.\n\n export GITLAB_ID=\u003cvar translate=\"no\"\u003eGITLAB_ID\u003c/var\u003e\n export GITLAB_PROJECT_NAME=\u003cvar translate=\"no\"\u003eGITLAB_PROJECT_NAME\u003c/var\u003e\n export GITLAB_IMAGE_PATH=registry.gitlab.com/\u003cvar translate=\"no\"\u003eGITLAB_ID\u003c/var\u003e/\u003cvar translate=\"no\"\u003eGITLAB_PROJECT_NAME\u003c/var\u003e\n docker login registry.gitlab.com\n docker pull ${GITLAB_IMAGE_PATH}\n\n 2. Push the Gitlab image to Harbor:\n\n export TAG=demo-image\n docker tag ${TAG} ${GITLAB_IMAGE_PATH}\n docker push ${INSTANCE_URL}/${HARBOR_PROJECT}/${TAG}\n\nGrant roles\n-----------\n\nGrant your user the ability to create secrets and deployment.\n\n1. Give the user permission to create secrets by adding the\n `secret-admin` role.\n\n gdcloud projects add-iam-policy-binding PROJECT \\\n --member=\"user:${AO_USER}\" \\\n --role=secret-admin\n\n2. Give the user permission to deploy container workloads by adding the `namespace-admin` role.\n\n gdcloud projects add-iam-policy-binding PROJECT \\\n --member=\"user:${AO_USER}\" \\\n --role=namespace-admin\n\nDeploy container app\n--------------------\n\nContinue at [Create Kubernetes image pull secret](/distributed-cloud/hosted/docs/latest/gdch/platform-application/deploy-container-workloads#create-image-pull-secret) to create a secret and deploy your app."]]
