问题描述
我想构建一个 CI 管道,其中基础设施阶段使用 Terraform 在 Google Compute Engine 上提供容器优化的操作系统实例在将 Docker 化的应用程序上传到 Artifact Registry 并首次部署之前.
I want to build a CI pipeline where the infrastructure stage provisions with Terraform a container-optimised operating system instance on Google Compute Engine before the Dockerized application is uploaded to Artifact Registry and deployed for the first time.
我的 Terraform 配置:
My Terraform config:
data "google_compute_image" "cos" {
family = "cos-stable"
project = "cos-cloud"
}
resource "google_compute_instance" "container_optimized_os_vm" {
name = "container-optimized-os-vm"
machine_type = "f1-micro"
allow_stopping_for_update = true
network_interface {
network = "default"
}
boot_disk {
initialize_params {
image = data.google_compute_image.cos.self_link
}
}
metadata = {
google-logging-enabled = "true"
gce-container-declaration =<<EOT
spec:
containers:
- image: image-repository/image-name:latest
name: containervm
securityContext:
privileged: false
stdin: false
tty: false
volumeMounts: []
restartPolicy: Always
volumes: []
EOT
}
}
我从 Artifact Registry 部署最新版本映像的命令:
My command to deploy the latest version of my image from Artifact Registry:
gcloud compute instances update-container container-optimized-os-vm
--zone europe-west2-b
--container-image "europe-west2-docker.pkg.dev/my-project-id/my-image-repository-name/my-image-name:latest"
当我省略 gce-container-declaration
元数据时,我收到以下错误:
When I omit the gce-container-declaration
metadata, I get the following error:
ERROR: (gcloud.compute.instances.update-container) Instance doesn't have gce-container-declaration metadata key - it is not a container.
我希望能够在 gce-container-declaration
中不指定图像的情况下配置实例——这可能吗?我担心的是,当检测到基础架构更改时,将部署 gce-container-declaration
中的图像而不是我的应用程序的图像.
I want to be able to provision the instance without specifying an image in gce-container-declaration
—is this possible? My worry is that when infrastructure changes are detected, the image in gce-container-declaration
will be deployed instead of my application's image.
推荐答案
需要说明的是,容器优化操作系统用于运行 Docker 容器,这意味着您的 VM 实例被创建为 Docker 容器,您的容器化应用程序将如以下文档 [1] 所述,在其上运行.
Just to be clear, the container optimized OS is used for running Docker containers, it means that your VM instance is created as a Docker container and your containerized application will run on top of it, as stated in the following documentation [1].
现在,gce-container-declaration
参数是容器的清单,您可以在其中指定容器化应用程序(包括图像)所需的所有参数.
Now, the gce-container-declaration
argument is the manifest of your container, and in which you can specify all the arguments you want for your containerized application (including the image).
运行命令 gcloud compute instances update-container
并将您的应用程序映像路径作为 --container-image 标志只会更改从 image-repository/image-name 部署的原始容器映像:latest
到 europe-west2-docker.pkg.dev/my-project-id/my-image-repository-name/my-image-name:latest
,和你一样首先指定:
Running the command gcloud compute instances update-container
with your application image path as the --container-image flag only changes the original container image deployed from image-repository/image-name:latest
to europe-west2-docker.pkg.dev/my-project-id/my-image-repository-name/my-image-name:latest
, same that you could have specified in the first place:
metadata = {
google-logging-enabled = "true"
gce-container-declaration =<<EOT
spec:
containers:
- image: europe-west2-docker.pkg.dev/my-project-id/my-image-repository-name/my-image-name:latest
name: containervm
securityContext:
privileged: false
stdin: false
tty: false
volumeMounts: []
restartPolicy: Always
volumes: []
EOT
}
您遇到的错误是因为一旦您取出 gce-container-declaration
标志,VM 实例就不再作为容器创建,而只是一个普通的 VM;因此错误.
The error you are getting is because once you take out the gce-container-declaration
flag the VM instance is no longer created as a container but just a normal VM; hence the error.
当两者都可以并行完成时,我不明白为什么要创建 VM 实例以便稍后部署应用程序,实际上提供的 terraform 代码就是这样工作的.
I do not see why you want to create the VM instance to later deploy your application when both can be done in parallel, and actually the terraform code provided works that way.
[1] https://cloud.google.com/container-optimized-os/docs/concepts/features-and-benefits
这篇关于是否可以在不实际部署映像的情况下在 GCE 上配置容器优化的 OS VM?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!