Dockerized Web Application - Auto-deploy to Google App Engine with Google Cloud Build

Tue 20 November 2018
Tags: google / docker / cd / git

Google's App Engine Flexiblie Environment supports "custom runtimes" which means you can push a Docker container to provide the web application that will be served (rather than using Google's proprietary app engine interface).

Why App Engine versus running the Docker container directly in Google's Compute Engine or Google's Kubernetes Engine? There's not a lot of benefit... but in App Engine, Google provides a load balancer, SSL/TLS termination (and a free certificate at their .appspot.com domain), and auto-scaling. These can all be created independently through other Google services, but here, Google takes care of the details for you with App Engine.

Google's QuickStart for custom runtimes includes most of the details to set this up. I won't repeat those here... Once you've got your app setup, though, and want to take advantage of some continuous deployment features (commit to git, auto-build the docker container, auto-deploy to App Engine), here is the magic glue:

Google's Cloud Build can currently trigger from git repos hosted by Google (Google Cloud's Source Repositories - free private repos for <5 users), GitHub, and Bitbucket. Host your repo with one of those three options.

We need three build steps: 1. Build the container image using Docker 2. Push the container image to Google's Container Registry 3. Deploy the container image to Google's App Engine

Using Google's Cloud Build, create a cloudbuild.yaml similar to this:

steps:
    - name: 'gcr.io/cloud-builders/docker'
      args: ['build','-t','gcr.io/$PROJECT_ID/[CONTAINER_NAME]','.']
    - name: 'gcr.io/cloud-builders/docker'
      args: ['push','gcr.io/$PROJECT_ID/[CONTAINER_NAME]']
    - name: 'gcr.io/cloud-builders/gcloud'
      args: ['app','deploy','--image-url','gcr.io/$PROJECT_ID/[CONTAINER_NAME]']

Google's Cloud Build will substitute in $PROJECT_ID. You need to replace [CONTAINER_NAME] with your chosen name.

Before this cloudbuild.yaml file will work, Cloud Build will require some additional permissions. Under the IAM section of Google Cloud Console, we had to give "App Engine Deployer" and "App Engine Servie Admin" role to the Cloud Build service account.

I'm not 100% sure it was necessasry, but I got an error from gcloud while testing things that said I needed the "App Engine API" so I also enabled that.

To manually test your build, use gcloud gcloud builds submit --config ./cloudbuild.yaml . (note that final period!). When you use gcloud to submit the build, you'll be able to watch the build status in the console.

Don't forget to setup your Cloud Build triggers so that when you commit to your git repository, then it will auto-build and auto-deploy.

Finally, check-in your cloudbuild.yaml and push to your git repo. To check the status (see stdout/stderr output) in Google Cloud Console, look under "Cloud Build" -> "History".