CI set up with Google Cloud build

Question

Heavily inspired by this video from Google NEXT I've started to building CI pipeline for my project.

Goal: to have prod cluster update docker image every time successful build with the tag happened.

Problem: in my cloudbuild.yaml I specify steps to build images - which works fine, but then I want to use these images is the next step to update the k8s deployment configurations to use these images. But the images only pushed into container registry after the build is successful.

I hope you see the problem I'm running here, I hope there is a simple solution that I'm missing here.

My cloudbuild.yaml:

steps:
  - name: 'gcr.io/cloud-builders/docker'
    args: [ 'build', '-t', 'gcr.io/$PROJECT_ID/web:${TAG_NAME}', 'web/' ]

  - name: 'gcr.io/google_containers/hyperkube:v1.5.3'
    env: ["KUBECONFIG=/workspace/kubeconfig"]
    entrypoint: '/hyperkube'
    args: ['kubectl','set', 'image', 'deployment/web-deployment', 'web=gcr.io/$PROJECT_ID/web:${TAG_NAME}']

  - name: 'gcr.io/google_containers/hyperkube:v1.5.3'
    env: ['KUBECONFIG=/workspace/kubeconfig']
    entrypoint: '/hyperkube'
    args: ['kubectl','apply', '-f', 'k8s-all-config.yaml']

images:
  - 'gcr.io/$PROJECT_ID/web:${TAG_NAME}'

Answer 1

the short story is that the credentials used in your build steps are not currently able to run kubectl, hyperkube, or similar deployment tools.

This GitHub issue discusses some currently available work-arounds and tracks enabling the use of this kind of deployment tool as part of your build. We are within a few weeks of rolling out the needed changes and will update that Issue when it happens.

(Full disclosure: I'm the Tech Lead for Google Cloud Container Builder.)

Update: the underlying issue is closed, this should now work. (See discussion for sample working usage.)