1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
---
stage: Verify
group: Tutorials
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Tutorial: Set up the Google Cloud integration
This tutorial shows you how to integrate Google Cloud with GitLab,
so that you can deploy directly to Google Cloud.
To set up the Google Cloud integration:
1. [Secure your usage with Google Cloud Identity and Access Management (IAM)](#secure-your-usage-with-google-cloud-identity-and-access-management-iam)
1. [Connect to a Google Artifact Registry repository](#connect-to-a-google-artifact-registry-repository)
1. [Set up GitLab Runner to execute your CI/CD jobs on Google Cloud](#set-up-gitlab-runner-to-execute-your-cicd-jobs-on-google-cloud)
1. [Deploy to Google Cloud with CI/CD components](#deploy-to-google-cloud-with-cicd-components)
## Before you begin
To set up the integration, you must:
- Have a GitLab project where you have at least the Maintainer role.
- Have the [Owner](https://cloud.google.com/iam/docs/understanding-roles#owner) IAM role on the
Google Cloud projects that you want to use.
- Have [billing enabled for your Google Cloud project](https://cloud.google.com/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).
- Have a Google Artifact Registry repository with Docker format and Standard mode.
- Install the [Google Cloud CLI](https://cloud.google.com/sdk/docs/install)
and [Terraform](https://developer.hashicorp.com/terraform/install).
## Secure your usage with Google Cloud Identity and Access Management (IAM)
To secure your usage of Google Cloud, you must set up the Google Cloud IAM integration.
After this step, your GitLab group or project is connected to Google Cloud. You can handle permissions for
Google Cloud resources without the need for service accounts keys and the associated risks using workload identity federation.
1. On the left sidebar, select **Search or go to** and find your group or project. If you configure this on a group, settings apply to all projects within by default.
1. Select **Settings > Integrations**.
1. Select **Google Cloud IAM**.
1. Select **Guided setup** and follow the instructions.
## Connect to a Google Artifact Registry repository
Now that the Google IAM integration is set up, you can connect to a Google Artifact Registry repository.
After this step, you can view your Google Cloud artifacts in GitLab.
1. In your GitLab project, on the left sidebar, select **Settings > Integrations**.
1. Select **Google Artifact Registry**.
1. Under **Enable integration**, select the **Active** checkbox.
1. Complete the fields:
- **[Google Cloud project ID](https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects)**:
The ID of the Google Cloud project where your Artifact Registry repository is located.
- **Repository name**: The name of your Artifact Registry repository.
- **Repository location**: The location of your Artifact Registry repository.
1. In **Configure Google Cloud IAM policies**, follow the onscreen instructions
to set up the IAM policies in Google Cloud. These policies are required to use the
Artifact Registry repository in your GitLab project.
1. Select **Save changes**.
1. To view your Google Cloud artifacts, on the left sidebar,
select **Deploy > Google Artifact Registry**.
In a later step, you will push your container images to Google Artifact Registry.
## Set up GitLab Runner to execute your CI/CD jobs on Google Cloud
You can set up GitLab Runner to run CI/CD jobs on Google Cloud.
After this step, your GitLab project has an autoscaling fleet of runners, with
a runner manager that creates temporary runners to execute multiple jobs simultaneously.
1. In your GitLab project, on the left sidebar, select **Settings > CI/CD**.
1. Expand the **Runners** section.
1. Select **New project runner**.
1. Complete the fields.
- In the **Platform** section, select **Google Cloud**.
- In the **Tags** section, in the **Tags** field, enter the job tags to specify jobs the runner can run.
If there are no job tags for this runner, select **Run untagged**.
- Optional. In the **Runner description** field, add a description for the runner
that displays in GitLab.
- Optional. In the **Configuration** section, add additional configurations.
1. Select **Create runner**.
1. Complete the fields in the **Step 1: Specify environment** section to specify the environment in
Google Cloud where runners execute CI/CD jobs.
1. Under **Step 2: Set up GitLab Runner**, select **Setup instructions**.
1. Follow the instructions in the modal. You only need to do **Step 1** once for the Google Cloud project, so that it's ready to provision the runners.
After you've followed the instructions, it might take one minute for your runner to be online and ready to run jobs.
## Deploy to Google Cloud with CI/CD components
A best practice for development is to reuse syntax, like CI/CD components to keep consistency across your pipelines.
You can use the library of components from GitLab and Google to make your GitLab project
interact with Google Cloud resources.
See the [CI/CD components from Google](https://gitlab.com/google-gitlab-components).
### Copy container images to Google Artifact Registry
Before you begin, you must have a working CI/CD configuration that builds and pushes container
images to your GitLab container registry.
To copy container images from your GitLab container registry to your Google Artifact Registry,
include the [CI/CD component from Google](https://gitlab.com/explore/catalog/google-gitlab-components/artifact-registry)
in your pipeline.
After this step, whenever a new container image is pushed to your GitLab container registry,
it is also pushed to your Google Artifact Registry.
1. In your GitLab project, on the left sidebar, select **Build > Pipeline editor**.
1. In the existing configuration, add the component as follows.
- Replace `<your_stage>` with the stage where this job runs.
It must be after the image is built and pushed to the GitLab container registry.
```yaml
include:
- component: gitlab.com/google-gitlab-components/artifact-registry/upload-artifact-registry@main
inputs:
stage: <your_stage>
source: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
target: $GOOGLE_ARTIFACT_REGISTRY_REPOSITORY_LOCATION-docker.pkg.dev/$GOOGLE_ARTIFACT_REGISTRY_PROJECT_ID/$GOOGLE_ARTIFACT_REGISTRY_REPOSITORY_NAME/$CI_PROJECT_NAME:$CI_COMMIT_SHORT_SHA
```
1. Add a descriptive commit message. **Target branch** must be your default branch.
1. Select **Commit changes**.
1. Go to **Build > Pipelines** and make sure a new pipeline runs.
1. After the pipeline finishes successfully, to view the container image that was copied to Google Artifact Registry,
on the left sidebar, select **Deploy > Google Artifact Registry**.
### Create a Google Cloud Deploy release
To integrate your pipeline with Google Cloud Deploy, include the [CI/CD component from Google](https://gitlab.com/explore/catalog/google-gitlab-components/cloud-deploy) in your pipeline.
After this step, your pipeline creates a Google Cloud Deploy release with your application.
1. In your GitLab project, on the left sidebar, select **Build > Pipeline editor**.
1. In the existing configuration, add the [Google Cloud Deploy component](https://gitlab.com/explore/catalog/google-gitlab-components/cloud-deploy).
1. Edit the component `inputs`.
1. Add a descriptive commit message. **Target branch** must be your default branch.
1. Select **Commit changes**.
1. Go to **Build > Pipelines** and make sure a new pipeline passes.
1. After the pipeline finishes successfully, to view the release,
see the [Google Cloud documentation](https://cloud.google.com/deploy/docs/view-release).
And that's it! You've now integrated Google Cloud with GitLab, and your GitLab project seamlessly
deploys to Google Cloud.
## Related topics
- [Google Cloud IAM integration](../../integration/google_cloud_iam.md)
- [Google Artifact Management integration](../../user/project/integrations/google_artifact_management.md)
- [Provisioning runners in Google Cloud](../../ci/runners/provision_runners_google_cloud.md)
|
