Merge pull request #43 from GoogleCloudPlatform/remove-project-id

Remove project id

README.md

@@ -2,24 +2,59 @@
 This is a demo showing how to execute multi-container integration tests as part of a [Google Cloud Build](https://cloud.google.com/cloud-build/) invocation
 
 ## Method 1: docker-compose
-Prerequisite:
+### Prerequisites
+
 Build the [docker-compose community builder](https://github.com/GoogleCloudPlatform/cloud-builders-community/tree/master/docker-compose) and push to [Google Container Registry](https://cloud.google.com/container-registry/) in your GCP project
 
+### Running Build
+
 Run command:
-`gcloud builds submit --config=cloudbuild.compose.yaml .`
+```
+gcloud builds submit --config=cloudbuild.compose.yaml .
+```
+
+## Method 2: Deploy to Existing Kubernetes Cluster
+### Prerequisites
+
+1.  Create a cluster in Google Kubernetes Engine
+    ```
+    gcloud container clusters create staging --zone us-central1-c
+    ```
+
+    NOTE: Update `cloudbuild.gke.yaml` env options if using a cluster with a different name or zone. 
 
-## Method 2: deploy to existing kubernetes cluster
-Prerequisites:
+1. Update the `image` field in `k8s/db.yaml` and `k8s/web.yaml` with your Project ID to push images to your project's Container Registry.
+
+1. Add IAM role "Kubernetes Engine Developer" to Cloud Build Service Account
+    ```
+    gcloud projects add-iam-policy-binding <PROJECT-ID> \ 
+    --member serviceAccount:<PROJECT-NUMBER>@cloudbuild.gserviceaccount.com \
+    --role roles/container.developer
+    ```
+    Learn more about the [Cloud Build Service Account](https://cloud.google.com/cloud-build/docs/securing-builds/set-service-account-permissions#what_is_the_service_account), [Kubernetes Engine Permissions](https://cloud.google.com/kubernetes-engine/docs/how-to/iam) and [Granting Roles to Service Accounts](https://cloud.google.com/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource).
+
+### Running Build
+```
+gcloud builds submit --config cloudbuild.gke.yaml .
+```
+
+### When you're done
+1. Delete Kubernetes Cluster
+    ```
+    gcloud container clusters delete staging --zone us-central1-c
+    ```
+1. Remove GKE permissions from Cloud Build
+    ```
+    gcloud projects remove-iam-policy-binding <YOUR-PROJECT-ID> \ 
+    --member serviceAccount:<YOUR-PROJECT-NUMBER>@cloudbuild.gserviceaccount.com \
+    --role roles/container.developer
+    ```
 
-1. A running kubernetes cluster (this example uses GKE)
-  - `gcloud container clusters create staging --zone us-central1-c` 
-2. Cloud Build service account must have role: "Kubernetes Engine Developer"
-  - TODO: add service account gcloud command
-  Run command:
-  `gcloud builds submit --config=cloudbuild.gke.yaml .`
 
 ## Method 3: deploy to self-destructing VM
 
+Before beginning, update k8s/db.yaml and k8s/web.yaml with your Project ID.
+
 ### to do things locally:
 ```
 # run terraform to create a self-destructing VM w/ microk8s

k8s/db.yaml

@@ -32,7 +32,8 @@ spec:
     spec:
       containers:
       - name: mysql
-        image: gcr.io/gcb-sandbox/mysql:latest
+        # Dev TODO: add your project id here
+        image: gcr.io/PROJECT-ID/mysql:latest
         env:
           - name: MYSQL_ROOT_PASSWORD
             value: "password"

k8s/web.yaml

@@ -32,7 +32,8 @@ spec:
     spec:
       containers:
       - name: web
-        image: gcr.io/gcb-sandbox/web:latest
+        # Dev TODO: add your project id here
+        image: gcr.io/PROJECT-ID/web:latest
         env:
         - name: DB_HOST
           value: cookieshop-db