In addition to running nomos vet as a pre-commit hook locally, we
recommend validating any configuration changes in your CI/CD pipeline. This
guide shows how to validate configuration changes with Cloud Build when
using GKE clusters. The same setup works in any container-based CI/CD system
(e.g. CircleCI) with minimal changes.
-
Enable Cloud Build API: https://console.cloud.google.com/flows/enableapi?apiid=cloudbuild.googleapis.com
-
Grant Cloud Build service account permission to access your GKE cluster. Follow the instructions here and give the service account the
Kubernetes Engine Developerrole. -
Create a Cloud Build config file and store it in the same repo as your config files (e.g. my-repo/cloudbuild.yaml):
steps: - name: 'gcr.io/cloud-builders/kubectl' args: ['config', 'current-context'] volumes: - name: 'kube' path: '/kube' env: - 'KUBECONFIG=/kube/config' - 'CLOUDSDK_COMPUTE_ZONE=us-central1-a' - 'CLOUDSDK_CONTAINER_CLUSTER=my-cluster' - 'CLOUDSDK_CONTAINER_USE_APPLICATION_DEFAULT_CREDENTIALS=true' - name: 'gcr.io/nomos-release/nomos:stable' args: ['nomos', 'vet', '--path', '/workspace'] volumes: - name: 'kube' path: '/kube' env: - 'KUBECONFIG=/kube/config' timeout: 30s
There are two steps in this configuration:
- Run
kubectl config current-contextto generate the kubeconfig file needed to authenticate to themy-clusterGKE cluster - Run
nomos veton the Git repo which is automatically cloned in/workspace.
- Run
-
Set up a build trigger for changes to your source repository following the instructions here. You can create triggers for GitHub*, Bitbucket, and Cloud Source Repository. The following example creates a trigger that runs for every commit to the master branch of a Cloud Source Repo. Use the Cloud Build configuration file from the previous step:
-
Test the setup by manually running the trigger: https://console.cloud.google.com/cloud-build/triggers If things are set up correctly, the Cloud build steps should be green.
And you’re done!
* For GitHub users, Cloud Build is also available in the marketplace.