Installing on Google Cloud VM
This page describes how to install Piped on Google Cloud VM.
Prerequisites
Having piped’s ID and Key strings
- Ensure that the
piped
has been registered and you are having itsPIPED_ID
andPIPED_KEY
strings. - If you are not having them, this page guides you how to register a new one.
Preparing SSH key
- If your Git repositories are private,
piped
requires a private SSH key to access those repositories. - Please checkout this documentation for how to generate a new SSH key pair. Then add the public key to your repositories. (If you are using GitHub, you can add it to Deploy Keys at the repository’s Settings page.)
Installation
-
Preparing a piped configuration file as the following:
apiVersion: pipecd.dev/v1beta1 kind: Piped spec: projectID: {PROJECT_ID} pipedID: {PIPED_ID} pipedKeyData: {BASE64_ENCODED_PIPED_KEY} # Write in a format like "host:443" because the communication is done via gRPC. apiAddress: {CONTROL_PLANE_API_ADDRESS} git: sshKeyData: {BASE64_ENCODED_PRIVATE_SSH_KEY} repositories: - repoId: {REPO_ID_OR_NAME} remote: git@github.com:{GIT_ORG}/{GIT_REPO}.git branch: {GIT_BRANCH} # Optional # Uncomment this if you want to enable this Piped to handle Cloud Run application. # platformProviders: # - name: cloudrun-in-project # type: CLOUDRUN # config: # project: {GCP_PROJECT_ID} # region: {GCP_PROJECT_REGION} # Optional # Uncomment this if you want to enable this Piped to handle Terraform application. # - name: terraform-gcp # type: TERRAFORM # Optional # Uncomment this if you want to enable SecretManagement feature. # https://pipecd.dev//docs/user-guide/managing-application/secret-management/ # secretManagement: # type: KEY_PAIR # config: # privateKeyData: {BASE64_ENCODED_PRIVATE_KEY} # publicKeyData: {BASE64_ENCODED_PUBLIC_KEY}
See ConfigurationReference for the full configuration.
-
Creating a new secret in SecretManager to store above configuration data securely
gcloud secrets create vm-piped-config --data-file={PATH_TO_CONFIG_FILE}
-
Creating a new Service Account for Piped and giving it needed roles
gcloud iam service-accounts create vm-piped \ --description="Using by Piped running on Google Cloud VM" \ --display-name="vm-piped" # Allow Piped to access the created secret. gcloud secrets add-iam-policy-binding vm-piped-config \ --member="serviceAccount:vm-piped@{GCP_PROJECT_ID}.iam.gserviceaccount.com" \ --role="roles/secretmanager.secretAccessor" # Allow Piped to write its log messages to Google Cloud Logging service. gcloud projects add-iam-policy-binding {GCP_PROJECT_ID} \ --member="serviceAccount:vm-piped@{GCP_PROJECT_ID}.iam.gserviceaccount.com" \ --role="roles/logging.logWriter" # Optional # If you want to use this Piped to handle Cloud Run application # run the following command to give it the needed roles. # https://cloud.google.com/run/docs/reference/iam/roles#additional-configuration # # gcloud projects add-iam-policy-binding {GCP_PROJECT_ID} \ # --member="serviceAccount:vm-piped@{GCP_PROJECT_ID}.iam.gserviceaccount.com" \ # --role="roles/run.developer" # # gcloud iam service-accounts add-iam-policy-binding {GCP_PROJECT_NUMBER}-compute@developer.gserviceaccount.com \ # --member="serviceAccount:vm-piped@{GCP_PROJECT_ID}.iam.gserviceaccount.com" \ # --role="roles/iam.serviceAccountUser"
-
Running Piped on a Google Cloud VM
# Enable remote-upgrade feature of Piped. # https://pipecd.dev/docs/user-guide/managing-piped/remote-upgrade-remote-config/#remote-upgrade # This allows upgrading Piped to a new version from the web console. gcloud compute instances create-with-container vm-piped \ --container-image="ghcr.io/pipe-cd/launcher:v0.49.4" \ --container-arg="launcher" \ --container-arg="--config-from-gcp-secret=true" \ --container-arg="--gcp-secret-id=projects/{GCP_PROJECT_ID}/secrets/vm-piped-config/versions/{SECRET_VERSION}" \ --network="{VPC_NETWORK}" \ --subnet="{VPC_SUBNET}" \ --scopes="cloud-platform" \ --service-account="vm-piped@{GCP_PROJECT_ID}.iam.gserviceaccount.com"
# This just installs a Piped with the specified version. # Whenever you want to upgrade that Piped to a new version or update its config data you have to restart it. gcloud compute instances create-with-container vm-piped \ --container-image="ghcr.io/pipe-cd/piped:v0.49.4" \ --container-arg="piped" \ --container-arg="--config-gcp-secret=projects/{GCP_PROJECT_ID}/secrets/vm-piped-config/versions/{SECRET_VERSION}" \ --network="{VPC_NETWORK}" \ --subnet="{VPC_SUBNET}" \ --scopes="cloud-platform" \ --service-account="vm-piped@{GCP_PROJECT_ID}.iam.gserviceaccount.com"
After that, you can see on PipeCD web at Settings
page that Piped is connecting to the Control Plane.
You can also view Piped log as described here.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified August 23, 2023: Release v0.45.0 (#4556) (600de7e3)