This sample demonstrates security features for an end to end Java workflow. This samples deploys a multi-tiered application with a frontend service and a backend service to Google Kubernetes Engine or Cloud Run using Cloud Deploy.
⚠️ WARNING: This demo includes a vulnerable dependency in backend/pom.xml for illustrative purposes!
Deploy to GKE Deploy to Cloud Run
The permissions needed for these tutorials can be fulfilled by the Owner or Editor roles.
Note: Organization or Binary Authorization policies may already be set for your organization and may cause deployment errors.
You will need:
-
To create or select a Google Cloud project.
Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.
-
To make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.
-
To Install and initialize the gcloud CLI and authenticate via:
gcloud auth login.
-
cloudbuild.yaml- Cloud Build configuration file to build images and deploy with Cloud Deploy -
clouddeploy.yaml- Cloud Deploy pipeline definition -
skaffold.yaml- A schema file that defines Skaffold configurations (skaffold.yaml reference). The Skaffold files are used by Cloud Deploy releases. -
policy.yaml- Binary Authorization policy -
kubernetes-manifests/- Contains Kubernetes YAML files for the Guestbook services and deployments, including:guestbook-frontend.deployment.yaml- deploys a pod with the frontend container imageguestbook-frontend.service.yaml- creates a load balancer and exposes the frontend service on an external IP in the clusterguestbook-backend.deployment.yaml- deploys a pod with the backend container imageguestbook-backend.service.yaml- exposes the backend service on an internal IP in the cluster
-
cloudrun-manifests/- Cloud Run Service YAML filesguestbook-backend.dev.service.yamlguestbook-backend.prod.service.yamlguestbook-frontend.dev.service.yamlguestbook-frontend.prod.service.yaml