Kamal Deploy on GCP

hsatac

Ash Wu

Posted on February 17, 2024

Kamal Deploy on GCP

Kamal (https://kamal-deploy.org/) serves as the Docker equivalent of Capistrano, presenting a familiar interface to those already acquainted with Capistrano.

In this article, I'll share insights gained from deploying a web application on Google Cloud Platform (GCP) using Kamal. Rather than offering a one-size-fits-all guide, I aim to provide a collection of useful snippets and references to facilitate your project's deployment.

Utilizing GCP's Artifact Registry

The integration of Kamal with GCP's Artifact Registry is streamlined by an ongoing PR (https://github.com/basecamp/kamal-site/pull/35). For seamless operation, configure the following in your Kamal settings, ensuring to replace the placeholders with your specific project details and incorporating the service account's JSON key.

image: <your gcp project id>/<artifact registry repo name>/<desired image name>
registry:
  server: <your registry region>-docker.pkg.dev
  username: _json_key_base64
  password:
    - KAMAL_REGISTRY_PASSWORD
Enter fullscreen mode Exit fullscreen mode

Secure SSH Access via IAP

To securely SSH into GCP's Compute Engine VMs, the use of Identity-Aware Proxy (IAP) is advocated. Before proceeding, verify your ability to SSH via IAP by following GCP's official guide (https://cloud.google.com/compute/docs/connect/ssh-using-iap).

In the Kamal configuration file, define your server host as shown below:

servers:
  - "myhost.us-west1-a.my-gcp-project"
Enter fullscreen mode Exit fullscreen mode

Setting up Proxy Command

For a smooth SSH connection, download and implement this script (https://gist.github.com/hSATAC/d72bd174f8845d8b9995f8921fe13b39) as your proxy_command. This script, compatible with both macOS and Linux, facilitates usage across various environments including CI runners.

Locate the script within the project at ./.kamal/scripts/:

ssh:
  proxy_command: sh ./.kamal/scripts/gcp-start-iap-tunnel-ssh-proxy-magic.sh gce_instance=%h sshuser=root
Enter fullscreen mode Exit fullscreen mode

Enabling Root SSH Access

Though Kamal permits SSH access under any username, employing the root user simplifies processes, adhering to Kamal's default assumptions.

Enable root SSH access as per GCP's guidance (https://cloud.google.com/compute/docs/connect/root-ssh#gcloud), and in your SSH configuration (~/.ssh/config), include a reference to Google's Compute Engine private key:

Host *.my-gcp-project
  IdentityFile ~/.ssh/google_compute_engine
Enter fullscreen mode Exit fullscreen mode
💖 💪 🙅 🚩
hsatac
Ash Wu

Posted on February 17, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Kamal Deploy on GCP
kamal Kamal Deploy on GCP

February 17, 2024