Ash Wu
Posted on February 17, 2024
Kamal (https://kamal-deploy.org/) serves as the Docker equivalent of Capistrano, presenting a familiar interface to those already acquainted with Capistrano.
In this article, I'll share insights gained from deploying a web application on Google Cloud Platform (GCP) using Kamal. Rather than offering a one-size-fits-all guide, I aim to provide a collection of useful snippets and references to facilitate your project's deployment.
Utilizing GCP's Artifact Registry
The integration of Kamal with GCP's Artifact Registry is streamlined by an ongoing PR (https://github.com/basecamp/kamal-site/pull/35). For seamless operation, configure the following in your Kamal settings, ensuring to replace the placeholders with your specific project details and incorporating the service account's JSON key.
image: <your gcp project id>/<artifact registry repo name>/<desired image name>
registry:
server: <your registry region>-docker.pkg.dev
username: _json_key_base64
password:
- KAMAL_REGISTRY_PASSWORD
Secure SSH Access via IAP
To securely SSH into GCP's Compute Engine VMs, the use of Identity-Aware Proxy (IAP) is advocated. Before proceeding, verify your ability to SSH via IAP by following GCP's official guide (https://cloud.google.com/compute/docs/connect/ssh-using-iap).
In the Kamal configuration file, define your server host as shown below:
servers:
- "myhost.us-west1-a.my-gcp-project"
Setting up Proxy Command
For a smooth SSH connection, download and implement this script (https://gist.github.com/hSATAC/d72bd174f8845d8b9995f8921fe13b39) as your proxy_command. This script, compatible with both macOS and Linux, facilitates usage across various environments including CI runners.
Locate the script within the project at ./.kamal/scripts/
:
ssh:
proxy_command: sh ./.kamal/scripts/gcp-start-iap-tunnel-ssh-proxy-magic.sh gce_instance=%h sshuser=root
Enabling Root SSH Access
Though Kamal permits SSH access under any username, employing the root user simplifies processes, adhering to Kamal's default assumptions.
Enable root SSH access as per GCP's guidance (https://cloud.google.com/compute/docs/connect/root-ssh#gcloud), and in your SSH configuration (~/.ssh/config
), include a reference to Google's Compute Engine private key:
Host *.my-gcp-project
IdentityFile ~/.ssh/google_compute_engine
Posted on February 17, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.