►
Description
5mp is now Cloud Seed ⛅🌱 https://hello.cloudseed.app
Cloud Seed is an open-source program lead by GitLab Incubation Engineering in collaboration with Google Cloud.
Deploying web application (and related workloads) from GitLab to major cloud providers should be trivial.
Cloud Seed makes it ridiculously simple and intuitive to consume appropriate Google Cloud services within GitLab.
00:00 Intro
00:20 Goal & Agenda
01:05 OAuth2 & Authentication Schemes
03:35 MR !75902
03:59 MR !75897
04:36 Demo 1-click-config
06:06 Upcoming week
A
A
A
A
As
you're
aware
so
far,
we've
been
working
on
introducing
a
google
cloud
page
for
a
project
within
the
infrastructure
section
from
where
you
can
perform
the
create
service
account
flow.
The
slow
begins
with
the
google
auth,
where
you
log
in,
and
you
authorize
the
gitlab
instance
to
manage
your
cloud
resources
once
you
do
that,
you
are
shown
a
form
where
you
can
select
your
gcp
project.
You
can
link
it
to
a
gitlab
environment
and
it
will
create
the
appropriate
service
accounts
for
you.
A
The
positives
are
very,
very
clear:
it's
a
very
smooth
experience
for
end
users,
where
they
literally
just
press
buttons
and
all
the
deployment
credentials
are
created
for
them,
and
the
second
benefit
is
that
this
is
at
least
partially
pre-built
inside
gitlab
instances
for
gke
integration
for
that
matter.
So
it's
possible
that
customer
instances
are
already
pre-configured
for
this
type
of
authentication
scheme.
A
The
drawbacks
are
also
there,
and
the
biggest
drawback
is
that
sensitive
customers
might
hesitate
to
grant
permissions
to
to
the
gitlab
application
to
manage
all
of
their
cloud
resources.
This
is
a
pretty
broad
permission
that
the
application
is
seeking
and
people
might
hesitate,
despite
us,
being
an
open
source
product.
A
The
biggest
solution
that
exists
already
is
that
these
authentications
and
authorizations
can
be
manually,
set
up
so
you're
free
to
create
your
deployment
credentials
in
your
preferred
means
and
save
them
in
your
secret
manager,
your
wallet
or
your
or
your
ci
bars.
This
is
something
you
can
already
do.
We
would
also
like
to
investigate
workload,
identity
federation,
so
the
idea
is
to
meet
the
google
im
team.
Early
2022
include
some
of
our
subject
matter:
experts,
artifin
marshall
as
well,
and
then
based
on
the
suggestions
that
come
out
of
this,
we
might
implement
something.
A
Of
course,
it's
hard
to
predict
when
this
will
be
implemented,
but
the
shofar
way
of
getting
it
implemented
fast
is
to
have
validated
customer
demand
for
the
authentication
scheme.
A
A
75897
is
still
open.
This
introduces
a
button
to
explicitly
revoke
google
api
authorizations
and
just
to
just
to
clarify
the
default
behavior
is
that
the
token
would
expire
in
10
minutes,
but
we
just
introduced
a
button
to
make
explicitly
so
if
the
user
wants
to
wants
to
revoke
them,
the
front
end
has
been
approved
and
thank
you
to
tristan
and
ezekiel.
A
A
A
A
Let's
just
look
at
the
changes
we
have
created
a
new
branch
called
cloud
cloud
run
and
a
random
hash
over
here
to
just
to
get
a
unique
branch
name.
This
branch
contains
one
comment.
The
message
says
enable
cloud
run
deployments
and
if
you
look
at
the
changes
it
makes
some
changes
to
the
gitlab
ciaml
file.
So
this
is
an
example
of
pressing
a
button
and
getting
a
yaml
populated
with
the
right
kind
of
config.
A
A
If
the
project
already
has
a
pipeline
config,
then
we
have
to
merge
the
existing
ciaml
file
with
the
cloud
run,
specific
configuration,
and
finally,
we
need
to
look
at
a
few
things
right.
The
first
thing
we
want
to
consider
is
when
to
enable
this
button,
we
need
to
make
sure
that
the
service
accounts
are
available.
A
Then
we
want
to
build
the
actual
production
ready
pipeline
itself
and
this
needs
to
be
built
inside
an
external
repo.
This
is
similar
to
what
we
did
with
the
original
aws
500
production
concept.
Earlier
this
year.
The
idea
is
to
decouple
the
cloud
run
pipeline
from
the
gitlab
rails
web
module.
This
means
that
it's
an
independent
project,
that's
easier
to
maintain
it's
easy
to
version
and
it's
easier
to
invite
people
to
collaborate
and
contribute
to
the
pipeline
without
actually
going
through
the
whole
merge
request
review
process
that
we
have
for
the
main
main
product.
A
So
this
is
just
to
keep
maintenance,
pretty
it's
pretty
sweet
and
fast
there's
another
task
for
me
in
the
in
the
upcoming
week
and
that
is
to
perform
the
code
review,
fixes
that
get
suggested
for
75897
and
get
that
merged
as
well.