►
From YouTube: Securing Cloud Run Deployment with Auto DevOps
Description
Regnard Raquedan, Partner Solutions Architect at GitLab, demos how to secure your Google Cloud Run app with Auto DevOps.
Learn more about GitLab on Google Cloud: https://about.gitlab.com/partners/technology-partners/google-cloud-platform/
A
Today,
we'll
learn
how
to
deploy
cloudron
applications
with
gitlab's
Auto
devops
and
learn
how
these
two
can
help
you
develop
faster,
more
securely
and
leverage
serverless
technology
with
ease
I'm,
Bernard
Acadian,
the
partner
Solutions
architect
at
gitlab
and
I.
Help
team
members
and
partners
alike
learn
more
about
the
tight
integration
between
gitlab
and
Google
Cloud.
A
Let's
have
a
quick
primer
on
gitlab,
auto
devops
with
auto
devops.
It
simplifies
and
accelerates
your
workload
delivery
by
automatically
configuring
the
pipeline
that
deploys
your
desired
environment.
What
it
does
is
it
detects
the
code
language
builds
and
tests
code
scans
or
vulnerabilities
and
deploys
the
application
before
we
begin.
Let's
make
sure
we
have
these
things.
Ready
first,
is
a
Google
Cloud
project
with
these
enabled
apis,
Cloud
run
and
Cloud.
Build
next
would
be
the
Google
cloud
service
account
with
these
permissions.
The
cloud
run,
admin
Cloud,
build
service
agent
service,
account
user
and
project
viewer.
A
Make
sure
that
these
credentials
have
a
key
and
it's
saved
on
a
Json
file
that
is
encoded
with
base64.
and
finally,
your
gitlab
project.
With
the
application
code
to
complete
today's
demo.
We
will
do
five
steps.
The
first
is
to
configure
the
Google
Cloud
credentials.
The
second
is
to
add
the
auto
devops.
The
third
is
to
configure
the
environment
variables.
The
fourth
is
to
code,
the
CI
CD
Pipeline,
and
the
last
step
is
to
finalize
the
Dust.
A
The
first
step
in
our
demo
is
to
configure
the
Google
Cloud
credentials,
I'm,
showing
you,
the
Google,
Cloud
console
and
specifically
showing
you
the
surface
account
that
I'll
be
using
for
this
demo.
I
had
created
this
before,
and
it's
called
Cloud
run.
Demo
service
account
pretty
self-explanatory
there.
One
thing
I
do
want
to
note
is
that
the
service
account
should
have
these
permissions.
The
cloud
run,
admin
the
cloud,
build
service,
agent,
service,
account
user
and
then
project
viewer.
A
A
So,
at
your
project
page
add
the
auto
devops
template
to
the
cicd
pipeline,
and
you
do
that
by
going
to
the
gitlab
CI
yaml
file,
since
this
is
a
new
project
I
had
created
from
scratch,
I
will
create
a
new
file
at
the
root
and
call
it
gitlab
CI
the
demo
and
then
add
these
lines
of
code.
What
it
does
is,
it
will
add
the
auto
devops
template
to
your
gitlab
project,
so
this
will
Auto
automatically
configure
the
pipeline
based
on
your
project
settings
and
configuration,
and
that's
it.
A
I
will
now
commit
the
change
and
wait
for
this
thick
effect.
After
you
add
the
auto
devops
line
of
code
into
your
project,
you
know
that
you've
done
it
correctly.
If
you
see
this
new
pipeline
after
you
merge
your
code
and
code
changes
onto
your
project
so
see
here,
it's
ready
running
so
I
know
I'm
on
the
right
track.
So
after
we
verify
that
we
have
added
Auto
devops
into
the
project.
A
Let's
now
add
the
environment
variables,
which
is
the
third
step
to
get
there
I'm
going
to
go
to
settings,
go
to
CI
CD
once
I'm
there
there
will
be
a
series
of
sections
here
and
if
I
scroll
down
I
should
see
the
variable
section.
A
Since
this
a
new
project
I
had
created
from
scratch,
there
are
no
variables
yet
so,
let's
add
them.
The
first
variable
I
will
add,
is
the
Google
credentials,
which
is
the
base64
encoded
version
of
the
Json
file
of
the
service
account
key.
So
that's
going
to
call
it
b64
Google,
Cloud
credentials.
You
could
name
your
variable
any
name
but
I.
Just
added
this
for
clarity
and
I
will
add
and
paste
the
contents.
So
this
is
a
very
sensitive
piece
of
information.
I
need
to
I
would
recommend
that
you
mask
it.
A
We
don't
need
to
protect
the
variable,
and
then
we
add
it.
The
next.
Our
variable
that
we'll
be
adding
is
the
project
ID.
Now,
how
do
you
get
that
project?
Id
I
will
switch
back
to
the
Google
Cloud
console
and
then
go
to
the
main
project
screen
and
from
there.
I
will
copy
that
information
and
go
back
to
the
settings
and
add
it
for
this
demo.
I've
called
this
variable
project
ID
there
you
go
and
then
I
will
put
that
information
in
there.
A
Okay,
now
service
ID,
for
this
demo
is
the
service
name
or
ID
that
will
be
used
on
cloud
run.
So
this
would
be
anything,
but
since
this
is
a
node.js
application,
I'm
going
to
call
it
node.js
just
to
be
clear,
we
don't
need
to
protect
it,
and
then
we
add
it
so
now
all
three
variables
for
the
environment
have
been
added,
and
now
we're
set
to
go
to
the
next
step
in
this
demo.
A
Now
on
to
the
next
step,
which
is
to
configure
the
CI
CD
pipeline
to
do
that,
we
go
to
this
gitlab
CI
file
that
had
created
under
a
few
steps
ago,
and
then
we
navigate
there
from
the
project.
Page
and
you'll
see
the
contents
we
had
added
earlier.
The
quickest
way
to
modify
this
is
to
click
the
edit
button
and
now
I'm
here
I'll,
be
adding
a
few
lines
of
code
and
explain
what
I've
added
that
will
be
relevant
for
our
demo,
so
starting
at
line
five
to
six.
A
What
we're
doing
here
is
adding
the
Google
Cloud
SDK
image
that'll
enable
us
to
run
the
gcloud
commands,
starting
at
line
eight
all
the
way
to
18
the
these
are
the
the
command
that
we'll
be
using.
That
will
be
executed
to
run
our
Pipeline
and
deploy
it
to
Cloud
run.
So
we
created
this
new
stage,
called
the
deploy
stage
or
modified
the
deploy
stage
that
was
set
from
Auto
devops
and
then
lines
12
to
14..
A
What
What's,
Happening
Here
is
we're
taking
the
credentials
we
had
entered
as
a
environment
variable
and
then
using
that
to
feed
into
the
authentication
onto
the
Google
Cloud
account
starting
at
line
15.
We
will
select
and
Target
the
project
ID
because
you
may
have
many
projects
in
your
Google
Cloud
account
we're
also
using
Docker
at
line
16.
A
now
interesting
part.
At
line
17,
we
will
be
using
Google
Cloud
build
to
generate
the
container
image
that
will
be
deployed
for
this
demo.
This
is
very
relevant
because
Cloud
run
could
take
many
container
images,
but
it
recommends
you
use
cloud
build
because
if
you're
using
a
private
gitlab
project,
you
won't
be
able
to
use
it
for
Google
Cloud
run
now.
A
The
final
line
here
is
we'll
we're
using
the
service
ID
that
we
defined
in
the
environment
variable
because
that
will
be
the
service
name,
it'll
be
appearing
in
Cloud,
run
and
a
few
more
and
a
few
project
configurations
and
region,
the
platform
management
and
then
authentication
unauthenticated,
allowing
right
so
yeah.
So
that's
this!
Those
are
the
lines
of
code
and
once
I'm
added
I've
added,
those
I
will
commit
change.
A
I
fast
forwarded
a
few
minutes
to
show
you
what
happened
in
that
pipeline
that
we
just
completed,
and
this
is
a
pipeline
that
auto
devops
created
for
you.
So
there's
the
build
stage.
A
The
test
stage
there's
a
deploy
stage,
and
you
see
that
the
Das
stage
is
not
yet
fully
complete,
which
will
finalize
in
the
final
step
of
this
demo,
but
I
wanted
to
point
out
that
auto
devops
set
these
stages
for
you
and
you
didn't
have
to
do
anything
right
and
the
tests
and
the
scanning
jobs
that
auto
devops
implemented
here
would
ensure
a
great
deal
of
security
improvements
and
ensure
that
you
have
a
high
quality
of
the
application
when
you
deploy
it
to
Cloud
run.
A
And
we
see
that
in
the
deploy
stage
it
was
completed.
So
we
know
that
this
application
is
deployed
to
Cloud
run
and
we
can
verify
here
so
in
the
cloud
run.
Section
of
console
of
the
Google
Cloud
console
you'll,
see
the
node.js
service
is
in
here,
and
this
is
the
one
that
we
had
just
defined
in
the
environment
variables.
A
Now.
The
final
step
of
the
demo
is
to
complete
the
Das
stage
of
the
CI
CD
pipeline.
Although
this
application
is
already
deployed
via
Cloud
run,
we
still
need
to
complete
the
final
security
stages
to
ensure
high
quality
and
ensure
that
application
is
not
going
to
be
compromised
when
subject
to
some
attacks.
So
to
do
that,
we
take
note
of
this
URL
here
where
the
plot
project
was
deployed
to
we
go
to
the
gitlab
CI
and
I'll
add
a
few
lines
of
code
foreign
now.
What
did
we
do
here?
A
A
The
security
settings
for
this
Cloud
run
deployment,
and
once
that
is
done,
I'm
going
to
commit
the
change
and
the
new
Final
pipeline
will
be
generated
again
now,
just
jumping
a
few
minutes.
After
that
last
pipeline
was
completed.
We
see
that
the
dash
stage
is
complete
and
that
passed.
So
it
means
that
the
cloud
and
application
that
we
deployed
past
the
Das
testing
and
was
found
that
it
did
not
have
any
vulnerabilities
to
attacks
and
the
tests
that
the
desk
implemented.
A
A
Fourth,
is
the
coding
of
the
CI
CD
Pipeline
and
we
finalized
it
by
adding
the
dast
functionality
at
the
end
with
gitlab,
Auto,
devops
and
Cloud
run
it's
all
about
speed
and
simplicity,
because
you're
not
worried
about
configuring
pipeline
setting
up
your
security
or
provisioning
resources
for
your
containerized
applications
once
you've
set
it
up.
All
you
need
to
do
is
climate,
your
code
in
gitlab
and
then
see
it,
live
on
Google
Cloud.