DEV Community

Cover image for Kamal Deploy on GCP
Ash Wu
Ash Wu

Posted on • Edited on

7

Kamal Deploy on GCP

Kamal (https://kamal-deploy.org/) serves as the Docker equivalent of Capistrano, presenting a familiar interface to those already acquainted with Capistrano.

In this article, I'll share insights gained from deploying a web application on Google Cloud Platform (GCP) using Kamal. Rather than offering a one-size-fits-all guide, I aim to provide a collection of useful snippets and references to facilitate your project's deployment.

Utilizing GCP's Artifact Registry

The integration of Kamal with GCP's Artifact Registry is streamlined by an ongoing PR (https://github.com/basecamp/kamal-site/pull/35). For seamless operation, configure the following in your Kamal settings, ensuring to replace the placeholders with your specific project details and incorporating the service account's JSON key.

image: <your gcp project id>/<artifact registry repo name>/<desired image name>
registry:
  server: <your registry region>-docker.pkg.dev
  username: _json_key_base64
  password:
    - KAMAL_REGISTRY_PASSWORD
Enter fullscreen mode Exit fullscreen mode

Secure SSH Access via IAP

To securely SSH into GCP's Compute Engine VMs, the use of Identity-Aware Proxy (IAP) is advocated. Before proceeding, verify your ability to SSH via IAP by following GCP's official guide (https://cloud.google.com/compute/docs/connect/ssh-using-iap).

In the Kamal configuration file, define your server host as shown below:

servers:
  - "myhost.us-west1-a.my-gcp-project"
Enter fullscreen mode Exit fullscreen mode

Setting up Proxy Command

For a smooth SSH connection, download and implement this script (https://gist.github.com/hSATAC/d72bd174f8845d8b9995f8921fe13b39) as your proxy_command. This script, compatible with both macOS and Linux, facilitates usage across various environments including CI runners.

Locate the script within the project at ./.kamal/scripts/:

ssh:
  proxy_command: sh ./.kamal/scripts/gcp-start-iap-tunnel-ssh-proxy-magic.sh gce_instance=%h sshuser=root
Enter fullscreen mode Exit fullscreen mode

Enabling Root SSH Access

Though Kamal permits SSH access under any username, employing the root user simplifies processes, adhering to Kamal's default assumptions.

Enable root SSH access as per GCP's guidance (https://cloud.google.com/compute/docs/connect/root-ssh#gcloud), and in your SSH configuration (~/.ssh/config), include a reference to Google's Compute Engine private key:

Host *.my-gcp-project
  IdentityFile ~/.ssh/google_compute_engine
Enter fullscreen mode Exit fullscreen mode

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay