WEBVTT 00:00.630 --> 00:01.463 -: In the last section 00:01.463 --> 00:03.720 we started working on our Travis Dot YAML file. 00:03.720 --> 00:05.610 We've now got some configuration that's going to 00:05.610 --> 00:07.890 install the Google Cloud SDK. 00:07.890 --> 00:09.240 It then is going to download 00:09.240 --> 00:11.760 and install the Cube CTL command line tool. 00:11.760 --> 00:13.410 And then finally, we had said that we need to make sure 00:13.410 --> 00:16.109 that we essentially authorize the Google Cloud SDK 00:16.109 --> 00:19.350 with some service account and the credentials 00:19.350 --> 00:20.790 for that are going to be placed inside 00:20.790 --> 00:23.430 of this service account J on file. 00:23.430 --> 00:25.110 Now, this section we're going to create this service 00:25.110 --> 00:26.460 account J on file. 00:26.460 --> 00:27.870 We're gonna put some credentials in there 00:27.870 --> 00:29.310 and then we're going to somehow hook it 00:29.310 --> 00:31.380 up to our Travis CI built. 00:31.380 --> 00:32.550 Now here's the entire series 00:32.550 --> 00:34.470 of steps that we're going to go through. 00:34.470 --> 00:36.270 So the first thing we have to do is log 00:36.270 --> 00:38.160 onto our Google Cloud console 00:38.160 --> 00:40.410 and we're going to create a service account. 00:40.410 --> 00:42.420 Remember, a service account is very similar 00:42.420 --> 00:46.230 to that IAM user that we had created back on AWS. 00:46.230 --> 00:47.160 It's essentially a set 00:47.160 --> 00:50.160 of credentials that's going to allow program addict access 00:50.160 --> 00:51.896 to our Google Cloud account. 00:51.896 --> 00:55.020 When we make that service account will then be provided 00:55.020 --> 00:58.260 with a JSON file that contains the account 00:58.260 --> 01:00.780 credentials to access the service account. 01:00.780 --> 01:04.080 So that JSON file is a very sensitive little file 01:04.080 --> 01:06.690 and we really want to make sure that the information inside 01:06.690 --> 01:09.390 of it does not get exposed to the outside world. 01:09.390 --> 01:11.820 So to make sure that we don't have to commit that file 01:11.820 --> 01:14.550 to GitHub and accidentally push that to GitHub 01:14.550 --> 01:17.700 or anything like that, we're going to encrypt the file 01:17.700 --> 01:21.720 and store the encrypted file on Travis CI's servers. 01:21.720 --> 01:24.420 Now we've already gone through an example where we made use 01:24.420 --> 01:28.290 of a environment variable that was encrypted with Travis CI, 01:28.290 --> 01:29.640 but that was with a string 01:29.640 --> 01:32.280 or just a simple environment variable. 01:32.280 --> 01:33.840 This time around, we want to load 01:33.840 --> 01:35.970 up a file that gets encrypted 01:35.970 --> 01:38.673 and sort with Travis as opposed to a simple string. 01:39.570 --> 01:40.470 So to do so 01:40.470 --> 01:43.770 we're going to download and install the Travis CLI. 01:43.770 --> 01:46.500 Now the real name for this would be like the Travis CI CLI 01:46.500 --> 01:48.990 but I realized that was kind of confusing. 01:48.990 --> 01:52.530 So we're going to download Travis CLI on our local machine 01:52.530 --> 01:55.440 and we'll be able to use that CLI to encrypt this file 01:55.440 --> 01:57.180 and store it with Travis. 01:57.180 --> 02:00.300 So we're going to encrypt it and then upload the JSON file 02:00.300 --> 02:02.610 and tie it to our Travis account so that it 02:02.610 --> 02:07.290 cannot be viewed as plain text by anyone else in the world. 02:07.290 --> 02:09.510 Then finally, inside of our Travis dot EMO file 02:09.510 --> 02:11.340 we're gonna add a little bit of configuration 02:11.340 --> 02:14.760 to take that file that we just encrypted and uploaded. 02:14.760 --> 02:18.300 We're going to unencrypted, unencrypted it JSON file 02:18.300 --> 02:20.400 and then we're gonna take the JSON file and load 02:20.400 --> 02:24.780 it into Google Cloud or the G cloud SDK. 02:24.780 --> 02:26.250 And this is essentially the line right here 02:26.250 --> 02:27.120 that's going to do that. 02:27.120 --> 02:29.910 This line is what takes that JSON file and loads 02:29.910 --> 02:33.240 it up and tells the Google Cloud SDK that Hey 02:33.240 --> 02:35.400 here's who we are and here are the credentials 02:35.400 --> 02:37.953 that you need to access our Kubernetes cluster. 02:38.880 --> 02:40.020 Okay, so let's get to it. 02:40.020 --> 02:42.540 Step one, create a service account. 02:42.540 --> 02:45.420 So I'm going to go back over to my Google Cloud 02:45.420 --> 02:48.180 dashboard on the top left hand side 02:48.180 --> 02:50.070 I'll find my navigation menu 02:50.070 --> 02:53.973 and then I'm gonna scroll down to IAM and admin right here. 02:56.760 --> 02:58.860 Now on this page, you might already see a bunch 02:58.860 --> 03:00.420 of different things created here. 03:00.420 --> 03:03.270 I don't recall if these are, Nah, these are brand new. 03:03.270 --> 03:04.470 I'm pretty sure these are brand new. 03:04.470 --> 03:05.520 I was gonna say, I can't recall 03:05.520 --> 03:07.320 if these are automatically generated or what 03:07.320 --> 03:11.580 but I'm pretty sure these will automatically generate it. 03:11.580 --> 03:14.530 Now on the left hand side, I'm gonna find service accounts. 03:16.920 --> 03:20.190 Then on the top right hand side, I'll say, Oops 03:20.190 --> 03:21.180 not that one. 03:21.180 --> 03:22.290 Let me zoom out here. 03:22.290 --> 03:23.460 I can't actually see everything 03:23.460 --> 03:24.700 because I'm running a little zoomed in there. 03:24.700 --> 03:27.500 There it is, create service account right in the middle. 03:28.740 --> 03:31.950 Okay, so we're gonna put in some information to this thing. 03:31.950 --> 03:33.900 First, we have to provide a account name. 03:33.900 --> 03:35.760 You can put any name in here that you want. 03:35.760 --> 03:36.930 It really doesn't matter. 03:36.930 --> 03:37.763 It'd be nice 03:37.763 --> 03:39.780 if you just kind of, as the note says, kind of 03:39.780 --> 03:42.810 describe what this service account is going to be used for. 03:42.810 --> 03:46.230 So I'll call this thing, How about Travis Deployer? 03:46.230 --> 03:48.720 I think that makes enough sense. 03:48.720 --> 03:51.120 We then have to assign a role, which is essentially 03:51.120 --> 03:54.810 the permissions that this service account is going to have. 03:54.810 --> 03:59.043 So in this table, I'm gonna scroll down and find Kubernetes. 04:00.930 --> 04:03.210 So here's Kubernetes engine, and we're going to 04:03.210 --> 04:05.580 make it an engine admin because this is going to 04:05.580 --> 04:07.860 be a service account that has total control 04:07.860 --> 04:11.340 over our cluster and can easily create new objects 04:11.340 --> 04:14.340 delete objects, edit them, whatever needs to be done. 04:14.340 --> 04:15.780 So I'll click on that 04:15.780 --> 04:18.900 and then we'll select furnish a new private key 04:18.900 --> 04:22.023 and we want to get a JSON file for our private key. 04:22.860 --> 04:23.700 So that's pretty much it. 04:23.700 --> 04:25.710 I'm then going to save the file, or excuse me 04:25.710 --> 04:27.160 save the new service account. 04:28.890 --> 04:31.080 And then I'll be automatically prompted 04:31.080 --> 04:33.900 with a download here for the JSON file that has 04:33.900 --> 04:36.360 our account credentials inside of it. 04:36.360 --> 04:38.250 So I can close this window 04:38.250 --> 04:39.900 and then this JSON file right here. 04:39.900 --> 04:42.660 This is the very important thing that we want to make use 04:42.660 --> 04:46.380 of and eventually encrypt and upload to Travis CI. 04:46.380 --> 04:48.360 Now I want to be a hundred percent clear. 04:48.360 --> 04:50.460 This is extremely important. 04:50.460 --> 04:52.260 So please listen very carefully. 04:52.260 --> 04:55.920 This file that was just downloaded under no way, shape 04:55.920 --> 04:59.273 or form do I ever, ever, ever want to accidentally 04:59.273 --> 05:02.430 expose this JSON file to the outside world. 05:02.430 --> 05:04.200 So I'm gonna make a hundred percent sure 05:04.200 --> 05:06.990 that I do not accidentally commit this file 05:06.990 --> 05:10.260 to GI or upload it to GitHub or anything like that. 05:10.260 --> 05:11.550 So again, please make sure 05:11.550 --> 05:13.410 that you treat this file very carefully 05:13.410 --> 05:16.770 and do not accidentally expose it to the outside world. 05:16.770 --> 05:18.930 All right, so now that we've created our service account 05:18.930 --> 05:20.550 let's take a quick pause right here. 05:20.550 --> 05:22.400 When we come back in the next section 05:23.340 --> 05:26.040 we're going to download and install the Travis CLI. 05:26.040 --> 05:28.563 So quick pause and I'll see you in just a minute.