Using Garden in CI

In this guide we'll demonstrate how Garden can fit into your continuous integration (CI) pipeline. Simply by adding extra environments to the project configuration, you can use Garden for local development and for testing and deploying your project in CI. This approach has several benefits:
  • Use the same tool and the same set of commands for the entire development cycle, from source to finish.
  • No need to change your CI configuration when you change your stack since Garden holds the entire stack graph.
  • The only thing you need to install in CI is the Garden CLI and its dependencies (or use a ready-made Garden container image).
  • When using in-cluster building your CI also uses the same build and test result cache as you and your team, which makes for a much faster pipeline.
To use Garden in your CI pipeline you need the following:
  1. 2.
    A Kubectl context on the CI agent that's configured for the remote cluster.
For the purposes of this example we'll be using CircleCI and deploying to a Google Kubernetes Engine (GKE) cluster. However, the instructions below can easily be applied to other CI platforms and cloud providers.
The guide uses the Remote Kubernetes plugin example. In what follows we assume that you've read that guide and that you have a running Kubernetes cluster to work with.


Project overview

The project is based on our basic demo-project example, but configured for multiple environments. Additionally it contains a CircleCI config file. You'll find the entire source code here.
The CI pipeline is configured so that Garden tests the project and deploys it to a preview environment on every pull request. Additionally, it tests the project and deploys it to a separate staging environment on every merge to the main branch.
To see it in action, you can fork the repository and follow the set-up steps below. Once you've set everything up, you can submit a pull request to the fork to trigger a CircleCI job which in turns deploys the project to your remote Kubernetes cluster.

Configure remote environments

Configuring Garden to work against a remote Kubernetes cluster is explained step by step in our Remote Kubernetes guide. For this example, we also use in-cluster building.
For this project we're using three environments: local, preview and staging. The local environment is the default and is configured for a local Kubernetes cluster that runs on the user's machine. The other two run on remote clusters.
We deploy to the preview environment every time someone makes a pull request on Github. The configuration looks like this:
# garden.yml
kind: Project
name: ci-demo-project
- name: preview
defaultNamespace: preview-${local.env.CIRCLE_BRANCH || local.username}
- name: kubernetes
environments: [preview]
context: my-preview-cluster
defaultHostname: ${environment.namespace}
buildMode: kaniko
Notice that we're using the CIRCLE_BRANCH environment variable to label the project namespace. This ensures that each pull request gets deployed into its own namespace.
The staging environment is configured in a similar manner. The relevant CI job is triggered on merges to the main branch.
You'll find the rest of the config here.

Configure the kubectl context

We need to make sure that it can access our remote cluster. We do this by setting up a kubectl context on the CI agent. How you set this up will vary by how and where you have deployed your cluster. What follows is specific to GKE.
We create a re-usable command for configuring the kubectl context:
# .circleci/config
description: Configure the kubectl context so that we can access our remote cluster
- run:
name: Configure kubectl context via gcloud
command: |
gcloud --quiet components update
echo $GCLOUD_SERVICE_KEY | gcloud auth activate-service-account --key-file=-
gcloud --quiet config set project $GCLOUD_PROJECT_ID && gcloud --quiet config set compute/zone $GCLOUD_COMPUTE_ZONE
gcloud --quiet container clusters get-credentials $GCLOUD_CLUSTER_ID --zone $GCLOUD_COMPUTE_ZONE
gcloud --quiet auth configure-docker
The commands use the following environment variables that you can set on the Project Environment Variables page (see here) in the CircleCI dashboard:
  • GCLOUD_SERVICE_KEY: Follow these instructions to get a service account key.
  • GCLOUD_PROJECT_ID, GCLOUD_COMPUTE_ZONE, and GCLOUD_CLUSTER_ID: These you'll find under the relevant project in your Google Cloud Platform console.
Please refer to this doc for more information on using the Google Cloud SDK in CircleCI.
You'll find the entire CircleCI config for this project here.

Running Garden commands in CircleCI

Now that we have everything set up, we can add the project to CircleCI and start using Garden in our CI pipelines.
Note: Below we use the gardendev/garden-gcloud container image, that extends the standard gardendev/garden image to bundle the gcloud binary (Google Cloud CLI). For an overview of all official Garden convenience containers, please refer to the reference guide for DockerHub containers.
Here's what our preview job looks like:
# .circleci/config
- image: gardendev/garden-gcloud:bonsai-alpine
GARDEN_LOG_LEVEL: verbose # set the log level to your preference here
- checkout
- configure_kubectl_context
- run:
name: Test project
command: garden test --env=preview
- run:
name: Deploy project
command: garden deploy --env=preview
Notice that there are no configuration steps outside of just configuring the kubectl context. And no matter how you change your stack, these steps will remain the same, making for a highly portable workflow—and much less fiddling around with CI!