Building the Docker container

$ docker build -t gcr.io/bazel-public/gitsync .
$ docker push gcr.io/bazel-public/gitsync

Starting the VM that hosts the Docker container

$ gcloud compute instances delete --project bazel-public gitsync
$ gcloud compute instances create-with-container \
    --project bazel-public \
    --boot-disk-size 200GB \
    --container-image gcr.io/bazel-public/gitsync:latest \
    --machine-type n1-standard-2 \
    --zone us-central1-a \
    --image-project cos-cloud \
    --image-family cos-stable \
    --metadata cos-metrics-enabled=true \
    --scopes cloud-platform \
    --service-account gitsync@bazel-public.iam.gserviceaccount.com \
    gitsync

About the service account

The service account used for the container must have at least the following permissions:

  • Cloud KMS Decryption for the gitcookies and SSH key files only.
  • Logging > Logs Writer to write the Docker logs to Google Cloud Logging.

Getting logs from the container

You can view the Docker logs by navigating to the VM in GCE and then by either clicking on “Stackdriver logging” or ssh-ing into the machine and running docker logs.