Thursday, December 26, 2019

Application deployment into Google Kubernetes Engine on Google Cloud

Kubernetes https://kubernetes.io/

Google Kubernetes Engine  https://cloud.google.com/container-engine

Sample app https://github.com/kelseyhightower/app
 It's a 12-Factor application with the following Docker images:
  • Monolith: includes auth and hello services.
  • Auth microservice: generates JWT tokens for authenticated users.
  • Hello microservice: greets authenticated users.
  • nginx: frontend to the auth and hello services.
 

Tools

The gcloud command-line interface is a tool that provides the primary CLI to Google Cloud Platform.
https://cloud.google.com/sdk/gcloud/

Access the Kubernetes pods


Pods are allocated a private IP address by default that cannot be reached outside of the cluster. Use the kubectl port-forward command to map a local port to a port inside the monolith pod.

kubectl port-forward myapp  9999:80  
 
  
 
TOKEN=$(curl http://127.0.0.1:9999/login -u user|jq -r '.token') 
 
  
 
curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:9999/secure  


Run shell inside pod

kubectl exec myapp --stdin --tty -c myapp /bin/sh


This uploads cert files from the local directory tls/ and stores them in a secret called tls-certs.

kubectl create secret generic tls-certs --from-file tls/

kubectl create configmap nginx-proxy-conf --from-file nginx/proxy.conf


more nginx/proxy.conf

server {

  listen 443;

  ssl    on;

 
  ssl_certificate     /etc/tls/cert.pem;

  ssl_certificate_key /etc/tls/key.pem;

 
  location / {

    proxy_pass http://127.0.0.1:80;

  }

}


Setup firewall
gcloud compute firewall-rules create allow-myapp-nodeport --allow=tcp:31000



NAME                     NETWORK  DIRECTION  PRIORITY  ALLOW      DENY  DISABLED

allow-myapp-nodeport  default  INGRESS    1000      tcp:31000        False


Get pods with secure=enabled

kubectl get pods -l "app=myapp,secure=enabled"


Get endpoints

kubectl get endpoints monolith




No comments:

Post a Comment