Skip to content

Instantly share code, notes, and snippets.

@browny

browny/GKE101-Lab.md

Last active August 12, 2019 06:40
Show Gist options
  • Save browny/e065e2b1de52371051104c3b0f396241 to your computer and use it in GitHub Desktop.
Save browny/e065e2b1de52371051104c3b0f396241 to your computer and use it in GitHub Desktop.
Download ZIP
Labs of GKE101
Raw
GKE101-Lab.md

Lab1

Introduction to Containers and Docker

Run the web server manually

# Provision a ubuntu VM
gcloud compute --project=infra101 instances create vm-based \
  --zone=asia-east1-b --machine-type=g1-small --image=ubuntu-minimal-1604-xenial-v20190628

# Run web-server as VM-based style
sudo apt-get update
sudo apt-get install -y python3 python3-pip
pip3 install tornado
python3 web-server.py &

curl http://localhost:8888
kill %1

Package using Docker

# Use Cloud Shell

cat Dockerfile

# Build container image
docker build -t py-web-server:v1 .

# Run container
docker run -d -p 8888:8888 --name py-web-server -h my-web-server py-web-server:v1

curl http://localhost:8888
docker rm -f py-web-server

Upload the image to a registry

export GCP_PROJECT=`gcloud config list core/project --format='value(core.project)'`

docker build -t "gcr.io/${GCP_PROJECT}/py-web-server:v1" .

# Set once
sudo usermod -a -G docker ${USER}
gcloud auth configure-docker

# Push image to Container Registry
docker push gcr.io/${GCP_PROJECT}/py-web-server:v1

gcloud container images list-tags gcr.io/${GCP_PROJECT}/py-web-server

# Make image public accessible (optional)
gsutil iam ch allUsers:objectViewer "gs://artifacts.${GCP_PROJECT}.appspot.com"

Run the web server container on Compute Engine

# Run container on Compute Engine instance
gcloud beta compute instances create-with-container py-web-server --zone=asia-east1-b \
  --machine-type=g1-small --tags=web-server \
  --container-image="gcr.io/${GCP_PROJECT}/py-web-server:v1"

# Expose to internet
gcloud compute firewall-rules create allow-8888 --direction=INGRESS \
  --priority=1000 --network=default --action=ALLOW --rules=tcp:8888 --source-ranges=0.0.0.0/0 \
  --target-tags=web-server

Lab2

Kubernetes Basics

Start a kubernetes cluster

# Press `Connect` button to configure kubectl command
Run in Cloud Shell

# (optional) make kubectl with auto-completion
source <(kubectl completion bash)

Run and deploy a container

# kubectl run nginx --image=nginx:1.10.0 --generator=deployment/apps.v1beta1 --dry-run -o yaml
kubectl create -f deploy.yaml

kubectl get pods
kubectl get pods -o wide

Expose service

kubectl expose deployment nginx --port 80 --type LoadBalancer
kubectl get services

Scale up

kubectl scale deployment nginx --replicas 3
kubectl get pods
kubectl get services # external IP has not changed

curl http://<External IP>:80

# https://github.com/wercker/stern (Multi pod and container log tailing for Kubernetes)
stern "nginx.*"

Clean up

kubectl delete deployment nginx
kubectl delete service nginx

Lab3 (Optional)

https://github.com/googlecodelabs/orchestrate-with-kubernetes

# Get sample codes
git clone https://github.com/googlecodelabs/orchestrate-with-kubernetes.git
cd orchestrate-with-kubernetes/kubernetes

Pods

# Deploy pods
kubectl explain pods
cat pods/monolith.yaml

kubectl create -f pods/monolith.yaml
kubectl describe pods monolith

Interacting with pods

# port forwarding (keep terminal running)
kubectl port-forward monolith 10080:80
curl http://127.0.0.1:10080

# fail bcz you need to include an auth token in your request
curl http://127.0.0.1:10080/secure

# login to get token
TOKEN=$(curl http://127.0.0.1:10080/login -u user|jq -r '.token')
password: `password`

curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:10080/secure

# logging
kubectl logs -f monolith

# login into container
kubectl exec monolith --stdin --tty -c monolith /bin/sh

# test internet connectivity inside container
ping -c 3 google.com

Monitoring and health checks

Readiness (Readiness probes indicate when a pod is "ready" to serve traffic)

cat pods/healthy-monolith.yaml

kubectl create -f pods/healthy-monolith.yaml
kubectl describe pod healthy-monolith

kubectl port-forward healthy-monolith 10081:81
# force the monolith container readiness probe to fail (toggle the readiness probe status)
curl http://127.0.0.1:10081/readiness/status

# Check READY -> 0/1
kubectl get pods healthy-monolith -w

# Readiness probe failed: HTTP probe failed with statuscode: 503
kubectl describe pods healthy-monolith

Liveness (Liveness probes indicate whether a container is "alive.")

kubectl port-forward healthy-monolith 10081:81

curl http://127.0.0.1:10081/healthz/status

# Wait for pod restart
kubectl get pods healthy-monolith -w

kubectl describe pods healthy-monolith

Services

# Create secret and configmap
kubectl create secret generic tls-certs --from-file tls/
kubectl create configmap nginx-proxy-conf --from-file nginx/proxy.conf

cat nginx/proxy.conf

# Create pods
cat pods/secure-monolith.yaml
kubectl create -f pods/secure-monolith.yaml

# Create services
cat services/monolith.yaml
kubectl create -f services/monolith.yaml

# Create firewall for external access
gcloud compute firewall-rules create allow-monolith-nodeport --allow=tcp:31000

# Why not work (labels)
gcloud compute instances list | grep gke-
https://<EXTERNAL_IP>:31000

# Add labels to pods
kubectl get pods -l "app=monolith,secure=enabled" # nothing
kubectl label pods secure-monolith 'secure=enabled'
kubectl get pods secure-monolith --show-labels

# Try again
gcloud compute instances list | grep gke-
open https://<EXTERNAL_IP>:31000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment