Deploying a k8s cluster on Google cloud

gistfile1.md

Kubernetes Concepts

Pods

Runs one or more closely related containers. Most of the time, we will have a pod running a single container. Pods are temporary in nature i.e. pods can be destroyed and new ones created anytime. This is why we don't directly manage individual pods. Docs

Deployments

Administers and manages a set of pods. We use deployments to configure and manage set of pods. Docs

Services

Sets up networking in the kubernetes cluster. Docs There are 4 types of services:

1. ClusterIP - Exposes a set of pods to other objects in the cluster.
2. NodePort - Exposes a set of pods to the outside world (only useful for dev purpose).
3. Load balancer - Legacy way of getting network traffic into a cluster.
4. Ingress - Exposes a set of services to the outiside world. (Recommended). When running on a managed k8s cluster, this provisions a cloud specific load balancer automatically. For example, when you create an Ingress object, the GKE ingress controller creates a Google Cloud Platform HTTP(S) load balancer and configures it according to the information in the Ingress and its associated Services. Source

Secrets

Securely store a piece of information in the cluter such as database password. Docs

Creating a generic secret

kubectl create secret generic [secret-name] --from-literal [key]=[value]

First Step

Our first step is to be able to run the app in a local kubernetes cluster using minikube. Unlike docker-compose, kubernetes doesn't build our images. So, we have to build the images and publish to a container registry. We are going to use Google Container Registry (GCR).

Install gcloud sdk

Follow the instructions on https://cloud.google.com/sdk/docs/ Make sure to configure docker to use gcloud as the credential helper by running

gcloud auth configure-docker

Decide on the container registry location

At present, there are 4 options where we can have the container registry located geographically.

Host Name        Location

gcr.io      - United States, but may change in the future.
us.gcr.io   - United States, but the storage bucket is separate from `gcr.io`
eu.gcr.io   - European Union
asia.gcr.io - Asia 

To build an image

docker build -t gcr.io/[project-id]/[image-name]:[tag] .

To push an image to Google container registry

docker push gcr.io/[project-id]/[image-name]:[tag]

Configure minikube to authenticate with GCR

1. Go to "IAM & Admin" > "Service Accounts".

2. Select "Create service account".

3. Specify a name and description for the service account. (eg. name can be "gcr-pull"). Click "Create".

4. Select "Project > Viewer" role.

5. Continue and create a JSON key from the "Create key" section. This will generate a secrete key and prompt to save on your computer. Save it

6. Now we need to create a secret of type docker-registry.

kubectl create secret docker-registry gcr-json-key --docker-server=https://gcr.io --docker-username=_json_key --docker-password="$(cat /path/to/downloaded/json/key.json)" [email protected]

We named the secret gcr-json-key. The docker username has to be _json_key.

7. The last step is to patch the default service account with this new secret.

kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "gcr-json-key"}]}'

Set up ingress nginx in minikube

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml

minikube addons enable ingress

Second step

In the second step, we are going to deploy our application to Google cloud kubernetes engine (GKE). We will also set up Gitlab as the source repository and configure CI on it.

Gitlab

• Create a blank new project in Gitlab.
• Push stuff to the new repo.

Google Cloud

• Create a new project if not already created. Enable billing on the project.
• Navigate to "Compute > Kubernetes Engine > Clusters".
• Create a new cluster.