/GKE-WITH-INGRESS

BSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

GKE-WITH-INGRESS

The repository demonstrates how to deploy an application from container image using Google Kubernetes Engine (GKE). WEB-TIMER is exploited as a containerised application (an example deployed on GKE).

Getting Started

To start with, you have to install the next tools:

  1. kubectl - the Kubernetes command-line tool. Set up yaml files can be applied to a cluster by using a command: kubectl apply -f <path_to_yaml_file>
  2. Google Cloud SDK. Right after installing the component it's possible to configure it and create your cluster - the credentials for kubectl will then be updated automatically. Otherwise, if you create your cluster through the GKE web UI, you will have to fetch the credentials on your own: gcloud container clusters get-credentials
  3. You might also need kompose to convert your existent docker-compose.yml file into service and pod files.

Pod

Secrets

app-pod.yaml refers to secrets (the secretKeyRef element) provided in secret.yaml. All the secret values are rpesented as base64 encoded values. Thus, it's going to be the very first file to apply to your cluster: kubectl apply -f secret.yaml To encode a text value in Linux: echo -n "you_secret_value" | base64. Conversely, decoding: echo -n "base64_encoded_value" | base64 --decode

Readiness/Liveness Probes

Readiness and liveness probes can be used in parallel for the same container. Using both can ensure that traffic does not reach a container that is not ready for it (the readiness probe), and that containers are restarted when they fail (the liveness probe).

Ingress

To set up external access to your application you have to configure ingress.

At first, when dealing with SSL connections there is a necessity to generate a valid certificate for your domains. cert-manager can facilitate the process of issuing one. Having installed the utility, apply a cluster issuer filling out your personal data to create a certificate for the forthcoming ingress automatically. The certificate itself is generated by a nonprofit ACME issuer letsencrypt.

While configuring the cluster issuer, you'll also have to provide your dns name, which implies having a domain at your fingertips. I used freenom as a provider - it's free of charge.

According to GKE documentation: "For a web application you are planning for a long time, you need to use a static external IP address." So, the next step is to create an external IP for the ingress: gcloud compute addresses create your-ip-name --global. An annotation kubernetes.io/ingress.global-static-ip-name points out to the address name in the ingress.

Finally, after filling out yout hosts, the ip address name and the TLS secret name (the same as in the cluster issuer) that will contain an issued certificate you're ready to apply the ingress.