Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jahn08/gke-with-ingress


https://github.com/jahn08/gke-with-ingress

gke ingress k8s kubernetes letsencrypt

Last synced: about 8 hours ago
JSON representation

Awesome Lists containing this project

README

        

# GKE-WITH-INGRESS

The repository demonstrates how to deploy an application from container image using Google Kubernetes Engine (GKE). [WEB-TIMER](https://github.com/Jahn08/WEB-TIMER) is exploited as a containerised application (**[an example deployed on GKE](https://webtimer.tk)**).

## Getting Started

To start with, you have to install the next tools:
1. [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - the Kubernetes command-line tool. Set up yaml files can be applied to a cluster by using a command: *kubectl apply -f *
2. [Google Cloud SDK](https://cloud.google.com/sdk/install). Right after installing the component it's possible to [configure it and create your cluster](https://cloud.google.com/kubernetes-engine/docs/quickstart) - the credentials for *kubectl* will then be updated automatically. Otherwise, if you create your cluster through the GKE web UI, you will have to fetch the credentials on your own: *gcloud container clusters get-credentials *
3. You might also need [kompose](https://kompose.io/) to convert your existent docker-compose.yml file into service and pod files.

## Pod

### Secrets

[app-pod.yaml](https://github.com/Jahn08/GKE-WITH-INGRESS/blob/master/app-pod.yaml) refers to secrets (the *secretKeyRef* element) provided in [secret.yaml](https://github.com/Jahn08/GKE-WITH-INGRESS/blob/master/secret.yaml). All the secret values are rpesented as base64 encoded values. Thus, it's going to be the very first file to apply to your cluster: *kubectl apply -f secret.yaml*
To encode a text value in Linux: *echo -n "you_secret_value" | base64*. Conversely, decoding: *echo -n "base64_encoded_value" | base64 --decode*

### Readiness/Liveness Probes

[Readiness and liveness probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) can be used in parallel for the same container. Using both can ensure that traffic does not reach a container that is not ready for it (the readiness probe), and that containers are restarted when they fail (the liveness probe).

## Ingress

To set up external access to your application you have to configure ingress.

At first, when dealing with SSL connections there is a necessity to generate a valid certificate for your domains. [cert-manager](https://cert-manager.io/docs/installation/kubernetes/) can facilitate the process of issuing one. Having installed the utility, apply a [cluster issuer](https://github.com/Jahn08/GKE-WITH-INGRESS/blob/master/cluster-issuer.yaml) filling out your personal data to create a certificate for the forthcoming ingress automatically. The certificate itself is generated by a nonprofit [ACME](https://cert-manager.io/docs/configuration/acme/) issuer letsencrypt.

While configuring the cluster issuer, you'll also have to provide your dns name, which implies having a domain at your fingertips. I used [freenom](https://my.freenom.com/clientarea.php) as a provider - it's free of charge.

According to [GKE documentation](https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer#step_5_optional_configure_a_static_ip_address): "For a web application you are planning for a long time, you need to use a static external IP address." So, the next step is to create an external IP for the ingress: *gcloud compute addresses create your-ip-name --global*. An annotation *kubernetes.io/ingress.global-static-ip-name* points out to the address name in the ingress.

Finally, after filling out yout hosts, the ip address name and the TLS secret name (the same as in the cluster issuer) that will contain an issued certificate you're ready to apply the [ingress](https://github.com/Jahn08/GKE-WITH-INGRESS/blob/master/ingress.yaml).