Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jahn08/gke-with-ingress
https://github.com/jahn08/gke-with-ingress
gke ingress k8s kubernetes letsencrypt
Last synced: about 8 hours ago
JSON representation
- Host: GitHub
- URL: https://github.com/jahn08/gke-with-ingress
- Owner: Jahn08
- License: bsd-3-clause
- Created: 2020-06-16T18:37:50.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-06-20T09:57:36.000Z (over 4 years ago)
- Last Synced: 2024-11-06T02:13:17.858Z (about 2 months ago)
- Topics: gke, ingress, k8s, kubernetes, letsencrypt
- Size: 13.7 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# GKE-WITH-INGRESS
The repository demonstrates how to deploy an application from container image using Google Kubernetes Engine (GKE). [WEB-TIMER](https://github.com/Jahn08/WEB-TIMER) is exploited as a containerised application (**[an example deployed on GKE](https://webtimer.tk)**).
## Getting Started
To start with, you have to install the next tools:
1. [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - the Kubernetes command-line tool. Set up yaml files can be applied to a cluster by using a command: *kubectl apply -f *
2. [Google Cloud SDK](https://cloud.google.com/sdk/install). Right after installing the component it's possible to [configure it and create your cluster](https://cloud.google.com/kubernetes-engine/docs/quickstart) - the credentials for *kubectl* will then be updated automatically. Otherwise, if you create your cluster through the GKE web UI, you will have to fetch the credentials on your own: *gcloud container clusters get-credentials *
3. You might also need [kompose](https://kompose.io/) to convert your existent docker-compose.yml file into service and pod files.## Pod
### Secrets
[app-pod.yaml](https://github.com/Jahn08/GKE-WITH-INGRESS/blob/master/app-pod.yaml) refers to secrets (the *secretKeyRef* element) provided in [secret.yaml](https://github.com/Jahn08/GKE-WITH-INGRESS/blob/master/secret.yaml). All the secret values are rpesented as base64 encoded values. Thus, it's going to be the very first file to apply to your cluster: *kubectl apply -f secret.yaml*
To encode a text value in Linux: *echo -n "you_secret_value" | base64*. Conversely, decoding: *echo -n "base64_encoded_value" | base64 --decode*### Readiness/Liveness Probes
[Readiness and liveness probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) can be used in parallel for the same container. Using both can ensure that traffic does not reach a container that is not ready for it (the readiness probe), and that containers are restarted when they fail (the liveness probe).
## Ingress
To set up external access to your application you have to configure ingress.
At first, when dealing with SSL connections there is a necessity to generate a valid certificate for your domains. [cert-manager](https://cert-manager.io/docs/installation/kubernetes/) can facilitate the process of issuing one. Having installed the utility, apply a [cluster issuer](https://github.com/Jahn08/GKE-WITH-INGRESS/blob/master/cluster-issuer.yaml) filling out your personal data to create a certificate for the forthcoming ingress automatically. The certificate itself is generated by a nonprofit [ACME](https://cert-manager.io/docs/configuration/acme/) issuer letsencrypt.
While configuring the cluster issuer, you'll also have to provide your dns name, which implies having a domain at your fingertips. I used [freenom](https://my.freenom.com/clientarea.php) as a provider - it's free of charge.
According to [GKE documentation](https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer#step_5_optional_configure_a_static_ip_address): "For a web application you are planning for a long time, you need to use a static external IP address." So, the next step is to create an external IP for the ingress: *gcloud compute addresses create your-ip-name --global*. An annotation *kubernetes.io/ingress.global-static-ip-name* points out to the address name in the ingress.
Finally, after filling out yout hosts, the ip address name and the TLS secret name (the same as in the cluster issuer) that will contain an issued certificate you're ready to apply the [ingress](https://github.com/Jahn08/GKE-WITH-INGRESS/blob/master/ingress.yaml).