Created
April 10, 2018 21:04
-
-
Save demofly/5a43bd29dcc22f002ba64340ead3e527 to your computer and use it in GitHub Desktop.
How to attach your GKE NodePort nginx-service to a precreated GLB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#set -x | |
## Predefined variables ## | |
#export GCP_CI_SVC_ACCOUNT=$(base64 my-svc-account-gcp.json) | |
#export GCP_CI_SVC_ACCOUNT_ID=my-svc-account-gcp-id@....google.com | |
export CLOUDSDK_CORE_DISABLE_PROMPTS=1 | |
export CI_DOMAIN="ci.domain.tld" | |
export GCP_COMPUTE_ZONE="europe-west1-d" | |
export GCP_PROJECT_ID="ci-test-env" | |
export GKE_CLUSTER_NAME="php7-nginx-master-243" | |
export GKE_CLUSTER_FQDN="${GKE_CLUSTER_NAME}.${CI_DOMAIN}" | |
export GLB_NAME="ci-domain-tld" | |
export GLB_IP_NAME="glb01-ci-domain-tld" | |
export GLB_TLS_CERT="wildcardssl-ci-domain-tld" | |
export GLB_BACKEND_NAME="${GLB_NAME}-${GKE_CLUSTER_NAME}" | |
export GLB_HTTP_CHECK_NAME="${GKE_CLUSTER_NAME}-http-check" | |
## Evaluated variables ## | |
export GCP_REGION=$(echo "${GCP_COMPUTE_ZONE}" | sed -r 's#-\w+$##') | |
#export GLB_IP=$(gcloud compute addresses list --format="table[no-heading](address)" --filter="name=${GLB_IP_NAME}") | |
export LB_NODE_PORT=$(kubectl get --template="{{(index .spec.ports 0).nodePort}}" services nginx-service) | |
export GKE_GROUP_NAME=$(basename `gcloud beta container clusters describe ${GKE_CLUSTER_NAME} --zone ${GCP_COMPUTE_ZONE} | grep 'gke' | sed 's#.*/##' | sort -u | grep '^gke'`) | |
GKE_GROUP_SOME_NODE=$(gcloud compute instance-groups list-instances ${GKE_GROUP_NAME} --format="table[no-heading](instance)" | head -n1) | |
export GKE_NODE_TAG=$(gcloud compute instances describe --format="text[no-heading](tags)" ${GKE_GROUP_SOME_NODE} | awk '{print $2}' | grep '^gke-.*-node$') | |
# some outdated commands: | |
#gcloud compute url-maps create ${GLB_NAME} --default-service ${GLB_BACKEND_NAME} | |
#gcloud compute forwarding-rules create ${GLB_BACKEND_NAME}-http-rule --global --target-http-proxy ${GLB_BACKEND_NAME}-http-proxy --ports=80 --address ${GLB_IP_NAME} | |
#gcloud compute forwarding-rules create ${GLB_BACKEND_NAME}-https-rule --global --target-https-proxy ${GLB_BACKEND_NAME}-https-proxy --ports=443 --address ${GLB_IP_NAME} | |
#gcloud compute forwarding-rules list | |
#gcloud compute target-http-proxies create ${GLB_BACKEND_NAME}-http-proxy --url-map ${GLB_NAME} | |
#gcloud compute target-https-proxies create ${GLB_BACKEND_NAME}-https-proxy --ssl-certificates ${GLB_TLS_CERT} --url-map ${GLB_NAME} | |
# Suppose you have set up your env and auth for gcloud already | |
# if not, here are some useful commands: | |
# | |
#GCR_KEY_FILE="${HOME}/gcr-key.json" | |
#echo -n "${GCP_CI_SVC_ACCOUNT}" | base64 -d > "${GCR_KEY_FILE}" | |
#gcloud auth activate-service-account "${GCP_CI_SVC_ACCOUNT_ID}" --key-file "${GCR_KEY_FILE}" | |
#gcloud config set project "${GCP_PROJECT_ID}" | |
#gcloud config set compute/zone "${GCP_COMPUTE_ZONE}" | |
#gcloud config set container/cluster "${GKE_CLUSTER_NAME}" | |
#gcloud container clusters get-credentials "${GKE_CLUSTER_NAME}" | |
function add_to_glb() { | |
# Allow connections to the exposed NodePort | |
gcloud compute firewall-rules create ${GLB_BACKEND_NAME}-http-${LB_NODE_PORT} --allow tcp:${LB_NODE_PORT} --target-tags ${GKE_NODE_TAG} | |
# Necessary HC to allow GLB to decide what nodes are healthy | |
gcloud compute http-health-checks create ${GLB_HTTP_CHECK_NAME} --host "${GKE_CLUSTER_FQDN}" --port ${LB_NODE_PORT} | |
# Create a virtual backend, with details of target port, target instance group, autoscaling criterias and other mechanics | |
gcloud compute backend-services create ${GLB_BACKEND_NAME} --protocol HTTP --port ${LB_NODE_PORT} --http-health-checks ${GLB_HTTP_CHECK_NAME} --global | |
gcloud compute backend-services add-backend ${GLB_BACKEND_NAME} --balancing-mode UTILIZATION --max-utilization 0.8 --capacity-scaler 1 --instance-group ${GKE_GROUP_NAME} --instance-group-zone ${GCP_COMPUTE_ZONE} --global | |
# Create the vhost on GLB and attach the virtual backend to it | |
gcloud compute url-maps add-path-matcher ${GLB_NAME} --path-matcher-name "${GLB_BACKEND_NAME}-matcher" --default-service ${GLB_BACKEND_NAME} --new-hosts "${GKE_CLUSTER_FQDN}" | |
} | |
function del_from_glb() { | |
gcloud compute url-maps remove-path-matcher ${GLB_NAME} --path-matcher-name "${GLB_BACKEND_NAME}-matcher" | |
gcloud compute backend-services remove-backend ${GLB_BACKEND_NAME} --instance-group ${GKE_GROUP_NAME} --instance-group-zone ${GCP_COMPUTE_ZONE} --global | |
gcloud compute backend-services delete ${GLB_BACKEND_NAME} --global | |
gcloud compute http-health-checks delete ${GLB_HTTP_CHECK_NAME} | |
gcloud compute firewall-rules delete ${GLB_BACKEND_NAME}-http-${LB_NODE_PORT} | |
} | |
case "$1" in | |
add) add_to_glb | |
;; | |
delete) del_from_glb | |
;; | |
*) echo "Usage: add|delete" | |
exit 2 | |
;; | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment