royshouvik/gist:18ee9707539a3866396179e53e22e255

## gistfile1.md

      
    Raw
  

              gistfile1.md
            
          
    Kubernetes Concepts

Pods

Runs one or more closely related containers. Most of the time, we will have a pod running a single container. Pods are temporary in nature i.e. pods can be destroyed and new ones created anytime. This is why we don't directly manage individual pods.  Docs
Deployments

Administers and manages a set of pods. We use deployments to configure and manage set of pods. Docs
Services

Sets up networking in the kubernetes cluster. Docs
There are 4 types of services:

ClusterIP - Exposes a set of pods to other objects in the cluster.
NodePort - Exposes a set of pods to the outside world (only useful for dev purpose).
Load balancer - Legacy way of getting network traffic into a cluster.
Ingress - Exposes a set of services to the outiside world. (Recommended). When running on a managed k8s cluster, this provisions a cloud specific load balancer automatically. For example, when you create an Ingress object, the GKE ingress controller creates a Google Cloud Platform HTTP(S) load balancer and configures it according to the information in the Ingress and its associated Services. Source

Secrets

Securely store a piece of information in the cluter such as database password. Docs
Creating a generic secret
kubectl create secret generic [secret-name] --from-literal [key]=[value]

First Step

Our first step is to be able to run the app in a local kubernetes cluster using minikube. Unlike docker-compose, kubernetes doesn't build our images. So, we have to build the images and publish to a container registry. We are going to use Google Container Registry (GCR).
Install gcloud sdk

Follow the instructions on https://cloud.google.com/sdk/docs/
Make sure to configure docker to use gcloud as the credential helper by running
gcloud auth configure-docker

Decide on the container registry location

At present, there are 4 options where we can have the container registry located geographically.
Host Name        Location

gcr.io      - United States, but may change in the future.
us.gcr.io   - United States, but the storage bucket is separate from `gcr.io`
eu.gcr.io   - European Union
asia.gcr.io - Asia 

To build an image

docker build -t gcr.io/[project-id]/[image-name]:[tag] .

To push an image to Google container registry

docker push gcr.io/[project-id]/[image-name]:[tag]

Configure minikube to authenticate with GCR


Go to "IAM & Admin" > "Service Accounts".


Select "Create service account".


Specify a name and description for the service account. (eg. name can be "gcr-pull"). Click "Create".


Select "Project > Viewer" role.


Continue and create a JSON key from the "Create key" section. This will generate a secrete key and prompt to save on your computer. Save it


Now we need to create a secret of type docker-registry.


kubectl create secret docker-registry gcr-json-key --docker-server=https://gcr.io --docker-username=_json_key --docker-password="$(cat /path/to/downloaded/json/key.json)" --docker-email=youremail@example.com

We named the secret gcr-json-key. The docker username has to be _json_key.

The last step is to patch the default service account with this new secret.

kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "gcr-json-key"}]}'

Set up ingress nginx in minikube

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml

minikube addons enable ingress

Second step

In the second step, we are going to deploy our application to Google cloud kubernetes engine (GKE). We will also set up Gitlab as the source repository and configure CI on it.
Gitlab


Create a blank new project in Gitlab.
Push stuff to the new repo.

Google Cloud


Create a new project if not already created. Enable billing on the project.
Navigate to "Compute > Kubernetes Engine > Clusters".
Create a new cluster.