Skip to content

Instantly share code, notes, and snippets.

@vutny

vutny/README.rst

Last active May 13, 2023 16:40
Show Gist options
  • Save vutny/d36ebda850b4444f4b26a8ad6d70cde2 to your computer and use it in GitHub Desktop.
Save vutny/d36ebda850b4444f4b26a8ad6d70cde2 to your computer and use it in GitHub Desktop.
Download ZIP
Deploy HelloWeb application to Google Kubernetes Engine with managed certificate
Raw
README.rst

HelloWeb example on GKE

Google Cloud Platform requirements

Networking highlights

  • The cluster needs to be VPC-native to have direct access to other Cloud Compute instances via private IP. Otherwise you must to use public IP and allow firewall rule for NAT gateway for GKE.
  • The firewall should allow access to Compute instance port from the cluster network (clusterIpv4Cidr).

Additional compute and networking resources

  • VPC network: - dedicated subnet - global static IP for ingress
  • Cloud DNS: - Managed zone: web.biz - A record for hello.web.biz to the static IP

Provision Kubernetes Engine

Cloud SDK commands:

gcloud config set project hello-world
gcloud config set compute/region europe-west6
gcloud config set compute/zone europe-west6-a
gcloud container clusters create hello-web --enable-ip-alias --subnetwork hello-web-subnet
gcloud container clusters get-credentials hello-web
gcloud container clusters describe hello-web

Pay attention to clusterIpv4Cidr and servicesIpv4Cidr IP address ranges.

Provision Static IP

Run:

gcloud compute addresses create helloweb-ip --global
gcloud compute addresses describe helloweb-ip --global

Point the given IP at hello.web.biz on the Cloud DNS zone page.

Deploy application

Create a web server with load-balancer and managed TLS certificate:

kubectl apply -f gke-helloweb-example.yaml
kubectl get ingress
kubectl describe managedcertificate
curl https://hello.web.biz/

It is possible to disable plain HTTP with kubernetes.io/ingress.allow-http: "false" annotation.

Raw
gke-helloweb-example.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloweb
labels:
app: hello
spec:
selector:
matchLabels:
app: hello
tier: web
template:
metadata:
labels:
app: hello
tier: web
spec:
containers:
- name: hello-app
image: gcr.io/google-samples/hello-app:1.0
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: helloweb-nodeport-service
labels:
app: hello
spec:
type: NodePort
selector:
app: hello
tier: web
ports:
- protocol: TCP
port: 80
targetPort: 8080
---
apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
name: helloweb-certificate
spec:
domains:
- hello.web.biz
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: helloweb-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: helloweb-ip
networking.gke.io/managed-certificates: helloweb-certificate
labels:
app: hello
spec:
backend:
serviceName: helloweb-nodeport-service
servicePort: 80
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment