[GSP021] Orchestrating the Cloud with Kubernetes

App is hosted on GitHub and provides an example 12-Factor application. During this lab you will be working with the following Docker images:

kelseyhightower/monolith - Monolith includes auth and hello services. kelseyhightower/auth - Auth microservice. Generates JWT tokens for authenticated users. kelseyhightower/hello - Hello microservice. Greets authenticated users. ngnix - Frontend to the auth and hello services.


$ gcloud config set compute/zone us-central1-b
$ gcloud container clusters create io


$ kubectl run nginx --image=nginx:1.10.0
$ kubectl expose deployment nginx --port 80 --type LoadBalancer

$ kubectl get services


Creating a Service


$ git clone https://github.com/googlecodelabs/orchestrate-with-kubernetes.git

$ cd orchestrate-with-kubernetes/kubernetes

$ kubectl create -f pods/monolith.yaml
$ kubectl get pods

$ kubectl describe pods monolith


$ kubectl port-forward monolith 10080:80

Сессия 2

$ curl http://127.0.0.1:10080
{"message":"Hello"}

$ curl http://127.0.0.1:10080/secure
authorization failed

$ curl -u user http://127.0.0.1:10080/login
Enter host password for user 'user': [password]

$ TOKEN=$(curl http://127.0.0.1:10080/login -u user|jq -r '.token')
Enter host password for user 'user':[password]

$ curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:10080/secure
{"message":"Hello"}

$ kubectl logs -f monolith

Сессия 3

$ curl http://127.0.0.1:10080


$ kubectl exec monolith --stdin --tty -c monolith /bin/sh
# ping -c 3 google.com
# exit


Services

* ClusterIP (internal) -- the default type means that this Service is only visible inside of the cluster,
* NodePort gives each node in the cluster an externally accessible IP and
* LoadBalancer adds a load balancer from the cloud provider which forwards traffic from the service to Nodes within it.


$ cd ~/orchestrate-with-kubernetes/kubernetes

$ kubectl create secret generic tls-certs --from-file tls/
$ kubectl create configmap nginx-proxy-conf --from-file nginx/proxy.conf
$ kubectl create -f pods/secure-monolith.yaml

$ kubectl create -f services/monolith.yaml

$ gcloud compute firewall-rules create allow-monolith-nodeport \
--allow=tcp:31000

NAME                     NETWORK  DIRECTION  PRIORITY  ALLOW      DENY  DISABLED
allow-monolith-nodeport  default  INGRESS    1000      tcp:31000        False


$ gcloud compute instances list
NAME                               ZONE           MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP      STATUS
gke-io-default-pool-f40e6c02-961s  us-central1-b  n1-standard-1               10.128.0.4   34.66.156.29     RUNNING
gke-io-default-pool-f40e6c02-b6rw  us-central1-b  n1-standard-1               10.128.0.2   104.197.229.212  RUNNING
gke-io-default-pool-f40e6c02-jw06  us-central1-b  n1-standard-1               10.128.0.3   35.232.234.44    RUNNING


$ curl -k https://<EXTERNAL_IP>:31000


Adding Labels to Pods

$ kubectl get pods -l "app=monolith"
NAME              READY   STATUS    RESTARTS   AGE
monolith          1/1     Running   0          22m
secure-monolith   2/2     Running   0          8m29s


$ kubectl get pods -l "app=monolith,secure=enabled"
No resources found.


$ kubectl label pods secure-monolith 'secure=enabled'

$ kubectl get pods secure-monolith --show-labels
NAME              READY   STATUS    RESTARTS   AGE     LABELS
secure-monolith   2/2     Running   0          9m56s   app=monolith,secure=enabled


$ kubectl describe services monolith | grep Endpoints
Endpoints:                10.4.1.4:443


$ gcloud compute instances list
NAME                               ZONE           MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP      STATUS
gke-io-default-pool-f40e6c02-961s  us-central1-b  n1-standard-1               10.128.0.4   34.66.156.29     RUNNING
gke-io-default-pool-f40e6c02-b6rw  us-central1-b  n1-standard-1               10.128.0.2   104.197.229.212  RUNNING
gke-io-default-pool-f40e6c02-jw06  us-central1-b  n1-standard-1               10.128.0.3   35.232.234.44    RUNNING


$ curl -k https://10.4.1.4:31000


Deploying Applications with Kubernetes

auth - Generates JWT tokens for authenticated users.
hello - Greet authenticated users.
frontend - Routes traffic to the auth and hello services.


$ kubectl create -f deployments/auth.yaml
$ kubectl create -f services/auth.yaml

$ kubectl create -f deployments/hello.yaml
$ kubectl create -f services/hello.yaml

$ kubectl create configmap nginx-frontend-conf --from-file=nginx/frontend.conf
$ kubectl create -f deployments/frontend.yaml
$ kubectl create -f services/frontend.yaml


$ kubectl get services frontend
NAME       TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)         AGE
frontend   LoadBalancer   10.7.250.249   35.188.84.62   443:32527/TCP   39s

$ curl -k https://35.188.84.62 
{"message":"Hello"}