Kubernetes https://kubernetes.io/
Google Kubernetes Engine https://cloud.google.com/container-engine
Sample app https://github.com/kelseyhightower/app
https://cloud.google.com/sdk/gcloud/
Pods are allocated a private IP address by default that cannot be reached outside of the cluster. Use the
Run shell inside pod
This uploads cert files from the local directory
Setup firewall
Get pods with secure=enabled
Get endpoints
A
Google Kubernetes Engine https://cloud.google.com/container-engine
Sample app https://github.com/kelseyhightower/app
It's a 12-Factor application with the following Docker images:
- Monolith: includes auth and hello services.
- Auth microservice: generates JWT tokens for authenticated users.
- Hello microservice: greets authenticated users.
- nginx: frontend to the auth and hello services.
Tools
The gcloud command-line interface is a tool that provides the primary CLI to Google Cloud Platform.https://cloud.google.com/sdk/gcloud/
Access the Kubernetes pods
Pods are allocated a private IP address by default that cannot be reached outside of the cluster. Use the
kubectl port-forward command to map a local port to a port inside the monolith pod.kubectl port-forward myapp 9999:80
TOKEN=$(curl http://127.0.0.1:9999/login -u user|jq -r '.token')
curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:9999/secure Run shell inside pod
kubectl exec myapp --stdin --tty -c myapp /bin/sh
This uploads cert files from the local directory
tls/ and stores them in a secret called tls-certs.kubectl create secret generic tls-certs --from-file tls/
kubectl create configmap nginx-proxy-conf --from-file nginx/proxy.conf
more nginx/proxy.conf
server {
listen 443;
ssl on;
ssl_certificate /etc/tls/cert.pem;
ssl_certificate_key /etc/tls/key.pem;
location / {
proxy_pass http://127.0.0.1:80;
}
}
Setup firewall
gcloud compute firewall-rules create allow-myapp-nodeport --allow=tcp:31000
NAME NETWORK DIRECTION PRIORITY ALLOW DENY DISABLED
allow-myapp-nodeport default INGRESS 1000 tcp:31000 False
Get pods with secure=enabled
kubectl get pods -l "app=myapp,secure=enabled"
Get endpoints
kubectl get endpoints monolith
A