3. Orchestrating the Cloud with Kubernetes

Overview

Goal
- Provision a complete Kubernetes cluster using Kubernetes Engine
- Deploy and manage Docker containers using kubectl
- Break an application into microservices using Kubernetes’ Deployments and Services
Example Application -> github
- kelseyhightower/monolith - Monolith includes auth and hello services.
- kelseyhightower/auth - Auth microservice. Generates JWT tokens for authenticated users.
- kelseyhightower/hello - Hello microservice. Greets authenticated users.
- nginx - Frontend to the auth and hello services.

Kubernetes can run on many different environments, from laptops to high-availability multi-node clusters, from public clouds to on-premise deployments, from virtual machine to bare metal.

Setup and requirements

✔️ Set the zone

gcloud config set compute/zone us-central1-b

✔️ Start up a cluster

gcloud container cluster create io

Task 1. Get the sample code

✔️ Clone the GitHub repository from the Cloud Shell command line

gsutil cp -r gs://spls/gsp021/* .

✔️ Change into the directory needed for this lab

cd orchestrate-with-kubernetes/kubernetes

✔️ List the files to see what you’re working with

ls

deployments/  /* Deployment manifests */
  ...
nginx/        /* nginx config files */
  ...
pods/         /* Pod manifests */
  ...
services/     /* Services manifests */
  ...
tls/          /* TLS certificates */
  ...
cleanup.sh    /* Cleanup script */

Task 2. Quick Kubernetes Demo

✔️ Launch a single instace of the nginx container

kubectl create deployment nginx --image=nginx:1.10.0

✔️ View the running nginx container

kubectl get pods

✔️ Expose nginx container outside of Kubernetes

kubectl expose deployment nginx --port 80 --type LoadBalancer

✔️ List our services

kubectl get services

✔️ Add the External IP to this command to hit the Nginx container remotely

curl http://<External IP>:80

Task 3. Pods

What is Pods?
- The smallest deployable units of computing that you can create and manage in Kubernetes.
- Group of one or more containers with shared storage and network resources, and a specification for how to run the containers.
What is Volumnes?
- Data disk that live as long as the pods live, and can be used by the containers in that pod.
What is Namespace ?
- Provides a mechanism for isolating groups of resources within a single cluster.

Task 4. Creating pods

✔️ Pod configuration file

cat pods/monolith.yaml

apiVersion: v1
kind: Pod
metadata:
  name: monolith
  labels:
    app: monolith
spec:
  containers:
    - name: monolith
      image: kelseyhightower/monolith:1.0.0
      args:
        - "-http=0.0.0.0:80"
        - "-health=0.0.0.0:81"
        - "-secret=secret"
      ports:
        - name: http
          containerPort: 80
        - name: health
          containerPort: 81
      resources:
        limits:
          cpu: 0.2
          memory: "10Mi"

Pod is made up of one container (ths monolith).
You’re passing a few arguments to our container.
You’re opening up port 80 for http traffic.

✔️ Create the monolith

kubectl create -f pods/monolith.yaml

✔️ Examine your pods. (Use the kubectl get pods command to list all pods running in the default namespace)

kubectl get pods

✔️ Get more information about the monolith pod

kubectl describe pods monolith

Task 5. Interacting with pods

By default, pods allocated a private IP address and cannot be reached outside of the cluster. Map a local port to a port inside the monolith pod

◾️ 2nd terminal

✔️ Set up port-forwarding

kubectl port-forward monolith 10080:80

◾️ 1nd terminal

✔️ Start talking to your pod

curl http://127.0.0.1:10080

✔️ See what heppens when you hit a secure endpoint

curl http://127.0.0.1:10080/secure

✔️ Logging in to get an auth token back from the monolith

curl -u user http://127.0.0.1:10080/login

✔️ Create an environment variable for the token (Since Cloud Shell does not handle copying long strings well, create an environment variable for the token.)

TOKEN=$(curl
http://127.0.0.1:10080/login -u
user|jq -r '.token')

✔️ Use the token to hit secure endpoint

curl -H "Authorization: Bearer
$TOKEN" http://127.0.0.1:10080/secure

✔️ View the logs for the monolith Pod

kubectl logs monolith

◾️ 3rd terminal

✔️ View the logs for the monolith Pod

kubectl logs monolith

Get a stream of the logs happening in real-time

kubectl logs -f monolith

✔️ In the 1st teminal to interact with the monolith, you can see the logs updating(in the 3rd terminal):

curl http://127.0.0.1:10080

✔️ Run an interactive shell inside the Monolith Pod. (This can come in handy when you want to troubleshoot from within a container)

kubectl exec monolith --stdin --tty
-c monolith -- /bin/sh

✔️ Once you have a shell into the monolith container you can test external connectivity

ping -c 3 google.com

Log out when done you’re done with interactive shell

exit

Kubectl make it easy to interacting with pods. If you need to hit a container remotely.

Task 6. Services

What is Services?

An abstract way to expose an application running on a set of Pods as a network service.
Kubernetes gives Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them.

Cluster IP (internal)

The default type means that this Service is only visible inside of the cluster

NodePort

NodePort gives each node in the cluster an externally accessible IP and

LoadBalancer

Adds a load balancer from the cloud provider which forwards traffic from the service to Nodes within it.

Ref

node port vs load balancer vs ingress

Task 7. Creating a service

Create a secure pod that can handle https traffic.

✔️ If you’ve changed directories, make sure you return to the ~/orchestrate-with-kubernetes/kubernetes directory

cd ~/orchestrate-with-kubernetes/kubernetes

✔️ Explore the monolith service configuration file

cat pods/secure-monolith.yaml

✔️ Creat the secure-monolith pods and their configuration data

kubectl create secret generic tls-certs --from-file tls/
kubectl create configmap nginx-proxy-conf --from-file nginx/proxy.conf
kubectl create -f pods/secure-monolith.yaml

✔️ Expose the secure-monolith Pod externally.

To do that, create a Kubernetes service.

cat services/monolith.yaml

kind: Service
apiVersion: v1
metadata:
  name: "monolith"
spec:
  selector:
    app: "monolith"
    secure: "enabled"
  ports:
    - protocol: "TCP"
      port: 443
      targetPort: 443
      nodePort: 31000
  type: NodePort

✔️ Create the monolith service rom the monolith service configuration file

kubectl create -f services/monolith.yaml

✔️ Allow traffic to the monolith service on the exposed nodeport

gcloud compute firewall-rules create allow-monolith-nodeport \
  --allow=tcp:31000

✔️ Get an external IP address for one of the nodes

gcloud compute instances list

✔️ Hitting the secure-monolith services using curl

curl -k https://<EXTERNAL_IP>:31000

Uh oh! that timed out.

Task 8. Adding labels to pods

✔️ See that you have quite a few pods running with the monolith label.

kubectl get pods -l "app=monolith"

✔️ But what about “app=monolith” and “secure-enabled”?

kubectl get pods -l "app=monolith,secure=enabled"

✔️ Add the missing secure=enavled label to the secure-monolith Pod.

kubectl label pods secure-monolith 'secure=enabled'
kubectl get pods secure-monolith --show-labels

Now that pods are correctly labeled.

✔️ View the list of endpoints on the monolith service

kubectl describe services monolith | grep Endpoints

✔️ Test this out by hitting one of our nodes again

gcloud compute instances list
curl -k https://<EXTERNAL_IP>:31000

Task 9. Deploying applications with Kubernetes

What is Deployments ?
- Declarative way to ensure that the number of Pods running is equal to the desired number of Pods, specified by the user.
What is Replica Sets ?
- Maintain stable set of replica Pods running at any given time.
- It often used to guarantee the avaliability of a specified number of identical Pods.

Task 10. Creating a deployments

Monolith App with three separate pieces

auth : Generates JWT tokens for authenticated users.
hello : Greet authenticated users.
frontend : Routes trafic to the auth and hello services

✔️ Deployment configuration file

cat deployments/auth.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: auth
spec:
  selector:
    matchlabels:
      app: auth
  replicas: 1
  template:
    metadata:
      labels:
        app: auth
        track: stable
    spec:
      containers:
        - name: auth
          image: "kelseyhightower/auth:2.0.0"
          ports:
            - name: http
              containerPort: 80
            - name: health
              containerPort: 81
...

✔️ Create deployment object

kubectl create -f deployments/auth.yaml

✔️ Create a service for your auth deployment

kubectl create -f services/auth.yaml

✔️ Create and Expose deployment

hello deployment

kubectl create -f deployments/hello.yaml
kubectl create -f services/hello.yaml

frontend deployment

kubectl create configmap nginx-frontend-conf --from-file=nginx/frontend.conf
kubectl create -f deployments/frontend.yaml
kubectl create -f services/frontend.yaml

✔️ Interact with the frontend by grabbing its External IP and then curling to it

kubectl get services frontend

curl -k https://<EXTERNAL-IP>

Summary

Provision a complete Kubernetes cluster using Kubernetes Engine
Deploy and manage Docker containers using kubectl
Break an application into microservices using Kubernetes’ Deployments and a Services

Previous2. Kubernetes Engine: Qwik Start Next4. Managing Deployments Using Kubernetes Engine

Last updated 10 months ago