Димитар Георгиев

Cluster orchestration with Kubernetes Engine

Покупки 0 комментариев
Cluster orchestration with Kubernetes Engine
Kubernetes provides the mechanisms through which you interact with your container
cluster. You use Kubernetes commands and resources to deploy and manage your applications.

Set your default compute zone to us-central1-a

$ gcloud config set compute/zone us-central1-a

To create a cluster, run the following command, replacing [CLUSTER-NAME]::
$ gcloud container clusters create my-cluster
To authenticate the cluster run the following command, replacing [CLUSTER-NAME]
with the name of your cluster::

$ gcloud container clusters get-credentials my-cluster 

To create a new Deployment hello-server from the hello-app container image::
$ kubectl create deployment hello-server --image=gcr.io/google-samples/hello-app:1.0

Create a Kubernetes Service, which is a Kubernetes resource that lets you expose
your application to external traffic, by running the following kubectl expose
command: 
$ kubectl expose deployment hello-server --type=LoadBalancer --port 8080

Inspect the hello-server Service by running kubectl get:
$ kubectl get service

View the application from your web browser using the external IP address with the exposed port:
http://[EXTERNAL-IP]:8080 

Run the following to delete the cluster:$ gcloud container clusters delete my-cluster

$ ls

$ kubectl create deployment nginx --image=nginx:1.10.0
/*.......................................................................*/

Clone the GitHub repository from the Cloud Shell command line:
$ git clone https://github.com/googlecodelabs/orchestrate-with-kubernetes.git
$ cd orchestrate-with-kubernetes/kubernetes

get started with Kubernetes is to use the kubectl create command:
$ kubectl create deployment nginx --image=nginx:1.10.0  /all you need to know is that
deployments keep the pods up and running even when the nodes they run on fail./
In Kubernetes, all containers run in a pod. Use the kubectl get pods command to view 
the running nginx container:: 
$ kubectl get pods

Once the nginx container is running you can expose it outside of Kubernetes using 
the kubectl expose command::
$ kubectl expose deployment nginx --type=LoadBalancer --port 80  /Any client who
hits that public IP address will be routed to the pods behind the service. In this
case that would be the nginx pod.

List our services now using the kubectl get services command:
kubectl get services   

Add the External IP to this command to hit the Nginx container remotely:
curl http://:80  / Pods also share a network namespace. This means that there is one
IP Address per pod./

Pods can be created using pod configuration files. Run the following::
cat pods/monolith.yaml  

Create the monolith pod using kubectl:
kubectl create -f pods/monolith.yaml  

Use kubectl describe command to get more information about the monolith pod::
kubectl describe pods monolith

Use the kubectl port-forward command to map a local port to a port inside the monolith pod.

In the 2nd terminal, run this command to set up port-forward::

kubectl port-forward monolith 10080:80  

In the 1st terminal start talking to your pod using curl:
curl http://127.0.0.1:10080  

Use the curl command to see what happens when you hit a secure endpoint::
$ curl http://127.0.0.1:10080/secure
Try logging in to get an auth token back from the monolith:
curl -u user http://127.0.0.1:10080/login  

create an environment variable for the token::
$ TOKEN=$(curl http://127.0.0.1:10080/login -u user|jq -r '.token')

Use this command to copy and then use the token to hit the secure endpoint with 
curl:kubectl logs monolith
curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:10080/secure
Use the kubectl logs command to view the logs for the monolith Pod.Open a 3rd terminal
and use the -f flag to get a stream of the logs happening in real-time:
kubectl
logs -f monolith

Use the kubectl exec command to run an interactive shell inside the Monolith Pod:: 
$ kubectl exec monolith --stdin --tty -c monolith /bin/sh

ping command:

# ping -c 3 google.com
# exit 
/ ClusterIP (internal) -- the default type means that this Service is only visible
inside of the cluster,
NodePort gives each node in the cluster an externally accessible IP and LoadBalancer 
adds a load balancer from the cloud provider which forwards traffic from the service 
to Nodes within it./

Before we can create our services -- let's first create a secure pod that can handle https traffic.
$ cd ~/orchestrate-with-kubernetes/kubernetesdmesg 

Explore the monolith service configuration file:
cat pods/secure-monolith.yaml

Create the secure-monolith pods and their configuration data::
$ kubectl create secret generic tls-certs --from-file tls/
$ kubectl create configmap nginx-proxy-conf --from-file nginx/proxy.conf
$ kubectl create -f pods/secure-monolith.yaml

Expose the secure-monolith Pod externally.To do that, create a Kubernetes service::
$ cat services/monolith.yaml /Now you have to expose the nodeport here because this is how we'll forward external traffic from port 31000 to nginx (on port 443)/

Use the kubectl create command to create the monolith service from the monolith 
service configuration file::
$ kubectl create -f services/monolith.yaml

Use the gcloud compute firewall-rules command to allow traffic to the monolith
service on the exposed nodeport:
gcloud compute firewall-rules create allow-monolith-nodeport \
> --allow=tcp:31000
Get an external IP address for one of the nodes.
$ gcloud compute instances list

hitting the secure-monolith service using curl:
curl -k https://34.68.150.255:31000
Questions:
Why are you unable to get a response from the monolith service?
How many endpoints does the monolith service have?
What labels must a Pod have to be picked up by the monolith service?
$ kubectl get  services monolith
$ kubectl describe services monolith

One way to troubleshoot an issue like this is to use the kubectl get pods command with a label query::
$ kubectl get pods -l "app=monolith"
$ kubectl get pods -l "app=monolith,secure=enabled"/Use the kubectl label 
command to add the missing secure=enabled label to the secure-monolith Pod::
$ kubectl label pods secure-monolith 'secure=enabled'
$ kubectl get pods secure-monolith --show-labels

view the list of endpoints on the monolith service:
$ kubectl describe services monolith |grep Endpoints

Let's test this out by hitting one of our nodes again.
gcloud compute instances list
curl -k http://34.70.182.104:31000

Get started by examining the auth deployment configuration file.
cat deployments/auth.yaml

create your deployment object:
$ kubectl create -f deployments/auth.yaml
```
auth - Generates JWT tokens for authenticated users.
hello - Greet authenticated users.
frontend - Routes traffic to the auth and hello services.
Once finished you'll be able to interact with the microservices just like with
Monolith only now each piece will be able to be scaled and deployed, independently!

Time to create a service for your auth deployment. Use the kubectl create
command to create the auth service:
```
$ kubectl create -f services/auth.yaml

$ kubectl create -f deployments/hello.yaml
$ kubectl create -f services/hello.yaml
[And one more time to create and expose the frontend Deployment.]

$ kubectl create configmap nginx-frontend-conf --from-file=nginx/frontend.conf
$ kubectl create -f deployments/frontend.yaml
$ kubectl create -f services/frontend.yaml

Interact with the frontend by grabbing it's External IP and then curling to it:
$ kubectl get services frontend
$ curl -k https://34.71.106.161

 

Назад Вперед
Войдите или зарегистрируйтесь
чтобы оставить комментарий