Deploying your web app to Google Container Engine with Kubernetes
Creating a persistent disk for app datastore
gcloud compute disks create --size 15GB --type pd-ssd app-dataencode your secret as base64 and save this for later
cat mykey.key | base64 -w0 LS0tL.....LS0tLS0= cat mycert.cert | base64 -w0 LS0tL.....tLQ==For the TLS can be simply
kubectl create secret tls my-secret-tls --cert=mycert.crt --key=mykey.key
- create a file named app-secrets.yml, then run kubectl create -f app-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: app-secrets
type: Opaque
data:
tls.crt: LS0tL.....LS0tLS0=
tls.key: LS0tL.....tLQ==
- create a file named app-ingress.yml, then run kubectl create -f app-ingress.yml
#app-ingress.yml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: app-ingress
spec:
tls:
- secretName: my-secret-tls
backend:
serviceName: my-app
servicePort: 80
- create a file named app-deployment.yml, then run kubectl creat -f app-deployment.yml
#app-deployment.yml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 1
template:
metadata:
labels:
name: my-app
spec:
nodeSelector:
cloud.google.com/gke-nodepool: default-pool
volumes:
- name: ssl-volume
secret:
secretName: app-secrets
containers:
- name: my-app
image: my-app:v1.0
ports:
- containerPort: 80
livenessProbe:
httpGet:
#host: 127.0.0.1 #default was pod ip
scheme: https #default was http
path: /
#httpHeaders:
port: 80
initialDelaySeconds: 60 #first time detect when container start-up
periodSeconds: 60
timeoutSeconds: 5
successThreshold: 3 #default 1
failureThreshold: 3 #default 3
volumeMounts:
- name: ssl-volume
mountPath: /etc/ssl-volume
env:
- name: my-app_ACCESS_LOG
value: /dev/stdout
- name: my-app_ERROR_LOG
value: /dev/stderr
- name: my-app-DB_HOST
value: postgresql
- name: pg_user
valueFrom:
secretKeyRef:
name: db-secrets
key: pg_user
- name: pg_password
valueFrom:
secretKeyRef:
name: db-secrets
key: pg_password
volumeMounts:
# This name must match the volumes.name below.
- name: my-app-data
mountPath: "/some/path"
volumes:
- name: my-app-data
gcePersistentDisk:
# This disk must already exist.
pdName: db-data
fsType: ext4
- TLS ingress
apiVersion: v1
data:
tls.crt: base64 encoded cert
tls.key: base64 encoded key
kind: Secret
metadata:
name: testsecret
namespace: default
type: Opaque
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: no-rules-map
spec:
tls:
- secretName: testsecret
backend:
serviceName: s1
servicePort: 80
- Name based virtual hosting ingress
foo.bar.com --| |-> foo.bar.com s1:80
| 178.91.123.132 |
bar.foo.com --| |-> bar.foo.com s2:80
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test
spec:
rules:
- host: foo.bar.com
http:
paths:
- backend:
serviceName: s1
servicePort: 80
- host: bar.foo.com
http:
paths:
- backend:
serviceName: s2
servicePort: 80