Kubernetes app configuration¶ ↑
Configure a new application environment¶ ↑
-
Create the project on Gcloud
-
Set the project where to work on
gcloud config set project my-project
-
Create the cluster (Only if not exist)
gcloud container clusters create my-cluster
# gcloud container clusters list --region europe-west4-a # to list clusters
Note:--preemptible
recommended for non production environments -
Use the cluster/project as default
gcloud container clusters get-credentials my-cluster --zone europe-west4-a
-
Install helper for the next commands
gem install kubernetes_helper
-
Verify or update k8s settings in .kubernetes/settings.rb
Note: Please do not include sensitive values in this file, ENV values are recommended instead. -
Register shared cloudsql proxy configuration (only if not exists)
DEPLOY_ENV=beta kubernetes_helper run_command "kubectl create secret generic <%=deployment.cloud_secret_name%> --from-file=credentials.json=<path-to-downloaded/credentials.json>"
-
Register manually env vars (values must be encrypted using base64)
Open and register secret values in.kubernetes/secrets.yml
Note: Enter base64 encoded valuesDEPLOY_ENV=beta kubernetes_helper run_yml 'secrets.yml' 'kubectl create' # kubectl get secrets # to list all secrets registered
-
Create deployment to run application
DEPLOY_ENV=beta kubernetes_helper run_yml 'deployment.yml' 'kubectl create' # kubectl get deployment # to list deployments
-
Create service to connect pods and ingress
DEPLOY_ENV=beta kubernetes_helper run_yml 'service.yml' 'kubectl create' # kubectl get services # to list all registered services
-
Create the public ip address (only if static ip is required)
DEPLOY_ENV=beta kubernetes_helper run_command "gcloud compute addresses create <%=ingress.ip_name%> --global" # gcloud compute addresses list # to list static ips generated # Copy new external ip generated by the previous command and point your domain to it
-
Register ingress to receive external http calls (includes ssl certificates if defined)
DEPLOY_ENV=beta kubernetes_helper run_yml 'ingress.yml' 'kubectl create' # kubectl get ingress # to list all registered ingresses # kubectl get ManagedCertificate # to list all certificates # Domain and ssl propagation can take more than 10 minutes # You can start accessing to the app using the generated ip address # `kubectl get ManagedCertificate` # to see the status of ssl provisionning
Apply any k8s setting changes¶ ↑
-
Secrets
Open kubernetes secrets and add/edit/remove values and then save it
kubectl edit secret ...
Once secrets were updated, then restart all related pods, see: medium.com/devops-dudes/how-to-propagate-a-change-in-kubernetes-secrets-by-restarting-dependent-pods-b71231827656 -
Other settings
bash DEPLOY_ENV=beta kubernetes_helper run_yml 'deployment.yml' 'kubectl apply'
Configure continuous deployment for github actions¶ ↑
-
Go to github repository settings
-
Register a new secret variable with content downloaded from console.cloud.google.com/iam-admin/serviceaccounts (Make sure to attach a "Editor", "Storage Admin" and "Kubernetes engine cluster admin" role to the service account)
bash beta: BETA_CLOUD_TOKEN=<secret content here> production: PROD_CLOUD_TOKEN=<secret content here>
-
Add action to run deployment:
bash env: KB_AUTH_TOKEN: secrets.BETA_CLOUD_TOKEN run: DEPLOY_ENV=beta kubernetes_helper run_deployment 'cd.sh'
-
Sample:
"`yml -
run: sudo gem install kubernetes_helper
-
name: Staging deployment env: # Env variable saved in github that contains gcloud credential (json format) KB_AUTH_TOKEN: ${{ secrets.BETA_GOOGLE_AUTH }} run: DEPLOY_ENV=beta kubernetes_helper run_deployment 'cd.sh' if: ${{ !contains(fromJson('["main", "master"]'), env.DEPLOY_BRANCH) }} "`