策略引擎>> gke-dm-bootstrap>> 返回
项目作者: t04glovern

项目描述 :
Google Cloud Platform Deployment Manager bootstrap for GKE. Infrastructure as code for the difficult task of deploying and managing Kubernetes & Google Cloud resources
高级语言: Python
项目地址: git://github.com/t04glovern/gke-dm-bootstrap.git
创建时间: 2019-04-22T10:39:43Z
项目社区:https://github.com/t04glovern/gke-dm-bootstrap
开源协议:
下载


GKE Bootstrap - Deployment Manager

Google Cloud Platform Deployment Manager bootstrap for GKE

Architecture

Architecture Diagram

Setup

Deploy Script Usage

  1. ./deploy.sh <project_id> <resource> <action>

Resources must be deployed and removed in the following order

create delete
IAM Bastion
Network GKE
Cloud Router (NAT) Cloud Router (NAT)
GKE Network
Bastion IAM

IAM

Deployment manager needs IAM permissions for particular tasks. We can temporarily add these permissions using the following

  1. # Create
  2. ./deploy.sh <project_id> iam create
  4. # Delete
  5. ./deploy.sh <project_id> iam delete

Network

  1. # Create
  2. ./deploy.sh <project_id> network create
  4. # Delete
  5. ./deploy.sh <project_id> network delete

Cloud Router (NAT)

  1. # Create
  2. ./deploy.sh <project_id> cloud-router create
  4. # Delete
  5. ./deploy.sh <project_id> cloud-router delete

GKE

  1. # Create
  2. ./deploy.sh <project_id> gke create
  4. # Delete
  5. ./deploy.sh <project_id> gke delete

Bastion

  1. # Create
  2. ./deploy.sh <project_id> bastion create
  4. # Delete
  5. ./deploy.sh <project_id> bastion delete

Manage

Connect

Connect to the bastion host and manage the kubernetes cluster from there using the steps below

SSH Bastion

  1. gcloud compute ssh <project_id>-bastion \
  2.     --project <project_id> \
  3.     --zone australia-southeast1-a

Then pull the repo down locally to the bastion server

  1. git clone https://github.com/t04glovern/gke-dm-bootstrap.git

Kubernetes Connect

  1. gcloud container clusters get-credentials <project_id>-gke \
  2.     --project <project_id> \
  3.     --region australia-southeast1

Role-based Access Control (RBAC) [Skip]

NOTE: This step is only required for Helm 2.0 or lower. By default you should have Helm 3.0+ installed on the bastion, so it is likely safe to skip this step

We’ll deploy an RBAC configuration that is used by helm. Perform the following actions from the Bastion server

  1. cd gke-dm-bootstrap/k8s
  3. # Create tiller service account & cluster role binding
  4. kubectl create -f rbac-config.yaml
  6. # init helm with the service account
  7. helm init --service-account tiller --history-max 200

Helm

Install Packages

Nginx External

Deploy the external version of nginx run running the following

  1. # From within the k8s folder
  2. cd gke-dm-bootstrap/k8s
  4. # Install the helm templates as 'nginx'
  5. helm install nginx ./nginx/
  7. # Get the external IP
  8. kubectl get services
  9. # NAME            TYPE           CLUSTER-IP        EXTERNAL-IP     PORT(S)        AGE
  10. # kubernetes      ClusterIP      192.168.192.1     <none>          443/TCP        115m
  11. # nginx-service   LoadBalancer   192.168.192.132   35.244.100.27   80:30251/TCP   9m
  13. curl http://35.244.100.27
  14. # <h1>DevOpStar Nginx Kubernetes</h1>
  16. # <p>Congratulations!</p>

Nginx Internal

Edit the k8s/nginx/templates/service.yaml file and uncomment the following lines

  1.   annotations:
  2.     cloud.google.com/load-balancer-type: Internal
  4. ...
  6.   loadBalancerIP: {{ .Values.staticIp }}

You can update the staticIp value in the k8s/nginx/values.yaml file

  1. # Upgrade the helm templates called 'nginx'
  2. helm upgrade nginx ./nginx/
  4. curl http://192.168.189.50
  5. # <h1>DevOpStar Nginx Kubernetes</h1>
  7. # <p>Congratulations!</p>

Delete Packages

  1. helm delete nginx

Attribution