Lädt...


🔧 Deploying Microservices with Google Cloud Platform's GKE


Nachrichtenbereich: 🔧 Programmierung
🔗 Quelle: dev.to

Stack used:

  • Frontend : React
  • Backend: Node
  • DB: Mongodb-atlas
  • MQ: RabbitMQ

To Begin with:

  • Have docker desktop & kubectl already installed.
  • Create an account with google cloud
  • Verify your payment method & get a credit of about $300.

  • In the Google cloud console,

    • Create a project.

Create a new Kubernetes cluster:

The cluster is where you are going to have the node pool

Select standard mode and configure:

Adding a nodepool in your cluster

Before adding-

Calculate the amount of CPUs & RAM you need according to the no.of services you have:

In this project we have :

  • Frontend
  • 5 different backend servers
  • RabbitMQ as the message queue
  • Need a load balancer- Nginx Also include any database you are going to use.

In this project wehave the database locally, because we used mongodb's cloud service mongodb-atlas

The below is the example calculation I've done using ChatGPT:

Example Calculation
Suppose each backend service requires 0.5 CPU and 1 GB of RAM, and the frontend, RabbitMQ, and Nginx each require 1 CPU and 2 GB of RAM:

Backend Services:
5 services * 0.5 CPU + 1 GB RAM = 2.5 CPU + 5 GB RAM
Frontend:
1 CPU + 2 GB RAM
RabbitMQ:
1 CPU + 2 GB RAM
Nginx:
1 CPU + 2 GB RAM
Total estimated requirements:

CPU: 5.5
RAM: 11 GB
If you choose n1-standard-2 nodes (which have 2 CPUs and 7.5 GB RAM each):

Each node can handle: 2 CPU + 7.5 GB RAM
Number of nodes required:
CPU: ceil(5.5 / 2) = 3 nodes
RAM: ceil(11 / 7.5) = 2 nodes
Since the RAM requirement calculation gives a higher number, you would start with 3 nodes to satisfy both CPU and RAM requirements.
  • Go to Kubernetes Clusters
  • Select your cluster
  • Inside that cluster, click on "ADD NODE POOL"

So from this calculation, I chose to go with 3 nodes.
Adding a node pool

Adding a node pool

Creating an image of your frontend, servers and pushing it to the docker hub

Create an Dockerfile && .dockerignore file inside each services & frontend folder if you haven't did it already

This is my Dockerfile for the frontend.

There are several ways to use the env. In the frontend dockerfile, we are giving the env using build arguments.

/frontend/Dockerfile

FROM node:20.8.0

WORKDIR /app

# Define build argument for JWT key
ARG JWT_KEY

# Set the environment variable
ENV JWT_KEY=$JWT_KEY

COPY package*.json ./

RUN npm install

COPY . .

RUN npm run build

EXPOSE 3000

CMD ["npm", "start" ]

Also add the .dockerignore file and add the necessary files/folders to be ignored while building the image

Building the image:

/frontend

docker build --build-arg JWT_KEY=myjwtkey -t listonfermi/wenet-frontend .

docker build --build-arg JWT_KEY=JWTKeyGoesHere -t dockerusername/image-name .

Pushing the image to docker:

docker push listonfermi/wenet-frontend

docker push dockerusername/image-name

The same process for the backend severs.

Before building an image for the backend servers, make sure you have the relevant scripts in package.json and tsconfig.json

package.json - scripts

"scripts": {
    "dev": "nodemon",
    "build": "tsc",
    "start": "node ./dist/server.js"
  },

tsconfig.json

{
  "compilerOptions": {
    "target": "es2016",
    "module": "commonjs", /* Specify what module code is generated. */
    "esModuleInterop": true, /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */
    "forceConsistentCasingInFileNames": true, /* Ensure that casing is correct in imports. */
    "strict": true, /* Enable all strict type-checking options. */
    "skipLibCheck": true, /* Skip type checking all .d.ts files. */
    "outDir": "./dist"
  }
}

/user-service/Dockerfile:

FROM node:20.8.0

WORKDIR /app

COPY package*.json ./

RUN npm install

COPY . .

RUN npm run build

EXPOSE 5001

CMD ["node", "dist/server.js"]

Building the image:

/user-service:
docker build -t listonfermi/wenet-user-service .

docker build dockerusername/image-name .

Pushing the image to docker:

docker push listonfermi/wenet-user-service

docker push dockerusername/image-name

Here also you can give the env in build arguments if you wish.

Since we didn't build the user-service image without the env, we can give it in kubernetes configmap or secrets in the google cloud cluster.

Creating manifest files

In Kubernetes, manifest files are text files in JSON or YAML format that describe the desired state of API objects in a cluster

Deployment & service files for frontend, user-service and rabbitmq should look like this :

/k8s-manifests/frontend-depl.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: frontend-depl
spec:
  replicas: 1
  selector:
    matchLabels:
      app: frontend
  template:
    metadata:
      labels:
        app: frontend
    spec:
      containers:
        - name: frontend
          image: listonfermi/wenet-frontend
          envFrom:
            - configMapRef:
                name: frontend-env  //we'll create a configmap named frontend-env inside the GKE cluster
---
apiVersion: v1
kind: Service
metadata: 
  name: frontend-srv
spec:
  selector:
    app: frontend
  ports:
    - name: frontend-ports
      protocol: TCP
      port: 3000
      targetPort: 3000

/k8s-manifests/rabbitmq-depl.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: rabbitmq-depl
  labels:
    app: rabbitmq
spec:
  replicas: 1
  selector:
    matchLabels:
      app: rabbitmq
  template:
    metadata:
      labels:
        app: rabbitmq
    spec:
      containers:
        - name: rabbitmq
          image: rabbitmq:3-management
          ports:
            - containerPort: 5672 # RabbitMQ main port
            - containerPort: 15672 # RabbitMQ management plugin port
          volumeMounts:
            - name: rabbitmq-data
              mountPath: /var/lib/rabbitmq
      volumes:
        - name: rabbitmq-data
          emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  name: rabbitmq-service
spec:
  selector:
    app: rabbitmq
  ports:
    - name: amqp
      protocol: TCP
      port: 5672
      targetPort: 5672
    - name: management
      protocol: TCP
      port: 15672
      targetPort: 15672
  type: ClusterIP

/k8s-manifests/user-service-depl.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: user-service-depl
spec:
  replicas: 1
  selector:
    matchLabels:
      app: user-service
  template:
    metadata:
      labels:
        app: user-service
    spec:
      containers:
        - name: user-service-container
          image: listonfermi/wenet-user-service
          envFrom:
            - configMapRef:
                name: user-service-env
---
apiVersion: v1
kind: Service
metadata:
  name: user-service-srv
spec:
  selector:
    app: user-service
  ports:
    - name: user-service-ports
      protocol: TCP
      port: 5001
      targetPort: 5001

Creating manifests for Loadbalancer nginx-ingress

We need a loadbalancer to get external ip address to connect with the cluster and need to route it to the proper paths.

Before creating ingress-nginx.yaml file. We need to install ingress-nginx controller in your cluster.

For that we can use this command:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.1/deploy/static/provider/cloud/deploy.yaml

_This command is found in this docs _

k8s-manifests/ingress-ngix-depl.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-controller
  annotations:
    nginx.ingress.kubernetes.io/use-regex: "true"
spec:
  ingressClassName: "nginx"
  rules:
    - host: "*"
          - path: /api/user-service/
            pathType: Prefix
            backend:
              service:
                name: user-service-srv
                port:
                  number: 5001
          - path: /api/posts-service/
            pathType: Prefix
            backend:
              service:
                name: posts-service-srv
                port:
                  number: 5002
          - path: /socket.io
            pathType: Prefix
            backend:
              service:
                name: message-service-srv
                port:
                  number: 5003
          - path: /api/message-service/
            pathType: Prefix
            backend:
              service:
                name: message-service-srv
                port:
                  number: 5003
          - path: /api/notification-service/
            pathType: Prefix
            backend:
              service:
                name: notification-service-srv
                port:
                  number: 5004
          - path: /api/ads-service/
            pathType: Prefix
            backend:
              service:
                name: ads-service-srv
                port:
                  number: 5005
          - path: /
            pathType: Prefix
            backend:
              service:
                name: frontend-srv
                port:
                  number: 3000

Applying these manifests

Before applying these manifests, we need to change our kubernetes context. Because, the current context is our machine and if we apply the manifests now, it'll be executed in our machine.

You can check the kubernetes context by this command:

kubectl config get-contexts

Or in docker-desktop :

Changing the context to our GCP cluster:

Offical doc for configuring the cluster access

Download the gcloud CLI via this link : gcloud installer or follow the steps from this doc

From your gcloud terminal :
Image description

This command creates a different context in dockerdesktop:

gcloud container clusters get-credentials wenet-cluster --region=asia-south1-a

gcloud container clusters get-credentials <your-cluster-name> --zone <your-zone> --project <your-project-id>

Every kubectl commands we use from now on will

Adding configmaps to the gcloud cluster:

We need to create configmaps in the gcloud cluster which is to be used with the user-service deployment

We are creating a configmap from .env file in the user-service folder to the

/user-service:
kubectl create configmap user-service-env --from-env-file=.env

We can do this for all the env of every backend services

*Applying the frontend deployment manifests: *

/k8s-manifests/
kubectl apply -f frontend-depl.yaml

kubectl apply -f user-service.yaml

kubectl apply -f rabbitmq-depl.yaml

kubectl apply -f ingress-ngix-depl.yaml

Now deployments and services will be created in the cluster.

check for any errors if any in the google cloud console.

Select Ingress from 'Gateways, Services & Ingress' option from Google cloud Console
Gateways, Services & Ingress

Ingress Controller

Select the above IP address.

Check if you the application works as expected

Setting the DNS for the domain

We can buy a domain from any websites like goDaddy, hostinger etc.

Change the DNS to your ip

This is the DNS settings from GoDaddy
goDaddy hosting DNS

Check the working of the application through the domain

Getting SSL certificate

For SSL certificate, we can create ClusterIssuer and Certificate yaml files. We're using letsencrypt.org 's api.

/k8s-manifests/letsencrypt-prod.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx

k8s-manifests/certificate.yaml

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: wenet-life-tls
  namespace: default
spec:
  secretName: wenet-life-tls
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  commonName: wenet.life
  dnsNames:
    - wenet.life

Apply these files in the GKE cluster kubernetes cluster

kubectl apply -f certificate.yaml

kubectl apply -f letsencrypt-prod.yaml

After successfully applying,
now do changes in the ingress-nginx-depl.yaml

Add annotations, rules- host and tls in the depl file.

/k8s-manifests/ingress-nginx.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-controller
  annotations:
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-origin: "http://wenet.life, https://wenet.life"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  ingressClassName: "nginx"
  rules:
    - host: wenet.life
      http:
        paths:
          - path: /.well-known/acme-challenge/
            pathType: ImplementationSpecific
            backend:
              service:
                name: cm-acme-http-solver-<random>
                port:
                  number: 8089
          - path: /api/user-service/
            pathType: Prefix
            backend:
              service:
                name: user-service-srv
                port:
                  number: 5001
          - path: /api/posts-service/
            pathType: Prefix
            backend:
              service:
                name: posts-service-srv
                port:
                  number: 5002
          - path: /socket.io
            pathType: Prefix
            backend:
              service:
                name: message-service-srv
                port:
                  number: 5003
          - path: /api/message-service/
            pathType: Prefix
            backend:
              service:
                name: message-service-srv
                port:
                  number: 5003
          - path: /api/notification-service/
            pathType: Prefix
            backend:
              service:
                name: notification-service-srv
                port:
                  number: 5004
          - path: /api/ads-service/
            pathType: Prefix
            backend:
              service:
                name: ads-service-srv
                port:
                  number: 5005
          - path: /
            pathType: Prefix
            backend:
              service:
                name: frontend-srv
                port:
                  number: 3000
  tls:
  - hosts:
    - wenet.life
    secretName: wenet-life-tls

Again apply the ingress-nginx-depl.yaml file:

kubectl apply -f ingress-nginx-depl.yaml

check the domain with https:// if its working

...

🔧 Deploying Microservices with Google Cloud Platform's GKE


📈 59.19 Punkte
🔧 Programmierung

📰 Deploying Twingate to GKE


📈 34.28 Punkte
📰 IT Security Nachrichten

🎥 Hybrid Connectivity Networking with Google Cloud GKE Enterprise


📈 27.37 Punkte
🎥 Video | Youtube

🔧 Best of Google Cloud Next 24 - Gemini AI, Vertex AI, GKE, New Axion Chip and others


📈 27.37 Punkte
🔧 Programmierung

📰 Und Microsoft so: Cloud, Cloud, Cloud, Cloud, Cloud, Cloud, Cloud


📈 26.94 Punkte
📰 IT Security Nachrichten

🔧 Welcome to .NET Conf: Focus on Microservices | Focus on Microservices


📈 25.58 Punkte
🔧 Programmierung

🔧 Top Microservices Design Patterns for Microservices Architecture


📈 25.58 Punkte
🔧 Programmierung

📰 heise-Angebot: Mastering Microservices: Schnellere und flexiblere Systeme – dank Microservices!


📈 25.58 Punkte
📰 IT Nachrichten

🔧 Microservices Logging | A Practical Guide to Logging in Microservices


📈 25.58 Punkte
🔧 Programmierung

🔧 Microservices Interview Questions and Answers | Microservices Architecture Training


📈 25.58 Punkte
🔧 Programmierung

🔧 The Intersection of Microservices, Domain-Driven Design and Entity Framework Core | Focus on Microservices


📈 25.58 Punkte
🔧 Programmierung

🔧 🚀 Deploying Spring Boot Microservices using Cyclops ☸️⚓


📈 25.54 Punkte
🔧 Programmierung

🔧 Deploying a Microservices Application Using Helm on Kubernetes


📈 25.54 Punkte
🔧 Programmierung

🔧 Day 9 : Deploying Microservices on Kubernetes - Project Journey


📈 25.54 Punkte
🔧 Programmierung

🔧 Streamlining Microservices Orchestration: A Guide to Deploying Kong-Mesh Zones with Konnect


📈 25.54 Punkte
🔧 Programmierung

🔧 Using Cloud Monitoring to Monitor IRIS-Based Applications Deployed in GKE


📈 25.38 Punkte
🔧 Programmierung

🎥 Demo: Building cloud-native, AI-powered applications with GKE


📈 25.38 Punkte
🎥 Videos

🔧 GKE Cost Optimization: 10 Steps For A Lower Cloud Bill In 2023


📈 25.38 Punkte
🔧 Programmierung

📰 GKE Auditor – Detect Google Kubernetes Engine Misconfigurations


📈 23.52 Punkte
📰 IT Security Nachrichten

📰 Google Announces Confidential GKE Nodes, General Availability of Confidential VMs


📈 23.52 Punkte
📰 IT Security Nachrichten

📰 Google Adds GKE Open-Source Dependencies to Vulnerability Rewards Program


📈 23.52 Punkte
📰 IT Security Nachrichten

🔧 How to Deploy MongoDB on Google Kubernetes Engine (GKE)


📈 23.52 Punkte
🔧 Programmierung

🎥 Essential Tactics to Protect Your Apps in Google Kubernetes Engine (GKE)


📈 23.52 Punkte
🎥 Video | Youtube

📰 Google introduces GKE Autopilot for hands-off Kubernetes


📈 23.52 Punkte
📰 IT Nachrichten

🔧 Cross-Platform Integration: Enabling Seamless Workflow Between AI, Microservices, and Azure Cloud


📈 22.92 Punkte
🔧 Programmierung

🔧 GKE Security: Top 10 Strategies for Securing Your Cluster


📈 21.53 Punkte
🔧 Programmierung

🔧 Building an Enterprise CI/CD Pipeline with Jenkins, Docker, Trivy, and GKE


📈 21.53 Punkte
🔧 Programmierung

📰 USN-5875-1: Linux kernel (GKE) vulnerabilities


📈 21.53 Punkte
🐧 Unix Server

🔧 Implementing IPv6 in Kubernetes Clusters: A Comprehensive Guide for EKS and GKE


📈 21.53 Punkte
🔧 Programmierung

📰 USN-5877-1: Linux kernel (GKE) vulnerabilities


📈 21.53 Punkte
🐧 Unix Server

🔧 Implementing IPv6 in Kubernetes Clusters: A Comprehensive Guide for EKS and GKE


📈 21.53 Punkte
🔧 Programmierung

📰 USN-5860-1: Linux kernel (GKE) vulnerabilities


📈 21.53 Punkte
🐧 Unix Server

📰 USN-6864-3: Linux kernel (GKE) vulnerabilities


📈 21.53 Punkte
🐧 Unix Server

📰 USN-5756-2: Linux kernel (GKE) vulnerabilities


📈 21.53 Punkte
🐧 Unix Server

matomo