Discover methodologies and best practices for getting started with Google Kubernetes Engine (GKE). This book helps you understand how GKE provides a fully managed environment to deploy and operate containerized applications on Google Cloud infrastructure.
You will see how Kubernetes makes it easier for users to manage clusters and the container ecosystem. And you will get detailed guidance on deploying and managing applications, handling administration of container clusters, managing policies, and monitoring cluster resources. You will learn how to operate the GKE environment through the GUI-based Google Cloud console and the "gcloud" command line interface.
The book starts with an introduction to GKE and associated services. The authors provide hands-on examples to set up Container Registry and GKE Cluster, and you will follow through an application deployment on GKE. Later chapters focus on securing your GCP GKE environment, GKE monitoring and dashboarding, and CI/CD automation. All of the code presented in the book is provided in the form of scripts, which allow you to try out the examples and extend them in interesting ways.
You will:
* Understand the main container services in GCP (Google Container Registry, Google Kubernetes Engine, Kubernetes Engine, Management Services)
* Perform hands-on steps to deploy, secure, scale, monitor, and automate your containerized environment
* Deploy a sample microservices application on GKE
* Deploy monitoring for your GKE environment
* Use DevOps automation in the CI/CD pipeline and integrate it with GKE
Author(s): Navin Sabharwal, Piyush Pandey
Publisher: Apress
Year: 2020
Language: English
Pages: 428
Table of Contents
About the Authors
About the Technical Reviewers
Acknowledgments
Chapter 1: Introduction to GKE
Introduction to Docker
Introduction to Kubernetes
Master Node
Node (Worker) Component
Managing Kubernetes
Kubernetes Workload
Introduction to GCP
GCP Container Solutions for Container Ecosystems
Google Kubernetes Engine
Comparing EKS, AKS, and GKE
Amazon Elastic Kubernetes Service
Azure Kubernetes Service
Google Kubernetes Engine
GKE Architecture
Cluster Master
Cluster Master and the Kubernetes API
Nodes
Types of Node Machines
Container Registry
Network
Cloud Run
Key Features
Anthos
Components of Anthos
Anthos GKE
Anthos Config Management
Anthos Service Mesh
Summary
Chapter 2: Setting Up an Environment on GCP
Signing Up for Google Cloud
Setting Up an Environment for Google GKE
Setting Up the GCP CLI
GCP Cloud Shell
Creating a Project
Launching Cloud Shell
Creating a VM Instance in Compute Engine
Setting Up CLI on the Created VM
Configuring Google Cloud CLI on Local Machine
How to Get Project ID
Supporting Services for Containers
Summary
Chapter 3: Container Image Management Using Google Container Registry
Introduction to Google Container Registry
Setting Up Google Container Registry
Pushing a Docker Image into the GCP Container Registry
Managing and Securing the GCP Container Registry
Copying Images to a New Registry
Deleting Images from the Container Registry
Vulnerability Scanning an Image
Setting Up Vulnerability Scanning
Summary
Chapter 4: GKE Networking
Introduction to Google Kubernetes Engine (GKE)
Kubernetes on Google Cloud
GKE Network Terminologies
Network Namespace
Virtual Ethernet Devices
Bridges
Iptables
Services
Kube-proxy
HTTP(S) Load Balancer
NodePort
GKE IP Address Allocation
Communication Among Containers
Communication Between Pods on the Same Node
Communication Between PODs on Different Nodes
Communication of PODs with Services
Communication of Pods with the Internet (Outside World)
Load Balancing for Services
External Load Balancer
Internal Load Balancer (TCP/UDP) Load Balancer
HTTP(s) Load Balancer (at Layer 7)
Communication from an External Load Balancer to a Service
Internal Load Balancer
Communication from an Internal Load Balancer to a Service
HTTP(S) Load Balancer
Communication from an HTTP(S) Load Balancer to a Service
Deployment of the GKE Cluster
Cluster Basics
Node Pool
Node Metadata
Automation
Networking
Advance Networking Options
Security
Metadata
Features
Cluster Management Dashboard
Summary
Chapter 5: Deploying Containerized Applications with Google GKE
Introduction
Simple Application Architecture Overview
Advantages of Microservice Architecture
Introduction to the Sock Shop Microservice Application
Services
Application Deployment on GKE
complete-demo.yaml: A Brief Explanation
Deleting the Cluster
Summary
Chapter 6: GKE Security
Introduction
Google Cloud Shared Responsibility Model (GCSRM)
Infrastructure Security
Identity and Access Management
The GCP Console
GCP Console Features
Accessing the GCP Console
Cloud SDK
gcloud
kubectl
Install Cloud SDK
Cloud IAM Policies
Types of Cloud IAM Roles
Predefined GKE Role
Primitive Roles
Service Account User Role
Custom Roles
Role-Based Access Control
Audit Logging
Viewing the Admin Activity Log Through the Google Cloud Console
Network Security
Enabling Authorized Networks for the Kubernetes Master
Node Firewall
Enabling Network Policy for Pods’ Secure Communication
Enabling Network Policy Enforcement by the gcloud Command
Enabling Network Policy Through the Google Console
Enabling Network Policy Enforcement for an Existing Cluster Through the Google Console
Creating a Network Policy
Filtering Traffic Through a Load Balancer
Creating a Private Kubernetes Cluster in GKE
Compliance and Minimal Host OS
Auto-upgrade Components
Enable Automatic Upgrades Through the Cloud Console
Enabling Automatic Node Repair
Enabling Automatic Node Repair Through gcloud
Enabling Automatic Node Repair Through the Cloud Console
Encryption Keys and Secrets Encryption
Workload Identity
Defining Privileges and Access Control for Pods
Managed SSL Certificates
Application Development and Release Security
Development Phase
Build Phase
Development and Release Phase
Summary
Chapter 7: GKE Dashboarding Using Stackdriver (Google Operations) and Grafana
Introduction to Google Stackdriver (Google Operations)
Setting Up Google Stackdriver (Google Operations) with Grafana
Setting Up the Environment
Deploying and Validating Application Deployment on the GKE Cluster
Deploying Grafana
Connecting with the Grafana Installation
Data Source Configuration
Setting Up a Grafana Dashboard
Summary
Chapter 8: Monitoring GKE Using Sysdig
Introduction to the Sysdig Monitoring Solution
Container Application Monitoring
Open Port 6443 for Agent Ingress and Egress
Installing Sysdig Agent on GKE
Navigating GKE Monitoring Reports
Summary
Chapter 9: GKE Monitoring Using Prometheus
Introduction
Overview of Prometheus
Prometheus Architecture
Prometheus Server
Prometheus Pushgateway
Exporters
Alertmanager
Web-UI
Key Container Monitoring Features
Multidimensional Data Model
Accessible Format and Protocols
Service Discovery
Modular and Highly Available Components
Native Query Language Support
Support for Dashboarding and Reporting
Prometheus on Google Kubernetes Engine
Setting Up Prometheus on a Kubernetes Cluster
Installing and Setting Up Prometheus on GKE
Cloning Prometheus Code from GitHub
Creating the Namespace
Cluster Role YAML File
Cluster Role Section
apiVersion
kind
metadata
rules
Cluster Role Binding Section
apiVersion
kind
metadata
Creating a ConfigMap
Prometheus Deployment
Exporters
Node Exporter
Installation of Node Exporter in Prometheus Using a Helm Chart
Blackbox Exporter
Summary
Chapter 10: Automation of GKE Cluster, Application, and Monitoring Deployments
Introduction
Cleaning Up the GKE Environment Namespace
Environment Setup
Setting Up the Docker CE
Setting Up kubectl
Installing the Java Development Kit (JDK)
Installing Jenkins
Jenkins Slave Setup
Creating a Service for the Jenkins Slave
GKE Provisioning, Application Deployment, and Sysdig Agent, Using a Jenkins Pipeline
Deleting the GKE Cluster from the Jenkins Pipeline
Summary
Index