Skip to content

aayvyas/cloud-service-exercise

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

168 Commits
helm
helm
 
 
kubernetes
kubernetes
 
 
scripts
scripts
 
 
static
static
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
cloudbuild.yaml
cloudbuild.yaml
 
 

Repository files navigation

cloud-service-exercise

GCP Architecture Diagram

gcp-architecture

Requirements

(Must Have)

  • Custom VPC
  • GKE Standard Private Cluster
  • Microservice Deployed using helm
  • Accessbile using a DNS (http or https)
  • Unit testing
  • External data source(use python script) to create firewall rules
    • Allow egress from nodes to GKE master
    • Allow all communication between nodes and pods
  • Setup health checks for microservices

(Should Have)

  • Securing microservice using HTTPS
  • Using remote terraform state
  • Define restrictive network policies for micro-service namepspace - default deny ingress and egress
  • Automated DNS records creation for the Service/Ingress
  • Automated Certificate Provisioning for the Service/Ingress
  • Setup Monitoring using Stack Drivcer
  • Istio Setup

Dependencies

  1. Terraform : install terraform
  2. GCP Cloud Account
  3. Golang : install golang

Estimated Cost of Infrastructure

Click to view the estimated cost on GCP Pricing Calculator

Connecting Cloud Shell to Private GKE Cluster

Step 1 : Paste this in the CloudShell CLI to add your CloudShell's IP to authorized_cidrs in the Control Plane

terraform apply -auto-approve -var authorized_cidr=$(dig +short myip.opendns.com @resolver1.opendns.com) -var project_id=<PROJECT_ID>

Step 2 : Run this to Authenticate

gcloud container clusters get-credentials k8s-cluster \
--project <PROJECT_ID>

Running unit tests

Paste the below command to run unit test cases in CloudShell CLI

cd ./terraform
go test ./... -v -timeout 60m

Provision Infrastructure Using Terraform

On your Cloud Shell CLI, Run the below commands

terraform init
terraform validate
terraform apply -auto-approve -var authorized_cidr=$(dig +short myip.opendns.com @resolver1.opendns.com) -var project_id=<PROJECT_ID>

Setting up Cloud Build for the pipeline

In Progress...

Deploying the microservice using Helm

source: helm

Paste the below code in Cloud Shell CLI

cd ./helm
helm upgrade <GIVE_A_NAME_OF_YOUR_CHOICE> . --install
helm upgrade hd . --install --set data.tls.crt=$TLS_CERT --set data.tls.key=$TLS_PRIVATE_KEY_FILE

Deploying using kubectl and manifests files

source: kubernetes

Paste the below code in Cloud Shell CLI

cd ./kubernetes
kubectl apply -f .

View the deployment

NOTE : As the DNS name used here is a private DNS whose scope is only limited to the VPC, to see the deployment we need to be part of the network.

To view the deployment :

Step 1 : Go to Compute Engine > VM instances

Step 2 : Look for a instance test-vm , ssh into it

Step 3 : paste the below command to view the see the output

# --insecure , as the TLS certificate is self-signed
curl https://api.cloudservices.com/ --insecure

Benchmarking HPA

sudo apt-get -y install apache2-utils 
sudo apt-get -y install apache2 

ab -n 100000 -c 1000 https://api.cloudservices.com/

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages