GKE with Helm¶

Env Variables¶

CLUSTER_NAME=MyGKECluster
REGION=europe-west4
NODE_LOCATIONS=${REGION}-a,${REGION}-b
ZONE=europe-west4-a
K8S_VERSION=1.11.5-gke.4
PROJECT_ID=

Get Kubernetes versions¶

gcloud container get-server-config --region $REGION

Create Cluster¶

gcloud container clusters create ${CLUSTER_NAME} \
    --region ${REGION} --node-locations ${NODE_LOCATIONS} \
    --cluster-version ${K8S_VERSION} \
    --num-nodes 2 --machine-type n1-standard-2 \
    --addons=HorizontalPodAutoscaling \
    --min-nodes 2 --max-nodes 3 \
    --enable-autoupgrade \
    --enable-autoscaling \
    --enable-network-policy \
    --labels=purpose=practice

Post Install¶

kubectl create clusterrolebinding cluster-admin-binding \
    --clusterrole cluster-admin \
    --user $(gcloud config get-value account)

Delete Cluster¶

gcloud container clusters delete $CLUSTER_NAME --region $REGION

Configure kubeconfig¶

gcloud container clusters get-credentials ${CLUSTER_NAME} --region ${REGION}

Install Cluster Tools¶

Helm¶

We use Helm as a package manager to more easily install other tools on Kubernetes.

There's several repositories with a large number of mature charts - the name of the Helm packages.

One being Helm/Stable another being Helm Hub.

Create service account¶

kubectl create serviceaccount --namespace kube-system tiller

Warning

Tiller is deemed not safe for production, at least not in its default configuration. Either enable its TLS configuration and take other measures (such as namespace limitation) or use alternative solutions. Such as Kustomize, Pulumi, Jenkins X or raw Yaml.

Create cluster role binding¶

kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

helm init¶

helm init --service-account tiller

Test version¶

helm version

Warning

Currently, nginx ingress controller has an issue with Helm 2.14. So if you 2.14, either downgrade to 2.13.1 or install the Ingress Controller via an alternative solution (such as Kustomize).

Ingress Controller¶

helm install --namespace ingress-nginx --name nginx-ingress stable/nginx-ingress \
    --set controller.service.externalTrafficPolicy=Local \
    --set controller.replicaCount=3 \
    --set rbac.create=true

Get LoadBalancer IP¶

export LB_IP=$(kubectl get svc -n ingress-nginx nginx-ingress-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
echo $LB_IP

Warning

Now is the time to configure your DNS to use whatever LB_IP's value is.

Cert Manager¶

Cert Manager is the recommended approach for managing TLS certificates in Kubernetes. If you do not want to manage certificates yourself, please use this.

The certificates it uses are real and valid certificates, provided by Let's Encrypt.

Install CRD's¶

kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.8/deploy/manifests/00-crds.yaml

Create Namespace¶

kubectl create namespace cert-manager

Label namespace¶

kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true

Add Helm Repo¶

helm repo add jetstack https://charts.jetstack.io
helm repo update

Install¶

helm install \
    --name cert-manager \
    --namespace cert-manager \
    --version v0.8.0 \
    jetstack/cert-manager

Last update: 2019-08-31 13:12:00