-
1 VPC
-
2 subnets (management subnet & restricted subnet):
- Management subnet has the following: • NAT gateway • Private VM
- Restricted subnet has the following: • Private standard GKE cluster (private control plan)
- Restricted subnet must not have access to internet
- All images deployed on GKE must come from GCR or Artifacts registry.
- The VM must be private.
- Deployment must be exposed to public internet with a public HTTP load balancer.
- All infra is to be created on GCP using terraform.
- Deployment on GKE can be done by terraform or manually by kubectl tool.
- The python code to be build/dockerized and pushed to GCR is on here:
https://github.com/atefhares/DevOps-Challenge-Demo-Code
- Don’t use default compute service account while creating the gke cluster, create custom SA and attach it to your nodes.
- Only the management subnet can connect to the gke cluster.
- VPC(As-required).
- Subnets(As-required).
- Cloud Router.
- Cloud Nat.
- Private Instance.
- Firewall rule.
- Service accounts.
- GKE cluster. (note: all configurations files used in infrastructure is provided in this repo)
terraform init
terraform apply
- Dockerfile of python app.
- Docker image of redis.
- Configure Docker & gcloud to work with GCR of your project. (note: all configurations files used in containerization is provided in this repo)
docker build -t <image-name>
docker push gcr.io/<project-name>/<image-name>
- you could do it by just adding the configuration script file(provided) into the instance and run it.
- then CONGRATULATIONS you are into cluster and all tools required is installed.
- deployment of python app.
- deployment of redis database.
- service (ClusterIP).
- service (loadbalancer). (note: all yaml files used is provided in this repo)
kubectl apply -f python_deploy.yaml
kubectl apply -f redis_deploy.yaml
kubectl apply -f service.yaml
kubectl apply -f loadbalancer.yaml
kubectl get service
- take the loadbalancer external-ip.
- put it into your browser followed by the exposed port.