Google Kubernetes Engine

Harnessing the Power of Google Kubernetes Engine

2023-07-10

Creating a new cluster

We’re now going to set up Google Kubernetes Engine (GKE). Before we start, ensure you have a valid Gmail account then visit the following URL: console.cloud.google.com.

gke1

Click on the hamburger menu and go to Kubernetes Engine | Clusters

gke2

Enable the Kubernetes Engine API. It will take a few seconds to initialize.

gke3

Click on Create.

gke4

Select Switch to Standard Cluster.

gke5

Enter your cluster’s basic information as follows:

Choose a cluster name. For the purposes of this demonstration, I’ll select the default.
Set the location to Regional.
Click on Specify node locations and pick all three locations.

gke6

I’ll choose the regular channel and select Kubernetes version 1.25.8.

gke7

To find out more about release channels, follow this link: cloud.google.com/kubernetes-engine/docs/concepts/release-channels.

In the default-pool section, I’ll select one node per zone. There are three zones, so there will be three nodes in total.

gke8

Under Nodes, make the following changes to reduce the cost:

Change Machine type to e2-small.
Change Boot disk size to 20GB.
Tick Enable nodes on spot VMs.

To learn more about Spot VMs, visit: cloud.google.com/compute/docs/instances/spot.

gke9

Under Security, select Allow full access to all Cloud APIs.

gke10

References: cloud.google.com/compute/docs/access/service-accounts#accesscopesiam

gke11

Continuing on with the networking section.

Tick the Access control plane using its external IP address and Enable control plane global access check boxes.

Make sure to provide the Control plane IP range.

References: cloud.google.com/kubernetes-engine/docs/how-to/private-clusters

Under Cluster | Networking, tick the following boxes:

Enable Dataplane V2
Enable control plane authorized networks

GKE Dataplane V2 is a data plane for GKE and Anthos clusters that is optimized for Kubernetes networking.

To find out more about Dataplane V2, see: cloud.google.com/kubernetes-engine/docs/concepts/dataplane-v2.

In the Authorized networks section, I’ll try to access the cluster from the public internet. In the interest of security, only give a static IP address that is restricted to your organization.

gke12

Security is a broad subject area, and so we won’t go into too much detail here. However, if you’re interested learning more about hardening your clusters, then follow the link below: cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster.

Under Cluster | Security, make sure to enable Workload Identity.

Workload Identity allows workloads in your GKE clusters to impersonate Identity and Access Management (IAM) service accounts in order to access Google Cloud services.

To learn more about Workload Identity, follow the link below:

cloud.google.com/kubernetes-engine/docs/how-to/workload-identity.

gke13

Now that we’ve made all the necessary changes, let’s proceed by clicking Create.

It will take a couple of minutes to launch the new cluster.

gke14

Cloud NAT

gke15

Cloud NAT provides outgoing connectivity for the following resources:

Compute Engine virtual machine (VM) instances without external IP addresses.
Private Google Kubernetes Engine clusters.
Cloud Run instances through Serverless VPC Access.
Cloud Functions instances through Serverless VPC Access.
App Engine standard environment instances through Serverless VPC Access.

Click on Get Started.

gke16

Provide the following information and choose your region which is closest to your location:

Gateway name – gke-cloud-nat
Region – asia-south1 Make sure to create a new cloud router.

gke17

Name it “gke-cloud-router” and leave the rest of the fields set to their defaults.

gke18

Now go ahead and click on Advanced Configurations.

gke19

Tick the Enable Dynamic Port Allocation box: cloud.google.com/nat/docs/ports-and-addresses#dynamic-port.

gke20

Leave everything set to the defaults, and then click Create.

There we go. Our Cloud NAT has been successfully created!

gke21

Private service connection

We need to enable this feature to work with CloudSQL, which we’ll be setting up shortly on a private network.

To learn more about it, visit: cloud.google.com/sql/docs/mysql/configure-private-services-access.

Let’s begin by searching for “vpc” and clicking on “VPC networks”

gke22

Click on default.

gke23

gke24

Click on Private Service Connection | Enable API to activate the Service Networking API.

gke25

Once the API is enabled, click on Allocate IP Range.

gke26

The IP range should be on Automatic, with Prefix length set to 16.

gke27

The IP range has now been successfully configured.

gke28

Next let’s enable Private Connection to Services.

Click on Create Connection.

gke29

Select gke-internal-ip, which we created earlier, and click on Connect.

gke30

Our private service connection has now been successfully created.

gke31

Cloud SQL

Now we’ll create our cloud database.

gke32

Click on Create Instance and select MySQL.

gke33

First, we’ll need to add some necessary information:

Provide the instance ID. For the purposes of this tutorial, we’ve chosen cloud-sample-db.
Provide a strong password.
Set MySQL 8.0 as the version.

gke34

We’re going to choose the Development environment as our configuration.

Note: Because this is a tutorial, we can easily start by experimenting with the database. But this is not suitable for a production workload.

gke35

Set Zonal availability to Single zone.

gke36

We’ll then select the Standard machine type with 1 vCPU and 3.75 GB of RAM.

gke37

As for Storage type, we’ll select HDD. It’s a lower performance option compared to SSD, but it’s more than sufficient for testing out this application.

Storage capacity should be set to 10 GB.

Uncheck the Enable automatic storage increases box.

gke38

Next, go to Connections and make the following changes:.

Tick the Private IP box under Instance IP assignment.
Set the network to default.
Set the allocated IP range to gke-internal-ip.

You may remember from earlier how we created gke-internal-ip in the section entitled Private Service Connections.

gke39

Under Data Protection, uncheck the Enable deletion protection and Automatic Backups boxes. These are not required for this tutorial. However, we strongly recommend using them when working in a production environment. They will be of immense help in the event that disaster recovery is necessary.

gke40

Everything is now configured properly, so we can go ahead and click Create Instance.

gke41

It will take a couple of minutes to initialize the database.

Once the database has been successfully initialized and is up and running, click on the Databases section and create a new database.

gke42

Provide the necessary information as shown below:

Database Name – helloworld_db
Character set – utf8
Collation – utf8_general_ci

gke43

The database has been successfully created!

gke44

Artifact Registry

Now, we are going to store our Docker images in Artifact Registry. It’s the next generation of container registry and allows you to store, manage, and secure your build artifacts.

gke45

If you are using this API for the first time, then you’ll need to enable it. You’ll only have to do this once.

gke46

Click on Create Repository.

gke47

Provide the necessary information as follows:

Name – django-python-hello-world
Format – Docker
Mode – Standard
Location type – Region
Region – asia-south1

Make sure to choose the region that’s closest to your location.

You may have noticed that the format section offers multiple support options, including Docker, Python, Maven, and so on. This is why it’s considered a universal build artifact tool.

gke48

Now you can go ahead and click on Create.

gke49

The registry has been successfully created!

Creating CRUD APIs (TODO App)

Running applications in GKE