This course is designed to teach you about managing application containers, using Kubernetes.
- Containerize an application by creating Docker config files and build processes to produce all the necessary Docker images.
- Configure and launch an auto-scaling, self-healing Kubernetes cluster.
- Use Kubernetes to manage deploying, scaling, and updating your applications.
- Employ best practices for using containers in general, and specifically Kubernetes, when architecting and developing new microservices.
$ gcloud init
$ gcloud compute zones list
$ gcloud config set compute/zone europe-west1-d
$ gcloud config list
$ gcloud info
$ gcloud version
$ gcloud config list
$ mkdir bin
$ go build -o ./bin/monlith ./monolith/
$ sudo ./bin/monlith -http=127.0.0.1:10080
$ curl http://127.0.0.1:10080
$ curl http://127.0.0.1:10080/secure # -> authorization failed
$ curl http://127.0.0.1:10080/login -u user # write: password
$ curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InVzZXJAZXhhbXBsZS5jb20iLCJleHAiOjE0OTAyNjI3OTgsImlhdCI6MTQ5MDAwMzU5OCwiaXNzIjoiYXV0aC5zZXJ2aWNlIiwic3ViIjoidXNlciJ9.mieXvNe3a0L5g7UKdC2HtrnWAeH2wAgcdk2ujpaDRtE" http://127.0.0.1:10080/secure
$ go build -o ./bin/hello ./hello/
$ ./bin/hello -http=":10080" -health=":10081"
$ go build -o ./bin/auth ./auth
$ ./bin/auth -http=":10090" -health=":10091"
$ curl http://localhost:10090/login -u user # write password
$ curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InVzZXJAZXhhbXBsZS5jb20iLCJleHAiOjE0OTAyNjM5OTcsImlhdCI6MTQ5MDAwNDc5NywiaXNzIjoiYXV0aC5zZXJ2aWNlIiwic3ViIjoidXNlciJ9.7qpjI8ZBS92VTTBaI6I-oWn2-x7b4mOM2dB9r1EQsfY" http://localhost:10080/secure
$ gcloud compute instances create ubuntu \
--image-project ubuntu-os-cloud \
--image ubuntu-1604-xenial-v20160420c
$ gcloud compute instances list
$ gcloud compute ssh ubuntu
$ sudo apt-get update
$ sudo apt-get install nginx
$ sudo systemctl start nginx
$ sudo systemctl status nginx
$ curl http://127.0.0.1
$ sudo ps aux | grep nginx
$ cat /etc/init/nginx.conf
$ sudo systemctl stop nginx
$ sudo apt-get install docker.io
$ sudo docker images
$ sudo docker pull nginx:1.10.0
$ sudo docker images
$ sudo dpkg -l | grep nginx
$ sudo docker run -d nginx:1.10.0
$ sudo docker ps
Note: You have to explicitly make the binary static. This is really important in the Docker community right now because alpine has a different implementation of libc. So your go binary wouldn't have had the lib it needed if it wasn't static. You created a static binary so that your application could be self-contained.
$ cat monolith/Dockerfile
$ cd monolith
$ cat Dockerfile
$ GOOS=linux GOARCH=amd64 go build --tags netgo --ldflags '-extldflags "-lm -lstdc++ -static"'
$ sudo docker build -t monolith:1.0.0 .
$ sudo docker images monolith:1.0.0
$ sudo docker run -p 8000:80 -p 8001:81 -d monolith:1.0.0
$ curl localhost:8000 # {"message": "hello"}
$ cd auth
$ GOOS=linux GOARCH=amd64 go build --tags netgo --ldflags '-extldflags "-lm -lstdc++ -static"'
$ sudo docker build -t auth:1.0.0 .
$ sudo docker run -p 9000:80 -p 9001:81 -d auth:1.0.0
$ curl localhost:9000/version
$ cd hello
$ GOOS=linux GOARCH=amd64 go build --tags netgo --ldflags '-extldflags "-lm -lstdc++ -static"'
$ sudo docker build -t hello:1.0.0 .
$ sudo docker run -p 10000:80 -p 10001:81 -d hello:1.0.0
$ curl localhost:10000/version
$ gcloud container clusters create k0
$ kubectl run nginx --image=nginx:1.10.0
$ kubectl get pods
$ kubectl expose deployment nginx --port 80 --type LoadBalancer
$ kubectl get services
$ cat pods/monolith.yaml
$ kubectl create -f pods/monolith.yaml
$ kubectl get pods
$ kubectl describe pods monolith
$ kubectl port-forward monolith 10080:80
$ curl http://127.0.0.1:10080
$ curl http://127.0.0.1:10080/secure
$ curl -u user http://127.0.0.1:10080/login
$ curl -H "Authorization: Bearer <token>" http://127.0.0.1:10080/secure
$ kubectl logs -f monolith
$ curl http://127.0.0.1:10080
$ kubectl exec monolith --stdin --tty -c monolith /bin/sh
$ ping -c 3 google.com
$ ls tls
$ kubectl create secret generic tls-certs --from-file=tls/
$ kubectl describe secrets tls-certs
$ kubectl create configmap nginx-proxy-conf --from-file=nginx/proxy.conf
$ kubectl describe configmap nginx-proxy-conf
$ kubectl create -f pods/secure-monolith.yaml
$ kubectl get pods secure-monolith
$ kubectl port-forward secure-monolith 10443:443
$ curl --cacert tls/ca.pem https://127.0.0.1:10443
$ kubectl logs -c nginx secure-monolith
The wrong way:
$ cat services/monolith.yaml
$ kubectl create -f services/monolith.yaml
$ gcloud compute firewall-rules create allow-monolith-nodeport --allow=tcp:31000
$ gcloud compute instances list
$ kubectl get services
$ kubectl get pods -l "app=monolith"
$ kubectl get pods -l "app=monolith,secure=enabled"
$ kubectl describe pods secure-monolith
$ kubectl label pods secure-monolith "secure=enabled"
$ kubectl get pods -l "app=monolith,secure=enabled"
$ curl -k https://35.187.112.96:31000
$ kubectl create -f deployments/auth.yaml
$ kubectl get deployments
$ kubectl describe deployments auth
$ kubectl create -f services/auth.yaml
$ kubectl create -f deployments/hello.yaml
$ kubectl create -f services/hello.yaml
$ kubectl create configmap nginx-frontend-conf --from-file=nginx/frontend.conf
$ kubectl create -f deployments/hello.yaml
$ kubectl create -f services/frontend.yaml
$ kubectl get service frontend
$ curl -k https://104.199.67.75/
$ kubectl get replicasets
$ kubectl get pods -l "app=hello,track=stable"
## Update number of replicas...
$ kubectl apply -f deployments/hello.yaml
$ kubectl get pods -l "app=hello,track=stable"
$ kubectl get replicasets
$ kubectl get pods
$ kubectl describe deployments hello
## update deployments/auth.yaml to a later version
$ kubectl apply -f deployments/auth.yaml
$ kubectl describe deployments auth
$ kubectl describe pods auth-3099428890-r045n