In this article, we would be deploying a set of microservices (as containers) on Google Kubernetes Cluster. We would use Google Endpoints for API management and deploy the google endpoint container along with our microservices container. <\/p>\n\n\n\n
Containers are\nbecoming a standard way to run and scale microservices across multiple cloud\nproviders. With Kubernetes, the job of deployment, scaling, and management of\ncontainerized applications on cloud or on promises is now mainstream and\nextremely streamlined.<\/p>\n\n\n\n
To build a production\ngrade environment, however, you need a host of other components like Virtual\nPrivate Network (VPN), endpoint management for microservices, load balancer to\nbalance request over various protocols (HTTP, HTTP(s), Web socket), Configuring\nSSL, Health monitoring of services, Network configuration like Whitelisting of\nIPs, Network address translation (NAT) for Outbound connections, and ensuring\nlogging at various entry points in your application.<\/p>\n\n\n\n
In this blog, I will go through the high-level steps to create a production ready environment on Google cloud for deploying microservices. The steps outlined are generic and can be applied to build your production topology on similar lines. <\/p>\n\n\n\n
We would further create an Ingress Controller (of type Load Balancer) and expose our application microservices over HTTPS. All incoming HTTPS requests would go to a Load balancer, which would direct them to one of the nodes in the Kubernetes Cluster. In the nodes, the requests would first go to Google endpoint (which would validate the endpoint key and logs all endpoint request) and then to the respective microservice endpoints.<\/p>\n\n\n\n
We would be\ndeploying a set of microservices (as containers) on Google Kubernetes Cluster.\nWe would use Google Endpoints for API management and deploy the google endpoint\ncontainer along with our microservices container. <\/p>\n\n\n\n
We would further\ncreate an Ingress Controller (of type Load Balancer) and expose our application\nmicroservices over HTTPS. All incoming HTTPS requests would go to a Load balancer,\nwhich would direct them to one of the nodes in the Kubernetes Cluster. In the\nnodes, the requests would first go to Google endpoint (which would validate the\nendpoint key and logs all endpoint request) and then to the respective\nmicroservice endpoints.<\/p>\n\n\n\n
There are\nadditional requirements on ensuring only authorized IPs access our microservices.\nWe will learn how to whitelist the IPs using two approaches – Google Cloud\nArmor and Nginx Ingress Controller (instead of the default Google Ingress\nController).<\/p>\n\n\n\n
Similarly, for\noutbound connections, we would be connecting to third-party services. The\nthird-party services employ similar IP whitelisting requirements, and we\u2019ll\nneed to provide our set of outbound IPs that would connect to these third-party\nservices. For this requirement, we would\nbe use Google Cloud NAT to provide our private Google Kubernetes Engine (GKE)\nclusters the ability to connect to the Internet, as well as Static outbound IPs\nthat we can configure and provide to third-party services to whitelist on their\nservers.<\/p>\n\n\n\n
There are\nadditional requirements on ensuring only authorized IPs access our microservices.\nWe will learn how to whitelist the IPs using two approaches – Google Cloud\nArmor and Nginx Ingress Controller (instead of the default Google Ingress\nController).<\/p>\n\n\n\n
Similarly, for outbound connections, we would be connecting to third-party services. The third-party services employ similar IP whitelisting requirements, and we\u2019ll need to provide our set of outbound IPs that would connect to these third-party services. For this requirement, we would be use Google Cloud NAT to provide our private Google Kubernetes Engine (GKE) clusters the ability to connect to the Internet, as well as Static outbound IPs that we can configure and provide to third-party services to whitelist on their servers.<\/p>\n\n\n\n
The following are\nthe high-level steps that we would carry out to build and deploy our\nmicroservices configuration. It is assumed that the Google project is already\ncreated.<\/p>\n\n\n\n
The Solution 1\nabove uses default Google Ingress Controller. We can also use Nginx Ingress Controller\nas it provides a lot of add-on features like IP whitelisting, rule\nconfiguration, HTTP(s) redirect etc. The deployment process is the same as\ndescribed in Solution 1, except for Point 7 and Point 8. For Point 7, we would\ninstall Nginx ingress first on our Kubernetes Cluster and then deploy the Nginx\nIngress configuration for our application (instead of GCE ingress). We don\u2019t\nneed Cloud Armor as the whitelisting of IPs is supported through Nginx Ingress\ndirectly. <\/p>\n\n\n\n