{"id":2664,"date":"2019-03-17T19:49:34","date_gmt":"2019-03-17T14:19:34","guid":{"rendered":"http:\/\/navveenbalani.dev\/?p=2664"},"modified":"2022-05-29T11:32:15","modified_gmt":"2022-05-29T06:02:15","slug":"building-production-topology-with-google-cloud-part-6","status":"publish","type":"post","link":"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/","title":{"rendered":"Building Production Topology with Google Cloud &#8211; Part 6"},"content":{"rendered":"\n<h2><a>Create Workload, Service and\nIngress<\/a><\/h2>\n\n\n\n<p>Go to the scripts folder of google-cloud-kubernetes-secure-e2e\/scripts project and run the following commands in google cloud sdk\/shell. <\/p>\n\n\n\n<p>Set the project. Replace navveen-api by your project id.<\/p>\n\n\n\n<p>&gt; &nbsp;gcloud\nconfig set project navveen-api<\/p>\n\n\n\n<ol><li>Connect to the backend-custer<\/li><\/ol>\n\n\n\n<p>&gt; gcloud container clusters get-credentials\nbackend-cluster &#8211;zone us-east1-b&nbsp;&nbsp;&nbsp;&nbsp; <\/p>\n\n\n\n<p>The\nbackend-cluster is the kubernetes cluster and the zone is us-east1-b where our\ncluster is running.<\/p>\n\n\n\n<p><strong>Deploying the workload <\/strong><\/p>\n\n\n\n<ul><li>The kube-backend-deployment-nginx.yaml deploys our microservices container (kube-e2e-service) and kube-esp (google endpoint runtime container). This file is the same as the kube-backend-deployment-gcp.yaml that we had described earlier in Solution 1, except that the name of deployment is backend-app-deployment-nginx (instead of backend-app-deployment-gcp).<\/li><\/ul>\n\n\n\n<ul><li>Open the\nkube-backend-deployment-nginx.yaml and replace \u201capis.navveenbalani.dev\u201d with\nthe hostname you provided in Step 7 while configuring the endpoint. The service\nname &nbsp;determines which endpoint configuration\nshould be called.<\/li><\/ul>\n\n\n\n<ul><li>Replace\nAIzaSyC0m7d4cc-jOwJIzymv9ntObF1ukIMrTc- with the endpoint API key that you\ngenerated in the earlier step.<\/li><\/ul>\n\n\n\n<ul><li>The\nreadinessProbe and livenessProbe defines the health check URL for our service.\nOnce the container is started, the path mentioned in the URL would be invoked,\nand if the response is 200, the container would be in the ready state and start\nserving requests. Note, this would test the endpoint configuration as well as\nthe actual microservice endpoint. We had discussed the health check URL in Step\n4 earlier, and through this configuration, we provide which service to invoke\nfor a health check. If you omit the health check configuration for nginx\ningress, it would still work as the default backend service (i.e.\nnginx-ingress-default-backend service) that we discussed earlier provides a\nhealth check service which returns 200.<\/li><\/ul>\n\n\n\n<ul><li>Deploy the\nworkload by running the following command.<\/li><\/ul>\n\n\n\n<p>&gt; kubectl apply -f\nkube-backend-deployment-nginx.yaml <\/p>\n\n\n\n<ul><li>Navigate to\nKubernetes Engine -&gt; Workload and you should see the status as green for <em>backend-app-deployment-nginx <\/em>in few\nminutes.<\/li><\/ul>\n\n\n\n<ul><li>Deploying the service<ul><li>The kube-backend-service-node-nginx.yaml       exposes the service on each Node IP at a static port (using NodePort       type). The port:8081 is the static port and targetPort:8081 is the port       where requests need to be sent, which is the kube-esp container that we  discussed earlier.<\/li><\/ul><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>spec:\n  type: NodePort\n  selector:\n    apps: backend-nginx\n  ports:\n  - port: 8081\n    targetPort: 8081<\/code><\/pre>\n\n\n\n<ul><li>Create the service by running the following command.<\/li><\/ul>\n\n\n\n<p>&gt; kubectl apply -f kube-backend-service-node-nginx.yaml <\/p>\n\n\n\n<p><strong>Creating Ingress<\/strong><\/p>\n\n\n\n<p>Follow the steps below to create Ingress\nfor our application.<\/p>\n\n\n\n<ul><li>The Ingress configuration is provided in kube-backend-ingress-nginx.yaml file. This file is similar to kube-backend ingress-ssl-gcp.yaml that we had discussed in Solution 1 earlier.&nbsp; We have added an annotation \u201ckubernetes.io\/ingress.class: nginx\u201d to denote we want to use Nginx Ingress instead of GCE.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: extensions\/v1beta1\nkind: Ingress\nmetadata:\n  name: kube-ingress-nginx\n  annotations:\n    kubernetes.io\/ingress.class: nginx\n    nginx.ingress.kubernetes.io\/ssl-redirect: \"false\"\nspec:\n  rules:\n  - http:\n      paths:\n      - backend:\n            serviceName: kube-node-service-nginx\t\t\n            servicePort: 8081\n<\/code><\/pre>\n\n\n\n<p>The rules specify that any incoming http request would be directed to kube-node-service-nginx service. The kube-node-service-nginx service would direct it to the endpoint runtime, which would further forward it to the actual microservice implementation. <\/p>\n\n\n\n<ul><li>Run the\nfollowing command to create Ingress.<\/li><\/ul>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &gt;\nkubectl apply -f kube-backend-ingress-nginx.yaml <\/p>\n\n\n\n<ul><li>Go to Kubernetes\nEngine &#8211; &gt; Services and Ingress in Google cloud console and inspect the\nIngress configuration. You should see the status of \u201ckube-ngress-nginx\u201d as\ngreen in some time.<\/li><\/ul>\n\n\n\n<p><em>Figure 40:&nbsp; Service &amp; Ingress Status in Cloud Console<\/em>&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" width=\"351\" height=\"180\" src=\"https:\/\/navveenbalani.dev\/wp-content\/uploads\/2019\/12\/image-41.png\" alt=\"\" class=\"wp-image-2665\" srcset=\"https:\/\/navveenbalani.dev\/wp-content\/uploads\/2019\/12\/image-41.png 351w, https:\/\/navveenbalani.dev\/wp-content\/uploads\/2019\/12\/image-41-300x154.png 300w, https:\/\/navveenbalani.dev\/wp-content\/uploads\/2019\/12\/image-41-350x180.png 350w\" sizes=\"(max-width: 351px) 100vw, 351px\" \/><\/figure>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/p>\n\n\n\n<ul><li>Test the\nmicroservice by invoking the URL and you should see a response \u201cok\u201d being\nprinted on the console.<\/li><\/ul>\n\n\n\n<p>&gt; curl -i\nhttp:\/\/35.231.11.11:80\/fetchWebsite?key=AIzaSyC0m7d4cc-jOwJIzymv9ntObF1ukIMr-Tc&nbsp; <\/p>\n\n\n\n<ul><li>Next, we would\nmodify our ingress file to whitelist IPs. We add the below annotation with\nsource range as 0.0.0.0\/0 to allow IPs.<\/li><\/ul>\n\n\n\n<p><strong>nginx.ingress.kubernetes.io\/whitelist-source-range:\n&#8220;0.0.0.0\/0&#8221;<\/strong><\/p>\n\n\n\n<p>We have created a new file\n\u201ckube-backend-ingress-whitelist-all-nginx.yaml\u201d which contains the added\nannotation.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: extensions\/v1beta1\nkind: Ingress\nmetadata:\n  name: kube-ingress-nginx\n  annotations:\n    kubernetes.io\/ingress.class: nginx\n    nginx.ingress.kubernetes.io\/ssl-redirect: \"false\"\n    nginx.ingress.kubernetes.io\/whitelist-source-range: \"0.0.0.0\/0\"\nspec:\n  rules:\n  - http:\n      paths:\n      - backend:\n            serviceName: kube-node-service-nginx\t\t\n            servicePort: 8081\n\n<\/code><\/pre>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<ul><li>Before running\nthe new configuration, delete the existing kube-ngress-nginx ingress (by\nselecting kube-ngress-nginx and clicking delete from the Services &amp; Ingress\npage). Run the following command to create Ingress.<\/li><\/ul>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &gt;\nkubectl apply -f kube-backend-ingress-whitelist-all-nginx.yaml<\/p>\n\n\n\n<ul><li>Test the\nmicroservice again by invoking the URL and you should see a response \u201cok\u201d being\nprinted on the console. This tests out the whitelisting for our ingress.<\/li><\/ul>\n\n\n\n<p>&gt; curl -i\nhttp:\/\/35.231.11.11:80\/fetchWebsite?key=AIzaSyC0m7d4cc-jOwJIzymv9ntObF1ukIMr-Tc&nbsp; <\/p>\n\n\n\n<ul><li>Next, we would\nmodify our ingress file to whitelist a specific IP. We add the below annotation\nwith source range as 35.194.8.213 to allow only request from IP address &#8211;\n35.194.8.213 to access our service.<\/li><\/ul>\n\n\n\n<p><strong>nginx.ingress.kubernetes.io\/whitelist-source-range:\n&#8220;35.194.8.213&#8221;<\/strong><\/p>\n\n\n\n<p>We have created a new file \u201ckube-backend-ingress-whitelist-nginx.yaml\u201d which contains the added annotation.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: extensions\/v1beta1\nkind: Ingress\nmetadata:\n  name: kube-ingress-nginx\n  annotations:\n    kubernetes.io\/ingress.class: nginx\n    nginx.ingress.kubernetes.io\/ssl-redirect: \"false\"\n    nginx.ingress.kubernetes.io\/whitelist-source-range: \"35.194.8.213\"\nspec:\n  rules:\n  - http:\n      paths:\n      - backend:\n            serviceName: kube-node-service-nginx\t\t\n            servicePort: 8081\n<\/code><\/pre>\n\n\n\n<ul><li>Before running\nthe new configuration, delete the existing kube-ngress-nginx ingress (by\nselecting it and clicking delete from the Services &amp; Ingress page). Run the\nfollowing command to create Ingress.<\/li><\/ul>\n\n\n\n<p>&gt; kubectl apply -f\nkube-backend-ingress-whitelist-nginx.yaml<\/p>\n\n\n\n<ul><li>Test the\nmicroservice again by invoking the URL and you should see a 403 Forbidden error\nbeing printed on the console. This tests out the whitelisting for our ingress.<\/li><\/ul>\n\n\n\n<p>&gt; curl -i\nhttp:\/\/35.231.11.11:80\/fetchWebsite?key=AIzaSyC0m7d4cc-jOwJIzymv9ntObF1ukIMr-Tc&nbsp; <\/p>\n\n\n\n<p><em>Figure 41:&nbsp; 403 Forbidden Error<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" width=\"350\" height=\"193\" src=\"https:\/\/navveenbalani.dev\/wp-content\/uploads\/2019\/12\/image-42.png\" alt=\"\" class=\"wp-image-2666\" srcset=\"https:\/\/navveenbalani.dev\/wp-content\/uploads\/2019\/12\/image-42.png 350w, https:\/\/navveenbalani.dev\/wp-content\/uploads\/2019\/12\/image-42-300x165.png 300w\" sizes=\"(max-width: 350px) 100vw, 350px\" \/><\/figure>\n\n\n\n<p>We don\u2019t need to use Cloud Armor with Nginx Ingress as Nginx Ingress controller provides whitelisting and many features out of the box. This completes the production step. For list of best practices to follow for production setup, check out the last part of the series <a href=\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-7\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-7\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Create Workload, Service and Ingress Go to the scripts folder of google-cloud-kubernetes-secure-e2e\/scripts project and run the following commands in google cloud sdk\/shell. Set the project. Replace navveen-api by your project id. &gt; &nbsp;gcloud config set project navveen-api Connect to the backend-custer &gt; gcloud container clusters get-credentials backend-cluster &#8211;zone us-east1-b&nbsp;&nbsp;&nbsp;&nbsp; The backend-cluster is the kubernetes cluster [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2128,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,79],"tags":[285],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v16.0.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Building Production Topology with Google Cloud - Part 6 - Current and Future Technology Trends by Navveen Balani<\/title>\n<meta name=\"description\" content=\"Building Production Topology with Google Cloud - Part 6 - Articles\" \/>\n<link rel=\"canonical\" href=\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Building Production Topology with Google Cloud - Part 6 - Current and Future Technology Trends by Navveen Balani\" \/>\n<meta property=\"og:description\" content=\"Building Production Topology with Google Cloud - Part 6 - Articles\" \/>\n<meta property=\"og:url\" content=\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/\" \/>\n<meta property=\"og:site_name\" content=\"Current and Future Technology Trends by Navveen Balani\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-17T14:19:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-05-29T06:02:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/navveenbalani.dev\/wp-content\/uploads\/2016\/09\/bk6.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"450\" \/>\n\t<meta property=\"og:image:height\" content=\"374\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\">\n\t<meta name=\"twitter:data1\" content=\"5 minutes\">\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/navveenbalani.dev\/#website\",\"url\":\"https:\/\/navveenbalani.dev\/\",\"name\":\"Current and Future Technology Trends by Navveen Balani\",\"description\":\"Current and Future Technology Trends by Navveen Balani\",\"publisher\":{\"@id\":\"https:\/\/navveenbalani.dev\/#\/schema\/person\/51f7ab14b20611d95e3c7fd4ea0950bf\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/navveenbalani.dev\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/navveenbalani.dev\/wp-content\/uploads\/2016\/09\/bk6.jpg\",\"width\":450,\"height\":374},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/#webpage\",\"url\":\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/\",\"name\":\"Building Production Topology with Google Cloud - Part 6 - Current and Future Technology Trends by Navveen Balani\",\"isPartOf\":{\"@id\":\"https:\/\/navveenbalani.dev\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/#primaryimage\"},\"datePublished\":\"2019-03-17T14:19:34+00:00\",\"dateModified\":\"2022-05-29T06:02:15+00:00\",\"description\":\"Building Production Topology with Google Cloud - Part 6 - Articles\",\"breadcrumb\":{\"@id\":\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/navveenbalani.dev\/\",\"url\":\"https:\/\/navveenbalani.dev\/\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"position\":2,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/\",\"url\":\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/\",\"name\":\"Building Production Topology with Google Cloud &#8211; Part 6\"}}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/#webpage\"},\"author\":{\"@id\":\"https:\/\/navveenbalani.dev\/#\/schema\/person\/51f7ab14b20611d95e3c7fd4ea0950bf\"},\"headline\":\"Building Production Topology with Google Cloud &#8211; Part 6\",\"datePublished\":\"2019-03-17T14:19:34+00:00\",\"dateModified\":\"2022-05-29T06:02:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/#webpage\"},\"publisher\":{\"@id\":\"https:\/\/navveenbalani.dev\/#\/schema\/person\/51f7ab14b20611d95e3c7fd4ea0950bf\"},\"image\":{\"@id\":\"https:\/\/navveenbalani.dev\/index.php\/articles\/building-production-topology-with-google-cloud-part-6\/#primaryimage\"},\"keywords\":\"google-cloud\",\"articleSection\":\"Articles,Cloud Computing\",\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/navveenbalani.dev\/#\/schema\/person\/51f7ab14b20611d95e3c7fd4ea0950bf\",\"name\":\"Navveen\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/navveenbalani.dev\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/navveenbalani.dev\/wp-content\/uploads\/2019\/07\/navveen_balani.jpeg\",\"width\":200,\"height\":200,\"caption\":\"Navveen\"},\"logo\":{\"@id\":\"https:\/\/navveenbalani.dev\/#personlogo\"},\"sameAs\":[\"http:\/\/naveenbalani.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/navveenbalani.dev\/index.php\/wp-json\/wp\/v2\/posts\/2664"}],"collection":[{"href":"https:\/\/navveenbalani.dev\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/navveenbalani.dev\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/navveenbalani.dev\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/navveenbalani.dev\/index.php\/wp-json\/wp\/v2\/comments?post=2664"}],"version-history":[{"count":10,"href":"https:\/\/navveenbalani.dev\/index.php\/wp-json\/wp\/v2\/posts\/2664\/revisions"}],"predecessor-version":[{"id":3502,"href":"https:\/\/navveenbalani.dev\/index.php\/wp-json\/wp\/v2\/posts\/2664\/revisions\/3502"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/navveenbalani.dev\/index.php\/wp-json\/wp\/v2\/media\/2128"}],"wp:attachment":[{"href":"https:\/\/navveenbalani.dev\/index.php\/wp-json\/wp\/v2\/media?parent=2664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/navveenbalani.dev\/index.php\/wp-json\/wp\/v2\/categories?post=2664"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/navveenbalani.dev\/index.php\/wp-json\/wp\/v2\/tags?post=2664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}