Google Kubernetes Engine (GKE)

GKE clusters are created and configured using the Google Cloud Console

Prerequisites

• gcloud utility Installing Google Cloud SDK

Configuration

Helm

curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash

Nginx

kubectl create namespace ingress-basic

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

helm upgrade --install nginx-ingress ingress-nginx/ingress-nginx \
    --namespace ingress-basic \
    --set rbac.create=true

Extract the load balancer ip address using the following command:

kubectl --namespace ingress-basic get services -o wide -w nginx-ingress-ingress-nginx-controller

Change the ip address type to Static instead of Ephemeral in GCE External IP addresses

Update cluster DNS record to point to the cluster static ip in GCE Cloud DNS

Replace the service external traffic policy to local

Note

Local externalTrafficPolicy can unbalance load on cluster with multiple nodes but hide the client ip address.

kubectl patch svc -n ingress-basic nginx-ingress-ingress-nginx-controller -p '{"spec":{"externalTrafficPolicy":"Local"}}'

Cert Manager (Let’s Encrypt)

Cert Manager can be installed with Helm using these commands:

kubectl create namespace cert-manager

helm repo add jetstack https://charts.jetstack.io
helm repo update

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --set installCRDs=true

Confirm that each pod is in running state:

kubectl get pods --namespace cert-manager

Create the cluster issuer (Cert-Manager configuration)

cat << EOF > cluster-issuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: <EMAIL_ADDRESS>
    privateKeySecretRef:
      name: letsencrypt
    solvers:
    - http01:
        ingress:
          class: nginx
EOF

kubectl apply -f cluster-issuer.yaml

Clients configuration

Auto-completion

Add these lines to ~/.bashrc

source <(helm completion bash)

source <(kubectl completion bash)
alias k=kubectl
complete -F __start_kubectl k