{GCP GKE}内部アプリケーション ロードバランサ用の Ingress の構成

GCP

 

https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balance-ingress?hl=ja

https://cloud.google.com/load-balancing/docs/l7-internal/setting-up-l7-internal?hl=ja

 

 

-- 1. 前作業

gcloud init
gcloud auth list

gcloud --version

gcloud projects create project01-9999999 \
--name="project01"

gcloud config list
gcloud config set project project01-9999999
gcloud config set compute/region asia-northeast1 --quiet
gcloud config set compute/zone asia-northeast1-a --quiet

gcloud beta billing accounts list
gcloud beta billing projects link project01-9999999 --billing-account=111111-111111-111111

gcloud services enable compute.googleapis.com --project project01-9999999

gcloud components update


-- 2. Google Kubernetes Engine API を有効化

gcloud services list --enabled


gcloud services enable container.googleapis.com \
--project project01-9999999

 

-- 3. kubectlインストール

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl"

chmod +x ./kubectl

sudo mv ./kubectl /usr/local/bin/kubectl
sudo chown root: /usr/local/bin/kubectl

kubectl version --client

 


-- 4. サブネット作成

gcloud compute networks create vpc01 \
--subnet-mode custom


gcloud compute networks subnets create subnet01 \
--purpose=REGIONAL_MANAGED_PROXY \
--role=ACTIVE \
--region=asia-northeast1 \
--network=vpc01 \
--range=10.129.0.0/23

gcloud compute networks subnets create subnet02 \
--region=asia-northeast1 \
--network=vpc01 \
--range=10.1.2.0/24

 

 

gcloud compute networks list
gcloud compute networks subnets list


-- 5. ファイアウォール ルール作成

gcloud compute firewall-rules create fw01 \
--allow=TCP:9376 \
--source-ranges=10.129.0.0/23 \
--network=vpc01

gcloud compute firewall-rules create fw02 \
--network=vpc01 \
--action=allow \
--direction=ingress \
--target-tags=allow-ssh \
--rules=tcp:22


gcloud compute firewall-rules list

 

-- 6. Autopilot GKE クラスターの作成

gcloud container clusters create-auto gke01 \
--location=asia-northeast1 \
--network=vpc01 \
--subnetwork=subnet02 

 

 

gcloud container clusters list

gcloud container clusters describe gke01 --region asia-northeast1 | grep -A3 autopilot

 


-- 7. クラスターに接続する

gcloud container clusters get-credentials gke01 \
--region=asia-northeast1 \
--project=project01-9999999


kubectl get node -o wide
kubectl get pods -n kube-system


-- 8. ウェブ アプリケーションをデプロイ

vim web-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: hostname
  name: hostname-server
spec:
  selector:
    matchLabels:
      app: hostname
  minReadySeconds: 60
  replicas: 3
  template:
    metadata:
      labels:
        app: hostname
    spec:
      containers:
      - image: registry.k8s.io/serve_hostname:v1.4
        name: hostname-server
        ports:
        - containerPort: 9376
          protocol: TCP
      terminationGracePeriodSeconds: 90

kubectl apply -f web-deployment.yaml


-- 9. ネットワーク エンドポイント グループ(NEG)として Service をデプロイ


kubectl get mutatingwebhookconfigurations

vim web-service.yaml

apiVersion: v1
kind: Service
metadata:
  name: hostname
  namespace: default
  annotations:
    cloud.google.com/neg: '{"ingress": true}'
spec:
  ports:
  - name: host1
    port: 80
    protocol: TCP
    targetPort: 9376
  selector:
    app: hostname
  type: ClusterIP


kubectl apply -f web-service.yaml


-- 10. Ingress をデプロイ

vim internal-ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ilb-demo-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "gce-internal"
spec:
  defaultBackend:
    service:
      name: hostname
      port:
        number: 80


kubectl apply -f internal-ingress.yaml

 

-- 11. Ingress が正常にデプロイされたことを検証する

kubectl get ingress ilb-demo-ingress

 


gcloud compute instances create vm01 \
--image-family=debian-11 \
--image-project=debian-cloud \
--network=vpc01 \
--subnet=subnet02 \
--zone=asia-northeast1-a \
--tags=allow-ssh

 

gcloud compute ssh vm01 \
--zone=asia-northeast1-a 


curl 10.1.2.7

 

 


-- 12. クリーンアップ


kubectl delete -f internal-ingress.yaml
kubectl delete -f web-service.yaml
kubectl delete -f web-deployment.yaml


gcloud container clusters delete gke01 \
--region asia-northeast1 \
--quiet

 


gcloud projects list

gcloud projects delete project01-9999999 \
--quiet

gcloud beta billing projects unlink project01-9999999