terraform_使用Terraform在Google Cloud Kubernetes引擎上部署Python Web Apps

Deployment workflow

部署工作流程

Before you get started, you need to install environment binaries. In this example the first few steps illustrate how to setup and configure binaries on Mac OSX/Linux.

在开始之前，您需要安装环境二进制文件。 在此示例中，前几个步骤说明了如何在Mac OSX / Linux上设置和配置二进制文件。

Stack used: Terraform, kubectl, YAML, Redis cluster, Python & Go Lang

使用的堆栈：Terraform，kubectl，YAML，Redis群集，Python和Go Lang

Here what is needed before you get started.

在开始之前，这里需要什么。

1. terraform executable
   terraform可执行文件

2. gcloud binaries

2. gcloud二进制文件

3. kubectl/minikube

3. kubectl / minikube

on mac using homebrew

在Mac上使用自制软件

$ brew install kubectl

$ brew install kubectl

Install Docker

安装Docker

4. Setup gcloud creds

4.设置gcloud凭证

export PROJECT_NAME=project-name-123456
gcloud iam service-accounts keys create creds/serviceaccount.json \
  --iam-account sa-name@${PROJECT_NAME}.iam.gserviceaccount.com

5. It is time to write your declarative IAC code to define your GCP infrastructure provider.

5.是时候编写声明性IAC代码来定义GCP基础结构提供程序了。

provider "google" {
  credentials = file("./creds/serviceaccount.json")
  project     = "project-name-123456"
  region      = "us-east1"
}

6. Define your Kubernetes cluster tf declaration.

6.定义您的Kubernetes集群tf声明。

resource "google_container_cluster" "gke-cluster" {
  name               = "my-first-gke-cluster"
  network            = "default"
  location           = "us-east1-b"
  initial_node_count = 3
}

7. Initialize terraform:

7.初始化terraform：

8. Before apply dry run terraform with “plan” option

8.在应用带有“计划”选项的空运行地形之前

9. Apply mypkan to continue

9.应用mypkan继续

10. Set project name and get container authentication creds.

10.设置项目名称并获取容器身份验证凭据。

Deploying Redis cluster to GKE

将Redis集群部署到GKE

11. Redis Master config:

11. Redis Master配置：

apiVersion: apps/v1 #  for k8s versions before 1.9.0 use apps/v1beta2  and before 1.8.0 use extensions/v1beta1
kind: Deployment
metadata:
  name: redis-master
spec:
  selector:
    matchLabels:
      app: redis
      role: master
      tier: backend
  replicas: 1
  template:
    metadata:
      labels:
        app: redis
        role: master
        tier: backend
    spec:
      containers:
      - name: master
        image: k8s.gcr.io/redis:e2e  # or just image: redis
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
        ports:
        - containerPort: 6379

12. Deploy redis master to GKE

12.将redis master部署到GKE

13. Create Redis Master service

13.创建Redis Master服务

Config file:

配置文件：

apiVersion: v1
 kind: Service
 metadata:
   name: redis-master
   labels:
     app: redis
     role: master
     tier: backend
 spec:
   type: LoadBalancer
   ports:
   - port: 6379
     targetPort: 6379
   selector:
     app: redis
     role: master
     tier: backend

14. Redis Slave config:

14. Redis Slave配置：

apiVersion: apps/v1 #  for k8s versions before 1.9.0 use apps/v1beta2  and before 1.8.0 use extensions/v1beta1
kind: Deployment
metadata:
  name: redis-slave
spec:
  selector:
    matchLabels:
      app: redis
      role: slave
      tier: backend
  replicas: 2
  template:
    metadata:
      labels:
        app: redis
        role: slave
        tier: backend
    spec:
      containers:
      - name: slave
        image: gcr.io/google_samples/gb-redisslave:v1
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
        env:
        - name: GET_HOSTS_FROM
          value: dns
          # If your cluster config does not include a dns service, then to
          # instead access an environment variable to find the master
          # service's host, comment out the 'value: dns' line above, and
          # uncomment the line below:
          # value: env
        ports:
        - containerPort: 6379

Deploy slave pods and service

部署从属Pod和服务

Deploying WebApp container to GKE

将WebApp容器部署到GKE

1. Dockerfile (webApp)
   Dockerfile(webApp)

FROM python:3.8.3
 LABEL maintainer="Sudheer Kondla, skondla@me.com"
 #RUN apt-get -y install python3-pip
 RUN mkdir /app
 WORKDIR /app
 COPY . /app
 RUN groupadd -r app &&\
     useradd -r -g app -d /home/app -s /sbin/nologin -c "Docker image user" app
 #RUN pip3 install --upgrade setuptools pip
 RUN apt-get update
 RUN apt-get install -y libzmq3-dev python3-pip
 RUN apt-get clean && rm -rf /var/lib/apt/lists/*
 RUN pip3 install --upgrade pip
 RUN pip3 install -r requirements.txt
 #RUN cp lib/rdsAdmin.py /usr/lib/python3.4
 RUN cp lib/rdsAdmin.py /usr/local/lib/python3.8
 #RUN apt-get install -y apt-utils && apt-get install -y curl
 RUN apt-get -y install curl
 RUN chmod +x dbWebAPI.sh
 RUN chown -R app:app /app
 USER app
 EXPOSE 50443
 ENTRYPOINT [ "/bin/bash" ]
 CMD [ "dbWebAPI.sh" ]

2. Create docker tag, and push it to Google Cloud Registry (GCR).

2.创建docker标签，并将其推送到Google Cloud Registry(GCR)。

3. WebApp deployment

3. WebApp部署

pod declaration :

吊舱声明：

---
apiVersion: "apps/v1"
kind: "Deployment"
metadata:
  name: "dbwebapi"
  namespace: "default"
  labels:
    app: "dbwebapi"
spec:
  replicas: 3
  selector:
    matchLabels:
      app: "dbwebapi"
  template:
    metadata:
      labels:
        app: "dbwebapi"
    spec:
      containers:
      - name: "dbwebapi-sha256-1"
        image: "gcr.io/project-name-123456/dbwebapi@sha256:e86321a26fc6393a4b20e6ace38fb3f95d1edebf92e7684d2eaa80aa0b2032c5"
---
apiVersion: "autoscaling/v2beta1"
kind: "HorizontalPodAutoscaler"
metadata:
  name: "dbwebapi-hpa-e1lc"
  namespace: "default"
  labels:
    app: "dbwebapi"
spec:
  scaleTargetRef:
    kind: "Deployment"
    name: "dbwebapi"
    apiVersion: "apps/v1"
  minReplicas: 1
  maxReplicas: 5
  metrics:
  - type: "Resource"
    resource:
      name: "cpu"
      targetAverageUtilization: 80

service declaration:

服务声明：

---
apiVersion: "v1"
kind: "Service"
metadata:
  name: "dbwebapi-service"
  namespace: "default"
  labels:
    app: "dbwebapi"
spec:
  ports:
  - protocol: "TCP"
    port: 25443
  selector:
    app: "dbwebapi"
  type: "LoadBalancer"
  loadBalancerIP: ""

Testing Redis connection

测试Redis连接

Testing Python WebApp

测试Python WebApp

Automate this into CI/CD pipelines or manually schedule

将其自动化到CI / CD管道中或手动调度

if [ $# -lt 1 ];
 then
     echo "USAGE: bash $0 [dbEndpoint"]
     exit 1
 fi
 

 dbEndpoint=${1}
 outfile=$dbEndpoint|cut -f1 -d'.'
 cd /home/admin/jobs/new
 /usr/bin/curl -k https://35.185.32.145:25443/backup/create \
  --data "endpoint=${dbEndpoint}"; \
  echo

Check pod logs

检查吊舱日志

Troubleshooting Kube service

对Kube服务进行故障排除