Google Cloud Associate Certified Engineer — 100daysoflearning (Part 10)
Day 83–84
In continuation to the course for Google Cloud Associate Certified engineer lets move on with next set of learning topics.
In my previous post I discussed about enabling google cloud API’s via Google cloud SDK which was installed locally, creating a VCN and its components, Public/private bucket, Pubsub topic, Bigtable and Bigquery. Next on the list is to create a service account , Kubernetes cluster and deploy the application. Just for reminder I will be using the GitHub repository (same as in previous post).
Service Account Creation :
Official definition : A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren’t directly involved. A service account can have zero or more pairs of service account keys, which are used to authenticate to Google.
So Service account is account for your application , its not a user account and it can be used by any application or codebase. Suppose you want to have few permissions on bigquery , few on compute etc so go ahead and create service account and then give these permissions to that account and with google managed keys use that in your application to perform the tasks. Lets go ahead and see the service account create script.
As you can see above we are going to create a service account using a simple gcloud command , next we are getting only the email out from the service account created and last four commands are for binding the IAM policy to the service account created. After that we are storing the keys for this account and will refer this keys to authenticate our programs to interact with the Google cloud.
Kubernetes Cluster Creation :
Above is the command that we will be using to create the cluster. Cluster version can be changed to latest by seeing the Google official Doc, also auto upgrade of nodes to run latest kubernetes version and monitoring has been enabled. Apart from this you can see the docker registry auth set form the Google Cloud registry if you open the full file , yaml files for the deployment creation which kubernetes will read and create a deployment in the cluster.
Lets go ahead and run the complete file which will create the service account , kubernetes cluster.
Application Deployment : Now that the Kubernetes cluster is created I will go ahead and deploy the products application in the kubernetes cluster. In order to do that you will see in the deploy folder under products a file named deploy.sh which looks as follows:
This file will first run the build.sh from build directory.
AS you can see build.sh is used to build the docker image from a Dockerfile present in the directory over there itself. After the build is completed the deploy.sh will run the next set of commands which includes tagging the locally built image, pushing it our google cloud registry, authenticating kubectl , creating a secret for persistent volume and then deploying the yaml files . Lets run the deploy.sh and see all these happening.
As you can see the flow went like :
-creation of docker image from Dockerfile
-Tagging the Docker image to the Google Container Registry
-Pushing the image to Google Container registry using the docker auth set previously
Generating kubeconfig entry
-generating secret
-creating config-map
-deploying the container into pod via kubernetes deployment
-pulling the environment variables from the config map
-pulling the service account
-creating a service for the deployment
You can also test the application using curl and see that the application has been deployed.
So in this article we have seen :
- creation of service account
- creation of kubernetes cluster
- docker image build, tag and push to google container registry
- deployment and service creation of products application
Happy Learning & Happy Coding
Saiyam Pathak
https://www.linkedin.com/in/saiyam-pathak-97685a64/
https://twitter.com/SaiyamPathak
