NGINX Kubernetes Ingress Controller | Google Kubernetes Engine (GKE)¶
Let’s introduce some acronyms. This solution will use Google Kubernetes Engine (GKE), the managed Kubernetes (k8s) service in Google Cloud Platform (GCP), to host an example modern application deployed behind NGINX+ Kubernetes Ingress Controller (KIC).
GKE = Google Kubernetes Engine
k8s = Kubernetes
GCP = Google Cloud Platform
KIC = Kubernetes Ingress Controller
Before we begin…¶
You don’t need any prior knowledge of, or experience with, GKE. Our goal is to stand up a Kubernetes environment quickly using GKE, so that we can have more time to focus on NGINX+ as KIC.
gcloud is the command line interface for Google Cloud Services. This tool is akin to the aws
or az
command line tools for AWS and Azure.
Visual Studio Code is a code editor with support for development operations like debugging, task running, and version control.
We’ll create the prerequisite environment with gcloud
:
An Artifact Registry to store our NGINX Plus Docker image
A GKE cluster to host our modern application
You’ll also need an NGINX Plus license certificate (nginx-repo.crt
) and key (nginx-repo.key
) which grants access to the NGINX Plus private repo.
VSCode is our preferred IDE. This allows an editor and terminal within a single pane, open VSCode, and a new Terminal. If you are in the UDF environment, you can access VSCode through the coder access method on the ubuntuHost resource. Also, see F5 UDF Environment Access.
Example:
F5 Digital Customer Engagement Center (DCEC)¶
Clone the DCEC repo. We’ll use this later to deploy an example modern application.
git clone -b 'v1.1.0' --single-branch https://github.com/f5devcentral/f5-digital-customer-engagement-center
Google Cloud Platform¶
Let’s confirm you can login to your GCP account and that the prerequisite API permissions have been enabled.
In your browser, navigate to: https://console.cloud.google.com/
Login with your username and password or register for a new account.
From the GCP console, in the search box at the top, look for Artifact Registry API. Confirm the Artifact Registry API is enabled.
From the GCP console, in the search box at the top, look for Google Kubernetes Engine API. Confirm the Google Kubernetes Engine API is enabled.
Let’s confirm you can create GCP resources via the command line with
gcloud
.Copy and paste in to your VS Code terminal.
gcloud init
Confirm Yes when prompted: “You must log in to continue. Would you like to log in (Y/n)? Y”
Follow the authentication link to authenticate.
If your account has more than one cloud project, you will have to chose one.
Confirm Yes when prompted: “Do you want to configure a default Compute Region and Zone? (Y/n)? Y”
Use the zone (and implied region) geographically closest to you. The lab will work in all regions. Our lab will use us-east4-a which is in North Virginia, United States.
Confirm
gcloud
works:gcloud config list gcloud config get-value project gcloud compute instances list
Create an Artifact Registry
From the VS Code terminal, if you are using a shared project environment, in order to avoid naming conflicts, select a unique namespace.
For example, with namespace
marfil
export namespace=marfil printenv | grep namespace
From the VS Code terminal, create an Artifact Registry to store our NGINX+ image.
gcloud artifacts repositories create ${namespace}-my-repo \ --repository-format=docker \ --location=us-east4
When complete, confirm you can authenticate to the registry. The example below is for
us-east4-docker.pkg.dev
.gcloud auth configure-docker us-east4-docker.pkg.dev
From the GCP Console, in the search bar at the top, look for Artifact Registry. Confirm your Artifact Registry Docker repository was created.
From the VS Code terminal, create a VPC-native GKE cluster.
Attention
GKE supported versions are not static. Old versions will be deprecated and new versions added. To get a list of supported GKE versions at the time you run this lab:
gcloud container get-server-config
Create a GKE cluster.
gcloud container clusters create ${namespace}-my-cluster \ --enable-ip-alias \ --create-subnetwork range=/20 \ --cluster-ipv4-cidr=/20 \ --services-ipv4-cidr=/20 \ --region us-east4-a \ --node-locations us-east4-a \ --cluster-version 1.20.8-gke.900 \ --num-nodes 2
From the GCP Console, in the search bar at the top, look for Kubernetes Engine. Click on the refresh icon at the top. Confirm your GKE cluster is being created. This process takes up to five minutes. Your terminal will announce when done.
Note
The GKE cluster should take no more than five minutes to create.
A new VPC was created for our GKE cluster. The VPC has one primary and two secondary subnets:
primary subnet is reserved for nodes
secondary subnet #1 is reserved for the cluster’s pods
secondary subnet #2 is reserved for the cluster’s services
When you create a cluster with
gcloud
, an entry is automatically added to thekubeconfig
in your environment, and the current context changes to that cluster. Once your GKE cluster has been created, confirm you can administer your cluster via thekubectl
client:kubectl get nodes -o wide
If successful, you’ll see a list of your GKE nodes, status, version, and more.
For comprehensive details of the cluster we created:
gcloud container clusters describe ${namespace}-my-cluster
Our Artifact Registry is ready to host our NGINX+ KIC image and our GKE cluster is ready to host our modern application.
Proceed to NGINX Kubernetes Ingress Controller (GKE) | Deployment