Skip to content

GKE

Goals

  • Deploy Containerised applications as pain free as possible
  • Abstract away as much from the developer as we can
  • Troubleshoot any issues
  • Ensure security best practices are followed

Technology used

Terraform Bitbucket Kubernetes Confluence Jira Helm Google Cloud

Project Breakdown

We're a somewhat new team who are getting more and more cloud native by the day. We had just deployed our first application in to GKE, but it was developed by an external contractor.

But this gave me a real insight in to just how cool GKE (and Kubernetes) is.

I knew we had to use it for more applications as it allows the developers to use stuff like GCS buckets, scale their workloads based on custom metrics and loads of other things.

I needed to build a Proof of Concept and then a production cluster

What I did?

I personally was responsible for:

  • Designing the cluster
    • IP Space
    • VPC native
    • Secure access
  • Planning the work and deadlines
  • Writing the terraform for the cluster
  • Building supporting helm charts

Issues I had to overcome

  • VPC native clusters have some ~quirks~
  • How to give multiple people access to the API (Note I am looking at Argo now!)
  • Training people

VPC native cluster

VPC Native clusters are very cool, alot better security, but they have some quirks like:

  • Accessing the API requires more effort now
  • Network access means you need a NAT gateway

I wrote all of this in to the terraform module.

A note about that module is I don't think it's actually really worthwhile using a module, best to use terragrunt, so we can easily view the code where it's being run and use some cool features of terragrunt to allow us to swap vars etc

Training people

As with anything new, people need to learn it.

I put together a full day course for my colleagues.

First half of they day was the boring stuff (Theoretical knowledge) like how a pod works, what's the kube-api, what is a kubelet so on and so forth.

Second half of the day was the best part.

I put together a CTF using CTFD and then wrote a helm chart to host it.

I gave people access to the cluster and in their own namespace they had access to pods, services, ingress and a small mkdocs site I built that shows them how to do certain things, and an application to pull apart, and then fix it.

We ran the CTF with some questions I created (I can find these at a later date)