Similar to what we did before, these are the steps we need to perform before successfully deploying to our new cluster:
- Create our docker image that will use our MySQL instance.
- Create credentials to access the instance.
- Create the configuration for our service.
- Deploy it.
First, notice the pencil icon in the top-right corner of the console. It's an online editor we can use to create the files we need:
Click on it. It should open a new tab with an empty editor. This represents the root folder of the console you have on the bottom:
Let's start by creating our package.json file. Go to File and click New, and then File. Type package.json and insert our dependencies. Remember, we're using MySQL this time:
Then, create our service file. We're not using a settings.json file; we're going to use credentials passed to the container using an environment variable:
Then, create the Dockerfile for our service:
You can see on the bottom console that we're creating the files in the root folder. We're now going to use the console to create our container image. Type the following command:
docker build . -t gcr.io/imagini-205120/imagini
We're using a more composed name because we're publishing to the Google Container Registry (GCR), and so it's good practice to use the project ID (as I did) and then the name of the service:
Then, let's push it to the registry using the following command:
gcloud docker -- push gcr.io/imagini-205120/imagini
If everything goes right, you should see a list of layers of the image being pushed (published to the registry) and, in the end, a digest and the size of the image, as shown here:
You may notice that I closed the editor between commands. You can use any console, and can even have more than one open.
We now need to create the credentials. We're not going to have passwords on text files. We're going to use an SQL proxy, and we'll expose credentials when the containers are executed, using an environment variable.
First, close the console and click the Connect button that is located on the right-hand side of the cluster name:
Click Run in Cloud Shell. This will reopen the console, but will type in the command to connect to our cluster:
Just hit the Enter key in order to have access to the cluster:
Then, we'll use the gcloud command to create the proxy user account that will be used by the SQL proxy to access our Cloud SQL instance:
Now, type the following command:
gcloud sql instances describe imagini
Scroll up the console log until you see a line that starts with connectionName:. Take a look at the following screenshot and note the highlighted text in the console.
Copy the name down and save it for later. We'll need it when we create our deployment configuration.
Now, let's create a service account that is able to access our Cloud SQL instance. Head to IAM & admin and click Service accounts:
Create a service account with the Cloud SQL Client role, and check Furnish a new private key:
After hitting Create, the account will be created and a JSON file will be given to you to save in your local disk. Head back to the cluster, open the console, and then click to open the editor again.
You'll notice that there's a menu with several options in the top-right corner, one of which is Upload file:
Pick the JSON file you just saved and upload it using that option:
Now, let's use the console to create the instance secret using that credentials file. Use the following command (change the name to your JSON file):
kubectl create secret generic cloudsql-instance-credentials --from-file=credentials.json=imagini-4a6b2258e0b2.json
The following screenshot shows the result of the preceding command executed in the console. You should see something like secret "cloudsql-instance-credentials" created.
Now, let's create the database credentials secret:
kubectl create secret generic cloudsql-db-credentials --from-literal=username=proxyuser --from-literal=password=root
The following screenshot shows the result of the preceding command executed in the console. You should see something like secret "cloudsql-db-credentials" created.
We now have everything ready to deploy our service. This is the configuration we'll be using:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: imagini-frontend
labels:
app: imagini
spec:
replicas: 3
template:
metadata:
labels:
app: imagini
tier: frontend
spec:
containers:
- name: imagini-app
image: gcr.io/imagini-205120/imagini
imagePullPolicy: Always
ports:
- name: http-server
containerPort: 3000
env:
- name: DB_USER
valueFrom:
secretKeyRef:
name: cloudsql-db-credentials
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: cloudsql-db-credentials
key: password
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.11
command: ["/cloud_sql_proxy",
"-instances=imagini-205120:europe-
west1:imagini=tcp:3306",
"-credential_file=/secrets/cloudsql/credentials.json"]
volumeMounts:
- name: cloudsql-instance-credentials
mountPath: /secrets/cloudsql
readOnly: true
volumes:
- name: cloudsql-instance-credentials
secret:
secretName: cloudsql-instance-credentials
Summing up, we're defining the following:
- The service name and same meta information
- The number of replicas we want
- The service, using our container image that we published earlier
- Two environment variables, based on the secrets we created earlier
- The SQL proxy that will enable our service to securely connect to our Cloud SQL
The secrets ensure that we have no confidential information spread on clear text files. Notice the instance name there. Replace it with the instance in connectionName that we saw before.
-instances=INSTANCE_ID=tcp:3306