Displaying 1 to 20 from 44 results

vault-on-gke - Run @HashiCorp Vault on Google Kubernetes Engine (GKE) with Terraform

  •    HCL

This tutorial walks through provisioning a highly-available HashiCorp Vault cluster on Google Kubernetes Engine using HashiCorp Terraform as the provisioning tool. This tutorial is based on Kelsey Hightower's Vault on Google Kubernetes Engine, but focuses on codifying the steps in Terraform instead of teaching you them individually. If you would like to know how to provision HashiCorp Vault on Kuberenetes step-by-step (aka "the hard way"), please follow Kelsey's repository instead.

Okteto - A Tool for Cloud Native Developers

  •    Go

Kubernetes has made it very easy to deploy applications to the cloud at a higher scale than ever, but the development practices have not evolved at the same speed as application deployment patterns. Today, most developers try to either run parts of the infrastructure locally, or just test these integrations directly in the cluster via CI jobs or the "docker build, docker push, kubectl apply" cycle. It works, but this workflow is painful and incredibly slow.

kubernetes - Micro on Kubernetes

  •    Go

Services make use of the kubernetes registry plugin so there's zero external dependency for service discovery.Here's the steps I took to get started.




drone-gke - Drone plugin to deploy containers to Google Container Engine

  •    Go

Drone plugin to deploy container images to Kubernetes on Google Container Engine. For the usage information and a listing of the available options please take a look at the docs.This is a little simpler than deploying straight to Kubernetes, because the API endpoints and credentials can be derived using the Google credentials. In addition, this opens the yaml file to templatization and customization with each Drone build.

atlantis-on-gke - A set of @HashiCorp Terraform configurations for running Atlantis on @GoogleCloud GKE

  •    HCL

These Terraform configurations provision an Atlantis cluster on Google Kubernetes Engine using HashiCorp Terraform as the provisioning tool. Google Cloud Storage Backend - Automatically creates a GSC storage bucket for use with Terraform.

winston-gke - Winston logger decorator for use with Google Container Engine's fluentd-cloud-logging-gke container

  •    Javascript

Google Container Engine makes it really easy to get your logs from stdout to Google Cloud Logging, but Winston's Console transport doesn't play nice by default. Pass any logger instance to winston-gke and it will configure things for you.

gke-application-security-demo - This project demonstrates a series of best practices for improving the security of containerized applications deployed to Kubernetes Engine

  •    HCL

This guide demonstrates a series of best practices that will allow the user to improve the security of their containerized applications deployed to Kubernetes Engine. The principle of least privilege is widely recognized as an important design consideration in enhancing the protection of critical systems from faults and malicious behavior. It suggests that every component must be able to access only the information and resources that are necessary for its legitimate purpose. This guide will go about showing the user how to improve a container's security by providing a systematic approach to effectively remove unnecessary privileges.


gke-istio-gce-demo - In this project, you will leverage Kubernetes Engine and Google Compute Engine to explore how Istio can manage services that reside outside of the Kubernetes Engine environment

  •    Shell

In this demo, we leverage Google Kubernetes Engine (Kubernetes Engine) and Google Compute Engine (GCE) to learn more about how Istio can manage services that reside in the network outside of the Kubernetes Engine environment. This demo uses Kubernetes Engine to construct a typical Istio infrastructure and then setup a GCE instance running a MySQL microservice that will be integrated into the Istio infrastructure. We will use the sample BookInfo application and extend it by using the MySQL microservice to house book reviewer ratings. The demo serves as a learning tool and addresses the use case of users who want to leverage Istio to manage other services in their Google Cloud Platform (GCP) environment that may not be ready for migration to Kubernetes Engine just yet. Istio has two main pieces that create the service mesh: the control plane and the data plane.

gke-istio-shared - This is the shared project for two Kubernetes Engine demos

  •    Shell

This repository contains files shared by several Istio demos for Kubernetes Engine. This project demonstrates how to use an Istio service mesh in a single Kubernetes Engine cluster alongside Prometheus, Jaeger, and Grafana, to monitor cluster and workload performance metrics. You will first deploy the Istio control plane, data plane, and additional visibility tools using the provided scripts, then explore the collected metrics and trace data in Grafana.

gke-istio-telemetry-demo - This project demonstrates how to use an Istio service mesh in a single Kubernetes Engine cluster alongside Prometheus, Jaeger, and Grafana, to monitor cluster and workload performance metrics

  •    Shell

Istio is part of a new category of products known as "service mesh" software designed to manage the complexity of service resilience in a microservice infrastructure; it defines itself as a service management framework built to keep business logic separate from the logic to keep your services up and running. In other words, it provides a layer on top of the network that will automatically route traffic to the appropriate services, handle circuit breaker logic, enforce access and load balancing policies, and generate telemetry data to gain insight into the network and allow for quick diagnosis of issues. For more information on Istio, please refer to the Istio documentation. Some familiarity with Istio is assumed.

gke-istio-vpn-demo - This project demonstrates how Istio's mesh expansion feature can be used to link services accross a VPN

  •    Shell

Istio is part of a new category of products known as "service mesh" software designed to manage the complexity of service resilience in a microservice infrastructure; it defines itself as a service management framework built to keep business logic separate from the logic to keep your services up and running. In other words, it provides a layer on top of the network that will automatically route traffic to the appropriate services, handle circuit breaker logic, enforce access and load balancing policies, and generate telemetry data to gain insight into the network and allow for quick diagnosis of issues. For more information on Istio, please refer to the Istio documentation.

gke-logging-sinks-demo - This project describes the steps required to deploy a sample application to Kubernetes Engine that forwards log events to Stackdriver Logging

  •    Python

This document will describe the steps required to deploy a sample application to Kubernetes Engine that forwards log events to Stackdriver Logging. It makes use of Terraform, a declarative Infrastructure as Code tool that enables configuration files to be used to automate the deployment and evolution of infrastructure in the cloud. The configuration will also create a Cloud Storage bucket and a BigQuery dataset for exporting log data to. The Terraform configurations are going to build a Kubernetes Engine cluster that will generate logs and metrics that can be ingested by Stackdriver. The scripts will also build out Logging Export Sinks for Cloud Storage, BigQuery, and Cloud Pub/Sub. The diagram of how this will look along with the data flow can be seen in the following graphic.

gke-monitoring-tutorial - This project walks you through setting up monitoring and visualizing metrics from a Kubernetes Engine cluster

  •    Python

Stackdriver Monitoring is used to visualize the performance, uptime, and overall health of your applications. The Stackdriver Monitoring console allows you to visualize data across all projects in GCP in a single interface. This tutorial will walk you through setting up Monitoring and visualizing metrics from a Kubernetes Engine cluster. It makes use of Terraform, a declarative Infrastructure as Code tool that enables configuration files to be used to automate the deployment and evolution of infrastructure in the cloud. The logs from the Kubernetes Engine cluster will be leveraged to walk through the monitoring capabilities of Stackdriver.

gke-network-policy-demo - This guide demonstrates how to improve the security of your Kubernetes Engine by applying fine-grained restrictions to network communication

  •    Shell

This guide demonstrates how to improve the security of your Kubernetes Engine by applying fine-grained restrictions to network communication. The Principle of Least Privilege is widely recognized as an important design consideration in enhancing the protection of critical systems from faults and malicious behavior (https://en.wikipedia.org/wiki/Principle_of_least_privilege). It suggests that every component must be able to access only the information and resources that are necessary for its legitimate purpose. This document demonstrates how the Principle of Least Privilege can be implemented within the Kubernetes Engine network layer.

gke-networking-demos - This project presents a number of best practices for establishing network links between Kubernetes Engine clusters, and exposing cluster services across Google Cloud projects

  •    Shell

Google cloud networking with Kubernetes Engine clusters can be complex. Assigning optimal CIDR ranges for the relevant VPC subnets and the Kubernetes Engine clusters' reserved IP ranges from the start is very important since VPC subnets are not always easy to resize and the cluster's reserved IP ranges are immutable. Using the correct method to expose the applications in the cluster is important as every method was designed for a different set of use cases. OSX, Linux and using Google Cloud Console are supported.

gke-rbac-demo - This project covers two use cases for RBAC within a Kubernetes Engine cluster

  •    HCL

This tutorial covers the usage and debugging of role-based access control (RBAC) in a Kubernetes Engine cluster. While RBAC resource definitions are standard across all Kubernetes platforms. Their interaction with underlying authentication and authorization providers need to be understood when building on any cloud provider.

gke-rolling-updates-demo - This project demonstrates a different upgrade procedures best suited for clusters containing stateless and stateful workloads

  •    Shell

Kubernetes Engine is a managed service that provides fully automated upgrades to keep clusters up to date with the latest Kubernetes versions and features. This managed service includes the control plane - API Server, Workload Controllers, and etcd storage back-end - at no cost to the user. Worker nodes are organized in "Node Pools" which can take automated or manual version upgrades. When you choose manual upgrades of Node Pools, you have several choices for upgrade methodologies. This repository illustrates three different upgrade strategies, discusses their trade-offs, and provides demos of each.

gke-security-scenarios-demo - This project demonstrates a series of best practices for improving the security of containerized applications deployed to Kubernetes Engine

  •    HCL

This tutorial demonstrates how Kubernetes Engine security features can be used to grant varying levels of privilege to applications, based on their particular requirements. Creates an nginx deployment whose pods have their host-level access restricted by an AppArmor profile and whose network connectivity is restricted by a NetworkPolicy.

gke-stateful-applications-demo - This project installs an Apache Cassandra database into a Kubernetes Engine cluster

  •    Shell

This proof of concept deploys a Kubernetes Engine Cluster and then installs an Apache Cassandra database running on that cluster. Various scripts are contained within this project that provide push button creation, validation, and deletion of the Cassandra(C*) database and Kubernetes Engine cluster.