GKE (GCP) - Google Kubernetes Engine
Tổng quan
Google Kubernetes Engine là managed Kubernetes service trên Google Cloud Platform.
Cluster Creation
# Create GKE cluster
gcloud container clusters create my-cluster \
--zone us-central1-a \
--num-nodes 3 \
--enable-autoscaling \
--min-nodes 1 \
--max-nodes 10 \
--enable-autorepair \
--enable-autoupgrade
Creating GKE Cluster with Java (Google Cloud Client Libraries)
Bạn có thể tạo và quản lý các cluster GKE bằng Java sử dụng Google Cloud Client Libraries.
import com.google.api.services.container.v1beta1.model.Cluster;
import com.google.api.services.container.v1beta1.model.CreateClusterRequest;
import com.google.api.services.container.v1beta1.model.NodePool;
import com.google.api.services.container.v1beta1.model.NodeConfig;
import com.google.api.services.container.v1beta1.Container;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.ServiceAccountCredentials;
import com.google.common.collect.Lists;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Collections;
public class GkeClusterCreator {
private static final String PROJECT_ID = "your-gcp-project-id";
private static final String ZONE = "us-central1-a";
private static final String CLUSTER_NAME = "my-java-gke-cluster";
private static final String SERVICE_ACCOUNT_KEY_PATH = "/path/to/your/service-account-key.json";
public static void main(String[] args) {
try {
GoogleCredentials credentials = GoogleCredentials.fromStream(new FileInputStream(SERVICE_ACCOUNT_KEY_PATH))
.createScoped(Lists.newArrayList("https://www.googleapis.com/auth/cloud-platform"));
Container containerService = new Container.Builder(
com.google.api.client.http.javanet.NetHttpTransport.newTrustedInstance(),
com.google.api.client.json.jackson2.JacksonFactory.getDefaultInstance(),
new com.google.api.client.http.HttpRequestInitializer() {
@Override
public void initialize(com.google.api.client.http.HttpRequest request) throws IOException {
credentials.initialize(request);
}
})
.setApplicationName("GKE-Java-Creator").build();
NodeConfig nodeConfig = new NodeConfig()
.setMachineType("e2-medium")
.setDiskSizeGb(100)
.setImageType("COS_CONTAINERD");
NodePool nodePool = new NodePool()
.setName("default-pool")
.setInitialNodeCount(1)
.setConfig(nodeConfig);
Cluster cluster = new Cluster()
.setName(CLUSTER_NAME)
.setLocation(ZONE)
.setInitialNodeCount(1)
.setNodePools(Collections.singletonList(nodePool))
.setEnableAutoscaling(true)
.setAutoscaling(new com.google.api.services.container.v1beta1.model.ClusterAutoscaling()
.setEnableNodeAutoscaling(true)
.setResourceLimits(Collections.singletonList(
new com.google.api.services.container.v1beta1.model.ResourceLimit()
.setResourceType("cpu")
.setMaximum(10)
.setMinimum(1)
))
);
CreateClusterRequest createClusterRequest = new CreateClusterRequest().setCluster(cluster);
System.out.println("Creating GKE cluster: " + CLUSTER_NAME);
containerService.projects().zones().clusters().create(PROJECT_ID, ZONE, createClusterRequest).execute();
System.out.println("GKE cluster creation initiated.");
} catch (IOException e) {
System.err.println("Error creating GKE cluster: " + e.getMessage());
e.printStackTrace();
}
}
}
Node Pools
# Create node pool
gcloud container node-pools create spot-pool \
--cluster my-cluster \
--zone us-central1-a \
--spot \
--num-nodes 2
Autopilot Mode
# Create Autopilot cluster
gcloud container clusters create-auto my-autopilot-cluster \
--region us-central1
Networking
# Private cluster configuration
apiVersion: container.cnrm.cloud.google.com/v1beta1
kind: ContainerCluster
metadata:
name: private-cluster
spec:
location: us-central1
privateClusterConfig:
enablePrivateNodes: true
enablePrivateEndpoint: false
masterIpv4CidrBlock: "172.16.0.0/28"
Storage
# Persistent Disk storage class
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fast-ssd
provisioner: kubernetes.io/gce-pd
parameters:
type: pd-ssd
zones: us-central1-a,us-central1-b
Security
# Binary Authorization policy
apiVersion: v1
kind: ConfigMap
metadata:
name: binauth-policy
data:
policy.yaml: |
defaultAdmissionRule:
requireAttestationsBy:
- projects/PROJECT_ID/attestors/prod-attestor
enforcementMode: ENFORCED_BLOCK_AND_AUDIT_LOG
Monitoring
# Enable monitoring và logging
gcloud container clusters update my-cluster \
--enable-cloud-logging \
--enable-cloud-monitoring \
--zone us-central1-a
Best Practices
- Use Autopilot cho simplified management
- Enable Binary Authorization
- Use Workload Identity
- Implement proper resource quotas
- Regular cluster upgrades
Nội dung đã được mở rộng với detailed GKE configurations, cùng các ví dụ Java.