Go hybrid with Anthos (GKE)

Go hybrid with Anthos (GKE)

16 September 2020

Anthos

  • Anthos is a multi cloud and hybrid platform.
  • Built on the top of Kubernetes, Istio, and Knative.

Core components

Anthos GKE:

  • It is a Kubernetes cluster present on the cloud environment and on premises.
  • For on prem it is GKE On-Prem (1.0).
  • Generally used for storage and CICD solutions.
  • Supports Stackdriver components for monitoring and Logging.
  • Following features of Kubernetes are supported in Anthos GKE.
    • Management of the node pools.
    • Node Auto-repair.
    • Scaling.
    • Automatic upgrades.
    • Support in Alpha and Beta versions.

Go_Hybrid_with_Anthos_01

Anthos Config Management:

  • Common configuration point for your hybrid workloads.
  • It reads the configuration from Git the git repository.
  • Cluster objects are stored in a cluster/ directory.
  • Namespace objects are stored in a Namespace/ directory.
  • System objects are stored in a system/ directory.
  • Sample config for the namespace in the production environment.
    apiVersion: v1 kind: Namespace metadata: name: shipping-prod labels: env: prod annotations: audit: "true"

Anthos Service Mesh:

  • It is an Istio-compatible framework.
  • It connects on prem services with the cloud GKE.
  • Pre integrated stackdriver.
  • Provide an extra layer of security with TLS.

Setting up Anthos:

  • Clone the repo.
    git clone https://github.com/GoogleCloudPlatform/anthos-workshop.git anthos-workshop cd anthos-workshop source ./env ./bootstrap-workshop.sh
  • Review the cluster in Kubernetes Engine→ Clusters in GCP Console.
  • Set up the remote cluster.
    kubectx remote

    Assign the gkehub.connect Cloud IAM role to the anthos-connect service account.

    export PROJECT=$(gcloud config get-value project) export GKE_CONNECT_SA=$PROJECT export GKE_SA_CREDS=$WORK_DIR/$GKE_CONNECT_SA-creds.json gcloud projects add-iam-policy-binding $PROJECT \ --member="serviceAccount:$GKE_CONNECT_SA@$PROJECT.iam.gserviceaccount.com" \ --role="roles/gkehub.connect"
  • Create a private key and download it.
    gcloud iam service-accounts keys create $GKE_SA_CREDS \ --iam-account=$GKE_CONNECT_SA@$PROJECT.iam.gserviceaccount.com \ --project=$PROJECT
  • Register on prem cluster.
    export REMOTE_CLUSTER_NAME_BASE="remote" export REMOTE_CLUSTER_NAME=$REMOTE_CLUSTER_NAME_BASE.k8s.local export REMOTE_KUBECONFIG=$WORK_DIR/remote.context cloud beta container memberships register $REMOTE_CLUSTER_NAME_BASE \ --context=$REMOTE_CLUSTER_NAME \ --service-account-key-file=$GKE_SA_CREDS \ --kubeconfig=$REMOTE_KUBECONFIG \ --project=$PROJECT
  • Create a service account for the remote cluster and use a token from it to login into the remote cluster.
  • Go to Kubernetes Engine > Clusters.
  • Click on the Login button of the remote cluster.
  • Use the auth method as a Token.
  • Paste the Token generated from the service account.
  • Now the remote cluster has been set up.

Go_Hybrid_with_Anthos_02

Go_Hybrid_with_Anthos_03

Apply the Config:

export REMOTE=remote export CENTRAL=central REPO_URL=ssh://${GCLOUD_ACCOUNT}@source.developers.google.com:2022/p/${PROJECT}/r/config-repo kubectx $REMOTE # Replace variables and stream results to kubectl apply cat $BASE_DIR/config-management/config_sync.yaml | \ sed 's|<REPO_URL>|'"$REPO_URL"'|g' | \ sed 's|<CLUSTER_NAME>|'"$REMOTE"'|g' | \ sed 's|none|ssh|g' | \ kubectl apply -f - kubectx $CENTRAL cat $BASE_DIR/config-management/config_sync.yaml | \ sed 's|<REPO_URL>|'"$REPO_URL"'|g' | \ sed 's|<CLUSTER_NAME>|'"$CENTRAL"'|g' | \ sed 's|none|ssh|g' | \ kubectl apply -f - 

Push the Config:

mkdir namespaces/checkout cat <<EOF > namespaces/checkout/namespace.yaml apiVersion: v1 kind: Namespace metadata: name: checkout EOF export EMAIL=$(gcloud config get-value account) git config --global user.email "$EMAIL" git config --global user.name "$USER" git add . && git commit -m 'adding checkout namespace' git push origin master 

Conclusion:

Hybrid or even Multi Cloud will soon be reality for many organizations. A strong hybrid cloud solution is needed to realize the advantages of the public cloud and to keep the (operating) effort and costs within reasonable limits.

Request a quote