Setting up Kubernetes cluster with Kubernetes Engine
You can create a Kubernetes cluster and deploy a web service using Kubernetes Engine.
- Estimated time: 30 minutes
- Recommended operating system: MacOS
- Region: kr-central-2
- Prerequisites
Prework
Crate and manage access keys
The access key, which is the IAM user credential, consists of the access key ID and the secret access key. It is required to issue API authentication tokens.
Please refer to the API preparation document and issue the Access key.
Once the access key creation window is closed, you will not be able to retrieve the information again.
Make sure to copy the information to the clipboard and manage it separately.
Set up a network environment
To set up a computing environment on KakaoCloud, first, a network configuration is required. Refer to Building a Network with NAT Instances in a Multi-AZ to set up the network environment for creating the Kubernetes cluster. This document explains how to create a NAT instance to securely connect to the internet, even in a private subnet. The network settings described in this document are based on the values defined in the Building network using NAT instances in multi-availability zones document.
Deploy example project container image
An example project is used to proceed with the tutorial. Refer to Saving and using images with Container Registry and deploy the container image of the example project to KakaoCloud's container registry.
Step 1. Create a Kubernetes cluster
Kubernetes Engine is a managed Kubernetes service based on VPC. Without the complexity of manual cluster creation and management, you can easily create and manage a Kubernetes cluster. In this step, you will log in to the KakaoCloud console and create the resources needed for service configuration. Here's how to easily create a Kubernetes cluster through the KakaoCloud console:
-
Go to KakaoCloud Console > Kubernetes Engine > Cluster List, and click the [Create cluster] button.
-
Refer to the following to set the cluster information and VPC for creation.
Category Item Settings/Inputs Basic Settings Cluster Name tutorial Kubernetes Version 1.26 Cluster Network Settings VPC tutorial Subnet - main
-{VPC_ID}_sn_1
-{VPC_ID}_sn_2
-{VPC_ID}_sn_6 -
On the cluster list screen, go to [Created cluster] > [Node pool] tab, and click the [Create node pool] button.
-
Refer to the following to create a node pool.
Node Pool Type Instance Type Volume Number of Nodes Virtual Machine m2a.large 50 2
Step 2. Call the Kubernetes API with kubectl
You can call the Kubernetes API by executing commands with kubectl, the Kubernetes command-line tool. All interactions with the cluster are performed by calling the Kubernetes API server located in the control plane through API requests.
Install kubectl
To use kubectl, proceed with the installation based on your environment.
- Mac
- Linux(Ubuntu)
-
Install kubectl using the Homebrew package manager or the
curlcommand.Homebrewbrew install kubectlcurl(Intel)curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl"curl(Apple Silicon)curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/arm64/kubectl" -
Verify the installation by running the following command.
Check versionkubectl version --client
-
Install kubectl using the
curlcommand.curl$curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl" -
Verify the installation by running the following command.
Check version$kubectl version --client
Download and configure kubeconfig file
-
In KakaoCloud Console > Kubernetes Engine, click the [kubectl] button for the created cluster.
-
In the kubectl control settings pop-up for the created Kubernetes cluster, click the [Download kubeconfig file] button to download the kubeconfig file.
-
To configure access to the cluster, edit the
users > user > exec > envfield in the downloaded kubeconfig file (.yaml). Enter the access key ID and secret key in the respective fields.users:
- name: ${cluster name}-admin
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args: null
command: kic-iam-auth
env:
- name: "OS_AUTH_URL"
value: "https://iam.kakaocloud.com/identity/v3"
- name: "OS_AUTH_TYPE"
value: "v3applicationcredential"
- name: "OS_APPLICATION_CREDENTIAL_ID"
value: "${Access key ID}"
- name: "OS_APPLICATION_CREDENTIAL_SECRET"
value: "${Secret access key}"
- name: "OS_REGION_NAME"
value: "kr-central-2" -
By default, kubectl accesses the cluster using the information stored in the
$HOME/.kube/configfile. Copy the configured kubeconfig file to the$HOME/.kube/configpath.mkdir $HOME/.kube
cp ${KUBECONFIG_FILE_PATH} $HOME/.kube/configExample) cp ~/Downloads/kubeconfig-cluster.yaml ~/.kube/config
Download and configure KakaoCloud authentication client
Download the KakaoCloud authentication client, then grant execution permissions to the client. After that, navigate to the directory where the authentication client is located.
sudo chmod +x ${IAM_FILE_PATH}
mv ${IAM_FILE_PATH} /usr/local/bin
| Name | Description |
|---|---|
| IAM_FILE_PATH | The file path of the installed authentication client |
Call Kubernetes API
You can call the Kubernetes API using kubectl. Enter the following command to view the list of nodes created within the cluster.
kubectl get nodes
Step 3. Deploy a service to Kubernetes
-
To
pullimages from a private container registry, authentication is required. Create a Secret key for authentication.Create container registry authentication secretkubectl create secret docker-registry kc-cr-secret \
--docker-server={PROJECT_NAME}.kr-central-2.kcr.dev \
--docker-username={ACCESS_KEY} \
--docker-password={ACCESS_SECRET_KEY}Name Info PROJECT_NAME Project name in the KakaoCloud console ACCESS_KEY Access key ACCESS_SECRET_KEY Secret access key -
Deploy the server for the example project.
Deploy server deploymentcat <<EOF | kubectl create -f-
apiVersion: apps/v1
kind: Deployment
metadata:
name: server-deployment
spec:
replicas: 2
selector:
matchLabels:
app: server
template:
metadata:
labels:
app: server
spec:
containers:
- name: server
image: {PROJECT_NAME}.kr-central-2.kcr.dev/tutorial/kakaocloud-library-server:latest
env:
- name: PROFILE
value: "local"
ports:
- containerPort: 8080
imagePullSecrets:
- name: kc-cr-secret
EOFName Info PROJECT_NAME Project name in the KakaoCloud console -
Deploy the service to access the example project server.
Deploy servicecat <<EOF | kubectl create -f-
apiVersion: v1
kind: Service
metadata:
name: server-service
spec:
type: ClusterIP
selector:
app: server
ports:
- protocol: TCP
port: 8080
targetPort: 8080
EOF -
Deploy the client for the example project.
Deploy clientcat <<EOF | kubectl create -f-
apiVersion: apps/v1
kind: Deployment
metadata:
name: client-deployment
spec:
replicas: 2
selector:
matchLabels:
app: client
template:
metadata:
labels:
app: client
spec:
containers:
- name: client
image: {PROJECT_NAME}.kr-central-2.kcr.dev/tutorial/kakaocloud-library-client:latest
env:
- name: SERVER_ENDPOINT
value: "http://server-service.default.svc.cluster.local:8080"
ports:
- containerPort: 80
imagePullSecrets:
- name: kc-cr-secret
EOFName Info PROJECT_NAME Project name in the KakaoCloud console -
Deploy the service to access the example project client. The service will be created as a LoadBalancer type.
Deploy client servicecat <<EOF | kubectl create -f-
apiVersion: v1
kind: Service
metadata:
name: client-service
spec:
type: LoadBalancer
selector:
app: client
ports:
- protocol: TCP
port: 80
targetPort: 80
EOF
Configure Load Balancer in the console
After deploying the client service of the example project as a LoadBalancer type, you can check that it has been added to the Load Balancer list in the KakaoCloud console.
To enable external access to the service, go to Load Balancer List > [More] icon > Associate public IP.
Step 5. Verify service access
Access the registered Public IP in your browser to verify the service. If connected successfully, you will see the "KakaoCloud Library" service screen.