Setting up Kubernetes cluster with Kubernetes Engine
You can create a Kubernetes cluster and deploy a web service using Kubernetes Engine.
- Estimated time required: 30 minutes
- User environment
- Recommended OS: MacOS
- Region: kr-central-2
- Prerequisites
Before you start
1. Set up network environment
To set up computing environment in KakaoCloud, you first need to configure network environment. Refer to Building network using NAT instances in multi-availability zones to create network environment for Kubernetes cluster. This document explains how to create NAT instances to securely connect private subnets to the internet. The network settings described in this document are based on the values defined in Building network using NAT instances in multi-availability zones document.
2. Deploy example project container image
This tutorial uses an example project. Refer to Storing and using images with Container Registry to deploy example project’s container image to KakaoCloud Container Registry.
Getting started
Step 1. Create Kubernetes cluster
Kubernetes Engine is VPC-based managed Kubernetes service. It allows you to create and manage Kubernetes clusters easily without the need for complex manual processes. In this step, log in to KakaoCloud Console and create necessary resources for service. Follow these steps to create Kubernetes cluster easily via KakaoCloud Console:
-
Navigate to KakaoCloud Console > Container Pack > Kubernetes Engine > Cluster List and click the [Create cluster] button.
-
Refer to the following information to configure cluster details and VPC settings.
Category Item Configuration/Input Value Basic Settings Cluster Name tutorial Kubernetes Version 1.26 Cluster Network Settings VPC tutorial Subnet - main
-{VPC_ID}_sn_1
-{VPC_ID}_sn_2
-{VPC_ID}_sn_6 -
In the Cluster List screen, click on [Created Cluster] > [Node Pool] tab, then click the [Create Node Pool] button.
-
Refer to the following information to create the node pool.
Node Pool Type Instance Type Volume Node Count Virtual Machine m2a.large 50 2
Step 2. Call Kubernetes API with kubectl
Use kubectl, Kubernetes command-line tool, to execute commands and call Kubernetes API.
All interactions with the cluster are performed by calling Kubernetes API server in control plane.
Install kubectl
To use kubectl, install it first. Perform installation according to your environment.
- Mac
- Linux(Ubuntu)
-
Use Homebrew package manager or the
curlcommand to install kubectl.Homebrewbrew install kubectlcurl(Intel)curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl"curl(Apple Silicon)curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/arm64/kubectl" -
설치가 정상적으로 되었는지 아래 명령어를 통해 확인합니다.
Check versionkubectl version --client
-
Install kubectl using the
curlcommand.Using curl$curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl" -
Verify the installation by running the following command.
Check version$kubectl version --client
Download and configure kubeconfig file
-
Click the [kubectl] button for the cluster created in Kubernetes Engine.
-
Download the kubeconfig file for the created Kubernetes cluster by clicking the [Download kubeconfig file] button in the kubectl control settings popup.
-
To configure access to the cluster, edit the
users > user > exec > envfield in the downloaded kubeconfig file (.yaml). Enter the generated key ID and secret key in the respective fields.users:
- name: ${cluster name}-admin
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args: null
command: kic-iam-auth
env:
- name: "OS_AUTH_URL"
value: "https://iam.kakaocloud.com/identity/v3"
- name: "OS_AUTH_TYPE"
value: "v3applicationcredential"
- name: "OS_APPLICATION_CREDENTIAL_ID"
value: "${Enter access key ID}"
- name: "OS_APPLICATION_CREDENTIAL_SECRET"
value: "${Enter secret access key}"
- name: "OS_REGION_NAME"
value: "kr-central-2" -
By default, kubectl accesses the cluster using the information stored in the
$HOME/.kube/configfile. Copy the configured kubeconfig file to the$HOME/.kube/configpath.mkdir $HOME/.kube
cp ${KUBECONFIG_FILE_PATH} $HOME/.kube/configexample) cp ~/Downloads/kubeconfig-cluster.yaml ~/.kube/config
Download and configure KakaoCloud authentication client
Download the KakaoCloud authentication client, grant execution permissions, and then navigate to the directory where the authentication client is located.
sudo chmod +x ${IAM_FILE_PATH}
mv ${IAM_FILE_PATH} /usr/local/bin
| Name | Description |
|---|---|
| IAM_FILE_PATH | Path to the installed authentication client file |
Call Kubernetes API
You can call the Kubernetes API using kubectl. Enter the following command to view the list of nodes created in the cluster.
kubectl get nodes
Step 3. Deploy a service to Kubernetes
-
Authentication is required to
pullimages from a private Container Registry. Generate a security key for authentication.Create Container Registry authentication secretkubectl create secret docker-registry kc-cr-secret \
--docker-server={PROJECT_NAME}.kr-central-2.kcr.dev \
--docker-username={ACCESS_KEY} \
--docker-password={ACCESS_SECRET_KEY}Name Description PROJECT_NAME Project name in KakaoCloud Console ACCESS_KEY Access key ACCESS_SECRET_KEY Secret access key -
Deploy the server for the example project.
Deploy servercat <<EOF | kubectl create -f-
apiVersion: apps/v1
kind: Deployment
metadata:
name: server-deployment
spec:
replicas: 2
selector:
matchLabels:
app: server
template:
metadata:
labels:
app: server
spec:
containers:
- name: server
image: {PROJECT_NAME}.kr-central-2.kcr.dev/tutorial/kakaocloud-library-server:latest
env:
- name: PROFILE
value: "local"
ports:
- containerPort: 8080
imagePullSecrets:
- name: kc-cr-secret
EOFName Information PROJECT_NAME Project name in KakaoCloud Console where Container Registry was created -
Deploy a service to access the example project server.
Deploy server servicecat <<EOF | kubectl create -f-
apiVersion: v1
kind: Service
metadata:
name: server-service
spec:
type: ClusterIP
selector:
app: server
ports:
- protocol: TCP
port: 8080
targetPort: 8080
EOF -
Deploy the client for the example project.
Deploy client deploymentcat <<EOF | kubectl create -f-
apiVersion: apps/v1
kind: Deployment
metadata:
name: client-deployment
spec:
replicas: 2
selector:
matchLabels:
app: client
template:
metadata:
labels:
app: client
spec:
containers:
- name: client
image: {PROJECT_NAME}.kr-central-2.kcr.dev/tutorial/kakaocloud-library-client:latest
env:
- name: SERVER_ENDPOINT
value: "http://server-service.default.svc.cluster.local:8080"
ports:
- containerPort: 80
imagePullSecrets:
- name: kc-cr-secret
EOFName Information PROJECT_NAME Project name in KakaoCloud Console where Container Registry was created -
Deploy a service to access the example project client. The service is created as a
LoadBalancertype.Deploy client servicecat <<EOF | kubectl create -f-
apiVersion: v1
kind: Service
metadata:
name: client-service
spec:
type: LoadBalancer
selector:
app: client
ports:
- protocol: TCP
port: 80
targetPort: 80
EOF
Step 4. Configure load balancer in console
When deploying the service for the example project client as a LoadBalancer type, you can see it added to the Load Balancer list in KakaoCloud Console's Load Balancer service. Click Load Balancer List > [More] > Associate public IP to enable external access to the service.
Step 5. Verify service access
Access the registered public IP in your browser to verify the service. If successfully connected, you will see the "KakaoCloud Library" service screen.