Production-Ready Microservices on Google Cloud
Containers are becoming a standard way to run and scale microservices across multiple cloud providers. With Kubernetes, the job of deployment, scaling, and management of containerized applications on cloud or on promises is now mainstream and extremely streamlined.To build a production grade environment, however, you need a host of other components like Virtual Private Network (VPN), endpoint management for microservices, load balancer to balance request over various protocols (HTTP, HTTP(s), Web socket), Configuring SSL, Health monitoring of services, Network configuration like Whitelisting of IPs, Network address translation (NAT) for Outbound connections, and ensuring logging at various entry points in your application.In this book, we will go through the steps to create a production ready environment on Google cloud for deploying microservices.The book assumes you are familiar with Kubernetes and Google cloud. The book introduces some of the concepts briefly while setting up the production environment and deploying the solution.We would be deploying a set of micro services (as containers) on Google Kubernetes Cluster. We would use Google Endpoints for API management and deploy the google endpoint container along with our microservices container. We would further create an Ingress Controller (of type Load Balancer) and expose our application microservices over HTTPS. All incoming HTTPS requests would go to a Load balancer, which would direct them to one of the nodes in the Kubernetes Cluster. In the nodes, the requests would first go to Google endpoint (which would validate the endpoint key and logs all endpoint request) and then to the respective microservice endpoints.There are additional requirements on ensuring only authorized IPs access our microservices. We will learn how to whitelist the IPs using two approaches - Google Cloud Armor and Nginx Ingress Controller (instead of the default Google Ingress Controller).Similarly, for outbound connections, we would be connecting to third-party services. The third-party services employ similar IP whitelisting requirements, and we'll need to provide our set of outbound IPs that would connect to these third-party services. For this requirement, we would be use Google Cloud NAT to provide our private Google Kubernetes Engine (GKE) clusters the ability to connect to the Internet, as well as Static outbound IPs that we can configure and provide to third-party services to whitelist on their servers.