This blog will cover how to deploy a .NET Core Web Application on Kubernetes in Google Cloud Platform(GCP). Starting from setting up GCP to running the application on web browser.
We will also be covering steps to integrate HTTPS with our web application. But let’s first have a look at what exactly HTTPS is!
You might have come across HTTP while browsing through websites. HTTP is a protocol through which data is passed between web browsers. HTTPS is the secured version of HTTP protocol. ‘S’ in HTTPS stand for “Secure”. The communication which occurs through HTTP is over plain text, which is more susceptible to attacks. Whereas, the communication which occurs through HTTPS is encrypted which helps negate those attacks.
Now, assuming that we have a docker file ready, let’s get started with the steps to deploy a dot net core web application in GCP Kubernetes.
1) Set up GCP
Install gcloud on your system. Open the terminal and go to the path where it is installed. Initialize it using the below command
gcloud init
2) Install kubectl
gcloud components install kubectl
3) Build a docker image
Open the terminal, go to the directory where your docker image is present and build the docker image named hello-world with tag gcr.io/{project_id}/hello-world:v1. You can find your project_id on the Dashboard of your project in GCP console.
docker build -t gcr.io/{project_id}/hello-world:v1
4) Configure docker
Configure docker to authenticate gcloud container registry
gcloud auth configure-docker
5) Push docker image
Push the docker image to container registry
docker push gcr.io/{project_id}/hello-world:v1
The docker image will be visible under Images in Container Registry in GCP console.
6) Set up project-id and compute zone
Set your project-id and compute zone in GCP using below command. Choose compute-zone nearest to you.
gcloud config set project {project_id} gcloud config set compute/zone {compute-zone}
You can find the list of all the compute zones using following command
gcloud compute zones list
7) Create a cluster
Create a cluster and name it hello-world-cluster
gcloud container clusters create hello-world-cluster
8) Deploy the application
Deploy your application in the cluster using a deployment file. You can find a sample deployment file named web-deployment.yaml below.
apiVersion: apps/v1 kind: Deployment metadata: name: hello-world namespace: default labels: app: helloworld spec: replicas: 1 selector: matchLabels: app: helloworld template: metadata: labels: app: helloworld spec: containers: - image: gcr.io/{project-id}/hello-world:v1 imagePullPolicy: IfNotPresent name: hello-world-container ports: - containerPort: 5000 readinessProbe: httpGet: path: /Childhandler port: 5000 initialDelaySeconds: 3 periodSeconds: 3
Here I have exposed my application to port 5000, you can change it according to your requirements.
Furthermore, if you have any child paths; in this case /Childhandler you have to specify it in the readinessProbe section otherwise you can remove that section.
Deploy it using the following command
kubectl apply -f web-deployment.yaml
The deployment named hello-world which is specified inside the metadata name will be visible under “Workloads” in Kubernetes Engine in GCP console.
9) Expose the application
To expose your application, create a service file. A sample service file names web-service.yaml is shown below.
apiVersion: v1 kind: Service metadata: name: hello-world-service labels: app: helloworld namespace: default spec: selector: app: helloworld ports: - port: 80 name: helloworld-tls targetPort: 5000 type: NodePort
Deploy the service file using the following command
kubectl apply -f web-service.yaml
You can see the service named hello-world-service running under “Service and Ingress” in Kubernetes Engine.
Specifying the type NodePort will not expose the web application to it’s IP address. Alternatively, you can also specify type as “LoadBalancer” to directly access the web application using it’s external IP address.
10) Enable HTTPS
In order to use HTTPS, generate a certificate, then create a secret named helloworld-tls using the key and certificate files
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=helloworld.42gears.com"
kubectl create secret helloworld-tls --key tls.key --cert tls.crt
Here, we have created a certificate using openssl and it is a self-signed certificate. But there are some limitations of self-signed certificates which are mentioned below:
- No browsers trust self-signed certificates. That is they won’t show the padlock symbol or HTTPS in front of the domain name in browser.
- They are more prone to Man-in-the -Middle attacks.
- People feel cautious when they come across the warning that the website is not secure which drastically affects the traffic on your website.
So in order to overcome this limitations, we can issue the certificate from a trusted Certificate Authority(CA). CA is a company or organization that issues digital certificates. GoDaddy, Let’s Encrypt, etc., are some CA from where you can issue the digital certificates for your website.
11) Create ingress
Create an ingress file named ingress.yaml and mention the above created secret name inside the tls section’s “secretName”.
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: helloworld -ingress labels: app: helloworld spec: tls: - secretName: helloworld-tls rules: - host: helloworld .42gears.com http: paths: - path: /* backend: serviceName: hello-world-service servicePort: 80
Deploy the ingress using the following command
kubectl apply -f ingress.yaml
You will find the ingress named helloworld-ingress under “Service and Ingress” in Kubernetes Engine after executing the above command.
12) Run the application
To bind the IP address to a DNS, go to the details page of created ingress and find the Load-Balancer IP address. Link that IP address to a DNS; in this tutorial we have used helloworld.42gears.com in the host(DNS) label under rules section of ingress file.
Congratulations for successfully executing the deployment steps!! Now please browse to your specified DNS to see your application running.