" Real coders don't blog, or at least not very often! " A.R.

Kubernetes avec Java, Tomcat et CloudSQL - 3eme partie

Cet article fait suite à Kubernetes avec Java, Tomcat et CloudSQL - 2eme partie qu'il est recommandé de lire en premier.

Cette partie est consacrée à la création de la base de donnée sur CloudSQL et à son intégration au projet.


Cloud SQL database


check regions list
$ gcloud compute regions list
NAME CPUS DISKS_GB ADDRESSES RESERVED_ADDRESSES STATUS TURNDOWN_DATE
asia-east1 0/24 0/10240 0/23 0/7 UP
asia-northeast1 0/24 0/10240 0/23 0/7 UP
europe-west1 0/24 0/10240 0/23 0/7 UP
us-central1 0/24 0/10240 0/23 0/7 UP
us-east1 0/24 0/10240 0/23 0/7 UP
us-west1 0/24 0/10240 0/23 0/7 UP

check zones list
$ gcloud compute zones list
NAME REGION STATUS NEXT_MAINTENANCE TURNDOWN_DATE
asia-east1-c asia-east1 UP
asia-east1-a asia-east1 UP
asia-east1-b asia-east1 UP
asia-northeast1-b asia-northeast1 UP
asia-northeast1-c asia-northeast1 UP
asia-northeast1-a asia-northeast1 UP
europe-west1-c europe-west1 UP
europe-west1-d europe-west1 UP
europe-west1-b europe-west1 UP
us-central1-f us-central1 UP
us-central1-c us-central1 UP
us-central1-b us-central1 UP
us-central1-a us-central1 UP
us-east1-d us-east1 UP
us-east1-c us-east1 UP
us-east1-b us-east1 UP
us-west1-a us-west1 UP
us-west1-b us-west1 UP

check SQL available tiers
$ gcloud sql tiers list
TIER AVAILABLE_REGIONS RAM DISK
D0 us-central,europe-west1,asia-east1,us-east1 128 MiB 250 GiB
D1 us-central,europe-west1,asia-east1,us-east1 512 MiB 250 GiB
D2 us-central,europe-west1,asia-east1,us-east1 1 GiB 250 GiB
D4 us-central,europe-west1,asia-east1,us-east1 2 GiB 250 GiB
D8 us-central,europe-west1,asia-east1,us-east1 4 GiB 250 GiB
D16 us-central,europe-west1,asia-east1,us-east1 8 GiB 250 GiB
D32 us-central,europe-west1,asia-east1,us-east1 16 GiB 250 GiB
db-f1-micro asia-east1,asia-northeast1,europe-west1,us-central1,us-east1 614.4 MiB 3.0 TiB
db-g1-small asia-east1,asia-northeast1,europe-west1,us-central1,us-east1 1.7 GiB 3.0 TiB
db-n1-standard-1 asia-east1,asia-northeast1,europe-west1,us-central1,us-east1 3.8 GiB 10.0 TiB
db-n1-standard-2 asia-east1,asia-northeast1,europe-west1,us-central1,us-east1 7.5 GiB 10.0 TiB
db-n1-standard-4 asia-east1,asia-northeast1,europe-west1,us-central1,us-east1 15 GiB 10.0 TiB
db-n1-standard-8 asia-east1,asia-northeast1,europe-west1,us-central1,us-east1 30 GiB 10.0 TiB
db-n1-standard-16 asia-east1,asia-northeast1,europe-west1,us-central1,us-east1 60 GiB 10.0 TiB
db-n1-highmem-2 asia-east1,asia-northeast1,europe-west1,us-central1,us-east1 13 GiB 10.0 TiB
db-n1-highmem-4 asia-east1,asia-northeast1,europe-west1,us-central1,us-east1 26 GiB 10.0 TiB
db-n1-highmem-8 asia-east1,asia-northeast1,europe-west1,us-central1,us-east1 52 GiB 10.0 TiB
db-n1-highmem-16 asia-east1,asia-northeast1,europe-west1,us-central1,us-east1 104 GiB 10.0 TiB

configure Project and Zone environment variable
$ export PROJ="xtrav42kub"
$ export REG="us-central1"
$ export ZONE="us-central1-a"
$ gcloud config set project xtrav42kub

create database type f1-micro with 10GB hdd and failover replica
$ gcloud beta sql instances create testdb --tier db-f1-micro --activation-policy ALWAYS --region $REG --gce-zone $ZONE --storage-type HDD --storage-size 10 --backup-start-time 02:00 --enable-bin-log --failover-replica-name testdb-failover
Creating Cloud SQL instance...done.
Created [https://www.googleapis.com/sql/v1beta4/projects/xtrav42kub/instances/testdb].
NAME REGION TIER ADDRESS STATUS
testdb us-central1 db-f1-micro 104.154.79.144 RUNNABLE

verify created db instances
$ gcloud sql instances list
NAME REGION TIER ADDRESS STATUS
testdb us-central1 db-f1-micro 104.154.79.144 RUNNABLE
testdb-failover us-central1 db-f1-micro 146.148.46.64 RUNNABLE


check details of created DB
$ gcloud sql instances describe testdb
connectionName: xtrav42kub:us-central1:testdb
databaseVersion: MYSQL_5_6
etag: '"BAg4XvF9oO4T-BUHYn9IlSYpXHc/Mw"'
instance: testdb
instanceType: CLOUDSQL_INSTANCE
ipAddresses:
- ipAddress: 104.154.79.144
kind: sql#instance
project: xtrav42kub
region: us-central1
replicaNames:
- testdb-failover
serverCaCert:
cert: |-
-----BEGIN CERTIFICATE-----
(...)
-----END CERTIFICATE-----
certSerialNumber: '0'
commonName: C=US,O=Google\, Inc,CN=Google Cloud SQL Server CA
createTime: '2016-11-22T13:53:57.259000+00:00'
expirationTime: '2018-11-22T13:54:57.259000+00:00'
instance: testdb
kind: sql#sslCert
sha1Fingerprint: 460cd2eaf5ab66591e4d27351566032a43237c8e
serviceAccountEmailAddress: rp6qajg35fgqtg5bfg3ukho2wu@speckle-umbrella-7.iam.gserviceaccount.com
settings:
activationPolicy: ALWAYS
backupConfiguration:
- binaryLogEnabled: true
enabled: true
id: 10dbfca1-03c6-441d-a330-a0804fb6573e
kind: sql#backupConfiguration
startTime: 02:00
ipConfiguration:
enabled: true
kind: sql#ipConfiguration
kind: sql#settings
locationPreference:
kind: sql#locationPreference
zone: us-central1-a
pricingPlan: PER_USE
replicationType: SYNCHRONOUS
settingsVersion: '3'
tier: db-f1-micro
state: RUNNABLE

configure root password for Cloud SQL (replace XXXXXXXX with real password)
$ gcloud sql instances set-root-password testdb --password XXXXXXXXX
Setting Cloud SQL instance password...done.
Set password for [https://www.googleapis.com/sql/v1beta3/projects/xtrav42kub/instances/testdb].

save public ip address of database in variable
$ echo TESTDB_ADDRESS=$(gcloud sql instances describe testdb --format text | grep ipAddress | awk '{print $2}') >> config
$ cat config
TESTDB_ADDRESS=104.154.79.144

connect to database using sql connect (the ip address of your cloud shell will be temporarily whitelisted)
$ gcloud beta sql connect testdb --user=root
Whitelisting your IP for incoming connection for 1 minute...done.
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 67
Server version: 5.6.31-google-log (Google)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>

>TIP< when using sql connect, you need to provide a user name (such as root) or you will get Access denied because default user will be used


temporarily allow Developer IP address to access Cloud SQL instance
$ gcloud sql instances patch testdb --authorized-networks 88.190.ZZZ.ZZZ
The following message will be used for the patch API method.
{"project": "xtrav42kub", "instance": "testdb", "settings": {"ipConfiguration": {"authorizedNetworks": ["88.190.ZZZ.ZZZ"]}
}}
Patching Cloud SQL instance...done.
Updated [https://www.googleapis.com/sql/v1beta3/projects/xtrav42kub/instances/testdb].
---
connectionName: xtrav42kub:us-central1:testdb
databaseVersion: MYSQL_5_6
etag: '"BAg4XvF9oO4T-BUHYn9IlSYpXHc/Nw"'
instance: testdb
instanceType: CLOUDSQL_INSTANCE
ipAddresses:
- ipAddress: 104.154.79.144
kind: sql#instance
project: xtrav42kub
region: us-central1
replicaNames:
- testdb-failover
serverCaCert:
cert: |-
-----BEGIN CERTIFICATE-----
(...)
-----END CERTIFICATE-----
certSerialNumber: '0'
commonName: C=US,O=Google\, Inc,CN=Google Cloud SQL Server CA
createTime: '2016-11-22T13:53:57.259000+00:00'
expirationTime: '2018-11-22T13:54:57.259000+00:00'
instance: testdb
kind: sql#sslCert
sha1Fingerprint: 460cd2eaf5ab66591e4d27351566032a43237c8e
serviceAccountEmailAddress: rp6qajg35fgqtg5bfg3ukho2wu@speckle-umbrella-7.iam.gserviceaccount.com
settings:
activationPolicy: ALWAYS
backupConfiguration:
- binaryLogEnabled: true
enabled: true
id: 10dbfca1-03c6-441d-a330-a0804fb6573e
kind: sql#backupConfiguration
startTime: 02:00
ipConfiguration:
authorizedNetworks:
- 88.190.ZZZ.ZZZ
enabled: true
kind: sql#ipConfiguration
kind: sql#settings
locationPreference:
kind: sql#locationPreference
zone: us-central1-a
pricingPlan: PER_USE
replicationType: SYNCHRONOUS
settingsVersion: '7'
tier: db-f1-micro
state: RUNNABLE

login from Developer system using mysql client
$ ./mysql -u root -p -h 104.154.79.144
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 132
Server version: 5.6.31-google-log (Google)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

build and retrieve updated war (supporting DB connection)
...

build new version of Docker image
$ cd webapps-image
$ sudo docker build -t areg/webapps:3 .
Sending build context to Docker daemon 8.2 MB
Step 1 : FROM alpine
latest: Pulling from library/alpine
f58f84d16010: Pull complete
Digest: sha256:fb76bd8c78f158a05b2d7b3ad624d4be0d094c6645a5c713883eb6af47553881
Status: Downloaded newer image for alpine:latest
---> f58f84d16010
Step 2 : RUN apk add --no-cache bash
---> Running in 1a286c9cc06c
fetch http://dl-cdn.alpinelinux.org/alpine/v3.4/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.4/community/x86_64/APKINDEX.tar.gz
(1/5) Installing ncurses-terminfo-base (6.0-r7)
(2/5) Installing ncurses-terminfo (6.0-r7)
(3/5) Installing ncurses-libs (6.0-r7)
(4/5) Installing readline (6.3.008-r4)
(5/5) Installing bash (4.3.42-r4)
Executing bash-4.3.42-r4.post-install
Executing busybox-1.24.2-r11.trigger
OK: 13 MiB in 16 packages
---> 210a2b1a3d8f
Removing intermediate container 1a286c9cc06c
Step 3 : ADD WebTestApp.war webapps/WebTestApp.war
---> f628a5887057
Removing intermediate container f81030684d6c
Step 4 : CMD "tail" "-f" "/dev/null"
---> Running in b2c24946503a
---> 2f10fc99f866
Removing intermediate container b2c24946503a
Successfully built 2f10fc99f866

tag new version to prepare it for Google Container Registry
$ sudo docker tag areg/webapps:3 gcr.io/$PROJ/webapps:3

push image to Google Container Registry
$ gcloud docker -- push gcr.io/$PROJ/webapps:3
The push refers to a repository [gcr.io/xtrav42kub/webapps] (len: 1)
2f10fc99f866: Pushed
f628a5887057: Pushed
210a2b1a3d8f: Pushed
f58f84d16010: Image already exists
3: digest: sha256:0aa8e4517c1d4043e8f370cab4e99d870a4f77a06849dbe059e37d79efc802e9 size: 6225

update configuration settings with real DB data, login, password
...

update configmap
$ kubectl delete configmap myconfigmap
$ kubectl create configmap myconfigmap --from-file=config-webtestapp

update deployment descriptor to use new image
$ cd ..
$ vi mywebapp-deploy-3.yaml
(...)
    spec:
      containers:
      - image: gcr.io/xtrav42kub/webapps:3
(...)

apply changes
$ kubect apply -f mywebapp-deploy-3.yaml

temporarily allow All IP to access Cloud SQL instance
$ gcloud sql instances patch testdb --authorized-networks 0.0.0.0/0
The following message will be used for the patch API method.
{"project": "xtrav42kub", "instance": "testdb", "settings": {"ipConfiguration": {"authorizedNetworks": ["0.0.0.0/0"]}}}
Patching Cloud SQL instance...done.
Updated [https://www.googleapis.com/sql/v1beta3/projects/xtrav42kub/instances/testdb].
(...)

test from web browser http://104.154.32.245:8080/WebTestApp/front?action=fullstatus


remove temporary authorization for all IPs
gcloud sql instances patch guestbook-sql2 --clear-authorized-networks
The following message will be used for the patch API method.
{"project": "xtrav42kub", "instance": "testdb", "settings": {"ipConfiguration": {"authorizedNetworks": []}}}
Patching Cloud SQL instance...done.
Updated [https://www.googleapis.com/sql/v1beta3/projects/xtrav42kub/instances/testdb].
(...)


On a donc vérifié que l'application fonctionne et peut utiliser la base de données CloudSQL... mais il est pour le moment nécessaire d'autoriser toutes les IPs à se connecter à la base car on ne sait pas d'où viendra la connection puisque l'application est dans un container sur un cluster kubernetes. Un moyen pour y remédier est d'ajouter un container contenant un CloudSQL Proxy au Pod. C'est ce que nous verrons dans la prochaine partie.


January 14, 2017
1287 words

Categories
Tags
cloud container kubernetes docker GKE java tomcat MySQL CloudSQL

Catégories

Connect. Socialize.