Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Creating and managing GCP Services and containers
For an end-to-end example of creating an GKE Service, see this tutorial.
In the DuploCloud Portal, navigate to Kubernetes -> Services.
Click Add. The Basic Options section of the Add Service page displays.
In the Service Name field, give the Service a name (without spaces).
From the Cloud list box, select Google.
From the Platform list box, select GKE Linux.
In the Docker Image field, enter the Docker image.
Optionally, enter any allocation tags in the Allocation Tag field.
From the Replica Strategy list box, select a replication strategy. Refer to the informational ToolTip ( ) for more information.
Specify the number of replicas in the Replicas field (for Static replica strategy). The number of replicas you define must be less than or equal to the number of Hosts in the fleet.
In the Replica Placement list box (for Static or Horizontal Pod Autoscaler replication strategies) select First Available, Place on Different Hosts, Spread Across Zones, or Different Hosts and Spread Across Zones. Refer to the informational ToolTip ( ) for more information.
Optionally, enter variables in the Environmental Variables field.
In the Force StatefulSets list box, select Yes or No (for Static or Horizontal Pod Autoscaler replication strategies).
Optionally, select Tolerate spot instances (for Static or Horizontal Pod Autoscaler replication strategies)
Click Next. The Add Service, Advanced Options page displays.
Configure advanced options as needed. For example, you can implement Kubernetes Lifecycle Hooks in the Other Container Config field (optional).
Click Create. The Service is created.
From the DuploCloud Portal, navigate to Kubernetes -> Services. Select the Service from the NAME column. The Service details page displays.
Using the Services page, you can start, stop, and restart multiple services simultaneously.
In the DuploCloud Portal, navigate to Kubernetes -> Services.
Use the checkbox column to select multiple services you want to start or stop at once.
From the Service Actions menu, select Start Service, Stop Service, or Restart Service. The selected Services are started, stopped, or restarted as you specified.
In the DuploCloud Portal, you can display and manage the containers you have defined.
Select the Tenant from the Tenant list box in the upper left.
Navigate to Kubernetes -> Containers.
Logs
Displays container logs.
State
Displays container state configuration, in YAML code, in a separate window.
Container Shell
Host Shell
Accesses the Host Shell.
Delete
Deletes the container.
Select the Options Menu ( ) in each container row to display Logs, State, Container Shell, Host Shell, and Delete options.
Accesses the Container Shell. To access the Container Shell option, you must first set up .
Configuration and Secret management in GCP
There are many ways to pass configurations to containers at run-time. Although simple to set up, using Environmental Variables can become complex if there are too many configurations, especially files and certificates.
Using Kubernetes, you can populate environment variables using Kubernetes Configs and Secrets.
Using containers and DuploCloud Services with GCP GKE
Containers and Services are critical elements of deploying GCP applications in the DuploCloud platform. Containers refer to Docker containers: lightweight, standalone packages that contain everything needed to run an application including the code, runtime, system tools, libraries, and settings. Services in DuploCloud are microservices defined by a name, Docker image, and a number of replicas. They can be configured with various optional parameters and are mapped to Kubernetes deployment sets or StatefulSets, depending on whether they have stateful volumes.
DuploCloud supports deploying containerized applications in GCP using GKE (Google Kubernetes Engine).
Google Kubernetes Engine (GKE) is a fully managed service that uses the open-source Kubernetes platform to orchestrate and manage containerized applications on Google Cloud. GKE offers deep integration with other Google Cloud services, making it highly optimized for workloads in the Google Cloud ecosystem. While GKE requires a bit more learning compared to simpler orchestration tools, it provides the flexibility, scalability, and portability that Kubernetes offers, allowing users to run complex workloads with fine-grained control over configurations and scaling.
Adding a Service in the DuploCloud Platform is not the same as adding a Kubernetes service. When you deploy DuploCloud Services, the platform implicitly converts your DuploCloud Service into either a deployment set or a StatefulSet. The service is mapped to a deployment set if there are no volume mappings. Otherwise, it is mapped to a StatefulSet, which you can force creation of if needed. Most configuration values are self-explanatory, such as Images, Replicas, and Environmental Variables.
Kubernetes clusters are created during Infrastructure setup using the Administrator -> Infrastructure option in the DuploCloud Portal. The cluster is created in the same Virtual Private Cloud (VPC) as the Infrastructure. Building an Infrastructure with GKE cluster may take some time.
Next, you deploy an application within a Tenant in Kubernetes. The application contains a set of VMs, a Deployment set (Pods), and an application Load Balancer. Pods can be deployed either through the DuploCloud Portal or through kubectl,
using HelmCharts.
When you create a Service, refer to the registry configuration in Docker -> Services | Kubernetes -> Services. Select the Service from the NAME column and select the Configuration tab. Note the values in the Environment Variables and Other Docker Config fields.
For example:
{"DOCKER_REGISTRY_CREDENTIALS_NAME":"registry1"}
DuploCloud supports the following databases for GCP.
Cloud SQL (MySQL, PostgreSQL, SQL Server)
Managing GCP services and related components
DuploCloud provides several configurable components when running Google Cloud Provider's Google Kubernetes Engine (GKE).
Applications involve GCP Services such as Cloud Armour, Redis and SQL databases, Storage Buckets, Load Balancers, and so on.
Using DuploCloud, you can create unlimited Services within each Tenant, using application-centric inputs. At the same time, the platform ensures that the lower-level nuances are programmed to best practices for security and compliance.
In addition to GKE standard and auto-pilot, the following services are supported. Supported Services are listed in alphabetical order.
Adding SQL Databases in DuploCloud
Use this procedure to create:
MySQL databases
SQL databases with PostGres engines
SQL databases with SQLServer engines
In the DuploCloud Portal, navigate to Cloud Services -> Cloud SQL.
Click Add. The Add SQL DB page displays.
Complete the fields (Name, Disk Size, SQL Version, Tier, Root Password) as required.
Click Create.
You can view database details and configure other options by navigating to Cloud Services -> Cloud SQL and selecting the Cloud SQL database from the NAME column.
Navigate to Cloud Services -> Cloud SQL.
Creating a Load balancer using GCP in DuploCloud
All containers run inside a private network and cannot be accessed from an external network. To make them accessible from an external network, create a Load Balancer.
If you need to create an Ingress Load Balancer, refer to the page in the DuploCloud Kubernetes User Guide.
See the for an end-to-end example of deploying an application using a GCP Service.
In the DuploCloud Portal, navigate to Kubernetes -> Services.
On the Services page, select the Service name in the Name column.
Click the Load Balancers tab.
If no Load Balancers exist, click the Configure Load Balancer link. If other Load Balancers exist, click Add in the LB listeners card. The Add Load Balancer Listener pane displays.
From the Select Type list box, select a Load Balancer Listener type based on your Load Balancer.
Complete other fields as required and click Add to add the Load Balancer Listener.
DuploCloud allows no more than one (0 or 1) Load Balancer per DuploCloud Service.
For internal Load Balancers, you cannot use Google Managed Certificates. You can import a certificate from somewhere else or use a self-signed certificate. We recommend using the self-signed certificate option for internal Load Balancers because you control authentication at the IP level.
Here's an example Terraform code snippet to create a self-signed certificate for an internal Load Balancer in DuploCloud:
Restrict open access to your public Load Balancers by enforcing controlled access policies.
From the DuploCloud Portal, navigate to Administrator -> System Settings.
Select the System Config tab, and click Add. The Add Config pane displays.
From the Config Type list box, select Flags.
From the Key list box, select Deny Open Access To Public LB.
In the Value list box, select True.
Click Submit. Open access to public Load Balancers is restricted.
Create a Firestore Database from within the DuploCoud platform.
Firestore is a flexible, scalable database for mobile, web, and server development from Google Cloud Platform. It's part of Firebase, a platform for developing mobile and web applications. Firestore is a NoSQL document database that simplifies storing, syncing, and querying data across multiple platforms and devices.
There are two Firestore Database modes to choose from:
Firestore Native Mode is the default mode for Firestore. It provides a richer feature set and supports more advanced querying capabilities, such as compound queries and real-time updates. Use Firestore Native for new projects and applications that require real-time updates and advanced querying features.
Datastore Mode provides a subset of Firestore's features and capabilities, supports a simpler data model, and lacks support for nested subcollections. Use Datastore Mode for migrating existing applications from Google Cloud Datastore to Firestore or for applications that do not require real-time updates or complex querying capabilities.
From the Tenant list box in the upper left, select your Tenant name.
From the DuploCloud portal, navigate to Cloud Services -> Firestore Database.
Click Add. The Add Firestore DB page displays.
In the Name field, enter a name for your database.
From the Type list box, select FIRESTORE_NATIVE or DATASTORE_MODE.
Select your location from the Location list box.
From the Point in Time Recovery Enablement list box, enable or disable point in time recovery, or lock your resources pessimistically.
From the Delete Protection State list box, enable or disable delete protection.
Click Create. Your Firestore Database is created.
Support for Redis database instances
DuploCloud supports Redis database instances. Redis stands for Remote Dictionary Server and is a fast, open-source, in-memory, key-value data store. Redis can function as a database, cache, message broker, and queue.
Redis delivers sub-millisecond response times, enabling millions of requests per second for real-time applications.
In the DuploCloud Portal, navigate to Cloud Services -> Redis.
Click Add. The Add Redis Instance page displays.
Enter the database Name.
In the Display Name field, enter a useful database name for reference.
From the Tier list box, select Basic for a Tier0 standalone instance; select Standard for a Tier1 High Availability primary/replica instance.
In the Memory Size field, enter memory size in gigabytes (GB).
In the Redis Config field, specify the Redis configuration.
In the Labels field, specify key
/value
pairs.
Select Enable Auth and Security to enable OSS Redis AUTH for the Redis instance.
Select Enable Encryption-in-Transit to select the TLS mode of the Redis instance.
Click Create. The Redis database Details tab displays on the Redis tab with Connectivity, General, and Security cards.
Implement GCP Cloud Armour in DuploCloud
GCP Cloud Armour helps protect your applications and websites against denial of service, web breaches, and cyber-attacks.
Use DuploCloud to activate your GCP Cloud Armour software and monitor your cloud infrastructures and deployed services and applications.
Before you can use DuploCloud with Cloud Armour, define a Security Policy in the DuploCloud Plan that supports your DuploCloud Infrastructure.
In the DuploCloud Portal, navigate to Administrator -> Plan. The Plans page displays.
From the Name column, select the Plan that corresponds to your Infrastructure. When you create a DuploCloud Infrastructure, a Plan is created with the same name.
Click the Security Policy tab.
Click Add. The Add Security Policy pane displays.
In the Name field, enter an appropriate name for the Security Policy. This is the name used in the DuploCloud portal. It is convenient to keep it the same as the Security Policy ID, but not required.
In the Security Policy ID field, enter the name of your GCP Cloud Armour Security Policy. This is the name used in the GCP console.
Click Create. The Security Policy that you specified is displayed in the Security Policy tab.
Now that the Cloud Armour Security Policy has been defined in your DuploCloud Plan, add the policy to a Load Balancer so that it can monitor network traffic.
In the DuploCloud Portal, navigate to Kubernetes -> Services or Docker -> Services.
Select the Service to which your Load Balancer is attached.
Click the Load Balancer tab.
In the Other Settings card, click Edit. The Other Load Balancer Settings pane displays.
Select the Enable HTTP to HTTPS Redirect option.
Select Enable Access Logs to view rule evaluations.
In the Idle Timeout field, enter the number of minutes for timeout, in seconds.
Click Save.
The Security Policy displays in the Load Balancer's Other Settings card.
In the DuploCloud Portal, navigate to Administrator -> Plans. The Plans page displays.
From the Name column, select the Plan that corresponds to your Infrastructure.
Click the Security Policy tab.
Modify the Security Policy Name and the Security Policy ID as appropriate.
Click Update. The changes are saved and displayed in the Security Policy tab.
Logs will only be visible if you Enable Access Logs in the Load Balancer's Other Settings card.
To view Cloud Armor Security Policy logs:
Locate the Security Policy in the GCP Console.
Click the Logs tab.
Click the View policy logs link on the Logs tab to view logs of the policy's rule evaluations.
Click the menu icon ( ) on the left of the row listing your SQL database, and select GCP Console, Edit, Delete, Stop, Restart, or Reset Password.
From the Security Policy list box, select the .
To change your Cloud Armour configuration to use a different security policy, edit the Security Policy in the DuploCloud .
In the row listing your security policy, click the Edit Icon ( ) to change the Security Policy ID. The Update Security Policy pane displays.
Add GCP subscription details
The DuploCloud rules-based expert system requires GCP Subscription details to manage cloud resources effectively. By adding Cloud Credentials in the DuploCloud Portal, you provide the necessary subscription details for this management.
To integrate GCP project cloud credentials into DuploCloud, follow these steps:
In the DuploCloud Portal, navigate to Administrator -> Cloud Credentials. The Cloud Credentials page displays.
Click Add to initiate the creation of new cloud credentials.
Ensure Google is selected from the Cloud list box as your cloud provider.
Enter your Google Project ID in the Project ID field. This ID uniquely identifies your GCP project.
Provide the Service Account email in the Service Account Email field. Service accounts are crucial for applications or compute workloads to interact with GCP services, managed through Identity and Access Management (IAM).
Paste the private key associated with your service account in the Service Account Private Key field. To extract and copy the private key from a JSON file, you can use the command: jq -r .private_key < filename.json | pbcopy
.
Click Submit to save your credentials, which will be displayed on the Cloud Credentials page.
Create Cloud Functions in GCP
In GCP, Cloud Functions are for serverless execution of code.
In the DuploCloud Portal, navigate to Cloud Services -> Storage. The Buckets page displays. Create a bucket and upload the code package.
Navigate to Cloud Services -> Functions, and click Add. The Add Function page displays. Fill out the appropriate fields and click Create.
Create a Cloud Scheduler job in GCP
Google Cloud Scheduler is a fully managed cron job service that allows you to schedule jobs to automate the execution of tasks at regular intervals without manual intervention. You can create a Cloud Scheduler job to trigger from a Pub/Sub topic, an HTTP endpoint, or an App Engine.
The following table describes each target type's function and common use cases.
HTTP
Schedule HTTP(S) requests
APIs, webhooks
Pub/Sub
Publish messages to a topic
Event-driven architectures
App Engine
Invoke serverless functions/services
Background tasks, scheduled jobs
From the DuploCloud Portal, navigate to Cloud Services -> Cloud Scheduler, and click Add. The Cloud Scheduler Add Job pane displays.
Enter a Name, a Schedule (in cron format), and a Description, if needed.
From the Target Type list box, select Pub Sub, App Engine, or HTTP. Complete the fields associated with the selected target type:
Pub/Sub: Select a Topic Name, and add Attributes and Data, if needed.
App Engine: Enter a Service and Version. Select an HTTP Method. Enter a Relative URI and HTTP Headers, if required.
HTTP: Select an HTTP Method. Enter a Target URI. Select an Authentication method. Enter HTTP Headers, if needed.
Click Create. The Cloud Scheduler job is created.
Create pub/sub in GCP
Creation of a pub sub topic is quite self explanatory with just a couple fields.
Create Cloud Storage Buckets in GCP
In GCP, Cloud Storage Buckets are containers that hold your data. Everything in Google Cloud Storage resides in a bucket. Learn more about GCP Cloud Storage and Cloud Storage Buckets.
In the DuploCloud Portal, navigate to Cloud Services -> Storage. The Buckets page displays.
In the Buckets tab, click Add. The Create a Bucket pane displays.
In the Name field, enter a bucket name.
Optionally, select Enable Versioning or Allow Public Access; enter a label string for your bucket in the Labels field.
Optionally, select the Multi Region or Region (single region) location type for your data storage. In the Multi Region Options or Region Options list box, select your region(s).
Click Create.
Create Node Pool for GCE in the DuploCloud Portal
GCP Node Pools are useful when you need to schedule Pods requiring more resources than others, such as more memory or local disk space. Node Pools can be created for the DuploCloud Infrastructure with GKE Standard Cluster only.
Add a Tenant, specifying the DuploCloud Plan corresponding to a GKE Standard Cluster.
In the DuploCloud Portal, navigate to Kubernetes -> Nodes.
Click the Node Pool tab.
Click Add. The Add Node Pools page displays.
Provide Name, Availability Zone, Instance Type, and Node Counts.
Click Submit.
DuploCloud Portal provides additional options when configuring a Node Pool, as depicted below. To use Advanced Options select Advanced Options in the Add Node Pool page.
You can add Accelerator types for GPUs while creating a NodePool. From the Add Node Pool page, click Add Accelerator.
Accelerator Types are not available in all regions.
In the Add Service page, click Next for Advanced Options.
Enter command
, args
, and resources
in the Other Container Config field.
Click Create.
For additional details, refer to the documentation from Google Cloud here .
Select the Node Pool to which you want to add taints.
Click Actions and select Add Taint. The Add Taint pane displays.
Enter the Key/Value pair and select the Effect from the list box.
Click Add Taint.
For example, the following screen applies a taint to a Node Pool that has a Key/Value of dedicated=experimental
with a NoSchedule
effect.
You need to configure the correct tolerations
in the Service to schedule the Pod in a Node Pool.
To continue the examples above, create a Service with tolerations
using the Other Container Config field, as depicted below.
You can Edit or Delete a Taint by selecting the Node Pool Name, clicking the Actions menu, and selecting Edit or Delete. You edit the Node Pool using the Edit Node Pool page.
View Node Pools by clicking the Node Pool tab and selecting the Node Pool Name.
Nodes created as part of a Node Pool, are displayed in the GCE VM tab.
Taints configured to a Node Pool are displayed with a Tainted Status. Click the Tainted icon to display a window with a Taint List.
Set Docker registry credentials and Kubernetes secrets
In the DuploCloud Portal, navigate to Docker -> Services. Docker registry credentials are passed to the Kubernetes cluster as kubernetes.io/dockerconfigjson
.
Click the Docker list box in the upper right, and select Docker Credentials. The Set Docker registry Creds pane displays.
Supply the credentials and click Submit.
Enable the Docker Shell Service by clicking Enable Docker Shell.
You can pull images from multiple Docker registries by adding multiple Docker Registry Credentials.
In the DuploCloud Portal, click Administrator -> Plan. The Plans page displays.
Select the Plan in the Name column.
Click the Config tab.
Click Add. The Add Config pane displays.
You can pass Docker Credentials using the Environment Variables config field in the Add Service Basic Options page. See the Kubernetes Configs and Secrets section.