#}
Google GKE Deployment
Deploy GEMVC to Google Kubernetes Engine with managed SSL certificates
Deploy GEMVC to Google GKE
Complete guide for deploying a containerized GEMVC application to Google Kubernetes Engine (GKE) with automatic SSL certificates and auto-scaling.
Google Cloud
Kubernetes
Managed SSL
Autopilot Mode
Core Concepts
- GKE: Google's managed Kubernetes service with strong auto-scaling
- gcloud CLI: Command-line tool for Google Cloud Platform
- Managed Certificates: Google auto-provisions and renews SSL certs
- GKE Ingress: Built-in HTTP(S) Load Balancing
Part 1: Prerequisites
Step 1: Install gcloud CLI
Initialize gcloud
# Initialize Google Cloud SDK
gcloud init
# This walks you through:
# - Authenticating your Google account
# - Selecting your GCP project
# - Setting default region/zoneStep 2: Install kubectl
Install kubectl
# Install kubectl via gcloud
gcloud components install kubectl
# Verify installation
kubectl version --clientPart 2: Create GKE Cluster
Step 3: Provision Cluster (Autopilot)
info: GKE Autopilot automatically manages nodes - you only pay for what you use!
Create GKE Cluster
# Create GKE Autopilot cluster
gcloud container clusters create-auto gemvc-cluster \
--region=us-central1Tip: This process takes 5-10 minutes. gcloud automatically configures kubectl.
Verify Nodes
# Verify cluster is ready
kubectl get nodesPart 3: Kubernetes Manifests
Create a gke-k8s/ folder with these files:
Step 4: deployment.yaml
gke-k8s/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: gemvc-app-deployment
spec:
replicas: 2
selector:
matchLabels:
app: gemvc-app
template:
metadata:
labels:
app: gemvc-app
spec:
containers:
- name: gemvc-app
image: your-dockerhub/gemvc-api:latest
ports:
- containerPort: 9501 # OpenSwoole port
envFrom:
- secretRef:
name: gemvc-app-secretsStep 5: Create Secrets
.env (local only)
# Create .env file locally (NOT in Git!)
APP_ENV=production
DB_HOST=production-db.internal
DB_USER=prod_user
DB_PASSWORD=your-secure-password
TOKEN_SECRET=your-jwt-secret-key
Create Secret
# Create Kubernetes secret
kubectl create secret generic gemvc-app-secrets --from-env-file=.envStep 6: service.yaml
gke-k8s/service.yaml
apiVersion: v1
kind: Service
metadata:
name: gemvc-app-service
annotations:
cloud.google.com/neg: '{"ingress": true}'
spec:
selector:
app: gemvc-app
ports:
- protocol: TCP
port: 80
targetPort: 9501
type: NodePortStep 7: managed-certificate.yaml
GKE automatically provisions and renews SSL certificates:
gke-k8s/managed-certificate.yaml
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: gemvc-app-cert
spec:
domains:
- api.your-domain.comStep 8: ingress.yaml
gke-k8s/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gemvc-app-ingress
annotations:
networking.gke.io/managed-certificates: gemvc-app-cert
spec:
rules:
- host: api.your-domain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: gemvc-app-service
port:
number: 80Part 4: Deploy Application
Step 9: Apply Manifests
Deploy to GKE
# Deploy application
kubectl apply -f gke-k8s/deployment.yaml
# Create service
kubectl apply -f gke-k8s/service.yaml
# Create managed SSL certificate
kubectl apply -f gke-k8s/managed-certificate.yaml
# Create ingress/load balancer
kubectl apply -f gke-k8s/ingress.yamlStep 10: Verify Deployment
Verify Deployment
# Check pods are running
kubectl get pods
# Get load balancer IP
kubectl get ingress gemvc-app-ingress
# Check SSL certificate status (wait for 'Active')
kubectl describe managedcertificate gemvc-app-certDNS Setup: Create an A record pointing your domain to the Ingress IP address.
Part 5: Updates (Zero Downtime)
Zero-Downtime Update
# Update image tag in deployment.yaml, then:
kubectl apply -f gke-k8s/deployment.yaml
# GKE performs rolling update automatically!Deployment Checklist
- gcloud CLI configured with GCP project
- kubectl installed via gcloud
- GKE Autopilot cluster created
- Kubernetes secrets created from .env
- Managed certificate status is Active
- DNS A record pointing to Ingress IP