gke-app-onboarding
GKE App Onboarding Skill
This skill provides workflows for preparing applications that are not yet running on Kubernetes and deploying them to GKE for the first time.
Workflow
1. App Assessment
Before containerizing, assess the application's requirements:
- Language & Framework: Identify the tech stack.
- Dependencies: List required libraries and services.
- Configuration: Determine how the app is configured (e.g., environment variables, config files).
- Statefulness: Identify if the app needs persistent storage (databases, file storage).
- Networking: Determine port mapping and protocol (HTTP, TCP, etc.).
2. Containerization
Create a container image suitable for the application:
- Dockerfile: Create a
Dockerfilein the project root. - Multi-stage Builds: Recommend multi-stage builds to keep the production image small and secure.
- Logging: Ensure the application logs to
stdoutandstderrfor proper log collection. - Alternatives: Consider using Cloud Native Buildpacks or Skaffold for automated containerization and development workflows without writing Dockerfiles.
3. Image Management
Build and store the container image:
- Build: Build the image locally or using a CI/CD pipeline.
- Repository: Push the image to Google Artifact Registry.
- Vulnerability Scanning: Enable automatic vulnerability scanning in Artifact Registry to detect security issues in base images and dependencies.
4. Manifest Generation
Generate Kubernetes manifests for the application:
- Namespace: Create a dedicated
Namespacefor the application to isolate resources.- Security: Label the namespace to enforce Pod Security Standards (e.g.,
pod-security.kubernetes.io/enforce: restrictedandpod-security.kubernetes.io/enforce-version: latest).
- Security: Label the namespace to enforce Pod Security Standards (e.g.,
- ServiceAccount: Create a dedicated
ServiceAccountfor the application. Avoid using thedefaultServiceAccount to follow the principle of least privilege. - Deployment: Create a
Deploymentmanifest.- Include resource requests and limits.
- Configure liveness and readiness probes.
- Reference the dedicated
ServiceAccountusing theserviceAccountNamefield.
- Service: Create a Service manifest (e.g., ClusterIP for internal apps, LoadBalancer for external access). For advanced L7 routing, consider using the Gateway API.
5. Initial Deployment
Apply the manifests and verify the deployment:
- Apply: Use
kubectl apply -f <manifest-file>. - Verify: Check pod status with
kubectl get podsand ensure the service is accessible.
Next Steps
Once the application is running, use the gke-productionize skill to assess its readiness for production.
More from googlecloudplatform/gke-mcp
gke-backup-dr
Workflows for configuring Backup for GKE and disaster recovery.
2gke-reliability
Workflows for ensuring high availability and reliability of GKE workloads.
2gke-storage
Guidance on managing storage in Google Kubernetes Engine (GKE) clusters.
2gke-workload-security
Workflows for auditing and hardening the security of GKE workloads.
2gke-cost-optimization
Guidance on optimizing costs for Google Kubernetes Engine (GKE) clusters.
2gke-networking-edge
Workflows for configuring edge networking, ingress, and security on GKE.
2