This guide goes over the required steps for deploying Kubeless in GKE. There are a few pain points that you need to know in order to successfully deploy Kubeless in a GKE environment. First your google cloud account should have enough privileges to create and manage clusters. You can login to your account using the gcloud CLI tool:
$ gcloud auth login
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?redirect_uri=...
Enter verification code: ...
You are now logged in as [[email protected]].
Your current project is [your-project]. You can change this setting by running:
$ gcloud config set project PROJECT_IDYou can also follow the initialization process executing gcloud init.
Once you are logged in, you can create the cluster:
gcloud container clusters create \
--cluster-version=1.8.10-gke.0 \
my-cluster \
--num-nodes 5At the moment of writing this document, the CI/CD system is testing Kubeless against GKE 1.8 so that's the one we are specifying as the desired version. You can check the current version tested in the Travis file.
The default number of nodes is 3. That default number is enough for small deployments but it is recommended to use at least 5 or 7 nodes so you don't run out of resources after deploying a few functions.
After a few minutes you should be able to see your cluster running:
$ gcloud container clusters list
NAME ... STATUS
my-cluster ... RUNNINGFor deploying Kubeless in your cluster, your user should have enough permissions for creating cluster roles and cluster role bindings. For doing so you need to give your current GKE account admin privileges in the new cluster. This is not being done by default so you need to do it manually:
kubectl create clusterrolebinding kubeless-cluster-admin --clusterrole=cluster-admin --user=<your-gke-user>The above command may fail with:
Error from server (Forbidden): User "your-gke-user" cannot create
clusterrolebindings.rbac.authorization.k8s.io at the cluster scopeThis error is shown since your account doesn't have privileges to create clusterrolebindings (even if you are able to create clusters). If that is the case you can still perform the above operation using the default admin user. You can retrieve the admin password executing:
gcloud container clusters describe my-cluster --zone <my-cluster-zone>Once you have the admin password you can retry the command above:
kubectl --username=admin --password=<admin_password> \
create clusterrolebinding kubeless-cluster-admin \
--clusterrole=cluster-admin --user=<your-gke-user>After that your are finally able to deploy Kubeless. Get the latest release from the release page and deploy the RBAC version of the Kubeless manifest.
On GKE 1.8.x, when you have finished the above steps, there is still one step required to make the Kafka/Zookeeper PVC bounded if you enable alpha features when creating your cluster. Checking PVC you will see they are pending:
kubectl get pvc -n kubeless
NAME STATUS VOLUME CAPACITY ACCESSMODES STORAGECLASS AGE
datadir-kafka-0 Pending 2m
zookeeper-zoo-0 Pending 2m
Because there are no correlative PV available, you have to create them. On GKE, you might want to go with GKE Persistent Disk. First, create two PD with this command:
gcloud compute disks create --size=1GB --zone=<your_GKE_zone> kubeless-kafka
gcloud compute disks create --size=1GB --zone=<your_GKE_zone> kubeless-zookeeperThen create Kafka and Zookeeper PV:
kubectl create -f docs/misc/kafka-pv.yaml
kubectl create -f docs/misc/zookeeper-pv.yamlOnce both PV are created, the PVC will be bounded shortly and you will see Kafka and Zookeeper running:
kubectl get pod -n kubeless
NAME READY STATUS RESTARTS AGE
kafka-0 1/1 Running 1 30m
kubeless-controller-659755588f-bwch6 1/1 Running 0 30m
zoo-0 1/1 Running 0 30m