GEMVC Documentation

Complete guide to building modern, secure PHP applications with GEMVC framework

Get Started Learn Architecture
Documentation / Getting Started / Deployment / Google GKE OpenSwoole

🚀 Guide: Deploying a Dockerized GEMVC Application to Google Kubernetes Engine (GKE)

This document provides a complete walkthrough for deploying a containerized application to the Google Kubernetes Engine (GKE). GKE is Google Cloud's managed Kubernetes service, offering a robust, scalable, and secure platform for running production applications.

Core Concepts

  • Kubernetes (K8s): The open-source container orchestration platform. The core concepts are the same across all cloud providers.
  • Google Kubernetes Engine (GKE): A managed Kubernetes service from Google. Google manages the control plane, and you pay for the worker nodes. GKE is known for its strong auto-scaling and networking capabilities.
  • `gcloud` CLI: The primary command-line tool for interacting with your Google Cloud Platform (GCP) resources.
  • `kubectl`: The command-line tool for interacting with any Kubernetes cluster, including GKE.
  • GKE Ingress Controller: A built-in component that manages external HTTP(S) Load Balancing for your services.
  • Managed Certificates: A feature where Google automatically provisions and renews SSL certificates for your custom domains.

Part 1: Prerequisites & Local Setup

First, you need to set up your local machine to communicate with your Google Cloud project.

Step 1: Install and Configure the `gcloud` CLI

The `gcloud` command-line interface is essential for managing your GCP resources.

  1. Install the Google Cloud SDK: Follow the official Google Cloud instructions for your operating system. This package includes the `gcloud` CLI.
  2. Initialize the SDK: After installation, run the initialization command. This will walk you through authenticating your account and setting up a default project and zone.
    Terminal 
    gcloud init

Step 2: Install `kubectl`

The `gcloud` SDK can install `kubectl` for you, ensuring compatibility.

Terminal 
gcloud components install kubectl

Part 2: Provisioning the GKE Cluster

Now, we will create the Kubernetes cluster in your GCP project.

Step 3: Create the GKE Cluster

Run the following command to create a new GKE cluster. This command creates a standard cluster using GKE's Autopilot mode, which is highly cost-effective as it automatically manages your nodes and resources.

Tip: This process can take 5-10 minutes.
Terminal 
gcloud container clusters create-auto gemvc-cluster \
--region=us-central1

Once the command completes, `gcloud` automatically configures `kubectl` to communicate with your new GKE cluster. You can verify this by running:

Terminal 
kubectl get nodes

Part 3: Creating Kubernetes Manifests

Just like with EKS, we need to create YAML manifest files to describe our application. Create a new folder named `gke-k8s`. Inside it, create the following files.

Step 4: `deployment.yaml`

This file is identical to the one used for EKS. It tells Kubernetes how to run your application pods.

info: Create `gke-k8s/deployment.yaml`
Terminal 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gemvc-app-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: gemvc-app
  template:
    metadata:
      labels:
        app: gemvc-app
    spec:
      containers:
      - name: gemvc-app
        image: yourDockerAccount/yourImageName:latest
        ports:
        - containerPort: 9501
        envFrom:
        - secretRef:
            name: gemvc-app-secrets

Step 5: Managing Configuration and Secrets

In Kubernetes, you should never include your `.env` file in your Docker image. The best practice is to use Kubernetes Secrets to manage sensitive data like database passwords and API keys.

  1. Create a production `.env` file on your local machine. Make sure this file is included in your `.gitignore` and is never committed to your repository.
    Example `.env` file:
    Terminal 
    DB_HOST=production-db.internal
DB_USER=prod_user
DB_PASS=a-very-secure-password
API_KEY=another-super-secret-key
  2. Create a Kubernetes Secret from your `.env` file. This command reads your local file and creates a secret object inside your GKE cluster.
    Terminal 
    kubectl create secret generic gemvc-app-secrets --from-env-file=.env

The `envFrom` section in the `deployment.yaml` (added in the previous step) will now automatically load the key-value pairs from this secret as environment variables in your application container.

Step 6: `service.yaml`

This file creates the internal networking for your pods. For GKE Ingress, we must annotate the service so it can be found by the load balancer.

info: Create `gke-k8s/service.yaml`
Terminal 
apiVersion: v1
kind: Service
metadata:
  name: gemvc-app-service
  annotations:
    cloud.google.com/neg: '{"ingress": true}'
spec:
  selector:
    app: gemvc-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9501
  type: NodePort

Step 7: `managed-certificate.yaml`

To enable automatic SSL, we first create a `ManagedCertificate` resource. GKE will use this to provision and manage an SSL certificate for our domain.

info: Create `gke-k8s/managed-certificate.yaml`
Terminal 
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: gemvc-app-cert
spec:
  domains:
    - app.your-domain.com

Step 8: `ingress.yaml`

This file tells the GKE Ingress Controller to create an HTTP(S) Load Balancer, associate it with the SSL certificate, and route traffic to your service.

info: Create `gke-k8s/ingress.yaml`
Terminal 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gemvc-app-ingress
  annotations:
    networking.gke.io/managed-certificates: gemvc-app-cert
    cloud.google.com/backend-config: '{"default": "gemvc-app-backend-config"}'
spec:
  rules:
    - host: app.your-domain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: gemvc-app-service
                port:
                  number: 80

Part 4: Deploying the Application

With the manifests ready, we can deploy to GKE.

Step 9: Apply the Manifests

Run the following commands from your directory containing the `gke-k8s` folder.

Terminal 
# Create the deployment
kubectl apply -f gke-k8s/deployment.yaml

# Create the service
kubectl apply -f gke-k8s/service.yaml

# Create the managed SSL certificate
kubectl apply -f gke-k8s/managed-certificate.yaml

# Create the ingress and load balancer
kubectl apply -f gke-k8s/ingress.yaml

Step 9: Verify the Deployment

  1. Check Pods:
    Terminal 
    kubectl get pods
  2. Check Ingress: It may take several minutes for GKE to provision the load balancer and assign a public IP address.
    Terminal 
    kubectl get ingress gemvc-app-ingress

    Look for the IP address in the `ADDRESS` column.
  3. Check Certificate: You can check the status of your SSL certificate provisioning.
    Terminal 
    kubectl describe managedcertificate gemvc-app-cert

    Wait for the status to become `Active`.
  4. Configure DNS: Go to your domain registrar and create an `A` record pointing your domain (`app.your-domain.com`) to the IP address you found in the Ingress.

After DNS propagates, your application will be live on GKE with a Google-managed SSL certificate.

Part 5: The CI/CD Update Process

The update process is identical to EKS, showcasing the power of the Kubernetes API.

  1. Code & Release: Create a new release on GitHub. The GitHub Action will build and push the new version-tagged image to Docker Hub.
  2. Update Manifest: On your local machine, open `gke-k8s/deployment.yaml` and update the image tag to the new version.
  3. Apply the Change: Run the `apply` command.
    Terminal 
    kubectl apply -f gke-k8s/deployment.yaml

GKE will perform a zero-downtime rolling update to the new version.