Overview This quickstart guide will walk you through deploying a complete production-ready Kubernetes cluster for your exchange platform on Google Cloud Platform. You’ll have a fully functional infrastructure with NGINX Ingress, cert-manager, Sealed Secrets, monitoring, and GitOps deployment within 30 minutes.
Prerequisites Before you begin, ensure you have:
Deployment Steps
Install and configure gcloud CLI
Install the gcloud CLI and authenticate with your Google Cloud account: # Authenticate with Google Cloud gcloud auth login # Initialize gcloud configuration gcloud init # Set your project ID gcloud config set project YOUR_PROJECT_ID
Replace YOUR_PROJECT_ID with your actual Google Cloud project ID. You can find this in the GCP Console.
Create a GKE cluster
Create a production-ready Kubernetes cluster with autoscaling: gcloud container clusters create exchange-cluster \ --zone us-central1-a \ --num-nodes 3 \ --machine-type n1-standard-2 \ --enable-autoscaling \ --min-nodes 2 \ --max-nodes 10 \ --enable-autorepair \ --enable-autoupgrade
Get credentials to access your cluster: gcloud container clusters get-credentials exchange-cluster \ --zone us-central1-a
Verify cluster access: Cluster creation takes approximately 5-7 minutes. The cluster will have 3 nodes initially and can scale from 2 to 10 nodes based on load.
Install NGINX Ingress Controller
Deploy the NGINX Ingress Controller to handle external traffic routing: kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.2/deploy/static/provider/cloud/deploy.yaml
Wait for the load balancer to be provisioned: kubectl wait --namespace ingress-nginx \ --for=condition=ready pod \ --selector=app.kubernetes.io/component=controller \ --timeout=120s
Get the external IP address: kubectl get svc -n ingress-nginx ingress-nginx-controller
Save this external IP address. You’ll need to configure your DNS to point your domain to this IP for TLS certificates to work.
Install cert-manager
Install cert-manager for automated TLS certificate management: # Add the Jetstack Helm repository helm repo add jetstack https://charts.jetstack.io helm repo update # Install cert-manager with CRDs helm install cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ --set installCRDs= true
Verify the installation: kubectl get pods -n cert-manager
All three cert-manager pods should be running.
Install Sealed Secrets
Install Bitnami Sealed Secrets for GitOps-friendly secret management: # Add the Sealed Secrets Helm repository helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets helm repo update # Install the Sealed Secrets controller helm install sealed-secrets -n kube-system \ --set-string fullnameOverride=sealed-secrets-controller \ sealed-secrets/sealed-secrets
Install the kubeseal CLI: KUBESEAL_VERSION = '0.29.0' curl -OL "https://github.com/bitnami-labs/sealed-secrets/releases/download/v${ KUBESEAL_VERSION }/kubeseal-${ KUBESEAL_VERSION }-linux-amd64.tar.gz" tar -xvzf kubeseal- ${ KUBESEAL_VERSION } -linux-amd64.tar.gz kubeseal sudo install -m 755 kubeseal /usr/local/bin/kubeseal
Verify installation: kubeseal --version kubeseal --fetch-cert
Install monitoring stack
Deploy Prometheus and Grafana for comprehensive cluster monitoring: # Create monitoring namespace kubectl create namespace monitoring # Add Prometheus community Helm repository helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update # Install kube-prometheus-stack helm install prometheus prometheus-community/kube-prometheus-stack \ -n monitoring
Verify installation: kubectl get pods -n monitoring
Access Grafana: # Get Grafana admin password kubectl get secret -n monitoring prometheus-grafana \ -o jsonpath="{.data.admin-password}" | base64 -d ; echo # Port forward to access Grafana export POD_NAME = $( kubectl get pod -n monitoring \ -l "app.kubernetes.io/name=grafana" -o name ) kubectl port-forward -n monitoring $POD_NAME 3000
Open http://localhost:3000 in your browser (username: admin).
Install ArgoCD
Deploy ArgoCD for GitOps-based continuous deployment: # Create ArgoCD namespace kubectl create namespace argocd # Install ArgoCD kubectl apply -n argocd \ -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
Wait for ArgoCD to be ready: kubectl wait --for=condition=ready pod \ --all -n argocd \ --timeout=300s
Access the ArgoCD UI: # Port forward to access ArgoCD kubectl port-forward svc/argocd-server -n argocd 8080:443
Get the admin password: kubectl -n argocd get secret argocd-initial-admin-secret \ -o jsonpath="{.data.password}" | base64 -d ; echo
Open https://localhost:8080 and log in with username admin and the password from above. Accept the self-signed certificate warning in your browser. In production, you should configure ArgoCD with a proper TLS certificate.
Deploy your exchange application
Create an ArgoCD application to deploy your exchange services:
Log in to the ArgoCD UI at https://localhost:8080
Click + New App
Configure the application:
Click Create
kubectl apply -f - << EOF apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: exchange namespace: argocd spec: project: default source: repoURL: https://github.com/jogeshwar01/exchange-ops targetRevision: HEAD path: . directory: recurse: true destination: server: https://kubernetes.default.svc namespace: default syncPolicy: automated: prune: true selfHeal: true EOF
ArgoCD will automatically sync and deploy all manifests from your repository.
Verify deployment
Check that all services are running: # Check all pods kubectl get pods # Check services kubectl get svc # Check ingress kubectl get ingress
All pods should be in Running state. Your exchange infrastructure is now live!
$ kubectl get pods NAME READY STATUS RESTARTS AGE exchange-router-deployment-xxx 1/1 Running 0 2m exchange-ws-stream-deployment-xxx 1/1 Running 0 2m exchange-postgres-deployment-xxx 1/1 Running 0 2m exchange-redis-deployment-xxx 1/1 Running 0 2m exchange-engine-deployment-xxx 1/1 Running 0 2m exchange-db-processor-deployment-xxx 1/1 Running 0 2m
Next Steps Congratulations! Your production-grade Kubernetes exchange infrastructure is now running. Here’s what to do next:
Configure TLS Certificates Set up automated TLS certificates with Let’s Encrypt for secure HTTPS access
Manage Secrets Learn how to create and manage sealed secrets for sensitive configuration
Set Up Monitoring Explore Grafana dashboards and set up alerts for your infrastructure
Configure Autoscaling Tune HPA settings to handle traffic spikes automatically
Troubleshooting Pods stuck in Pending state Check if your cluster has sufficient resources:
kubectl describe pod POD_NAME kubectl top nodes
If nodes are at capacity, scale your cluster:
gcloud container clusters resize exchange-cluster \ --num-nodes 4 \ --zone us-central1-a
Ingress external IP not assigned Wait a few minutes for GCP to provision the load balancer:
kubectl get svc -n ingress-nginx --watch
ArgoCD sync failing Check ArgoCD application status:
kubectl get application -n argocd exchange kubectl logs -n argocd deployment/argocd-application-controller
Need help? Check the troubleshooting guide for more detailed solutions to common issues.
Clean Up To delete the entire infrastructure:
This will permanently delete your cluster and all data. Make sure to back up any important data before proceeding.
# Delete the GKE cluster gcloud container clusters delete exchange-cluster \ --zone us-central1-a \ --quiet
This will remove all resources including persistent volumes and load balancers. 
