diff --git a/hack/make-docker-images.sh b/hack/make-docker-images.sh index 9cff93701a4..873b1fb54e4 100755 --- a/hack/make-docker-images.sh +++ b/hack/make-docker-images.sh @@ -38,9 +38,11 @@ while IFS= read -d $'\0' -r dir; do cd "${builddir}" log "Building: ${image}" docker build -t "${image}" . + docker build -t "${image}-native-grpc-probes" . --target without-grpc-health-probe-bin log "Pushing: ${image}" docker push "${image}" + docker push "${image}-native-grpc-probes" ) done < <(find "${SCRIPTDIR}/../src" -mindepth 1 -maxdepth 1 -type d -print0) diff --git a/kustomize/README.md b/kustomize/README.md index 8c45640e060..00f6cc25e29 100644 --- a/kustomize/README.md +++ b/kustomize/README.md @@ -71,14 +71,19 @@ Here is the list of the variations available as Kustomize components that you co - Changes all Online Boutique-related branding to Google Cloud's fictitious company — Cymbal Shops. The code adds/enables an environment variable `CYMBAL_BRANDING` in the `frontend` service. - [**Integrate with Google Cloud Operations**](components/google-cloud-operations) - Enables Monitoring (Stats), Tracing, Profiler, and Debugger for various services within Online Boutique. The code removes the existing environment variables (`DISABLE_STATS`, `DISABLE_TRACING`, `DISABLE_PROFILER`, `DISABLE_DEBUGGER`) from appropriate YAML config files. -- [**Integrate with Memorystore (redis)**](components/memorystore) - - The default Online Boutique deployment uses the in-cluster `redis` database for storing the contents of its shopping cart. The Memorystore deployment variation overrides the default database with its own Memorystore (redis) database. These changes directly affect `cartservice`. +- [**Integrate with Memorystore (Redis)**](components/memorystore) + - The default Online Boutique deployment uses the in-cluster `redis` database for storing the contents of its shopping cart. The Memorystore deployment variation overrides the default database with its own Memorystore (Redis) database. These changes directly affect `cartservice`. - [**Integrate with Spanner**](components/spanner) - The default Online Boutique deployment uses the in-cluster `redis` database for storing the contents of its shopping cart. The Spanner deployment variation overrides the default database with its own Spanner database. These changes directly affect `cartservice`. - [**Secure with Network Policies**](components/network-policies) - Deploy fine granular `NetworkPolicies` for Online Boutique. - [**Create Kubernetes Service Accounts**](components/service-accounts) - Deploy fine granular `ServiceAccounts` for Online Boutique. +- [**Support the native gRPC probes for Kubernetes 1.24+**](components/native-grpc-health-check) + - Deploy the Online Boutique apps by supporting the native gRPC probes for Kubernetes 1.24+. +- [**Update the registry name of the container images**](components/container-images-registry) +- [**Update the image tag of the container images**](components/container-images-tag) +- [**Add an image tag suffix to the container images**](components/container-images-tag-suffix) ### Select variations diff --git a/kustomize/components/container-images-registry/README.md b/kustomize/components/container-images-registry/README.md new file mode 100644 index 00000000000..0429f1fd6a6 --- /dev/null +++ b/kustomize/components/container-images-registry/README.md @@ -0,0 +1,28 @@ +# Update the container registry of the Online Boutique apps + +By default, Online Boutique's services' container images are pulled from a public container registry (`gcr.io/google-samples/microservices-demo`). One best practice is to have these container images in your own private container registry. The Kustomize variation in this folder can help with using your own private container registry. + +## Change the default container registry via Kustomize + +To automate the deployment of Online Boutique integrated with your own container registry, you can leverage the following variation with [Kustomize](../..). + +From the `kustomize/` folder at the root level of this repository, execute this command: +```bash +REGISTRY=my-registry # Example: gcr.io/my-project/my-directory +sed -i "s|CONTAINER_IMAGES_REGISTRY|${REGISTRY}|g" components/container-images-registry/kustomization.yaml +kustomize edit add component components/container-images-registry +``` +_Note: this Kustomize component will update the container registry in the `image:` field in all `Deployments`._ + +This will update the `kustomize/kustomization.yaml` file which could be similar to: +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- base +components: +- components/container-images-registry +``` + +You can (optionally) locally render these manifests by running `kubectl kustomize .`. +You can deploy them by running `kubectl apply -k .`. diff --git a/kustomize/components/container-images-registry/kustomization.yaml b/kustomize/components/container-images-registry/kustomization.yaml new file mode 100644 index 00000000000..1331d1ca766 --- /dev/null +++ b/kustomize/components/container-images-registry/kustomization.yaml @@ -0,0 +1,39 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +images: +- name: gcr.io/google-samples/microservices-demo/adservice + newName: CONTAINER_IMAGES_REGISTRY/adservice +- name: gcr.io/google-samples/microservices-demo/cartservice + newName: CONTAINER_IMAGES_REGISTRY/cartservice +- name: gcr.io/google-samples/microservices-demo/checkoutservice + newName: CONTAINER_IMAGES_REGISTRY/checkoutservice +- name: gcr.io/google-samples/microservices-demo/currencyservice + newName: CONTAINER_IMAGES_REGISTRY/currencyservice +- name: gcr.io/google-samples/microservices-demo/emailservice + newName: CONTAINER_IMAGES_REGISTRY/emailservice +- name: gcr.io/google-samples/microservices-demo/frontend + newName: CONTAINER_IMAGES_REGISTRY/frontend +- name: gcr.io/google-samples/microservices-demo/loadgenerator + newName: CONTAINER_IMAGES_REGISTRY/loadgenerator +- name: gcr.io/google-samples/microservices-demo/paymentservice + newName: CONTAINER_IMAGES_REGISTRY/paymentservice +- name: gcr.io/google-samples/microservices-demo/productcatalogservice + newName: CONTAINER_IMAGES_REGISTRY/productcatalogservice +- name: gcr.io/google-samples/microservices-demo/recommendationservice + newName: CONTAINER_IMAGES_REGISTRY/recommendationservice +- name: gcr.io/google-samples/microservices-demo/shippingservice + newName: CONTAINER_IMAGES_REGISTRY/shippingservice diff --git a/kustomize/components/container-images-tag-suffix/README.md b/kustomize/components/container-images-tag-suffix/README.md new file mode 100644 index 00000000000..c47976da370 --- /dev/null +++ b/kustomize/components/container-images-tag-suffix/README.md @@ -0,0 +1,47 @@ +# Add a suffix to the image tag of the Online Boutique container images + +You may want to add a suffix to the Online Boutique container image tag to target a specific version. +The Kustomize Component inside this folder can help. + +## Add a suffix to the container image tag via Kustomize + +To automate the deployment of the Online Boutique apps with a suffix added to the container imag tag, you can leverage the following variation with [Kustomize](../..). + +From the `kustomize/` folder at the root level of this repository, execute this command: +```bash +SUFFIX=-my-suffix +sed -i "s/CONTAINER_IMAGES_TAG_SUFFIX/$SUFFIX/g" components/container-images-tag-suffix/kustomization.yaml +kustomize edit add component components/container-images-tag-suffix +``` +_Note: this Kustomize component will add a suffix to the container image tag of the `image:` field in all `Deployments`._ + +This will update the `kustomize/kustomization.yaml` file which could be similar to: +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- base +components: +- components/container-images-tag-suffix +``` + +You can locally render these manifests by running `kubectl kustomize . | sed "s/$SUFFIX$SUFFIX/$SUFFIX/g"` as well as deploying them by running `kubectl kustomize . | sed "s/$SUFFIX$SUFFIX/$SUFFIX/g" | kubectl apply -f`. + +_Note: for this variation, `kubectl apply -k .` alone won't work because there is a [known issue currently in Kustomize](https://github.com/kubernetes-sigs/kustomize/issues/4814) where the `tagSuffix` is duplicated. The `sed "s/$SUFFIX$SUFFIX/$SUFFIX/g"` commands above are a temporary workaround._ + +## Combine with other Kustomize Components +If you're combining this Kustomize Component with other variations, here are some considerations: +- `components/container-images-tag-suffix` should be placed before `components/container-images-registry` +- `components/container-images-tag-suffix` should be placed after `components/container-images-tag` + +So for example here is the order respected: +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- base +components: +- components/container-images-tag +- components/container-images-tag-suffix +- components/container-images-registry +``` diff --git a/kustomize/components/container-images-tag-suffix/kustomization.yaml b/kustomize/components/container-images-tag-suffix/kustomization.yaml new file mode 100644 index 00000000000..eab21e0466f --- /dev/null +++ b/kustomize/components/container-images-tag-suffix/kustomization.yaml @@ -0,0 +1,39 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +images: +- name: gcr.io/google-samples/microservices-demo/adservice + tagSuffix: CONTAINER_IMAGES_TAG_SUFFIX +- name: gcr.io/google-samples/microservices-demo/cartservice + tagSuffix: CONTAINER_IMAGES_TAG_SUFFIX +- name: gcr.io/google-samples/microservices-demo/checkoutservice + tagSuffix: CONTAINER_IMAGES_TAG_SUFFIX +- name: gcr.io/google-samples/microservices-demo/currencyservice + tagSuffix: CONTAINER_IMAGES_TAG_SUFFIX +- name: gcr.io/google-samples/microservices-demo/emailservice + tagSuffix: CONTAINER_IMAGES_TAG_SUFFIX +- name: gcr.io/google-samples/microservices-demo/frontend + tagSuffix: CONTAINER_IMAGES_TAG_SUFFIX +- name: gcr.io/google-samples/microservices-demo/loadgenerator + tagSuffix: CONTAINER_IMAGES_TAG_SUFFIX +- name: gcr.io/google-samples/microservices-demo/paymentservice + tagSuffix: CONTAINER_IMAGES_TAG_SUFFIX +- name: gcr.io/google-samples/microservices-demo/productcatalogservice + tagSuffix: CONTAINER_IMAGES_TAG_SUFFIX +- name: gcr.io/google-samples/microservices-demo/recommendationservice + tagSuffix: CONTAINER_IMAGES_TAG_SUFFIX +- name: gcr.io/google-samples/microservices-demo/shippingservice + tagSuffix: CONTAINER_IMAGES_TAG_SUFFIX \ No newline at end of file diff --git a/kustomize/components/container-images-tag/README.md b/kustomize/components/container-images-tag/README.md new file mode 100644 index 00000000000..8bd606edbad --- /dev/null +++ b/kustomize/components/container-images-tag/README.md @@ -0,0 +1,41 @@ +# Update the container image tag of the Online Boutique apps + +By default, the Online Boutique apps are targeting the latest release version (see the list of versions [here](https://github.com/GoogleCloudPlatform/microservices-demo/releases)). You may need to change this image tag to target a specific version, this Kustomize variation will help you setting this up. + +## Change the default container image tag via Kustomize + +To automate the deployment of the Online Boutique apps with a specific container imag tag, you can leverage the following variation with [Kustomize](../..). + +From the `kustomize/` folder at the root level of this repository, execute this command: +```bash +TAG=v1.0.0 +sed -i "s/CONTAINER_IMAGES_TAG/$TAG/g" components/container-images-tag/kustomization.yaml +kustomize edit add component components/container-images-tag +``` +_Note: this Kustomize component will update the container image tag of the `image:` field in all `Deployments`._ + +This will update the `kustomize/kustomization.yaml` file which could be similar to: +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- base +components: +- components/container-images-tag +``` + +You can locally render these manifests by running `kubectl kustomize .` as well as deploying them by running `kubectl apply -k .`. + +**Important notes:** if combining with the other variations, here are some considerations: +- should be placed before `components/container-images-registry` + +So for example here is the order respected: +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- base +components: +- components/container-images-tag +- components/container-images-registry +``` \ No newline at end of file diff --git a/kustomize/components/container-images-tag/kustomization.yaml b/kustomize/components/container-images-tag/kustomization.yaml new file mode 100644 index 00000000000..23bda660db6 --- /dev/null +++ b/kustomize/components/container-images-tag/kustomization.yaml @@ -0,0 +1,39 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +images: +- name: gcr.io/google-samples/microservices-demo/adservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/cartservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/checkoutservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/currencyservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/emailservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/frontend + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/loadgenerator + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/paymentservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/productcatalogservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/recommendationservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/shippingservice + newTag: CONTAINER_IMAGES_TAG diff --git a/kustomize/components/cymbal-branding/README.md b/kustomize/components/cymbal-branding/README.md index 4fe87756164..23840853453 100644 --- a/kustomize/components/cymbal-branding/README.md +++ b/kustomize/components/cymbal-branding/README.md @@ -5,7 +5,7 @@ But you may want to use Google Cloud's fictitious company, _Cymbal Shops_, inste To use "Cymbal Shops" branding, set the `CYMBAL_BRANDING` environment variable to `"true"` in the the Kubernetes manifest (`.yaml`) for the `frontend` Deployment. -``` +```yaml apiVersion: apps/v1 kind: Deployment metadata: @@ -29,12 +29,12 @@ spec: To automate the deployment of Online Boutique with the Cymbal Shops branding you can leverage the following variation with [Kustomize](../..). From the `kustomize/` folder at the root level of this repository, execute this command: -``` -kustomize edit add components/cymbal-branding +```bash +kustomize edit add component components/cymbal-branding ``` This will update the `kustomize/kustomization.yaml` file which could be similar to: -``` +```yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: diff --git a/kustomize/components/google-cloud-operations/README.md b/kustomize/components/google-cloud-operations/README.md index 4f489592013..1decc84ca42 100644 --- a/kustomize/components/google-cloud-operations/README.md +++ b/kustomize/components/google-cloud-operations/README.md @@ -4,7 +4,7 @@ By default, [Google Cloud Operations](https://cloud.google.com/products/operatio You can see the instrumentation status in your deployment by opening one of the `Deployment` YAML files and seeing: -```YAML +```yaml - name: DISABLE_STATS value: "1" - name: DISABLE_TRACING @@ -31,7 +31,7 @@ value: "0" You will also need to make sure that you have the associated Google APIs enabled in your Google Cloud project: -``` +```bash gcloud services enable \ monitoring.googleapis.com \ cloudtrace.googleapis.com \ @@ -67,12 +67,12 @@ gcloud projects add-iam-policy-binding ${PROJECT_ID} \ To automate the deployment of Online Boutique integrated with Google Cloud Operations you can leverage the following variation with [Kustomize](../..). From the `kustomize/` folder at the root level of this repository, execute this command: -``` -kustomize edit add components/google-cloud-operations +```bash +kustomize edit add component components/google-cloud-operations ``` This will update the `kustomize/kustomization.yaml` file which could be similar to: -``` +```yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: diff --git a/kustomize/components/memorystore/README.md b/kustomize/components/memorystore/README.md index 9628006618b..84dd5ff0615 100644 --- a/kustomize/components/memorystore/README.md +++ b/kustomize/components/memorystore/README.md @@ -31,8 +31,8 @@ _Note: You can also find in this repository the Terraform script to provision th To automate the deployment of Online Boutique integrated with Memorystore (Redis) you can leverage the following variation with [Kustomize](../..). From the `kustomize/` folder at the root level of this repository, execute this command: -```bash -kustomize edit add components/memorystore +``` +kustomize edit add component components/memorystore ``` _Note: this Kustomize component will also remove the `redis-cart` `Deployment` and `Service` not used anymore._ @@ -50,7 +50,7 @@ Update current Kustomize manifest to target this Memorystore (Redis) instance. ```bash REDIS_IP=$(gcloud redis instances describe redis-cart --region=${REGION} --format='get(host)') REDIS_PORT=$(gcloud redis instances describe redis-cart --region=${REGION} --format='get(port)') -sed -i "s/{{REDIS_ADDR}}/${REDIS_IP}:${REDIS_PORT}/g" components/memorystore/kustomization.yaml +sed -i "s/\"REDIS_ADDR\"/${REDIS_IP}:${REDIS_PORT}/g" components/memorystore/kustomization.yaml ``` You can locally render these manifests by running `kubectl kustomize .` as well as deploying them by running `kubectl apply -k .`. diff --git a/kustomize/components/memorystore/kustomization.yaml b/kustomize/components/memorystore/kustomization.yaml index 7c85aeec3aa..79331747bd1 100644 --- a/kustomize/components/memorystore/kustomization.yaml +++ b/kustomize/components/memorystore/kustomization.yaml @@ -28,7 +28,7 @@ patchesStrategicMerge: - name: server env: - name: REDIS_ADDR - value: "{{REDIS_ADDR}}" + value: "REDIS_ADDR" # redis - remove the redis-cart Deployment - |- apiVersion: apps/v1 diff --git a/kustomize/components/native-grpc-health-check/README.md b/kustomize/components/native-grpc-health-check/README.md new file mode 100644 index 00000000000..64ab9a58d6c --- /dev/null +++ b/kustomize/components/native-grpc-health-check/README.md @@ -0,0 +1,37 @@ +# Integrate Online Boutique with native gRPC probes + +The current container images of the Online Boutique apps contains the [grpc-health-probe](https://github.com/grpc-ecosystem/grpc-health-probe) binary in order to have their `liveness` and `readiness` probes working on Kubernetes. But, since [Kubernetes 1.24, gRPC container probes feature is in beta](https://kubernetes.io/blog/2022/05/13/grpc-probes-now-in-beta/), and this binary could be removed from the container images and the associated `Deployment` manifests can directly use the new gRPC probes (`liveness` and `readiness`). + +## Deploy Online Boutique integrated with native gRPC probes + +To automate the deployment of Online Boutique integrated with native gRPC probes you can leverage the following variation with [Kustomize](../..). + +From the `kustomize/` folder at the root level of this repository, execute this command: +```bash +SUFFIX=-native-grpc-probes +sed -i "s/CONTAINER_IMAGES_TAG_SUFFIX/$SUFFIX/g" components/container-images-tag-suffix/kustomization.yaml +kustomize edit add component components/container-images-tag-suffix +kustomize edit add component components/native-grpc-health-check +``` +_Note: we are applying the `-native-grpc-probes` tag suffix to all the container images, it's a prebuilt image without the [grpc-health-probe](https://github.com/grpc-ecosystem/grpc-health-probe) binary since the version 0.4.0 of Online Boutique._ + +This will update the `kustomize/kustomization.yaml` file which could be similar to: +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- base +components: +- components/container-images-tag-suffix +- components/native-grpc-health-check +``` + +You can (optionally) locally render these manifests by running `kubectl kustomize . | sed "s/$SUFFIX$SUFFIX/$SUFFIX/g"`. +You can deploy them by running `kubectl kustomize . | sed "s/$SUFFIX$SUFFIX/$SUFFIX/g" | kubectl apply -f`. + +_Note: for this variation, `kubectl apply -k .` alone won't work because there is a [known issue currently in Kustomize](https://github.com/kubernetes-sigs/kustomize/issues/4814) where the `tagSuffix` is duplicated. The `sed "s/$SUFFIX$SUFFIX/$SUFFIX/g"` commands above are a temporary workaround._ + +## Resources + +- [Kubernetes 1.24: gRPC container probes in beta](https://kubernetes.io/blog/2022/05/13/grpc-probes-now-in-beta/) +- [Define a gRPC liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-grpc-liveness-probe) diff --git a/kustomize/components/native-grpc-health-check/kustomization.yaml b/kustomize/components/native-grpc-health-check/kustomization.yaml new file mode 100644 index 00000000000..acb83e195f0 --- /dev/null +++ b/kustomize/components/native-grpc-health-check/kustomization.yaml @@ -0,0 +1,206 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +patchesStrategicMerge: +# adservice - remove the exec and add the grpc for liveness and readiness probes +- |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: adservice + spec: + template: + spec: + containers: + - name: server + readinessProbe: + exec: + $patch: delete + grpc: + port: 9555 + livenessProbe: + exec: + $patch: delete + grpc: + port: 9555 +# cartservice - remove the exec and add the grpc for liveness and readiness probes +- |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: cartservice + spec: + template: + spec: + containers: + - name: server + readinessProbe: + exec: + $patch: delete + grpc: + port: 7070 + livenessProbe: + exec: + $patch: delete + grpc: + port: 7070 +# checkoutservice - remove the exec and add the grpc for liveness and readiness probes +- |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: checkoutservice + spec: + template: + spec: + containers: + - name: server + readinessProbe: + exec: + $patch: delete + grpc: + port: 5050 + livenessProbe: + exec: + $patch: delete + grpc: + port: 5050 +# currencyservice - remove the exec and add the grpc for liveness and readiness probes +- |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: currencyservice + spec: + template: + spec: + containers: + - name: server + readinessProbe: + exec: + $patch: delete + grpc: + port: 7000 + livenessProbe: + exec: + $patch: delete + grpc: + port: 7000 +# emailservice - remove the exec and add the grpc for liveness and readiness probes +- |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: emailservice + spec: + template: + spec: + containers: + - name: server + readinessProbe: + exec: + $patch: delete + grpc: + port: 8080 + livenessProbe: + exec: + $patch: delete + grpc: + port: 8080 +# paymentservice - remove the exec and add the grpc for liveness and readiness probes +- |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: paymentservice + spec: + template: + spec: + containers: + - name: server + readinessProbe: + exec: + $patch: delete + grpc: + port: 50051 + livenessProbe: + exec: + $patch: delete + grpc: + port: 50051 +# productcatalogservice - remove the exec and add the grpc for liveness and readiness probes +- |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: productcatalogservice + spec: + template: + spec: + containers: + - name: server + readinessProbe: + exec: + $patch: delete + grpc: + port: 3550 + livenessProbe: + exec: + $patch: delete + grpc: + port: 3550 +# recommendationservice - remove the exec and add the grpc for liveness and readiness probes +- |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: recommendationservice + spec: + template: + spec: + containers: + - name: server + readinessProbe: + exec: + $patch: delete + grpc: + port: 8080 + livenessProbe: + exec: + $patch: delete + grpc: + port: 8080 +# shippingservice - remove the exec and add the grpc for liveness and readiness probes +- |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: shippingservice + spec: + template: + spec: + containers: + - name: server + readinessProbe: + exec: + $patch: delete + grpc: + port: 50051 + livenessProbe: + exec: + $patch: delete + grpc: + port: 50051 \ No newline at end of file diff --git a/kustomize/components/network-policies/README.md b/kustomize/components/network-policies/README.md index 2d4de950d4f..b9410443a78 100644 --- a/kustomize/components/network-policies/README.md +++ b/kustomize/components/network-policies/README.md @@ -9,12 +9,12 @@ To use `NetworkPolicies` in Google Kubernetes Engine (GKE), you will need a GKE To automate the deployment of Online Boutique integrated with fine granular `NetworkPolicies` (one per `Deployment`), you can leverage the following variation with [Kustomize](../..). From the `kustomize/` folder at the root level of this repository, execute this command: -``` -kustomize edit add components/network-policies +```bash +kustomize edit add component components/network-policies ``` This will update the `kustomize/kustomization.yaml` file which could be similar to: -``` +```yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: @@ -31,7 +31,7 @@ kubectl get networkpolicy ``` The output could be similar to: -``` +```output NAME POD-SELECTOR AGE adservice app=adservice 2m58s cartservice app=cartservice 2m58s diff --git a/kustomize/components/service-accounts/README.md b/kustomize/components/service-accounts/README.md index 8ea45bcd8eb..fcea7accc8a 100644 --- a/kustomize/components/service-accounts/README.md +++ b/kustomize/components/service-accounts/README.md @@ -7,13 +7,13 @@ Creating a `ServiceAccount` per `Deployment` could be helpful if you need to def To automate the deployment of Online Boutique integrated with fine granular `ServiceAccounts` (one per `Deployment`), you can leverage the following variation with [Kustomize](../..). From the `kustomize/` folder at the root level of this repository, execute this command: -``` -kustomize edit add components/service-accounts +```bash +kustomize edit add component components/service-accounts ``` _Note: this Kustomize component will also update the `serviceAccountName` field in all `Deployments`._ This will update the `kustomize/kustomization.yaml` file which could be similar to: -``` +```yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: @@ -30,7 +30,7 @@ kubectl get serviceaccount ``` The output could be similar to: -``` +```output NAME SECRETS AGE default 1 2m58s adservice 1 2m58s diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml index 3d7d1f4aa47..5eb2e6468ee 100644 --- a/kustomize/kustomization.yaml +++ b/kustomize/kustomization.yaml @@ -23,3 +23,7 @@ components: # - components/network-policies # - components/service-accounts # - components/spanner +# - components/container-images-tag +# - components/container-images-tag-suffix +# - components/container-images-registry +# - components/native-grpc-health-check diff --git a/src/adservice/Dockerfile b/src/adservice/Dockerfile index 4336afe54e6..9b7f78272cd 100644 --- a/src/adservice/Dockerfile +++ b/src/adservice/Dockerfile @@ -25,7 +25,7 @@ COPY . . RUN chmod +x gradlew RUN ./gradlew installDist -FROM eclipse-temurin:18-jre-alpine +FROM eclipse-temurin:18-jre-alpine as without-grpc-health-probe-bin RUN apk add --no-cache ca-certificates @@ -35,12 +35,14 @@ RUN mkdir -p /opt/cprof && \ | tar xzv -C /opt/cprof && \ rm -rf profiler_java_agent.tar.gz -RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ - wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ - chmod +x /bin/grpc_health_probe - WORKDIR /app COPY --from=builder /app . EXPOSE 9555 ENTRYPOINT ["/app/build/install/hipstershop/bin/AdService"] + +FROM without-grpc-health-probe-bin + +RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ + wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ + chmod +x /bin/grpc_health_probe \ No newline at end of file diff --git a/src/cartservice/src/Dockerfile b/src/cartservice/src/Dockerfile index c8d317ff5c5..6a0cae7718e 100644 --- a/src/cartservice/src/Dockerfile +++ b/src/cartservice/src/Dockerfile @@ -21,10 +21,8 @@ COPY . . RUN dotnet publish cartservice.csproj -p:PublishSingleFile=true -r linux-musl-x64 --self-contained true -p:PublishTrimmed=True -p:TrimMode=Link -c release -o /cartservice --no-restore # https://mcr.microsoft.com/v2/dotnet/runtime-deps/tags/list -FROM mcr.microsoft.com/dotnet/runtime-deps:7.0.0-rc.2-alpine3.16-amd64 -RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ - wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ - chmod +x /bin/grpc_health_probe +FROM mcr.microsoft.com/dotnet/runtime-deps:7.0.0-rc.1-alpine3.16-amd64 as without-grpc-health-probe-bin + WORKDIR /app COPY --from=builder /cartservice . EXPOSE 7070 @@ -32,3 +30,10 @@ ENV DOTNET_EnableDiagnostics=0 \ ASPNETCORE_URLS=http://*:7070 USER 1000 ENTRYPOINT ["/app/cartservice"] + +FROM without-grpc-health-probe-bin +USER root +RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ + wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ + chmod +x /bin/grpc_health_probe +USER 1000 \ No newline at end of file diff --git a/src/checkoutservice/Dockerfile b/src/checkoutservice/Dockerfile index 190e2054cf5..3342c1695ac 100644 --- a/src/checkoutservice/Dockerfile +++ b/src/checkoutservice/Dockerfile @@ -27,11 +27,9 @@ COPY . . ARG SKAFFOLD_GO_GCFLAGS RUN go build -gcflags="${SKAFFOLD_GO_GCFLAGS}" -o /checkoutservice . -FROM alpine:3.16.2 as release +FROM alpine:3.16.2 as without-grpc-health-probe-bin RUN apk add --no-cache ca-certificates -RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ - wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ - chmod +x /bin/grpc_health_probe + WORKDIR /src COPY --from=builder /checkoutservice /src/checkoutservice @@ -42,3 +40,8 @@ ENV GOTRACEBACK=single EXPOSE 5050 ENTRYPOINT ["/src/checkoutservice"] + +FROM without-grpc-health-probe-bin +RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ + wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ + chmod +x /bin/grpc_health_probe \ No newline at end of file diff --git a/src/currencyservice/Dockerfile b/src/currencyservice/Dockerfile index 5aeaec437ac..071ff852d8f 100644 --- a/src/currencyservice/Dockerfile +++ b/src/currencyservice/Dockerfile @@ -29,11 +29,7 @@ COPY package*.json ./ RUN npm install --only=production -FROM base - -RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ - wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ - chmod +x /bin/grpc_health_probe +FROM base as without-grpc-health-probe-bin WORKDIR /usr/src/app @@ -44,3 +40,9 @@ COPY . . EXPOSE 7000 ENTRYPOINT [ "node", "server.js" ] + +FROM without-grpc-health-probe-bin + +RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ + wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ + chmod +x /bin/grpc_health_probe \ No newline at end of file diff --git a/src/emailservice/Dockerfile b/src/emailservice/Dockerfile index 56d6f38de17..a59de6ac3d4 100644 --- a/src/emailservice/Dockerfile +++ b/src/emailservice/Dockerfile @@ -30,7 +30,7 @@ RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ COPY requirements.txt . RUN pip install -r requirements.txt -FROM base as final +FROM base as without-grpc-health-probe-bin # Enable unbuffered logging ENV PYTHONUNBUFFERED=1 # Enable Profiler @@ -40,10 +40,13 @@ WORKDIR /email_server # Grab packages from builder COPY --from=builder /usr/local/lib/python3.9/ /usr/local/lib/python3.9/ -COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe # Add the application COPY . . EXPOSE 8080 ENTRYPOINT [ "python", "email_server.py" ] + +FROM without-grpc-health-probe-bin + +COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe \ No newline at end of file diff --git a/src/paymentservice/Dockerfile b/src/paymentservice/Dockerfile index 8bdf2b9a3a1..9471faee541 100644 --- a/src/paymentservice/Dockerfile +++ b/src/paymentservice/Dockerfile @@ -29,11 +29,7 @@ COPY package*.json ./ RUN npm install --only=production -FROM base - -RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ - wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ - chmod +x /bin/grpc_health_probe +FROM base as without-grpc-health-probe-bin WORKDIR /usr/src/app @@ -44,3 +40,9 @@ COPY . . EXPOSE 50051 ENTRYPOINT [ "node", "index.js" ] + +FROM without-grpc-health-probe-bin + +RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ + wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ + chmod +x /bin/grpc_health_probe \ No newline at end of file diff --git a/src/productcatalogservice/Dockerfile b/src/productcatalogservice/Dockerfile index 424990e1c27..81abde930d6 100644 --- a/src/productcatalogservice/Dockerfile +++ b/src/productcatalogservice/Dockerfile @@ -26,11 +26,9 @@ COPY . . ARG SKAFFOLD_GO_GCFLAGS RUN go build -gcflags="${SKAFFOLD_GO_GCFLAGS}" -o /productcatalogservice . -FROM alpine:3.16.2 AS release +FROM alpine:3.16.2 AS without-grpc-health-probe-bin RUN apk add --no-cache ca-certificates -RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ - wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ - chmod +x /bin/grpc_health_probe + WORKDIR /src COPY --from=builder /productcatalogservice ./server COPY products.json . @@ -43,3 +41,7 @@ ENV GOTRACEBACK=single EXPOSE 3550 ENTRYPOINT ["/src/server"] +FROM without-grpc-health-probe-bin +RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ + wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ + chmod +x /bin/grpc_health_probe \ No newline at end of file diff --git a/src/recommendationservice/Dockerfile b/src/recommendationservice/Dockerfile index c1d6468f13b..7941193647f 100644 --- a/src/recommendationservice/Dockerfile +++ b/src/recommendationservice/Dockerfile @@ -30,7 +30,7 @@ RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ COPY requirements.txt . RUN pip install -r requirements.txt -FROM base as final +FROM base as without-grpc-health-probe-bin # Enable unbuffered logging ENV PYTHONUNBUFFERED=1 @@ -39,7 +39,6 @@ WORKDIR /recommendationservice # Grab packages from builder COPY --from=builder /usr/local/lib/python3.9/ /usr/local/lib/python3.9/ -COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe # Add the application COPY . . @@ -49,3 +48,6 @@ ENV PORT "8080" EXPOSE 8080 ENTRYPOINT ["python", "recommendation_server.py"] + +FROM without-grpc-health-probe-bin +COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe \ No newline at end of file diff --git a/src/shippingservice/Dockerfile b/src/shippingservice/Dockerfile index c8e553c2b01..fd8caca19ab 100644 --- a/src/shippingservice/Dockerfile +++ b/src/shippingservice/Dockerfile @@ -26,11 +26,9 @@ COPY . . ARG SKAFFOLD_GO_GCFLAGS RUN go build -gcflags="${SKAFFOLD_GO_GCFLAGS}" -o /go/bin/shippingservice . -FROM alpine:3.16.2 as release +FROM alpine:3.16.2 as without-grpc-health-probe-bin RUN apk add --no-cache ca-certificates -RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ - wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ - chmod +x /bin/grpc_health_probe + WORKDIR /src COPY --from=builder /go/bin/shippingservice /src/shippingservice ENV APP_PORT=50051 @@ -42,3 +40,8 @@ ENV GOTRACEBACK=single EXPOSE 50051 ENTRYPOINT ["/src/shippingservice"] + +FROM without-grpc-health-probe-bin +RUN GRPC_HEALTH_PROBE_VERSION=v0.4.14 && \ + wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \ + chmod +x /bin/grpc_health_probe \ No newline at end of file diff --git a/terraform/memorystore.tf b/terraform/memorystore.tf index 4009c2355f1..c15e24afa42 100644 --- a/terraform/memorystore.tf +++ b/terraform/memorystore.tf @@ -34,7 +34,7 @@ resource "google_redis_instance" "redis-cart" { resource "null_resource" "kustomization-update" { provisioner "local-exec" { interpreter = ["bash", "-exc"] - command = "sed -i \"s/{{REDIS_ADDR}}/${google_redis_instance.redis-cart[0].host}:${google_redis_instance.redis-cart[0].port}/g\" ../kustomize/components/memorystore/kustomization.yaml" + command = "sed -i \"s/\"REDIS_ADDR\"/${google_redis_instance.redis-cart[0].host}:${google_redis_instance.redis-cart[0].port}/g\" ../kustomize/components/memorystore/kustomization.yaml" } # count specifies the number of instances to create;