Created
June 3, 2023 01:48
-
-
Save autotune/76ff96d01879c8a3f8aa9629035ada7a to your computer and use it in GitHub Desktop.
hipster shop
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# we take the frontend hipster shop at https://github.com/GoogleCloudPlatform/microservices-demo/blob/main/helm-chart/templates/frontend.yaml | |
# and demonstrate how to deploy it through helm in Argo Rollouts | |
helm install sockshop ./ -nsockshop --set images.tag=v0.6.0 | |
helm upgrade sockshop ./ -nsockshop --set images.tag=v0.7.0 | |
kubectl argo rollouts get rollout frontend -nsockshop --watch | |
# confirm current version of site running in external elb | |
kubectl describe po $(curl -s $(kubectl get svc -nsockshop|grep external|awk '{print $4}')|grep Pod|awk '{print $2}'|tr '\>' ' '|awk '{print $2}') -nsockshop|grep image | |
# confirm current version of site running in preview elb | |
kubectl describe po $(curl -s $(kubectl get svc -nsockshop|grep preview|awk '{print $4}')|grep Pod|awk '{print $2}'|tr '\>' ' '|awk '{print $2}') -nsockshop|grep image | |
# promote frontend to external load balancer | |
kubectl argo rollouts promote frontend -nsockshop | |
# verify promotion is successful | |
kubectl describe po $(curl -s $(kubectl get svc -nsockshop|grep external|awk '{print $4}')|grep Pod|awk '{print $2}'|tr '\>' ' '|awk '{print $2}') -nsockshop|grep image |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{{- if .Values.frontend.create }} | |
{{- if .Values.serviceAccounts.create }} | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: {{ .Values.frontend.name }} | |
namespace: {{.Release.Namespace}} | |
{{- if not .Values.serviceAccounts.annotationsOnlyForCartservice }} | |
{{- with .Values.serviceAccounts.annotations }} | |
annotations: | |
{{- toYaml . | nindent 4 }} | |
{{- end }} | |
{{- end }} | |
--- | |
{{- end }} | |
apiVersion: argoproj.io/v1alpha1 | |
kind: Rollout | |
metadata: | |
name: {{ .Values.frontend.name }} | |
namespace: {{ .Release.Namespace }} | |
spec: | |
strategy: | |
blueGreen: | |
activeService: {{ .Values.frontend.name }} | |
previewService: {{ .Values.frontend.name }}-preview | |
autoPromotionEnabled: false | |
selector: | |
matchLabels: | |
app: {{ .Values.frontend.name }} | |
template: | |
metadata: | |
labels: | |
app: {{ .Values.frontend.name }} | |
annotations: | |
sidecar.istio.io/rewriteAppHTTPProbers: "true" | |
spec: | |
{{- if .Values.serviceAccounts.create }} | |
serviceAccountName: {{ .Values.frontend.name }} | |
{{- else }} | |
serviceAccountName: default | |
{{- end }} | |
securityContext: | |
fsGroup: 1000 | |
runAsGroup: 1000 | |
runAsNonRoot: true | |
runAsUser: 1000 | |
{{- if .Values.seccompProfile.enable }} | |
seccompProfile: | |
type: {{ .Values.seccompProfile.type }} | |
{{- end }} | |
containers: | |
- name: server | |
securityContext: | |
allowPrivilegeEscalation: false | |
capabilities: | |
drop: | |
- ALL | |
privileged: false | |
readOnlyRootFilesystem: true | |
image: {{ .Values.images.repository }}/{{ .Values.frontend.name }}:{{ .Values.images.tag | default .Chart.AppVersion }} | |
ports: | |
- containerPort: 8080 | |
readinessProbe: | |
initialDelaySeconds: 10 | |
httpGet: | |
path: "/_healthz" | |
port: 8080 | |
httpHeaders: | |
- name: "Cookie" | |
value: "shop_session-id=x-readiness-probe" | |
livenessProbe: | |
initialDelaySeconds: 10 | |
httpGet: | |
path: "/_healthz" | |
port: 8080 | |
httpHeaders: | |
- name: "Cookie" | |
value: "shop_session-id=x-liveness-probe" | |
env: | |
- name: PORT | |
value: "8080" | |
- name: PRODUCT_CATALOG_SERVICE_ADDR | |
value: "{{ .Values.productCatalogService.name }}:3550" | |
- name: CURRENCY_SERVICE_ADDR | |
value: "{{ .Values.currencyService.name }}:7000" | |
- name: CART_SERVICE_ADDR | |
value: "{{ .Values.cartService.name }}:7070" | |
- name: RECOMMENDATION_SERVICE_ADDR | |
value: "{{ .Values.recommendationService.name }}:8080" | |
- name: SHIPPING_SERVICE_ADDR | |
value: "{{ .Values.shippingService.name }}:50051" | |
- name: CHECKOUT_SERVICE_ADDR | |
value: "{{ .Values.checkoutService.name }}:5050" | |
- name: AD_SERVICE_ADDR | |
value: "{{ .Values.adService.name }}:9555" | |
- name: ENV_PLATFORM | |
value: {{ .Values.frontend.platform | quote }} | |
{{- if .Values.opentelemetryCollector.create }} | |
- name: COLLECTOR_SERVICE_ADDR | |
value: "{{ .Values.opentelemetryCollector.name }}:4317" | |
{{- end }} | |
{{- if .Values.googleCloudOperations.tracing }} | |
- name: ENABLE_TRACING | |
value: "1" | |
{{- end }} | |
{{- if .Values.googleCloudOperations.profiler }} | |
- name: ENABLE_PROFILER | |
value: "1" | |
{{- end }} | |
- name: CYMBAL_BRANDING | |
value: {{ .Values.frontend.cymbalBranding | quote }} | |
- name: ENABLE_SINGLE_SHARED_SESSION | |
value: {{ .Values.frontend.singleSharedSession | quote }} | |
resources: | |
{{- toYaml .Values.frontend.resources | nindent 12 }} | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: {{ .Values.frontend.name }} | |
namespace: {{ .Release.Namespace }} | |
spec: | |
type: ClusterIP | |
selector: | |
app: {{ .Values.frontend.name }} | |
ports: | |
- name: http | |
port: 80 | |
targetPort: 8080 | |
{{- if .Values.frontend.externalService }} | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: {{ .Values.frontend.name }}-external | |
namespace: {{ .Release.Namespace }} | |
spec: | |
type: LoadBalancer | |
selector: | |
app: {{ .Values.frontend.name }} | |
ports: | |
- name: http | |
port: 80 | |
targetPort: 8080 | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: {{ .Values.frontend.name }}-preview | |
namespace: {{ .Release.Namespace }} | |
spec: | |
type: LoadBalancer | |
selector: | |
app: {{ .Values.frontend.name }} | |
ports: | |
- name: http | |
port: 80 | |
targetPort: 8080 | |
{{- end }} | |
{{- if .Values.networkPolicies.create }} | |
--- | |
apiVersion: networking.k8s.io/v1 | |
kind: NetworkPolicy | |
metadata: | |
name: {{ .Values.frontend.name }} | |
namespace: {{ .Release.Namespace }} | |
spec: | |
podSelector: | |
matchLabels: | |
app: {{ .Values.frontend.name }} | |
policyTypes: | |
- Ingress | |
- Egress | |
ingress: | |
{{- if .Values.frontend.externalService }} | |
- {} | |
{{- else }} | |
- from: | |
- podSelector: | |
matchLabels: | |
app: {{ .Values.loadGenerator.name }} | |
{{- if .Values.frontend.virtualService.create }} | |
- namespaceSelector: | |
matchLabels: | |
kubernetes.io/metadata.name: {{ .Values.frontend.virtualService.gateway.namespace }} | |
podSelector: | |
matchLabels: | |
{{ .Values.frontend.virtualService.gateway.labelKey }}: {{ .Values.frontend.virtualService.gateway.labelValue }} | |
{{- end }} | |
ports: | |
- port: 8080 | |
protocol: TCP | |
{{- end }} | |
egress: | |
- {} | |
{{- end }} | |
{{- if .Values.sidecars.create }} | |
--- | |
apiVersion: networking.istio.io/v1beta1 | |
kind: Sidecar | |
metadata: | |
name: {{ .Values.frontend.name }} | |
namespace: {{ .Release.Namespace }} | |
spec: | |
workloadSelector: | |
labels: | |
app: {{ .Values.frontend.name }} | |
egress: | |
- hosts: | |
- istio-system/* | |
- ./{{ .Values.adService.name }}.{{ .Release.Namespace }}.svc.cluster.local | |
- ./{{ .Values.cartService.name }}.{{ .Release.Namespace }}.svc.cluster.local | |
- ./{{ .Values.checkoutService.name }}.{{ .Release.Namespace }}.svc.cluster.local | |
- ./{{ .Values.currencyService.name }}.{{ .Release.Namespace }}.svc.cluster.local | |
- ./{{ .Values.productCatalogService.name }}.{{ .Release.Namespace }}.svc.cluster.local | |
- ./{{ .Values.recommendationService.name }}.{{ .Release.Namespace }}.svc.cluster.local | |
- ./{{ .Values.shippingService.name }}.{{ .Release.Namespace }}.svc.cluster.local | |
{{- if .Values.opentelemetryCollector.create }} | |
- ./{{ .Values.opentelemetryCollector.name }}.{{ .Release.Namespace }}.svc.cluster.local | |
{{- end }} | |
{{- end }} | |
{{- if .Values.authorizationPolicies.create }} | |
--- | |
apiVersion: security.istio.io/v1beta1 | |
kind: AuthorizationPolicy | |
metadata: | |
name: {{ .Values.frontend.name }} | |
namespace: {{ .Release.Namespace }} | |
spec: | |
selector: | |
matchLabels: | |
app: {{ .Values.frontend.name }} | |
rules: | |
{{- if .Values.frontend.externalService }} | |
- to: | |
{{- else }} | |
- from: | |
- source: | |
principals: | |
{{- if .Values.serviceAccounts.create }} | |
- cluster.local/ns/{{ .Release.Namespace }}/sa/{{ .Values.loadGenerator.name }} | |
{{- else }} | |
- cluster.local/ns/{{ .Release.Namespace }}/sa/default | |
{{- end }} | |
{{- if .Values.frontend.virtualService.create }} | |
- cluster.local/ns/{{ .Values.frontend.virtualService.gateway.namespace }}/sa/{{ .Values.frontend.virtualService.gateway.name }} | |
{{- end }} | |
to: | |
{{- end }} | |
- operation: | |
methods: | |
- GET | |
- POST | |
ports: | |
- "8080" | |
{{- end }} | |
{{- if .Values.frontend.virtualService.create }} | |
--- | |
apiVersion: networking.istio.io/v1alpha3 | |
kind: VirtualService | |
metadata: | |
name: {{ .Values.frontend.name }} | |
namespace: {{ .Release.Namespace }} | |
spec: | |
{{- with .Values.frontend.virtualService.hosts }} | |
hosts: | |
{{- toYaml . | nindent 2 }} | |
{{- end }} | |
gateways: | |
- {{ .Values.frontend.virtualService.gateway.namespace }}/{{ .Values.frontend.virtualService.gateway.name }} | |
http: | |
- route: | |
- destination: | |
host: {{ .Values.frontend.name }} | |
port: | |
number: 80 | |
{{- end }} | |
{{- end }} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment