sqerison/analysis-template.yaml

## analysis-template.yaml
apiVersion: argoproj.io/v1alpha1
kind: AnalysisTemplate
metadata:
  name: success-rate
spec:
  args:
  - name: service-name
  metrics:
  - name: success-rate
    interval: 5m
    # NOTE: prometheus queries return results in the form of a vector.
    # So it is common to access the index 0 of the returned array to obtain the value
    successCondition: result[0] >= 0.95
    failureLimit: 3
    provider:
      prometheus:
        address: http://prometheus.example.com:9090
        query: |
          sum(irate(
            istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code!~"5.*"}[5m]
          )) /
          sum(irate(
            istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}"}[5m]
          ))

## canary-rollout-deployment-ref.yaml
apiVersion: argoproj.io/v1alpha1               # Create a rollout resource
kind: Rollout
metadata:
  name: rollout-ref-deployment
spec:
  replicas: 5
  workloadRef:                                 # Reference an existing Deployment using workloadRef field
    apiVersion: apps/v1
    kind: Deployment
    name: rollout-ref-deployment
  strategy:
# --- Everything above this comment are the same as a deployment ---
    canary: # A new field for configurable Canary options
      steps:
      - setWeight: 10
      analysis:
        templates:
        - templateName: success-rate
      - setWeight: 50
        - pause: {duration: 10m}

## canary-rollout.yaml
apiVersion: argoproj.io/v1alpha1 # Changed from apps/v1
kind: Rollout # Changed from Deployment
metadata:
  name: rollout
spec:
  replicas: 10
  selector:
    matchLabels:
     app: nginx
  template:  # --- Everything inside template section is the same as a deployment
    # --- Deployment specs
  minReadySeconds: 30
  revisionHistoryLimit: 3
  strategy:
# --- Everything above this comment are the same as a deployment ---
    canary: # A new field for configurable Canary options
      steps:
      - setWeight: 10
      analysis:
        templates:
        - templateName: success-rate
      - setWeight: 50
        - pause: {duration: 10m}


## network-policy-deny-all-ns.yaml
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  namespace: default
  name: deny-from-other-namespaces
spec:
  podSelector:
    matchLabels:
  ingress:
  - from:
    - podSelector: {}

## np-api-allow-5000.yaml
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: api-allow-5000
spec:
  podSelector:
    matchLabels:
      app: apiserver
  ingress:
  - ports:
    - port: 5000
    from:
    - podSelector:
        matchLabels:
          role: monitoring

## np-web-allow-prod.yaml
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: web-allow-prod
spec:
  podSelector:
    matchLabels:
      app: web
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          purpose: production
	apiVersion: argoproj.io/v1alpha1
	kind: AnalysisTemplate
	metadata:
	name: success-rate
	spec:
	args:
	- name: service-name
	metrics:
	- name: success-rate
	interval: 5m
	# NOTE: prometheus queries return results in the form of a vector.
	# So it is common to access the index 0 of the returned array to obtain the value
	successCondition: result[0] >= 0.95
	failureLimit: 3
	provider:
	prometheus:
	address: http://prometheus.example.com:9090
	query: \|
	sum(irate(
	istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code!~"5.*"}[5m]
	)) /
	sum(irate(
	istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}"}[5m]
	))
	apiVersion: argoproj.io/v1alpha1 # Create a rollout resource
	kind: Rollout
	metadata:
	name: rollout-ref-deployment
	spec:
	replicas: 5
	workloadRef: # Reference an existing Deployment using workloadRef field
	apiVersion: apps/v1
	kind: Deployment
	name: rollout-ref-deployment
	strategy:
	# --- Everything above this comment are the same as a deployment ---
	canary: # A new field for configurable Canary options
	steps:
	- setWeight: 10
	analysis:
	templates:
	- templateName: success-rate
	- setWeight: 50
	- pause: {duration: 10m}
	apiVersion: argoproj.io/v1alpha1 # Changed from apps/v1
	kind: Rollout # Changed from Deployment
	metadata:
	name: rollout
	spec:
	replicas: 10
	selector:
	matchLabels:
	app: nginx
	template: # --- Everything inside template section is the same as a deployment
	# --- Deployment specs
	minReadySeconds: 30
	revisionHistoryLimit: 3
	strategy:
	# --- Everything above this comment are the same as a deployment ---
	canary: # A new field for configurable Canary options
	steps:
	- setWeight: 10
	analysis:
	templates:
	- templateName: success-rate
	- setWeight: 50
	- pause: {duration: 10m}
	kind: NetworkPolicy
	apiVersion: networking.k8s.io/v1
	metadata:
	namespace: default
	name: deny-from-other-namespaces
	spec:
	podSelector:
	matchLabels:
	ingress:
	- from:
	- podSelector: {}