diff --git a/AKS/helm/Chart.yaml b/AKS/helm/Chart.yaml new file mode 100644 index 000000000..e4af2d276 --- /dev/null +++ b/AKS/helm/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +name: robot-shop +version: 1.1.0 +home: https://github.com/instana/robot-shop +description: Sample micoservices application + diff --git a/AKS/helm/README.md b/AKS/helm/README.md new file mode 100644 index 000000000..3b8e50fee --- /dev/null +++ b/AKS/helm/README.md @@ -0,0 +1,186 @@ +# Stan's Robot Shop + +Use this helm chart to customise your install of Stan's Robot Shop. + +### Helm v2.x + +```shell +$ helm install --name robot-shop --namespace robot-shop . +``` + +### Helm v3.x + +```bash +$ kubectl create ns robot-shop +$ helm install robot-shop --namespace robot-shop . +``` + +## Images + +By default the images are pulled from Docker Hub. Setting `image.repo` this can be changed, for example: + +```shell +$ helm install --set image.repo=eu.gcr.io/acme ... +``` + +Will pull images from the European Google registry project `acme`. + +By default the latest version of the images is pulled. A specific version can be used: + +```shell +$ helm install --set image.version=0.1.2 ... +``` + +It is recommened to always use the latest version. + +## Pod Security Policy + +If you wish to enable [PSP](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) + +```shell +$ helm install --set psp.enabled=true ... +``` + +## Payment Gateway + +By default the `payment` service uses https://www.paypal.com as the pseudo payment provider. The code only does a HTTP GET against this url. You can use a different url. + +```shell +$ helm install --set payment.gateway=https://foobar.com ... +``` + +## Website Monitoring / End-User Monitoring + +Optionally Website Monitoring / End-User Monitoring can be enabled for the web pages. Take a look at the [documentation](https://docs.instana.io/website_monitoring/) to see how to get a key and an endpoint url. + +```shell +$ helm install \ + --set eum.key=xxxxxxxxx \ + --set eum.url=https://eum-eu-west-1.instana.io \ + ... +``` + +## Use with Minis + +When running on `minishift` or `minikube` set `nodeport` to true. The store will then be available on the IP address of your mini and node port of the web service. + +```shell +$ mini[kube|shift] ip +192.168.66.101 +$ kubectl get svc web +``` + +Combine the IP and port number to make the URL `http://192.168.66.101:32145` + +### MiniShift + +Openshift is like K8s but not K8s. Set `openshift` to true or things will break. See the notes and scripts in the OpenShift directory of this repo. + +```shell +$ helm install robot-shop --set openshift=true helm +``` + +## Deployment Parameters + +| Key | Default | Type | Description | +| ---------------- | ------- | ------ | ----------- | +| eum.key | null | string | EUM Access Key | +| eum.url | https://eum-eu-west-1.instana.io | url | EUM endpoint URL | +| image.pullPolicy | IfNotPresent | string | Kubernetes pull policy. One of Always,IfNotPresent, or Never. | +| image.repo | robotshop | string | Base docker repository to pull the images from. | +| image.version | latest | string | Docker tag to pull. | +| nodeport | false | booelan | Whether to expose the services via node port. | +| openshift | false | boolean | If OpenShift additional configuration is applied. | +| payment.gateway | null | string | External URL end-point to simulate partial/3rd party traces. | +| psp.enabled | false | boolean | Enable Pod Security Policy for clusters with a PSP Admission controller | +| redis.storageClassName | standard | string | Storage class to use with Redis's StatefulSet. The default for EKS is gp2. | +| ocCreateRoute | false | boolean | If you are running on OpenShift and need a Route to the web service, set this to `true` | +| ``.affinity | {} | object | Affinity for pod assignment on nodes with matching labels (Refer [here](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)) | +| ``.nodeSelector | {} | object | Node labels for pod assignment (Refer [here](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector)) | +| ``.tolerations | [] | list | Tolerations for pod assignment on nodes with matching taints (Refer [here](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)) | +--- +> ### Notes for `affinity` and `tolerations` +> `` can be substituted with the different microservices consisting of Robot shop, namely: +> - [`cart`](./templates/cart-deployment.yaml) +> - [`catalogue`](./templates/catalogue-deployment.yaml) +> - [`dispatch`](./templates/dispatch-deployment.yaml) +> - [`mongodb`](./templates/mongodb-deployment.yaml) +> - [`mysql`](./templates/mysql-deployment.yaml) +> - [`payment`](./templates/payment-deployment.yaml) +> - [`rabbitmq`](./templates/rabbitmq-deployment.yaml) +> - [`ratings`](./templates/ratings-deployment.yaml) +> - [`redis`](./templates/redis-statefulset.yaml) +> - [`shipping`](./templates/shipping-deployment.yaml) +> - [`user`](./templates/user-deployment.yaml) +> - [`web`](./templates/web-deployment.yaml) +> +> `affinity`, `nodeSelector` and `tolerations` can be set for individual workloads. +------ +## Examples for deployment using `affinities` and `tolerations` +
+ +`values.yaml` +```yaml +. +.. +... +shipping: + gateway: null + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-restriction.kubernetes.io/pool_0 + operator: Exists + values: [] + tolerations: + - key: "pool_0" + operator: "Equal" + value: "true" + effect: "NoSchedule" + - key: "pool_0" + operator: "Equal" + value: "true" + effect: "NoExecute" + nodeSelector: {} + +user: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-restriction.kubernetes.io/pool_1 + operator: Exists + values: [] + tolerations: + - key: "pool_1" + operator: "Equal" + value: "true" + effect: "NoSchedule" + - key: "pool_1" + operator: "Equal" + value: "true" + effect: "NoExecute" + nodeSelector: {} +... +.. +. + ``` + +In this example, the `shipping` Pods will be deployed on only those nodes that have the label `node-restriction.kubernetes.io/pool_0` and are tainted using +``` +kubectl taint node pool_0=true:NoSchedule +kubectl taint node pool_0=true:NoExecute +``` + +Similarly, the `user` Pods will be deployed on only those nodes that have the label `node-restriction.kubernetes.io/pool_1` and are tainted using +``` +kubectl taint node pool_1=true:NoSchedule +kubectl taint node pool_1=true:NoExecute +``` + +Hence, this way we can control which `Robot shop` workloads are running on which nodes/nodepools. + +> *Note*: `nodeSelector` will behave in a similar fashion. diff --git a/AKS/helm/ingress.yaml b/AKS/helm/ingress.yaml new file mode 100644 index 000000000..8f0a39430 --- /dev/null +++ b/AKS/helm/ingress.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: robot-shop + name: robot-shop +spec: + ingressClassName: azure-application-gateway + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: web + port: + number: 8080 diff --git a/AKS/helm/templates/cart-deployment.yaml b/AKS/helm/templates/cart-deployment.yaml new file mode 100644 index 000000000..e9ec6507a --- /dev/null +++ b/AKS/helm/templates/cart-deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cart + labels: + service: cart +spec: + replicas: 1 + selector: + matchLabels: + service: cart + template: + metadata: + labels: + service: cart + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: cart + image: {{ .Values.image.repo }}/rs-cart:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + # agent networking access + env: + - name: INSTANA_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + ports: + - containerPort: 8080 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + {{- with .Values.cart.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.cart.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.cart.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/AKS/helm/templates/cart-service.yaml b/AKS/helm/templates/cart-service.yaml new file mode 100644 index 000000000..dd132ae22 --- /dev/null +++ b/AKS/helm/templates/cart-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: cart +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + service: cart diff --git a/AKS/helm/templates/catalogue-deployment.yaml b/AKS/helm/templates/catalogue-deployment.yaml new file mode 100644 index 000000000..aead6ae82 --- /dev/null +++ b/AKS/helm/templates/catalogue-deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: catalogue + labels: + service: catalogue +spec: + replicas: 1 + selector: + matchLabels: + service: catalogue + template: + metadata: + labels: + service: catalogue + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: catalogue + image: {{ .Values.image.repo }}/rs-catalogue:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: INSTANA_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + ports: + - containerPort: 8080 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + restartPolicy: Always + {{- with .Values.catalogue.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.catalogue.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.catalogue.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/AKS/helm/templates/catalogue-service.yaml b/AKS/helm/templates/catalogue-service.yaml new file mode 100644 index 000000000..e616214b1 --- /dev/null +++ b/AKS/helm/templates/catalogue-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: catalogue + name: catalogue +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + service: catalogue diff --git a/AKS/helm/templates/clusterrole.yaml b/AKS/helm/templates/clusterrole.yaml new file mode 100644 index 000000000..21bde8ea1 --- /dev/null +++ b/AKS/helm/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +{{ if .Values.psp.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: robot-shop +rules: +- apiGroups: + - policy + resourceNames: + - robot-shop + resources: + - podsecuritypolicies + verbs: + - use +{{ end }} diff --git a/AKS/helm/templates/clusterrolebinding.yaml b/AKS/helm/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..2daf5c896 --- /dev/null +++ b/AKS/helm/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +{{ if .Values.psp.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: robot-shop +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: robot-shop +subjects: +- kind: ServiceAccount + name: robot-shop + namespace: robot-shop +{{ end }} diff --git a/AKS/helm/templates/dispatch-deployment.yaml b/AKS/helm/templates/dispatch-deployment.yaml new file mode 100644 index 000000000..e4571a311 --- /dev/null +++ b/AKS/helm/templates/dispatch-deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dispatch + labels: + service: dispatch +spec: + replicas: 1 + selector: + matchLabels: + service: dispatch + template: + metadata: + labels: + service: dispatch + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: dispatch + image: {{ .Values.image.repo }}/rs-dispatch:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + # agent networking access + - name: INSTANA_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + restartPolicy: Always + {{- with .Values.dispatch.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dispatch.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dispatch.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/AKS/helm/templates/dispatch-service.yaml b/AKS/helm/templates/dispatch-service.yaml new file mode 100644 index 000000000..8d913a095 --- /dev/null +++ b/AKS/helm/templates/dispatch-service.yaml @@ -0,0 +1,16 @@ +# dispatch just listens to a message queue +# it does not expose any ports +apiVersion: v1 +kind: Service +metadata: + name: dispatch + labels: + service: dispatch +spec: + clusterIP: None + ports: + - name: headless + port: 55555 + targetPort: 0 + selector: + service: dispatch diff --git a/AKS/helm/templates/mongodb-deployment.yaml b/AKS/helm/templates/mongodb-deployment.yaml new file mode 100644 index 000000000..b7e15ed62 --- /dev/null +++ b/AKS/helm/templates/mongodb-deployment.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongodb + labels: + service: mongodb +spec: + replicas: 1 + selector: + matchLabels: + service: mongodb + template: + metadata: + labels: + service: mongodb + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: mongodb + image: {{ .Values.image.repo }}/rs-mongodb:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 27017 + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + restartPolicy: Always + {{- with .Values.mongodb.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mongodb.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mongodb.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/AKS/helm/templates/mongodb-service.yaml b/AKS/helm/templates/mongodb-service.yaml new file mode 100644 index 000000000..be871cd00 --- /dev/null +++ b/AKS/helm/templates/mongodb-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: mongodb + name: mongodb +spec: + ports: + - name: mongo + port: 27017 + targetPort: 27017 + selector: + service: mongodb diff --git a/AKS/helm/templates/mysql-deployment.yaml b/AKS/helm/templates/mysql-deployment.yaml new file mode 100644 index 000000000..bbaba0186 --- /dev/null +++ b/AKS/helm/templates/mysql-deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql + labels: + service: mysql +spec: + replicas: 1 + selector: + matchLabels: + service: mysql + template: + metadata: + labels: + service: mysql + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: mysql + image: {{ .Values.image.repo }}/rs-mysql-db:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + # added for Istio + securityContext: + capabilities: + add: ["NET_ADMIN"] + ports: + - containerPort: 3306 + resources: + limits: + cpu: 200m + memory: 1024Mi + requests: + cpu: 100m + memory: 700Mi + restartPolicy: Always + {{- with .Values.mysql.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mysql.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mysql.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/AKS/helm/templates/mysql-service.yaml b/AKS/helm/templates/mysql-service.yaml new file mode 100644 index 000000000..56c56c3fd --- /dev/null +++ b/AKS/helm/templates/mysql-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: mysql + name: mysql +spec: + ports: + - name: mysql + port: 3306 + targetPort: 3306 + selector: + service: mysql diff --git a/AKS/helm/templates/payment-deployment.yaml b/AKS/helm/templates/payment-deployment.yaml new file mode 100644 index 000000000..7320083bf --- /dev/null +++ b/AKS/helm/templates/payment-deployment.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: payment + labels: + service: payment + stage: prod +spec: + replicas: 1 + selector: + matchLabels: + service: payment + stage: prod + template: + metadata: + labels: + service: payment + stage: prod + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: payment + image: {{ .Values.image.repo }}/rs-payment:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + # agent networking access + env: + - name: INSTANA_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + {{- if .Values.payment.gateway }} + - name: PAYMENT_GATEWAY + value: {{ .Values.payment.gateway }} + {{- end }} + ports: + - containerPort: 8080 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + restartPolicy: Always + {{- with .Values.payment.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.payment.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.payment.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/AKS/helm/templates/payment-service.yaml b/AKS/helm/templates/payment-service.yaml new file mode 100644 index 000000000..a0a3e5dc9 --- /dev/null +++ b/AKS/helm/templates/payment-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: payment + labels: + service: payment +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + service: payment diff --git a/AKS/helm/templates/podsecuritypolicy.yaml b/AKS/helm/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..e5de6fff0 --- /dev/null +++ b/AKS/helm/templates/podsecuritypolicy.yaml @@ -0,0 +1,26 @@ +{{ if .Values.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: robot-shop +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + privileged: false + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + allowedCapabilities: + - 'NET_ADMIN' + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - secret + - projected +{{ end }} diff --git a/AKS/helm/templates/rabbitmq-deployment.yaml b/AKS/helm/templates/rabbitmq-deployment.yaml new file mode 100644 index 000000000..59123a80f --- /dev/null +++ b/AKS/helm/templates/rabbitmq-deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rabbitmq + labels: + service: rabbitmq +spec: + replicas: 1 + selector: + matchLabels: + service: rabbitmq + template: + metadata: + labels: + service: rabbitmq + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: rabbitmq + image: rabbitmq:3.7-management-alpine + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 5672 + - containerPort: 15672 + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + restartPolicy: Always + {{- with .Values.rabbitmq.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.rabbitmq.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.rabbitmq.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/AKS/helm/templates/rabbitmq-service.yaml b/AKS/helm/templates/rabbitmq-service.yaml new file mode 100644 index 000000000..12583c023 --- /dev/null +++ b/AKS/helm/templates/rabbitmq-service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: rabbitmq + labels: + service: rabbitmq +spec: + ports: + - name: tcp-amqp + port: 5672 + targetPort: 5672 + - name: http-management + port: 15672 + targetPort: 15672 + - name: tcp-epmd + port: 4369 + targetPort: 4369 + selector: + service: rabbitmq diff --git a/AKS/helm/templates/ratings-deployment.yaml b/AKS/helm/templates/ratings-deployment.yaml new file mode 100644 index 000000000..c0e226038 --- /dev/null +++ b/AKS/helm/templates/ratings-deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ratings + labels: + service: ratings +spec: + replicas: 1 + selector: + matchLabels: + service: ratings + template: + metadata: + labels: + service: ratings + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: ratings + image: {{ .Values.image.repo }}/rs-ratings:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 80 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + readinessProbe: + httpGet: + path: /_health + port: 80 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + restartPolicy: Always + {{- with .Values.ratings.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.ratings.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.ratings.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/AKS/helm/templates/ratings-service.yaml b/AKS/helm/templates/ratings-service.yaml new file mode 100644 index 000000000..fd310a398 --- /dev/null +++ b/AKS/helm/templates/ratings-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: ratings + labels: + service: ratings +spec: + ports: + - name: http + port: 80 + targetPort: 80 + selector: + service: ratings + diff --git a/AKS/helm/templates/redis-service.yaml b/AKS/helm/templates/redis-service.yaml new file mode 100644 index 000000000..1604d0e33 --- /dev/null +++ b/AKS/helm/templates/redis-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: redis + name: redis +spec: + ports: + - name: redis + port: 6379 + targetPort: 6379 + selector: + service: redis diff --git a/AKS/helm/templates/redis-statefulset.yaml b/AKS/helm/templates/redis-statefulset.yaml new file mode 100644 index 000000000..b6a3e68d9 --- /dev/null +++ b/AKS/helm/templates/redis-statefulset.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + service: redis + name: redis +spec: + replicas: 1 + selector: + matchLabels: + service: redis + serviceName: redis + template: + metadata: + labels: + service: redis + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: redis + image: redis:4.0.6 + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 6379 + volumeMounts: + - name: data + mountPath: /mnt/redis + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + restartPolicy: Always + {{- with .Values.redis.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + {{ if not .Values.openshift }} + storageClassName: default + volumeMode: Filesystem + {{ end }} + resources: + requests: + storage: 1Gi + diff --git a/AKS/helm/templates/serviceaccount.yaml b/AKS/helm/templates/serviceaccount.yaml new file mode 100644 index 000000000..33a4ce1c1 --- /dev/null +++ b/AKS/helm/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +{{ if .Values.psp.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: robot-shop + namespace: robot-shop +{{ end }} diff --git a/AKS/helm/templates/shipping-deployment.yaml b/AKS/helm/templates/shipping-deployment.yaml new file mode 100644 index 000000000..aa42f8a5c --- /dev/null +++ b/AKS/helm/templates/shipping-deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: shipping + labels: + service: shipping +spec: + replicas: 1 + selector: + matchLabels: + service: shipping + template: + metadata: + labels: + service: shipping + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: shipping + image: {{ .Values.image.repo }}/rs-shipping:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 8080 + # it's Java it needs lots of memory + resources: + limits: + cpu: 200m + memory: 1000Mi + requests: + cpu: 100m + memory: 500Mi + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + restartPolicy: Always + {{- with .Values.shipping.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.shipping.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.shipping.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/AKS/helm/templates/shipping-service.yaml b/AKS/helm/templates/shipping-service.yaml new file mode 100644 index 000000000..2af82b82b --- /dev/null +++ b/AKS/helm/templates/shipping-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: shipping + labels: + service: shipping +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + service: shipping diff --git a/AKS/helm/templates/user-deployment.yaml b/AKS/helm/templates/user-deployment.yaml new file mode 100644 index 000000000..9b8ac6d50 --- /dev/null +++ b/AKS/helm/templates/user-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: user + labels: + service: user +spec: + replicas: 1 + selector: + matchLabels: + service: user + template: + metadata: + labels: + service: user + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: user + image: {{ .Values.image.repo }}/rs-user:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + # agent networking access + - name: INSTANA_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + ports: + - containerPort: 8080 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + restartPolicy: Always + {{- with .Values.user.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.user.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.user.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/AKS/helm/templates/user-service.yaml b/AKS/helm/templates/user-service.yaml new file mode 100644 index 000000000..1e0b372e9 --- /dev/null +++ b/AKS/helm/templates/user-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: user + labels: + service: user +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + service: user diff --git a/AKS/helm/templates/web-deployment.yaml b/AKS/helm/templates/web-deployment.yaml new file mode 100644 index 000000000..e07f41c3d --- /dev/null +++ b/AKS/helm/templates/web-deployment.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: web + labels: + service: web +spec: + replicas: 1 + selector: + matchLabels: + service: web + template: + metadata: + labels: + service: web + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: web + image: {{ .Values.image.repo }}/rs-web:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.eum.key }} + env: + - name: INSTANA_EUM_KEY + value: {{ .Values.eum.key }} + - name: INSTANA_EUM_REPORTING_URL + value: {{ .Values.eum.url }} + {{- end}} + ports: + - containerPort: 8080 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + restartPolicy: Always + {{- with .Values.web.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.web.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.web.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/AKS/helm/templates/web-service.yaml b/AKS/helm/templates/web-service.yaml new file mode 100644 index 000000000..d22780b57 --- /dev/null +++ b/AKS/helm/templates/web-service.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + name: web + labels: + service: web +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + service: web + {{ if .Values.nodeport }} + type: NodePort + {{ else }} + type: LoadBalancer + {{ end }} +--- +{{if .Values.ocCreateRoute}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: web +spec: + to: + kind: Service + name: web +{{end}} \ No newline at end of file diff --git a/AKS/helm/values.yaml b/AKS/helm/values.yaml new file mode 100644 index 000000000..3bcfe00bb --- /dev/null +++ b/AKS/helm/values.yaml @@ -0,0 +1,64 @@ +# Registry and repository for Docker images +# Default is docker/robotshop/image:latest +image: + repo: robotshop + version: latest + pullPolicy: IfNotPresent + +# EUM configuration +# Provide your key and set the endpoint +eum: + key: null + url: https://eum-eu-west-1.instana.io + #url: https://eum-us-west-2.instana.io + +# Pod Security Policy +psp: + enabled: false + +# For the mini ones minikube, minishift set to true +nodeport: false + +# "special" Openshift. Set to true when deploying to any openshift flavour +openshift: false + +ocCreateRoute: false + +###################################### +# Affinities for individual workloads +# set in the following way: +# : +# affinity: {} +# nodeSelector: {} +# tolerations: [] +###################################### + +cart: {} + +catalogue: {} + +dispatch: {} + +mongodb: {} + +mysql: {} + +payment: + # Alternative payment gateway URL + # Default is https://www.paypal.com + gateway: null + #gateway: https://www.worldpay.com + +rabbitmq: {} + +ratings: {} + +redis: + # Storage class to use with redis statefulset. + storageClassName: default + +shipping: {} + +user: {} + +web: {} diff --git a/EKS/01-prerequisites.md b/EKS/01-prerequisites.md new file mode 100644 index 000000000..0a8b1f8da --- /dev/null +++ b/EKS/01-prerequisites.md @@ -0,0 +1,13 @@ +# prerequisites + +kubectl – A command line tool for working with Kubernetes clusters. For more information, see Installing or updating kubectl. +https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html + +eksctl – A command line tool for working with EKS clusters that automates many individual tasks. For more information, see Installing or updating. +https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html + +AWS CLI – A command line tool for working with AWS services, including Amazon EKS. For more information, see Installing, updating, and uninstalling the AWS CLI +https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html in the AWS Command Line Interface User Guide. + +After installing the AWS CLI, I recommend that you also configure it. For more information, see Quick configuration with aws configure in the AWS Command Line Interface User Guide. +https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-config diff --git a/EKS/02-eks-cluster-setup.md b/EKS/02-eks-cluster-setup.md new file mode 100644 index 000000000..131b1f458 --- /dev/null +++ b/EKS/02-eks-cluster-setup.md @@ -0,0 +1,18 @@ +# Install EKS + +Please follow the prerequisites doc before this. + +## Install using Fargate + +``` +eksctl create cluster --name demo-cluster-three-tier-1 --region us-east-1 +``` + +## Delete the cluster + +``` +eksctl delete cluster --name demo-cluster-three-tier-1 --region us-east-1 +``` + + + diff --git a/EKS/03-oidc-IAM.md b/EKS/03-oidc-IAM.md new file mode 100644 index 000000000..b6866d334 --- /dev/null +++ b/EKS/03-oidc-IAM.md @@ -0,0 +1,21 @@ +# commands to configure IAM OIDC provider + +``` +export cluster_name= +``` + +``` +oidc_id=$(aws eks describe-cluster --name $cluster_name --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5) +``` + +## Check if there is an IAM OIDC provider configured already + +``` +aws iam list-open-id-connect-providers | grep $oidc_id | cut -d "/" -f4 +``` + +If not, run the below command + +``` +eksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve +``` \ No newline at end of file diff --git a/EKS/04-alb-configuration.md b/EKS/04-alb-configuration.md new file mode 100644 index 000000000..e70a1bd75 --- /dev/null +++ b/EKS/04-alb-configuration.md @@ -0,0 +1,62 @@ +# How to setup alb add on + +Download IAM policy + +``` +curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.json +``` + +Create IAM Policy + +``` +aws iam create-policy \ + --policy-name AWSLoadBalancerControllerIAMPolicy \ + --policy-document file://iam_policy.json +``` + +Create IAM Role + +``` +eksctl create iamserviceaccount \ + --cluster= \ + --namespace=kube-system \ + --name=aws-load-balancer-controller \ + --role-name AmazonEKSLoadBalancerControllerRole \ + --attach-policy-arn=arn:aws:iam:::policy/AWSLoadBalancerControllerIAMPolicy \ + --approve +``` + +## Deploy ALB controller + +Add helm repo + +``` +helm repo add eks https://aws.github.io/eks-charts +``` + +Update the repo + +``` +helm repo update eks +``` + +Install + +``` +helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ + -n kube-system \ + --set clusterName= \ + --set serviceAccount.create=false \ + --set serviceAccount.name=aws-load-balancer-controller \ + --set region= \ + --set vpcId= +``` + +Verify that the deployments are running. + +``` +kubectl get deployment -n kube-system aws-load-balancer-controller +``` + + + diff --git a/EKS/05-ebs-csi-driver.md b/EKS/05-ebs-csi-driver.md new file mode 100644 index 000000000..20abc684f --- /dev/null +++ b/EKS/05-ebs-csi-driver.md @@ -0,0 +1,27 @@ +# EBS CSI Plugin configuration + +The Amazon EBS CSI plugin requires IAM permissions to make calls to AWS APIs on your behalf. + +Create an IAM role and attach a policy. AWS maintains an AWS managed policy or you can create your own custom policy. You can create an IAM role and attach the AWS managed policy with the following command. Replace my-cluster with the name of your cluster. The command deploys an AWS CloudFormation stack that creates an IAM role and attaches the IAM policy to it. + +``` +eksctl create iamserviceaccount \ + --name ebs-csi-controller-sa \ + --namespace kube-system \ + --cluster \ + --role-name AmazonEKS_EBS_CSI_DriverRole \ + --role-only \ + --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ + --approve +``` + +Run the following command. Replace with the name of your cluster, with your account ID. + +``` +eksctl create addon --name aws-ebs-csi-driver --cluster --service-account-role-arn arn:aws:iam:::role/AmazonEKS_EBS_CSI_DriverRole --force +``` + +**Note**: If your cluster is in the AWS GovCloud (US-East) or AWS GovCloud (US-West) AWS Regions, then replace arn:aws: with arn:aws-us-gov:. + +**References**: +https://repost.aws/knowledge-center/eks-persistent-storage \ No newline at end of file diff --git a/EKS/helm/Chart.yaml b/EKS/helm/Chart.yaml new file mode 100644 index 000000000..e4af2d276 --- /dev/null +++ b/EKS/helm/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +name: robot-shop +version: 1.1.0 +home: https://github.com/instana/robot-shop +description: Sample micoservices application + diff --git a/EKS/helm/README.md b/EKS/helm/README.md new file mode 100644 index 000000000..3b8e50fee --- /dev/null +++ b/EKS/helm/README.md @@ -0,0 +1,186 @@ +# Stan's Robot Shop + +Use this helm chart to customise your install of Stan's Robot Shop. + +### Helm v2.x + +```shell +$ helm install --name robot-shop --namespace robot-shop . +``` + +### Helm v3.x + +```bash +$ kubectl create ns robot-shop +$ helm install robot-shop --namespace robot-shop . +``` + +## Images + +By default the images are pulled from Docker Hub. Setting `image.repo` this can be changed, for example: + +```shell +$ helm install --set image.repo=eu.gcr.io/acme ... +``` + +Will pull images from the European Google registry project `acme`. + +By default the latest version of the images is pulled. A specific version can be used: + +```shell +$ helm install --set image.version=0.1.2 ... +``` + +It is recommened to always use the latest version. + +## Pod Security Policy + +If you wish to enable [PSP](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) + +```shell +$ helm install --set psp.enabled=true ... +``` + +## Payment Gateway + +By default the `payment` service uses https://www.paypal.com as the pseudo payment provider. The code only does a HTTP GET against this url. You can use a different url. + +```shell +$ helm install --set payment.gateway=https://foobar.com ... +``` + +## Website Monitoring / End-User Monitoring + +Optionally Website Monitoring / End-User Monitoring can be enabled for the web pages. Take a look at the [documentation](https://docs.instana.io/website_monitoring/) to see how to get a key and an endpoint url. + +```shell +$ helm install \ + --set eum.key=xxxxxxxxx \ + --set eum.url=https://eum-eu-west-1.instana.io \ + ... +``` + +## Use with Minis + +When running on `minishift` or `minikube` set `nodeport` to true. The store will then be available on the IP address of your mini and node port of the web service. + +```shell +$ mini[kube|shift] ip +192.168.66.101 +$ kubectl get svc web +``` + +Combine the IP and port number to make the URL `http://192.168.66.101:32145` + +### MiniShift + +Openshift is like K8s but not K8s. Set `openshift` to true or things will break. See the notes and scripts in the OpenShift directory of this repo. + +```shell +$ helm install robot-shop --set openshift=true helm +``` + +## Deployment Parameters + +| Key | Default | Type | Description | +| ---------------- | ------- | ------ | ----------- | +| eum.key | null | string | EUM Access Key | +| eum.url | https://eum-eu-west-1.instana.io | url | EUM endpoint URL | +| image.pullPolicy | IfNotPresent | string | Kubernetes pull policy. One of Always,IfNotPresent, or Never. | +| image.repo | robotshop | string | Base docker repository to pull the images from. | +| image.version | latest | string | Docker tag to pull. | +| nodeport | false | booelan | Whether to expose the services via node port. | +| openshift | false | boolean | If OpenShift additional configuration is applied. | +| payment.gateway | null | string | External URL end-point to simulate partial/3rd party traces. | +| psp.enabled | false | boolean | Enable Pod Security Policy for clusters with a PSP Admission controller | +| redis.storageClassName | standard | string | Storage class to use with Redis's StatefulSet. The default for EKS is gp2. | +| ocCreateRoute | false | boolean | If you are running on OpenShift and need a Route to the web service, set this to `true` | +| ``.affinity | {} | object | Affinity for pod assignment on nodes with matching labels (Refer [here](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)) | +| ``.nodeSelector | {} | object | Node labels for pod assignment (Refer [here](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector)) | +| ``.tolerations | [] | list | Tolerations for pod assignment on nodes with matching taints (Refer [here](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)) | +--- +> ### Notes for `affinity` and `tolerations` +> `` can be substituted with the different microservices consisting of Robot shop, namely: +> - [`cart`](./templates/cart-deployment.yaml) +> - [`catalogue`](./templates/catalogue-deployment.yaml) +> - [`dispatch`](./templates/dispatch-deployment.yaml) +> - [`mongodb`](./templates/mongodb-deployment.yaml) +> - [`mysql`](./templates/mysql-deployment.yaml) +> - [`payment`](./templates/payment-deployment.yaml) +> - [`rabbitmq`](./templates/rabbitmq-deployment.yaml) +> - [`ratings`](./templates/ratings-deployment.yaml) +> - [`redis`](./templates/redis-statefulset.yaml) +> - [`shipping`](./templates/shipping-deployment.yaml) +> - [`user`](./templates/user-deployment.yaml) +> - [`web`](./templates/web-deployment.yaml) +> +> `affinity`, `nodeSelector` and `tolerations` can be set for individual workloads. +------ +## Examples for deployment using `affinities` and `tolerations` +
+ +`values.yaml` +```yaml +. +.. +... +shipping: + gateway: null + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-restriction.kubernetes.io/pool_0 + operator: Exists + values: [] + tolerations: + - key: "pool_0" + operator: "Equal" + value: "true" + effect: "NoSchedule" + - key: "pool_0" + operator: "Equal" + value: "true" + effect: "NoExecute" + nodeSelector: {} + +user: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-restriction.kubernetes.io/pool_1 + operator: Exists + values: [] + tolerations: + - key: "pool_1" + operator: "Equal" + value: "true" + effect: "NoSchedule" + - key: "pool_1" + operator: "Equal" + value: "true" + effect: "NoExecute" + nodeSelector: {} +... +.. +. + ``` + +In this example, the `shipping` Pods will be deployed on only those nodes that have the label `node-restriction.kubernetes.io/pool_0` and are tainted using +``` +kubectl taint node pool_0=true:NoSchedule +kubectl taint node pool_0=true:NoExecute +``` + +Similarly, the `user` Pods will be deployed on only those nodes that have the label `node-restriction.kubernetes.io/pool_1` and are tainted using +``` +kubectl taint node pool_1=true:NoSchedule +kubectl taint node pool_1=true:NoExecute +``` + +Hence, this way we can control which `Robot shop` workloads are running on which nodes/nodepools. + +> *Note*: `nodeSelector` will behave in a similar fashion. diff --git a/EKS/helm/ingress.yaml b/EKS/helm/ingress.yaml new file mode 100644 index 000000000..eff913860 --- /dev/null +++ b/EKS/helm/ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: robot-shop + name: robot-shop + annotations: + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/target-type: ip +spec: + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: web + port: + number: 8080 \ No newline at end of file diff --git a/EKS/helm/templates/cart-deployment.yaml b/EKS/helm/templates/cart-deployment.yaml new file mode 100644 index 000000000..e9ec6507a --- /dev/null +++ b/EKS/helm/templates/cart-deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cart + labels: + service: cart +spec: + replicas: 1 + selector: + matchLabels: + service: cart + template: + metadata: + labels: + service: cart + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: cart + image: {{ .Values.image.repo }}/rs-cart:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + # agent networking access + env: + - name: INSTANA_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + ports: + - containerPort: 8080 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + {{- with .Values.cart.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.cart.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.cart.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/EKS/helm/templates/cart-service.yaml b/EKS/helm/templates/cart-service.yaml new file mode 100644 index 000000000..dd132ae22 --- /dev/null +++ b/EKS/helm/templates/cart-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: cart +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + service: cart diff --git a/EKS/helm/templates/catalogue-deployment.yaml b/EKS/helm/templates/catalogue-deployment.yaml new file mode 100644 index 000000000..aead6ae82 --- /dev/null +++ b/EKS/helm/templates/catalogue-deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: catalogue + labels: + service: catalogue +spec: + replicas: 1 + selector: + matchLabels: + service: catalogue + template: + metadata: + labels: + service: catalogue + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: catalogue + image: {{ .Values.image.repo }}/rs-catalogue:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: INSTANA_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + ports: + - containerPort: 8080 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + restartPolicy: Always + {{- with .Values.catalogue.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.catalogue.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.catalogue.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/EKS/helm/templates/catalogue-service.yaml b/EKS/helm/templates/catalogue-service.yaml new file mode 100644 index 000000000..e616214b1 --- /dev/null +++ b/EKS/helm/templates/catalogue-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: catalogue + name: catalogue +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + service: catalogue diff --git a/EKS/helm/templates/clusterrole.yaml b/EKS/helm/templates/clusterrole.yaml new file mode 100644 index 000000000..21bde8ea1 --- /dev/null +++ b/EKS/helm/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +{{ if .Values.psp.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: robot-shop +rules: +- apiGroups: + - policy + resourceNames: + - robot-shop + resources: + - podsecuritypolicies + verbs: + - use +{{ end }} diff --git a/EKS/helm/templates/clusterrolebinding.yaml b/EKS/helm/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..2daf5c896 --- /dev/null +++ b/EKS/helm/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +{{ if .Values.psp.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: robot-shop +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: robot-shop +subjects: +- kind: ServiceAccount + name: robot-shop + namespace: robot-shop +{{ end }} diff --git a/EKS/helm/templates/dispatch-deployment.yaml b/EKS/helm/templates/dispatch-deployment.yaml new file mode 100644 index 000000000..e4571a311 --- /dev/null +++ b/EKS/helm/templates/dispatch-deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dispatch + labels: + service: dispatch +spec: + replicas: 1 + selector: + matchLabels: + service: dispatch + template: + metadata: + labels: + service: dispatch + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: dispatch + image: {{ .Values.image.repo }}/rs-dispatch:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + # agent networking access + - name: INSTANA_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + restartPolicy: Always + {{- with .Values.dispatch.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dispatch.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dispatch.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/EKS/helm/templates/dispatch-service.yaml b/EKS/helm/templates/dispatch-service.yaml new file mode 100644 index 000000000..8d913a095 --- /dev/null +++ b/EKS/helm/templates/dispatch-service.yaml @@ -0,0 +1,16 @@ +# dispatch just listens to a message queue +# it does not expose any ports +apiVersion: v1 +kind: Service +metadata: + name: dispatch + labels: + service: dispatch +spec: + clusterIP: None + ports: + - name: headless + port: 55555 + targetPort: 0 + selector: + service: dispatch diff --git a/EKS/helm/templates/mongodb-deployment.yaml b/EKS/helm/templates/mongodb-deployment.yaml new file mode 100644 index 000000000..b7e15ed62 --- /dev/null +++ b/EKS/helm/templates/mongodb-deployment.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongodb + labels: + service: mongodb +spec: + replicas: 1 + selector: + matchLabels: + service: mongodb + template: + metadata: + labels: + service: mongodb + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: mongodb + image: {{ .Values.image.repo }}/rs-mongodb:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 27017 + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + restartPolicy: Always + {{- with .Values.mongodb.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mongodb.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mongodb.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/EKS/helm/templates/mongodb-service.yaml b/EKS/helm/templates/mongodb-service.yaml new file mode 100644 index 000000000..be871cd00 --- /dev/null +++ b/EKS/helm/templates/mongodb-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: mongodb + name: mongodb +spec: + ports: + - name: mongo + port: 27017 + targetPort: 27017 + selector: + service: mongodb diff --git a/EKS/helm/templates/mysql-deployment.yaml b/EKS/helm/templates/mysql-deployment.yaml new file mode 100644 index 000000000..bbaba0186 --- /dev/null +++ b/EKS/helm/templates/mysql-deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql + labels: + service: mysql +spec: + replicas: 1 + selector: + matchLabels: + service: mysql + template: + metadata: + labels: + service: mysql + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: mysql + image: {{ .Values.image.repo }}/rs-mysql-db:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + # added for Istio + securityContext: + capabilities: + add: ["NET_ADMIN"] + ports: + - containerPort: 3306 + resources: + limits: + cpu: 200m + memory: 1024Mi + requests: + cpu: 100m + memory: 700Mi + restartPolicy: Always + {{- with .Values.mysql.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mysql.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mysql.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/EKS/helm/templates/mysql-service.yaml b/EKS/helm/templates/mysql-service.yaml new file mode 100644 index 000000000..56c56c3fd --- /dev/null +++ b/EKS/helm/templates/mysql-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: mysql + name: mysql +spec: + ports: + - name: mysql + port: 3306 + targetPort: 3306 + selector: + service: mysql diff --git a/EKS/helm/templates/payment-deployment.yaml b/EKS/helm/templates/payment-deployment.yaml new file mode 100644 index 000000000..7320083bf --- /dev/null +++ b/EKS/helm/templates/payment-deployment.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: payment + labels: + service: payment + stage: prod +spec: + replicas: 1 + selector: + matchLabels: + service: payment + stage: prod + template: + metadata: + labels: + service: payment + stage: prod + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: payment + image: {{ .Values.image.repo }}/rs-payment:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + # agent networking access + env: + - name: INSTANA_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + {{- if .Values.payment.gateway }} + - name: PAYMENT_GATEWAY + value: {{ .Values.payment.gateway }} + {{- end }} + ports: + - containerPort: 8080 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + restartPolicy: Always + {{- with .Values.payment.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.payment.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.payment.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/EKS/helm/templates/payment-service.yaml b/EKS/helm/templates/payment-service.yaml new file mode 100644 index 000000000..a0a3e5dc9 --- /dev/null +++ b/EKS/helm/templates/payment-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: payment + labels: + service: payment +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + service: payment diff --git a/EKS/helm/templates/podsecuritypolicy.yaml b/EKS/helm/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..e5de6fff0 --- /dev/null +++ b/EKS/helm/templates/podsecuritypolicy.yaml @@ -0,0 +1,26 @@ +{{ if .Values.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: robot-shop +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + privileged: false + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + allowedCapabilities: + - 'NET_ADMIN' + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - secret + - projected +{{ end }} diff --git a/EKS/helm/templates/rabbitmq-deployment.yaml b/EKS/helm/templates/rabbitmq-deployment.yaml new file mode 100644 index 000000000..59123a80f --- /dev/null +++ b/EKS/helm/templates/rabbitmq-deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rabbitmq + labels: + service: rabbitmq +spec: + replicas: 1 + selector: + matchLabels: + service: rabbitmq + template: + metadata: + labels: + service: rabbitmq + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: rabbitmq + image: rabbitmq:3.7-management-alpine + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 5672 + - containerPort: 15672 + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + restartPolicy: Always + {{- with .Values.rabbitmq.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.rabbitmq.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.rabbitmq.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/EKS/helm/templates/rabbitmq-service.yaml b/EKS/helm/templates/rabbitmq-service.yaml new file mode 100644 index 000000000..12583c023 --- /dev/null +++ b/EKS/helm/templates/rabbitmq-service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: rabbitmq + labels: + service: rabbitmq +spec: + ports: + - name: tcp-amqp + port: 5672 + targetPort: 5672 + - name: http-management + port: 15672 + targetPort: 15672 + - name: tcp-epmd + port: 4369 + targetPort: 4369 + selector: + service: rabbitmq diff --git a/EKS/helm/templates/ratings-deployment.yaml b/EKS/helm/templates/ratings-deployment.yaml new file mode 100644 index 000000000..c0e226038 --- /dev/null +++ b/EKS/helm/templates/ratings-deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ratings + labels: + service: ratings +spec: + replicas: 1 + selector: + matchLabels: + service: ratings + template: + metadata: + labels: + service: ratings + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: ratings + image: {{ .Values.image.repo }}/rs-ratings:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 80 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + readinessProbe: + httpGet: + path: /_health + port: 80 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + restartPolicy: Always + {{- with .Values.ratings.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.ratings.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.ratings.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/EKS/helm/templates/ratings-service.yaml b/EKS/helm/templates/ratings-service.yaml new file mode 100644 index 000000000..fd310a398 --- /dev/null +++ b/EKS/helm/templates/ratings-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: ratings + labels: + service: ratings +spec: + ports: + - name: http + port: 80 + targetPort: 80 + selector: + service: ratings + diff --git a/EKS/helm/templates/redis-service.yaml b/EKS/helm/templates/redis-service.yaml new file mode 100644 index 000000000..1604d0e33 --- /dev/null +++ b/EKS/helm/templates/redis-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: redis + name: redis +spec: + ports: + - name: redis + port: 6379 + targetPort: 6379 + selector: + service: redis diff --git a/EKS/helm/templates/redis-statefulset.yaml b/EKS/helm/templates/redis-statefulset.yaml new file mode 100644 index 000000000..5e2a08317 --- /dev/null +++ b/EKS/helm/templates/redis-statefulset.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + service: redis + name: redis +spec: + replicas: 1 + selector: + matchLabels: + service: redis + serviceName: redis + template: + metadata: + labels: + service: redis + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: redis + image: redis:4.0.6 + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 6379 + volumeMounts: + - name: data + mountPath: /mnt/redis + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + restartPolicy: Always + {{- with .Values.redis.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + {{ if not .Values.openshift }} + storageClassName: gp2 + volumeMode: Filesystem + {{ end }} + resources: + requests: + storage: 1Gi + diff --git a/EKS/helm/templates/serviceaccount.yaml b/EKS/helm/templates/serviceaccount.yaml new file mode 100644 index 000000000..33a4ce1c1 --- /dev/null +++ b/EKS/helm/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +{{ if .Values.psp.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: robot-shop + namespace: robot-shop +{{ end }} diff --git a/EKS/helm/templates/shipping-deployment.yaml b/EKS/helm/templates/shipping-deployment.yaml new file mode 100644 index 000000000..aa42f8a5c --- /dev/null +++ b/EKS/helm/templates/shipping-deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: shipping + labels: + service: shipping +spec: + replicas: 1 + selector: + matchLabels: + service: shipping + template: + metadata: + labels: + service: shipping + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: shipping + image: {{ .Values.image.repo }}/rs-shipping:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 8080 + # it's Java it needs lots of memory + resources: + limits: + cpu: 200m + memory: 1000Mi + requests: + cpu: 100m + memory: 500Mi + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + restartPolicy: Always + {{- with .Values.shipping.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.shipping.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.shipping.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/EKS/helm/templates/shipping-service.yaml b/EKS/helm/templates/shipping-service.yaml new file mode 100644 index 000000000..2af82b82b --- /dev/null +++ b/EKS/helm/templates/shipping-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: shipping + labels: + service: shipping +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + service: shipping diff --git a/EKS/helm/templates/user-deployment.yaml b/EKS/helm/templates/user-deployment.yaml new file mode 100644 index 000000000..9b8ac6d50 --- /dev/null +++ b/EKS/helm/templates/user-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: user + labels: + service: user +spec: + replicas: 1 + selector: + matchLabels: + service: user + template: + metadata: + labels: + service: user + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: user + image: {{ .Values.image.repo }}/rs-user:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + # agent networking access + - name: INSTANA_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + ports: + - containerPort: 8080 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + restartPolicy: Always + {{- with .Values.user.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.user.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.user.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/EKS/helm/templates/user-service.yaml b/EKS/helm/templates/user-service.yaml new file mode 100644 index 000000000..1e0b372e9 --- /dev/null +++ b/EKS/helm/templates/user-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: user + labels: + service: user +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + service: user diff --git a/EKS/helm/templates/web-deployment.yaml b/EKS/helm/templates/web-deployment.yaml new file mode 100644 index 000000000..e07f41c3d --- /dev/null +++ b/EKS/helm/templates/web-deployment.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: web + labels: + service: web +spec: + replicas: 1 + selector: + matchLabels: + service: web + template: + metadata: + labels: + service: web + spec: + {{ if .Values.psp.enabled }} + serviceAccountName: robot-shop + {{ end }} + containers: + - name: web + image: {{ .Values.image.repo }}/rs-web:{{ .Values.image.version }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.eum.key }} + env: + - name: INSTANA_EUM_KEY + value: {{ .Values.eum.key }} + - name: INSTANA_EUM_REPORTING_URL + value: {{ .Values.eum.url }} + {{- end}} + ports: + - containerPort: 8080 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + restartPolicy: Always + {{- with .Values.web.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.web.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.web.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/EKS/helm/templates/web-service.yaml b/EKS/helm/templates/web-service.yaml new file mode 100644 index 000000000..d22780b57 --- /dev/null +++ b/EKS/helm/templates/web-service.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + name: web + labels: + service: web +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + service: web + {{ if .Values.nodeport }} + type: NodePort + {{ else }} + type: LoadBalancer + {{ end }} +--- +{{if .Values.ocCreateRoute}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: web +spec: + to: + kind: Service + name: web +{{end}} \ No newline at end of file diff --git a/EKS/helm/values.yaml b/EKS/helm/values.yaml new file mode 100644 index 000000000..f67a107d1 --- /dev/null +++ b/EKS/helm/values.yaml @@ -0,0 +1,64 @@ +# Registry and repository for Docker images +# Default is docker/robotshop/image:latest +image: + repo: robotshop + version: latest + pullPolicy: IfNotPresent + +# EUM configuration +# Provide your key and set the endpoint +eum: + key: null + url: https://eum-eu-west-1.instana.io + #url: https://eum-us-west-2.instana.io + +# Pod Security Policy +psp: + enabled: false + +# For the mini ones minikube, minishift set to true +nodeport: false + +# "special" Openshift. Set to true when deploying to any openshift flavour +openshift: false + +ocCreateRoute: false + +###################################### +# Affinities for individual workloads +# set in the following way: +# : +# affinity: {} +# nodeSelector: {} +# tolerations: [] +###################################### + +cart: {} + +catalogue: {} + +dispatch: {} + +mongodb: {} + +mysql: {} + +payment: + # Alternative payment gateway URL + # Default is https://www.paypal.com + gateway: null + #gateway: https://www.worldpay.com + +rabbitmq: {} + +ratings: {} + +redis: + # Storage class to use with redis statefulset. + storageClassName: gp2 + +shipping: {} + +user: {} + +web: {} diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 000000000..47973bae1 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,36 @@ +pipeline { + agent { + docker { image 'node:20.11.1-alpine3.19' } + } + options { + // Timeout counter starts BEFORE agent is allocated + timeout(time: 3000, unit: 'SECONDS') + } + + stages { + stage('Build Image') { + + steps { + echo 'Find All the Dockerfiles' + + powershell ''' + + function Imagebuild{ + + param( + [string]$dir + [string]$imagename + ) + + docker build -t $imagename:${env:BUILD_ID} $dir\\. + + } + + Imagebuild -dir ${env:WORKSPACE}\\cart -imagename cart + + ''' + + } + } + } +} diff --git a/cart-pipelines.yml b/cart-pipelines.yml new file mode 100644 index 000000000..91e38f0a1 --- /dev/null +++ b/cart-pipelines.yml @@ -0,0 +1,55 @@ +# Docker +# Build and push an image to Azure Container Registry +# https://docs.microsoft.com/azure/devops/pipelines/languages/docker + +trigger: + branches: + include: + - master + paths: + include: + - cart/* + +resources: +- repo: self + +variables: + # Container registry service connection established during pipeline creation + dockerRegistryServiceConnection: '753f0505-3f68-4c7b-92ae-a74cf3a694b0' + imageRepository: 'cartrobotshop' + containerRegistry: 'rohitforazregistry.azurecr.io' + dockerfilePath: '$(Build.SourcesDirectory)/cart/Dockerfile' + tag: '$(Build.BuildId)' + +pool: + name: 'robotagent' + +stages: +- stage: Build + displayName: Build + jobs: + - job: Build + displayName: Build + steps: + - task: Docker@2 + displayName: Build an image + inputs: + containerRegistry: '$(dockerRegistryServiceConnection)' + repository: '$(imageRepository)' + command: 'build' + Dockerfile: 'cart/Dockerfile' + tags: '$(tag)' + +- stage: Push + displayName: Push + jobs: + - job: Push + displayName: Push + steps: + - task: Docker@2 + displayName: Push an image to ACR + inputs: + containerRegistry: '$(dockerRegistryServiceConnection)' + repository: '$(imageRepository)' + command: 'push' + tags: '$(tag)'