From 925c98e545c2c1b6bc8c3e9fb504d7c9c16ef7cc Mon Sep 17 00:00:00 2001 From: Mathieu Benoit Date: Mon, 24 Oct 2022 06:19:45 -0400 Subject: [PATCH] Fix various breaking changes in docs/kustomize (#1202) * Fix REDIS_ADDR token replacement * Fix broken workload-identity link * add redis in container-image-registry kustomize overlay * Fix issue with loadgenerator and frontend for the native-grpc-health-check Kustomize component --- docs/cloudshell-tutorial.md | 4 +--- docs/service-mesh.md | 7 +++++-- .../kustomization.yaml | 2 ++ kustomize/components/memorystore/README.md | 2 +- .../components/memorystore/kustomization.yaml | 2 +- .../native-grpc-health-check/README.md | 11 +++-------- .../kustomization.yaml | 19 +++++++++++++++++++ .../components/service-accounts/README.md | 2 +- terraform/memorystore.tf | 2 +- 9 files changed, 34 insertions(+), 17 deletions(-) diff --git a/docs/cloudshell-tutorial.md b/docs/cloudshell-tutorial.md index d9810d6c46b..09f3f666099 100644 --- a/docs/cloudshell-tutorial.md +++ b/docs/cloudshell-tutorial.md @@ -101,9 +101,7 @@ Congratulations! You've successfully deployed Online Boutique using Cloud Shell. ##### What's next? Try other deployment options for Online Boutique: -- **Workload Identity**: See these instructions. - **Istio**: See these instructions. -- **Anthos Service Mesh**: ASM requires Workload Identity to be enabled in your GKE cluster. See these instructions to configure and deploy the app. Then, use the service mesh guide. -- **Memorystore**: See these instructions to replace the in-cluster `redis` database with hosted Google Cloud Memorystore (redis). +- **Anthos Service Mesh**: See these instructions. Learn more about the [Cloud Shell](https://cloud.google.com/shell) IDE environment and the [Cloud Code](https://cloud.google.com/code) extension. diff --git a/docs/service-mesh.md b/docs/service-mesh.md index 676bddb5e18..f85d099008d 100644 --- a/docs/service-mesh.md +++ b/docs/service-mesh.md @@ -13,9 +13,12 @@ PROJECT_ID="" ZONE="" gcloud container clusters create onlineboutique \ - --project=${PROJECT_ID} --zone=${ZONE} \ - --machine-type=e2-standard-4 --num-nodes=4 + --project=${PROJECT_ID} \ + --zone=${ZONE} \ + --machine-type=e2-standard-4 \ + --num-nodes=4 ``` +_Note: Anthos Service Mesh (ASM) requires [Workload Identity to be enabled in your GKE cluster](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#enable)._ 2. [Install Istio](https://istio.io/latest/docs/setup/getting-started/) on your cluster. diff --git a/kustomize/components/container-images-registry/kustomization.yaml b/kustomize/components/container-images-registry/kustomization.yaml index 1331d1ca766..2d58dcf4398 100644 --- a/kustomize/components/container-images-registry/kustomization.yaml +++ b/kustomize/components/container-images-registry/kustomization.yaml @@ -37,3 +37,5 @@ images: newName: CONTAINER_IMAGES_REGISTRY/recommendationservice - name: gcr.io/google-samples/microservices-demo/shippingservice newName: CONTAINER_IMAGES_REGISTRY/shippingservice +- name: redis + newName: CONTAINER_IMAGES_REGISTRY/redis diff --git a/kustomize/components/memorystore/README.md b/kustomize/components/memorystore/README.md index 84dd5ff0615..6c916f1201c 100644 --- a/kustomize/components/memorystore/README.md +++ b/kustomize/components/memorystore/README.md @@ -50,7 +50,7 @@ Update current Kustomize manifest to target this Memorystore (Redis) instance. ```bash REDIS_IP=$(gcloud redis instances describe redis-cart --region=${REGION} --format='get(host)') REDIS_PORT=$(gcloud redis instances describe redis-cart --region=${REGION} --format='get(port)') -sed -i "s/\"REDIS_ADDR\"/${REDIS_IP}:${REDIS_PORT}/g" components/memorystore/kustomization.yaml +sed -i "s/REDIS_CONNECTION_STRING/${REDIS_IP}:${REDIS_PORT}/g" components/memorystore/kustomization.yaml ``` You can locally render these manifests by running `kubectl kustomize .` as well as deploying them by running `kubectl apply -k .`. diff --git a/kustomize/components/memorystore/kustomization.yaml b/kustomize/components/memorystore/kustomization.yaml index 79331747bd1..23b91aeeaa8 100644 --- a/kustomize/components/memorystore/kustomization.yaml +++ b/kustomize/components/memorystore/kustomization.yaml @@ -28,7 +28,7 @@ patchesStrategicMerge: - name: server env: - name: REDIS_ADDR - value: "REDIS_ADDR" + value: "REDIS_CONNECTION_STRING" # redis - remove the redis-cart Deployment - |- apiVersion: apps/v1 diff --git a/kustomize/components/native-grpc-health-check/README.md b/kustomize/components/native-grpc-health-check/README.md index 64ab9a58d6c..96e11de5b24 100644 --- a/kustomize/components/native-grpc-health-check/README.md +++ b/kustomize/components/native-grpc-health-check/README.md @@ -8,9 +8,8 @@ To automate the deployment of Online Boutique integrated with native gRPC probes From the `kustomize/` folder at the root level of this repository, execute this command: ```bash -SUFFIX=-native-grpc-probes -sed -i "s/CONTAINER_IMAGES_TAG_SUFFIX/$SUFFIX/g" components/container-images-tag-suffix/kustomization.yaml -kustomize edit add component components/container-images-tag-suffix +ONLINE_BOUTIQUE_VERSION=$(curl -s https://api.github.com/repos/GoogleCloudPlatform/microservices-demo/releases | jq -r '[.[]] | .[0].tag_name') +sed -i "s/CONTAINER_IMAGES_TAG/$ONLINE_BOUTIQUE_VERSION-native-grpc-probes/g" components/native-grpc-health-check/kustomization.yaml kustomize edit add component components/native-grpc-health-check ``` _Note: we are applying the `-native-grpc-probes` tag suffix to all the container images, it's a prebuilt image without the [grpc-health-probe](https://github.com/grpc-ecosystem/grpc-health-probe) binary since the version 0.4.0 of Online Boutique._ @@ -22,14 +21,10 @@ kind: Kustomization resources: - base components: -- components/container-images-tag-suffix - components/native-grpc-health-check ``` -You can (optionally) locally render these manifests by running `kubectl kustomize . | sed "s/$SUFFIX$SUFFIX/$SUFFIX/g"`. -You can deploy them by running `kubectl kustomize . | sed "s/$SUFFIX$SUFFIX/$SUFFIX/g" | kubectl apply -f`. - -_Note: for this variation, `kubectl apply -k .` alone won't work because there is a [known issue currently in Kustomize](https://github.com/kubernetes-sigs/kustomize/issues/4814) where the `tagSuffix` is duplicated. The `sed "s/$SUFFIX$SUFFIX/$SUFFIX/g"` commands above are a temporary workaround._ +You can locally render these manifests by running `kubectl kustomize .` as well as deploying them by running `kubectl apply -k .`. ## Resources diff --git a/kustomize/components/native-grpc-health-check/kustomization.yaml b/kustomize/components/native-grpc-health-check/kustomization.yaml index acb83e195f0..b0ca5b0f452 100644 --- a/kustomize/components/native-grpc-health-check/kustomization.yaml +++ b/kustomize/components/native-grpc-health-check/kustomization.yaml @@ -14,6 +14,25 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component +images: +- name: gcr.io/google-samples/microservices-demo/adservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/cartservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/checkoutservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/currencyservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/emailservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/paymentservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/productcatalogservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/recommendationservice + newTag: CONTAINER_IMAGES_TAG +- name: gcr.io/google-samples/microservices-demo/shippingservice + newTag: CONTAINER_IMAGES_TAG patchesStrategicMerge: # adservice - remove the exec and add the grpc for liveness and readiness probes - |- diff --git a/kustomize/components/service-accounts/README.md b/kustomize/components/service-accounts/README.md index fcea7accc8a..a4634b860c3 100644 --- a/kustomize/components/service-accounts/README.md +++ b/kustomize/components/service-accounts/README.md @@ -1,6 +1,6 @@ # Create Kubernetes Service Accounts for Online Boutique -Creating a `ServiceAccount` per `Deployment` could be helpful if you need to define a fine granular identity for each `Deployment` in your Kubernetes clusters. This could help if for example you want to give specific Google Cloud IAM role binding by leveraging [Workload Identity with GKE](/docs/workload-identity.md). Another scenario could be if you want to define fine granular [`AuthorizationPolicies` with Istio/ASM](https://cloud.google.com/service-mesh/docs/by-example/authz). +Creating a `ServiceAccount` per `Deployment` could be helpful if you need to define a fine granular identity for each `Deployment` in your Kubernetes clusters. This could help if for example you want to give specific Google Cloud IAM role binding by leveraging [Workload Identity with GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#enable). Another scenario could be if you want to define fine granular [`AuthorizationPolicies` with Istio/ASM](https://cloud.google.com/service-mesh/docs/by-example/authz). ## Deploy Online Boutique with `ServiceAccounts` via Kustomize diff --git a/terraform/memorystore.tf b/terraform/memorystore.tf index c15e24afa42..f7a1eea8498 100644 --- a/terraform/memorystore.tf +++ b/terraform/memorystore.tf @@ -34,7 +34,7 @@ resource "google_redis_instance" "redis-cart" { resource "null_resource" "kustomization-update" { provisioner "local-exec" { interpreter = ["bash", "-exc"] - command = "sed -i \"s/\"REDIS_ADDR\"/${google_redis_instance.redis-cart[0].host}:${google_redis_instance.redis-cart[0].port}/g\" ../kustomize/components/memorystore/kustomization.yaml" + command = "sed -i \"s/REDIS_CONNECTION_STRING/${google_redis_instance.redis-cart[0].host}:${google_redis_instance.redis-cart[0].port}/g\" ../kustomize/components/memorystore/kustomization.yaml" } # count specifies the number of instances to create;