Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Case: POC Cloud Run knative container on Anthos Service Mesh (Istio) GKE cluster via Cloud Deploy canary KCC deployment - max coverage / min spanning service tree #339

Open
fmichaelobrien opened this issue Apr 18, 2023 · 3 comments
Open

Use Case: POC Cloud Run knative container on Anthos Service Mesh (Istio) GKE cluster via Cloud Deploy canary KCC deployment - max coverage / min spanning service tree #339

fmichaelobrien opened this issue Apr 18, 2023 · 3 comments
Assignees
@fmichaelobrien
Labels
canary Service New service to be added

Comments

@fmichaelobrien
Copy link
Contributor

fmichaelobrien commented Apr 18, 2023
edited
Loading

Design/implement a POC KCC deployment via Cloud Deploy of a cloud run application on an ASM/Istio (Anthos Service Mesh) GKE cluster.
Add Cloud Armor, CDN, WAF (WAAP https://cloud.google.com/solutions/web-app-and-api-protection), PSC/VPC-SC, Shared-VPC, DNS

Assets

Diagrams

graph LR;
    style Architecture fill:#44f,stroke:#f66,stroke-width:2px,color:#fff,stroke-dasharray: 5 5
    %% architecture
  cloud-deploy-->canary-pipeline;
  cloud-run-->anthos-service-mesh;
  anthos-service-mesh-->anthos-gke-cluster;
Loading 
graph TD;
  mobile-client-->GFE;
  GFE-->L7LB;
  Cloud-Armor-->L7LB;
  Cloud-CDN-->L7LB;
  PSC-->VPC-SC;
Loading
@fmichaelobrien fmichaelobrien self-assigned this Apr 18, 2023
@fmichaelobrien fmichaelobrien added Service New service to be added canary labels Apr 18, 2023
@fmichaelobrien fmichaelobrien changed the title Use Case: POC Cloud Run knative container on Anthos Service Mesh (Istio) GKE cluster via Cloud Deploy canary KCC deployment Use Case: POC Cloud Run knative container on Anthos Service Mesh (Istio) GKE cluster via Cloud Deploy canary KCC deployment - max coverage / min spanning service tree Apr 18, 2023
@fmichaelobrien fmichaelobrien mentioned this issue Jul 19, 2023
Open
@fmichaelobrien
Copy link
Contributor Author

https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/dev/solutions/landing-zone/architecture.md#di-25-continuous-delivery-pipelines
ref: #432
ref: #430
ref: #339
ref: #344
ref: #192
ref: #409

@fmichaelobrien fmichaelobrien mentioned this issue Jul 19, 2023
Open
@fmichaelobrien
Copy link
Contributor Author

https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/dev/solutions/landing-zone/architecture.md#di-25-continuous-delivery-pipelines
ref: #432
ref: #430
ref: #418
ref: #339
ref: #344
ref: #192
ref: #409

@fmichaelobrien fmichaelobrien mentioned this issue Jul 19, 2023
Open
fmichaelobrien added a commit that referenced this issue Jul 19, 2023
@fmichaelobrien
#339 - revisit cloud deploy
53ce693
@obriensystems
Copy link
Collaborator

GCP Default Docker Container

gcloud compute instances create-with-container instance-20240227-002215 --project=cuda-old --zone=us-central1-a --machine-type=e2-medium --network-interface=address=34.69.213.211,network-tier=PREMIUM,stack-type=IPV4_ONLY,subnet=default --maintenance-policy=MIGRATE --provisioning-model=STANDARD --service-account=196717963363-compute@developer.gserviceaccount.com --scopes=https://www.googleapis.com/auth/cloud-platform --image=projects/cos-cloud/global/images/cos-stable-109-17800-147-15 --boot-disk-size=10GB --boot-disk-type=pd-balanced --boot-disk-device-name=instance-20240227-002215 --container-image=obrienlabs/magellan-nbi:0.0.3-ia64 --container-restart-policy=always --no-shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring --labels=goog-ec-src=vm_add-gcloud,container-vm=cos-stable-109-17800-147-15

Just need to expose the ports
michael@instance-20240227-002215 ~ $ docker ps -a
CONTAINER ID   IMAGE                                COMMAND                  CREATED             STATUS             PORTS     NAMES
d56ed6dbcdde   obrienlabs/magellan-nbi:0.0.3-ia64   "java -Djava.securit…"   About an hour ago   Up About an hour             klt-instance-20240227-002215-mdvq
michael@instance-20240227-002215 ~ $ docker exec -it d56ed6dbcdde bash
root@instance-20240227-002215:/# curl http://127.0.0.1:8080/nbi/api
{"id":1,"content":"PASS remoteAddr: 127.0.0.1 localAddr: 127.0.0.1 remoteHost: 127.0.0.1 serverName: 127.0.0.1"}root@instance-20240227-002215:/# 


stop and restart
michael@instance-20240227-002215 ~ $ docker run --name magellan -d -p 80:8080 obrienlabs/magellan-nbi:0.0.3-ia64 
d126be243fa0525de04bf7d4a60cb734d9159233e380e3b58d1521ab5671f9f9
michael@instance-20240227-002215 ~ $ docker ps
CONTAINER ID   IMAGE                                COMMAND                  CREATED         STATUS         PORTS                                   NAMES
d126be243fa0   obrienlabs/magellan-nbi:0.0.3-ia64   "java -Djava.securit…"   3 seconds ago   Up 2 seconds   0.0.0.0:80->8080/tcp, :::80->8080/tcp   magellan
michael@instance-20240227-002215 ~ $ 

michael@instance-20240227-002215 ~ $ curl http://127.0.0.1/nbi/api
{"id":1,"content":"PASS remoteAddr: 172.17.0.1 localAddr: 172.17.0.2 remoteHost: 172.17.0.1 serverName: 127.0.0.1"}


open up the firewall to instances not just tags
{
  "allowed": [
    {
      "IPProtocol": "tcp",
      "ports": [
        "80"
      ]
    }
  ],
  "creationTimestamp": "2023-11-30T10:27:00.856-08:00",
  "description": "",
  "direction": "INGRESS",
  "disabled": false,
  "enableLogging": false,
  "id": "1173403927618874651",
  "kind": "compute#firewall",
  "logConfig": {
    "enable": false
  },
  "name": "default-allow-http",
  "network": "projects/cuda-old/global/networks/default",
  "priority": 1000,
  "selfLink": "projects/cuda-old/global/firewalls/default-allow-http",
  "sourceRanges": [
    "0.0.0.0/0"
  ],
  "targetTags": [
    "http-server"
  ]
}

image

swagger

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fmichaelobrien fmichaelobrien

Labels
canary Service New service to be added
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@obriensystems @fmichaelobrien