diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index 0f52553100e..9b4fb641f85 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -29,10 +29,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.10.1 +version: 0.10.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.10.1" +appVersion: "v0.10.2" diff --git a/kustomize/base/adservice.yaml b/kustomize/base/adservice.yaml index ea9addb7fb8..5ef402d8f62 100644 --- a/kustomize/base/adservice.yaml +++ b/kustomize/base/adservice.yaml @@ -43,7 +43,7 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: us-central1-docker.pkg.dev/google-samples/microservices-demo/adservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/adservice:v0.10.2 ports: - containerPort: 9555 env: diff --git a/kustomize/base/cartservice.yaml b/kustomize/base/cartservice.yaml index 49d1f43033f..90481f057ff 100644 --- a/kustomize/base/cartservice.yaml +++ b/kustomize/base/cartservice.yaml @@ -43,7 +43,7 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: us-central1-docker.pkg.dev/google-samples/microservices-demo/cartservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/cartservice:v0.10.2 ports: - containerPort: 7070 env: diff --git a/kustomize/base/checkoutservice.yaml b/kustomize/base/checkoutservice.yaml index 8d69bd2b62b..01251d9246e 100644 --- a/kustomize/base/checkoutservice.yaml +++ b/kustomize/base/checkoutservice.yaml @@ -42,7 +42,7 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: us-central1-docker.pkg.dev/google-samples/microservices-demo/checkoutservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/checkoutservice:v0.10.2 ports: - containerPort: 5050 readinessProbe: diff --git a/kustomize/base/currencyservice.yaml b/kustomize/base/currencyservice.yaml index 0314fd096b2..3d64d6fd408 100644 --- a/kustomize/base/currencyservice.yaml +++ b/kustomize/base/currencyservice.yaml @@ -43,7 +43,7 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: us-central1-docker.pkg.dev/google-samples/microservices-demo/currencyservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/currencyservice:v0.10.2 ports: - name: grpc containerPort: 7000 diff --git a/kustomize/base/emailservice.yaml b/kustomize/base/emailservice.yaml index d7cc3f13f1e..eac7d1c666f 100644 --- a/kustomize/base/emailservice.yaml +++ b/kustomize/base/emailservice.yaml @@ -43,7 +43,7 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: us-central1-docker.pkg.dev/google-samples/microservices-demo/emailservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/emailservice:v0.10.2 ports: - containerPort: 8080 env: diff --git a/kustomize/base/frontend.yaml b/kustomize/base/frontend.yaml index 301f2101caa..c9f2d35a7d3 100644 --- a/kustomize/base/frontend.yaml +++ b/kustomize/base/frontend.yaml @@ -44,7 +44,7 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: us-central1-docker.pkg.dev/google-samples/microservices-demo/frontend:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/frontend:v0.10.2 ports: - containerPort: 8080 readinessProbe: diff --git a/kustomize/base/loadgenerator.yaml b/kustomize/base/loadgenerator.yaml index 4e5119aaf8d..9b3335769b2 100644 --- a/kustomize/base/loadgenerator.yaml +++ b/kustomize/base/loadgenerator.yaml @@ -77,7 +77,7 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: us-central1-docker.pkg.dev/google-samples/microservices-demo/loadgenerator:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/loadgenerator:v0.10.2 env: - name: FRONTEND_ADDR value: "frontend:80" diff --git a/kustomize/base/paymentservice.yaml b/kustomize/base/paymentservice.yaml index 75998a6e618..d9664020021 100644 --- a/kustomize/base/paymentservice.yaml +++ b/kustomize/base/paymentservice.yaml @@ -43,7 +43,7 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: us-central1-docker.pkg.dev/google-samples/microservices-demo/paymentservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/paymentservice:v0.10.2 ports: - containerPort: 50051 env: diff --git a/kustomize/base/productcatalogservice.yaml b/kustomize/base/productcatalogservice.yaml index a7b85d6daf7..f645b741c14 100644 --- a/kustomize/base/productcatalogservice.yaml +++ b/kustomize/base/productcatalogservice.yaml @@ -43,7 +43,7 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: us-central1-docker.pkg.dev/google-samples/microservices-demo/productcatalogservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/productcatalogservice:v0.10.2 ports: - containerPort: 3550 env: diff --git a/kustomize/base/recommendationservice.yaml b/kustomize/base/recommendationservice.yaml index d33af5b0d16..8f2ae7dd661 100644 --- a/kustomize/base/recommendationservice.yaml +++ b/kustomize/base/recommendationservice.yaml @@ -43,7 +43,7 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: us-central1-docker.pkg.dev/google-samples/microservices-demo/recommendationservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/recommendationservice:v0.10.2 ports: - containerPort: 8080 readinessProbe: diff --git a/kustomize/base/shippingservice.yaml b/kustomize/base/shippingservice.yaml index 236ca10fb5e..5e0a680b310 100644 --- a/kustomize/base/shippingservice.yaml +++ b/kustomize/base/shippingservice.yaml @@ -42,7 +42,7 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: us-central1-docker.pkg.dev/google-samples/microservices-demo/shippingservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/shippingservice:v0.10.2 ports: - containerPort: 50051 env: diff --git a/release/kubernetes-manifests.yaml b/release/kubernetes-manifests.yaml index 022c3797649..c74678c40b5 100644 --- a/release/kubernetes-manifests.yaml +++ b/release/kubernetes-manifests.yaml @@ -21,178 +21,19 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: currencyservice - labels: - app: currencyservice -spec: - selector: - matchLabels: - app: currencyservice - template: - metadata: - labels: - app: currencyservice - spec: - serviceAccountName: currencyservice - terminationGracePeriodSeconds: 5 - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - containers: - - name: server - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - image: gcr.io/google-samples/microservices-demo/currencyservice:v0.10.1 - ports: - - name: grpc - containerPort: 7000 - env: - - name: PORT - value: "7000" - - name: DISABLE_PROFILER - value: "1" - readinessProbe: - grpc: - port: 7000 - livenessProbe: - grpc: - port: 7000 - resources: - requests: - cpu: 100m - memory: 64Mi - limits: - cpu: 200m - memory: 128Mi ---- -apiVersion: v1 -kind: Service -metadata: - name: currencyservice - labels: - app: currencyservice -spec: - type: ClusterIP - selector: - app: currencyservice - ports: - - name: grpc - port: 7000 - targetPort: 7000 ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: currencyservice ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: loadgenerator - labels: - app: loadgenerator -spec: - selector: - matchLabels: - app: loadgenerator - replicas: 1 - template: - metadata: - labels: - app: loadgenerator - annotations: - sidecar.istio.io/rewriteAppHTTPProbers: "true" - spec: - serviceAccountName: loadgenerator - terminationGracePeriodSeconds: 5 - restartPolicy: Always - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - initContainers: - - command: - - /bin/sh - - -exc - - | - MAX_RETRIES=12 - RETRY_INTERVAL=10 - for i in $(seq 1 $MAX_RETRIES); do - echo "Attempt $i: Pinging frontend: ${FRONTEND_ADDR}..." - STATUSCODE=$(wget --server-response http://${FRONTEND_ADDR} 2>&1 | awk '/^ HTTP/{print $2}') - if [ $STATUSCODE -eq 200 ]; then - echo "Frontend is reachable." - exit 0 - fi - echo "Error: Could not reach frontend - Status code: ${STATUSCODE}" - sleep $RETRY_INTERVAL - done - echo "Failed to reach frontend after $MAX_RETRIES attempts." - exit 1 - name: frontend-check - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - image: busybox:latest - env: - - name: FRONTEND_ADDR - value: "frontend:80" - containers: - - name: main - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - image: gcr.io/google-samples/microservices-demo/loadgenerator:v0.10.1 - env: - - name: FRONTEND_ADDR - value: "frontend:80" - - name: USERS - value: "10" - resources: - requests: - cpu: 300m - memory: 256Mi - limits: - cpu: 500m - memory: 512Mi ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: loadgenerator ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: productcatalogservice + name: emailservice labels: - app: productcatalogservice + app: emailservice spec: selector: matchLabels: - app: productcatalogservice + app: emailservice template: metadata: labels: - app: productcatalogservice + app: emailservice spec: - serviceAccountName: productcatalogservice + serviceAccountName: emailservice terminationGracePeriodSeconds: 5 securityContext: fsGroup: 1000 @@ -208,20 +49,22 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: gcr.io/google-samples/microservices-demo/productcatalogservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/emailservice:v0.10.2 ports: - - containerPort: 3550 + - containerPort: 8080 env: - name: PORT - value: "3550" + value: "8080" - name: DISABLE_PROFILER value: "1" readinessProbe: + periodSeconds: 5 grpc: - port: 3550 + port: 8080 livenessProbe: + periodSeconds: 5 grpc: - port: 3550 + port: 8080 resources: requests: cpu: 100m @@ -233,22 +76,22 @@ spec: apiVersion: v1 kind: Service metadata: - name: productcatalogservice + name: emailservice labels: - app: productcatalogservice + app: emailservice spec: type: ClusterIP selector: - app: productcatalogservice + app: emailservice ports: - name: grpc - port: 3550 - targetPort: 3550 + port: 5000 + targetPort: 8080 --- apiVersion: v1 kind: ServiceAccount metadata: - name: productcatalogservice + name: emailservice --- apiVersion: apps/v1 kind: Deployment @@ -280,7 +123,7 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: gcr.io/google-samples/microservices-demo/checkoutservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/checkoutservice:v0.10.2 ports: - containerPort: 5050 readinessProbe: @@ -335,19 +178,20 @@ metadata: apiVersion: apps/v1 kind: Deployment metadata: - name: shippingservice + name: recommendationservice labels: - app: shippingservice + app: recommendationservice spec: selector: matchLabels: - app: shippingservice + app: recommendationservice template: metadata: labels: - app: shippingservice + app: recommendationservice spec: - serviceAccountName: shippingservice + serviceAccountName: recommendationservice + terminationGracePeriodSeconds: 5 securityContext: fsGroup: 1000 runAsGroup: 1000 @@ -362,145 +206,204 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: gcr.io/google-samples/microservices-demo/shippingservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/recommendationservice:v0.10.2 ports: - - containerPort: 50051 - env: - - name: PORT - value: "50051" - - name: DISABLE_PROFILER - value: "1" + - containerPort: 8080 readinessProbe: periodSeconds: 5 grpc: - port: 50051 + port: 8080 livenessProbe: + periodSeconds: 5 grpc: - port: 50051 + port: 8080 + env: + - name: PORT + value: "8080" + - name: PRODUCT_CATALOG_SERVICE_ADDR + value: "productcatalogservice:3550" + - name: DISABLE_PROFILER + value: "1" resources: requests: cpu: 100m - memory: 64Mi + memory: 220Mi limits: cpu: 200m - memory: 128Mi + memory: 450Mi --- apiVersion: v1 kind: Service metadata: - name: shippingservice + name: recommendationservice labels: - app: shippingservice + app: recommendationservice spec: type: ClusterIP selector: - app: shippingservice + app: recommendationservice ports: - name: grpc - port: 50051 - targetPort: 50051 + port: 8080 + targetPort: 8080 --- apiVersion: v1 kind: ServiceAccount metadata: - name: shippingservice + name: recommendationservice --- apiVersion: apps/v1 kind: Deployment metadata: - name: cartservice + name: frontend labels: - app: cartservice + app: frontend spec: selector: matchLabels: - app: cartservice + app: frontend template: metadata: labels: - app: cartservice + app: frontend + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" spec: - serviceAccountName: cartservice - terminationGracePeriodSeconds: 5 + serviceAccountName: frontend securityContext: fsGroup: 1000 runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 containers: - - name: server - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - image: gcr.io/google-samples/microservices-demo/cartservice:v0.10.1 - ports: - - containerPort: 7070 - env: - - name: REDIS_ADDR - value: "redis-cart:6379" - resources: - requests: - cpu: 200m - memory: 64Mi - limits: - cpu: 300m - memory: 128Mi - readinessProbe: - initialDelaySeconds: 15 - grpc: - port: 7070 - livenessProbe: - initialDelaySeconds: 15 - periodSeconds: 10 - grpc: - port: 7070 + - name: server + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/frontend:v0.10.2 + ports: + - containerPort: 8080 + readinessProbe: + initialDelaySeconds: 10 + httpGet: + path: "/_healthz" + port: 8080 + httpHeaders: + - name: "Cookie" + value: "shop_session-id=x-readiness-probe" + livenessProbe: + initialDelaySeconds: 10 + httpGet: + path: "/_healthz" + port: 8080 + httpHeaders: + - name: "Cookie" + value: "shop_session-id=x-liveness-probe" + env: + - name: PORT + value: "8080" + - name: PRODUCT_CATALOG_SERVICE_ADDR + value: "productcatalogservice:3550" + - name: CURRENCY_SERVICE_ADDR + value: "currencyservice:7000" + - name: CART_SERVICE_ADDR + value: "cartservice:7070" + - name: RECOMMENDATION_SERVICE_ADDR + value: "recommendationservice:8080" + - name: SHIPPING_SERVICE_ADDR + value: "shippingservice:50051" + - name: CHECKOUT_SERVICE_ADDR + value: "checkoutservice:5050" + - name: AD_SERVICE_ADDR + value: "adservice:9555" + - name: SHOPPING_ASSISTANT_SERVICE_ADDR + value: "shoppingassistantservice:80" + # # ENV_PLATFORM: One of: local, gcp, aws, azure, onprem, alibaba + # # When not set, defaults to "local" unless running in GKE, otherwies auto-sets to gcp + # - name: ENV_PLATFORM + # value: "aws" + - name: ENABLE_PROFILER + value: "0" + # - name: CYMBAL_BRANDING + # value: "true" + # - name: ENABLE_ASSISTANT + # value: "true" + # - name: FRONTEND_MESSAGE + # value: "Replace this with a message you want to display on all pages." + # As part of an optional Google Cloud demo, you can run an optional microservice called the "packaging service". + # - name: PACKAGING_SERVICE_URL + # value: "" # This value would look like "http://123.123.123" + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi --- apiVersion: v1 kind: Service metadata: - name: cartservice + name: frontend labels: - app: cartservice + app: frontend spec: type: ClusterIP selector: - app: cartservice + app: frontend ports: - - name: grpc - port: 7070 - targetPort: 7070 + - name: http + port: 80 + targetPort: 8080 +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-external + labels: + app: frontend +spec: + type: LoadBalancer + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 8080 --- apiVersion: v1 kind: ServiceAccount metadata: - name: cartservice + name: frontend --- apiVersion: apps/v1 kind: Deployment metadata: - name: redis-cart + name: paymentservice labels: - app: redis-cart + app: paymentservice spec: selector: matchLabels: - app: redis-cart + app: paymentservice template: metadata: labels: - app: redis-cart + app: paymentservice spec: + serviceAccountName: paymentservice + terminationGracePeriodSeconds: 5 securityContext: fsGroup: 1000 runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 containers: - - name: redis + - name: server securityContext: allowPrivilegeEscalation: false capabilities: @@ -508,62 +411,64 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: redis:alpine + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/paymentservice:v0.10.2 ports: - - containerPort: 6379 + - containerPort: 50051 + env: + - name: PORT + value: "50051" + - name: DISABLE_PROFILER + value: "1" readinessProbe: - periodSeconds: 5 - tcpSocket: - port: 6379 + grpc: + port: 50051 livenessProbe: - periodSeconds: 5 - tcpSocket: - port: 6379 - volumeMounts: - - mountPath: /data - name: redis-data + grpc: + port: 50051 resources: - limits: - memory: 256Mi - cpu: 125m requests: - cpu: 70m - memory: 200Mi - volumes: - - name: redis-data - emptyDir: {} + cpu: 100m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi --- apiVersion: v1 kind: Service metadata: - name: redis-cart + name: paymentservice labels: - app: redis-cart + app: paymentservice spec: type: ClusterIP selector: - app: redis-cart + app: paymentservice ports: - - name: tcp-redis - port: 6379 - targetPort: 6379 + - name: grpc + port: 50051 + targetPort: 50051 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: paymentservice --- apiVersion: apps/v1 kind: Deployment metadata: - name: emailservice + name: productcatalogservice labels: - app: emailservice + app: productcatalogservice spec: selector: matchLabels: - app: emailservice + app: productcatalogservice template: metadata: labels: - app: emailservice + app: productcatalogservice spec: - serviceAccountName: emailservice + serviceAccountName: productcatalogservice terminationGracePeriodSeconds: 5 securityContext: fsGroup: 1000 @@ -579,22 +484,20 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: gcr.io/google-samples/microservices-demo/emailservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/productcatalogservice:v0.10.2 ports: - - containerPort: 8080 + - containerPort: 3550 env: - name: PORT - value: "8080" + value: "3550" - name: DISABLE_PROFILER value: "1" readinessProbe: - periodSeconds: 5 grpc: - port: 8080 + port: 3550 livenessProbe: - periodSeconds: 5 grpc: - port: 8080 + port: 3550 resources: requests: cpu: 100m @@ -606,39 +509,39 @@ spec: apiVersion: v1 kind: Service metadata: - name: emailservice + name: productcatalogservice labels: - app: emailservice + app: productcatalogservice spec: type: ClusterIP selector: - app: emailservice + app: productcatalogservice ports: - name: grpc - port: 5000 - targetPort: 8080 + port: 3550 + targetPort: 3550 --- apiVersion: v1 kind: ServiceAccount metadata: - name: emailservice + name: productcatalogservice --- apiVersion: apps/v1 kind: Deployment metadata: - name: paymentservice + name: cartservice labels: - app: paymentservice + app: cartservice spec: selector: matchLabels: - app: paymentservice + app: cartservice template: metadata: labels: - app: paymentservice + app: cartservice spec: - serviceAccountName: paymentservice + serviceAccountName: cartservice terminationGracePeriodSeconds: 5 securityContext: fsGroup: 1000 @@ -654,192 +557,219 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: gcr.io/google-samples/microservices-demo/paymentservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/cartservice:v0.10.2 ports: - - containerPort: 50051 + - containerPort: 7070 env: - - name: PORT - value: "50051" - - name: DISABLE_PROFILER - value: "1" - readinessProbe: - grpc: - port: 50051 - livenessProbe: - grpc: - port: 50051 + - name: REDIS_ADDR + value: "redis-cart:6379" resources: requests: - cpu: 100m + cpu: 200m memory: 64Mi limits: - cpu: 200m + cpu: 300m memory: 128Mi + readinessProbe: + initialDelaySeconds: 15 + grpc: + port: 7070 + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 10 + grpc: + port: 7070 --- apiVersion: v1 kind: Service metadata: - name: paymentservice + name: cartservice labels: - app: paymentservice + app: cartservice spec: type: ClusterIP selector: - app: paymentservice + app: cartservice ports: - name: grpc - port: 50051 - targetPort: 50051 + port: 7070 + targetPort: 7070 --- apiVersion: v1 kind: ServiceAccount metadata: - name: paymentservice + name: cartservice --- apiVersion: apps/v1 kind: Deployment metadata: - name: frontend + name: redis-cart labels: - app: frontend + app: redis-cart spec: selector: matchLabels: - app: frontend + app: redis-cart template: metadata: labels: - app: frontend - annotations: - sidecar.istio.io/rewriteAppHTTPProbers: "true" + app: redis-cart spec: - serviceAccountName: frontend securityContext: fsGroup: 1000 runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 containers: - - name: server - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - image: gcr.io/google-samples/microservices-demo/frontend:v0.10.1 - ports: - - containerPort: 8080 - readinessProbe: - initialDelaySeconds: 10 - httpGet: - path: "/_healthz" - port: 8080 - httpHeaders: - - name: "Cookie" - value: "shop_session-id=x-readiness-probe" - livenessProbe: - initialDelaySeconds: 10 - httpGet: - path: "/_healthz" - port: 8080 - httpHeaders: - - name: "Cookie" - value: "shop_session-id=x-liveness-probe" - env: - - name: PORT - value: "8080" - - name: PRODUCT_CATALOG_SERVICE_ADDR - value: "productcatalogservice:3550" - - name: CURRENCY_SERVICE_ADDR - value: "currencyservice:7000" - - name: CART_SERVICE_ADDR - value: "cartservice:7070" - - name: RECOMMENDATION_SERVICE_ADDR - value: "recommendationservice:8080" - - name: SHIPPING_SERVICE_ADDR - value: "shippingservice:50051" - - name: CHECKOUT_SERVICE_ADDR - value: "checkoutservice:5050" - - name: AD_SERVICE_ADDR - value: "adservice:9555" - - name: SHOPPING_ASSISTANT_SERVICE_ADDR - value: "shoppingassistantservice:80" - # # ENV_PLATFORM: One of: local, gcp, aws, azure, onprem, alibaba - # # When not set, defaults to "local" unless running in GKE, otherwies auto-sets to gcp - # - name: ENV_PLATFORM - # value: "aws" - - name: ENABLE_PROFILER - value: "0" - # - name: CYMBAL_BRANDING - # value: "true" - # - name: ENABLE_ASSISTANT - # value: "true" - # - name: FRONTEND_MESSAGE - # value: "Replace this with a message you want to display on all pages." - # As part of an optional Google Cloud demo, you can run an optional microservice called the "packaging service". - # - name: PACKAGING_SERVICE_URL - # value: "" # This value would look like "http://123.123.123" - resources: - requests: - cpu: 100m - memory: 64Mi - limits: - cpu: 200m - memory: 128Mi + - name: redis + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + image: redis:alpine + ports: + - containerPort: 6379 + readinessProbe: + periodSeconds: 5 + tcpSocket: + port: 6379 + livenessProbe: + periodSeconds: 5 + tcpSocket: + port: 6379 + volumeMounts: + - mountPath: /data + name: redis-data + resources: + limits: + memory: 256Mi + cpu: 125m + requests: + cpu: 70m + memory: 200Mi + volumes: + - name: redis-data + emptyDir: {} --- apiVersion: v1 kind: Service metadata: - name: frontend + name: redis-cart labels: - app: frontend + app: redis-cart spec: type: ClusterIP selector: - app: frontend + app: redis-cart ports: - - name: http - port: 80 - targetPort: 8080 + - name: tcp-redis + port: 6379 + targetPort: 6379 --- -apiVersion: v1 -kind: Service +apiVersion: apps/v1 +kind: Deployment metadata: - name: frontend-external + name: loadgenerator labels: - app: frontend + app: loadgenerator spec: - type: LoadBalancer selector: - app: frontend - ports: - - name: http - port: 80 - targetPort: 8080 + matchLabels: + app: loadgenerator + replicas: 1 + template: + metadata: + labels: + app: loadgenerator + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + spec: + serviceAccountName: loadgenerator + terminationGracePeriodSeconds: 5 + restartPolicy: Always + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - command: + - /bin/sh + - -exc + - | + MAX_RETRIES=12 + RETRY_INTERVAL=10 + for i in $(seq 1 $MAX_RETRIES); do + echo "Attempt $i: Pinging frontend: ${FRONTEND_ADDR}..." + STATUSCODE=$(wget --server-response http://${FRONTEND_ADDR} 2>&1 | awk '/^ HTTP/{print $2}') + if [ $STATUSCODE -eq 200 ]; then + echo "Frontend is reachable." + exit 0 + fi + echo "Error: Could not reach frontend - Status code: ${STATUSCODE}" + sleep $RETRY_INTERVAL + done + echo "Failed to reach frontend after $MAX_RETRIES attempts." + exit 1 + name: frontend-check + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + image: busybox:latest + env: + - name: FRONTEND_ADDR + value: "frontend:80" + containers: + - name: main + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/loadgenerator:v0.10.2 + env: + - name: FRONTEND_ADDR + value: "frontend:80" + - name: USERS + value: "10" + resources: + requests: + cpu: 300m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi --- apiVersion: v1 kind: ServiceAccount metadata: - name: frontend + name: loadgenerator --- apiVersion: apps/v1 kind: Deployment metadata: - name: recommendationservice + name: currencyservice labels: - app: recommendationservice + app: currencyservice spec: selector: matchLabels: - app: recommendationservice + app: currencyservice template: metadata: labels: - app: recommendationservice + app: currencyservice spec: - serviceAccountName: recommendationservice + serviceAccountName: currencyservice terminationGracePeriodSeconds: 5 securityContext: fsGroup: 1000 @@ -855,51 +785,121 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: gcr.io/google-samples/microservices-demo/recommendationservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/currencyservice:v0.10.2 ports: - - containerPort: 8080 + - name: grpc + containerPort: 7000 + env: + - name: PORT + value: "7000" + - name: DISABLE_PROFILER + value: "1" readinessProbe: - periodSeconds: 5 grpc: - port: 8080 + port: 7000 livenessProbe: - periodSeconds: 5 grpc: - port: 8080 + port: 7000 + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: currencyservice + labels: + app: currencyservice +spec: + type: ClusterIP + selector: + app: currencyservice + ports: + - name: grpc + port: 7000 + targetPort: 7000 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: currencyservice +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: shippingservice + labels: + app: shippingservice +spec: + selector: + matchLabels: + app: shippingservice + template: + metadata: + labels: + app: shippingservice + spec: + serviceAccountName: shippingservice + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: server + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/shippingservice:v0.10.2 + ports: + - containerPort: 50051 env: - name: PORT - value: "8080" - - name: PRODUCT_CATALOG_SERVICE_ADDR - value: "productcatalogservice:3550" + value: "50051" - name: DISABLE_PROFILER value: "1" + readinessProbe: + periodSeconds: 5 + grpc: + port: 50051 + livenessProbe: + grpc: + port: 50051 resources: requests: cpu: 100m - memory: 220Mi + memory: 64Mi limits: cpu: 200m - memory: 450Mi + memory: 128Mi --- apiVersion: v1 kind: Service metadata: - name: recommendationservice + name: shippingservice labels: - app: recommendationservice + app: shippingservice spec: type: ClusterIP selector: - app: recommendationservice + app: shippingservice ports: - name: grpc - port: 8080 - targetPort: 8080 + port: 50051 + targetPort: 50051 --- apiVersion: v1 kind: ServiceAccount metadata: - name: recommendationservice + name: shippingservice --- apiVersion: apps/v1 kind: Deployment @@ -932,7 +932,7 @@ spec: - ALL privileged: false readOnlyRootFilesystem: true - image: gcr.io/google-samples/microservices-demo/adservice:v0.10.1 + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/adservice:v0.10.2 ports: - containerPort: 9555 env: