diff --git a/accounts-db-dev/Kptfile b/accounts-db-dev/Kptfile new file mode 100644 index 0000000..766190e --- /dev/null +++ b/accounts-db-dev/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: accounts-db-dev + labels: + app: accounts-db + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /accounts-db + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /accounts-db + ref: bank-of-anthos-pkgs + commit: 08c7473c2b4b641c1efb4a520c39c551b87eda0b +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/accounts-db-dev/README.md b/accounts-db-dev/README.md new file mode 100644 index 0000000..8bffa25 --- /dev/null +++ b/accounts-db-dev/README.md @@ -0,0 +1,21 @@ +# base-db + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-db` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-db` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-db +kpt live apply base-db --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/accounts-db-dev/configmap-db-config.yaml b/accounts-db-dev/configmap-db-config.yaml new file mode 100644 index 0000000..f2d7057 --- /dev/null +++ b/accounts-db-dev/configmap-db-config.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/db-config + name: db-config + namespace: accounts-db-dev + labels: + app: accounts-db + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|db-config' +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + ACCOUNTS_DB_URI: postgresql://db-admin:db-pwd@base-db:5432/base-db diff --git a/accounts-db-dev/configmap-demo-data.yaml b/accounts-db-dev/configmap-demo-data.yaml new file mode 100644 index 0000000..6b9b402 --- /dev/null +++ b/accounts-db-dev/configmap-demo-data.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: accounts-db-dev/demo-data-config + name: demo-data-config + namespace: accounts-db-dev + labels: + app: accounts-db + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|accounts-db-dev|demo-data-config' +data: + USE_DEMO_DATA: "True" + DEMO_LOGIN_USERNAME: testuser + # All demo user accounts are hardcoded to use the login password 'bankofanthos' + DEMO_LOGIN_PASSWORD: bankofanthos diff --git a/accounts-db-dev/configmap-env-config.yaml b/accounts-db-dev/configmap-env-config.yaml new file mode 100644 index 0000000..9be0117 --- /dev/null +++ b/accounts-db-dev/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: accounts-db-dev/environment-config + name: environment-config + namespace: accounts-db-dev + labels: + app: accounts-db + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|accounts-db-dev|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/accounts-db-dev/fn-config-setimage.yaml b/accounts-db-dev/fn-config-setimage.yaml new file mode 100644 index 0000000..3020e0a --- /dev/null +++ b/accounts-db-dev/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: accounts-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-db + newName: gcr.io/bank-of-anthos-ci/accounts-db + newTag: v0.5.6 diff --git a/accounts-db-dev/fn-config-setlabels.yaml b/accounts-db-dev/fn-config-setlabels.yaml new file mode 100644 index 0000000..90191c1 --- /dev/null +++ b/accounts-db-dev/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: accounts-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: accounts-db diff --git a/accounts-db-dev/fn-config-setname.yaml b/accounts-db-dev/fn-config-setname.yaml new file mode 100644 index 0000000..081b6b4 --- /dev/null +++ b/accounts-db-dev/fn-config-setname.yaml @@ -0,0 +1,33 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: accounts-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "StatefulSet": + resource["metadata"]["name"] = pkgName + resource["spec"]["serviceName"] = pkgName + + set_name(ctx.resource_list["items"]) diff --git a/accounts-db-dev/package-context.yaml b/accounts-db-dev/package-context.yaml new file mode 100644 index 0000000..5fc136c --- /dev/null +++ b/accounts-db-dev/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: accounts-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: accounts-db-dev diff --git a/accounts-db-dev/resourcegroup.yaml b/accounts-db-dev/resourcegroup.yaml new file mode 100644 index 0000000..e024049 --- /dev/null +++ b/accounts-db-dev/resourcegroup.yaml @@ -0,0 +1,10 @@ +apiVersion: kpt.dev/v1alpha1 +kind: ResourceGroup +metadata: # kpt-merge: accounts-db-dev/inventory-99865161 + name: inventory-99865161 + namespace: accounts-db-dev + labels: + cli-utils.sigs.k8s.io/inventory-id: 2aca04e392c4f17d91507bedbcc8719d050a9806-1662581639705790000 + app: accounts-db + annotations: + internal.kpt.dev/upstream-identifier: kpt.dev|ResourceGroup|accounts-db-dev|inventory-99865161 diff --git a/accounts-db-dev/service.yaml b/accounts-db-dev/service.yaml new file mode 100644 index 0000000..0e0b451 --- /dev/null +++ b/accounts-db-dev/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-db + name: accounts-db + labels: + tier: db + app: accounts-db + namespace: accounts-db-dev + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-db' +spec: + ports: + - port: 5432 + name: tcp + targetPort: 5432 + protocol: TCP + selector: + tier: db + app: accounts-db diff --git a/accounts-db-dev/statefulset.yaml b/accounts-db-dev/statefulset.yaml new file mode 100644 index 0000000..0cedfcc --- /dev/null +++ b/accounts-db-dev/statefulset.yaml @@ -0,0 +1,65 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_accounts_db_statefulset_accounts_db] +kind: StatefulSet +apiVersion: apps/v1 +metadata: # kpt-merge: example/base-db + name: accounts-db + labels: + tier: db + app: accounts-db + namespace: accounts-db-dev + annotations: + internal.kpt.dev/upstream-identifier: apps|StatefulSet|example|base-db +spec: + serviceName: accounts-db + replicas: 1 + selector: + matchLabels: + tier: db + app: accounts-db + template: + metadata: + labels: + tier: db + app: accounts-db + spec: + serviceAccountName: default + containers: + - name: primary + image: gcr.io/bank-of-anthos-ci/accounts-db:v0.5.6 + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: db-config + - configMapRef: + name: demo-data-config + ports: + - containerPort: 5432 + name: postgredb + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 250m + memory: 512Mi + volumeMounts: + - name: postgresdb + mountPath: /var/lib/postgresql/data + subPath: postgres + volumes: + - name: postgresdb + emptyDir: {} diff --git a/accounts-db/Kptfile b/accounts-db/Kptfile new file mode 100644 index 0000000..6d235a5 --- /dev/null +++ b/accounts-db/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: accounts-db + labels: + app: accounts-db + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-db + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-db + ref: bank-of-anthos-pkgs + commit: 4c4d5c5e2b5fe6dea6851f5985e33711afc753f8 +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/accounts-db/README.md b/accounts-db/README.md new file mode 100644 index 0000000..8bffa25 --- /dev/null +++ b/accounts-db/README.md @@ -0,0 +1,21 @@ +# base-db + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-db` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-db` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-db +kpt live apply base-db --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/accounts-db/configmap-db-config.yaml b/accounts-db/configmap-db-config.yaml new file mode 100644 index 0000000..1a2a828 --- /dev/null +++ b/accounts-db/configmap-db-config.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/db-config + name: db-config + namespace: example + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|db-config' + labels: + app: accounts-db +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + ACCOUNTS_DB_URI: postgresql://db-admin:db-pwd@base-db:5432/base-db diff --git a/accounts-db/fn-config-setimage.yaml b/accounts-db/fn-config-setimage.yaml new file mode 100644 index 0000000..3020e0a --- /dev/null +++ b/accounts-db/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: accounts-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-db + newName: gcr.io/bank-of-anthos-ci/accounts-db + newTag: v0.5.6 diff --git a/accounts-db/fn-config-setlabels.yaml b/accounts-db/fn-config-setlabels.yaml new file mode 100644 index 0000000..90191c1 --- /dev/null +++ b/accounts-db/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: accounts-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: accounts-db diff --git a/accounts-db/fn-config-setname.yaml b/accounts-db/fn-config-setname.yaml new file mode 100644 index 0000000..081b6b4 --- /dev/null +++ b/accounts-db/fn-config-setname.yaml @@ -0,0 +1,33 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: accounts-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "StatefulSet": + resource["metadata"]["name"] = pkgName + resource["spec"]["serviceName"] = pkgName + + set_name(ctx.resource_list["items"]) diff --git a/accounts-db/package-context.yaml b/accounts-db/package-context.yaml new file mode 100644 index 0000000..f339b39 --- /dev/null +++ b/accounts-db/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: accounts-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: example diff --git a/accounts-db/service.yaml b/accounts-db/service.yaml new file mode 100644 index 0000000..d2a5c64 --- /dev/null +++ b/accounts-db/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-db + name: accounts-db + labels: + tier: db + app: accounts-db + namespace: example + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-db' +spec: + ports: + - port: 5432 + name: tcp + targetPort: 5432 + protocol: TCP + selector: + tier: db + app: accounts-db diff --git a/accounts-db/statefulset.yaml b/accounts-db/statefulset.yaml new file mode 100644 index 0000000..eae795d --- /dev/null +++ b/accounts-db/statefulset.yaml @@ -0,0 +1,65 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_accounts_db_statefulset_accounts_db] +kind: StatefulSet +apiVersion: apps/v1 +metadata: # kpt-merge: example/base-db + name: accounts-db + labels: + tier: db + app: accounts-db + namespace: example + annotations: + internal.kpt.dev/upstream-identifier: apps|StatefulSet|example|base-db +spec: + serviceName: accounts-db + replicas: 1 + selector: + matchLabels: + tier: db + app: accounts-db + template: + metadata: + labels: + tier: db + app: accounts-db + spec: + serviceAccountName: default + containers: + - name: primary + image: gcr.io/bank-of-anthos-ci/accounts-db:v0.5.6 + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: db-config + - configMapRef: + name: demo-data-config + ports: + - containerPort: 5432 + name: postgredb + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 250m + memory: 512Mi + volumeMounts: + - name: postgresdb + mountPath: /var/lib/postgresql/data + subPath: postgres + volumes: + - name: postgresdb + emptyDir: {} diff --git a/balancereader-dev/Kptfile b/balancereader-dev/Kptfile new file mode 100644 index 0000000..c1654ee --- /dev/null +++ b/balancereader-dev/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: balancereader-dev + labels: + app: balancereader + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /balancereader + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /balancereader + ref: bank-of-anthos-pkgs + commit: 08c7473c2b4b641c1efb4a520c39c551b87eda0b +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/balancereader-dev/README.md b/balancereader-dev/README.md new file mode 100644 index 0000000..f978af1 --- /dev/null +++ b/balancereader-dev/README.md @@ -0,0 +1,21 @@ +# base-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-app +kpt live apply base-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/balancereader-dev/configmap-env-config.yaml b/balancereader-dev/configmap-env-config.yaml new file mode 100644 index 0000000..24c38d6 --- /dev/null +++ b/balancereader-dev/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: balancereader-dev + labels: + app: balancereader + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/balancereader-dev/configmap-ledger-db.yaml b/balancereader-dev/configmap-ledger-db.yaml new file mode 100644 index 0000000..941be54 --- /dev/null +++ b/balancereader-dev/configmap-ledger-db.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/ledger-db-config + name: ledger-db-config + labels: + app: balancereader + namespace: balancereader-dev + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|ledger-db-config' +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db.ledger-db-dev:5432/db + # SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db.:5432/db + SPRING_DATASOURCE_USERNAME: db-admin # should match POSTGRES_USER + SPRING_DATASOURCE_PASSWORD: db-pwd # should match POSTGRES_PASSWORD diff --git a/balancereader-dev/deployment.yaml b/balancereader-dev/deployment.yaml new file mode 100644 index 0000000..52086b2 --- /dev/null +++ b/balancereader-dev/deployment.yaml @@ -0,0 +1,106 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: # kpt-merge: example/base-app + name: balancereader + namespace: balancereader-dev + labels: + app: balancereader + annotations: + internal.kpt.dev/upstream-identifier: apps|Deployment|example|base-app +spec: + selector: + matchLabels: + app: balancereader + template: + metadata: + labels: + app: balancereader + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: primary + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/balancereader:v0.5.6 + volumeMounts: + - name: keys + mountPath: /tmp/.ssh + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: v0.5.6 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "false" + - name: ENABLE_METRICS + value: "false" + - name: POLL_MS + value: "100" + - name: CACHE_SIZE + value: "1000000" + # tell Java to obey container memory limits + - name: JVM_OPTS + value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xms256m -Xmx512m + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: ledger-db-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 5 + timeoutSeconds: 10 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 120 + periodSeconds: 5 + timeoutSeconds: 10 + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + volumes: + # droot: should this be part of the base-app ? + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + # base-app exposes only public key by default + # - key: jwtRS256.key + # path: privatekey + - emptyDir: {} + name: tmp diff --git a/balancereader-dev/fn-config-setimage.yaml b/balancereader-dev/fn-config-setimage.yaml new file mode 100644 index 0000000..f43ba16 --- /dev/null +++ b/balancereader-dev/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: balancereader + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-app + newName: gcr.io/bank-of-anthos-ci/balancereader + newTag: v0.5.6 diff --git a/balancereader-dev/fn-config-setlabels.yaml b/balancereader-dev/fn-config-setlabels.yaml new file mode 100644 index 0000000..a97c441 --- /dev/null +++ b/balancereader-dev/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: balancereader + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: balancereader diff --git a/balancereader-dev/fn-config-setname.yaml b/balancereader-dev/fn-config-setname.yaml new file mode 100644 index 0000000..4ccea00 --- /dev/null +++ b/balancereader-dev/fn-config-setname.yaml @@ -0,0 +1,31 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: balancereader + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "Deployment": + resource["metadata"]["name"] = pkgName + set_name(ctx.resource_list["items"]) diff --git a/balancereader-dev/package-context.yaml b/balancereader-dev/package-context.yaml new file mode 100644 index 0000000..d4186e8 --- /dev/null +++ b/balancereader-dev/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: balancereader + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: balancereader-dev diff --git a/balancereader-dev/resourcegroup.yaml b/balancereader-dev/resourcegroup.yaml new file mode 100644 index 0000000..1ccf079 --- /dev/null +++ b/balancereader-dev/resourcegroup.yaml @@ -0,0 +1,10 @@ +apiVersion: kpt.dev/v1alpha1 +kind: ResourceGroup +metadata: # kpt-merge: balancereader-dev/inventory-52957346 + name: inventory-52957346 + namespace: balancereader-dev + labels: + cli-utils.sigs.k8s.io/inventory-id: 2ff98c7dfb36097fb10b38d6b5ee1a178b0dd47c-1662508216914293000 + app: balancereader + annotations: + internal.kpt.dev/upstream-identifier: kpt.dev|ResourceGroup|balancereader-dev|inventory-52957346 diff --git a/balancereader-dev/service.yaml b/balancereader-dev/service.yaml new file mode 100644 index 0000000..b5f46d9 --- /dev/null +++ b/balancereader-dev/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-app + name: balancereader + namespace: balancereader-dev + labels: + app: balancereader + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-app' +spec: + type: LoadBalancer + selector: + app: balancereader + ports: + - name: http + port: 80 + targetPort: 8080 diff --git a/balancereader/Kptfile b/balancereader/Kptfile new file mode 100644 index 0000000..6e2f3d0 --- /dev/null +++ b/balancereader/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: balancereader + labels: + app: balancereader + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-app + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-app + ref: bank-of-anthos-pkgs + commit: ba18d8432d618af662efff7d81a63c70e9ba3ab8 +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/balancereader/README.md b/balancereader/README.md new file mode 100644 index 0000000..f978af1 --- /dev/null +++ b/balancereader/README.md @@ -0,0 +1,21 @@ +# base-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-app +kpt live apply base-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/balancereader/configmap-env-config.yaml b/balancereader/configmap-env-config.yaml new file mode 100644 index 0000000..87d0c52 --- /dev/null +++ b/balancereader/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: example + labels: + app: balancereader + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/balancereader/configmap-ledger-db.yaml b/balancereader/configmap-ledger-db.yaml new file mode 100644 index 0000000..a385b9f --- /dev/null +++ b/balancereader/configmap-ledger-db.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/ledger-db-config + name: ledger-db-config + labels: + app: balancereader + namespace: example + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|ledger-db-config' +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db:5432/db + # SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db.:5432/db + SPRING_DATASOURCE_USERNAME: db-admin # should match POSTGRES_USER + SPRING_DATASOURCE_PASSWORD: db-pwd # should match POSTGRES_PASSWORD diff --git a/balancereader/deployment.yaml b/balancereader/deployment.yaml new file mode 100644 index 0000000..1160069 --- /dev/null +++ b/balancereader/deployment.yaml @@ -0,0 +1,106 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: # kpt-merge: example/base-app + name: balancereader + namespace: example + labels: + app: balancereader + annotations: + internal.kpt.dev/upstream-identifier: apps|Deployment|example|base-app +spec: + selector: + matchLabels: + app: balancereader + template: + metadata: + labels: + app: balancereader + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: primary + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/balancereader:v0.5.6 + volumeMounts: + - name: keys + mountPath: /tmp/.ssh + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: v0.5.6 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "false" + - name: ENABLE_METRICS + value: "false" + - name: POLL_MS + value: "100" + - name: CACHE_SIZE + value: "1000000" + # tell Java to obey container memory limits + - name: JVM_OPTS + value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xms256m -Xmx512m + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: ledger-db-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 5 + timeoutSeconds: 10 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 120 + periodSeconds: 5 + timeoutSeconds: 10 + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + volumes: + # droot: should this be part of the base-app ? + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + # base-app exposes only public key by default + # - key: jwtRS256.key + # path: privatekey + - emptyDir: {} + name: tmp diff --git a/balancereader/fn-config-setimage.yaml b/balancereader/fn-config-setimage.yaml new file mode 100644 index 0000000..f43ba16 --- /dev/null +++ b/balancereader/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: balancereader + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-app + newName: gcr.io/bank-of-anthos-ci/balancereader + newTag: v0.5.6 diff --git a/balancereader/fn-config-setlabels.yaml b/balancereader/fn-config-setlabels.yaml new file mode 100644 index 0000000..a97c441 --- /dev/null +++ b/balancereader/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: balancereader + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: balancereader diff --git a/balancereader/fn-config-setname.yaml b/balancereader/fn-config-setname.yaml new file mode 100644 index 0000000..4ccea00 --- /dev/null +++ b/balancereader/fn-config-setname.yaml @@ -0,0 +1,31 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: balancereader + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "Deployment": + resource["metadata"]["name"] = pkgName + set_name(ctx.resource_list["items"]) diff --git a/balancereader/package-context.yaml b/balancereader/package-context.yaml new file mode 100644 index 0000000..38f6847 --- /dev/null +++ b/balancereader/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: balancereader + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: example diff --git a/balancereader/service.yaml b/balancereader/service.yaml new file mode 100644 index 0000000..159ab4b --- /dev/null +++ b/balancereader/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-app + name: balancereader + namespace: example + labels: + app: balancereader + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-app' +spec: + type: LoadBalancer + selector: + app: balancereader + ports: + - name: http + port: 80 + targetPort: 8080 diff --git a/bank-of-anthos/Kptfile b/bank-of-anthos/Kptfile new file mode 100644 index 0000000..6e71893 --- /dev/null +++ b/bank-of-anthos/Kptfile @@ -0,0 +1,12 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: bank-of-anthos + annotations: + config.kubernetes.io/local-config: "true" +info: + description: sample description +pipeline: + mutators: + - image: gcr.io/kpt-fn/set-namespace:v0.4.1 + configPath: package-context.yaml diff --git a/bank-of-anthos/README.md b/bank-of-anthos/README.md new file mode 100644 index 0000000..047b2df --- /dev/null +++ b/bank-of-anthos/README.md @@ -0,0 +1,21 @@ +# anthos-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] anthos-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree anthos-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init anthos-app +kpt live apply anthos-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/bank-of-anthos/accounts-db.yaml b/bank-of-anthos/accounts-db.yaml new file mode 100644 index 0000000..efce9f3 --- /dev/null +++ b/bank-of-anthos/accounts-db.yaml @@ -0,0 +1,101 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_accounts_db_statefulset_accounts_db] +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: accounts-db + labels: + app: accounts-db + tier: db + namespace: example +spec: + serviceName: "accounts-db" + replicas: 1 + selector: + matchLabels: + app: accounts-db + tier: db + template: + metadata: + labels: + app: accounts-db + tier: db + spec: + serviceAccountName: default + containers: + - name: accounts-db + image: gcr.io/bank-of-anthos-ci/accounts-db:v0.5.6 + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: accounts-db-config + - configMapRef: + name: demo-data-config + ports: + - containerPort: 5432 + name: postgredb + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 250m + memory: 512Mi + volumeMounts: + - name: postgresdb + mountPath: /var/lib/postgresql/data + subPath: postgres + volumes: + - name: postgresdb + emptyDir: {} + # [END gke_boa_kubernetes_manifests_accounts_db_statefulset_accounts_db] +# [END gke_boa_kubernetes_manifests_accounts_db_statefulset_accounts_db] +--- +# [START gke_boa_kubernetes_manifests_accounts_db_service_accounts_db] +apiVersion: v1 +kind: Service +metadata: + name: accounts-db + labels: + app: accounts-db + tier: db + namespace: example +spec: + ports: + - port: 5432 + name: tcp + targetPort: 5432 + protocol: TCP + selector: + app: accounts-db + tier: db + # [END gke_boa_kubernetes_manifests_accounts_db_service_accounts_db] +# [END gke_boa_kubernetes_manifests_accounts_db_service_accounts_db] +--- +# [START gke_boa_kubernetes_manifests_accounts_db_configmap_accounts_db_config] +apiVersion: v1 +kind: ConfigMap +metadata: + name: accounts-db-config + labels: + app: accounts-db + namespace: example +data: + POSTGRES_DB: accounts-db + POSTGRES_USER: accounts-admin + POSTGRES_PASSWORD: accounts-pwd + ACCOUNTS_DB_URI: postgresql://accounts-admin:accounts-pwd@accounts-db:5432/accounts-db + # [END gke_boa_kubernetes_manifests_accounts_db_configmap_accounts_db_config] diff --git a/bank-of-anthos/balance-reader.yaml b/bank-of-anthos/balance-reader.yaml new file mode 100644 index 0000000..e1a5090 --- /dev/null +++ b/bank-of-anthos/balance-reader.yaml @@ -0,0 +1,136 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_balance_reader_deployment_balancereader] +apiVersion: apps/v1 +kind: Deployment +metadata: + name: balancereader + namespace: example +spec: + selector: + matchLabels: + app: balancereader + template: + metadata: + labels: + app: balancereader + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: balancereader + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/balancereader:v0.5.6 + volumeMounts: + - name: publickey + mountPath: "/tmp/.ssh" + readOnly: true + - mountPath: /tmp + name: tmp + env: + - name: VERSION + value: "v0.5.6" + - name: PORT + value: "8080" + # toggle Cloud Trace export + - name: ENABLE_TRACING + value: "true" + - name: ENABLE_METRICS + value: "true" + - name: POLL_MS + value: "100" + - name: CACHE_SIZE + value: "1000000" + # tell Java to obey container memory limits + - name: JVM_OPTS + value: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xms256m -Xmx512m" + # Valid levels are debug, info, warn, error, fatal. + # If no valid level is set, will default to info. + - name: LOG_LEVEL + value: "info" + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: environment-config + # add ledger-db credentials from ConfigMap + - configMapRef: + name: ledger-db-config + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 5 + timeoutSeconds: 10 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 120 + periodSeconds: 5 + timeoutSeconds: 10 + startupProbe: + httpGet: + path: /healthy + port: 8080 + failureThreshold: 30 + periodSeconds: 10 + volumes: + - name: publickey + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + - emptyDir: {} + name: tmp + # [END gke_boa_kubernetes_manifests_balance_reader_deployment_balancereader] +# [END gke_boa_kubernetes_manifests_balance_reader_deployment_balancereader] +--- +# [START gke_boa_kubernetes_manifests_balance_reader_service_balancereader] +apiVersion: v1 +kind: Service +metadata: + name: balancereader + namespace: example +spec: + type: ClusterIP + selector: + app: balancereader + ports: + - name: http + port: 8080 + targetPort: 8080 + # [END gke_boa_kubernetes_manifests_balance_reader_service_balancereader] diff --git a/bank-of-anthos/config.yaml b/bank-of-anthos/config.yaml new file mode 100644 index 0000000..9d9e956 --- /dev/null +++ b/bank-of-anthos/config.yaml @@ -0,0 +1,52 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_config_configmap_environment_config] +apiVersion: v1 +kind: ConfigMap +metadata: + name: environment-config + namespace: example +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: "/tmp/.ssh/publickey" + # [END gke_boa_kubernetes_manifests_config_configmap_environment_config] +# [END gke_boa_kubernetes_manifests_config_configmap_environment_config] +--- +# [START gke_boa_kubernetes_manifests_config_configmap_service_api_config] +apiVersion: v1 +kind: ConfigMap +metadata: + name: service-api-config + namespace: example +data: + TRANSACTIONS_API_ADDR: "ledgerwriter:8080" + BALANCES_API_ADDR: "balancereader:8080" + HISTORY_API_ADDR: "transactionhistory:8080" + CONTACTS_API_ADDR: "contacts:8080" + USERSERVICE_API_ADDR: "userservice:8080" + # [END gke_boa_kubernetes_manifests_config_configmap_service_api_config] +# [END gke_boa_kubernetes_manifests_config_configmap_service_api_config] +--- +# [START gke_boa_kubernetes_manifests_config_configmap_demo_data_config] +apiVersion: v1 +kind: ConfigMap +metadata: + name: demo-data-config + namespace: example +data: + USE_DEMO_DATA: "True" + DEMO_LOGIN_USERNAME: "testuser" + # All demo user accounts are hardcoded to use the login password 'bankofanthos' + DEMO_LOGIN_PASSWORD: "bankofanthos" + # [END gke_boa_kubernetes_manifests_config_configmap_demo_data_config] diff --git a/bank-of-anthos/contacts.yaml b/bank-of-anthos/contacts.yaml new file mode 100644 index 0000000..4fb54e3 --- /dev/null +++ b/bank-of-anthos/contacts.yaml @@ -0,0 +1,108 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_contacts_deployment_contacts] +apiVersion: apps/v1 +kind: Deployment +metadata: + name: contacts + namespace: example +spec: + selector: + matchLabels: + app: contacts + template: + metadata: + labels: + app: contacts + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: contacts + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/contacts:v0.5.6 + volumeMounts: + - name: publickey + mountPath: "/tmp/.ssh" + readOnly: true + - mountPath: /tmp + name: tmp + env: + - name: VERSION + value: "v0.5.6" + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "true" + # Valid levels are debug, info, warning, error, critical. + # If no valid level is set, will default to info. + - name: LOG_LEVEL + value: "info" + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: accounts-db-config + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 250m + memory: 128Mi + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 10 + volumes: + - name: publickey + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + - emptyDir: {} + name: tmp + # [END gke_boa_kubernetes_manifests_contacts_deployment_contacts] +# [END gke_boa_kubernetes_manifests_contacts_deployment_contacts] +--- +# [START gke_boa_kubernetes_manifests_contacts_service_contacts] +apiVersion: v1 +kind: Service +metadata: + name: contacts + namespace: example +spec: + type: ClusterIP + selector: + app: contacts + ports: + - name: http + port: 8080 + targetPort: 8080 + # [END gke_boa_kubernetes_manifests_contacts_service_contacts] diff --git a/bank-of-anthos/frontend.yaml b/bank-of-anthos/frontend.yaml new file mode 100644 index 0000000..3464126 --- /dev/null +++ b/bank-of-anthos/frontend.yaml @@ -0,0 +1,140 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: example +spec: + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: front + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/frontend:v0.5.6 + volumeMounts: + - name: publickey + mountPath: "/tmp/.ssh" + readOnly: true + - mountPath: /tmp + name: tmp + env: + - name: VERSION + value: "v0.5.6" + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "true" + - name: SCHEME + value: "http" + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: "info" + # Set to "true" to enable the CymbalBank logo + title + # - name: CYMBAL_LOGO + # value: "false" + # Customize the bank name used in the header. Defaults to 'Bank of Anthos' - when CYMBAL_LOGO is true, uses 'CymbalBank' + # - name: BANK_NAME + # value: "" + # Customize the cluster name if it cannot be retrieved from the metadata server + #- name: CLUSTER_NAME + # value: "my-cluster" + - name: DEFAULT_USERNAME + valueFrom: + configMapKeyRef: + name: demo-data-config + key: DEMO_LOGIN_USERNAME + - name: DEFAULT_PASSWORD + valueFrom: + configMapKeyRef: + name: demo-data-config + key: DEMO_LOGIN_PASSWORD + - name: REGISTERED_OAUTH_CLIENT_ID + valueFrom: + configMapKeyRef: + name: oauth-config + key: DEMO_OAUTH_CLIENT_ID + optional: true + - name: ALLOWED_OAUTH_REDIRECT_URI + valueFrom: + configMapKeyRef: + name: oauth-config + key: DEMO_OAUTH_REDIRECT_URI + optional: true + # Customize the metadata server hostname to query for metadata + #- name: METADATA_SERVER + # value: "my-metadata-server" + # Customize the pod zone if it cannot be retrieved from the metadata server + #- name: POD_ZONE + # value: "my-zone" + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: service-api-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 10 + livenessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 30 + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 250m + memory: 128Mi + volumes: + - name: publickey + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + - emptyDir: {} + name: tmp + # [END gke_boa_kubernetes_manifests_frontend_deployment_frontend] +# [END gke_boa_kubernetes_manifests_frontend_deployment_frontend] +--- +# [START gke_boa_kubernetes_manifests_frontend_service_frontend] +apiVersion: v1 +kind: Service +metadata: + name: frontend + namespace: example +spec: + type: LoadBalancer + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 8080 + # [END gke_boa_kubernetes_manifests_frontend_service_frontend] +# [END gke_boa_kubernetes_manifests_frontend_service_frontend] diff --git a/bank-of-anthos/ledger-db.yaml b/bank-of-anthos/ledger-db.yaml new file mode 100644 index 0000000..7edbcf7 --- /dev/null +++ b/bank-of-anthos/ledger-db.yaml @@ -0,0 +1,93 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_ledger_db_statefulset_ledger_db] +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: ledger-db + namespace: example +spec: + serviceName: "ledger-db" + replicas: 1 + selector: + matchLabels: + app: ledger-db + template: + metadata: + labels: + app: ledger-db + spec: + serviceAccountName: default + containers: + - name: postgres + image: gcr.io/bank-of-anthos-ci/ledger-db:v0.5.6 + ports: + - containerPort: 5432 + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: ledger-db-config + - configMapRef: + name: demo-data-config + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 250m + memory: 1Gi + volumeMounts: + - name: postgresdb + mountPath: /var/lib/postgresql/data + subPath: postgres + volumes: + - name: postgresdb + emptyDir: {} + # [END gke_boa_kubernetes_manifests_ledger_db_statefulset_ledger_db] +# [END gke_boa_kubernetes_manifests_ledger_db_statefulset_ledger_db] +--- +# [START gke_boa_kubernetes_manifests_ledger_db_configmap_ledger_db_config] +apiVersion: v1 +kind: ConfigMap +metadata: + name: ledger-db-config + labels: + app: postgres + namespace: example +data: + POSTGRES_DB: postgresdb + POSTGRES_USER: admin + POSTGRES_PASSWORD: password + SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db:5432/postgresdb + SPRING_DATASOURCE_USERNAME: admin # should match POSTGRES_USER + SPRING_DATASOURCE_PASSWORD: password # should match POSTGRES_PASSWORD + # [END gke_boa_kubernetes_manifests_ledger_db_configmap_ledger_db_config] +# [END gke_boa_kubernetes_manifests_ledger_db_configmap_ledger_db_config] +--- +# [START gke_boa_kubernetes_manifests_ledger_db_service_ledger_db] +apiVersion: v1 +kind: Service +metadata: + name: ledger-db + namespace: example +spec: + type: ClusterIP + selector: + app: ledger-db + ports: + - name: tcp + port: 5432 + targetPort: 5432 + # [END gke_boa_kubernetes_manifests_ledger_db_service_ledger_db] diff --git a/bank-of-anthos/ledger-writer.yaml b/bank-of-anthos/ledger-writer.yaml new file mode 100644 index 0000000..4dfaba3 --- /dev/null +++ b/bank-of-anthos/ledger-writer.yaml @@ -0,0 +1,125 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_ledger_writer_deployment_ledgerwriter] +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ledgerwriter + namespace: example +spec: + selector: + matchLabels: + app: ledgerwriter + template: + metadata: + labels: + app: ledgerwriter + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: ledgerwriter + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/ledgerwriter:v0.5.6 + volumeMounts: + - name: publickey + mountPath: "/tmp/.ssh" + readOnly: true + - mountPath: /tmp + name: tmp + env: + - name: VERSION + value: "v0.5.6" + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "true" + - name: ENABLE_METRICS + value: "true" + # tell Java to obey container memory limits + - name: JVM_OPTS + value: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xms256m -Xmx512m" + # service level override of log level + - name: LOG_LEVEL + value: "info" + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: service-api-config + # add ledger-db credentials from ConfigMap + - configMapRef: + name: ledger-db-config + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 5 + timeoutSeconds: 10 + startupProbe: + httpGet: + path: /ready + port: 8080 + failureThreshold: 30 + periodSeconds: 10 + volumes: + - name: publickey + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + - emptyDir: {} + name: tmp + # [END gke_boa_kubernetes_manifests_ledger_writer_deployment_ledgerwriter] +# [END gke_boa_kubernetes_manifests_ledger_writer_deployment_ledgerwriter] +--- +# [START gke_boa_kubernetes_manifests_ledger_writer_service_ledgerwriter] +apiVersion: v1 +kind: Service +metadata: + name: ledgerwriter + namespace: example +spec: + type: ClusterIP + selector: + app: ledgerwriter + ports: + - name: http + port: 8080 + targetPort: 8080 + # [END gke_boa_kubernetes_manifests_ledger_writer_service_ledgerwriter] diff --git a/bank-of-anthos/loadgenerator.yaml b/bank-of-anthos/loadgenerator.yaml new file mode 100644 index 0000000..abb113c --- /dev/null +++ b/bank-of-anthos/loadgenerator.yaml @@ -0,0 +1,64 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_loadgenerator_deployment_loadgenerator] +apiVersion: apps/v1 +kind: Deployment +metadata: + name: loadgenerator + namespace: example +spec: + selector: + matchLabels: + app: loadgenerator + replicas: 1 + template: + metadata: + labels: + app: loadgenerator + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + restartPolicy: Always + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: loadgenerator + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/loadgenerator:v0.5.6 + env: + - name: FRONTEND_ADDR + value: "frontend:80" + - name: USERS + value: "5" + - name: LOG_LEVEL + value: "error" + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 250m + memory: 1Gi + # [END gke_boa_kubernetes_manifests_loadgenerator_deployment_loadgenerator] diff --git a/bank-of-anthos/package-context.yaml b/bank-of-anthos/package-context.yaml new file mode 100644 index 0000000..6c33d9e --- /dev/null +++ b/bank-of-anthos/package-context.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kptfile.kpt.dev + annotations: + config.kubernetes.io/local-config: "true" +data: + name: example diff --git a/bank-of-anthos/transaction-history.yaml b/bank-of-anthos/transaction-history.yaml new file mode 100644 index 0000000..7dd6688 --- /dev/null +++ b/bank-of-anthos/transaction-history.yaml @@ -0,0 +1,141 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_transaction_history_deployment_transactionhistory] +apiVersion: apps/v1 +kind: Deployment +metadata: + name: transactionhistory + namespace: example +spec: + selector: + matchLabels: + app: transactionhistory + template: + metadata: + labels: + app: transactionhistory + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: transactionhistory + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/transactionhistory:v0.5.6 + volumeMounts: + - name: publickey + mountPath: "/tmp/.ssh" + readOnly: true + - mountPath: /tmp + name: tmp + env: + - name: VERSION + value: "v0.5.6" + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "true" + - name: ENABLE_METRICS + value: "true" + - name: POLL_MS + value: "100" + - name: CACHE_SIZE + value: "1000" + - name: CACHE_MINUTES + value: "60" + - name: HISTORY_LIMIT + value: "100" + # tell Java to obey container memory limits + - name: JVM_OPTS + value: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xms256m -Xmx512m" + #- name: EXTRA_LATENCY_MILLIS + # value: "5000" + # Valid levels are debug, info, warn, error, fatal. + # If no valid level is set, will default to info. + - name: LOG_LEVEL + value: "info" + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: environment-config + # add ledger-db credentials from ConfigMap + - configMapRef: + name: ledger-db-config + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 5 + timeoutSeconds: 10 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 120 + periodSeconds: 5 + timeoutSeconds: 10 + startupProbe: + httpGet: + path: /healthy + port: 8080 + failureThreshold: 30 + periodSeconds: 10 + volumes: + - name: publickey + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + - emptyDir: {} + name: tmp + # [END gke_boa_kubernetes_manifests_transaction_history_deployment_transactionhistory] +# [END gke_boa_kubernetes_manifests_transaction_history_deployment_transactionhistory] +--- +# [START gke_boa_kubernetes_manifests_transaction_history_service_transactionhistory] +apiVersion: v1 +kind: Service +metadata: + name: transactionhistory + namespace: example +spec: + type: ClusterIP + selector: + app: transactionhistory + ports: + - name: http + port: 8080 + targetPort: 8080 + # [END gke_boa_kubernetes_manifests_transaction_history_service_transactionhistory] diff --git a/bank-of-anthos/userservice.yaml b/bank-of-anthos/userservice.yaml new file mode 100644 index 0000000..51af3c5 --- /dev/null +++ b/bank-of-anthos/userservice.yaml @@ -0,0 +1,116 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_userservice_deployment_userservice] +apiVersion: apps/v1 +kind: Deployment +metadata: + name: userservice + namespace: example +spec: + selector: + matchLabels: + app: userservice + template: + metadata: + labels: + app: userservice + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: userservice + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/userservice:v0.5.6 + volumeMounts: + - name: keys + mountPath: "/tmp/.ssh" + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: "v0.5.6" + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "true" + - name: TOKEN_EXPIRY_SECONDS + value: "3600" + - name: PRIV_KEY_PATH + value: "/tmp/.ssh/privatekey" + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: "info" + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: accounts-db-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 10 + resources: + requests: + cpu: 200m + memory: 64Mi + limits: + cpu: 500m + memory: 256Mi + volumes: + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key + path: privatekey + - key: jwtRS256.key.pub + path: publickey + - emptyDir: {} + name: tmp + # [END gke_boa_kubernetes_manifests_userservice_deployment_userservice] +# [END gke_boa_kubernetes_manifests_userservice_deployment_userservice] +--- +# [START gke_boa_kubernetes_manifests_userservice_service_userservice] +apiVersion: v1 +kind: Service +metadata: + name: userservice + namespace: example +spec: + type: ClusterIP + selector: + app: userservice + ports: + - name: http + port: 8080 + targetPort: 8080 + # [END gke_boa_kubernetes_manifests_userservice_service_userservice] diff --git a/base-app/Kptfile b/base-app/Kptfile new file mode 100644 index 0000000..396c34f --- /dev/null +++ b/base-app/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: base-app + annotations: + config.kubernetes.io/local-config: "true" + labels: + app: base-app +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/base-app/README.md b/base-app/README.md new file mode 100644 index 0000000..f978af1 --- /dev/null +++ b/base-app/README.md @@ -0,0 +1,21 @@ +# base-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-app +kpt live apply base-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/base-app/configmap-env-config.yaml b/base-app/configmap-env-config.yaml new file mode 100644 index 0000000..8e0e5b6 --- /dev/null +++ b/base-app/configmap-env-config.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: environment-config + namespace: example + labels: + app: base-app +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/base-app/deployment.yaml b/base-app/deployment.yaml new file mode 100644 index 0000000..19a4772 --- /dev/null +++ b/base-app/deployment.yaml @@ -0,0 +1,95 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: base-app + namespace: example + labels: + app: base-app +spec: + selector: + matchLabels: + app: base-app + template: + metadata: + labels: + app: base-app + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: primary + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/base-app:app-version + volumeMounts: + - name: keys + mountPath: /tmp/.ssh + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: app-version + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "false" + - name: ENABLE_METRICS + value: "false" + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: environment-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 10 + livenessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 30 + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 250m + memory: 128Mi + volumes: + # droot: should this be part of the base-app ? + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + # base-app exposes only public key by default + # - key: jwtRS256.key + # path: privatekey + - emptyDir: {} + name: tmp diff --git a/base-app/fn-config-setimage.yaml b/base-app/fn-config-setimage.yaml new file mode 100644 index 0000000..e21a2f2 --- /dev/null +++ b/base-app/fn-config-setimage.yaml @@ -0,0 +1,12 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: + name: set-image + annotations: + config.kubernetes.io/local-config: "true" + labels: + app: base-app +image: + name: gcr.io/bank-of-anthos-ci/base-app + newName: gcr.io/bank-of-anthos-ci/base-app + newTag: app-version diff --git a/base-app/fn-config-setlabels.yaml b/base-app/fn-config-setlabels.yaml new file mode 100644 index 0000000..b72cba0 --- /dev/null +++ b/base-app/fn-config-setlabels.yaml @@ -0,0 +1,10 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: + name: set-labels + annotations: + config.kubernetes.io/local-config: "true" + labels: + app: base-app +labels: + app: base-app diff --git a/base-app/fn-config-setname.yaml b/base-app/fn-config-setname.yaml new file mode 100644 index 0000000..145033d --- /dev/null +++ b/base-app/fn-config-setname.yaml @@ -0,0 +1,30 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: + name: set-name + annotations: + config.kubernetes.io/local-config: "true" + labels: + app: base-app +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "Deployment": + resource["metadata"]["name"] = pkgName + set_name(ctx.resource_list["items"]) diff --git a/base-app/package-context.yaml b/base-app/package-context.yaml new file mode 100644 index 0000000..34c0c19 --- /dev/null +++ b/base-app/package-context.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kptfile.kpt.dev + annotations: + config.kubernetes.io/local-config: "true" + labels: + app: base-app +data: + name: example diff --git a/base-app/service.yaml b/base-app/service.yaml new file mode 100644 index 0000000..aeb953b --- /dev/null +++ b/base-app/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: base-app + namespace: example + labels: + app: base-app +spec: + type: LoadBalancer + selector: + app: base-app + ports: + - name: http + port: 80 + targetPort: 8080 diff --git a/base-db/Kptfile b/base-db/Kptfile new file mode 100644 index 0000000..e88711c --- /dev/null +++ b/base-db/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: base-db + annotations: + config.kubernetes.io/local-config: "true" + labels: + app: base-db +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/base-db/README.md b/base-db/README.md new file mode 100644 index 0000000..8bffa25 --- /dev/null +++ b/base-db/README.md @@ -0,0 +1,21 @@ +# base-db + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-db` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-db` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-db +kpt live apply base-db --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/base-db/configmap-db-config.yaml b/base-db/configmap-db-config.yaml new file mode 100644 index 0000000..9bd689c --- /dev/null +++ b/base-db/configmap-db-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: db-config + namespace: example + labels: + app: base-db +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + ACCOUNTS_DB_URI: postgresql://db-admin:db-pwd@base-db:5432/base-db diff --git a/base-db/configmap-demo-data.yaml b/base-db/configmap-demo-data.yaml new file mode 100644 index 0000000..c681195 --- /dev/null +++ b/base-db/configmap-demo-data.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: demo-data-config + namespace: example + labels: + app: base-db +data: + USE_DEMO_DATA: "True" + DEMO_LOGIN_USERNAME: testuser + # All demo user accounts are hardcoded to use the login password 'bankofanthos' + DEMO_LOGIN_PASSWORD: bankofanthos diff --git a/base-db/configmap-env-config.yaml b/base-db/configmap-env-config.yaml new file mode 100644 index 0000000..18ee7b6 --- /dev/null +++ b/base-db/configmap-env-config.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: environment-config + namespace: example + labels: + app: base-db +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/base-db/fn-config-setimage.yaml b/base-db/fn-config-setimage.yaml new file mode 100644 index 0000000..b15ff9e --- /dev/null +++ b/base-db/fn-config-setimage.yaml @@ -0,0 +1,12 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: + name: set-image + annotations: + config.kubernetes.io/local-config: "true" + labels: + app: base-db +image: + name: gcr.io/bank-of-anthos-ci/base-db + newName: gcr.io/bank-of-anthos-ci/base-db + newTag: db-version diff --git a/base-db/fn-config-setlabels.yaml b/base-db/fn-config-setlabels.yaml new file mode 100644 index 0000000..b0a9125 --- /dev/null +++ b/base-db/fn-config-setlabels.yaml @@ -0,0 +1,10 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: + name: set-labels + annotations: + config.kubernetes.io/local-config: "true" + labels: + app: base-db +labels: + app: base-db diff --git a/base-db/fn-config-setname.yaml b/base-db/fn-config-setname.yaml new file mode 100644 index 0000000..fbda09b --- /dev/null +++ b/base-db/fn-config-setname.yaml @@ -0,0 +1,33 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: base-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "StatefulSet": + resource["metadata"]["name"] = pkgName + resource["spec"]["serviceName"] = pkgName + + set_name(ctx.resource_list["items"]) diff --git a/base-db/package-context.yaml b/base-db/package-context.yaml new file mode 100644 index 0000000..d352989 --- /dev/null +++ b/base-db/package-context.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kptfile.kpt.dev + annotations: + config.kubernetes.io/local-config: "true" + labels: + app: base-db +data: + name: example diff --git a/base-db/service.yaml b/base-db/service.yaml new file mode 100644 index 0000000..d6efaa1 --- /dev/null +++ b/base-db/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: base-db + labels: + tier: db + app: base-db + namespace: example +spec: + ports: + - port: 5432 + name: tcp + targetPort: 5432 + protocol: TCP + selector: + tier: db + app: base-db diff --git a/base-db/statefulset.yaml b/base-db/statefulset.yaml new file mode 100644 index 0000000..c5d3bd7 --- /dev/null +++ b/base-db/statefulset.yaml @@ -0,0 +1,63 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_accounts_db_statefulset_accounts_db] +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: base-db + labels: + tier: db + app: base-db + namespace: example +spec: + serviceName: base-db + replicas: 1 + selector: + matchLabels: + tier: db + app: base-db + template: + metadata: + labels: + tier: db + app: base-db + spec: + serviceAccountName: default + containers: + - name: primary + image: gcr.io/bank-of-anthos-ci/base-db:db-version + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: db-config + - configMapRef: + name: demo-data-config + ports: + - containerPort: 5432 + name: postgredb + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 250m + memory: 512Mi + volumeMounts: + - name: postgresdb + mountPath: /var/lib/postgresql/data + subPath: postgres + volumes: + - name: postgresdb + emptyDir: {} diff --git a/contacts-dev/Kptfile b/contacts-dev/Kptfile new file mode 100644 index 0000000..c125a4e --- /dev/null +++ b/contacts-dev/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: contacts-dev + labels: + app: contacts + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /contacts + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /contacts + ref: bank-of-anthos-pkgs + commit: 08c7473c2b4b641c1efb4a520c39c551b87eda0b +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/contacts-dev/README.md b/contacts-dev/README.md new file mode 100644 index 0000000..f978af1 --- /dev/null +++ b/contacts-dev/README.md @@ -0,0 +1,21 @@ +# base-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-app +kpt live apply base-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/contacts-dev/configmap-accounts-db.yaml b/contacts-dev/configmap-accounts-db.yaml new file mode 100644 index 0000000..ed38439 --- /dev/null +++ b/contacts-dev/configmap-accounts-db.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/accounts-db-config + name: accounts-db-config + labels: + app: contacts + namespace: contacts-dev + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|accounts-db-config' +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + ACCOUNTS_DB_URI: postgresql://db-admin:db-pwd@accounts-db.accounts-db-dev:5432/db + # ACCOUNTS_DB_URI: postgresql://db-admin:db-pwd@accounts-db.accounts-db-dev:5432/db diff --git a/contacts-dev/configmap-env-config.yaml b/contacts-dev/configmap-env-config.yaml new file mode 100644 index 0000000..e0b55d5 --- /dev/null +++ b/contacts-dev/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: contacts-dev + labels: + app: contacts + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/contacts-dev/deployment.yaml b/contacts-dev/deployment.yaml new file mode 100644 index 0000000..73f13b8 --- /dev/null +++ b/contacts-dev/deployment.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: # kpt-merge: example/base-app + name: contacts + namespace: contacts-dev + labels: + app: contacts + annotations: + internal.kpt.dev/upstream-identifier: apps|Deployment|example|base-app +spec: + selector: + matchLabels: + app: contacts + template: + metadata: + labels: + app: contacts + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: primary + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/contacts:v0.5.6 + volumeMounts: + - name: keys + mountPath: /tmp/.ssh + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: v0.5.6 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "false" + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ENABLE_METRICS + value: "false" + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: accounts-db-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 10 + livenessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 30 + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 250m + memory: 128Mi + volumes: + # droot: should this be part of the base-app ? + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + # base-app exposes only public key by default + # - key: jwtRS256.key + # path: privatekey + - emptyDir: {} + name: tmp diff --git a/contacts-dev/fn-config-setimage.yaml b/contacts-dev/fn-config-setimage.yaml new file mode 100644 index 0000000..1d7131b --- /dev/null +++ b/contacts-dev/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: contacts + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-app + newName: gcr.io/bank-of-anthos-ci/contacts + newTag: v0.5.6 diff --git a/contacts-dev/fn-config-setlabels.yaml b/contacts-dev/fn-config-setlabels.yaml new file mode 100644 index 0000000..40e8e6c --- /dev/null +++ b/contacts-dev/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: contacts + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: contacts diff --git a/contacts-dev/fn-config-setname.yaml b/contacts-dev/fn-config-setname.yaml new file mode 100644 index 0000000..1a9212c --- /dev/null +++ b/contacts-dev/fn-config-setname.yaml @@ -0,0 +1,31 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: contacts + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "Deployment": + resource["metadata"]["name"] = pkgName + set_name(ctx.resource_list["items"]) diff --git a/contacts-dev/package-context.yaml b/contacts-dev/package-context.yaml new file mode 100644 index 0000000..af48b93 --- /dev/null +++ b/contacts-dev/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: contacts + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: contacts-dev diff --git a/contacts-dev/resourcegroup.yaml b/contacts-dev/resourcegroup.yaml new file mode 100644 index 0000000..9cca021 --- /dev/null +++ b/contacts-dev/resourcegroup.yaml @@ -0,0 +1,10 @@ +apiVersion: kpt.dev/v1alpha1 +kind: ResourceGroup +metadata: # kpt-merge: contacts-dev/inventory-25467069 + name: inventory-25467069 + namespace: contacts-dev + labels: + cli-utils.sigs.k8s.io/inventory-id: 54f04b2035bc09cb760d766533f532e2ef7dedcf-1662613503253545000 + app: contacts + annotations: + internal.kpt.dev/upstream-identifier: kpt.dev|ResourceGroup|contacts-dev|inventory-25467069 diff --git a/contacts-dev/service.yaml b/contacts-dev/service.yaml new file mode 100644 index 0000000..34a19b3 --- /dev/null +++ b/contacts-dev/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-app + name: contacts + namespace: contacts-dev + labels: + app: contacts + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-app' +spec: + type: LoadBalancer + selector: + app: contacts + ports: + - name: http + port: 80 + targetPort: 8080 diff --git a/contacts/Kptfile b/contacts/Kptfile new file mode 100644 index 0000000..cbfc37f --- /dev/null +++ b/contacts/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: contacts + labels: + app: contacts + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-app + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-app + ref: bank-of-anthos-pkgs + commit: ba18d8432d618af662efff7d81a63c70e9ba3ab8 +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/contacts/README.md b/contacts/README.md new file mode 100644 index 0000000..f978af1 --- /dev/null +++ b/contacts/README.md @@ -0,0 +1,21 @@ +# base-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-app +kpt live apply base-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/contacts/configmap-accounts-db.yaml b/contacts/configmap-accounts-db.yaml new file mode 100644 index 0000000..610f573 --- /dev/null +++ b/contacts/configmap-accounts-db.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/accounts-db-config + name: accounts-db-config + labels: + app: contacts + namespace: example + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|accounts-db-config' +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + ACCOUNTS_DB_URI: postgresql://db-admin:db-pwd@accounts-db:5432/db + # ACCOUNTS_DB_URI: postgresql://db-admin:db-pwd@accounts-db.accounts-db-dev:5432/db diff --git a/contacts/configmap-env-config.yaml b/contacts/configmap-env-config.yaml new file mode 100644 index 0000000..ad89d36 --- /dev/null +++ b/contacts/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: example + labels: + app: contacts + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/contacts/deployment.yaml b/contacts/deployment.yaml new file mode 100644 index 0000000..758609e --- /dev/null +++ b/contacts/deployment.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: # kpt-merge: example/base-app + name: contacts + namespace: example + labels: + app: contacts + annotations: + internal.kpt.dev/upstream-identifier: apps|Deployment|example|base-app +spec: + selector: + matchLabels: + app: contacts + template: + metadata: + labels: + app: contacts + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: primary + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/contacts:v0.5.6 + volumeMounts: + - name: keys + mountPath: /tmp/.ssh + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: v0.5.6 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "false" + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ENABLE_METRICS + value: "false" + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: accounts-db-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 10 + livenessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 30 + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 250m + memory: 128Mi + volumes: + # droot: should this be part of the base-app ? + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + # base-app exposes only public key by default + # - key: jwtRS256.key + # path: privatekey + - emptyDir: {} + name: tmp diff --git a/contacts/fn-config-setimage.yaml b/contacts/fn-config-setimage.yaml new file mode 100644 index 0000000..1d7131b --- /dev/null +++ b/contacts/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: contacts + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-app + newName: gcr.io/bank-of-anthos-ci/contacts + newTag: v0.5.6 diff --git a/contacts/fn-config-setlabels.yaml b/contacts/fn-config-setlabels.yaml new file mode 100644 index 0000000..40e8e6c --- /dev/null +++ b/contacts/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: contacts + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: contacts diff --git a/contacts/fn-config-setname.yaml b/contacts/fn-config-setname.yaml new file mode 100644 index 0000000..1a9212c --- /dev/null +++ b/contacts/fn-config-setname.yaml @@ -0,0 +1,31 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: contacts + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "Deployment": + resource["metadata"]["name"] = pkgName + set_name(ctx.resource_list["items"]) diff --git a/contacts/package-context.yaml b/contacts/package-context.yaml new file mode 100644 index 0000000..cfe2183 --- /dev/null +++ b/contacts/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: contacts + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: example diff --git a/contacts/service.yaml b/contacts/service.yaml new file mode 100644 index 0000000..0ac7520 --- /dev/null +++ b/contacts/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-app + name: contacts + namespace: example + labels: + app: contacts + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-app' +spec: + type: LoadBalancer + selector: + app: contacts + ports: + - name: http + port: 80 + targetPort: 8080 diff --git a/frontend-dev/Kptfile b/frontend-dev/Kptfile new file mode 100644 index 0000000..eb77a68 --- /dev/null +++ b/frontend-dev/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: frontend-dev + labels: + app: frontend + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /frontend + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /frontend + ref: bank-of-anthos-pkgs + commit: 08c7473c2b4b641c1efb4a520c39c551b87eda0b +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/frontend-dev/README.md b/frontend-dev/README.md new file mode 100644 index 0000000..f978af1 --- /dev/null +++ b/frontend-dev/README.md @@ -0,0 +1,21 @@ +# base-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-app +kpt live apply base-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/frontend-dev/configmap-demo-data.yaml b/frontend-dev/configmap-demo-data.yaml new file mode 100644 index 0000000..efcfb33 --- /dev/null +++ b/frontend-dev/configmap-demo-data.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/demo-data-config + name: demo-data-config + namespace: frontend-dev + labels: + app: frontend + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|demo-data-config' +data: + USE_DEMO_DATA: "True" + DEMO_LOGIN_USERNAME: testuser + # All demo user accounts are hardcoded to use the login password 'bankofanthos' + DEMO_LOGIN_PASSWORD: bankofanthos diff --git a/frontend-dev/configmap-env-config.yaml b/frontend-dev/configmap-env-config.yaml new file mode 100644 index 0000000..7428663 --- /dev/null +++ b/frontend-dev/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: frontend-dev + labels: + app: frontend + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/frontend-dev/configmap-service-config.yaml b/frontend-dev/configmap-service-config.yaml new file mode 100644 index 0000000..714597c --- /dev/null +++ b/frontend-dev/configmap-service-config.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/service-api-config + name: service-api-config + namespace: frontend-dev + labels: + app: frontend + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|service-api-config' +data: + TRANSACTIONS_API_ADDR: ledgerwriter.ledgerwriter-dev:80 + BALANCES_API_ADDR: balancereader.balancereader-dev:80 + HISTORY_API_ADDR: transactionhistory.transactionhistory-dev:80 + CONTACTS_API_ADDR: contacts.contacts-dev:80 + USERSERVICE_API_ADDR: userservice.userservice-dev:80 diff --git a/frontend-dev/deployment.yaml b/frontend-dev/deployment.yaml new file mode 100644 index 0000000..a6a508a --- /dev/null +++ b/frontend-dev/deployment.yaml @@ -0,0 +1,121 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: # kpt-merge: example/base-app + name: frontend + namespace: frontend-dev + labels: + app: frontend + annotations: + internal.kpt.dev/upstream-identifier: apps|Deployment|example|base-app +spec: + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: primary + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/frontend:v0.5.6 + volumeMounts: + - name: keys + mountPath: /tmp/.ssh + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: v0.5.6 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "false" + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: DEFAULT_USERNAME + valueFrom: + configMapKeyRef: + key: DEMO_LOGIN_USERNAME + name: demo-data-config + - name: DEFAULT_PASSWORD + valueFrom: + configMapKeyRef: + key: DEMO_LOGIN_PASSWORD + name: demo-data-config + - name: REGISTERED_OAUTH_CLIENT_ID + valueFrom: + configMapKeyRef: + key: DEMO_OAUTH_CLIENT_ID + name: oauth-config + optional: true + - name: ALLOWED_OAUTH_REDIRECT_URI + valueFrom: + configMapKeyRef: + key: DEMO_OAUTH_REDIRECT_URI + name: oauth-config + optional: true + - name: ENABLE_METRICS + value: "false" + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: service-api-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 10 + livenessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 30 + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 250m + memory: 128Mi + volumes: + # droot: should this be part of the base-app ? + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + # base-app exposes only public key by default + # - key: jwtRS256.key + # path: privatekey + - emptyDir: {} + name: tmp diff --git a/frontend-dev/fn-config-setimage.yaml b/frontend-dev/fn-config-setimage.yaml new file mode 100644 index 0000000..1ea04b4 --- /dev/null +++ b/frontend-dev/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: frontend + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-app + newName: gcr.io/bank-of-anthos-ci/frontend + newTag: v0.5.6 diff --git a/frontend-dev/fn-config-setlabels.yaml b/frontend-dev/fn-config-setlabels.yaml new file mode 100644 index 0000000..560a880 --- /dev/null +++ b/frontend-dev/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: frontend + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: frontend diff --git a/frontend-dev/fn-config-setname.yaml b/frontend-dev/fn-config-setname.yaml new file mode 100644 index 0000000..a6d6d01 --- /dev/null +++ b/frontend-dev/fn-config-setname.yaml @@ -0,0 +1,31 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: frontend + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "Deployment": + resource["metadata"]["name"] = pkgName + set_name(ctx.resource_list["items"]) diff --git a/frontend-dev/package-context.yaml b/frontend-dev/package-context.yaml new file mode 100644 index 0000000..74f1ffa --- /dev/null +++ b/frontend-dev/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: frontend + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: frontend-dev diff --git a/frontend-dev/resourcegroup.yaml b/frontend-dev/resourcegroup.yaml new file mode 100644 index 0000000..5583ab1 --- /dev/null +++ b/frontend-dev/resourcegroup.yaml @@ -0,0 +1,10 @@ +apiVersion: kpt.dev/v1alpha1 +kind: ResourceGroup +metadata: # kpt-merge: frontend-dev/inventory-13747058 + name: inventory-13747058 + namespace: frontend-dev + labels: + cli-utils.sigs.k8s.io/inventory-id: d2f315ed7cc21c22c704b0e606b50b85466fb5c1-1662613105136819000 + app: frontend + annotations: + internal.kpt.dev/upstream-identifier: kpt.dev|ResourceGroup|frontend-dev|inventory-13747058 diff --git a/frontend-dev/service.yaml b/frontend-dev/service.yaml new file mode 100644 index 0000000..ee4c0aa --- /dev/null +++ b/frontend-dev/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-app + name: frontend + namespace: frontend-dev + labels: + app: frontend + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-app' +spec: + type: LoadBalancer + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 8080 diff --git a/frontend/Kptfile b/frontend/Kptfile new file mode 100644 index 0000000..3c5da97 --- /dev/null +++ b/frontend/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: frontend + labels: + app: frontend + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-app + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-app + ref: bank-of-anthos-pkgs + commit: ba18d8432d618af662efff7d81a63c70e9ba3ab8 +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/frontend/README.md b/frontend/README.md new file mode 100644 index 0000000..f978af1 --- /dev/null +++ b/frontend/README.md @@ -0,0 +1,21 @@ +# base-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-app +kpt live apply base-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/frontend/configmap-demo-data.yaml b/frontend/configmap-demo-data.yaml new file mode 100644 index 0000000..e044ac9 --- /dev/null +++ b/frontend/configmap-demo-data.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/demo-data-config + name: demo-data-config + namespace: example + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|demo-data-config' + labels: + app: frontend +data: + USE_DEMO_DATA: "True" + DEMO_LOGIN_USERNAME: testuser + # All demo user accounts are hardcoded to use the login password 'bankofanthos' + DEMO_LOGIN_PASSWORD: bankofanthos diff --git a/frontend/configmap-env-config.yaml b/frontend/configmap-env-config.yaml new file mode 100644 index 0000000..1d760a1 --- /dev/null +++ b/frontend/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: example + labels: + app: frontend + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/frontend/configmap-service-config.yaml b/frontend/configmap-service-config.yaml new file mode 100644 index 0000000..98e6673 --- /dev/null +++ b/frontend/configmap-service-config.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/service-api-config + name: service-api-config + namespace: example + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|service-api-config' + labels: + app: frontend +data: + TRANSACTIONS_API_ADDR: ledgerwriter:80 + BALANCES_API_ADDR: balancereader:80 + HISTORY_API_ADDR: transactionhistory:80 + CONTACTS_API_ADDR: contacts:80 + USERSERVICE_API_ADDR: userservice:80 diff --git a/frontend/deployment.yaml b/frontend/deployment.yaml new file mode 100644 index 0000000..2606fce --- /dev/null +++ b/frontend/deployment.yaml @@ -0,0 +1,121 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: # kpt-merge: example/base-app + name: frontend + namespace: example + labels: + app: frontend + annotations: + internal.kpt.dev/upstream-identifier: apps|Deployment|example|base-app +spec: + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: primary + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/frontend:v0.5.6 + volumeMounts: + - name: keys + mountPath: /tmp/.ssh + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: v0.5.6 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "false" + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: DEFAULT_USERNAME + valueFrom: + configMapKeyRef: + name: demo-data-config + key: DEMO_LOGIN_USERNAME + - name: DEFAULT_PASSWORD + valueFrom: + configMapKeyRef: + name: demo-data-config + key: DEMO_LOGIN_PASSWORD + - name: REGISTERED_OAUTH_CLIENT_ID + valueFrom: + configMapKeyRef: + name: oauth-config + key: DEMO_OAUTH_CLIENT_ID + optional: true + - name: ALLOWED_OAUTH_REDIRECT_URI + valueFrom: + configMapKeyRef: + name: oauth-config + key: DEMO_OAUTH_REDIRECT_URI + optional: true + - name: ENABLE_METRICS + value: "false" + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: service-api-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 10 + livenessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 30 + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 250m + memory: 128Mi + volumes: + # droot: should this be part of the base-app ? + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + # base-app exposes only public key by default + # - key: jwtRS256.key + # path: privatekey + - emptyDir: {} + name: tmp diff --git a/frontend/fn-config-setimage.yaml b/frontend/fn-config-setimage.yaml new file mode 100644 index 0000000..1ea04b4 --- /dev/null +++ b/frontend/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: frontend + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-app + newName: gcr.io/bank-of-anthos-ci/frontend + newTag: v0.5.6 diff --git a/frontend/fn-config-setlabels.yaml b/frontend/fn-config-setlabels.yaml new file mode 100644 index 0000000..560a880 --- /dev/null +++ b/frontend/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: frontend + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: frontend diff --git a/frontend/fn-config-setname.yaml b/frontend/fn-config-setname.yaml new file mode 100644 index 0000000..a6d6d01 --- /dev/null +++ b/frontend/fn-config-setname.yaml @@ -0,0 +1,31 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: frontend + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "Deployment": + resource["metadata"]["name"] = pkgName + set_name(ctx.resource_list["items"]) diff --git a/frontend/package-context.yaml b/frontend/package-context.yaml new file mode 100644 index 0000000..67482ad --- /dev/null +++ b/frontend/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: frontend + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: example diff --git a/frontend/service.yaml b/frontend/service.yaml new file mode 100644 index 0000000..11fb6ec --- /dev/null +++ b/frontend/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-app + name: frontend + namespace: example + labels: + app: frontend + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-app' +spec: + type: LoadBalancer + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 8080 diff --git a/ledger-db-dev/Kptfile b/ledger-db-dev/Kptfile new file mode 100644 index 0000000..e8ec782 --- /dev/null +++ b/ledger-db-dev/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: ledger-db-dev + labels: + app: ledger-db + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /ledger-db + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /ledger-db + ref: bank-of-anthos-pkgs + commit: 08c7473c2b4b641c1efb4a520c39c551b87eda0b +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/ledger-db-dev/README.md b/ledger-db-dev/README.md new file mode 100644 index 0000000..8bffa25 --- /dev/null +++ b/ledger-db-dev/README.md @@ -0,0 +1,21 @@ +# base-db + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-db` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-db` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-db +kpt live apply base-db --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/ledger-db-dev/configmap-db-config.yaml b/ledger-db-dev/configmap-db-config.yaml new file mode 100644 index 0000000..4213aff --- /dev/null +++ b/ledger-db-dev/configmap-db-config.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/db-config + name: db-config + namespace: ledger-db-dev + labels: + app: ledger-db + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|db-config' +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + ACCOUNTS_DB_URI: postgresql://db-admin:db-pwd@base-db:5432/base-db diff --git a/ledger-db-dev/configmap-demo-data.yaml b/ledger-db-dev/configmap-demo-data.yaml new file mode 100644 index 0000000..4c1b359 --- /dev/null +++ b/ledger-db-dev/configmap-demo-data.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/demo-data-config + name: demo-data-config + namespace: ledger-db-dev + labels: + app: ledger-db + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|demo-data-config' +data: + USE_DEMO_DATA: "True" + DEMO_LOGIN_USERNAME: testuser + # All demo user accounts are hardcoded to use the login password 'bankofanthos' + DEMO_LOGIN_PASSWORD: bankofanthos diff --git a/ledger-db-dev/configmap-env-config.yaml b/ledger-db-dev/configmap-env-config.yaml new file mode 100644 index 0000000..fb8d450 --- /dev/null +++ b/ledger-db-dev/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: ledger-db-dev + labels: + app: ledger-db + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/ledger-db-dev/fn-config-setimage.yaml b/ledger-db-dev/fn-config-setimage.yaml new file mode 100644 index 0000000..85ef403 --- /dev/null +++ b/ledger-db-dev/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: ledger-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-db + newName: gcr.io/bank-of-anthos-ci/ledger-db + newTag: v0.5.6 diff --git a/ledger-db-dev/fn-config-setlabels.yaml b/ledger-db-dev/fn-config-setlabels.yaml new file mode 100644 index 0000000..bea4645 --- /dev/null +++ b/ledger-db-dev/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: ledger-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: ledger-db diff --git a/ledger-db-dev/fn-config-setname.yaml b/ledger-db-dev/fn-config-setname.yaml new file mode 100644 index 0000000..bb6d97b --- /dev/null +++ b/ledger-db-dev/fn-config-setname.yaml @@ -0,0 +1,33 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: ledger-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "StatefulSet": + resource["metadata"]["name"] = pkgName + resource["spec"]["serviceName"] = pkgName + + set_name(ctx.resource_list["items"]) diff --git a/ledger-db-dev/package-context.yaml b/ledger-db-dev/package-context.yaml new file mode 100644 index 0000000..68ae3a4 --- /dev/null +++ b/ledger-db-dev/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: ledger-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: ledger-db-dev diff --git a/ledger-db-dev/resourcegroup.yaml b/ledger-db-dev/resourcegroup.yaml new file mode 100644 index 0000000..f017c5c --- /dev/null +++ b/ledger-db-dev/resourcegroup.yaml @@ -0,0 +1,9 @@ +apiVersion: kpt.dev/v1alpha1 +kind: ResourceGroup +metadata: # kpt-merge: ledger-db-dev/inventory-04233442 + name: inventory-04233442 + namespace: ledger-db-dev + labels: + cli-utils.sigs.k8s.io/inventory-id: c253a06522b00c265d26fb2969f981972c5836d5-1662582878972770000 + annotations: + internal.kpt.dev/upstream-identifier: kpt.dev|ResourceGroup|ledger-db-dev|inventory-04233442 diff --git a/ledger-db-dev/service.yaml b/ledger-db-dev/service.yaml new file mode 100644 index 0000000..82cf572 --- /dev/null +++ b/ledger-db-dev/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-db + name: ledger-db + labels: + tier: db + app: ledger-db + namespace: ledger-db-dev + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-db' +spec: + ports: + - port: 5432 + name: tcp + targetPort: 5432 + protocol: TCP + selector: + tier: db + app: ledger-db diff --git a/ledger-db-dev/statefulset.yaml b/ledger-db-dev/statefulset.yaml new file mode 100644 index 0000000..7bb1a09 --- /dev/null +++ b/ledger-db-dev/statefulset.yaml @@ -0,0 +1,65 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_accounts_db_statefulset_accounts_db] +kind: StatefulSet +apiVersion: apps/v1 +metadata: # kpt-merge: example/base-db + name: ledger-db + labels: + tier: db + app: ledger-db + namespace: ledger-db-dev + annotations: + internal.kpt.dev/upstream-identifier: apps|StatefulSet|example|base-db +spec: + serviceName: ledger-db + replicas: 1 + selector: + matchLabels: + tier: db + app: ledger-db + template: + metadata: + labels: + tier: db + app: ledger-db + spec: + serviceAccountName: default + containers: + - name: primary + image: gcr.io/bank-of-anthos-ci/ledger-db:v0.5.6 + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: db-config + - configMapRef: + name: demo-data-config + ports: + - containerPort: 5432 + name: postgredb + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 250m + memory: 1Gi + volumeMounts: + - name: postgresdb + mountPath: /var/lib/postgresql/data + subPath: postgres + volumes: + - name: postgresdb + emptyDir: {} diff --git a/ledger-db/Kptfile b/ledger-db/Kptfile new file mode 100644 index 0000000..0482925 --- /dev/null +++ b/ledger-db/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: ledger-db + labels: + app: ledger-db + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-db + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-db + ref: bank-of-anthos-pkgs + commit: 5024944cf9a3176dbe766e4ae7cfa9ceec5b6445 +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/ledger-db/README.md b/ledger-db/README.md new file mode 100644 index 0000000..8bffa25 --- /dev/null +++ b/ledger-db/README.md @@ -0,0 +1,21 @@ +# base-db + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-db` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-db` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-db +kpt live apply base-db --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/ledger-db/configmap-db-config.yaml b/ledger-db/configmap-db-config.yaml new file mode 100644 index 0000000..c700b0d --- /dev/null +++ b/ledger-db/configmap-db-config.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/db-config + name: db-config + namespace: example + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|db-config' + labels: + app: ledger-db +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + ACCOUNTS_DB_URI: postgresql://db-admin:db-pwd@base-db:5432/base-db diff --git a/ledger-db/configmap-demo-data.yaml b/ledger-db/configmap-demo-data.yaml new file mode 100644 index 0000000..5b0fa70 --- /dev/null +++ b/ledger-db/configmap-demo-data.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/demo-data-config + name: demo-data-config + namespace: example + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|demo-data-config' + labels: + app: ledger-db +data: + USE_DEMO_DATA: "True" + DEMO_LOGIN_USERNAME: testuser + # All demo user accounts are hardcoded to use the login password 'bankofanthos' + DEMO_LOGIN_PASSWORD: bankofanthos diff --git a/ledger-db/configmap-env-config.yaml b/ledger-db/configmap-env-config.yaml new file mode 100644 index 0000000..76bd6a7 --- /dev/null +++ b/ledger-db/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: example + labels: + app: ledger-db + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/ledger-db/fn-config-setimage.yaml b/ledger-db/fn-config-setimage.yaml new file mode 100644 index 0000000..85ef403 --- /dev/null +++ b/ledger-db/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: ledger-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-db + newName: gcr.io/bank-of-anthos-ci/ledger-db + newTag: v0.5.6 diff --git a/ledger-db/fn-config-setlabels.yaml b/ledger-db/fn-config-setlabels.yaml new file mode 100644 index 0000000..bea4645 --- /dev/null +++ b/ledger-db/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: ledger-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: ledger-db diff --git a/ledger-db/fn-config-setname.yaml b/ledger-db/fn-config-setname.yaml new file mode 100644 index 0000000..bb6d97b --- /dev/null +++ b/ledger-db/fn-config-setname.yaml @@ -0,0 +1,33 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: ledger-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "StatefulSet": + resource["metadata"]["name"] = pkgName + resource["spec"]["serviceName"] = pkgName + + set_name(ctx.resource_list["items"]) diff --git a/ledger-db/package-context.yaml b/ledger-db/package-context.yaml new file mode 100644 index 0000000..36214f2 --- /dev/null +++ b/ledger-db/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: ledger-db + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: example diff --git a/ledger-db/service.yaml b/ledger-db/service.yaml new file mode 100644 index 0000000..b3a9fb3 --- /dev/null +++ b/ledger-db/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-db + name: ledger-db + labels: + tier: db + app: ledger-db + namespace: example + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-db' +spec: + ports: + - port: 5432 + name: tcp + targetPort: 5432 + protocol: TCP + selector: + tier: db + app: ledger-db diff --git a/ledger-db/statefulset.yaml b/ledger-db/statefulset.yaml new file mode 100644 index 0000000..0a07c9f --- /dev/null +++ b/ledger-db/statefulset.yaml @@ -0,0 +1,65 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_accounts_db_statefulset_accounts_db] +kind: StatefulSet +apiVersion: apps/v1 +metadata: # kpt-merge: example/base-db + name: ledger-db + labels: + tier: db + app: ledger-db + namespace: example + annotations: + internal.kpt.dev/upstream-identifier: apps|StatefulSet|example|base-db +spec: + serviceName: ledger-db + replicas: 1 + selector: + matchLabels: + tier: db + app: ledger-db + template: + metadata: + labels: + tier: db + app: ledger-db + spec: + serviceAccountName: default + containers: + - name: primary + image: gcr.io/bank-of-anthos-ci/ledger-db:v0.5.6 + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: db-config + - configMapRef: + name: demo-data-config + ports: + - containerPort: 5432 + name: postgredb + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 250m + memory: 1Gi + volumeMounts: + - name: postgresdb + mountPath: /var/lib/postgresql/data + subPath: postgres + volumes: + - name: postgresdb + emptyDir: {} diff --git a/ledgerwriter-dev/Kptfile b/ledgerwriter-dev/Kptfile new file mode 100644 index 0000000..453a28a --- /dev/null +++ b/ledgerwriter-dev/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: ledgerwriter-dev + labels: + app: ledgerwriter + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /ledgerwriter + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /ledgerwriter + ref: bank-of-anthos-pkgs + commit: 08c7473c2b4b641c1efb4a520c39c551b87eda0b +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/ledgerwriter-dev/README.md b/ledgerwriter-dev/README.md new file mode 100644 index 0000000..f978af1 --- /dev/null +++ b/ledgerwriter-dev/README.md @@ -0,0 +1,21 @@ +# base-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-app +kpt live apply base-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/ledgerwriter-dev/configmap-db-config.yaml b/ledgerwriter-dev/configmap-db-config.yaml new file mode 100644 index 0000000..bb4d4e1 --- /dev/null +++ b/ledgerwriter-dev/configmap-db-config.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/ledger-db-config + name: ledger-db-config + labels: + app: ledgerwriter + namespace: ledgerwriter-dev + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|ledger-db-config' +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db.ledger-db-dev:5432/db + # SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db.ledger-db-dev:5432/db + SPRING_DATASOURCE_USERNAME: db-admin # should match POSTGRES_USER + SPRING_DATASOURCE_PASSWORD: db-pwd # should match POSTGRES_PASSWORD diff --git a/ledgerwriter-dev/configmap-env-config.yaml b/ledgerwriter-dev/configmap-env-config.yaml new file mode 100644 index 0000000..b5e7c52 --- /dev/null +++ b/ledgerwriter-dev/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: ledgerwriter-dev + labels: + app: ledgerwriter + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/ledgerwriter-dev/configmap-service-config.yaml b/ledgerwriter-dev/configmap-service-config.yaml new file mode 100644 index 0000000..0d9d032 --- /dev/null +++ b/ledgerwriter-dev/configmap-service-config.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/service-api-config + name: service-api-config + namespace: ledgerwriter-dev + labels: + app: ledgerwriter + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|service-api-config' +data: + TRANSACTIONS_API_ADDR: ledgerwriter.ledgerwriter-dev:80 + BALANCES_API_ADDR: balancereader.balancereader-dev:80 + HISTORY_API_ADDR: transactionhistory.transactionhistory-dev:80 + CONTACTS_API_ADDR: contacts.contacts-dev:80 + USERSERVICE_API_ADDR: userservice.userservice-dev:80 diff --git a/ledgerwriter-dev/deployment.yaml b/ledgerwriter-dev/deployment.yaml new file mode 100644 index 0000000..5f00748 --- /dev/null +++ b/ledgerwriter-dev/deployment.yaml @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: # kpt-merge: example/base-app + name: ledgerwriter + namespace: ledgerwriter-dev + labels: + app: ledgerwriter + annotations: + internal.kpt.dev/upstream-identifier: apps|Deployment|example|base-app +spec: + selector: + matchLabels: + app: ledgerwriter + template: + metadata: + labels: + app: ledgerwriter + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: primary + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/ledgerwriter:v0.5.6 + volumeMounts: + - name: keys + mountPath: /tmp/.ssh + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: v0.5.6 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "false" + - name: ENABLE_METRICS + value: "false" + - name: JVM_OPTS + value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xms256m -Xmx512m + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: service-api-config + - configMapRef: + name: ledger-db-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 5 + timeoutSeconds: 10 + startupProbe: + httpGet: + path: /ready + port: 8080 + failureThreshold: 30 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + livenessProbe: + httpGet: {} + volumes: + # droot: should this be part of the base-app ? + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + # base-app exposes only public key by default + # - key: jwtRS256.key + # path: privatekey + - emptyDir: {} + name: tmp diff --git a/ledgerwriter-dev/fn-config-setimage.yaml b/ledgerwriter-dev/fn-config-setimage.yaml new file mode 100644 index 0000000..a12940b --- /dev/null +++ b/ledgerwriter-dev/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: ledgerwriter + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-app + newName: gcr.io/bank-of-anthos-ci/ledgerwriter + newTag: v0.5.6 diff --git a/ledgerwriter-dev/fn-config-setlabels.yaml b/ledgerwriter-dev/fn-config-setlabels.yaml new file mode 100644 index 0000000..879e48c --- /dev/null +++ b/ledgerwriter-dev/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: ledgerwriter + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: ledgerwriter diff --git a/ledgerwriter-dev/fn-config-setname.yaml b/ledgerwriter-dev/fn-config-setname.yaml new file mode 100644 index 0000000..bd9441d --- /dev/null +++ b/ledgerwriter-dev/fn-config-setname.yaml @@ -0,0 +1,31 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: ledgerwriter + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "Deployment": + resource["metadata"]["name"] = pkgName + set_name(ctx.resource_list["items"]) diff --git a/ledgerwriter-dev/package-context.yaml b/ledgerwriter-dev/package-context.yaml new file mode 100644 index 0000000..95f0d1e --- /dev/null +++ b/ledgerwriter-dev/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: ledgerwriter + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: ledgerwriter-dev diff --git a/ledgerwriter-dev/resourcegroup.yaml b/ledgerwriter-dev/resourcegroup.yaml new file mode 100644 index 0000000..b0d5468 --- /dev/null +++ b/ledgerwriter-dev/resourcegroup.yaml @@ -0,0 +1,10 @@ +apiVersion: kpt.dev/v1alpha1 +kind: ResourceGroup +metadata: # kpt-merge: ledgerwriter-dev/inventory-22531502 + name: inventory-22531502 + namespace: ledgerwriter-dev + labels: + cli-utils.sigs.k8s.io/inventory-id: 1802fd43d94cc4583d4850ba1edaba5164bb6d48-1662509199816075000 + app: ledgerwriter + annotations: + internal.kpt.dev/upstream-identifier: kpt.dev|ResourceGroup|ledgerwriter-dev|inventory-22531502 diff --git a/ledgerwriter-dev/service.yaml b/ledgerwriter-dev/service.yaml new file mode 100644 index 0000000..41e0bfb --- /dev/null +++ b/ledgerwriter-dev/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-app + name: ledgerwriter + namespace: ledgerwriter-dev + labels: + app: ledgerwriter + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-app' +spec: + type: LoadBalancer + selector: + app: ledgerwriter + ports: + - name: http + port: 80 + targetPort: 8080 diff --git a/ledgerwriter/Kptfile b/ledgerwriter/Kptfile new file mode 100644 index 0000000..8c38cb8 --- /dev/null +++ b/ledgerwriter/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: ledgerwriter + labels: + app: ledgerwriter + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-app + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-app + ref: bank-of-anthos-pkgs + commit: ba18d8432d618af662efff7d81a63c70e9ba3ab8 +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/ledgerwriter/README.md b/ledgerwriter/README.md new file mode 100644 index 0000000..f978af1 --- /dev/null +++ b/ledgerwriter/README.md @@ -0,0 +1,21 @@ +# base-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-app +kpt live apply base-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/ledgerwriter/configmap-db-config.yaml b/ledgerwriter/configmap-db-config.yaml new file mode 100644 index 0000000..50cb456 --- /dev/null +++ b/ledgerwriter/configmap-db-config.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/ledger-db-config + name: ledger-db-config + labels: + app: ledgerwriter + namespace: example + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|ledger-db-config' +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db:5432/db + # SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db.ledger-db-dev:5432/db + SPRING_DATASOURCE_USERNAME: db-admin # should match POSTGRES_USER + SPRING_DATASOURCE_PASSWORD: db-pwd # should match POSTGRES_PASSWORD diff --git a/ledgerwriter/configmap-env-config.yaml b/ledgerwriter/configmap-env-config.yaml new file mode 100644 index 0000000..7a50ab3 --- /dev/null +++ b/ledgerwriter/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: example + labels: + app: ledgerwriter + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/ledgerwriter/configmap-service-config.yaml b/ledgerwriter/configmap-service-config.yaml new file mode 100644 index 0000000..f1bdd39 --- /dev/null +++ b/ledgerwriter/configmap-service-config.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/service-api-config + name: service-api-config + namespace: example + labels: + app: ledgerwriter + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|service-api-config' +data: + TRANSACTIONS_API_ADDR: ledgerwriter:8080 + BALANCES_API_ADDR: balancereader:8080 + HISTORY_API_ADDR: transactionhistory:8080 + CONTACTS_API_ADDR: contacts:8080 + USERSERVICE_API_ADDR: userservice:8080 diff --git a/ledgerwriter/deployment.yaml b/ledgerwriter/deployment.yaml new file mode 100644 index 0000000..8e4a2bb --- /dev/null +++ b/ledgerwriter/deployment.yaml @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: # kpt-merge: example/base-app + name: ledgerwriter + namespace: example + labels: + app: ledgerwriter + annotations: + internal.kpt.dev/upstream-identifier: apps|Deployment|example|base-app +spec: + selector: + matchLabels: + app: ledgerwriter + template: + metadata: + labels: + app: ledgerwriter + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: primary + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/ledgerwriter:v0.5.6 + volumeMounts: + - name: keys + mountPath: /tmp/.ssh + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: v0.5.6 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "false" + - name: ENABLE_METRICS + value: "false" + - name: JVM_OPTS + value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xms256m -Xmx512m + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: service-api-config + - configMapRef: + name: ledger-db-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 5 + timeoutSeconds: 10 + startupProbe: + httpGet: + path: /ready + port: 8080 + failureThreshold: 30 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + livenessProbe: + httpGet: {} + volumes: + # droot: should this be part of the base-app ? + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + # base-app exposes only public key by default + # - key: jwtRS256.key + # path: privatekey + - emptyDir: {} + name: tmp diff --git a/ledgerwriter/fn-config-setimage.yaml b/ledgerwriter/fn-config-setimage.yaml new file mode 100644 index 0000000..a12940b --- /dev/null +++ b/ledgerwriter/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: ledgerwriter + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-app + newName: gcr.io/bank-of-anthos-ci/ledgerwriter + newTag: v0.5.6 diff --git a/ledgerwriter/fn-config-setlabels.yaml b/ledgerwriter/fn-config-setlabels.yaml new file mode 100644 index 0000000..879e48c --- /dev/null +++ b/ledgerwriter/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: ledgerwriter + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: ledgerwriter diff --git a/ledgerwriter/fn-config-setname.yaml b/ledgerwriter/fn-config-setname.yaml new file mode 100644 index 0000000..bd9441d --- /dev/null +++ b/ledgerwriter/fn-config-setname.yaml @@ -0,0 +1,31 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: ledgerwriter + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "Deployment": + resource["metadata"]["name"] = pkgName + set_name(ctx.resource_list["items"]) diff --git a/ledgerwriter/package-context.yaml b/ledgerwriter/package-context.yaml new file mode 100644 index 0000000..e6a4b5e --- /dev/null +++ b/ledgerwriter/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: ledgerwriter + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: example diff --git a/ledgerwriter/service.yaml b/ledgerwriter/service.yaml new file mode 100644 index 0000000..2784738 --- /dev/null +++ b/ledgerwriter/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-app + name: ledgerwriter + namespace: example + labels: + app: ledgerwriter + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-app' +spec: + type: LoadBalancer + selector: + app: ledgerwriter + ports: + - name: http + port: 80 + targetPort: 8080 diff --git a/loadgenerator/Kptfile b/loadgenerator/Kptfile new file mode 100644 index 0000000..be38718 --- /dev/null +++ b/loadgenerator/Kptfile @@ -0,0 +1,8 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: loadgenerator + annotations: + config.kubernetes.io/local-config: "true" +info: + description: sample description diff --git a/loadgenerator/README.md b/loadgenerator/README.md new file mode 100644 index 0000000..f9fce36 --- /dev/null +++ b/loadgenerator/README.md @@ -0,0 +1,21 @@ +# loadgenerator + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] loadgenerator` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree loadgenerator` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init loadgenerator +kpt live apply loadgenerator --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/loadgenerator/loadgenerator.yaml b/loadgenerator/loadgenerator.yaml new file mode 100644 index 0000000..abb113c --- /dev/null +++ b/loadgenerator/loadgenerator.yaml @@ -0,0 +1,64 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# [START gke_boa_kubernetes_manifests_loadgenerator_deployment_loadgenerator] +apiVersion: apps/v1 +kind: Deployment +metadata: + name: loadgenerator + namespace: example +spec: + selector: + matchLabels: + app: loadgenerator + replicas: 1 + template: + metadata: + labels: + app: loadgenerator + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + restartPolicy: Always + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: loadgenerator + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/loadgenerator:v0.5.6 + env: + - name: FRONTEND_ADDR + value: "frontend:80" + - name: USERS + value: "5" + - name: LOG_LEVEL + value: "error" + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 250m + memory: 1Gi + # [END gke_boa_kubernetes_manifests_loadgenerator_deployment_loadgenerator] diff --git a/loadgenerator/package-context.yaml b/loadgenerator/package-context.yaml new file mode 100644 index 0000000..6c33d9e --- /dev/null +++ b/loadgenerator/package-context.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kptfile.kpt.dev + annotations: + config.kubernetes.io/local-config: "true" +data: + name: example diff --git a/transactionhistory-dev/Kptfile b/transactionhistory-dev/Kptfile new file mode 100644 index 0000000..dba9ad8 --- /dev/null +++ b/transactionhistory-dev/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: transactionhistory-dev + labels: + app: transactionhistory + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /transactionhistory + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /transactionhistory + ref: bank-of-anthos-pkgs + commit: 08c7473c2b4b641c1efb4a520c39c551b87eda0b +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/transactionhistory-dev/README.md b/transactionhistory-dev/README.md new file mode 100644 index 0000000..f978af1 --- /dev/null +++ b/transactionhistory-dev/README.md @@ -0,0 +1,21 @@ +# base-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-app +kpt live apply base-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/transactionhistory-dev/configmap-db-config.yaml b/transactionhistory-dev/configmap-db-config.yaml new file mode 100644 index 0000000..c0a614b --- /dev/null +++ b/transactionhistory-dev/configmap-db-config.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/ledger-db-config + name: ledger-db-config + labels: + app: transactionhistory + namespace: transactionhistory-dev + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|ledger-db-config' +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db.ledger-db-dev:5432/db + # SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db.ledger-db-dev:5432/db + SPRING_DATASOURCE_USERNAME: db-admin # should match POSTGRES_USER + SPRING_DATASOURCE_PASSWORD: db-pwd # should match POSTGRES_PASSWORD diff --git a/transactionhistory-dev/configmap-env-config.yaml b/transactionhistory-dev/configmap-env-config.yaml new file mode 100644 index 0000000..6ab3ba8 --- /dev/null +++ b/transactionhistory-dev/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: transactionhistory-dev + labels: + app: transactionhistory + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/transactionhistory-dev/deployment.yaml b/transactionhistory-dev/deployment.yaml new file mode 100644 index 0000000..f5a3d81 --- /dev/null +++ b/transactionhistory-dev/deployment.yaml @@ -0,0 +1,116 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: # kpt-merge: example/base-app + name: transactionhistory + namespace: transactionhistory-dev + labels: + app: transactionhistory + annotations: + internal.kpt.dev/upstream-identifier: apps|Deployment|example|base-app +spec: + selector: + matchLabels: + app: transactionhistory + template: + metadata: + labels: + app: transactionhistory + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: primary + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/transactionhistory:v0.5.6 + volumeMounts: + - name: keys + mountPath: /tmp/.ssh + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: v0.5.6 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "false" + - name: ENABLE_METRICS + value: "false" + - name: POLL_MS + value: "100" + - name: CACHE_SIZE + value: "1000" + - name: CACHE_MINUTES + value: "60" + - name: HISTORY_LIMIT + value: "100" + # tell Java to obey container memory limits + - name: JVM_OPTS + value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xms256m -Xmx512m + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: ledger-db-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 5 + timeoutSeconds: 10 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 120 + periodSeconds: 5 + timeoutSeconds: 10 + startupProbe: + httpGet: + path: /healthy + port: 8080 + failureThreshold: 30 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + volumes: + # droot: should this be part of the base-app ? + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + # base-app exposes only public key by default + # - key: jwtRS256.key + # path: privatekey + - emptyDir: {} + name: tmp diff --git a/transactionhistory-dev/fn-config-setimage.yaml b/transactionhistory-dev/fn-config-setimage.yaml new file mode 100644 index 0000000..6fffff0 --- /dev/null +++ b/transactionhistory-dev/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: transactionhistory + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-app + newName: gcr.io/bank-of-anthos-ci/transactionhistory + newTag: v0.5.6 diff --git a/transactionhistory-dev/fn-config-setlabels.yaml b/transactionhistory-dev/fn-config-setlabels.yaml new file mode 100644 index 0000000..9666d80 --- /dev/null +++ b/transactionhistory-dev/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: transactionhistory + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: transactionhistory diff --git a/transactionhistory-dev/fn-config-setname.yaml b/transactionhistory-dev/fn-config-setname.yaml new file mode 100644 index 0000000..57b976b --- /dev/null +++ b/transactionhistory-dev/fn-config-setname.yaml @@ -0,0 +1,31 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: transactionhistory + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "Deployment": + resource["metadata"]["name"] = pkgName + set_name(ctx.resource_list["items"]) diff --git a/transactionhistory-dev/package-context.yaml b/transactionhistory-dev/package-context.yaml new file mode 100644 index 0000000..c90e31e --- /dev/null +++ b/transactionhistory-dev/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: transactionhistory + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: transactionhistory-dev diff --git a/transactionhistory-dev/resourcegroup.yaml b/transactionhistory-dev/resourcegroup.yaml new file mode 100644 index 0000000..4eb77d0 --- /dev/null +++ b/transactionhistory-dev/resourcegroup.yaml @@ -0,0 +1,10 @@ +apiVersion: kpt.dev/v1alpha1 +kind: ResourceGroup +metadata: # kpt-merge: transactionhistory-dev/inventory-44246773 + name: inventory-44246773 + namespace: transactionhistory-dev + labels: + cli-utils.sigs.k8s.io/inventory-id: 5f2e51fa06ff172974a6750abd2e15f4d820d42b-1662510089262370000 + app: transactionhistory + annotations: + internal.kpt.dev/upstream-identifier: kpt.dev|ResourceGroup|transactionhistory-dev|inventory-44246773 diff --git a/transactionhistory-dev/service.yaml b/transactionhistory-dev/service.yaml new file mode 100644 index 0000000..9dc0cdb --- /dev/null +++ b/transactionhistory-dev/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-app + name: transactionhistory + namespace: transactionhistory-dev + labels: + app: transactionhistory + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-app' +spec: + type: LoadBalancer + selector: + app: transactionhistory + ports: + - name: http + port: 80 + targetPort: 8080 diff --git a/transactionhistory/Kptfile b/transactionhistory/Kptfile new file mode 100644 index 0000000..34f771a --- /dev/null +++ b/transactionhistory/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: transactionhistory + labels: + app: transactionhistory + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-app + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-app + ref: bank-of-anthos-pkgs + commit: ba18d8432d618af662efff7d81a63c70e9ba3ab8 +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/transactionhistory/README.md b/transactionhistory/README.md new file mode 100644 index 0000000..f978af1 --- /dev/null +++ b/transactionhistory/README.md @@ -0,0 +1,21 @@ +# base-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-app +kpt live apply base-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/transactionhistory/configmap-db-config.yaml b/transactionhistory/configmap-db-config.yaml new file mode 100644 index 0000000..d19a6cc --- /dev/null +++ b/transactionhistory/configmap-db-config.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/ledger-db-config + name: ledger-db-config + labels: + app: transactionhistory + namespace: example + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|ledger-db-config' +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db:5432/db + # SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db.ledger-db-dev:5432/db + SPRING_DATASOURCE_USERNAME: db-admin # should match POSTGRES_USER + SPRING_DATASOURCE_PASSWORD: db-pwd # should match POSTGRES_PASSWORD diff --git a/transactionhistory/configmap-env-config.yaml b/transactionhistory/configmap-env-config.yaml new file mode 100644 index 0000000..3d4864d --- /dev/null +++ b/transactionhistory/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: example + labels: + app: transactionhistory + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/transactionhistory/deployment.yaml b/transactionhistory/deployment.yaml new file mode 100644 index 0000000..4f615c5 --- /dev/null +++ b/transactionhistory/deployment.yaml @@ -0,0 +1,116 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: # kpt-merge: example/base-app + name: transactionhistory + namespace: example + labels: + app: transactionhistory + annotations: + internal.kpt.dev/upstream-identifier: apps|Deployment|example|base-app +spec: + selector: + matchLabels: + app: transactionhistory + template: + metadata: + labels: + app: transactionhistory + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: primary + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/transactionhistory:v0.5.6 + volumeMounts: + - name: keys + mountPath: /tmp/.ssh + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: v0.5.6 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "false" + - name: ENABLE_METRICS + value: "false" + - name: POLL_MS + value: "100" + - name: CACHE_SIZE + value: "1000" + - name: CACHE_MINUTES + value: "60" + - name: HISTORY_LIMIT + value: "100" + # tell Java to obey container memory limits + - name: JVM_OPTS + value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xms256m -Xmx512m + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: ledger-db-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 5 + timeoutSeconds: 10 + livenessProbe: + httpGet: + path: /healthy + port: 8080 + initialDelaySeconds: 120 + periodSeconds: 5 + timeoutSeconds: 10 + startupProbe: + httpGet: + path: /healthy + port: 8080 + failureThreshold: 30 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + volumes: + # droot: should this be part of the base-app ? + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + # base-app exposes only public key by default + # - key: jwtRS256.key + # path: privatekey + - emptyDir: {} + name: tmp diff --git a/transactionhistory/fn-config-setimage.yaml b/transactionhistory/fn-config-setimage.yaml new file mode 100644 index 0000000..6fffff0 --- /dev/null +++ b/transactionhistory/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: transactionhistory + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-app + newName: gcr.io/bank-of-anthos-ci/transactionhistory + newTag: v0.5.6 diff --git a/transactionhistory/fn-config-setlabels.yaml b/transactionhistory/fn-config-setlabels.yaml new file mode 100644 index 0000000..9666d80 --- /dev/null +++ b/transactionhistory/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: transactionhistory + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: transactionhistory diff --git a/transactionhistory/fn-config-setname.yaml b/transactionhistory/fn-config-setname.yaml new file mode 100644 index 0000000..57b976b --- /dev/null +++ b/transactionhistory/fn-config-setname.yaml @@ -0,0 +1,31 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: transactionhistory + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "Deployment": + resource["metadata"]["name"] = pkgName + set_name(ctx.resource_list["items"]) diff --git a/transactionhistory/package-context.yaml b/transactionhistory/package-context.yaml new file mode 100644 index 0000000..b9f3a6b --- /dev/null +++ b/transactionhistory/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: transactionhistory + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: example diff --git a/transactionhistory/service.yaml b/transactionhistory/service.yaml new file mode 100644 index 0000000..b221e3e --- /dev/null +++ b/transactionhistory/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-app + name: transactionhistory + namespace: example + labels: + app: transactionhistory + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-app' +spec: + type: LoadBalancer + selector: + app: transactionhistory + ports: + - name: http + port: 80 + targetPort: 8080 diff --git a/userservice-dev/Kptfile b/userservice-dev/Kptfile new file mode 100644 index 0000000..7d9a3cd --- /dev/null +++ b/userservice-dev/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: userservice-dev + labels: + app: userservice + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /userservice + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /userservice + ref: bank-of-anthos-pkgs + commit: 08c7473c2b4b641c1efb4a520c39c551b87eda0b +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/userservice-dev/README.md b/userservice-dev/README.md new file mode 100644 index 0000000..f978af1 --- /dev/null +++ b/userservice-dev/README.md @@ -0,0 +1,21 @@ +# base-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-app +kpt live apply base-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/userservice-dev/configmap-db-config.yaml b/userservice-dev/configmap-db-config.yaml new file mode 100644 index 0000000..9d1e87e --- /dev/null +++ b/userservice-dev/configmap-db-config.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/accounts-db-config + name: accounts-db-config + namespace: userservice-dev + labels: + app: userservice + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|accounts-db-config' +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + ACCOUNTS_DB_URI: postgresql://db-admin:db-pwd@accounts-db.accounts-db-dev:5432/db + # ACCOUNTS_DB_URI: postgresql://db-admin:db-pwd@accounts-db.accounts-db-dev:5432/db diff --git a/userservice-dev/configmap-env-config.yaml b/userservice-dev/configmap-env-config.yaml new file mode 100644 index 0000000..bbbb61f --- /dev/null +++ b/userservice-dev/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: userservice-dev + labels: + app: userservice + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/userservice-dev/deployment.yaml b/userservice-dev/deployment.yaml new file mode 100644 index 0000000..359caf9 --- /dev/null +++ b/userservice-dev/deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: # kpt-merge: example/base-app + name: userservice + namespace: userservice-dev + labels: + app: userservice + annotations: + internal.kpt.dev/upstream-identifier: apps|Deployment|example|base-app +spec: + selector: + matchLabels: + app: userservice + template: + metadata: + labels: + app: userservice + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: primary + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/userservice:v0.5.6 + volumeMounts: + - name: keys + mountPath: /tmp/.ssh + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: v0.5.6 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "false" + - name: TOKEN_EXPIRY_SECONDS + value: "3600" + - name: PRIV_KEY_PATH + value: /tmp/.ssh/privatekey + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ENABLE_METRICS + value: "false" + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: accounts-db-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 10 + resources: + requests: + cpu: 200m + memory: 64Mi + limits: + cpu: 500m + memory: 256Mi + livenessProbe: + httpGet: {} + volumes: + # droot: should this be part of the base-app ? + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + - key: jwtRS256.key + path: privatekey + - emptyDir: {} + name: tmp diff --git a/userservice-dev/fn-config-setimage.yaml b/userservice-dev/fn-config-setimage.yaml new file mode 100644 index 0000000..2404390 --- /dev/null +++ b/userservice-dev/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: userservice + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-app + newName: gcr.io/bank-of-anthos-ci/userservice + newTag: v0.5.6 diff --git a/userservice-dev/fn-config-setlabels.yaml b/userservice-dev/fn-config-setlabels.yaml new file mode 100644 index 0000000..e35f8a0 --- /dev/null +++ b/userservice-dev/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: userservice + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: userservice diff --git a/userservice-dev/fn-config-setname.yaml b/userservice-dev/fn-config-setname.yaml new file mode 100644 index 0000000..1aa9e30 --- /dev/null +++ b/userservice-dev/fn-config-setname.yaml @@ -0,0 +1,31 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: userservice + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "Deployment": + resource["metadata"]["name"] = pkgName + set_name(ctx.resource_list["items"]) diff --git a/userservice-dev/package-context.yaml b/userservice-dev/package-context.yaml new file mode 100644 index 0000000..c4f2e6a --- /dev/null +++ b/userservice-dev/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: userservice + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: userservice-dev diff --git a/userservice-dev/resourcegroup.yaml b/userservice-dev/resourcegroup.yaml new file mode 100644 index 0000000..0cf85fa --- /dev/null +++ b/userservice-dev/resourcegroup.yaml @@ -0,0 +1,10 @@ +apiVersion: kpt.dev/v1alpha1 +kind: ResourceGroup +metadata: # kpt-merge: userservice-dev/inventory-19648536 + name: inventory-19648536 + namespace: userservice-dev + labels: + cli-utils.sigs.k8s.io/inventory-id: b0c9fc5bdb4a0728aea685a250d2fb2e0d592506-1662510690668497000 + app: userservice + annotations: + internal.kpt.dev/upstream-identifier: kpt.dev|ResourceGroup|userservice-dev|inventory-19648536 diff --git a/userservice-dev/service.yaml b/userservice-dev/service.yaml new file mode 100644 index 0000000..9fc55df --- /dev/null +++ b/userservice-dev/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-app + name: userservice + namespace: userservice-dev + labels: + app: userservice + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-app' +spec: + type: LoadBalancer + selector: + app: userservice + ports: + - name: http + port: 80 + targetPort: 8080 diff --git a/userservice/Kptfile b/userservice/Kptfile new file mode 100644 index 0000000..8d4e4ff --- /dev/null +++ b/userservice/Kptfile @@ -0,0 +1,34 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: userservice + labels: + app: userservice + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-app + ref: bank-of-anthos-pkgs + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: git@github.com:droot/kpt-samples + directory: /base-app + ref: bank-of-anthos-pkgs + commit: ba18d8432d618af662efff7d81a63c70e9ba3ab8 +info: + description: sample description +pipeline: + mutators: + - image: set-namespace:v0.4.1 + configPath: package-context.yaml + - image: set-labels:v0.1.5 + configPath: fn-config-setlabels.yaml + - image: starlark:v0.4.3 + configPath: fn-config-setname.yaml + - image: set-image:v0.1.1 + configPath: fn-config-setimage.yaml diff --git a/userservice/README.md b/userservice/README.md new file mode 100644 index 0000000..f978af1 --- /dev/null +++ b/userservice/README.md @@ -0,0 +1,21 @@ +# base-app + +## Description +sample description + +## Usage + +### Fetch the package +`kpt pkg get REPO_URI[.git]/PKG_PATH[@VERSION] base-app` +Details: https://kpt.dev/reference/cli/pkg/get/ + +### View package content +`kpt pkg tree base-app` +Details: https://kpt.dev/reference/cli/pkg/tree/ + +### Apply the package +``` +kpt live init base-app +kpt live apply base-app --reconcile-timeout=2m --output=table +``` +Details: https://kpt.dev/reference/cli/live/ diff --git a/userservice/configmap-db-config.yaml b/userservice/configmap-db-config.yaml new file mode 100644 index 0000000..49e6e20 --- /dev/null +++ b/userservice/configmap-db-config.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/accounts-db-config + name: accounts-db-config + namespace: example + labels: + app: userservice + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|accounts-db-config' +data: + POSTGRES_DB: db + POSTGRES_USER: db-admin + POSTGRES_PASSWORD: db-pwd + ACCOUNTS_DB_URI: postgresql://db-admin:db-pwd@accounts-db:5432/db + # ACCOUNTS_DB_URI: postgresql://db-admin:db-pwd@accounts-db.accounts-db-dev:5432/db diff --git a/userservice/configmap-env-config.yaml b/userservice/configmap-env-config.yaml new file mode 100644 index 0000000..9ca07f4 --- /dev/null +++ b/userservice/configmap-env-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: example/environment-config + name: environment-config + namespace: example + labels: + app: userservice + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|example|environment-config' +data: + LOCAL_ROUTING_NUM: "883745000" + PUB_KEY_PATH: /tmp/.ssh/publickey diff --git a/userservice/deployment.yaml b/userservice/deployment.yaml new file mode 100644 index 0000000..a250402 --- /dev/null +++ b/userservice/deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: # kpt-merge: example/base-app + name: userservice + namespace: example + labels: + app: userservice + annotations: + internal.kpt.dev/upstream-identifier: apps|Deployment|example|base-app +spec: + selector: + matchLabels: + app: userservice + template: + metadata: + labels: + app: userservice + spec: + serviceAccountName: default + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: primary + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + privileged: false + readOnlyRootFilesystem: true + image: gcr.io/bank-of-anthos-ci/userservice:v0.5.6 + volumeMounts: + - name: keys + mountPath: /tmp/.ssh + readOnly: true + - mountPath: /tmp + name: tmp + ports: + - name: http-server + containerPort: 8080 + env: + - name: VERSION + value: v0.5.6 + - name: PORT + value: "8080" + - name: ENABLE_TRACING + value: "false" + - name: TOKEN_EXPIRY_SECONDS + value: "3600" + - name: PRIV_KEY_PATH + value: /tmp/.ssh/privatekey + # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info. + - name: LOG_LEVEL + value: info + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ENABLE_METRICS + value: "false" + envFrom: + - configMapRef: + name: environment-config + - configMapRef: + name: accounts-db-config + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 10 + resources: + requests: + cpu: 200m + memory: 64Mi + limits: + cpu: 500m + memory: 256Mi + livenessProbe: + httpGet: {} + volumes: + # droot: should this be part of the base-app ? + - name: keys + secret: + secretName: jwt-key + items: + - key: jwtRS256.key.pub + path: publickey + - key: jwtRS256.key + path: privatekey + - emptyDir: {} + name: tmp diff --git a/userservice/fn-config-setimage.yaml b/userservice/fn-config-setimage.yaml new file mode 100644 index 0000000..2404390 --- /dev/null +++ b/userservice/fn-config-setimage.yaml @@ -0,0 +1,13 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetImage +metadata: # kpt-merge: /set-image + name: set-image + labels: + app: userservice + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetImage|default|set-image +image: + name: gcr.io/bank-of-anthos-ci/base-app + newName: gcr.io/bank-of-anthos-ci/userservice + newTag: v0.5.6 diff --git a/userservice/fn-config-setlabels.yaml b/userservice/fn-config-setlabels.yaml new file mode 100644 index 0000000..e35f8a0 --- /dev/null +++ b/userservice/fn-config-setlabels.yaml @@ -0,0 +1,11 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: SetLabels +metadata: # kpt-merge: /set-labels + name: set-labels + labels: + app: userservice + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|SetLabels|default|set-labels +labels: + app: userservice diff --git a/userservice/fn-config-setname.yaml b/userservice/fn-config-setname.yaml new file mode 100644 index 0000000..1aa9e30 --- /dev/null +++ b/userservice/fn-config-setname.yaml @@ -0,0 +1,31 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: StarlarkRun +metadata: # kpt-merge: /set-name + name: set-name + labels: + app: userservice + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: fn.kpt.dev|StarlarkRun|default|set-name +source: |- + def set_name(resources): + pkgName = "" + isAbstractPackage = False + for resource in resources: + if resource["kind"] == "ConfigMap" and resource["metadata"]["name"] == "kptfile.kpt.dev" and resource["data"]["name"] == "example": + isAbstractPackage = True + if resource["kind"] == "Kptfile": + pkgName = resource["metadata"]["name"] + if not isAbstractPackage: + # update resource name only if this is an abstract blueprint + return + if pkgName == "": + fail("package must have a name.") + return + + for resource in ctx.resource_list["items"]: + if resource["kind"] == "Service": + resource["metadata"]["name"] = pkgName + if resource["kind"] == "Deployment": + resource["metadata"]["name"] = pkgName + set_name(ctx.resource_list["items"]) diff --git a/userservice/package-context.yaml b/userservice/package-context.yaml new file mode 100644 index 0000000..b054f86 --- /dev/null +++ b/userservice/package-context.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: # kpt-merge: /kptfile.kpt.dev + name: kptfile.kpt.dev + labels: + app: userservice + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|kptfile.kpt.dev' +data: + name: example diff --git a/userservice/service.yaml b/userservice/service.yaml new file mode 100644 index 0000000..cbab652 --- /dev/null +++ b/userservice/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: # kpt-merge: example/base-app + name: userservice + namespace: example + labels: + app: userservice + annotations: + internal.kpt.dev/upstream-identifier: '|Service|example|base-app' +spec: + type: LoadBalancer + selector: + app: userservice + ports: + - name: http + port: 80 + targetPort: 8080