├── LICENSE
├── README.md
├── bin
├── asd-prereq-checker.sh
└── init-anthos-sample-deployment.env
├── config-repo
├── cloudbuild.yaml
├── cluster
│ └── README.md
├── clusterregistry
│ ├── clusters.yaml
│ └── selectors.yaml
├── namespaces
│ ├── README.md
│ ├── boa
│ │ ├── accounts-db.yaml
│ │ ├── balance-reader.yaml
│ │ ├── config.yaml
│ │ ├── contacts.yaml
│ │ ├── frontend-ingress.yaml
│ │ ├── frontend.yaml
│ │ ├── jwt-key.yaml
│ │ ├── ledger-db.yaml
│ │ ├── ledger-writer.yaml
│ │ ├── loadgenerator.yaml
│ │ ├── namespace.yaml
│ │ ├── service-entries.yaml.tpl
│ │ ├── transaction-history.yaml
│ │ └── userservice.yaml
│ └── istio-system
│ │ ├── destination-rule.yaml
│ │ ├── namespace.yaml
│ │ └── peer-authentication.yaml
└── system
│ └── repo.yaml
└── docs
├── code-of-conduct.md
└── contributing.md
/LICENSE:
--------------------------------------------------------------------------------
1 |
2 | Apache License
3 | Version 2.0, January 2004
4 | http://www.apache.org/licenses/
5 |
6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
7 |
8 | 1. Definitions.
9 |
10 | "License" shall mean the terms and conditions for use, reproduction,
11 | and distribution as defined by Sections 1 through 9 of this document.
12 |
13 | "Licensor" shall mean the copyright owner or entity authorized by
14 | the copyright owner that is granting the License.
15 |
16 | "Legal Entity" shall mean the union of the acting entity and all
17 | other entities that control, are controlled by, or are under common
18 | control with that entity. For the purposes of this definition,
19 | "control" means (i) the power, direct or indirect, to cause the
20 | direction or management of such entity, whether by contract or
21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
22 | outstanding shares, or (iii) beneficial ownership of such entity.
23 |
24 | "You" (or "Your") shall mean an individual or Legal Entity
25 | exercising permissions granted by this License.
26 |
27 | "Source" form shall mean the preferred form for making modifications,
28 | including but not limited to software source code, documentation
29 | source, and configuration files.
30 |
31 | "Object" form shall mean any form resulting from mechanical
32 | transformation or translation of a Source form, including but
33 | not limited to compiled object code, generated documentation,
34 | and conversions to other media types.
35 |
36 | "Work" shall mean the work of authorship, whether in Source or
37 | Object form, made available under the License, as indicated by a
38 | copyright notice that is included in or attached to the work
39 | (an example is provided in the Appendix below).
40 |
41 | "Derivative Works" shall mean any work, whether in Source or Object
42 | form, that is based on (or derived from) the Work and for which the
43 | editorial revisions, annotations, elaborations, or other modifications
44 | represent, as a whole, an original work of authorship. For the purposes
45 | of this License, Derivative Works shall not include works that remain
46 | separable from, or merely link (or bind by name) to the interfaces of,
47 | the Work and Derivative Works thereof.
48 |
49 | "Contribution" shall mean any work of authorship, including
50 | the original version of the Work and any modifications or additions
51 | to that Work or Derivative Works thereof, that is intentionally
52 | submitted to Licensor for inclusion in the Work by the copyright owner
53 | or by an individual or Legal Entity authorized to submit on behalf of
54 | the copyright owner. For the purposes of this definition, "submitted"
55 | means any form of electronic, verbal, or written communication sent
56 | to the Licensor or its representatives, including but not limited to
57 | communication on electronic mailing lists, source code control systems,
58 | and issue tracking systems that are managed by, or on behalf of, the
59 | Licensor for the purpose of discussing and improving the Work, but
60 | excluding communication that is conspicuously marked or otherwise
61 | designated in writing by the copyright owner as "Not a Contribution."
62 |
63 | "Contributor" shall mean Licensor and any individual or Legal Entity
64 | on behalf of whom a Contribution has been received by Licensor and
65 | subsequently incorporated within the Work.
66 |
67 | 2. Grant of Copyright License. Subject to the terms and conditions of
68 | this License, each Contributor hereby grants to You a perpetual,
69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
70 | copyright license to reproduce, prepare Derivative Works of,
71 | publicly display, publicly perform, sublicense, and distribute the
72 | Work and such Derivative Works in Source or Object form.
73 |
74 | 3. Grant of Patent License. Subject to the terms and conditions of
75 | this License, each Contributor hereby grants to You a perpetual,
76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
77 | (except as stated in this section) patent license to make, have made,
78 | use, offer to sell, sell, import, and otherwise transfer the Work,
79 | where such license applies only to those patent claims licensable
80 | by such Contributor that are necessarily infringed by their
81 | Contribution(s) alone or by combination of their Contribution(s)
82 | with the Work to which such Contribution(s) was submitted. If You
83 | institute patent litigation against any entity (including a
84 | cross-claim or counterclaim in a lawsuit) alleging that the Work
85 | or a Contribution incorporated within the Work constitutes direct
86 | or contributory patent infringement, then any patent licenses
87 | granted to You under this License for that Work shall terminate
88 | as of the date such litigation is filed.
89 |
90 | 4. Redistribution. You may reproduce and distribute copies of the
91 | Work or Derivative Works thereof in any medium, with or without
92 | modifications, and in Source or Object form, provided that You
93 | meet the following conditions:
94 |
95 | (a) You must give any other recipients of the Work or
96 | Derivative Works a copy of this License; and
97 |
98 | (b) You must cause any modified files to carry prominent notices
99 | stating that You changed the files; and
100 |
101 | (c) You must retain, in the Source form of any Derivative Works
102 | that You distribute, all copyright, patent, trademark, and
103 | attribution notices from the Source form of the Work,
104 | excluding those notices that do not pertain to any part of
105 | the Derivative Works; and
106 |
107 | (d) If the Work includes a "NOTICE" text file as part of its
108 | distribution, then any Derivative Works that You distribute must
109 | include a readable copy of the attribution notices contained
110 | within such NOTICE file, excluding those notices that do not
111 | pertain to any part of the Derivative Works, in at least one
112 | of the following places: within a NOTICE text file distributed
113 | as part of the Derivative Works; within the Source form or
114 | documentation, if provided along with the Derivative Works; or,
115 | within a display generated by the Derivative Works, if and
116 | wherever such third-party notices normally appear. The contents
117 | of the NOTICE file are for informational purposes only and
118 | do not modify the License. You may add Your own attribution
119 | notices within Derivative Works that You distribute, alongside
120 | or as an addendum to the NOTICE text from the Work, provided
121 | that such additional attribution notices cannot be construed
122 | as modifying the License.
123 |
124 | You may add Your own copyright statement to Your modifications and
125 | may provide additional or different license terms and conditions
126 | for use, reproduction, or distribution of Your modifications, or
127 | for any such Derivative Works as a whole, provided Your use,
128 | reproduction, and distribution of the Work otherwise complies with
129 | the conditions stated in this License.
130 |
131 | 5. Submission of Contributions. Unless You explicitly state otherwise,
132 | any Contribution intentionally submitted for inclusion in the Work
133 | by You to the Licensor shall be under the terms and conditions of
134 | this License, without any additional terms or conditions.
135 | Notwithstanding the above, nothing herein shall supersede or modify
136 | the terms of any separate license agreement you may have executed
137 | with Licensor regarding such Contributions.
138 |
139 | 6. Trademarks. This License does not grant permission to use the trade
140 | names, trademarks, service marks, or product names of the Licensor,
141 | except as required for reasonable and customary use in describing the
142 | origin of the Work and reproducing the content of the NOTICE file.
143 |
144 | 7. Disclaimer of Warranty. Unless required by applicable law or
145 | agreed to in writing, Licensor provides the Work (and each
146 | Contributor provides its Contributions) on an "AS IS" BASIS,
147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148 | implied, including, without limitation, any warranties or conditions
149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150 | PARTICULAR PURPOSE. You are solely responsible for determining the
151 | appropriateness of using or redistributing the Work and assume any
152 | risks associated with Your exercise of permissions under this License.
153 |
154 | 8. Limitation of Liability. In no event and under no legal theory,
155 | whether in tort (including negligence), contract, or otherwise,
156 | unless required by applicable law (such as deliberate and grossly
157 | negligent acts) or agreed to in writing, shall any Contributor be
158 | liable to You for damages, including any direct, indirect, special,
159 | incidental, or consequential damages of any character arising as a
160 | result of this License or out of the use or inability to use the
161 | Work (including but not limited to damages for loss of goodwill,
162 | work stoppage, computer failure or malfunction, or any and all
163 | other commercial damages or losses), even if such Contributor
164 | has been advised of the possibility of such damages.
165 |
166 | 9. Accepting Warranty or Additional Liability. While redistributing
167 | the Work or Derivative Works thereof, You may choose to offer,
168 | and charge a fee for, acceptance of support, warranty, indemnity,
169 | or other liability obligations and/or rights consistent with this
170 | License. However, in accepting such obligations, You may act only
171 | on Your own behalf and on Your sole responsibility, not on behalf
172 | of any other Contributor, and only if You agree to indemnify,
173 | defend, and hold each Contributor harmless for any liability
174 | incurred by, or claims asserted against, such Contributor by reason
175 | of your accepting any such warranty or additional liability.
176 |
177 | END OF TERMS AND CONDITIONS
178 |
179 | APPENDIX: How to apply the Apache License to your work.
180 |
181 | To apply the Apache License to your work, attach the following
182 | boilerplate notice, with the fields enclosed by brackets "[]"
183 | replaced with your own identifying information. (Don't include
184 | the brackets!) The text should be enclosed in the appropriate
185 | comment syntax for the file format. We also recommend that a
186 | file or class name and description of purpose be included on the
187 | same "printed page" as the copyright notice for easier
188 | identification within third-party archives.
189 |
190 | Copyright [yyyy] [name of copyright owner]
191 |
192 | Licensed under the Apache License, Version 2.0 (the "License");
193 | you may not use this file except in compliance with the License.
194 | You may obtain a copy of the License at
195 |
196 | http://www.apache.org/licenses/LICENSE-2.0
197 |
198 | Unless required by applicable law or agreed to in writing, software
199 | distributed under the License is distributed on an "AS IS" BASIS,
200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201 | See the License for the specific language governing permissions and
202 | limitations under the License.
203 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Anthos Sample Deployment
2 |
3 | This repository contains scripts that can be used in conjunction with the
4 | [Anthos Sample Deployment on Google Cloud](https://console.cloud.google.com/marketplace/details/click-to-deploy-images/anthos-sample-deployment).
5 |
--------------------------------------------------------------------------------
/bin/asd-prereq-checker.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # This script checks that prerequisites exist to ensure that
4 | # the Anthos Sample Deployment is successfully deployed.
5 | #
6 | # Example usage:
7 | # ./asd-prereq-checker.sh
8 |
9 | SERVICE_MANAGEMENT_API=servicemanagement.googleapis.com
10 | COMPUTE_API=compute.googleapis.com
11 | PROJECT_ID=$(gcloud config get-value project 2> /dev/null)
12 | ZONE=$(gcloud config get-value compute/zone 2> /dev/null)
13 | if [[ -z "${ZONE}" ]]; then
14 | ZONE='us-central1-c'
15 | fi
16 | REGION=$(echo ${ZONE} | awk -F- '{print $1 "-" $2}')
17 |
18 | DISABLED_SERVICE_MANAGEMENT_API="{
19 | 'KnownIssueId': 'disabled_service_management_api',
20 | 'Message': 'Service Management API is not enabled. You must enable this API in the current project. https://console.cloud.google.com/apis/api/servicemanagement.googleapis.com/overview?project=$PROJECT_ID '
21 | }"
22 |
23 | INVALID_ORG_POLICY_OSLOGIN="{
24 | 'KnownIssueId': 'invalid_org_policy_requireOsLogin',
25 | 'Message': 'An org policy (constraints/compute.requireOsLogin) exists that will prevent this deployment. Please try this deployment in a project without this org policy.'
26 | }"
27 |
28 | INVALID_ORG_POLICY_IPFORWARD="{
29 | 'KnownIssueId': 'invalid_org_policy_vmCanIpForward)',
30 | 'Message': 'An org policy (constraints/compute.vmCanIpForward) exists that will prevent this deployment. Please try this deployment in a project without this org policy.'
31 | }"
32 |
33 | INVALID_ORG_POLICY_TRUSTED_IMAGES="{
34 | 'KnownIssueId': 'invalid_org_policy_trustedImageProjects)',
35 | 'Message': 'An org policy (constraints/compute.trustedImageProjects) exists that will prevent this deployment. Please try this deployment in a project without this org policy.'
36 | }"
37 |
38 | DEPLOYMENT_ALREADY_EXISTS="{
39 | 'KnownIssueId': 'deployment_already_exists',
40 | 'Message': 'An instance of Anthos Sample Deployment already exists. You must delete the previous deployment before performing another deployment. https://console.cloud.google.com/dm/deployments?project=$PROJECT_ID '
41 | }"
42 |
43 | INVALID_PROJECT_ID_COLON="{
44 | 'KnownIssueId': 'invalid_project_id_colon',
45 | 'Message': 'There is a colon in the project id. Please try this deployment in a project without a colon in the project id.'
46 | }"
47 |
48 | INVALID_PROJECT_ID_QWIKLABS="{
49 | 'KnownIssueId': 'invalid_project_id_qwiklabs',
50 | 'Message': 'A Qwiklabs project is detected. Anthos Sample Deployment is not designed to run on Qwiklabs environment.'
51 | }"
52 |
53 | INSUFFICIENT_REGIONAL_CPUS_QUOTA="{
54 | 'KnownIssueId': 'insufficient_regional_cpus_quota',
55 | 'Message': 'Insufficient regional CPUS quota for 7 more vCPUs in the project.'
56 | }"
57 |
58 | INSUFFICIENT_GLOBAL_CPUS_QUOTA="{
59 | 'KnownIssueId': 'insufficient_global_cpus_quota',
60 | 'Message': 'Insufficient CPUS_ALL_REGIONS quota for 7 more vCPUs in the project.'
61 | }"
62 |
63 | INSUFFICIENT_NETWORKS_QUOTA="{
64 | 'KnownIssueId': 'insufficient_networks_quota',
65 | 'Message': 'Insufficient NETWORKS quota for 1 more network in the project.'
66 | }"
67 |
68 | INSUFFICIENT_FIREWALLS_QUOTA="{
69 | 'KnownIssueId': 'insufficient_firewalls_quota',
70 | 'Message': 'Insufficient FIREWALLS quota for 2 more firewalls in the project.'
71 | }"
72 |
73 | function check_iam_policy {
74 | # iam.serviceAccounts.create and iam.serviceAccounts.setIamPolicy are the
75 | # 2 required permissions for the user to be able to create
76 | # the service account. Sufficient to check them by IAM roles.
77 | account=$(gcloud config list account --format "value(core.account)")
78 | result=$(gcloud projects get-iam-policy $PROJECT_ID --flatten="bindings[].members" --format="table(bindings.role)" --filter="bindings.members:$account")
79 | if [[ "$result" == *"roles/owner"* || "$result" == *"roles/editor"* || "$result" == *"roles/iam.serviceAccountAdmin"* ]]; then
80 | echo "PASS: User has permission to create service account with the required IAM policies."
81 | else
82 | echo
83 | echo "WARNING: Unable to verify if you have the necessary permission to create a service account with the required IAM policy. Please verify manually that you have iam.serviceAccounts.create and iam.serviceAccounts.setIamPolicy permissions, and then proceed with deployment. https://console.cloud.google.com/iam-admin/iam?project=$PROJECT_ID You can also disregard this warning, if you will be providing your own pre-existing service account."
84 | echo
85 | fi
86 | }
87 |
88 | function check_org_policy_is_valid {
89 | if ! gcloud beta resource-manager org-policies list --project=$PROJECT_ID >/dev/null 2>&1; then
90 | echo "WARNING: Unable to verify if the project has any Organization Policies that will prevent the deployment."
91 | return
92 | fi
93 |
94 | result=$(gcloud beta resource-manager org-policies describe compute.requireOsLogin --project=$PROJECT_ID --effective)
95 | if [[ "$result" == *"enforced: true"* ]]; then
96 | echo
97 | echo $INVALID_ORG_POLICY_OSLOGIN
98 | echo
99 | exit 1
100 | fi
101 |
102 | result=$(gcloud beta resource-manager org-policies describe compute.vmCanIpForward --project=$PROJECT_ID --effective)
103 | if [[ "$result" == *"DENY"* ]]; then
104 | echo
105 | echo $INVALID_ORG_POLICY_IPFORWARD
106 | echo
107 | exit 1
108 | fi
109 |
110 | result=$(gcloud beta resource-manager org-policies describe compute.trustedImageProjects --project=$PROJECT_ID --effective)
111 | if [[ "$result" == *"DENY"* ]]; then
112 | echo
113 | echo $INVALID_ORG_POLICY_TRUSTED_IMAGES
114 | echo
115 | exit 1
116 | fi
117 |
118 | echo "PASS: Org Policy will allow this deployment."
119 | }
120 |
121 | function check_service_management_api_is_enabled {
122 | # Getting json output removes an output of `Listed 0 items` that
123 | # goes to the terminal.
124 | result=$(gcloud services list --format=json --filter=name:$SERVICE_MANAGEMENT_API)
125 | if [[ "$result" != *"$SERVICE_MANAGEMENT_API"* ]]; then
126 | echo
127 | echo $DISABLED_SERVICE_MANAGEMENT_API
128 | echo
129 | exit 1
130 | else
131 | echo "PASS: Service Management API is enabled."
132 | fi
133 | }
134 |
135 | function check_deployment_does_not_exist {
136 | result=$(gcloud container clusters list --format=json --filter=name:anthos-sample-cluster1)
137 | if [[ "$result" == *"anthos-sample-cluster"* ]]; then
138 | echo
139 | echo $DEPLOYMENT_ALREADY_EXISTS
140 | echo
141 | exit 1
142 | fi
143 |
144 | echo "PASS: Anthos Sample Deployment does not already exist."
145 | }
146 |
147 | function check_project_id_is_valid {
148 | if [[ "$PROJECT_ID" == *":"* ]]; then
149 | echo
150 | echo $INVALID_PROJECT_ID_COLON
151 | echo
152 | exit 1
153 | elif [[ "$PROJECT_ID" =~ ^qwiklabs-gcp-.{2}-.{12}$ ]]; then
154 | echo
155 | echo $INVALID_PROJECT_ID_QWIKLABS
156 | echo
157 | exit 1
158 | fi
159 | echo "PASS: Project ID is valid."
160 | }
161 |
162 |
163 | function check_quota_is_sufficient {
164 | api=$(gcloud services list --format=json --filter=name:$COMPUTE_API)
165 | if [[ "$api" != *"$COMPUTE_API"* ]]; then
166 | echo "WARNING: Unable to verify compute quota because $COMPUTE_API in project $PROJECT_ID is not enabled. Enable this API in the current project at https://console.cloud.google.com/apis/api/compute.googleapis.com/overview?project=$PROJECT_ID and run this script again."
167 | return
168 | fi
169 |
170 | quota=$(gcloud compute regions describe ${REGION} --flatten quotas --format="csv(quotas.metric,quotas.limit,quotas.usage)"|egrep '^CPUS,')
171 | limit=$(echo $quota | awk -F, '{print $2}' | awk -F. '{print $1}' )
172 | usage=$(echo $quota | awk -F, '{print $3}' | awk -F. '{print $1}' )
173 | remain=$(( limit - usage ))
174 | if (( remain < 7 )); then
175 | echo $INSUFFICIENT_REGIONAL_CPUS_QUOTA
176 | exit 1
177 | fi
178 |
179 | if gcloud compute project-info describe --flatten quotas --format="csv(quotas.metric,quotas.limit,quotas.usage)"|egrep '^CPUS_ALL_REGIONS' > /dev/null; then
180 | quota=$(gcloud compute project-info describe --flatten quotas --format="csv(quotas.metric,quotas.limit,quotas.usage)"|egrep '^CPUS_ALL_REGIONS,')
181 | limit=$(echo $quota | awk -F, '{print $2}' | awk -F. '{print $1}' )
182 | usage=$(echo $quota | awk -F, '{print $3}' | awk -F. '{print $1}' )
183 | remain=$(( limit - usage ))
184 | if (( remain < 7 )); then
185 | echo $INSUFFICIENT_GLOBAL_CPUS_QUOTA
186 | exit 1
187 | fi
188 | fi
189 |
190 | quota=$(gcloud compute project-info describe --flatten quotas --format="csv(quotas.metric,quotas.limit,quotas.usage)"|egrep '^NETWORKS,')
191 | limit=$(echo $quota | awk -F, '{print $2}' | awk -F. '{print $1}' )
192 | usage=$(echo $quota | awk -F, '{print $3}' | awk -F. '{print $1}' )
193 | remain=$(( limit - usage ))
194 | if (( remain < 1 )); then
195 | echo $INSUFFICIENT_NETWORKS_QUOTA
196 | exit 1
197 | fi
198 |
199 | quota=$(gcloud compute project-info describe --flatten quotas --format="csv(quotas.metric,quotas.limit,quotas.usage)"|egrep '^FIREWALLS')
200 | limit=$(echo $quota | awk -F, '{print $2}' | awk -F. '{print $1}' )
201 | usage=$(echo $quota | awk -F, '{print $3}' | awk -F. '{print $1}' )
202 | remain=$(( limit - usage ))
203 | if (( remain < 2 )); then
204 | echo $INSUFFICIENT_FIREWALLS_QUOTA
205 | exit 1
206 | fi
207 |
208 | echo "PASS: Project has sufficient quota to support this deployment."
209 | }
210 |
211 | function usage {
212 | echo "Project ID must be set: gcloud config set project [PROJECT_ID]"
213 | echo "Optionally, set deployment zone: gcloud config set compute/zone [ZONE]"
214 | echo "Then rerun ${0##*/}"
215 | exit 1
216 | }
217 |
218 | if [[ -z "${PROJECT_ID}" ]]; then
219 | usage >&2
220 | fi
221 |
222 | echo "Checking project ${PROJECT_ID}, region ${REGION}, zone ${ZONE}"
223 | echo
224 | check_iam_policy
225 | check_org_policy_is_valid
226 | check_service_management_api_is_enabled
227 | check_deployment_does_not_exist
228 | check_project_id_is_valid
229 | check_quota_is_sufficient
230 |
--------------------------------------------------------------------------------
/bin/init-anthos-sample-deployment.env:
--------------------------------------------------------------------------------
1 | # This file is meant to be sourced into a bash shell for the Anthos Sample Deployment tutorial.
2 | # Primarily for using tutorial with Cloud Shell.
3 | # Ex: source init-anthos-sample-deployment.env
4 |
5 | function info() {
6 | printf "$1\n"
7 | }
8 |
9 | function warn() {
10 | info $1
11 | }
12 |
13 | function error() {
14 | err=${1:-'error sourcing script'}
15 | info "${err}"
16 | # exit bash function stack without exiting current shell
17 | kill -INT $$
18 | }
19 |
20 | function precheck {
21 | if [[ ${OSTYPE} != "linux-gnu" || ${CLOUD_SHELL} != true ]]; then
22 | info "Warning: This has only been tested in GCP Cloud Shell. Only Linux (debian) is supported."
23 | fi
24 |
25 | command -v gcloud || (
26 | error "gcloud not installed, follow https://cloud.google.com/sdk/install to install it first."
27 | )
28 |
29 | command -v kubectl || (
30 | error "Kubectl not installed, you can run the following command to install it:\n\nsudo apt-get install kubectl"
31 | )
32 |
33 | command -v git || (
34 | error "git not installed, you can run the following command to install it:\n\nsudo apt-get install git"
35 | )
36 |
37 | PROJECT=$(gcloud config get-value project)
38 | if [[ -z ${PROJECT} ]]; then
39 | error "Failed to find project, please use 'gcloud config set project PROJECT_ID' to select the right project."
40 | fi
41 | export PROJECT
42 | info "export PROJECT as ${PROJECT}"
43 | }
44 |
45 | function init_kubeconfig {
46 | KUBECONFIG=${HOME}/.kube/${PROJECT}.anthos-trial-gcp.config
47 | mkdir -p "$(dirname "${KUBECONFIG}")"
48 | export KUBECONFIG
49 | info "export KUBECONFIG as ${KUBECONFIG}"
50 |
51 | clusters=$(gcloud container clusters list | grep -v NAME )
52 | echo "${clusters}" | while read -r cluster; do
53 | eval "$(echo "${cluster}" | awk '{print "gcloud container clusters get-credentials "$1" --zone="$2}')"
54 | eval "$(echo "${cluster}" | awk -v PROJECT=$PROJECT '{print "kubectl config rename-context gke_" PROJECT "_" $2 "_" $1 " " $1}')"
55 | done
56 | }
57 |
58 | function install_istioctl {
59 | if command -v istioctl; then
60 | info "istioctl already installed."
61 | return 0
62 | fi
63 |
64 | mkdir -p "${HOME}/bin"
65 | local ver=1.8.1-asm.5
66 | gsutil cat gs://gke-release/asm/istio-${ver}-linux-amd64.tar.gz | tar -C ${HOME}/bin/ -z -x istio-${ver}/bin/istioctl --strip-components=2
67 | }
68 |
69 | function install_nomos {
70 | if command -v nomos; then
71 | info "nomos already installed."
72 | return 0
73 | fi
74 |
75 | mkdir -p "${HOME}/bin"
76 | gsutil cp gs://config-management-release/released/latest/linux_amd64/nomos "${HOME}/bin/nomos"
77 | chmod a+x "${HOME}/bin/nomos"
78 |
79 | PATH=${PATH}:${HOME}/bin
80 | export PATH
81 | info "Installed nomos into ${HOME}/bin."
82 | }
83 |
84 | function clone_config_repo {
85 | local prefix="anthos-sample-deployment"
86 | upstream="${prefix}-config-repo"
87 | clone="${prefix}-config-repo"
88 | if [[ -d $clone ]]; then
89 | tempdir="/tmp/$clone-$(date +%s)"
90 | info "Backing up current ACM config repo ($clone) to $tempdir"
91 | mv $clone $tempdir 2>/dev/null || true
92 | fi
93 | gcloud source repos clone $upstream $clone 2>/dev/null \
94 | && info "Cloned ACM config repo: ./$clone" \
95 | || error "Failed to clone ACM repo: $clone"
96 | }
97 |
98 | precheck
99 | init_kubeconfig
100 | install_istioctl
101 | install_nomos
102 | clone_config_repo
103 |
104 | # save context names
105 | names=($(kubectl config get-contexts -o name))
106 |
107 | # use first context by default
108 | kubectl config use-context "${names[0]}"
109 |
110 | # tutorial helper function to configure git user and name
111 | function init_git {
112 | git_email=$(git config --get user.email)
113 | git_name=$(git config --get user.name)
114 | user_email=$(gcloud config list account --format "value(core.account)")
115 | user_name=$(echo $user_email | cut -f1 -d"@")
116 |
117 | if [[ -z "$git_email" ]]; then
118 | git config --local user.email $user_email
119 | info "Configured local git user.email to $user_email"
120 | else
121 | info "Verified git user.email has been set to $git_email"
122 | fi
123 | if [[ -z "$git_name" ]]; then
124 | git config --local user.name $user_name
125 | info "Configured local git user.name to $user_name"
126 | else
127 | info "Verified git user.name has been set to $git_name"
128 | fi
129 | }
130 |
131 | # tutorial helper function to watch nomos sync clusters
132 | function watchmtls {
133 | watch -n 1 'status=$(nomos status) && printf "%s\n\n" "$status" && printf "cluster1: " && kubectl get destinationrule default -n istio-system --context '${names[0]}' -o yaml | grep "mode: "'
134 | }
135 |
--------------------------------------------------------------------------------
/config-repo/cloudbuild.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2020 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | steps:
16 | - name: 'gcr.io/cloud-builders/kubectl'
17 | args: ['config', 'current-context']
18 | volumes:
19 | - name: 'kube'
20 | path: '/kube'
21 | env:
22 | - 'KUBECONFIG=/kube/config'
23 | - 'CLOUDSDK_COMPUTE_ZONE=us-central1-a'
24 | - 'CLOUDSDK_CONTAINER_CLUSTER=test'
25 | - 'CLOUDSDK_CONTAINER_USE_APPLICATION_DEFAULT_CREDENTIALS=true'
26 | - name: 'gcr.io/nomos-release/nomos:stable'
27 | args: ['nomos', 'vet', '--path', '/workspace']
28 | volumes:
29 | - name: 'kube'
30 | path: '/kube'
31 | env:
32 | - 'KUBECONFIG=/kube/config'
33 | timeout: 30s
34 |
--------------------------------------------------------------------------------
/config-repo/cluster/README.md:
--------------------------------------------------------------------------------
1 | # Cluster
2 |
3 | This directory contains cluster-scoped resources.
4 |
--------------------------------------------------------------------------------
/config-repo/clusterregistry/clusters.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2020 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | kind: Cluster
16 | apiVersion: clusterregistry.k8s.io/v1alpha1
17 | metadata:
18 | name: anthos-sample-cluster1
19 | labels:
20 | environment: asm
21 |
--------------------------------------------------------------------------------
/config-repo/clusterregistry/selectors.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2020 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | kind: ClusterSelector
16 | apiVersion: configmanagement.gke.io/v1
17 | metadata:
18 | name: asm
19 | spec:
20 | selector:
21 | matchLabels:
22 | environment: asm
23 |
--------------------------------------------------------------------------------
/config-repo/namespaces/README.md:
--------------------------------------------------------------------------------
1 | # Namespaces
2 |
3 | This directory contains namespace-scoped resources.
4 |
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/accounts-db.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | kind: StatefulSet
16 | apiVersion: apps/v1
17 | metadata:
18 | name: accounts-db
19 | labels:
20 | app: accounts-db
21 | tier: db
22 | spec:
23 | serviceName: "accounts-db"
24 | replicas: 1
25 | selector:
26 | matchLabels:
27 | app: accounts-db
28 | tier: db
29 | template:
30 | metadata:
31 | labels:
32 | app: accounts-db
33 | tier: db
34 | spec:
35 | serviceAccountName: default
36 | containers:
37 | - name: accounts-db
38 | image: gcr.io/bank-of-anthos-ci/accounts-db:v0.5.2
39 | envFrom:
40 | - configMapRef:
41 | name: environment-config
42 | - configMapRef:
43 | name: accounts-db-config
44 | - configMapRef:
45 | name: demo-data-config
46 | ports:
47 | - containerPort: 5432
48 | name: postgredb
49 | resources:
50 | requests:
51 | cpu: 30m
52 | memory: 128Mi
53 | limits:
54 | cpu: 500m
55 | memory: 1Gi
56 | volumeMounts:
57 | - name: postgresdb
58 | mountPath: /var/lib/postgresql/data
59 | subPath: postgres
60 | volumes:
61 | - name: postgresdb
62 | emptyDir: {}
63 | ---
64 | apiVersion: v1
65 | kind: Service
66 | metadata:
67 | name: accounts-db
68 | labels:
69 | app: accounts-db
70 | tier: db
71 | spec:
72 | ports:
73 | - port: 5432
74 | name: tcp
75 | targetPort: 5432
76 | protocol: TCP
77 | selector:
78 | app: accounts-db
79 | tier: db
80 | ---
81 | apiVersion: v1
82 | kind: ConfigMap
83 | metadata:
84 | name: accounts-db-config
85 | labels:
86 | app: accounts-db
87 | data:
88 | POSTGRES_DB: accounts-db
89 | POSTGRES_USER: accounts-admin
90 | POSTGRES_PASSWORD: accounts-pwd
91 | ACCOUNTS_DB_URI: postgresql://accounts-admin:accounts-pwd@accounts-db:5432/accounts-db
92 |
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/balance-reader.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: apps/v1
16 | kind: Deployment
17 | metadata:
18 | name: balancereader
19 | spec:
20 | selector:
21 | matchLabels:
22 | app: balancereader
23 | template:
24 | metadata:
25 | labels:
26 | app: balancereader
27 | spec:
28 | serviceAccountName: default
29 | terminationGracePeriodSeconds: 5
30 | containers:
31 | - name: balancereader
32 | image: gcr.io/bank-of-anthos-ci/balancereader:v0.5.2
33 | volumeMounts:
34 | - name: publickey
35 | mountPath: "/root/.ssh"
36 | readOnly: true
37 | env:
38 | - name: VERSION
39 | value: "v0.5.2"
40 | - name: PORT
41 | value: "8080"
42 | # toggle Cloud Trace export
43 | - name: ENABLE_TRACING
44 | value: "false"
45 | - name: ENABLE_METRICS
46 | value: "false"
47 | - name: POLL_MS
48 | value: "100"
49 | - name: CACHE_SIZE
50 | value: "1000000"
51 | # tell Java to obey container memory limits
52 | - name: JVM_OPTS
53 | value: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
54 | # Valid levels are debug, info, warn, error, fatal.
55 | # If no valid level is set, will default to info.
56 | - name: LOG_LEVEL
57 | value: "info"
58 | - name: NAMESPACE
59 | valueFrom:
60 | fieldRef:
61 | fieldPath: metadata.namespace
62 | envFrom:
63 | - configMapRef:
64 | name: environment-config
65 | # add ledger-db credentials from ConfigMap
66 | - configMapRef:
67 | name: ledger-db-config
68 | resources:
69 | requests:
70 | cpu: 30m
71 | memory: 512Mi
72 | limits:
73 | cpu: 500m
74 | memory: 1Gi
75 | readinessProbe:
76 | httpGet:
77 | path: /ready
78 | port: 8080
79 | initialDelaySeconds: 60
80 | periodSeconds: 5
81 | timeoutSeconds: 10
82 | livenessProbe:
83 | httpGet:
84 | path: /healthy
85 | port: 8080
86 | initialDelaySeconds: 120
87 | periodSeconds: 5
88 | timeoutSeconds: 10
89 | volumes:
90 | - name: publickey
91 | secret:
92 | secretName: jwt-key
93 | items:
94 | - key: jwtRS256.key.pub
95 | path: publickey
96 | ---
97 | apiVersion: v1
98 | kind: Service
99 | metadata:
100 | name: balancereader
101 | spec:
102 | type: ClusterIP
103 | selector:
104 | app: balancereader
105 | ports:
106 | - name: http
107 | port: 8080
108 | targetPort: 8080
109 |
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/config.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: v1
16 | kind: ConfigMap
17 | metadata:
18 | name: environment-config
19 | data:
20 | LOCAL_ROUTING_NUM: "883745000"
21 | PUB_KEY_PATH: "/root/.ssh/publickey"
22 | ---
23 | apiVersion: v1
24 | kind: ConfigMap
25 | metadata:
26 | name: service-api-config
27 | data:
28 | TRANSACTIONS_API_ADDR: "ledgerwriter:8080"
29 | BALANCES_API_ADDR: "balancereader:8080"
30 | HISTORY_API_ADDR: "transactionhistory:8080"
31 | CONTACTS_API_ADDR: "contacts:8080"
32 | USERSERVICE_API_ADDR: "userservice:8080"
33 | ---
34 | apiVersion: v1
35 | kind: ConfigMap
36 | metadata:
37 | name: demo-data-config
38 | data:
39 | USE_DEMO_DATA: "True"
40 | DEMO_LOGIN_USERNAME: "testuser"
41 | # All demo user accounts are hardcoded to use the login password 'password'
42 | DEMO_LOGIN_PASSWORD: "password"
43 |
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/contacts.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: apps/v1
16 | kind: Deployment
17 | metadata:
18 | name: contacts
19 | spec:
20 | selector:
21 | matchLabels:
22 | app: contacts
23 | template:
24 | metadata:
25 | labels:
26 | app: contacts
27 | spec:
28 | serviceAccountName: default
29 | terminationGracePeriodSeconds: 5
30 | containers:
31 | - name: contacts
32 | image: gcr.io/bank-of-anthos-ci/contacts:v0.5.2
33 | volumeMounts:
34 | - name: publickey
35 | mountPath: "/root/.ssh"
36 | readOnly: true
37 | env:
38 | - name: VERSION
39 | value: "v0.5.2"
40 | - name: PORT
41 | value: "8080"
42 | - name: ENABLE_TRACING
43 | value: "false"
44 | # Valid levels are debug, info, warning, error, critical.
45 | # If no valid level is set, will default to info.
46 | - name: LOG_LEVEL
47 | value: "info"
48 | envFrom:
49 | - configMapRef:
50 | name: environment-config
51 | - configMapRef:
52 | name: accounts-db-config
53 | resources:
54 | requests:
55 | cpu: 30m
56 | memory: 64Mi
57 | limits:
58 | cpu: 500m
59 | memory: 256Mi
60 | readinessProbe:
61 | httpGet:
62 | path: /ready
63 | port: 8080
64 | initialDelaySeconds: 10
65 | periodSeconds: 5
66 | timeoutSeconds: 10
67 | volumes:
68 | - name: publickey
69 | secret:
70 | secretName: jwt-key
71 | items:
72 | - key: jwtRS256.key.pub
73 | path: publickey
74 | ---
75 | apiVersion: v1
76 | kind: Service
77 | metadata:
78 | name: contacts
79 | spec:
80 | type: ClusterIP
81 | selector:
82 | app: contacts
83 | ports:
84 | - name: http
85 | port: 8080
86 | targetPort: 8080
87 |
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/frontend-ingress.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | apiVersion: networking.istio.io/v1alpha3
15 | kind: Gateway
16 | metadata:
17 | name: frontend-gateway
18 | spec:
19 | selector:
20 | istio: ingressgateway # use Istio default gateway implementation
21 | servers:
22 | - port:
23 | number: 80
24 | name: http
25 | protocol: HTTP
26 | hosts:
27 | - "*"
28 | ---
29 | apiVersion: networking.istio.io/v1alpha3
30 | kind: VirtualService
31 | metadata:
32 | name: frontend-ingress
33 | spec:
34 | hosts:
35 | - "*"
36 | gateways:
37 | - frontend-gateway
38 | http:
39 | - route:
40 | - destination:
41 | host: frontend
42 | port:
43 | number: 80
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/frontend.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: apps/v1
16 | kind: Deployment
17 | metadata:
18 | name: frontend
19 | spec:
20 | selector:
21 | matchLabels:
22 | app: frontend
23 | template:
24 | metadata:
25 | labels:
26 | app: frontend
27 | spec:
28 | serviceAccountName: default
29 | terminationGracePeriodSeconds: 5
30 | containers:
31 | - name: front
32 | image: gcr.io/bank-of-anthos-ci/frontend:v0.5.2
33 | volumeMounts:
34 | - name: publickey
35 | mountPath: "/root/.ssh"
36 | readOnly: true
37 | env:
38 | - name: VERSION
39 | value: "v0.5.2"
40 | - name: PORT
41 | value: "8080"
42 | - name: ENABLE_TRACING
43 | value: "false"
44 | - name: SCHEME
45 | value: "http"
46 | # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info.
47 | - name: LOG_LEVEL
48 | value: "info"
49 | # Set to "true" to enable the CymbalBank logo + title
50 | # - name: CYMBAL_LOGO
51 | # value: "false"
52 | # Customize the bank name used in the header. Defaults to 'Bank of Anthos' - when CYMBAL_LOGO is true, uses 'CymbalBank'
53 | # - name: BANK_NAME
54 | # value: ""
55 | - name: DEFAULT_USERNAME
56 | valueFrom:
57 | configMapKeyRef:
58 | name: demo-data-config
59 | key: DEMO_LOGIN_USERNAME
60 | - name: DEFAULT_PASSWORD
61 | valueFrom:
62 | configMapKeyRef:
63 | name: demo-data-config
64 | key: DEMO_LOGIN_PASSWORD
65 | envFrom:
66 | - configMapRef:
67 | name: environment-config
68 | - configMapRef:
69 | name: service-api-config
70 | readinessProbe:
71 | httpGet:
72 | path: /ready
73 | port: 8080
74 | initialDelaySeconds: 10
75 | periodSeconds: 5
76 | timeoutSeconds: 10
77 | livenessProbe:
78 | httpGet:
79 | path: /ready
80 | port: 8080
81 | initialDelaySeconds: 60
82 | periodSeconds: 15
83 | timeoutSeconds: 30
84 | resources:
85 | requests:
86 | cpu: 30m
87 | memory: 64Mi
88 | limits:
89 | cpu: 500m
90 | memory: 256Mi
91 | volumes:
92 | - name: publickey
93 | secret:
94 | secretName: jwt-key
95 | items:
96 | - key: jwtRS256.key.pub
97 | path: publickey
98 | ---
99 | apiVersion: v1
100 | kind: Service
101 | metadata:
102 | name: frontend
103 | spec:
104 | selector:
105 | app: frontend
106 | ports:
107 | - name: http
108 | port: 80
109 | targetPort: 8080
110 |
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/jwt-key.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | # This secret contains a keypair used to sign and verify JWTs for authentication
16 | # In practice, this should never be checked into version control. It is provided here to simplify deployment
17 | apiVersion: v1
18 | kind: Secret
19 | metadata:
20 | name: jwt-key
21 | namespace: boa
22 | type: Opaque
23 | data:
24 | jwtRS256.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS3dJQkFBS0NBZ0VBNEd2Wk5Ta2o1aWlXYjJEWk0yZkN4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZClJPWEt3NVMrbEVMSDlBZXRUZGNUQWRrYkN6eWFwU2RrM1Bxd3hoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0kKdFk2NVgrTnEwcWFSdkxkT09iRlFHbUlIeDc1emtaNjU0K2Z0dm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRUwpGYklhOEE5NkJTcEp6S20wYWhLKzZyOFZ2dk9xMUJIR1pJSUtLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvCm8rRFZ0LyswTUk4T1p2ZEF1YWIyVVh1YitUaXdBZ0c3Njh5bkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFgKUXNPUnRUaTYwRlpQWDdDM1YxcmxVZStyVTlCWTZDbHJXbGVKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbApPS3VsdGFkdVNWbmZ2OEMwdXoxelBCWkl3WG5zVk83WHlTVlBBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EClNPOFNITnlLTytrNnBUaG1hbW9xTUJKQkNwY0MrRzFVUFVxWWV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2UKT3JIVlUyRGo3enpkaW1MMmJlaHFTd1NpM3pBa2xXZjRGU0F6aC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQwp4NUFtRUZsdlF1VUkwcTZ3WjZ2cmxBWUsrTWRtNER2RkFVbFhzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBCmx6WFdtaEM4R3JXQklodDFPSkxXREtPNWx2Wm1KUS9sazdic1VyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUEKQVFLQ0FnRUFoQ0c3ZnpzN3NiVlA3VCsrWWkvRFZMUUc2dDF1Y3hPYUQyS3hkZFFLNjJiWlM5UWJFMldnWGtyagpjbk5uT3R5U1F2UlFjcFFiQWlDcWhIYVBRalF2aEU0ZVNOeStFcXN1WEhMYjJsMHJqMUVUZjRVWDBwMjNzeWM0CnE5SDZtSHZzaUxkSERHR1BaeUZROWZuWVJNRTNEeUhhcjdvZm1RSlNYWjk0SVErZ2ZlVFlkeXZWQWdVZEt4NVIKbjF6b21xR0lZYk9yeUphOC9QS0dMOXBQVHJucHRTSmUyTUJxS0hlMC9MVXRrQjhOOXN5eDJxN3E3Q0hpY3pVUQpLRTd5RWRtZHVERC9jYll2ZlNyTkprRlRIV0FmUVBzejZDbmpjNjBsbkRiTXIzVXphUEM0Sk00OEFra1hMdlc1CnVCUTVJNFB1VG5acjhqUUVVWktuNWZrTkJlSG9aNjlZVVp2eWdOcGJRaVMxWi9CRzYwVDVZN1VPY09wWVJ2bCsKL0dSNUFSNnpZQVJKbTBKNmg3U2NsdGhLSjdaVnFldWV5U3B1UG9mTjg0V241Zm1mbWdsR2F0dlc4KzFGR2ZNRQppWGxHbzhHQ1ZyampzN013a0pMT3Jlc0lRblFWK3ZmWC95Nk9WRExMS21yeGJCT3BPcm5TK01icnFoOXBsRGFICks1N0VOVngzWWxVd2M3bFRHd2Q2cS9nVnhSWDZRc1F3VEl5UHVOOUozMWd0dXRCeS9FTVVGc1hJenJhRmRIQzgKZXVlT1N3V0JQT05XbUkzN1BCVTIycXFyMWE3d1Y3Z0lJOGg3WS8waDNDYjFYWjZsQ2FzOCt0emI3VFZNMGxWQwpINWNYaXRqM2xKS1B1b2VzOXpTNFhEQjQ0V1hwZkw4SFVXQ1NuSWF2ZVJYUHhwbDRJbUVDZ2dFQkFQMjJEZml3CmVaRDBSTzlManJSR2cxODJlNnNSZ052VUQrOTFjUnBRNFBDcnlKQm1tTmNWOFBNZVdoZFlPaHdCWW1JMjkyWkkKcjFyeHVwclBCdE43dTNnWmhKYkVXL1IvSFozc2lPSmNycHlhejBVNUpDSzRTOERSbkdnUUdOQUdJNFlsVUNxNwpLL2JOa0JLcnRpSEVpOWV6RGQ3SjIrRGJGK0FiSXNWdlNnNnNHdEp1TG8rY0VRUzFaNzkycTQ5NUt6dWJyUDhvClVIbWFuc1R1ZEtLL1lZY0dlcU9pS2V0bmgrK0ZUc0hXek1NTEJ3VllySVlZRHZ5RWUvZEFkNWUzM3ZTRSsrbXkKZEVaVkZidVRMQmdzSW4wM0dmZ1pnNE56QkNhSm9NZGJtU3NiaUxGMkRTL1g4eXNKNldLYzdVTFMwMXJwSjBLTgo0VldQNjhiZlZOd1YwbmtDZ2dFQkFPSnlKaVN5aGJrL1hEVjRzT2ZLS1BBQ3RJTkN0ZWk2OWpYVVVOUHNhQndNCjFMNURCOU5tNjhLb3piVTN1Rk9QbmRPZERrMms5cm5WS1JkSlYrTHhPQ2NEdE5aMzlGQ3JtbUs3TGc4TnBUM2cKVksxc29YamFtcGI3NU1LWjZzaGFIUDRFUUMvTVVoeVF1UXkydEtUS3JMYUNFRmdzR1RhRHFaOU9xMVdIZzhWNwoxdUkzak8xYnNzNFRQWjJxbXVOYjE0WEMzQnJaeDE4eWY3MnJZMEk5RTAxdXorUmp4VUdSK0E3dlloSklYVWtMCmtzQTJqV1ludktsVmZRRWJpWlVpcjQ0d2IraEZ4Z3JwcVBvSmNCTzgvdS9UYXZ3MjFqbjFkRys3NWZqZnI5M3UKRjExbUh2VVY2Z0RJenN4NDVicDVDek5oUmdTTHNRZk9INFdpdytIcUNrTUNnZ0VCQU1UZGtFZkpmL3IzWDhvaQo0ZStHeTRlRStqOEtqT2VHekhxdHNYNlBCWXdhYjcyRXJ0SXV4MUdPMnE5RW1ZcURsSGpMVi9zNUtVQXpVKzJ0CitRaisrTCsvWlQrcnpBS1M1RU5YZC92Vm1QUVJ1QVZweWwxYWpnVm5ZS3JxMnFZSUxXWjQ2NVRNdWRkL09HMFUKYW5ZWFViK2t3MzE5T3ExbXRFY0VKMTMxOWd3ZWhZMkZTNEhKd3ZiWllGQ1QzNW1ybHQxZzljTGo0RllMb1drRAo4dU1hQjY1RFc4US9IN0gzR3ViRGxSSVovN2JVaHJVaVVuU1dsSUppdHVKclZxRVdYdDF6bHhtR2pHekt0dHRlCjNwYy9IOS96Y3FZdC9mdHdzdWJJWWtadkVCSUFBbmhaTnZCSjYva1liczFESVdONXZlRE1DOWU3eWY2ZmQzOVEKYWtPQWQxa0NnZ0VCQUpCQ2RraFVydHBJSWg4eWgwanpRa2M5QWZESlZBZ3k2MTE1cUJDS2YveTJzK1dONEhOdQpFdTROQ2hmVHFvc1phRXVDdDdVQlRla3ZnaUVDcVltN2NMRnlMQWVobmJTeXpnVHVDRGF3MDc5cXBhZGlHREJjCjI3VXFQaDgzWFJwTVJrSVJSUzd1TkxWY0FYZTNBYmdtSWdlWExvQnRmNVo2SkZxSURLRE5WMFk5VWJVRi9MTE8KQTBoRGU3SnhHSUdWWmVVaU1ZU3RqdFQzMytkZVF6clVtL0p0a09XSUpnZFN6YnYrQnZWc3dua2hkVmtjcDlJWApxSm9jQ3lua2VDN1pUUXdCa1psZ3NmMEx4SW1kNzVlemhKb1dqd2FraksrWnpwYk1Gb01KUmduVmYyOFIrdERhCktCeGQwVmowQUM1ZXBLTVQ2ajVGRy8vRDhkTDUwVjZmOGU4Q2dnRUJBTWgreklJb3FKZWlXTGgzOUFtTTRQZEkKSFNod0lISXBUNUhGS05jOTFzRnRDZFdXVDIweXVPZHNLZU9TTDZjMjJsVFpjcklFZFlDY0Q5SVhyWm8xVmxXOAorSGFmNDFhcHhlaU1PZVBNR3ZlNEQ2ZEdrUXcyWXBuNXlOQUUwYk1qa1hFU3JuMzMvV3JqSFFtWFdvNmFSdnVZCnkrMktzbGwvK1BzajlwNXd3WVYxRGp0QzFXU0lmdFZNMkJuRlViQVVyMmNHSVNXWlNnWU9yUDU1elZKK3REeloKSXhrMDZ6TUNZU3pEL1pPTUJZSjUvTFFPWnlPUUs0R2xnMytUUUNXUERHNTRtUEo0dElmNUZCZ25wSU5QRGNLQwpLc2RTQlg4S0xNeU83aEVzOCtuZFRWNWlxa0pscGNCdVJ3VXVUSmlFakc0MWZnaXZPVThTR0V5elZPbW1NNG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
25 | jwtRS256.key.pub: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUE0R3ZaTlNrajVpaVdiMkRaTTJmQwp4NWJHR1lnd2FLNFNNc3lJOEs4b0ZRZXBMMTNZUk9YS3c1UytsRUxIOUFldFRkY1RBZGtiQ3p5YXBTZGszUHF3CnhoQ2FmNGtudktlUmk3NmNzRzZtYzBrcngxR0l0WTY1WCtOcTBxYVJ2TGRPT2JGUUdtSUh4NzV6a1o2NTQrZnQKdm52Q1k1T1BqVjQ0TGt0dTF3bHJCbXIyMjVRU0ZiSWE4QTk2QlNwSnpLbTBhaEsrNnI4VnZ2T3ExQkhHWklJSwpLR1E3L3pMdXhQT24rYzN3Q0YwVlFZMjBZNFhvbytEVnQvKzBNSThPWnZkQXVhYjJVWHViK1Rpd0FnRzc2OHluCkpQaDdla2xMdGR0QTFCR2dsWG1vRVI0eHZoaFhRc09SdFRpNjBGWlBYN0MzVjFybFVlK3JVOUJZNkNscldsZUoKdGdCZjFYUi90Qm1MZGZCNFlWbkt0ekI3dkxDbE9LdWx0YWR1U1ZuZnY4QzB1ejF6UEJaSXdYbnNWTzdYeVNWUApBSkJUOFBWR1Iza2JnOW5FRGsvclZsS1lNSW5EU084U0hOeUtPK2s2cFRobWFtb3FNQkpCQ3BjQytHMVVQVXFZCmV1Szh3NjZaU3BLV2ZQY3RtWWViUHNraUpiS2VPckhWVTJEajd6emRpbUwyYmVocVN3U2kzekFrbFdmNEZTQXoKaC80enBENFdxM0lDd2NYbFBxYTU5T0IwcXFBQ3g1QW1FRmx2UXVVSTBxNndaNnZybEFZSytNZG00RHZGQVVsWApzNW1mbDZPRnZ0YkZTZHF1ckU2SXROVnlSVlFBbHpYV21oQzhHcldCSWh0MU9KTFdES081bHZabUpRL2xrN2JzClVyNCsyK05ObnNzTXBuTUI2QytJejZzQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=
26 |
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/ledger-db.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | kind: StatefulSet
16 | apiVersion: apps/v1
17 | metadata:
18 | name: ledger-db
19 | spec:
20 | serviceName: "ledger-db"
21 | replicas: 1
22 | selector:
23 | matchLabels:
24 | app: ledger-db
25 | template:
26 | metadata:
27 | labels:
28 | app: ledger-db
29 | spec:
30 | serviceAccountName: default
31 | containers:
32 | - name: postgres
33 | image: gcr.io/bank-of-anthos-ci/ledger-db:v0.5.2
34 | ports:
35 | - containerPort: 5432
36 | envFrom:
37 | - configMapRef:
38 | name: environment-config
39 | - configMapRef:
40 | name: ledger-db-config
41 | - configMapRef:
42 | name: demo-data-config
43 | resources:
44 | requests:
45 | cpu: 30m
46 | memory: 512Mi
47 | limits:
48 | cpu: 500m
49 | memory: 1Gi
50 | volumeMounts:
51 | - name: postgresdb
52 | mountPath: /var/lib/postgresql/data
53 | subPath: postgres
54 | volumes:
55 | - name: postgresdb
56 | emptyDir: {}
57 | ---
58 | apiVersion: v1
59 | kind: ConfigMap
60 | metadata:
61 | name: ledger-db-config
62 | labels:
63 | app: postgres
64 | data:
65 | POSTGRES_DB: postgresdb
66 | POSTGRES_USER: admin
67 | POSTGRES_PASSWORD: password
68 | SPRING_DATASOURCE_URL: jdbc:postgresql://ledger-db:5432/postgresdb
69 | SPRING_DATASOURCE_USERNAME: admin # should match POSTGRES_USER
70 | SPRING_DATASOURCE_PASSWORD: password # should match POSTGRES_PASSWORD
71 | ---
72 | apiVersion: v1
73 | kind: Service
74 | metadata:
75 | name: ledger-db
76 | spec:
77 | type: ClusterIP
78 | selector:
79 | app: ledger-db
80 | ports:
81 | - name: tcp
82 | port: 5432
83 | targetPort: 5432
84 |
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/ledger-writer.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: apps/v1
16 | kind: Deployment
17 | metadata:
18 | name: ledgerwriter
19 | spec:
20 | selector:
21 | matchLabels:
22 | app: ledgerwriter
23 | template:
24 | metadata:
25 | labels:
26 | app: ledgerwriter
27 | spec:
28 | serviceAccountName: default
29 | terminationGracePeriodSeconds: 5
30 | containers:
31 | - name: ledgerwriter
32 | image: gcr.io/bank-of-anthos-ci/ledgerwriter:v0.5.2
33 | volumeMounts:
34 | - name: publickey
35 | mountPath: "/root/.ssh"
36 | readOnly: true
37 | env:
38 | - name: VERSION
39 | value: "v0.5.2"
40 | - name: PORT
41 | value: "8080"
42 | - name: ENABLE_TRACING
43 | value: "false"
44 | - name: ENABLE_METRICS
45 | value: "false"
46 | # tell Java to obey container memory limits
47 | - name: JVM_OPTS
48 | value: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
49 | # service level override of log level
50 | - name: LOG_LEVEL
51 | value: "info"
52 | - name: NAMESPACE
53 | valueFrom:
54 | fieldRef:
55 | fieldPath: metadata.namespace
56 | envFrom:
57 | - configMapRef:
58 | name: environment-config
59 | - configMapRef:
60 | name: service-api-config
61 | # add ledger-db credentials from ConfigMap
62 | - configMapRef:
63 | name: ledger-db-config
64 | resources:
65 | requests:
66 | cpu: 30m
67 | memory: 512Mi
68 | limits:
69 | cpu: 500m
70 | memory: 1Gi
71 | readinessProbe:
72 | httpGet:
73 | path: /ready
74 | port: 8080
75 | initialDelaySeconds: 60
76 | periodSeconds: 5
77 | timeoutSeconds: 10
78 | volumes:
79 | - name: publickey
80 | secret:
81 | secretName: jwt-key
82 | items:
83 | - key: jwtRS256.key.pub
84 | path: publickey
85 | ---
86 | apiVersion: v1
87 | kind: Service
88 | metadata:
89 | name: ledgerwriter
90 | spec:
91 | type: ClusterIP
92 | selector:
93 | app: ledgerwriter
94 | ports:
95 | - name: http
96 | port: 8080
97 | targetPort: 8080
98 |
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/loadgenerator.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | apiVersion: apps/v1
15 | kind: Deployment
16 | metadata:
17 | name: loadgenerator
18 | spec:
19 | selector:
20 | matchLabels:
21 | app: loadgenerator
22 | replicas: 1
23 | template:
24 | metadata:
25 | labels:
26 | app: loadgenerator
27 | annotations:
28 | sidecar.istio.io/rewriteAppHTTPProbers: "true"
29 | spec:
30 | serviceAccountName: default
31 | terminationGracePeriodSeconds: 5
32 | restartPolicy: Always
33 | containers:
34 | - name: loadgenerator
35 | image: gcr.io/bank-of-anthos-ci/loadgenerator:v0.5.2
36 | env:
37 | - name: FRONTEND_ADDR
38 | value: "frontend:80"
39 | - name: USERS
40 | value: "5"
41 | - name: LOG_LEVEL
42 | value: "error"
43 | resources:
44 | requests:
45 | cpu: 30m
46 | memory: 512Mi
47 | limits:
48 | cpu: 500m
49 | memory: 1Gi
50 |
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/namespace.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: v1
16 | kind: Namespace
17 | metadata:
18 | name: boa
19 | labels:
20 | env: istio
21 | istio-injection: enabled
22 |
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/service-entries.yaml.tpl:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: networking.istio.io/v1alpha3
16 | kind: ServiceEntry
17 | metadata:
18 | name: balancereader
19 | namespace: boa
20 | spec:
21 | hosts:
22 | - balancereader.boa.global
23 | location: MESH_INTERNAL
24 | ports:
25 | - name: http1
26 | number: 8080
27 | protocol: http
28 | resolution: DNS
29 | addresses:
30 | - 240.0.0.2
31 | endpoints:
32 | - address: GWIP_ONPREM
33 | ports:
34 | http1: 15443 # Do not change this port value
35 | ---
36 | apiVersion: networking.istio.io/v1alpha3
37 | kind: ServiceEntry
38 | metadata:
39 | name: ledgerwriter
40 | namespace: boa
41 | spec:
42 | hosts:
43 | - ledgerwriter.boa.global
44 | location: MESH_INTERNAL
45 | ports:
46 | - name: http1
47 | number: 8080
48 | protocol: http
49 | resolution: DNS
50 | addresses:
51 | - 240.0.0.3
52 | endpoints:
53 | - address: GWIP_ONPREM
54 | ports:
55 | http1: 15443 # Do not change this port value
56 | ---
57 | apiVersion: networking.istio.io/v1alpha3
58 | kind: ServiceEntry
59 | metadata:
60 | name: transactionhistory
61 | namespace: boa
62 | spec:
63 | hosts:
64 | - transactionhistory.boa.global
65 | location: MESH_INTERNAL
66 | ports:
67 | - name: http1
68 | number: 8080
69 | protocol: http
70 | resolution: DNS
71 | addresses:
72 | - 240.0.0.4
73 | endpoints:
74 | - address: GWIP_ONPREM
75 | ports:
76 | http1: 15443 # Do not change this port value
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/transaction-history.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: apps/v1
16 | kind: Deployment
17 | metadata:
18 | name: transactionhistory
19 | spec:
20 | selector:
21 | matchLabels:
22 | app: transactionhistory
23 | template:
24 | metadata:
25 | labels:
26 | app: transactionhistory
27 | spec:
28 | serviceAccountName: default
29 | terminationGracePeriodSeconds: 5
30 | containers:
31 | - name: transactionhistory
32 | image: gcr.io/bank-of-anthos-ci/transactionhistory:v0.5.2
33 | volumeMounts:
34 | - name: publickey
35 | mountPath: "/root/.ssh"
36 | readOnly: true
37 | env:
38 | - name: VERSION
39 | value: "v0.5.2"
40 | - name: PORT
41 | value: "8080"
42 | - name: ENABLE_TRACING
43 | value: "false"
44 | - name: ENABLE_METRICS
45 | value: "false"
46 | - name: POLL_MS
47 | value: "100"
48 | - name: CACHE_SIZE
49 | value: "1000"
50 | - name: CACHE_MINUTES
51 | value: "60"
52 | - name: HISTORY_LIMIT
53 | value: "100"
54 | # tell Java to obey container memory limits
55 | - name: JVM_OPTS
56 | value: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
57 | #- name: EXTRA_LATENCY_MILLIS
58 | # value: "5000"
59 | # Valid levels are debug, info, warn, error, fatal.
60 | # If no valid level is set, will default to info.
61 | - name: LOG_LEVEL
62 | value: "info"
63 | - name: NAMESPACE
64 | valueFrom:
65 | fieldRef:
66 | fieldPath: metadata.namespace
67 | envFrom:
68 | - configMapRef:
69 | name: environment-config
70 | # add ledger-db credentials from ConfigMap
71 | - configMapRef:
72 | name: ledger-db-config
73 | resources:
74 | requests:
75 | cpu: 30m
76 | memory: 512Mi
77 | limits:
78 | cpu: 500m
79 | memory: 1Gi
80 | readinessProbe:
81 | httpGet:
82 | path: /ready
83 | port: 8080
84 | initialDelaySeconds: 60
85 | periodSeconds: 5
86 | timeoutSeconds: 10
87 | livenessProbe:
88 | httpGet:
89 | path: /healthy
90 | port: 8080
91 | initialDelaySeconds: 120
92 | periodSeconds: 5
93 | timeoutSeconds: 10
94 | volumes:
95 | - name: publickey
96 | secret:
97 | secretName: jwt-key
98 | items:
99 | - key: jwtRS256.key.pub
100 | path: publickey
101 | ---
102 | apiVersion: v1
103 | kind: Service
104 | metadata:
105 | name: transactionhistory
106 | spec:
107 | type: ClusterIP
108 | selector:
109 | app: transactionhistory
110 | ports:
111 | - name: http
112 | port: 8080
113 | targetPort: 8080
114 |
--------------------------------------------------------------------------------
/config-repo/namespaces/boa/userservice.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: apps/v1
16 | kind: Deployment
17 | metadata:
18 | name: userservice
19 | spec:
20 | selector:
21 | matchLabels:
22 | app: userservice
23 | template:
24 | metadata:
25 | labels:
26 | app: userservice
27 | spec:
28 | serviceAccountName: default
29 | terminationGracePeriodSeconds: 5
30 | containers:
31 | - name: userservice
32 | image: gcr.io/bank-of-anthos-ci/userservice:v0.5.2
33 | volumeMounts:
34 | - name: keys
35 | mountPath: "/root/.ssh"
36 | readOnly: true
37 | ports:
38 | - name: http-server
39 | containerPort: 8080
40 | env:
41 | - name: VERSION
42 | value: "v0.5.2"
43 | - name: PORT
44 | value: "8080"
45 | - name: ENABLE_TRACING
46 | value: "false"
47 | - name: TOKEN_EXPIRY_SECONDS
48 | value: "3600"
49 | - name: PRIV_KEY_PATH
50 | value: "/root/.ssh/privatekey"
51 | # Valid levels are debug, info, warning, error, critical. If no valid level is set, gunicorn will default to info.
52 | - name: LOG_LEVEL
53 | value: "info"
54 | envFrom:
55 | - configMapRef:
56 | name: environment-config
57 | - configMapRef:
58 | name: accounts-db-config
59 | readinessProbe:
60 | httpGet:
61 | path: /ready
62 | port: 8080
63 | initialDelaySeconds: 10
64 | periodSeconds: 5
65 | timeoutSeconds: 10
66 | resources:
67 | requests:
68 | cpu: 30m
69 | memory: 64Mi
70 | limits:
71 | cpu: 500m
72 | memory: 256Mi
73 | volumes:
74 | - name: keys
75 | secret:
76 | secretName: jwt-key
77 | items:
78 | - key: jwtRS256.key
79 | path: privatekey
80 | - key: jwtRS256.key.pub
81 | path: publickey
82 |
83 |
84 | ---
85 | apiVersion: v1
86 | kind: Service
87 | metadata:
88 | name: userservice
89 | spec:
90 | type: ClusterIP
91 | selector:
92 | app: userservice
93 | ports:
94 | - name: http
95 | port: 8080
96 | targetPort: 8080
97 |
--------------------------------------------------------------------------------
/config-repo/namespaces/istio-system/destination-rule.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2020 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: networking.istio.io/v1alpha3
16 | kind: DestinationRule
17 | metadata:
18 | annotations:
19 | meshsecurityinsights.googleapis.com/generated: "1561996419000000000"
20 | name: default
21 | namespace: istio-system
22 | spec:
23 | host: '*.local'
24 | trafficPolicy:
25 | tls:
26 | mode: DISABLE
27 |
--------------------------------------------------------------------------------
/config-repo/namespaces/istio-system/namespace.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2020 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: v1
16 | kind: Namespace
17 | metadata:
18 | name: istio-system
19 | labels:
20 | istio-injection: disabled
21 |
--------------------------------------------------------------------------------
/config-repo/namespaces/istio-system/peer-authentication.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2020 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: "security.istio.io/v1beta1"
16 | kind: "PeerAuthentication"
17 | metadata:
18 | name: "default"
19 | namespace: "istio-system"
20 | spec:
21 | mtls:
22 | mode: PERMISSIVE
23 |
--------------------------------------------------------------------------------
/config-repo/system/repo.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2020 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | kind: Repo
16 | apiVersion: configmanagement.gke.io/v1
17 | metadata:
18 | name: repo
19 | spec:
20 | version: "0.1.0"
--------------------------------------------------------------------------------
/docs/code-of-conduct.md:
--------------------------------------------------------------------------------
1 | # Google Open Source Community Guidelines
2 |
3 | At Google, we recognize and celebrate the creativity and collaboration of open
4 | source contributors and the diversity of skills, experiences, cultures, and
5 | opinions they bring to the projects and communities they participate in.
6 |
7 | Every one of Google's open source projects and communities are inclusive
8 | environments, based on treating all individuals respectfully, regardless of
9 | gender identity and expression, sexual orientation, disabilities,
10 | neurodiversity, physical appearance, body size, ethnicity, nationality, race,
11 | age, religion, or similar personal characteristic.
12 |
13 | We value diverse opinions, but we value respectful behavior more.
14 |
15 | Respectful behavior includes:
16 |
17 | * Being considerate, kind, constructive, and helpful.
18 | * Not engaging in demeaning, discriminatory, harassing, hateful, sexualized, or
19 | physically threatening behavior, speech, and imagery.
20 | * Not engaging in unwanted physical contact.
21 |
22 | Some Google open source projects [may adopt][] an explicit project code of
23 | conduct, which may have additional detailed expectations for participants. Most
24 | of those projects will use our [modified Contributor Covenant][].
25 |
26 | [may adopt]: https://opensource.google/docs/releasing/preparing/#conduct
27 | [modified Contributor Covenant]: https://opensource.google/docs/releasing/template/CODE_OF_CONDUCT/
28 |
29 | ## Resolve peacefully
30 |
31 | We do not believe that all conflict is necessarily bad; healthy debate and
32 | disagreement often yields positive results. However, it is never okay to be
33 | disrespectful.
34 |
35 | If you see someone behaving disrespectfully, you are encouraged to address the
36 | behavior directly with those involved. Many issues can be resolved quickly and
37 | easily, and this gives people more control over the outcome of their dispute.
38 | If you are unable to resolve the matter for any reason, or if the behavior is
39 | threatening or harassing, report it. We are dedicated to providing an
40 | environment where participants feel welcome and safe.
41 |
42 | ## Reporting problems
43 |
44 | Some Google open source projects may adopt a project-specific code of conduct.
45 | In those cases, a Google employee will be identified as the Project Steward,
46 | who will receive and handle reports of code of conduct violations. In the event
47 | that a project hasn’t identified a Project Steward, you can report problems by
48 | emailing opensource@google.com.
49 |
50 | We will investigate every complaint, but you may not receive a direct response.
51 | We will use our discretion in determining when and how to follow up on reported
52 | incidents, which may range from not taking action to permanent expulsion from
53 | the project and project-sponsored spaces. We will notify the accused of the
54 | report and provide them an opportunity to discuss it before any action is
55 | taken. The identity of the reporter will be omitted from the details of the
56 | report supplied to the accused. In potentially harmful situations, such as
57 | ongoing harassment or threats to anyone's safety, we may take action without
58 | notice.
59 |
60 | *This document was adapted from the [IndieWeb Code of Conduct][] and can also
61 | be found at .*
62 |
63 | [IndieWeb Code of Conduct]: https://indieweb.org/code-of-conduct
64 |
--------------------------------------------------------------------------------
/docs/contributing.md:
--------------------------------------------------------------------------------
1 | # How to Contribute
2 |
3 | We'd love to accept your patches and contributions to this project. There are
4 | just a few small guidelines you need to follow.
5 |
6 | ## Contributor License Agreement
7 |
8 | Contributions to this project must be accompanied by a Contributor License
9 | Agreement. You (or your employer) retain the copyright to your contribution;
10 | this simply gives us permission to use and redistribute your contributions as
11 | part of the project. Head over to to see
12 | your current agreements on file or to sign a new one.
13 |
14 | You generally only need to submit a CLA once, so if you've already submitted one
15 | (even if it was for a different project), you probably don't need to do it
16 | again.
17 |
18 | ## Code reviews
19 |
20 | All submissions, including submissions by project members, require review. We
21 | use GitHub pull requests for this purpose. Consult
22 | [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more
23 | information on using pull requests.
24 |
25 | ## Community Guidelines
26 |
27 | This project follows [Google's Open Source Community
28 | Guidelines](https://opensource.google/conduct/).
29 |
--------------------------------------------------------------------------------