├── LICENSE ├── README.md ├── autoscaling ├── cart-hsc.yaml ├── catalogue-hsc.yaml ├── front-end-hsc.yaml ├── orders-hsc.yaml ├── payment-hsc.yaml ├── queue-master-hsc.yaml ├── shipping-hsc.yaml └── user-hsc.yaml ├── busybox.yaml ├── complete-demo.yaml ├── helm-chart ├── .helmignore ├── Chart.yaml ├── requirements.yaml ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── cart-db-dep.yaml │ ├── cart-db-svc.yaml │ ├── carts-dep.yaml │ ├── carts-svc.yaml │ ├── catalogue-db-dep.yaml │ ├── catalogue-db-svc.yaml │ ├── catalogue-dep.yaml │ ├── catalogue-svc.yaml │ ├── front-end-dep.yaml │ ├── front-end-svc.yaml │ ├── ingress.yaml │ ├── loadtest-dep.yaml │ ├── orders-db-dep.yaml │ ├── orders-db-svc.yaml │ ├── orders-dep.yaml │ ├── orders-svc.yaml │ ├── payment-dep.yaml │ ├── payment-svc.yaml │ ├── queue-master-dep.yaml │ ├── queue-master-svc.yaml │ ├── rabbitmq-dep.yaml │ ├── rabbitmq-svc.yaml │ ├── session-db-dep.yaml │ ├── session-db-svc.yaml │ ├── shipping-dep.yaml │ ├── shipping-svc.yaml │ ├── user-db-dep.yaml │ ├── user-db-svc.yaml │ ├── user-dep.yaml │ ├── user-svc.yaml │ ├── zipkin-cron-dep.yaml │ ├── zipkin-dep.yaml │ ├── zipkin-mysql-dep.yaml │ ├── zipkin-mysql-svc.yaml │ └── zipkin-svc.yaml └── values.yaml ├── manifests-alerting ├── .env ├── README.md ├── alertmanager-configmap.yaml ├── alertmanager-dep.yaml ├── alertmanager-secret.yaml ├── alertmanager-svc.yaml └── istio-metrics.yaml ├── manifests-jaeger ├── catalogue-dep.yaml ├── jaeger-nodeport.yaml ├── jaeger-upgrade.yaml ├── jaeger.yaml ├── payment-dep.yaml └── user-dep.yaml ├── manifests-logging ├── elasticsearch.yml ├── fluentd-cr.yml ├── fluentd-crb.yml ├── fluentd-daemon.yml ├── fluentd-sa.yaml └── kibana.yml ├── manifests-monitoring ├── grafana-alert-configmap.yaml ├── grafana-configmap.yaml ├── grafana-dep.yaml ├── grafana-import-dash-batch.yaml ├── grafana-istio-dashboard │ └── grafana-configmap.yaml ├── grafana-svc.yaml ├── kube-state-metrics │ ├── kube-state-metrics-cr.yaml │ ├── kube-state-metrics-crb.yaml │ ├── kube-state-metrics-dep.yaml │ ├── kube-state-metrics-sa.yaml │ └── kube-state-metrics-svc.yaml ├── monitoring-ns.yaml ├── node-exporter │ ├── node-exporter-cr.yaml │ ├── node-exporter-crb.yaml │ ├── node-exporter-ds.yaml │ ├── node-exporter-master-dep.yaml │ ├── node-exporter-master-svc.yaml │ ├── node-exporter-sa.yaml │ └── node-exporter-svc.yaml ├── prometheus-alertrules.yaml ├── prometheus-configmap.yaml ├── prometheus-cr.yml ├── prometheus-crb.yml ├── prometheus-dep.yaml ├── prometheus-exporter-disk-usage-ds.yaml ├── prometheus-sa.yml └── prometheus-svc.yaml ├── manifests-policy ├── netpol-cart-access.yaml ├── netpol-cart-db-access.yaml ├── netpol-catalogue-access.yaml ├── netpol-catalogue-db-access.yaml ├── netpol-cortex-access.yaml ├── netpol-default-deny.yaml ├── netpol-frontend-access.yaml ├── netpol-orders-access.yaml ├── netpol-orders-db-access.yaml ├── netpol-payment-access.yaml ├── netpol-rabbitmq-access.yaml ├── netpol-shipping-access.yaml ├── netpol-user-access.yaml └── netpol-user-db-access.yaml ├── manifests-pv ├── pv-grafana.yaml ├── pv-prometheus.yaml ├── pvc-grafana.yaml ├── pvc-prometheus.yaml ├── sc-grafana.yaml └── sc-prometheus.yaml ├── manifests-system ├── kiali-secret.yaml ├── kube-controller-manager-svc.yaml └── kube-scheduler-svc.yaml ├── manifests-telemetry └── istio-telemetry └── manifests ├── carts-db-dep.yaml ├── carts-db-svc.yaml ├── carts-dep.yaml ├── carts-svc.yml ├── catalogue-db-dep.yaml ├── catalogue-db-svc.yaml ├── catalogue-dep.yaml ├── catalogue-svc.yaml ├── deployment ├── carts-db-dep.yaml ├── carts-dep.yaml ├── catalogue-db-dep.yaml ├── catalogue-dep.yaml ├── front-end-dep.yaml ├── orders-db-dep.yaml ├── orders-dep.yaml ├── payment-dep.yaml ├── queue-master-dep.yaml ├── rabbitmq-dep.yaml ├── session-db-dep.yaml ├── shipping-dep.yaml ├── user-db-dep.yaml └── user-dep.yaml ├── front-end-dep.yaml ├── front-end-istio.yaml ├── front-end-svc.yaml ├── loadtest ├── busybox.yaml ├── ingress.yaml └── loadtest-dep.yaml ├── orders-db-dep.yaml ├── orders-db-svc.yaml ├── orders-dep.yaml ├── orders-svc.yaml ├── payment-dep.yaml ├── payment-svc.yaml ├── queue-master-dep.yaml ├── queue-master-svc.yaml ├── rabbitmq-config.yaml ├── rabbitmq-dep.yaml ├── rabbitmq-policy.yaml ├── rabbitmq-svc.yaml ├── secret-frontend.yaml ├── service ├── carts-db-svc.yaml ├── catalogue-db-svc.yaml ├── catalogue-svc.yaml ├── front-end-svc.yaml ├── orders-db-svc.yaml ├── orders-svc.yaml ├── payment-svc.yaml ├── queue-master-svc.yaml ├── rabbitmq-svc.yaml ├── session-db-svc.yaml ├── shipping-svc.yaml ├── user-db-svc.yaml └── user-svc.yaml ├── session-db-dep.yaml ├── session-db-svc.yaml ├── shipping-dep.yaml ├── shipping-svc.yaml ├── sock-shop-ns.yaml ├── user-db-dep.yaml ├── user-db-svc.yaml ├── user-dep.yaml ├── user-svc.yaml └── virtualservice-all.yaml /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Jun 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /autoscaling/cart-hsc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: autoscaling/v2beta2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: carts 6 | namespace: sock-shop 7 | spec: 8 | scaleTargetRef: 9 | apiVersion: extensions/v1beta1 10 | kind: Deployment 11 | name: carts 12 | minReplicas: 1 13 | maxReplicas: 5 14 | 15 | metrics: 16 | - type: Resource 17 | resource: 18 | name: cpu 19 | target: 20 | type: Utilization 21 | averageUtilization: 35 22 | 23 | - type: Resource 24 | resource: 25 | name: memory 26 | target: 27 | type: Utilization 28 | averageUtilization: 95 29 | 30 | -------------------------------------------------------------------------------- /autoscaling/catalogue-hsc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: autoscaling/v2beta2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: catalogue 6 | namespace: sock-shop 7 | spec: 8 | scaleTargetRef: 9 | apiVersion: extensions/v1beta1 10 | kind: Deployment 11 | name: catalogue 12 | 13 | minReplicas: 1 14 | maxReplicas: 1 15 | 16 | metrics: 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | target: 21 | type: Utilization 22 | averageUtilization: 75 23 | 24 | - type: Resource 25 | resource: 26 | name: memory 27 | target: 28 | type: Utilization 29 | averageUtilization: 95 30 | 31 | -------------------------------------------------------------------------------- /autoscaling/front-end-hsc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: autoscaling/v2beta2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: front-end 6 | namespace: sock-shop 7 | spec: 8 | scaleTargetRef: 9 | apiVersion: extensions/v1beta1 10 | kind: Deployment 11 | name: front-end 12 | 13 | minReplicas: 1 14 | maxReplicas: 3 15 | 16 | metrics: 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | target: 21 | type: Utilization 22 | averageUtilization: 35 23 | 24 | - type: Resource 25 | resource: 26 | name: memory 27 | target: 28 | type: Utilization 29 | averageUtilization: 95 30 | 31 | -------------------------------------------------------------------------------- /autoscaling/orders-hsc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: autoscaling/v2beta2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: orders 6 | namespace: sock-shop 7 | spec: 8 | scaleTargetRef: 9 | apiVersion: extensions/v1beta1 10 | kind: Deployment 11 | name: orders 12 | 13 | minReplicas: 1 14 | maxReplicas: 2 15 | 16 | metrics: 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | target: 21 | type: Utilization 22 | averageUtilization: 50 23 | 24 | - type: Resource 25 | resource: 26 | name: memory 27 | target: 28 | type: Utilization 29 | averageUtilization: 95 30 | -------------------------------------------------------------------------------- /autoscaling/payment-hsc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: autoscaling/v2beta2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: payment 6 | namespace: sock-shop 7 | spec: 8 | scaleTargetRef: 9 | apiVersion: extensions/v1beta1 10 | kind: Deployment 11 | name: payment 12 | 13 | minReplicas: 1 14 | maxReplicas: 1 15 | 16 | metrics: 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | target: 21 | type: Utilization 22 | averageUtilization: 75 23 | 24 | - type: Resource 25 | resource: 26 | name: memory 27 | target: 28 | type: Utilization 29 | averageUtilization: 75 30 | 31 | -------------------------------------------------------------------------------- /autoscaling/queue-master-hsc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: autoscaling/v2beta2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: queue-master 6 | namespace: sock-shop 7 | spec: 8 | scaleTargetRef: 9 | apiVersion: extensions/v1beta1 10 | kind: Deployment 11 | name: queue-master 12 | 13 | minReplicas: 1 14 | maxReplicas: 1 15 | 16 | metrics: 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | target: 21 | type: Utilization 22 | averageUtilization: 75 23 | 24 | - type: Resource 25 | resource: 26 | name: memory 27 | target: 28 | type: Utilization 29 | averageUtilization: 95 30 | 31 | -------------------------------------------------------------------------------- /autoscaling/shipping-hsc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: autoscaling/v2beta2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: shipping 6 | namespace: sock-shop 7 | spec: 8 | scaleTargetRef: 9 | apiVersion: extensions/v1beta1 10 | kind: Deployment 11 | name: shipping 12 | 13 | minReplicas: 1 14 | maxReplicas: 1 15 | 16 | metrics: 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | target: 21 | type: Utilization 22 | averageUtilization: 75 23 | 24 | - type: Resource 25 | resource: 26 | name: memory 27 | target: 28 | type: Utilization 29 | averageUtilization: 95 30 | 31 | -------------------------------------------------------------------------------- /autoscaling/user-hsc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: autoscaling/v2beta2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: user 6 | namespace: sock-shop 7 | spec: 8 | scaleTargetRef: 9 | apiVersion: extensions/v1beta1 10 | kind: Deployment 11 | name: user 12 | 13 | minReplicas: 1 14 | maxReplicas: 3 15 | 16 | metrics: 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | target: 21 | type: Utilization 22 | averageUtilization: 75 23 | 24 | - type: Resource 25 | resource: 26 | name: memory 27 | target: 28 | type: Utilization 29 | averageUtilization: 75 30 | 31 | -------------------------------------------------------------------------------- /busybox.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: busybox 5 | namespace: default 6 | spec: 7 | containers: 8 | - name: busybox 9 | image: busybox:1.28 10 | command: 11 | - sleep 12 | - "3600" 13 | imagePullPolicy: IfNotPresent 14 | restartPolicy: Always 15 | -------------------------------------------------------------------------------- /complete-demo.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | metadata: 4 | name: sock-shop 5 | --- 6 | apiVersion: extensions/v1beta1 7 | kind: Deployment 8 | metadata: 9 | name: carts-db 10 | labels: 11 | name: carts-db 12 | namespace: sock-shop 13 | spec: 14 | replicas: 1 15 | template: 16 | metadata: 17 | labels: 18 | name: carts-db 19 | spec: 20 | containers: 21 | - name: carts-db 22 | image: mongo 23 | ports: 24 | - name: mongo 25 | containerPort: 27017 26 | securityContext: 27 | capabilities: 28 | drop: 29 | - all 30 | add: 31 | - CHOWN 32 | - SETGID 33 | - SETUID 34 | readOnlyRootFilesystem: true 35 | volumeMounts: 36 | - mountPath: /tmp 37 | name: tmp-volume 38 | volumes: 39 | - name: tmp-volume 40 | emptyDir: 41 | medium: Memory 42 | nodeSelector: 43 | beta.kubernetes.io/os: linux 44 | --- 45 | apiVersion: v1 46 | kind: Service 47 | metadata: 48 | name: carts-db 49 | labels: 50 | name: carts-db 51 | namespace: sock-shop 52 | spec: 53 | ports: 54 | # the port that this service should serve on 55 | - port: 27017 56 | targetPort: 27017 57 | selector: 58 | name: carts-db 59 | --- 60 | apiVersion: extensions/v1beta1 61 | kind: Deployment 62 | metadata: 63 | name: carts 64 | labels: 65 | name: carts 66 | namespace: sock-shop 67 | spec: 68 | replicas: 1 69 | template: 70 | metadata: 71 | labels: 72 | name: carts 73 | spec: 74 | containers: 75 | - name: carts 76 | image: weaveworksdemos/carts:0.4.8 77 | ports: 78 | - containerPort: 80 79 | env: 80 | - name: ZIPKIN 81 | value: zipkin.jaeger.svc.cluster.local 82 | - name: JAVA_OPTS 83 | value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom 84 | securityContext: 85 | runAsNonRoot: true 86 | runAsUser: 10001 87 | capabilities: 88 | drop: 89 | - all 90 | add: 91 | - NET_BIND_SERVICE 92 | readOnlyRootFilesystem: true 93 | volumeMounts: 94 | - mountPath: /tmp 95 | name: tmp-volume 96 | volumes: 97 | - name: tmp-volume 98 | emptyDir: 99 | medium: Memory 100 | nodeSelector: 101 | beta.kubernetes.io/os: linux 102 | --- 103 | apiVersion: v1 104 | kind: Service 105 | metadata: 106 | name: carts 107 | labels: 108 | name: carts 109 | namespace: sock-shop 110 | spec: 111 | ports: 112 | # the port that this service should serve on 113 | - port: 80 114 | targetPort: 80 115 | selector: 116 | name: carts 117 | --- 118 | apiVersion: extensions/v1beta1 119 | kind: Deployment 120 | metadata: 121 | name: catalogue-db 122 | labels: 123 | name: catalogue-db 124 | namespace: sock-shop 125 | spec: 126 | replicas: 1 127 | template: 128 | metadata: 129 | labels: 130 | name: catalogue-db 131 | spec: 132 | containers: 133 | - name: catalogue-db 134 | image: weaveworksdemos/catalogue-db:0.3.0 135 | env: 136 | - name: MYSQL_ROOT_PASSWORD 137 | value: fake_password 138 | - name: MYSQL_DATABASE 139 | value: socksdb 140 | ports: 141 | - name: mysql 142 | containerPort: 3306 143 | nodeSelector: 144 | beta.kubernetes.io/os: linux 145 | --- 146 | apiVersion: v1 147 | kind: Service 148 | metadata: 149 | name: catalogue-db 150 | labels: 151 | name: catalogue-db 152 | namespace: sock-shop 153 | spec: 154 | ports: 155 | # the port that this service should serve on 156 | - port: 3306 157 | targetPort: 3306 158 | selector: 159 | name: catalogue-db 160 | --- 161 | apiVersion: extensions/v1beta1 162 | kind: Deployment 163 | metadata: 164 | name: catalogue 165 | labels: 166 | name: catalogue 167 | namespace: sock-shop 168 | spec: 169 | replicas: 1 170 | template: 171 | metadata: 172 | labels: 173 | name: catalogue 174 | spec: 175 | containers: 176 | - name: catalogue 177 | image: weaveworksdemos/catalogue:0.3.5 178 | ports: 179 | - containerPort: 80 180 | securityContext: 181 | runAsNonRoot: true 182 | runAsUser: 10001 183 | capabilities: 184 | drop: 185 | - all 186 | add: 187 | - NET_BIND_SERVICE 188 | readOnlyRootFilesystem: true 189 | nodeSelector: 190 | beta.kubernetes.io/os: linux 191 | --- 192 | apiVersion: v1 193 | kind: Service 194 | metadata: 195 | name: catalogue 196 | labels: 197 | name: catalogue 198 | namespace: sock-shop 199 | spec: 200 | ports: 201 | # the port that this service should serve on 202 | - port: 80 203 | targetPort: 80 204 | selector: 205 | name: catalogue 206 | --- 207 | apiVersion: extensions/v1beta1 208 | kind: Deployment 209 | metadata: 210 | name: front-end 211 | namespace: sock-shop 212 | spec: 213 | replicas: 1 214 | template: 215 | metadata: 216 | labels: 217 | name: front-end 218 | spec: 219 | containers: 220 | - name: front-end 221 | image: weaveworksdemos/front-end:0.3.12 222 | resources: 223 | requests: 224 | cpu: 100m 225 | memory: 100Mi 226 | ports: 227 | - containerPort: 8079 228 | securityContext: 229 | runAsNonRoot: true 230 | runAsUser: 10001 231 | capabilities: 232 | drop: 233 | - all 234 | readOnlyRootFilesystem: true 235 | nodeSelector: 236 | beta.kubernetes.io/os: linux 237 | --- 238 | apiVersion: v1 239 | kind: Service 240 | metadata: 241 | name: front-end 242 | labels: 243 | name: front-end 244 | namespace: sock-shop 245 | spec: 246 | type: NodePort 247 | ports: 248 | - port: 80 249 | targetPort: 8079 250 | nodePort: 30001 251 | selector: 252 | name: front-end 253 | --- 254 | apiVersion: extensions/v1beta1 255 | kind: Deployment 256 | metadata: 257 | name: orders-db 258 | labels: 259 | name: orders-db 260 | namespace: sock-shop 261 | spec: 262 | replicas: 1 263 | template: 264 | metadata: 265 | labels: 266 | name: orders-db 267 | spec: 268 | containers: 269 | - name: orders-db 270 | image: mongo 271 | ports: 272 | - name: mongo 273 | containerPort: 27017 274 | securityContext: 275 | capabilities: 276 | drop: 277 | - all 278 | add: 279 | - CHOWN 280 | - SETGID 281 | - SETUID 282 | readOnlyRootFilesystem: true 283 | volumeMounts: 284 | - mountPath: /tmp 285 | name: tmp-volume 286 | volumes: 287 | - name: tmp-volume 288 | emptyDir: 289 | medium: Memory 290 | nodeSelector: 291 | beta.kubernetes.io/os: linux 292 | --- 293 | apiVersion: v1 294 | kind: Service 295 | metadata: 296 | name: orders-db 297 | labels: 298 | name: orders-db 299 | namespace: sock-shop 300 | spec: 301 | ports: 302 | # the port that this service should serve on 303 | - port: 27017 304 | targetPort: 27017 305 | selector: 306 | name: orders-db 307 | --- 308 | apiVersion: extensions/v1beta1 309 | kind: Deployment 310 | metadata: 311 | name: orders 312 | labels: 313 | name: orders 314 | namespace: sock-shop 315 | spec: 316 | replicas: 1 317 | template: 318 | metadata: 319 | labels: 320 | name: orders 321 | spec: 322 | containers: 323 | - name: orders 324 | image: weaveworksdemos/orders:0.4.7 325 | env: 326 | - name: ZIPKIN 327 | value: zipkin.jaeger.svc.cluster.local 328 | - name: JAVA_OPTS 329 | value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom 330 | ports: 331 | - containerPort: 80 332 | securityContext: 333 | runAsNonRoot: true 334 | runAsUser: 10001 335 | capabilities: 336 | drop: 337 | - all 338 | add: 339 | - NET_BIND_SERVICE 340 | readOnlyRootFilesystem: true 341 | volumeMounts: 342 | - mountPath: /tmp 343 | name: tmp-volume 344 | volumes: 345 | - name: tmp-volume 346 | emptyDir: 347 | medium: Memory 348 | nodeSelector: 349 | beta.kubernetes.io/os: linux 350 | --- 351 | apiVersion: v1 352 | kind: Service 353 | metadata: 354 | name: orders 355 | labels: 356 | name: orders 357 | namespace: sock-shop 358 | spec: 359 | ports: 360 | # the port that this service should serve on 361 | - port: 80 362 | targetPort: 80 363 | selector: 364 | name: orders 365 | --- 366 | apiVersion: extensions/v1beta1 367 | kind: Deployment 368 | metadata: 369 | name: payment 370 | labels: 371 | name: payment 372 | namespace: sock-shop 373 | spec: 374 | replicas: 1 375 | template: 376 | metadata: 377 | labels: 378 | name: payment 379 | spec: 380 | containers: 381 | - name: payment 382 | image: weaveworksdemos/payment:0.4.3 383 | ports: 384 | - containerPort: 80 385 | securityContext: 386 | runAsNonRoot: true 387 | runAsUser: 10001 388 | capabilities: 389 | drop: 390 | - all 391 | add: 392 | - NET_BIND_SERVICE 393 | readOnlyRootFilesystem: true 394 | nodeSelector: 395 | beta.kubernetes.io/os: linux 396 | --- 397 | apiVersion: v1 398 | kind: Service 399 | metadata: 400 | name: payment 401 | labels: 402 | name: payment 403 | namespace: sock-shop 404 | spec: 405 | ports: 406 | # the port that this service should serve on 407 | - port: 80 408 | targetPort: 80 409 | selector: 410 | name: payment 411 | --- 412 | apiVersion: extensions/v1beta1 413 | kind: Deployment 414 | metadata: 415 | name: queue-master 416 | labels: 417 | name: queue-master 418 | namespace: sock-shop 419 | spec: 420 | replicas: 1 421 | template: 422 | metadata: 423 | labels: 424 | name: queue-master 425 | spec: 426 | containers: 427 | - name: queue-master 428 | image: weaveworksdemos/queue-master:0.3.1 429 | ports: 430 | - containerPort: 80 431 | nodeSelector: 432 | beta.kubernetes.io/os: linux 433 | --- 434 | apiVersion: v1 435 | kind: Service 436 | metadata: 437 | name: queue-master 438 | labels: 439 | name: queue-master 440 | annotations: 441 | prometheus.io/path: "/prometheus" 442 | namespace: sock-shop 443 | spec: 444 | ports: 445 | # the port that this service should serve on 446 | - port: 80 447 | targetPort: 80 448 | selector: 449 | name: queue-master 450 | --- 451 | apiVersion: extensions/v1beta1 452 | kind: Deployment 453 | metadata: 454 | name: rabbitmq 455 | labels: 456 | name: rabbitmq 457 | namespace: sock-shop 458 | spec: 459 | replicas: 1 460 | template: 461 | metadata: 462 | labels: 463 | name: rabbitmq 464 | spec: 465 | containers: 466 | - name: rabbitmq 467 | image: rabbitmq:3.6.8 468 | ports: 469 | - containerPort: 5672 470 | securityContext: 471 | capabilities: 472 | drop: 473 | - all 474 | add: 475 | - CHOWN 476 | - SETGID 477 | - SETUID 478 | - DAC_OVERRIDE 479 | readOnlyRootFilesystem: true 480 | nodeSelector: 481 | beta.kubernetes.io/os: linux 482 | --- 483 | apiVersion: v1 484 | kind: Service 485 | metadata: 486 | name: rabbitmq 487 | labels: 488 | name: rabbitmq 489 | namespace: sock-shop 490 | spec: 491 | ports: 492 | # the port that this service should serve on 493 | - port: 5672 494 | targetPort: 5672 495 | selector: 496 | name: rabbitmq 497 | --- 498 | apiVersion: extensions/v1beta1 499 | kind: Deployment 500 | metadata: 501 | name: shipping 502 | labels: 503 | name: shipping 504 | namespace: sock-shop 505 | spec: 506 | replicas: 1 507 | template: 508 | metadata: 509 | labels: 510 | name: shipping 511 | spec: 512 | containers: 513 | - name: shipping 514 | image: weaveworksdemos/shipping:0.4.8 515 | env: 516 | - name: ZIPKIN 517 | value: zipkin.jaeger.svc.cluster.local 518 | - name: JAVA_OPTS 519 | value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom 520 | ports: 521 | - containerPort: 80 522 | securityContext: 523 | runAsNonRoot: true 524 | runAsUser: 10001 525 | capabilities: 526 | drop: 527 | - all 528 | add: 529 | - NET_BIND_SERVICE 530 | readOnlyRootFilesystem: true 531 | volumeMounts: 532 | - mountPath: /tmp 533 | name: tmp-volume 534 | volumes: 535 | - name: tmp-volume 536 | emptyDir: 537 | medium: Memory 538 | nodeSelector: 539 | beta.kubernetes.io/os: linux 540 | --- 541 | apiVersion: v1 542 | kind: Service 543 | metadata: 544 | name: shipping 545 | labels: 546 | name: shipping 547 | namespace: sock-shop 548 | spec: 549 | ports: 550 | # the port that this service should serve on 551 | - port: 80 552 | targetPort: 80 553 | selector: 554 | name: shipping 555 | --- 556 | apiVersion: extensions/v1beta1 557 | kind: Deployment 558 | metadata: 559 | name: user-db 560 | labels: 561 | name: user-db 562 | namespace: sock-shop 563 | spec: 564 | replicas: 1 565 | template: 566 | metadata: 567 | labels: 568 | name: user-db 569 | spec: 570 | containers: 571 | - name: user-db 572 | image: weaveworksdemos/user-db:0.4.0 573 | ports: 574 | - name: mongo 575 | containerPort: 27017 576 | securityContext: 577 | capabilities: 578 | drop: 579 | - all 580 | add: 581 | - CHOWN 582 | - SETGID 583 | - SETUID 584 | readOnlyRootFilesystem: true 585 | volumeMounts: 586 | - mountPath: /tmp 587 | name: tmp-volume 588 | volumes: 589 | - name: tmp-volume 590 | emptyDir: 591 | medium: Memory 592 | nodeSelector: 593 | beta.kubernetes.io/os: linux 594 | --- 595 | apiVersion: v1 596 | kind: Service 597 | metadata: 598 | name: user-db 599 | labels: 600 | name: user-db 601 | namespace: sock-shop 602 | spec: 603 | ports: 604 | # the port that this service should serve on 605 | - port: 27017 606 | targetPort: 27017 607 | selector: 608 | name: user-db 609 | --- 610 | apiVersion: extensions/v1beta1 611 | kind: Deployment 612 | metadata: 613 | name: user 614 | labels: 615 | name: user 616 | namespace: sock-shop 617 | spec: 618 | replicas: 1 619 | template: 620 | metadata: 621 | labels: 622 | name: user 623 | spec: 624 | containers: 625 | - name: user 626 | image: weaveworksdemos/user:0.4.7 627 | ports: 628 | - containerPort: 80 629 | env: 630 | - name: MONGO_HOST 631 | value: user-db:27017 632 | securityContext: 633 | runAsNonRoot: true 634 | runAsUser: 10001 635 | capabilities: 636 | drop: 637 | - all 638 | add: 639 | - NET_BIND_SERVICE 640 | readOnlyRootFilesystem: true 641 | nodeSelector: 642 | beta.kubernetes.io/os: linux 643 | --- 644 | apiVersion: v1 645 | kind: Service 646 | metadata: 647 | name: user 648 | labels: 649 | name: user 650 | namespace: sock-shop 651 | spec: 652 | ports: 653 | # the port that this service should serve on 654 | - port: 80 655 | targetPort: 80 656 | selector: 657 | name: user 658 | -------------------------------------------------------------------------------- /helm-chart/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /helm-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Sock Shop 3 | name: helm-chart 4 | version: 0.2.0 5 | -------------------------------------------------------------------------------- /helm-chart/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: nginx-ingress 3 | version: 0.4.2 4 | repository: https://kubernetes-charts.storage.googleapis.com -------------------------------------------------------------------------------- /helm-chart/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /helm-chart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /helm-chart/templates/cart-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: carts-db 6 | labels: 7 | name: carts-db 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: carts-db 14 | spec: 15 | containers: 16 | - name: carts-db 17 | image: mongo 18 | ports: 19 | - name: mongo 20 | containerPort: 27017 21 | securityContext: 22 | capabilities: 23 | drop: 24 | - all 25 | add: 26 | - CHOWN 27 | - SETGID 28 | - SETUID 29 | readOnlyRootFilesystem: true 30 | volumeMounts: 31 | - mountPath: /tmp 32 | name: tmp-volume 33 | volumes: 34 | - name: tmp-volume 35 | emptyDir: 36 | medium: Memory 37 | -------------------------------------------------------------------------------- /helm-chart/templates/cart-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: carts-db 6 | labels: 7 | name: carts-db 8 | spec: 9 | ports: 10 | # the port that this service should serve on 11 | - port: 27017 12 | targetPort: 27017 13 | selector: 14 | name: carts-db 15 | -------------------------------------------------------------------------------- /helm-chart/templates/carts-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: carts 6 | labels: 7 | name: carts 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: carts 14 | spec: 15 | containers: 16 | - name: carts 17 | image: weaveworksdemos/carts:0.4.8 18 | env: 19 | {{- if .Values.zipkin.enabled }} 20 | - name: ZIPKIN 21 | value: {{ .Values.zipkin.url }} 22 | {{- end }} 23 | - name: JAVA_OPTS 24 | value: {{ .Values.java.options }} 25 | resources: 26 | limits: 27 | cpu: 300m 28 | memory: 2000Mi 29 | requests: 30 | cpu: 300m 31 | memory: 2000Mi 32 | ports: 33 | - containerPort: 80 34 | securityContext: 35 | runAsNonRoot: true 36 | runAsUser: 10001 37 | capabilities: 38 | drop: 39 | - all 40 | add: 41 | - NET_BIND_SERVICE 42 | readOnlyRootFilesystem: true 43 | volumeMounts: 44 | - mountPath: /tmp 45 | name: tmp-volume 46 | livenessProbe: 47 | httpGet: 48 | path: /health 49 | port: 80 50 | initialDelaySeconds: 300 51 | periodSeconds: 3 52 | readinessProbe: 53 | httpGet: 54 | path: /health 55 | port: 80 56 | initialDelaySeconds: 180 57 | periodSeconds: 3 58 | volumes: 59 | - name: tmp-volume 60 | emptyDir: 61 | medium: Memory 62 | -------------------------------------------------------------------------------- /helm-chart/templates/carts-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: carts 6 | labels: 7 | name: carts 8 | spec: 9 | ports: 10 | # the port that this service should serve on 11 | - port: 80 12 | targetPort: 80 13 | selector: 14 | name: carts 15 | -------------------------------------------------------------------------------- /helm-chart/templates/catalogue-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: catalogue-db 6 | labels: 7 | name: catalogue-db 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: catalogue-db 14 | spec: 15 | containers: 16 | - name: catalogue-db 17 | image: weaveworksdemos/catalogue-db:0.3.0 18 | env: 19 | - name: MYSQL_ROOT_PASSWORD 20 | value: fake_password 21 | - name: MYSQL_DATABASE 22 | value: socksdb 23 | ports: 24 | - name: mysql 25 | containerPort: 3306 26 | -------------------------------------------------------------------------------- /helm-chart/templates/catalogue-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: catalogue-db 6 | labels: 7 | name: catalogue-db 8 | spec: 9 | ports: 10 | # the port that this service should serve on 11 | - port: 3306 12 | targetPort: 3306 13 | selector: 14 | name: catalogue-db 15 | -------------------------------------------------------------------------------- /helm-chart/templates/catalogue-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: catalogue 6 | labels: 7 | name: catalogue 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: catalogue 14 | spec: 15 | containers: 16 | - name: catalogue 17 | image: weaveworksdemos/catalogue:0.3.5 18 | {{- if .Values.zipkin.enabled }} 19 | env: 20 | - name: ZIPKIN 21 | value: http://{{ .Values.zipkin.url }}:9411/api/v1/spans 22 | {{- end }} 23 | resources: 24 | limits: 25 | cpu: 100m 26 | memory: 100Mi 27 | requests: 28 | cpu: 100m 29 | memory: 100Mi 30 | ports: 31 | - containerPort: 80 32 | securityContext: 33 | runAsNonRoot: true 34 | runAsUser: 10001 35 | capabilities: 36 | drop: 37 | - all 38 | add: 39 | - NET_BIND_SERVICE 40 | readOnlyRootFilesystem: true 41 | livenessProbe: 42 | httpGet: 43 | path: /health 44 | port: 80 45 | initialDelaySeconds: 300 46 | periodSeconds: 3 47 | readinessProbe: 48 | httpGet: 49 | path: /health 50 | port: 80 51 | initialDelaySeconds: 180 52 | periodSeconds: 3 53 | -------------------------------------------------------------------------------- /helm-chart/templates/catalogue-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: catalogue 6 | labels: 7 | name: catalogue 8 | spec: 9 | ports: 10 | # the port that this service should serve on 11 | - port: 80 12 | targetPort: 80 13 | selector: 14 | name: catalogue 15 | -------------------------------------------------------------------------------- /helm-chart/templates/front-end-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: front-end 6 | spec: 7 | replicas: {{ .Values.frontend.replicas }} 8 | template: 9 | metadata: 10 | labels: 11 | name: front-end 12 | spec: 13 | containers: 14 | - name: front-end 15 | image: weaveworksdemos/front-end:0.3.12 16 | resources: 17 | limits: 18 | cpu: 300m 19 | memory: 1000Mi 20 | requests: 21 | cpu: 100m 22 | memory: 300Mi 23 | ports: 24 | - containerPort: 8079 25 | env: 26 | - name: SESSION_REDIS 27 | value: "true" 28 | securityContext: 29 | runAsNonRoot: true 30 | runAsUser: 10001 31 | capabilities: 32 | drop: 33 | - all 34 | readOnlyRootFilesystem: true 35 | livenessProbe: 36 | httpGet: 37 | path: / 38 | port: 8079 39 | initialDelaySeconds: 300 40 | periodSeconds: 3 41 | readinessProbe: 42 | httpGet: 43 | path: / 44 | port: 8079 45 | initialDelaySeconds: 30 46 | periodSeconds: 3 47 | -------------------------------------------------------------------------------- /helm-chart/templates/front-end-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: front-end 6 | labels: 7 | name: front-end 8 | spec: 9 | type: NodePort 10 | ports: 11 | - port: 80 12 | targetPort: 8079 13 | nodePort: 30001 14 | selector: 15 | name: front-end 16 | -------------------------------------------------------------------------------- /helm-chart/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: socks-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: nginx 7 | spec: 8 | rules: 9 | - http: 10 | paths: 11 | - path: / 12 | backend: 13 | serviceName: front-end 14 | servicePort: 80 -------------------------------------------------------------------------------- /helm-chart/templates/loadtest-dep.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.loadtest.enabled }} 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: load-test 6 | labels: 7 | name: load-test 8 | spec: 9 | replicas: {{ .Values.loadtest.replicas }} 10 | template: 11 | metadata: 12 | labels: 13 | name: load-test 14 | spec: 15 | containers: 16 | - name: load-test 17 | image: weaveworksdemos/load-test 18 | command: ["/bin/sh"] 19 | args: ["-c", "while true; do locust --host http://front-end.sock-shop.svc.cluster.local -f /config/locustfile.py --clients 5 --hatch-rate 5 --num-request 100 --no-web; done"] 20 | {{- end }} -------------------------------------------------------------------------------- /helm-chart/templates/orders-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: orders-db 6 | labels: 7 | name: orders-db 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: orders-db 14 | spec: 15 | containers: 16 | - name: orders-db 17 | image: mongo 18 | ports: 19 | - name: mongo 20 | containerPort: 27017 21 | securityContext: 22 | capabilities: 23 | drop: 24 | - all 25 | add: 26 | - CHOWN 27 | - SETGID 28 | - SETUID 29 | readOnlyRootFilesystem: true 30 | volumeMounts: 31 | - mountPath: /tmp 32 | name: tmp-volume 33 | volumes: 34 | - name: tmp-volume 35 | emptyDir: 36 | medium: Memory 37 | -------------------------------------------------------------------------------- /helm-chart/templates/orders-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: orders-db 6 | labels: 7 | name: orders-db 8 | spec: 9 | ports: 10 | # the port that this service should serve on 11 | - port: 27017 12 | targetPort: 27017 13 | selector: 14 | name: orders-db 15 | -------------------------------------------------------------------------------- /helm-chart/templates/orders-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: orders 6 | labels: 7 | name: orders 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: orders 14 | spec: 15 | containers: 16 | - name: orders 17 | image: weaveworksdemos/orders:0.4.7 18 | env: 19 | {{- if .Values.zipkin.enabled }} 20 | - name: ZIPKIN 21 | value: {{ .Values.zipkin.url }} 22 | {{- end }} 23 | - name: JAVA_OPTS 24 | value: {{ .Values.java.options }} 25 | resources: 26 | limits: 27 | cpu: 500m 28 | memory: 2000Mi 29 | requests: 30 | cpu: 200m 31 | memory: 2000Mi 32 | ports: 33 | - containerPort: 80 34 | securityContext: 35 | runAsNonRoot: true 36 | runAsUser: 10001 37 | capabilities: 38 | drop: 39 | - all 40 | add: 41 | - NET_BIND_SERVICE 42 | readOnlyRootFilesystem: true 43 | volumeMounts: 44 | - mountPath: /tmp 45 | name: tmp-volume 46 | livenessProbe: 47 | httpGet: 48 | path: /health 49 | port: 80 50 | initialDelaySeconds: 300 51 | periodSeconds: 3 52 | readinessProbe: 53 | httpGet: 54 | path: /health 55 | port: 80 56 | initialDelaySeconds: 180 57 | periodSeconds: 3 58 | volumes: 59 | - name: tmp-volume 60 | emptyDir: 61 | medium: Memory 62 | 63 | -------------------------------------------------------------------------------- /helm-chart/templates/orders-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: orders 6 | labels: 7 | name: orders 8 | spec: 9 | ports: 10 | # the port that this service should serve on 11 | - port: 80 12 | targetPort: 80 13 | selector: 14 | name: orders 15 | -------------------------------------------------------------------------------- /helm-chart/templates/payment-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: payment 6 | labels: 7 | name: payment 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: payment 14 | spec: 15 | containers: 16 | - name: payment 17 | image: weaveworksdemos/payment:0.4.3 18 | resources: 19 | limits: 20 | cpu: 100m 21 | memory: 100Mi 22 | requests: 23 | cpu: 100m 24 | memory: 100Mi 25 | ports: 26 | - containerPort: 80 27 | {{- if .Values.zipkin.enabled }} 28 | env: 29 | - name: ZIPKIN 30 | value: http://{{ .Values.zipkin.url }}:9411/api/v1/spans 31 | {{- end }} 32 | securityContext: 33 | runAsNonRoot: true 34 | runAsUser: 10001 35 | capabilities: 36 | drop: 37 | - all 38 | add: 39 | - NET_BIND_SERVICE 40 | readOnlyRootFilesystem: true 41 | livenessProbe: 42 | httpGet: 43 | path: /health 44 | port: 80 45 | initialDelaySeconds: 300 46 | periodSeconds: 3 47 | readinessProbe: 48 | httpGet: 49 | path: /health 50 | port: 80 51 | initialDelaySeconds: 180 52 | periodSeconds: 3 53 | -------------------------------------------------------------------------------- /helm-chart/templates/payment-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: payment 6 | labels: 7 | name: payment 8 | spec: 9 | ports: 10 | # the port that this service should serve on 11 | - port: 80 12 | targetPort: 80 13 | selector: 14 | name: payment 15 | -------------------------------------------------------------------------------- /helm-chart/templates/queue-master-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: queue-master 6 | labels: 7 | name: queue-master 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: queue-master 14 | spec: 15 | containers: 16 | - name: queue-master 17 | image: weaveworksdemos/queue-master:0.3.1 18 | env: 19 | {{- if .Values.zipkin.enabled }} 20 | - name: ZIPKIN 21 | value: {{ .Values.zipkin.url }} 22 | {{- end }} 23 | - name: JAVA_OPTS 24 | value: {{ .Values.java.options }} 25 | resources: 26 | limits: 27 | cpu: 300m 28 | memory: 1000Mi 29 | requests: 30 | cpu: 300m 31 | memory: 1000Mi 32 | ports: 33 | - containerPort: 80 34 | livenessProbe: 35 | httpGet: 36 | path: /health 37 | port: 80 38 | initialDelaySeconds: 300 39 | periodSeconds: 3 40 | readinessProbe: 41 | httpGet: 42 | path: /health 43 | port: 80 44 | initialDelaySeconds: 180 45 | periodSeconds: 3 46 | -------------------------------------------------------------------------------- /helm-chart/templates/queue-master-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: queue-master 6 | labels: 7 | name: queue-master 8 | annotations: 9 | prometheus.io/path: "/prometheus" 10 | spec: 11 | ports: 12 | # the port that this service should serve on 13 | - port: 80 14 | targetPort: 80 15 | selector: 16 | name: queue-master 17 | -------------------------------------------------------------------------------- /helm-chart/templates/rabbitmq-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: rabbitmq 6 | labels: 7 | name: rabbitmq 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: rabbitmq 14 | spec: 15 | containers: 16 | - name: rabbitmq 17 | image: rabbitmq:3.6.8 18 | ports: 19 | - containerPort: 5672 20 | securityContext: 21 | capabilities: 22 | drop: 23 | - all 24 | add: 25 | - CHOWN 26 | - SETGID 27 | - SETUID 28 | - DAC_OVERRIDE 29 | readOnlyRootFilesystem: true 30 | -------------------------------------------------------------------------------- /helm-chart/templates/rabbitmq-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: rabbitmq 6 | labels: 7 | name: rabbitmq 8 | spec: 9 | ports: 10 | # the port that this service should serve on 11 | - port: 5672 12 | targetPort: 5672 13 | selector: 14 | name: rabbitmq 15 | -------------------------------------------------------------------------------- /helm-chart/templates/session-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: session-db 6 | labels: 7 | name: session-db 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: session-db 14 | spec: 15 | containers: 16 | - name: session-db 17 | image: redis:alpine 18 | ports: 19 | - name: redis 20 | containerPort: 6379 21 | securityContext: 22 | capabilities: 23 | drop: 24 | - all 25 | add: 26 | - CHOWN 27 | - SETGID 28 | - SETUID 29 | readOnlyRootFilesystem: true 30 | -------------------------------------------------------------------------------- /helm-chart/templates/session-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: session-db 6 | labels: 7 | name: session-db 8 | spec: 9 | ports: 10 | # the port that this service should serve on 11 | - port: 6379 12 | targetPort: 6379 13 | selector: 14 | name: session-db 15 | -------------------------------------------------------------------------------- /helm-chart/templates/shipping-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: shipping 6 | labels: 7 | name: shipping 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: shipping 14 | spec: 15 | containers: 16 | - name: shipping 17 | image: weaveworksdemos/shipping:0.4.8 18 | env: 19 | {{- if .Values.zipkin.enabled }} 20 | - name: ZIPKIN 21 | value: {{ .Values.zipkin.urlj }} 22 | {{- end }} 23 | - name: JAVA_OPTS 24 | value: {{ .Values.java.options }} 25 | resources: 26 | limits: 27 | cpu: 300m 28 | memory: 2000Mi 29 | requests: 30 | cpu: 300m 31 | memory: 2000Mi 32 | ports: 33 | - containerPort: 80 34 | securityContext: 35 | runAsNonRoot: true 36 | runAsUser: 10001 37 | capabilities: 38 | drop: 39 | - all 40 | add: 41 | - NET_BIND_SERVICE 42 | readOnlyRootFilesystem: true 43 | volumeMounts: 44 | - mountPath: /tmp 45 | name: tmp-volume 46 | livenessProbe: 47 | httpGet: 48 | path: /health 49 | port: 80 50 | initialDelaySeconds: 300 51 | periodSeconds: 3 52 | readinessProbe: 53 | httpGet: 54 | path: /health 55 | port: 80 56 | initialDelaySeconds: 180 57 | periodSeconds: 3 58 | volumes: 59 | - name: tmp-volume 60 | emptyDir: 61 | medium: Memory 62 | 63 | -------------------------------------------------------------------------------- /helm-chart/templates/shipping-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: shipping 6 | labels: 7 | name: shipping 8 | spec: 9 | ports: 10 | # the port that this service should serve on 11 | - port: 80 12 | targetPort: 80 13 | selector: 14 | name: shipping 15 | 16 | -------------------------------------------------------------------------------- /helm-chart/templates/user-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: user-db 6 | labels: 7 | name: user-db 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: user-db 14 | spec: 15 | containers: 16 | - name: user-db 17 | image: weaveworksdemos/user-db:0.3.0 18 | 19 | ports: 20 | - name: mongo 21 | containerPort: 27017 22 | securityContext: 23 | capabilities: 24 | drop: 25 | - all 26 | add: 27 | - CHOWN 28 | - SETGID 29 | - SETUID 30 | readOnlyRootFilesystem: true 31 | volumeMounts: 32 | - mountPath: /tmp 33 | name: tmp-volume 34 | volumes: 35 | - name: tmp-volume 36 | emptyDir: 37 | medium: Memory 38 | -------------------------------------------------------------------------------- /helm-chart/templates/user-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: user-db 6 | labels: 7 | name: user-db 8 | spec: 9 | ports: 10 | # the port that this service should serve on 11 | - port: 27017 12 | targetPort: 27017 13 | selector: 14 | name: user-db 15 | 16 | -------------------------------------------------------------------------------- /helm-chart/templates/user-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: user 6 | labels: 7 | name: user 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: user 14 | spec: 15 | containers: 16 | - name: user 17 | image: weaveworksdemos/user:0.4.4 18 | resources: 19 | limits: 20 | cpu: 300m 21 | memory: 1000Mi 22 | requests: 23 | cpu: 100m 24 | memory: 400Mi 25 | ports: 26 | - containerPort: 80 27 | env: 28 | - name: MONGO_HOST 29 | value: user-db:27017 30 | {{- if .Values.zipkin.enabled }} 31 | - name: ZIPKIN 32 | value: http://{{ .Values.zipkin.url }}:9411/api/v1/spans 33 | {{- end }} 34 | securityContext: 35 | runAsNonRoot: true 36 | runAsUser: 10001 37 | capabilities: 38 | drop: 39 | - all 40 | add: 41 | - NET_BIND_SERVICE 42 | readOnlyRootFilesystem: true 43 | livenessProbe: 44 | httpGet: 45 | path: /health 46 | port: 80 47 | initialDelaySeconds: 300 48 | periodSeconds: 3 49 | readinessProbe: 50 | httpGet: 51 | path: /health 52 | port: 80 53 | initialDelaySeconds: 180 54 | periodSeconds: 3 55 | -------------------------------------------------------------------------------- /helm-chart/templates/user-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: user 6 | labels: 7 | name: user 8 | spec: 9 | ports: 10 | # the port that this service should serve on 11 | - port: 80 12 | targetPort: 80 13 | selector: 14 | name: user 15 | 16 | -------------------------------------------------------------------------------- /helm-chart/templates/zipkin-cron-dep.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.zipkin.enabled -}} 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: zipkin-cron 6 | labels: 7 | name: zipkin-cron 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: zipkin-cron 14 | spec: 15 | containers: 16 | - name: zipkin-cron 17 | image: openzipkin/zipkin-dependencies:1.4.0 18 | env: 19 | - name: STORAGE_TYPE 20 | value: mysql 21 | - name: MYSQL_HOST 22 | value: zipkin-mysql 23 | - name: MYSQL_USER 24 | value: zipkin 25 | - name: MYSQL_PASS 26 | value: zipkin 27 | command: ["crond"] 28 | args: ["-f"] 29 | {{- end -}} 30 | -------------------------------------------------------------------------------- /helm-chart/templates/zipkin-dep.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.zipkin.enabled -}} 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: zipkin 6 | labels: 7 | name: zipkin 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: zipkin 14 | spec: 15 | containers: 16 | - name: zipkin 17 | image: openzipkin/zipkin 18 | ports: 19 | - containerPort: 9411 20 | env: 21 | - name: STORAGE_TYPE 22 | value: mysql 23 | - name: MYSQL_HOST 24 | value: zipkin-mysql 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /helm-chart/templates/zipkin-mysql-dep.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.zipkin.enabled -}} 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: zipkin-mysql 6 | labels: 7 | name: zipkin-mysql 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | name: zipkin-mysql 14 | spec: 15 | containers: 16 | - name: zipkin-mysql 17 | image: openzipkin/zipkin-mysql:1.20.0 18 | ports: 19 | - name: mysql 20 | containerPort: 3306 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /helm-chart/templates/zipkin-mysql-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.zipkin.enabled -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: zipkin-mysql 6 | labels: 7 | name: zipkin-mysql 8 | spec: 9 | ports: 10 | # the port that this service should serve on 11 | - port: 3306 12 | targetPort: 3306 13 | selector: 14 | name: zipkin-mysql 15 | {{- end -}} 16 | -------------------------------------------------------------------------------- /helm-chart/templates/zipkin-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.zipkin.enabled -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: zipkin 6 | labels: 7 | name: zipkin 8 | spec: 9 | type: NodePort 10 | ports: 11 | # the port that this service should serve on 12 | - port: 9411 13 | targetPort: 9411 14 | nodePort: 30002 15 | selector: 16 | name: zipkin 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /helm-chart/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for sock-shop. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | java: 5 | options: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom 6 | zipkin: 7 | enabled: false 8 | url: zipkin.zipkin.svc.cluster.local 9 | frontend: 10 | replicas: 1 11 | loadtest: 12 | replicas: 2 13 | enabled: false -------------------------------------------------------------------------------- /manifests-alerting/.env: -------------------------------------------------------------------------------- 1 | 2 | # ----------------------------------------------------------------------------------------------------------------------------- 3 | # --------------------- General Settings -------------------------------------------------------------------------------------- 4 | # ----------------------------------------------------------------------------------------------------------------------------- 5 | 6 | HOSTNAME=mail 7 | DOMAINNAME=domain.com 8 | CONTAINER_NAME=mail 9 | 10 | # empty => uses the `hostname` command to get the mail server's canonical hostname 11 | # => Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable. 12 | OVERRIDE_HOSTNAME= 13 | 14 | # 0 => Debug disabled 15 | # 1 => Enables debug on startup 16 | DMS_DEBUG=0 17 | 18 | # 0 => mail state in default directories 19 | # 1 => consolidate all states into a single directory (`/var/mail-state`) to allow persistence using docker volumes 20 | ONE_DIR=0 21 | 22 | # empty => postmaster@domain.com 23 | # => Specify the postmaster address 24 | POSTMASTER_ADDRESS= 25 | 26 | # Set different options for mynetworks option (can be overwrite in postfix-main.cf) 27 | # empty => localhost only 28 | # host => Add docker host (ipv4 only) 29 | # network => Add all docker containers (ipv4 only) 30 | PERMIT_DOCKER= 31 | 32 | # empty => modern 33 | # modern => Enables TLSv1.2 and modern ciphers only. (default) 34 | # intermediate => Enables TLSv1, TLSv1.1 and TLSv1.2 and broad compatibility ciphers. 35 | # old => NOT implemented. If you really need it, then customize the TLS ciphers overriding postfix and dovecot settings 36 | # (https://github.com/tomav/docker-mailserver/wiki/) 37 | TLS_LEVEL= 38 | 39 | # Configures the handling of creating mails with forged sender addresses. 40 | # 41 | # empty => (not recommended, but default for backwards compatability reasons) 42 | # Mail address spoofing allowed. Any logged in user may create email messages with a forged sender address. 43 | # See also https://en.wikipedia.org/wiki/Email_spoofing 44 | # 1 => (recommended) Mail spoofing denied. Each user may only send with his own or his alias addresses. 45 | # Addresses with extension delimiters(http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages. 46 | SPOOF_PROTECTION= 47 | 48 | # Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See [postsrsd](https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course) for further explanation. 49 | # - **0** => Disabled 50 | # - 1 => Enabled 51 | ENABLE_SRS=0 52 | 53 | # 1 => Enables POP3 service 54 | # empty => disables POP3 55 | ENABLE_POP3= 56 | ENABLE_CLAMAV=0 57 | 58 | # If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`: 59 | # cap_add: 60 | # - NET_ADMIN 61 | # Otherwise, `iptables` won't be able to ban IPs. 62 | ENABLE_FAIL2BAN=0 63 | 64 | # 1 => Enables Managesieve on port 4190 65 | # empty => disables Managesieve 66 | ENABLE_MANAGESIEVE= 67 | 68 | # **enforce** => Allow other tests to complete. Reject attempts to deliver mail with a 550 SMTP reply, and log the helo/sender/recipient information. Repeat this test the next time the client connects. 69 | # drop => Drop the connection immediately with a 521 SMTP reply. Repeat this test the next time the client connects. 70 | # ignore => Ignore the failure of this test. Allow other tests to complete. Repeat this test the next time the client connects. This option is useful for testing and collecting statistics without blocking mail. 71 | POSTSCREEN_ACTION=enforce 72 | 73 | # empty => all daemons start 74 | # 1 => only launch postfix smtp 75 | SMTP_ONLY= 76 | 77 | # Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) for more information. 78 | # 79 | # empty => SSL disabled 80 | # letsencrypt => Enables Let's Encrypt certificates 81 | # custom => Enables custom certificates 82 | # manual => Let's you manually specify locations of your SSL certificates for non-standard cases 83 | # self-signed => Enables self-signed certificates 84 | SSL_TYPE= 85 | 86 | # Set how many days a virusmail will stay on the server before being deleted 87 | # empty => 7 days 88 | VIRUSMAILS_DELETE_DELAY= 89 | 90 | # This Option is activating the Usage of POSTFIX_DAGENT to specify a lmtp client different from default dovecot socket. 91 | # empty => disabled 92 | # 1 => enabled 93 | ENABLE_POSTFIX_VIRTUAL_TRANSPORT= 94 | 95 | # Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postfix 96 | # 97 | # empty => fail 98 | # `lmtp:unix:private/dovecot-lmtp` (use socket) 99 | # `lmtps:inet::` (secure lmtp with starttls, take a look at https://sys4.de/en/blog/2014/11/17/sicheres-lmtp-mit-starttls-in-dovecot/) 100 | # `lmtp::2003` (use kopano as mailstore) 101 | # etc. 102 | POSTFIX_DAGENT= 103 | 104 | # Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default). 105 | # 106 | # empty => 0 107 | POSTFIX_MAILBOX_SIZE_LIMIT= 108 | 109 | # Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!) 110 | # 111 | # empty => 10240000 (~10 MB) 112 | POSTFIX_MESSAGE_SIZE_LIMIT= 113 | 114 | # Enables a report being sent (created by pflogsumm) on a regular basis. 115 | # **0** => Report emails are disabled 116 | # 1 => Using POSTMASTER_ADDRESS as the recipient 117 | # => Specify the recipient address 118 | REPORT_RECIPIENT=0 119 | 120 | 121 | # Change the sending address for mail report 122 | # **empty** => mailserver-report@hostname 123 | # => Specify the report sender (From) address 124 | REPORT_SENDER= 125 | 126 | # Changes the interval in which a report is being sent. 127 | # **daily** => Send a daily report 128 | # weekly => Send a report every week 129 | # monthly => Send a report every month 130 | # 131 | # Note: This Variable actually controls logrotate inside the container and rotates the log depending on this setting. The main log output is still available in its entirety via `docker logs mail` (Or your respective container name). If you want to control logrotation for the docker generated logfile see: [Docker Logging Drivers](https://docs.docker.com/config/containers/logging/configure/) 132 | REPORT_INTERVAL=daily 133 | 134 | # ----------------------------------------------------------------------------------------------------------------------------- 135 | # --------------------- Spamassassin section ---------------------------------------------------------------------------------- 136 | # ----------------------------------------------------------------------------------------------------------------------------- 137 | 138 | ENABLE_SPAMASSASSIN=0 139 | 140 | # add spam info headers if at, or above that level: 141 | SA_TAG=2.0 142 | 143 | # add 'spam detected' headers at that level 144 | SA_TAG2=6.31 145 | 146 | # triggers spam evasive actions 147 | SA_KILL=6.31 148 | 149 | # add tag to subject if spam detected 150 | SA_SPAM_SUBJECT=***SPAM***** 151 | 152 | # ----------------------------------------------------------------------------------------------------------------------------- 153 | # --------------------- Fetchmail section ------------------------------------------------------------------------------------- 154 | # ----------------------------------------------------------------------------------------------------------------------------- 155 | 156 | ENABLE_FETCHMAIL=0 157 | 158 | # The interval to fetch mail in seconds 159 | FETCHMAIL_POLL=300 160 | 161 | # ----------------------------------------------------------------------------------------------------------------------------- 162 | # --------------------- LDAP section ------------------------------------------------------------------------------------------ 163 | # ----------------------------------------------------------------------------------------------------------------------------- 164 | 165 | # A second container for the ldap service is necessary (i.e. https://github.com/osixia/docker-openldap) 166 | # For preparing the ldap server to use in combination with this container this article may be helpful: http://acidx.net/wordpress/2014/06/installing-a-mailserver-with-postfix-dovecot-sasl-ldap-roundcube/ 167 | 168 | # empty => LDAP authentification is disabled 169 | # 1 => LDAP authentification is enabled 170 | ENABLE_LDAP= 171 | 172 | # empty => no 173 | # yes => LDAP over TLS enabled for Postfix 174 | LDAP_START_TLS= 175 | 176 | # If you going to use the mailserver in combination with docker-compose you can set the service name here 177 | # empty => mail.domain.com 178 | # Specify the dns-name/ip-address where the ldap-server 179 | LDAP_SERVER_HOST= 180 | 181 | # empty => ou=people,dc=domain,dc=com 182 | # => e.g. LDAP_SEARCH_BASE=dc=mydomain,dc=local 183 | LDAP_SEARCH_BASE= 184 | 185 | # empty => cn=admin,dc=domain,dc=com 186 | # => take a look at examples of SASL_LDAP_BIND_DN 187 | LDAP_BIND_DN= 188 | 189 | # empty** => admin 190 | # => Specify the password to bind against ldap 191 | LDAP_BIND_PW= 192 | 193 | # e.g. `"(&(mail=%s)(mailEnabled=TRUE))"` 194 | # => Specify how ldap should be asked for users 195 | LDAP_QUERY_FILTER_USER= 196 | 197 | # e.g. `"(&(mailGroupMember=%s)(mailEnabled=TRUE))"` 198 | # => Specify how ldap should be asked for groups 199 | LDAP_QUERY_FILTER_GROUP= 200 | 201 | # e.g. `"(&(mailAlias=%s)(mailEnabled=TRUE))"` 202 | # => Specify how ldap should be asked for aliases 203 | LDAP_QUERY_FILTER_ALIAS= 204 | 205 | # e.g. `"(&(|(mail=*@%s)(mailalias=*@%s)(mailGroupMember=*@%s))(mailEnabled=TRUE))"` 206 | # => Specify how ldap should be asked for domains 207 | LDAP_QUERY_FILTER_DOMAIN= 208 | 209 | # ----------------------------------------------------------------------------------------------------------------------------- 210 | # ---------------- Dovecot section -------------------------------------------------------------------------------------------- 211 | # ----------------------------------------------------------------------------------------------------------------------------- 212 | 213 | # empty => no 214 | # yes => LDAP over TLS enabled for Dovecot 215 | DOVECOT_TLS= 216 | 217 | # e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"` 218 | DOVECOT_USER_FILTER= 219 | 220 | # e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"` 221 | DOVECOT_PASS_FILTER= 222 | 223 | # ----------------------------------------------------------------------------------------------------------------------------- 224 | # ---------------- Postgrey section ------------------------------------------------------------------------------------------- 225 | # ----------------------------------------------------------------------------------------------------------------------------- 226 | 227 | ENABLE_POSTGREY=0 228 | # greylist for N seconds 229 | POSTGREY_DELAY=300 230 | # delete entries older than N days since the last time that they have been seen 231 | POSTGREY_MAX_AGE=35 232 | # response when a mail is greylisted 233 | POSTGREY_TEXT=Delayed by postgrey 234 | # whitelist host after N successful deliveries (N=0 to disable whitelisting) 235 | POSTGREY_AUTO_WHITELIST_CLIENTS=5 236 | 237 | # ----------------------------------------------------------------------------------------------------------------------------- 238 | # ---------------- SASL section ----------------------------------------------------------------------------------------------- 239 | # ----------------------------------------------------------------------------------------------------------------------------- 240 | 241 | ENABLE_SASLAUTHD=0 242 | 243 | # empty => pam 244 | # `ldap` => authenticate against ldap server 245 | # `shadow` => authenticate against local user db 246 | # `mysql` => authenticate against mysql db 247 | # `rimap` => authenticate against imap server 248 | # NOTE: can be a list of mechanisms like pam ldap shadow 249 | SASLAUTHD_MECHANISMS= 250 | 251 | # empty => None 252 | # e.g. with SASLAUTHD_MECHANISMS rimap you need to specify the ip-address/servername of the imap server ==> xxx.xxx.xxx.xxx 253 | SASLAUTHD_MECH_OPTIONS= 254 | 255 | # empty => localhost 256 | SASLAUTHD_LDAP_SERVER= 257 | 258 | # empty or 0 => `ldap://` will be used 259 | # 1 => `ldaps://` will be used 260 | SASLAUTHD_LDAP_SSL= 261 | 262 | # empty => anonymous bind 263 | # specify an object with priviliges to search the directory tree 264 | # e.g. active directory: SASLAUTHD_LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=net 265 | # e.g. openldap: SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=mydomain,dc=net 266 | SASLAUTHD_LDAP_BIND_DN= 267 | 268 | # empty => anonymous bind 269 | SASLAUTHD_LDAP_PASSWORD= 270 | 271 | # empty => Reverting to SASLAUTHD_MECHANISMS pam 272 | # specify the search base 273 | SASLAUTHD_LDAP_SEARCH_BASE= 274 | 275 | # empty => default filter `(&(uniqueIdentifier=%u)(mailEnabled=TRUE))` 276 | # e.g. for active directory: `(&(sAMAccountName=%U)(objectClass=person))` 277 | # e.g. for openldap: `(&(uid=%U)(objectClass=person))` 278 | SASLAUTHD_LDAP_FILTER= 279 | 280 | # empty => no 281 | # yes => LDAP over TLS enabled for SASL 282 | # Must not be used together with SASLAUTHD_LDAP_SSL=1_ 283 | SASLAUTHD_LDAP_START_TLS= 284 | 285 | # empty => no 286 | # yes => Require and verify server certificate 287 | SASLAUTHD_LDAP_TLS_CHECK_PEER= 288 | 289 | # empty => No sasl_passwd will be created 290 | # string => `/etc/postfix/sasl_passwd` will be created with the string as password 291 | SASL_PASSWD= 292 | 293 | # ----------------------------------------------------------------------------------------------------------------------------- 294 | # ---------------- SRS section -------------------------------------------------------------------------------------------- 295 | # ----------------------------------------------------------------------------------------------------------------------------- 296 | 297 | # empty => Envelope sender will be rewritten for all domains 298 | # provide comma separated list of domains to exclude from rewriting 299 | SRS_EXCLUDE_DOMAINS= 300 | 301 | # empty => generated when the image is built 302 | # provide a secret to use in base64 303 | # you may specify multiple keys, comma separated. the first one is used for 304 | # signing and the remaining will be used for verification. this is how you 305 | # rotate and expire keys 306 | SRS_SECRET= 307 | 308 | # ----------------------------------------------------------------------------------------------------------------------------- 309 | # ---------------- Default relay host section --------------------------------------------------------------------------------- 310 | # ----------------------------------------------------------------------------------------------------------------------------- 311 | 312 | # Setup relaying all mail through a default relay host 313 | # 314 | # empty => don't configure default relay host 315 | # default host and optional port to relay all mail through 316 | DEFAULT_RELAY_HOST= 317 | 318 | # ----------------------------------------------------------------------------------------------------------------------------- 319 | # ---------------- Multi-domain relay section --------------------------------------------------------------------------------- 320 | # ----------------------------------------------------------------------------------------------------------------------------- 321 | 322 | # Setup relaying for multiple domains based on the domain name of the sender 323 | # optionally uses usernames and passwords in postfix-sasl-password.cf and relay host mappings in postfix-relaymap.cf 324 | # 325 | # empty => don't configure relay host 326 | # default host to relay mail through 327 | RELAY_HOST= 328 | 329 | # empty => 25 330 | # default port to relay mail 331 | RELAY_PORT=25 332 | 333 | # empty => no default 334 | # default relay username (if no specific entry exists in postfix-sasl-password.cf) 335 | RELAY_USER= 336 | 337 | # empty => no default 338 | # password for default relay user 339 | RELAY_PASSWORD= 340 | -------------------------------------------------------------------------------- /manifests-alerting/README.md: -------------------------------------------------------------------------------- 1 | In order for the alerting component to work, a Kubernetes secret called "slack-hook-url" needs to be created. The content of the secret needs to be the Slack Hook API url. 2 | 3 | For more information see 4 | 5 | 1. https://kubernetes.io/docs/user-guide/secrets/ 6 | 2. https://api.slack.com/incoming-webhooks -------------------------------------------------------------------------------- /manifests-alerting/alertmanager-configmap.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: alertmanager 5 | namespace: monitoring 6 | data: 7 | config.yml: |- 8 | global: 9 | slack_api_url: SLACK_URL 10 | route: 11 | group_by: [Alertname] 12 | receiver: slack-notifications 13 | receivers: 14 | - name: 'slack-notifications' 15 | slack_configs: 16 | - channel: '#monitor' 17 | 18 | -------------------------------------------------------------------------------- /manifests-alerting/alertmanager-dep.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: alertmanager 5 | namespace: monitoring 6 | spec: 7 | replicas: 1 8 | selector: 9 | matchLabels: 10 | app: alertmanager 11 | template: 12 | metadata: 13 | name: alertmanager 14 | labels: 15 | app: alertmanager 16 | name: alertmanager 17 | spec: 18 | tolerations: #make pods run on only master 19 | - effect: NoSchedule 20 | key: node-role.kubernetes.io/master 21 | containers: 22 | - name: alertmanager 23 | image: prom/alertmanager:v0.16.1 24 | imagePullPolicy: "IfNotPresent" 25 | args: 26 | - --config.file=/alertmanager/config.yml 27 | - --storage.path=/alertmanager 28 | - --log.level=debug 29 | ports: 30 | - name: alertmanager 31 | containerPort: 9093 32 | volumeMounts: 33 | - name: config-volume 34 | # mountPath: /alertmanager/ 35 | mountPath: /etc/alertmanager 36 | env: 37 | - name: GMAIL 38 | valueFrom: 39 | secretKeyRef: 40 | name: email-auth 41 | key: PASSWD 42 | command: ['/bin/sh', '/etc/alertmanager/configure_secret.sh'] 43 | volumes: 44 | - name: config-volume 45 | #secret: 46 | # secretName: alertmanager 47 | configMap: 48 | name: alertmanager 49 | - name: gmail 50 | secret: 51 | secretName: email-auth 52 | nodeSelector: 53 | beta.kubernetes.io/os: linux 54 | node-role.kubernetes.io/master: "" #make pods run on only master 55 | 56 | -------------------------------------------------------------------------------- /manifests-alerting/alertmanager-secret.yaml: -------------------------------------------------------------------------------- 1 | kind: Secret 2 | apiVersion: v1 3 | metadata: 4 | name: alertmanager 5 | namespace: monitoring 6 | stringData: 7 | config.yml: |- 8 | global: 9 | slack_api_url: SLACK_URL 10 | route: 11 | group_by: [Alertname] 12 | receiver: slack-notifications 13 | receivers: 14 | - name: 'slack-notifications' 15 | slack_configs: 16 | - channel: '#monitor' 17 | 18 | -------------------------------------------------------------------------------- /manifests-alerting/alertmanager-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | prometheus.io/scrape: 'true' 6 | prometheus.io/path: '/alertmanager/metrics' 7 | labels: 8 | name: alertmanager 9 | name: alertmanager 10 | namespace: monitoring 11 | spec: 12 | selector: 13 | app: alertmanager 14 | ports: 15 | - name: alertmanager 16 | protocol: TCP 17 | port: 9093 18 | targetPort: 9093 19 | -------------------------------------------------------------------------------- /manifests-alerting/istio-metrics.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.istio.io/v1alpha2 2 | kind: instance 3 | metadata: 4 | name: requestduration 5 | namespace: istio-system 6 | spec: 7 | compiledTemplate: metric 8 | params: 9 | value: response.duration | "0ms" 10 | dimensions: 11 | destination_service: destination.service.host | "unknown" 12 | destination_version: destination.labels["version"] | "unknown" 13 | response_code: response.code | 200 14 | monitored_resource_type: '"UNSPECIFIED"' 15 | --- 16 | # Configuration for metric instances 17 | apiVersion: config.istio.io/v1alpha2 18 | kind: instance 19 | metadata: 20 | name: doublerequestcount 21 | namespace: istio-system 22 | spec: 23 | compiledTemplate: metric 24 | params: 25 | value: "2" # count each request twice 26 | dimensions: 27 | reporter: conditional((context.reporter.kind | "inbound") == "outbound", "client", "server") 28 | source: source.workload.name | "unknown" 29 | destination: destination.workload.name | "unknown" 30 | message: '"twice the fun!"' 31 | monitored_resource_type: '"UNSPECIFIED"' 32 | --- 33 | # Configuration for a Prometheus handler 34 | apiVersion: config.istio.io/v1alpha2 35 | kind: handler 36 | metadata: 37 | name: doublehandler 38 | namespace: istio-system 39 | spec: 40 | compiledAdapter: prometheus 41 | params: 42 | metrics: 43 | - name: double_request_count # Prometheus metric name 44 | instance_name: doublerequestcount.instance.istio-system # Mixer instance name (fully-qualified) 45 | kind: COUNTER 46 | label_names: 47 | - reporter 48 | - source 49 | - destination 50 | - message 51 | - name: double_request_duration 52 | instance_name: requestduration.instance.istio-system 53 | kind: DISTRIBUTION 54 | label_names: 55 | - destination_service 56 | - destination_version 57 | - response_code 58 | --- 59 | # Rule to send metric instances to a Prometheus handler 60 | apiVersion: config.istio.io/v1alpha2 61 | kind: rule 62 | metadata: 63 | name: doubleprom 64 | namespace: istio-system 65 | spec: 66 | actions: 67 | - handler: doublehandler 68 | instances: [ requestduration ] 69 | -------------------------------------------------------------------------------- /manifests-jaeger/catalogue-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: catalogue 6 | labels: 7 | name: catalogue 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: catalogue 15 | spec: 16 | containers: 17 | - name: catalogue 18 | image: weaveworksdemos/catalogue:0.3.5 19 | env: 20 | - name: ZIPKIN 21 | value: http://zipkin.jaeger.svc.cluster.local:9411/api/v1/spans 22 | resources: 23 | requests: 24 | cpu: 100m 25 | memory: 200Mi 26 | ports: 27 | - containerPort: 80 28 | securityContext: 29 | runAsNonRoot: true 30 | runAsUser: 10001 31 | capabilities: 32 | drop: 33 | - all 34 | add: 35 | - NET_BIND_SERVICE 36 | readOnlyRootFilesystem: true 37 | livenessProbe: 38 | httpGet: 39 | path: /health 40 | port: 80 41 | initialDelaySeconds: 300 42 | periodSeconds: 3 43 | readinessProbe: 44 | httpGet: 45 | path: /health 46 | port: 80 47 | initialDelaySeconds: 180 48 | periodSeconds: 3 49 | nodeSelector: 50 | beta.kubernetes.io/os: linux 51 | -------------------------------------------------------------------------------- /manifests-jaeger/jaeger-nodeport.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2017 The Jaeger Authors 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | # in compliance with the License. You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software distributed under the License 10 | # is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | # or implied. See the License for the specific language governing permissions and limitations under 12 | # the License. 13 | # 14 | 15 | apiVersion: v1 16 | kind: List 17 | items: 18 | - apiVersion: v1 19 | kind: Namespace 20 | metadata: 21 | name: jaeger 22 | - apiVersion: extensions/v1beta1 23 | kind: Deployment 24 | metadata: 25 | name: jaeger-deployment 26 | namespace: jaeger 27 | labels: 28 | app: jaeger 29 | jaeger-infra: jaeger-deployment 30 | spec: 31 | replicas: 1 32 | strategy: 33 | type: Recreate 34 | template: 35 | metadata: 36 | labels: 37 | app: jaeger 38 | jaeger-infra: jaeger-pod 39 | spec: 40 | containers: 41 | - env: 42 | - name: COLLECTOR_ZIPKIN_HTTP_PORT 43 | value: "9411" 44 | image: jaegertracing/all-in-one 45 | name: jaeger 46 | ports: 47 | - containerPort: 5775 48 | protocol: UDP 49 | - containerPort: 6831 50 | protocol: UDP 51 | - containerPort: 6832 52 | protocol: UDP 53 | - containerPort: 16686 54 | protocol: TCP 55 | - containerPort: 9411 56 | protocol: TCP 57 | readinessProbe: 58 | httpGet: 59 | path: "/" 60 | port: 16686 61 | initialDelaySeconds: 5 62 | - apiVersion: v1 63 | kind: Service 64 | metadata: 65 | name: jaeger-query 66 | namespace: jaeger 67 | labels: 68 | app: jaeger 69 | jaeger-infra: jaeger-service 70 | spec: 71 | ports: 72 | - name: query-http 73 | port: 80 74 | protocol: TCP 75 | targetPort: 16686 76 | selector: 77 | jaeger-infra: jaeger-pod 78 | type: LoadBalancer 79 | - apiVersion: v1 80 | kind: Service 81 | metadata: 82 | name: jaeger-collector 83 | namespace: jaeger 84 | labels: 85 | app: jaeger 86 | jaeger-infra: collector-service 87 | spec: 88 | ports: 89 | - name: jaeger-collector-tchannel 90 | port: 14267 91 | protocol: TCP 92 | targetPort: 14267 93 | - name: jaeger-collector-http 94 | port: 14268 95 | protocol: TCP 96 | targetPort: 14268 97 | - name: jaeger-collector-zipkin 98 | port: 9411 99 | protocol: TCP 100 | targetPort: 9411 101 | selector: 102 | jaeger-infra: jaeger-pod 103 | type: ClusterIP 104 | - apiVersion: v1 105 | kind: Service 106 | metadata: 107 | name: jaeger-agent 108 | namespace: jaeger 109 | labels: 110 | app: jaeger 111 | jaeger-infra: agent-service 112 | spec: 113 | ports: 114 | - name: agent-zipkin-thrift 115 | port: 5775 116 | protocol: UDP 117 | targetPort: 5775 118 | - name: agent-compact 119 | port: 6831 120 | protocol: UDP 121 | targetPort: 6831 122 | - name: agent-binary 123 | port: 6832 124 | protocol: UDP 125 | targetPort: 6832 126 | clusterIP: None 127 | selector: 128 | jaeger-infra: jaeger-pod 129 | - apiVersion: v1 130 | kind: Service 131 | metadata: 132 | name: zipkin 133 | namespace: jaeger 134 | labels: 135 | app: jaeger 136 | jaeger-infra: zipkin-service 137 | spec: 138 | type: NodePort 139 | ports: 140 | - name: jaeger-collector-zipkin 141 | port: 9411 142 | protocol: TCP 143 | targetPort: 9411 144 | nodePort: 30036 145 | # clusterIP: None 146 | selector: 147 | jaeger-infra: jaeger-pod 148 | -------------------------------------------------------------------------------- /manifests-jaeger/jaeger-upgrade.yaml: -------------------------------------------------------------------------------- 1 | # 2 | ## Copyright 2017-2019 The Jaeger Authors 3 | ## 4 | ## Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | ## in compliance with the License. You may obtain a copy of the License at 6 | ## 7 | ## http://www.apache.org/licenses/LICENSE-2.0 8 | ## 9 | ## Unless required by applicable law or agreed to in writing, software distributed under the License 10 | ## is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | ## or implied. See the License for the specific language governing permissions and limitations under 12 | ## the License. 13 | ## 14 | 15 | apiVersion: v1 16 | kind: List 17 | items: 18 | - apiVersion: extensions/v1beta1 19 | kind: Deployment 20 | metadata: 21 | name: jaeger 22 | namespace: jaeger 23 | labels: 24 | app: jaeger 25 | app.kubernetes.io/name: jaeger 26 | app.kubernetes.io/component: all-in-one 27 | spec: 28 | replicas: 1 29 | strategy: 30 | type: Recreate 31 | template: 32 | metadata: 33 | labels: 34 | app: jaeger 35 | app.kubernetes.io/name: jaeger 36 | app.kubernetes.io/component: all-in-one 37 | annotations: 38 | prometheus.io/scrape: "true" 39 | prometheus.io/port: "16686" 40 | spec: 41 | containers: 42 | - env: 43 | - name: COLLECTOR_ZIPKIN_HTTP_PORT 44 | value: "9411" 45 | image: jaegertracing/all-in-one 46 | name: jaeger 47 | ports: 48 | - containerPort: 5775 49 | protocol: UDP 50 | - containerPort: 6831 51 | protocol: UDP 52 | - containerPort: 6832 53 | protocol: UDP 54 | - containerPort: 5778 55 | protocol: TCP 56 | - containerPort: 16686 57 | protocol: TCP 58 | - containerPort: 9411 59 | protocol: TCP 60 | readinessProbe: 61 | httpGet: 62 | path: "/" 63 | port: 14269 64 | initialDelaySeconds: 5 65 | - apiVersion: v1 66 | kind: Service 67 | metadata: 68 | name: jaeger-query 69 | namespace: jaeger 70 | labels: 71 | app: jaeger 72 | app.kubernetes.io/name: jaeger 73 | app.kubernetes.io/component: query 74 | spec: 75 | ports: 76 | - name: query-http 77 | port: 80 78 | protocol: TCP 79 | targetPort: 16686 80 | selector: 81 | app.kubernetes.io/name: jaeger 82 | app.kubernetes.io/component: all-in-one 83 | type: LoadBalancer 84 | - apiVersion: v1 85 | kind: Service 86 | metadata: 87 | name: jaeger-collector 88 | namespace: jaeger 89 | labels: 90 | app: jaeger 91 | app.kubernetes.io/name: jaeger 92 | app.kubernetes.io/component: collector 93 | spec: 94 | ports: 95 | - name: jaeger-collector-tchannel 96 | port: 14267 97 | protocol: TCP 98 | targetPort: 14267 99 | - name: jaeger-collector-http 100 | port: 14268 101 | protocol: TCP 102 | targetPort: 14268 103 | - name: jaeger-collector-zipkin 104 | port: 9411 105 | protocol: TCP 106 | targetPort: 9411 107 | selector: 108 | app.kubernetes.io/name: jaeger 109 | app.kubernetes.io/component: all-in-one 110 | type: ClusterIP 111 | - apiVersion: v1 112 | kind: Service 113 | metadata: 114 | name: jaeger-agent 115 | namespace: jaeger 116 | labels: 117 | app: jaeger 118 | app.kubernetes.io/name: jaeger 119 | app.kubernetes.io/component: agent 120 | spec: 121 | ports: 122 | - name: agent-zipkin-thrift 123 | port: 5775 124 | protocol: UDP 125 | targetPort: 5775 126 | - name: agent-compact 127 | port: 6831 128 | protocol: UDP 129 | targetPort: 6831 130 | - name: agent-binary 131 | port: 6832 132 | protocol: UDP 133 | targetPort: 6832 134 | - name: agent-configs 135 | port: 5778 136 | protocol: TCP 137 | targetPort: 5778 138 | clusterIP: None 139 | selector: 140 | app.kubernetes.io/name: jaeger 141 | app.kubernetes.io/component: all-in-one 142 | - apiVersion: v1 143 | kind: Service 144 | metadata: 145 | name: zipkin 146 | namespace: jaeger 147 | labels: 148 | app: jaeger 149 | app.kubernetes.io/name: jaeger 150 | app.kubernetes.io/component: zipkin 151 | spec: 152 | type: NodePort 153 | ports: 154 | - protocol: TCP 155 | targetPort: 9411 156 | port: 9411 157 | nodePort: 30036 158 | selector: 159 | app.kubernetes.io/name: jaeger 160 | app.kubernetes.io/component: all-in-one 161 | -------------------------------------------------------------------------------- /manifests-jaeger/jaeger.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2017 The Jaeger Authors 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | # in compliance with the License. You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software distributed under the License 10 | # is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | # or implied. See the License for the specific language governing permissions and limitations under 12 | # the License. 13 | # 14 | 15 | apiVersion: v1 16 | kind: List 17 | items: 18 | - apiVersion: v1 19 | kind: Namespace 20 | metadata: 21 | name: jaeger 22 | - apiVersion: extensions/v1beta1 23 | kind: Deployment 24 | metadata: 25 | name: jaeger-deployment 26 | namespace: jaeger 27 | labels: 28 | app: jaeger 29 | jaeger-infra: jaeger-deployment 30 | spec: 31 | replicas: 1 32 | strategy: 33 | type: Recreate 34 | template: 35 | metadata: 36 | labels: 37 | app: jaeger 38 | jaeger-infra: jaeger-pod 39 | spec: 40 | containers: 41 | - env: 42 | - name: COLLECTOR_ZIPKIN_HTTP_PORT 43 | value: "9411" 44 | image: jaegertracing/all-in-one 45 | name: jaeger 46 | ports: 47 | - containerPort: 5775 48 | protocol: UDP 49 | - containerPort: 6831 50 | protocol: UDP 51 | - containerPort: 6832 52 | protocol: UDP 53 | - containerPort: 16686 54 | protocol: TCP 55 | - containerPort: 9411 56 | protocol: TCP 57 | readinessProbe: 58 | httpGet: 59 | path: "/" 60 | port: 16686 61 | initialDelaySeconds: 5 62 | - apiVersion: v1 63 | kind: Service 64 | metadata: 65 | name: jaeger-query 66 | namespace: jaeger 67 | labels: 68 | app: jaeger 69 | jaeger-infra: jaeger-service 70 | spec: 71 | ports: 72 | - name: query-http 73 | port: 80 74 | protocol: TCP 75 | targetPort: 16686 76 | selector: 77 | jaeger-infra: jaeger-pod 78 | type: LoadBalancer 79 | - apiVersion: v1 80 | kind: Service 81 | metadata: 82 | name: jaeger-collector 83 | namespace: jaeger 84 | labels: 85 | app: jaeger 86 | jaeger-infra: collector-service 87 | spec: 88 | ports: 89 | - name: jaeger-collector-tchannel 90 | port: 14267 91 | protocol: TCP 92 | targetPort: 14267 93 | - name: jaeger-collector-http 94 | port: 14268 95 | protocol: TCP 96 | targetPort: 14268 97 | - name: jaeger-collector-zipkin 98 | port: 9411 99 | protocol: TCP 100 | targetPort: 9411 101 | selector: 102 | jaeger-infra: jaeger-pod 103 | type: ClusterIP 104 | - apiVersion: v1 105 | kind: Service 106 | metadata: 107 | name: jaeger-agent 108 | namespace: jaeger 109 | labels: 110 | app: jaeger 111 | jaeger-infra: agent-service 112 | spec: 113 | ports: 114 | - name: agent-zipkin-thrift 115 | port: 5775 116 | protocol: UDP 117 | targetPort: 5775 118 | - name: agent-compact 119 | port: 6831 120 | protocol: UDP 121 | targetPort: 6831 122 | - name: agent-binary 123 | port: 6832 124 | protocol: UDP 125 | targetPort: 6832 126 | clusterIP: None 127 | selector: 128 | jaeger-infra: jaeger-pod 129 | - apiVersion: v1 130 | kind: Service 131 | metadata: 132 | name: zipkin 133 | namespace: jaeger 134 | labels: 135 | app: jaeger 136 | jaeger-infra: zipkin-service 137 | spec: 138 | ports: 139 | - name: jaeger-collector-zipkin 140 | port: 9411 141 | protocol: TCP 142 | targetPort: 9411 143 | clusterIP: None 144 | selector: 145 | jaeger-infra: jaeger-pod 146 | -------------------------------------------------------------------------------- /manifests-jaeger/payment-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: payment 6 | labels: 7 | name: payment 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: payment 15 | spec: 16 | containers: 17 | - name: payment 18 | image: weaveworksdemos/payment:0.4.3 19 | resources: 20 | requests: 21 | cpu: 100m 22 | memory: 100Mi 23 | ports: 24 | - containerPort: 80 25 | env: 26 | - name: ZIPKIN 27 | value: http://zipkin.jaeger.svc.cluster.local:9411/api/v1/spans 28 | securityContext: 29 | runAsNonRoot: true 30 | runAsUser: 10001 31 | capabilities: 32 | drop: 33 | - all 34 | add: 35 | - NET_BIND_SERVICE 36 | readOnlyRootFilesystem: true 37 | livenessProbe: 38 | httpGet: 39 | path: /health 40 | port: 80 41 | initialDelaySeconds: 300 42 | periodSeconds: 3 43 | readinessProbe: 44 | httpGet: 45 | path: /health 46 | port: 80 47 | initialDelaySeconds: 180 48 | periodSeconds: 3 49 | nodeSelector: 50 | beta.kubernetes.io/os: linux 51 | -------------------------------------------------------------------------------- /manifests-jaeger/user-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: user 6 | labels: 7 | name: user 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: user 15 | spec: 16 | containers: 17 | - name: user 18 | image: weaveworksdemos/user:0.4.7 19 | resources: 20 | requests: 21 | cpu: 100m 22 | memory: 100Mi 23 | ports: 24 | - containerPort: 80 25 | env: 26 | - name: MONGO_HOST 27 | value: user-db:27017 28 | - name: ZIPKIN 29 | value: http://zipkin.jaeger.svc.cluster.local:9411/api/v1/spans 30 | securityContext: 31 | runAsNonRoot: true 32 | runAsUser: 10001 33 | capabilities: 34 | drop: 35 | - all 36 | add: 37 | - NET_BIND_SERVICE 38 | readOnlyRootFilesystem: true 39 | livenessProbe: 40 | httpGet: 41 | path: /health 42 | port: 80 43 | initialDelaySeconds: 300 44 | periodSeconds: 3 45 | readinessProbe: 46 | httpGet: 47 | path: /health 48 | port: 80 49 | initialDelaySeconds: 180 50 | periodSeconds: 3 51 | nodeSelector: 52 | beta.kubernetes.io/os: linux 53 | -------------------------------------------------------------------------------- /manifests-logging/elasticsearch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: elasticsearch 6 | labels: 7 | name: elasticsearch 8 | namespace: kube-system 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: elasticsearch 15 | spec: 16 | containers: 17 | - image: elasticsearch 18 | name: elasticsearch 19 | ports: 20 | - name: elasticsearch 21 | containerPort: 9200 22 | nodeSelector: 23 | beta.kubernetes.io/os: linux 24 | --- 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: elasticsearch 29 | labels: 30 | name: elasticsearch 31 | namespace: kube-system 32 | spec: 33 | ports: 34 | - port: 9200 35 | targetPort: 9200 36 | selector: 37 | name: elasticsearch 38 | -------------------------------------------------------------------------------- /manifests-logging/fluentd-cr.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1beta1 3 | kind: ClusterRole 4 | metadata: 5 | name: fluentd 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - pods 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | -------------------------------------------------------------------------------- /manifests-logging/fluentd-crb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1beta1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: fluentd 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: fluentd 10 | subjects: 11 | - kind: ServiceAccount 12 | name: fluentd 13 | namespace: kube-system 14 | -------------------------------------------------------------------------------- /manifests-logging/fluentd-daemon.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: DaemonSet 4 | metadata: 5 | name: fluentd 6 | labels: 7 | tier: monitoring 8 | name: fluentd 9 | namespace: kube-system 10 | spec: 11 | selector: 12 | matchLabels: 13 | name: fluentd 14 | template: 15 | metadata: 16 | labels: 17 | name: fluentd 18 | spec: 19 | serviceAccountName: fluentd 20 | containers: 21 | - image: weaveworksdemos/log-server 22 | name: fluentd 23 | env: 24 | - name: FLUENTD_CONF 25 | value: elk.conf 26 | volumeMounts: 27 | - name: varlibdockercontainers 28 | mountPath: /var/lib/docker/containers 29 | readOnly: true 30 | volumes: 31 | - name: varlibdockercontainers 32 | hostPath: 33 | path: /var/lib/docker/containers 34 | nodeSelector: 35 | beta.kubernetes.io/os: linux 36 | -------------------------------------------------------------------------------- /manifests-logging/fluentd-sa.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: fluentd 6 | namespace: kube-system 7 | -------------------------------------------------------------------------------- /manifests-logging/kibana.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: kibana 6 | labels: 7 | name: kibana 8 | namespace: kube-system 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: kibana 15 | spec: 16 | containers: 17 | - image: kibana 18 | name: kibana 19 | ports: 20 | - name: kibana 21 | containerPort: 5601 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: kibana 27 | labels: 28 | name: kibana 29 | namespace: kube-system 30 | spec: 31 | type: NodePort 32 | ports: 33 | - port: 5601 34 | targetPort: 5601 35 | nodePort: 31601 36 | selector: 37 | name: kibana 38 | -------------------------------------------------------------------------------- /manifests-monitoring/grafana-dep.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: grafana-core 5 | namespace: monitoring 6 | labels: 7 | app: grafana 8 | component: core 9 | spec: 10 | selector: 11 | matchLabels: 12 | app: grafana 13 | component: core 14 | replicas: 1 15 | template: 16 | metadata: 17 | labels: 18 | app: grafana 19 | component: core 20 | spec: 21 | tolerations: #make pods run on only master 22 | - effect: NoSchedule 23 | key: node-role.kubernetes.io/master 24 | # Important part - Begin 25 | initContainers: 26 | - name: init-chown-data 27 | image: busybox 28 | imagePullPolicy: IfNotPresent 29 | command: ["chown", "-R", "472:472", "/data"] 30 | volumeMounts: 31 | - mountPath: /data 32 | name: grafana-persistent-storage 33 | containers: 34 | - image: grafana/grafana:6.2.0 35 | name: grafana-core 36 | imagePullPolicy: IfNotPresent 37 | # env: 38 | resources: 39 | # keep request = limit to keep this container in guaranteed class 40 | limits: 41 | cpu: 100m 42 | memory: 100Mi 43 | requests: 44 | cpu: 100m 45 | memory: 100Mi 46 | env: 47 | # The following env variables set up basic auth twith the default admin user and admin password. 48 | - name: GF_AUTH_BASIC_ENABLED 49 | value: "true" 50 | - name: GF_AUTH_ANONYMOUS_ENABLED 51 | value: "false" 52 | # - name: GF_AUTH_ANONYMOUS_ORG_ROLE 53 | # value: Admin 54 | # does not really work, because of template variables in exported dashboards: 55 | # - name: GF_DASHBOARDS_JSON_ENABLED 56 | # value: "true" 57 | # readinessProbe: 58 | # httpGet: 59 | # path: /login 60 | # port: 3000 61 | # initialDelaySeconds: 30 62 | # timeoutSeconds: 1 63 | volumeMounts: 64 | - name: grafana-persistent-storage 65 | mountPath: /var/lib/grafana 66 | - name: config-volume 67 | mountPath: /usr/share/grafana/conf 68 | volumes: 69 | - name: grafana-persistent-storage 70 | persistentVolumeClaim: 71 | claimName: grafana-claim 72 | - name: config-volume 73 | configMap: 74 | name: grafana-alert-config 75 | nodeSelector: 76 | beta.kubernetes.io/os: linux 77 | node-role.kubernetes.io/master: "" #make pods run on only master 78 | -------------------------------------------------------------------------------- /manifests-monitoring/grafana-import-dash-batch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: grafana-import-dashboards 5 | namespace: monitoring 6 | labels: 7 | app: grafana 8 | component: import-dashboards 9 | spec: 10 | template: 11 | metadata: 12 | name: grafana-import-dashboards 13 | labels: 14 | app: grafana 15 | component: import-dashboards 16 | annotations: 17 | pod.beta.kubernetes.io/init-containers: '[ 18 | { 19 | "name": "wait-for-endpoints", 20 | "image": "giantswarm/tiny-tools", 21 | "imagePullPolicy": "IfNotPresent", 22 | "command": ["fish", "-c", "echo \"waiting for endpoints...\"; while true; set endpoints (curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt --header \"Authorization: Bearer \"(cat /var/run/secrets/kubernetes.io/serviceaccount/token) https://kubernetes.default.svc/api/v1/namespaces/monitoring/endpoints/grafana); echo $endpoints | jq \".\"; if test (echo $endpoints | jq -r \".subsets[].addresses | length\") -gt 0; exit 0; end; echo \"waiting...\";sleep 1; end"], 23 | "args": ["monitoring", "grafana"] 24 | } 25 | ]' 26 | spec: 27 | containers: 28 | - name: grafana-import-dashboards 29 | image: giantswarm/tiny-tools 30 | command: ["/bin/sh", "-c"] 31 | workingDir: /opt/grafana-import-dashboards 32 | args: 33 | - > 34 | for file in *-datasource.json ; do 35 | if [ -e "$file" ] ; then 36 | echo "importing $file" && 37 | curl --silent --fail --show-error \ 38 | --request POST http://admin:admin@grafana/api/datasources \ 39 | --header "Content-Type: application/json" \ 40 | --header "Accept: application/json" \ 41 | --data-binary "@$file" ; 42 | echo "" ; 43 | fi 44 | done ; 45 | for file in *-dashboard.json ; do 46 | if [ -e "$file" ] ; then 47 | echo "importing $file" && 48 | curl --silent --fail --show-error \ 49 | --request POST http://admin:admin@grafana/api/dashboards/import \ 50 | --header "Content-Type: application/json" \ 51 | --header "Accept: application/json" \ 52 | --data-binary "@$file" ; 53 | echo "" ; 54 | fi 55 | done ; 56 | volumeMounts: 57 | - name: config-volume 58 | mountPath: /opt/grafana-import-dashboards 59 | restartPolicy: Never 60 | volumes: 61 | - name: config-volume 62 | configMap: 63 | name: grafana-import-dashboards 64 | -------------------------------------------------------------------------------- /manifests-monitoring/grafana-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: grafana 5 | namespace: monitoring 6 | labels: 7 | app: grafana 8 | component: core 9 | spec: 10 | type: NodePort 11 | ports: 12 | - protocol: TCP 13 | port: 80 14 | targetPort: 3000 15 | nodePort: 31300 16 | selector: 17 | app: grafana 18 | component: core 19 | -------------------------------------------------------------------------------- /manifests-monitoring/kube-state-metrics/kube-state-metrics-cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: kube-state-metrics 5 | rules: 6 | - apiGroups: [""] 7 | resources: 8 | - configmaps 9 | - secrets 10 | - nodes 11 | - pods 12 | - services 13 | - resourcequotas 14 | - replicationcontrollers 15 | - limitranges 16 | - persistentvolumeclaims 17 | - persistentvolumes 18 | - namespaces 19 | - endpoints 20 | verbs: ["list", "watch"] 21 | - apiGroups: ["extensions"] 22 | resources: 23 | - daemonsets 24 | - deployments 25 | - replicasets 26 | - ingresses 27 | verbs: ["list", "watch"] 28 | - apiGroups: ["apps"] 29 | resources: 30 | - daemonsets 31 | - deployments 32 | - replicasets 33 | - statefulsets 34 | verbs: ["list", "watch"] 35 | - apiGroups: ["batch"] 36 | resources: 37 | - cronjobs 38 | - jobs 39 | verbs: ["list", "watch"] 40 | - apiGroups: ["autoscaling"] 41 | resources: 42 | - horizontalpodautoscalers 43 | verbs: ["list", "watch"] 44 | - apiGroups: ["policy"] 45 | resources: 46 | - poddisruptionbudgets 47 | verbs: ["list", "watch"] 48 | - apiGroups: ["certificates.k8s.io"] 49 | resources: 50 | - certificatesigningrequests 51 | verbs: ["list", "watch"] 52 | - apiGroups: ["storage.k8s.io"] 53 | resources: 54 | - storageclasses 55 | verbs: ["list", "watch"] 56 | 57 | -------------------------------------------------------------------------------- /manifests-monitoring/kube-state-metrics/kube-state-metrics-crb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: kube-state-metrics 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: kube-state-metrics 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kube-state-metrics 12 | namespace: kube-system 13 | -------------------------------------------------------------------------------- /manifests-monitoring/kube-state-metrics/kube-state-metrics-dep.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | k8s-app: kube-state-metrics 6 | name: kube-state-metrics 7 | namespace: kube-system 8 | spec: 9 | selector: 10 | matchLabels: 11 | k8s-app: kube-state-metrics 12 | replicas: 1 13 | template: 14 | metadata: 15 | labels: 16 | k8s-app: kube-state-metrics 17 | spec: 18 | serviceAccountName: kube-state-metrics 19 | containers: 20 | - name: kube-state-metrics 21 | image: quay.io/coreos/kube-state-metrics:v1.6.0 22 | ports: 23 | - name: http-metrics 24 | containerPort: 8080 25 | - name: telemetry 26 | containerPort: 8081 27 | readinessProbe: 28 | httpGet: 29 | path: /healthz 30 | port: 8080 31 | initialDelaySeconds: 5 32 | timeoutSeconds: 5 33 | -------------------------------------------------------------------------------- /manifests-monitoring/kube-state-metrics/kube-state-metrics-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: kube-state-metrics 5 | namespace: kube-system 6 | -------------------------------------------------------------------------------- /manifests-monitoring/kube-state-metrics/kube-state-metrics-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kube-state-metrics 5 | namespace: kube-system 6 | labels: 7 | k8s-app: kube-state-metrics 8 | annotations: 9 | prometheus.io/scrape: 'true' 10 | spec: 11 | ports: 12 | - name: http-metrics 13 | port: 8080 14 | targetPort: http-metrics 15 | protocol: TCP 16 | - name: telemetry 17 | port: 8081 18 | targetPort: telemetry 19 | protocol: TCP 20 | selector: 21 | k8s-app: kube-state-metrics 22 | -------------------------------------------------------------------------------- /manifests-monitoring/monitoring-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: monitoring 5 | -------------------------------------------------------------------------------- /manifests-monitoring/node-exporter/node-exporter-cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: node-exporter 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /manifests-monitoring/node-exporter/node-exporter-crb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: node-exporter 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: node-exporter 9 | subjects: 10 | - kind: ServiceAccount 11 | name: node-exporter 12 | namespace: kube-system 13 | -------------------------------------------------------------------------------- /manifests-monitoring/node-exporter/node-exporter-ds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: node-exporter 5 | namespace: kube-system 6 | labels: 7 | k8s-app: node-exporter 8 | kubernetes.io/cluster-service: "false" 9 | addonmanager.kubernetes.io/mode: Reconcile 10 | version: v0.17.0 11 | annotations: 12 | k8s-app: node-exporter 13 | spec: 14 | selector: 15 | matchLabels: 16 | k8s-app: node-exporter 17 | version: v0.17.0 18 | updateStrategy: 19 | type: OnDelete 20 | template: 21 | metadata: 22 | labels: 23 | k8s-app: node-exporter 24 | version: v0.17.0 25 | annotations: 26 | scheduler.alpha.kubernetes.io/critical-pod: '' 27 | spec: 28 | priorityClassName: system-node-critical 29 | containers: 30 | - name: prometheus-node-exporter 31 | image: quay.io/prometheus/node-exporter:v0.17.0 32 | imagePullPolicy: "IfNotPresent" 33 | args: 34 | - --path.procfs=/host/proc 35 | - --path.sysfs=/host/sys 36 | ports: 37 | - name: metrics 38 | containerPort: 9100 39 | hostPort: 9100 40 | volumeMounts: 41 | - name: proc 42 | mountPath: /host/proc 43 | readOnly: true 44 | - name: sys 45 | mountPath: /host/sys 46 | readOnly: true 47 | resources: 48 | limits: 49 | cpu: 10m 50 | memory: 50Mi 51 | requests: 52 | cpu: 10m 53 | memory: 50Mi 54 | hostPID: true 55 | volumes: 56 | - name: proc 57 | hostPath: 58 | path: /proc 59 | - name: sys 60 | hostPath: 61 | path: /sys 62 | -------------------------------------------------------------------------------- /manifests-monitoring/node-exporter/node-exporter-master-dep.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: node-exporter-master 5 | namespace: kube-system 6 | annotations: 7 | k8s-app: node-exporter-master 8 | spec: 9 | replicas: 1 10 | strategy: 11 | rollingUpdate: 12 | maxSurge: 0 13 | maxUnavailable: 1 14 | type: RollingUpdate 15 | selector: 16 | matchLabels: 17 | k8s-app: node-exporter-master 18 | version: v0.17.0 19 | template: 20 | metadata: 21 | labels: 22 | k8s-app: node-exporter-master 23 | version: v0.17.0 24 | spec: 25 | tolerations: 26 | - effect: NoSchedule 27 | key: node-role.kubernetes.io/master 28 | serviceAccount: node-exporter 29 | containers: 30 | - name: prometheus-node-exporter 31 | image: quay.io/prometheus/node-exporter:v0.17.0 32 | imagePullPolicy: "IfNotPresent" 33 | args: 34 | - --path.procfs=/host/proc 35 | - --path.sysfs=/host/sys 36 | ports: 37 | - name: metrics 38 | containerPort: 9100 39 | hostPort: 9100 40 | volumeMounts: 41 | - name: proc 42 | mountPath: /host/proc 43 | readOnly: true 44 | - name: sys 45 | mountPath: /host/sys 46 | readOnly: true 47 | resources: 48 | limits: 49 | cpu: 10m 50 | memory: 50Mi 51 | requests: 52 | cpu: 10m 53 | memory: 50Mi 54 | hostPID: true 55 | volumes: 56 | - name: proc 57 | hostPath: 58 | path: /proc 59 | - name: sys 60 | hostPath: 61 | path: /sys 62 | nodeSelector: 63 | beta.kubernetes.io/os: linux 64 | node-role.kubernetes.io/master: "" 65 | # hostNetwork: true 66 | 67 | -------------------------------------------------------------------------------- /manifests-monitoring/node-exporter/node-exporter-master-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: node-exporter-master 5 | namespace: kube-system 6 | annotations: 7 | prometheus.io/scrape: "true" 8 | k8s-app: "node-exporter" 9 | labels: 10 | kubernetes.io/cluster-service: "false" 11 | addonmanager.kubernetes.io/mode: Reconcile 12 | kubernetes.io/name: "NodeExporter" 13 | k8s-app: "node-exporter" 14 | node-exporter: "master" 15 | spec: 16 | ports: 17 | - name: metrics 18 | port: 9100 19 | protocol: TCP 20 | targetPort: 9100 21 | selector: 22 | k8s-app: node-exporter-master 23 | -------------------------------------------------------------------------------- /manifests-monitoring/node-exporter/node-exporter-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: node-exporter 5 | namespace: kube-system 6 | -------------------------------------------------------------------------------- /manifests-monitoring/node-exporter/node-exporter-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: node-exporter 5 | namespace: kube-system 6 | annotations: 7 | prometheus.io/scrape: "true" 8 | labels: 9 | kubernetes.io/cluster-service: "false" 10 | addonmanager.kubernetes.io/mode: Reconcile 11 | kubernetes.io/name: "NodeExporter" 12 | k8s-app: node-exporter 13 | spec: 14 | ports: 15 | - name: metrics 16 | port: 9100 17 | protocol: TCP 18 | targetPort: 9100 19 | selector: 20 | k8s-app: node-exporter 21 | -------------------------------------------------------------------------------- /manifests-monitoring/prometheus-cr.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1beta1 3 | kind: ClusterRole 4 | metadata: 5 | name: prometheus 6 | labels: 7 | app: prometheus 8 | rules: 9 | - apiGroups: [""] # "" indicates the core API group 10 | resources: 11 | - nodes 12 | - nodes/proxy 13 | - services 14 | - endpoints 15 | - pods 16 | verbs: 17 | - get 18 | - list 19 | - watch 20 | - nonResourceURLs: 21 | - /metrics 22 | verbs: 23 | - get 24 | -------------------------------------------------------------------------------- /manifests-monitoring/prometheus-crb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1beta1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: prometheus 6 | labels: 7 | app: prometheus 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: prometheus 12 | subjects: 13 | - kind: ServiceAccount 14 | name: prometheus 15 | namespace: monitoring 16 | -------------------------------------------------------------------------------- /manifests-monitoring/prometheus-dep.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: prometheus-deployment 5 | namespace: monitoring 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: prometheus 10 | replicas: 1 11 | strategy: 12 | rollingUpdate: 13 | maxSurge: 0 14 | maxUnavailable: 1 15 | type: RollingUpdate 16 | selector: 17 | matchLabels: 18 | app: prometheus 19 | template: 20 | metadata: 21 | name: prometheus 22 | labels: 23 | app: prometheus 24 | spec: 25 | tolerations: 26 | - effect: NoSchedule 27 | key: node-role.kubernetes.io/master 28 | serviceAccount: prometheus 29 | containers: 30 | - name: prometheus 31 | image: prom/prometheus:v2.9.2 32 | args: 33 | - --storage.tsdb.retention.time=360h 34 | - --storage.tsdb.retention.size=512MB 35 | - --config.file=/etc/config/prometheus.yml 36 | - --storage.tsdb.path=/prometheus/data 37 | ports: 38 | - name: web 39 | containerPort: 9090 40 | volumeMounts: 41 | - name: config-volume 42 | mountPath: /etc/config 43 | - name: prometheus-storage 44 | mountPath: /prometheus/data 45 | - name: rules-volume 46 | mountPath: /prometheus/data/alert_rules 47 | volumes: 48 | - name: config-volume 49 | configMap: 50 | name: prometheus-configmap 51 | - name: rules-volume 52 | configMap: 53 | name: prometheus-alertrules 54 | - name: prometheus-storage 55 | persistentVolumeClaim: 56 | claimName: prometheus-claim 57 | nodeSelector: 58 | beta.kubernetes.io/os: linux 59 | node-role.kubernetes.io/master: "" 60 | -------------------------------------------------------------------------------- /manifests-monitoring/prometheus-exporter-disk-usage-ds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: node-directory-size-metrics 5 | namespace: monitoring 6 | annotations: 7 | description: | 8 | This `DaemonSet` provides metrics in Prometheus format about disk usage on the nodes. 9 | The container `read-du` reads in sizes of all directories below /mnt and writes that to `/tmp/metrics`. It only reports directories larger then `100M` for now. 10 | The other container `caddy` just hands out the contents of that file on request via `http` on `/metrics` at port `9102` which are the defaults for Prometheus. 11 | These are scheduled on every node in the Kubernetes cluster. 12 | To choose directories from the node to check, just mount them on the `read-du` container below `/mnt`. 13 | spec: 14 | selector: 15 | matchLabels: 16 | app: node-directory-size-metrics 17 | template: 18 | metadata: 19 | labels: 20 | app: node-directory-size-metrics 21 | annotations: 22 | prometheus.io/scrape: 'true' 23 | prometheus.io/port: '9102' 24 | description: | 25 | This `Pod` provides metrics in Prometheus format about disk usage on the node. 26 | The container `read-du` reads in sizes of all directories below /mnt and writes that to `/tmp/metrics`. It only reports directories larger then `100M` for now. 27 | The other container `caddy` just hands out the contents of that file on request on `/metrics` at port `9102` which are the defaults for Prometheus. 28 | This `Pod` is scheduled on every node in the Kubernetes cluster. 29 | To choose directories from the node to check just mount them on `read-du` below `/mnt`. 30 | spec: 31 | containers: 32 | - name: read-du 33 | image: giantswarm/tiny-tools 34 | imagePullPolicy: Always 35 | # FIXME threshold via env var 36 | # The 37 | command: 38 | - fish 39 | - --command 40 | - | 41 | while true 42 | for directory in (du --bytes --separate-dirs --threshold=100M /mnt) 43 | echo $directory | read size path 44 | echo "node_directory_size_bytes{path=\"$path\"} $size" \ 45 | >> /tmp/metrics-temp 46 | end 47 | mv /tmp/metrics-temp /tmp/metrics 48 | sleep 300 49 | end 50 | volumeMounts: 51 | - name: host-fs-var 52 | mountPath: /mnt/var 53 | readOnly: true 54 | - name: metrics 55 | mountPath: /tmp 56 | - name: caddy 57 | image: dockermuenster/caddy:0.9.3 58 | command: 59 | - "caddy" 60 | - "-port=9102" 61 | - "-root=/var/www" 62 | ports: 63 | - containerPort: 9102 64 | volumeMounts: 65 | - name: metrics 66 | mountPath: /var/www 67 | volumes: 68 | - name: host-fs-var 69 | hostPath: 70 | path: /var 71 | - name: metrics 72 | emptyDir: 73 | medium: Memory 74 | -------------------------------------------------------------------------------- /manifests-monitoring/prometheus-sa.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: prometheus 6 | namespace: monitoring 7 | labels: 8 | app: prometheus 9 | -------------------------------------------------------------------------------- /manifests-monitoring/prometheus-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | prometheus.io/scrape: 'true' 6 | labels: 7 | name: prometheus 8 | name: prometheus 9 | namespace: monitoring 10 | spec: 11 | selector: 12 | app: prometheus 13 | type: NodePort 14 | ports: 15 | - name: prometheus 16 | protocol: TCP 17 | port: 9090 18 | targetPort: 9090 19 | nodePort: 31090 20 | -------------------------------------------------------------------------------- /manifests-policy/netpol-cart-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: cart-access 6 | namespace: sock-shop 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | name: cart 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | name: front-end 16 | - podSelector: 17 | matchLabels: 18 | name: orders 19 | ports: 20 | - protocol: TCP 21 | port: 80 22 | -------------------------------------------------------------------------------- /manifests-policy/netpol-cart-db-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: carts-db-access 6 | namespace: sock-shop 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | name: carts-db 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | name: cart 16 | ports: 17 | - protocol: TCP 18 | port: 27017 19 | 20 | -------------------------------------------------------------------------------- /manifests-policy/netpol-catalogue-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: catalogue-access 6 | namespace: sock-shop 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | name: catalogue 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | name: front-end 16 | ports: 17 | - protocol: TCP 18 | port: 80 19 | -------------------------------------------------------------------------------- /manifests-policy/netpol-catalogue-db-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: catalogue-db-access 6 | namespace: sock-shop 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | name: catalogue-db 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | name: catalogue 16 | ports: 17 | - protocol: TCP 18 | port: 3306 19 | -------------------------------------------------------------------------------- /manifests-policy/netpol-cortex-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: cortex-access 6 | namespace: sock-shop 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | ingress: 11 | - from: 12 | - podSelector: 13 | matchLabels: 14 | name: cortex 15 | -------------------------------------------------------------------------------- /manifests-policy/netpol-default-deny.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Namespace 3 | apiVersion: v1 4 | metadata: 5 | name: sock-shop 6 | annotations: 7 | net.beta.kubernetes.io/network-policy: | 8 | { 9 | "ingress": { 10 | "isolation": "DefaultDeny" 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /manifests-policy/netpol-frontend-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: front-end-access 6 | namespace: sock-shop 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | name: front-end 11 | ingress: 12 | - ports: 13 | - protocol: TCP 14 | port: 8079 15 | -------------------------------------------------------------------------------- /manifests-policy/netpol-orders-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: orders-access 6 | namespace: sock-shop 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | name: orders 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | name: front-end 16 | ports: 17 | - protocol: TCP 18 | port: 80 19 | -------------------------------------------------------------------------------- /manifests-policy/netpol-orders-db-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: orders-db-access 6 | namespace: sock-shop 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | name: orders-db 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | name: orders 16 | ports: 17 | - protocol: TCP 18 | port: 27017 19 | -------------------------------------------------------------------------------- /manifests-policy/netpol-payment-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: payment-access 6 | namespace: sock-shop 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | name: payment 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | name: orders 16 | ports: 17 | - protocol: TCP 18 | port: 80 19 | -------------------------------------------------------------------------------- /manifests-policy/netpol-rabbitmq-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: rabbitmq-access 6 | namespace: sock-shop 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | name: rabbitmq 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | name: shipping 16 | - podSelector: 17 | matchLabels: 18 | name: queue-master 19 | ports: 20 | - protocol: TCP 21 | port: 5672 22 | 23 | -------------------------------------------------------------------------------- /manifests-policy/netpol-shipping-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: shipping-access 6 | namespace: sock-shop 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | name: shipping 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | name: orders 16 | ports: 17 | - protocol: TCP 18 | port: 80 19 | -------------------------------------------------------------------------------- /manifests-policy/netpol-user-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: user-access 6 | namespace: sock-shop 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | name: user 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | name: front-end 16 | - podSelector: 17 | matchLabels: 18 | name: orders 19 | ports: 20 | - protocol: TCP 21 | port: 80 22 | -------------------------------------------------------------------------------- /manifests-policy/netpol-user-db-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: user-db-access 6 | namespace: sock-shop 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | name: user-db 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | name: user 16 | ports: 17 | - protocol: TCP 18 | port: 27017 19 | -------------------------------------------------------------------------------- /manifests-pv/pv-grafana.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: grafana-local-pv 5 | namespace: monitoring 6 | spec: 7 | capacity: 8 | storage: 0.4Gi 9 | accessModes: 10 | - ReadWriteOnce 11 | persistentVolumeReclaimPolicy: Retain 12 | storageClassName: grafana-local-storage 13 | local: 14 | path: /mnt/disk/grafana-vol 15 | nodeAffinity: 16 | required: 17 | nodeSelectorTerms: 18 | - matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: In 21 | values: 22 | - node1 23 | -------------------------------------------------------------------------------- /manifests-pv/pv-prometheus.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: prometheus-local-pv 5 | namespace: monitoring 6 | spec: 7 | capacity: 8 | storage: 2.5Gi 9 | accessModes: 10 | - ReadWriteOnce 11 | persistentVolumeReclaimPolicy: Retain 12 | storageClassName: prometheus-local-storage 13 | local: 14 | path: /mnt/disk/prometheus-vol 15 | nodeAffinity: 16 | required: 17 | nodeSelectorTerms: 18 | - matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: In 21 | values: 22 | - node1 23 | -------------------------------------------------------------------------------- /manifests-pv/pvc-grafana.yaml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: grafana-claim 5 | namespace: monitoring 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | storageClassName: grafana-local-storage 10 | resources: 11 | requests: 12 | storage: 0.4Gi 13 | -------------------------------------------------------------------------------- /manifests-pv/pvc-prometheus.yaml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: prometheus-claim 5 | namespace: monitoring 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | storageClassName: prometheus-local-storage 10 | resources: 11 | requests: 12 | storage: 2.5Gi 13 | -------------------------------------------------------------------------------- /manifests-pv/sc-grafana.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: grafana-local-storage 5 | namespace: monitoring 6 | provisioner: kubernetes.io/no-provisioner 7 | volumeBindingMode: WaitForFirstConsumer 8 | -------------------------------------------------------------------------------- /manifests-pv/sc-prometheus.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: prometheus-local-storage 5 | namespace: monitoring 6 | provisioner: kubernetes.io/no-provisioner 7 | volumeBindingMode: WaitForFirstConsumer 8 | -------------------------------------------------------------------------------- /manifests-system/kiali-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: kiali 5 | namespace: istio-system 6 | labels: 7 | app: kiali 8 | type: Opaque 9 | data: 10 | username: YWRtaW4K 11 | passphrase: YWRtaW4K 12 | -------------------------------------------------------------------------------- /manifests-system/kube-controller-manager-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: kube-system 5 | name: kube-controller-manager-prometheus-discovery 6 | labels: 7 | component: kube-controller-manager 8 | annotations: 9 | prometheus.io/scrape: "true" 10 | spec: 11 | selector: 12 | component: kube-controller-manager 13 | tier: control-plane 14 | type: ClusterIP 15 | ports: 16 | - port: 10252 17 | targetPort: 10252 18 | protocol: TCP 19 | -------------------------------------------------------------------------------- /manifests-system/kube-scheduler-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: kube-system 5 | name: kube-scheduler-prometheus-discovery 6 | labels: 7 | component: kube-scheduler 8 | annotations: 9 | prometheus.io/scrape: "true" 10 | spec: 11 | selector: 12 | component: kube-scheduler 13 | tier: control-plane 14 | type: ClusterIP 15 | ports: 16 | - port: 10251 17 | targetPort: 10251 18 | protocol: TCP 19 | -------------------------------------------------------------------------------- /manifests-telemetry/istio-telemetry: -------------------------------------------------------------------------------- 1 | apiVersion: config.istio.io/v1alpha2 2 | kind: instance 3 | metadata: 4 | name: requestduration 5 | namespace: istio-system 6 | spec: 7 | compiledTemplate: metric 8 | params: 9 | value: response.duration | "0ms" 10 | dimensions: 11 | destination_service: destination.service.host | "unknown" 12 | destination_version: destination.labels["version"] | "unknown" 13 | response_code: response.code | 200 14 | monitored_resource_type: '"UNSPECIFIED"' 15 | --- 16 | # Configuration for metric instances 17 | apiVersion: config.istio.io/v1alpha2 18 | kind: instance 19 | metadata: 20 | name: doublerequestcount 21 | namespace: istio-system 22 | spec: 23 | compiledTemplate: metric 24 | params: 25 | value: "2" # count each request twice 26 | dimensions: 27 | reporter: conditional((context.reporter.kind | "inbound") == "outbound", "client", "server") 28 | source: source.workload.name | "unknown" 29 | destination: destination.workload.name | "unknown" 30 | message: '"twice the fun!"' 31 | monitored_resource_type: '"UNSPECIFIED"' 32 | --- 33 | # Configuration for a Prometheus handler 34 | apiVersion: config.istio.io/v1alpha2 35 | kind: handler 36 | metadata: 37 | name: doublehandler 38 | namespace: istio-system 39 | spec: 40 | compiledAdapter: prometheus 41 | params: 42 | metrics: 43 | - name: double_request_count # Prometheus metric name 44 | instance_name: doublerequestcount.instance.istio-system # Mixer instance name (fully-qualified) 45 | kind: COUNTER 46 | label_names: 47 | - reporter 48 | - source 49 | - destination 50 | - message 51 | - name: double_request_duration 52 | instance_name: requestduration.instance.istio-system 53 | kind: DISTRIBUTION 54 | label_names: 55 | - destination_service 56 | - destination_version 57 | - response_code 58 | --- 59 | # Rule to send metric instances to a Prometheus handler 60 | apiVersion: config.istio.io/v1alpha2 61 | kind: rule 62 | metadata: 63 | name: doubleprom 64 | namespace: istio-system 65 | spec: 66 | actions: 67 | - handler: doublehandler 68 | instances: [ requestduration ] 69 | 70 | -------------------------------------------------------------------------------- /manifests/carts-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: carts-db 6 | labels: 7 | name: carts-db 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: carts-db 15 | spec: 16 | containers: 17 | - name: carts-db 18 | image: mongo 19 | ports: 20 | - name: mongo 21 | containerPort: 27017 22 | securityContext: 23 | capabilities: 24 | drop: 25 | - all 26 | add: 27 | - CHOWN 28 | - SETGID 29 | - SETUID 30 | readOnlyRootFilesystem: true 31 | volumeMounts: 32 | - mountPath: /tmp 33 | name: tmp-volume 34 | volumes: 35 | - name: tmp-volume 36 | emptyDir: 37 | medium: Memory 38 | nodeSelector: 39 | beta.kubernetes.io/os: linux 40 | -------------------------------------------------------------------------------- /manifests/carts-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: carts-db 6 | labels: 7 | name: carts-db 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 27017 15 | targetPort: 27017 16 | selector: 17 | name: carts-db 18 | -------------------------------------------------------------------------------- /manifests/carts-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: carts 6 | labels: 7 | name: carts 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: carts 15 | spec: 16 | containers: 17 | - name: carts 18 | image: weaveworksdemos/carts:0.4.8 19 | env: 20 | - name: ZIPKIN 21 | value: zipkin.jaeger.svc.cluster.local 22 | - name: JAVA_OPTS 23 | value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom 24 | resources: 25 | requests: 26 | cpu: 300m 27 | memory: 300Mi 28 | #limits: 29 | ports: 30 | - containerPort: 80 31 | securityContext: 32 | runAsNonRoot: true 33 | runAsUser: 10001 34 | capabilities: 35 | drop: 36 | - all 37 | add: 38 | - NET_BIND_SERVICE 39 | readOnlyRootFilesystem: true 40 | volumeMounts: 41 | - mountPath: /tmp 42 | name: tmp-volume 43 | livenessProbe: 44 | httpGet: 45 | path: /health 46 | port: 80 47 | initialDelaySeconds: 300 48 | periodSeconds: 10 49 | readinessProbe: 50 | httpGet: 51 | path: /health 52 | port: 80 53 | initialDelaySeconds: 180 54 | periodSeconds: 10 55 | volumes: 56 | - name: tmp-volume 57 | emptyDir: 58 | medium: Memory 59 | nodeSelector: 60 | beta.kubernetes.io/os: linux 61 | -------------------------------------------------------------------------------- /manifests/carts-svc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: carts 6 | labels: 7 | name: carts 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 80 15 | targetPort: 80 16 | selector: 17 | name: carts 18 | -------------------------------------------------------------------------------- /manifests/catalogue-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: catalogue-db 6 | labels: 7 | name: catalogue-db 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: catalogue-db 15 | spec: 16 | containers: 17 | - name: catalogue-db 18 | image: weaveworksdemos/catalogue-db:0.3.0 19 | env: 20 | - name: MYSQL_ROOT_PASSWORD 21 | value: fake_password 22 | - name: MYSQL_DATABASE 23 | value: socksdb 24 | ports: 25 | - name: mysql 26 | containerPort: 3306 27 | nodeSelector: 28 | beta.kubernetes.io/os: linux 29 | -------------------------------------------------------------------------------- /manifests/catalogue-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: catalogue-db 6 | labels: 7 | name: catalogue-db 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 3306 15 | targetPort: 3306 16 | selector: 17 | name: catalogue-db 18 | -------------------------------------------------------------------------------- /manifests/catalogue-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: catalogue 6 | labels: 7 | name: catalogue 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: catalogue 15 | spec: 16 | containers: 17 | - name: catalogue 18 | image: weaveworksdemos/catalogue:0.3.5 19 | command: ["/app"] 20 | args: 21 | - -port=80 22 | resources: 23 | requests: 24 | cpu: 80m 25 | memory: 50Mi 26 | #limits: 27 | ports: 28 | - containerPort: 80 29 | securityContext: 30 | runAsNonRoot: true 31 | runAsUser: 10001 32 | capabilities: 33 | drop: 34 | - all 35 | add: 36 | - NET_BIND_SERVICE 37 | readOnlyRootFilesystem: true 38 | livenessProbe: 39 | httpGet: 40 | path: /health 41 | port: 80 42 | initialDelaySeconds: 300 43 | periodSeconds: 3 44 | readinessProbe: 45 | httpGet: 46 | path: /health 47 | port: 80 48 | initialDelaySeconds: 180 49 | periodSeconds: 3 50 | nodeSelector: 51 | beta.kubernetes.io/os: linux 52 | -------------------------------------------------------------------------------- /manifests/catalogue-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: catalogue 6 | labels: 7 | name: catalogue 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 80 15 | targetPort: 80 16 | selector: 17 | name: catalogue 18 | -------------------------------------------------------------------------------- /manifests/deployment/carts-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: carts-db 6 | labels: 7 | name: carts-db 8 | namespace: sock-shop 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: carts-db 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | name: carts-db 18 | spec: 19 | containers: 20 | - name: carts-db 21 | image: mongo 22 | ports: 23 | - name: mongo 24 | containerPort: 27017 25 | securityContext: 26 | capabilities: 27 | drop: 28 | - all 29 | add: 30 | - CHOWN 31 | - SETGID 32 | - SETUID 33 | readOnlyRootFilesystem: true 34 | volumeMounts: 35 | - mountPath: /tmp 36 | name: tmp-volume 37 | volumes: 38 | - name: tmp-volume 39 | emptyDir: 40 | medium: Memory 41 | nodeSelector: 42 | beta.kubernetes.io/os: linux 43 | -------------------------------------------------------------------------------- /manifests/deployment/carts-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: carts 6 | labels: 7 | name: carts 8 | namespace: sock-shop 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: carts 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | name: carts 18 | spec: 19 | containers: 20 | - name: carts 21 | image: weaveworksdemos/carts:0.4.8 22 | env: 23 | - name: ZIPKIN 24 | value: zipkin.jaeger.svc.cluster.local 25 | - name: JAVA_OPTS 26 | value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom 27 | resources: 28 | requests: 29 | cpu: 300m 30 | memory: 300Mi 31 | #limits: 32 | ports: 33 | - containerPort: 80 34 | securityContext: 35 | runAsNonRoot: true 36 | runAsUser: 10001 37 | capabilities: 38 | drop: 39 | - all 40 | add: 41 | - NET_BIND_SERVICE 42 | readOnlyRootFilesystem: true 43 | volumeMounts: 44 | - mountPath: /tmp 45 | name: tmp-volume 46 | livenessProbe: 47 | httpGet: 48 | path: /health 49 | port: 80 50 | initialDelaySeconds: 300 51 | periodSeconds: 10 52 | readinessProbe: 53 | httpGet: 54 | path: /health 55 | port: 80 56 | initialDelaySeconds: 180 57 | periodSeconds: 10 58 | volumes: 59 | - name: tmp-volume 60 | emptyDir: 61 | medium: Memory 62 | nodeSelector: 63 | beta.kubernetes.io/os: linux 64 | -------------------------------------------------------------------------------- /manifests/deployment/catalogue-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: catalogue-db 6 | labels: 7 | name: catalogue-db 8 | namespace: sock-shop 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: catalogue-db 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | name: catalogue-db 18 | spec: 19 | containers: 20 | - name: catalogue-db 21 | image: weaveworksdemos/catalogue-db:0.3.0 22 | env: 23 | - name: MYSQL_ROOT_PASSWORD 24 | value: fake_password 25 | - name: MYSQL_DATABASE 26 | value: socksdb 27 | ports: 28 | - name: mysql 29 | containerPort: 3306 30 | nodeSelector: 31 | beta.kubernetes.io/os: linux 32 | -------------------------------------------------------------------------------- /manifests/deployment/catalogue-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: catalogue 6 | labels: 7 | name: catalogue 8 | namespace: sock-shop 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: catalogue 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | name: catalogue 18 | spec: 19 | containers: 20 | - name: catalogue 21 | image: weaveworksdemos/catalogue:0.3.5 22 | command: ["/app"] 23 | args: 24 | - -port=80 25 | resources: 26 | requests: 27 | cpu: 80m 28 | memory: 50Mi 29 | #limits: 30 | ports: 31 | - containerPort: 80 32 | securityContext: 33 | runAsNonRoot: true 34 | runAsUser: 10001 35 | capabilities: 36 | drop: 37 | - all 38 | add: 39 | - NET_BIND_SERVICE 40 | readOnlyRootFilesystem: true 41 | livenessProbe: 42 | httpGet: 43 | path: /health 44 | port: 80 45 | initialDelaySeconds: 300 46 | periodSeconds: 3 47 | readinessProbe: 48 | httpGet: 49 | path: /health 50 | port: 80 51 | initialDelaySeconds: 180 52 | periodSeconds: 3 53 | nodeSelector: 54 | beta.kubernetes.io/os: linux 55 | -------------------------------------------------------------------------------- /manifests/deployment/front-end-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: front-end 6 | namespace: sock-shop 7 | spec: 8 | selector: 9 | matchLabels: 10 | name: front-end 11 | replicas: 3 12 | strategy: 13 | rollingUpdate: 14 | maxSurge: 0 15 | maxUnavailable: 1 16 | type: RollingUpdate 17 | template: 18 | metadata: 19 | labels: 20 | name: front-end 21 | spec: 22 | containers: 23 | - name: front-end 24 | image: weaveworksdemos/front-end:0.3.12 25 | resources: 26 | requests: 27 | cpu: 200m 28 | memory: 150Mi 29 | #limits: 30 | ports: 31 | - containerPort: 8079 32 | env: 33 | - name: SESSION_REDIS 34 | value: "true" 35 | - name: ZIPKIN 36 | value: zipkin.jaeger.svc.cluster.local 37 | securityContext: 38 | runAsNonRoot: true 39 | runAsUser: 10001 40 | capabilities: 41 | drop: 42 | - all 43 | readOnlyRootFilesystem: true 44 | livenessProbe: 45 | httpGet: 46 | path: / 47 | port: 8079 48 | initialDelaySeconds: 300 49 | periodSeconds: 3 50 | readinessProbe: 51 | httpGet: 52 | path: / 53 | port: 8079 54 | initialDelaySeconds: 30 55 | periodSeconds: 3 56 | nodeSelector: 57 | beta.kubernetes.io/os: linux 58 | -------------------------------------------------------------------------------- /manifests/deployment/orders-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: orders-db 6 | labels: 7 | name: orders-db 8 | namespace: sock-shop 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: orders-db 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | name: orders-db 18 | spec: 19 | containers: 20 | - name: orders-db 21 | image: mongo 22 | ports: 23 | - name: mongo 24 | containerPort: 27017 25 | securityContext: 26 | capabilities: 27 | drop: 28 | - all 29 | add: 30 | - CHOWN 31 | - SETGID 32 | - SETUID 33 | readOnlyRootFilesystem: true 34 | volumeMounts: 35 | - mountPath: /tmp 36 | name: tmp-volume 37 | volumes: 38 | - name: tmp-volume 39 | emptyDir: 40 | medium: Memory 41 | nodeSelector: 42 | beta.kubernetes.io/os: linux 43 | -------------------------------------------------------------------------------- /manifests/deployment/orders-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: orders 6 | labels: 7 | name: orders 8 | namespace: sock-shop 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: orders 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | name: orders 18 | spec: 19 | containers: 20 | - name: orders 21 | image: weaveworksdemos/orders:0.4.7 22 | env: 23 | - name: ZIPKIN 24 | value: zipkin.jaeger.svc.cluster.local 25 | - name: JAVA_OPTS 26 | value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom 27 | resources: 28 | requests: 29 | cpu: 350m 30 | memory: 300Mi 31 | ports: 32 | - containerPort: 80 33 | securityContext: 34 | runAsNonRoot: true 35 | runAsUser: 10001 36 | capabilities: 37 | drop: 38 | - all 39 | add: 40 | - NET_BIND_SERVICE 41 | readOnlyRootFilesystem: true 42 | volumeMounts: 43 | - mountPath: /tmp 44 | name: tmp-volume 45 | livenessProbe: 46 | httpGet: 47 | path: /health 48 | port: 80 49 | initialDelaySeconds: 300 50 | periodSeconds: 3 51 | readinessProbe: 52 | httpGet: 53 | path: /health 54 | port: 80 55 | initialDelaySeconds: 180 56 | periodSeconds: 3 57 | volumes: 58 | - name: tmp-volume 59 | emptyDir: 60 | medium: Memory 61 | nodeSelector: 62 | beta.kubernetes.io/os: linux 63 | -------------------------------------------------------------------------------- /manifests/deployment/payment-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: payment 6 | labels: 7 | name: payment 8 | namespace: sock-shop 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: payment 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | name: payment 18 | spec: 19 | containers: 20 | - name: payment 21 | image: weaveworksdemos/payment:0.4.3 22 | resources: 23 | requests: 24 | cpu: 30m 25 | memory: 30Mi 26 | ports: 27 | - containerPort: 80 28 | securityContext: 29 | runAsNonRoot: true 30 | runAsUser: 10001 31 | capabilities: 32 | drop: 33 | - all 34 | add: 35 | - NET_BIND_SERVICE 36 | readOnlyRootFilesystem: true 37 | livenessProbe: 38 | httpGet: 39 | path: /health 40 | port: 80 41 | initialDelaySeconds: 300 42 | periodSeconds: 3 43 | readinessProbe: 44 | httpGet: 45 | path: /health 46 | port: 80 47 | initialDelaySeconds: 180 48 | periodSeconds: 3 49 | nodeSelector: 50 | beta.kubernetes.io/os: linux 51 | -------------------------------------------------------------------------------- /manifests/deployment/queue-master-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: queue-master 6 | labels: 7 | name: queue-master 8 | namespace: sock-shop 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: queue-master 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | name: queue-master 18 | spec: 19 | containers: 20 | - name: queue-master 21 | image: weaveworksdemos/queue-master:0.3.1 22 | env: 23 | - name: ZIPKIN 24 | value: zipkin.jaeger.svc.cluster.local 25 | - name: JAVA_OPTS 26 | value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom 27 | resources: 28 | requests: 29 | cpu: 120m 30 | memory: 300Mi 31 | ports: 32 | - containerPort: 80 33 | livenessProbe: 34 | httpGet: 35 | path: /health 36 | port: 80 37 | initialDelaySeconds: 300 38 | periodSeconds: 3 39 | readinessProbe: 40 | httpGet: 41 | path: /health 42 | port: 80 43 | initialDelaySeconds: 180 44 | periodSeconds: 3 45 | nodeSelector: 46 | beta.kubernetes.io/os: linux 47 | -------------------------------------------------------------------------------- /manifests/deployment/rabbitmq-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: rabbitmq 6 | labels: 7 | name: rabbitmq 8 | namespace: sock-shop 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: rabbitmq 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | name: rabbitmq 18 | annotations: 19 | prometheus.io/scrape: "false" 20 | spec: 21 | initContainers: 22 | - name: configmap-copy 23 | image: busybox 24 | command: ['/bin/sh', '-c', 'cp /etc/rabbitmq/files/* /etc/rabbitmq/'] 25 | volumeMounts: 26 | - name: config-volume 27 | mountPath: /etc/rabbitmq/files 28 | - name: config 29 | mountPath: /etc/rabbitmq 30 | containers: 31 | - name: rabbitmq 32 | image: rabbitmq:3.7.8-management 33 | ports: 34 | - name: management 35 | containerPort: 15672 36 | - name: rabbitmq 37 | containerPort: 5672 38 | - name: dist 39 | containerPort: 25672 40 | - name: epmd 41 | containerPort: 4369 42 | securityContext: 43 | capabilities: 44 | drop: 45 | - all 46 | add: 47 | - CHOWN 48 | - SETGID 49 | - SETUID 50 | - DAC_OVERRIDE 51 | readOnlyRootFilesystem: false 52 | env: 53 | - name: MY_POD_IP 54 | valueFrom: 55 | fieldRef: 56 | fieldPath: status.podIP 57 | - name: RABBITMQ_USE_LONGNAME 58 | value: "true" 59 | - name: RABBITMQ_NODENAME 60 | value: "rabbit@$(MY_POD_IP)" 61 | - name: K8S_SERVICE_NAME 62 | value: "rabbitmq" 63 | - name: RABBITMQ_ERLANG_COOKIE 64 | value: "mycookie" 65 | - name: rabbitmq-exporter 66 | image: kbudde/rabbitmq-exporter 67 | resources: 68 | requests: 69 | cpu: 50m 70 | memory: 50Mi 71 | ports: 72 | - name: exporter 73 | containerPort: 9090 74 | volumes: 75 | - name: config 76 | emptyDir: {} 77 | - name: config-volume 78 | configMap: 79 | name: rabbitmq-config 80 | items: 81 | - key: rabbitmq.conf 82 | path: rabbitmq.conf 83 | - key: enabled_plugins 84 | path: enabled_plugins 85 | nodeSelector: 86 | beta.kubernetes.io/os: linux 87 | -------------------------------------------------------------------------------- /manifests/deployment/session-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: session-db 6 | labels: 7 | name: session-db 8 | namespace: sock-shop 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: session-db 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | name: session-db 18 | annotations: 19 | prometheus.io.scrape: "false" 20 | spec: 21 | containers: 22 | - name: session-db 23 | image: redis:alpine 24 | ports: 25 | - name: redis 26 | containerPort: 6379 27 | securityContext: 28 | capabilities: 29 | drop: 30 | - all 31 | add: 32 | - CHOWN 33 | - SETGID 34 | - SETUID 35 | readOnlyRootFilesystem: true 36 | nodeSelector: 37 | beta.kubernetes.io/os: linux 38 | -------------------------------------------------------------------------------- /manifests/deployment/shipping-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: shipping 6 | labels: 7 | name: shipping 8 | namespace: sock-shop 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: shipping 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | name: shipping 18 | spec: 19 | containers: 20 | - name: shipping 21 | image: weaveworksdemos/shipping:0.4.8 22 | env: 23 | - name: ZIPKIN 24 | value: zipkin.jaeger.svc.cluster.local 25 | - name: JAVA_OPTS 26 | value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom 27 | resources: 28 | requests: 29 | cpu: 200m 30 | memory: 300Mi 31 | ports: 32 | - containerPort: 80 33 | securityContext: 34 | runAsNonRoot: true 35 | runAsUser: 10001 36 | capabilities: 37 | drop: 38 | - all 39 | add: 40 | - NET_BIND_SERVICE 41 | readOnlyRootFilesystem: true 42 | volumeMounts: 43 | - mountPath: /tmp 44 | name: tmp-volume 45 | livenessProbe: 46 | httpGet: 47 | path: /health 48 | port: 80 49 | initialDelaySeconds: 300 50 | periodSeconds: 3 51 | readinessProbe: 52 | httpGet: 53 | path: /health 54 | port: 80 55 | initialDelaySeconds: 180 56 | periodSeconds: 3 57 | volumes: 58 | - name: tmp-volume 59 | emptyDir: 60 | medium: Memory 61 | nodeSelector: 62 | beta.kubernetes.io/os: linux 63 | -------------------------------------------------------------------------------- /manifests/deployment/user-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: user-db 6 | labels: 7 | name: user-db 8 | namespace: sock-shop 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: user-db 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | name: user-db 18 | spec: 19 | containers: 20 | - name: user-db 21 | image: weaveworksdemos/user-db:0.3.0 22 | ports: 23 | - name: mongo 24 | containerPort: 27017 25 | securityContext: 26 | capabilities: 27 | drop: 28 | - all 29 | add: 30 | - CHOWN 31 | - SETGID 32 | - SETUID 33 | readOnlyRootFilesystem: true 34 | volumeMounts: 35 | - mountPath: /tmp 36 | name: tmp-volume 37 | volumes: 38 | - name: tmp-volume 39 | emptyDir: 40 | medium: Memory 41 | nodeSelector: 42 | beta.kubernetes.io/os: linux 43 | -------------------------------------------------------------------------------- /manifests/deployment/user-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: user 6 | labels: 7 | name: user 8 | namespace: sock-shop 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: user 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | name: user 18 | spec: 19 | containers: 20 | - name: user 21 | image: weaveworksdemos/user:0.4.7 22 | resources: 23 | requests: 24 | cpu: 120m 25 | memory: 50Mi 26 | ports: 27 | - containerPort: 80 28 | env: 29 | - name: mongo 30 | value: user-db:27017 31 | securityContext: 32 | runAsNonRoot: true 33 | runAsUser: 10001 34 | capabilities: 35 | drop: 36 | - all 37 | add: 38 | - NET_BIND_SERVICE 39 | readOnlyRootFilesystem: true 40 | livenessProbe: 41 | httpGet: 42 | path: /health 43 | port: 80 44 | initialDelaySeconds: 300 45 | periodSeconds: 3 46 | readinessProbe: 47 | httpGet: 48 | path: /health 49 | port: 80 50 | initialDelaySeconds: 180 51 | periodSeconds: 3 52 | nodeSelector: 53 | beta.kubernetes.io/os: linux 54 | -------------------------------------------------------------------------------- /manifests/front-end-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: front-end 6 | namespace: sock-shop 7 | spec: 8 | replicas: 3 9 | strategy: 10 | rollingUpdate: 11 | maxSurge: 0 12 | maxUnavailable: 1 13 | type: RollingUpdate 14 | template: 15 | metadata: 16 | labels: 17 | name: front-end 18 | spec: 19 | containers: 20 | - name: front-end 21 | image: weaveworksdemos/front-end:0.3.12 22 | resources: 23 | requests: 24 | cpu: 200m 25 | memory: 150Mi 26 | #limits: 27 | ports: 28 | - containerPort: 8079 29 | env: 30 | - name: SESSION_REDIS 31 | value: "true" 32 | - name: ZIPKIN 33 | value: zipkin.jaeger.svc.cluster.local 34 | securityContext: 35 | runAsNonRoot: true 36 | runAsUser: 10001 37 | capabilities: 38 | drop: 39 | - all 40 | readOnlyRootFilesystem: true 41 | livenessProbe: 42 | httpGet: 43 | path: / 44 | port: 8079 45 | initialDelaySeconds: 300 46 | periodSeconds: 3 47 | readinessProbe: 48 | httpGet: 49 | path: / 50 | port: 8079 51 | initialDelaySeconds: 30 52 | periodSeconds: 3 53 | nodeSelector: 54 | beta.kubernetes.io/os: linux 55 | -------------------------------------------------------------------------------- /manifests/front-end-istio.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: frontend-gateway 5 | namespace: istio-system 6 | spec: 7 | selector: 8 | istio: ingressgateway # use istio default controller 9 | servers: 10 | - port: 11 | number: 80 12 | name: http 13 | protocol: HTTP 14 | hosts: 15 | - "*" 16 | --- 17 | apiVersion: networking.istio.io/v1alpha3 18 | kind: VirtualService 19 | metadata: 20 | name: front-end 21 | namespace: sock-shop 22 | spec: 23 | hosts: 24 | - "*" 25 | gateways: 26 | - frontend-gateway.istio-system.svc.cluster.local 27 | http: 28 | - match: 29 | - port: 80 30 | uri: 31 | exact: / 32 | - uri: 33 | prefix: /basket.html 34 | - uri: 35 | prefix: /cart 36 | - uri: 37 | prefix: /catalogue 38 | - uri: 39 | prefix: /category.html 40 | - uri: 41 | exact: /detail.html?id=808a2de1-1aaa-4c25-a9b9-6612e8f29a38 42 | - uri: 43 | exact: /detail.html?id=837ab141-399e-4c1f-9abc-bace40296bac 44 | - uri: 45 | exact: /detail.html?id=a0a4f044-b040-410d-8ead-4de0446aec7e 46 | - uri: 47 | exact: /detail.html?id=zzz4f044-b040-410d-8ead-4de0446aec7e 48 | - uri: 49 | exact: /login 50 | - uri: 51 | exact: /orders 52 | - uri: 53 | prefix: /api/v1/products 54 | - uri: 55 | prefix: /static 56 | - uri: 57 | exact: /index.html 58 | - uri: 59 | exact: /registry.html 60 | - uri: 61 | exact: /details.html 62 | - uri: 63 | exact: /health.html 64 | - uri: 65 | exact: /topbar.html 66 | - uri: 67 | exact: /navbar.html 68 | - uri: 69 | exact: /footer.html 70 | - uri: 71 | prefix: /css 72 | - uri: 73 | prefix: /js 74 | - uri: 75 | prefix: /img 76 | - uri: 77 | prefix: /detail 78 | 79 | 80 | route: 81 | - destination: 82 | host: front-end.sock-shop.svc.cluster.local 83 | port: 84 | number: 80 85 | 86 | 87 | 88 | 89 | -------------------------------------------------------------------------------- /manifests/front-end-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: front-end 6 | labels: 7 | name: front-end 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | type: NodePort 13 | ports: 14 | - port: 80 15 | targetPort: 8079 16 | nodePort: 31125 17 | protocol: TCP 18 | name: http 19 | selector: 20 | name: front-end 21 | 22 | -------------------------------------------------------------------------------- /manifests/loadtest/busybox.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: busybox 5 | namespace: default 6 | spec: 7 | containers: 8 | - name: busybox 9 | image: busybox:1.28 10 | command: 11 | - sleep 12 | - "3600" 13 | imagePullPolicy: IfNotPresent 14 | restartPolicy: Always 15 | -------------------------------------------------------------------------------- /manifests/loadtest/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: sock-shop-ingress 5 | spec: 6 | tls: 7 | - hosts: 8 | - shop.sock.com 9 | secretName: sock-shop-secret 10 | rules: 11 | - host: shop.sock.com 12 | http: 13 | paths: 14 | - path: /home 15 | backend: 16 | serviceName: front-end 17 | servicePort: 80 18 | -------------------------------------------------------------------------------- /manifests/loadtest/loadtest-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: loadtest 6 | --- 7 | apiVersion: extensions/v1beta1 8 | kind: Deployment 9 | metadata: 10 | name: load-test 11 | labels: 12 | name: load-test 13 | namespace: loadtest 14 | spec: 15 | replicas: 2 16 | template: 17 | metadata: 18 | labels: 19 | name: load-test 20 | spec: 21 | containers: 22 | - name: load-test 23 | image: weaveworksdemos/load-test:0.1.1 24 | resources: 25 | requests: 26 | cpu: 100m 27 | memory: 100Mi 28 | command: ["/bin/sh"] 29 | args: ["-c", "while true; do locust --host http://front-end.sock-shop.svc.cluster.local -f /config/locustfile.py --clients 5 --hatch-rate 5 --num-request 100 --no-web; done"] 30 | nodeSelector: 31 | beta.kubernetes.io/os: linux 32 | -------------------------------------------------------------------------------- /manifests/orders-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: orders-db 6 | labels: 7 | name: orders-db 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: orders-db 15 | spec: 16 | containers: 17 | - name: orders-db 18 | image: mongo 19 | ports: 20 | - name: mongo 21 | containerPort: 27017 22 | securityContext: 23 | capabilities: 24 | drop: 25 | - all 26 | add: 27 | - CHOWN 28 | - SETGID 29 | - SETUID 30 | readOnlyRootFilesystem: true 31 | volumeMounts: 32 | - mountPath: /tmp 33 | name: tmp-volume 34 | volumes: 35 | - name: tmp-volume 36 | emptyDir: 37 | medium: Memory 38 | nodeSelector: 39 | beta.kubernetes.io/os: linux 40 | -------------------------------------------------------------------------------- /manifests/orders-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: orders-db 6 | labels: 7 | name: orders-db 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 27017 15 | targetPort: 27017 16 | selector: 17 | name: orders-db 18 | -------------------------------------------------------------------------------- /manifests/orders-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: orders 6 | labels: 7 | name: orders 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: orders 15 | spec: 16 | containers: 17 | - name: orders 18 | image: weaveworksdemos/orders:0.4.7 19 | env: 20 | - name: ZIPKIN 21 | value: zipkin.jaeger.svc.cluster.local 22 | - name: JAVA_OPTS 23 | value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom 24 | resources: 25 | requests: 26 | cpu: 350m 27 | memory: 300Mi 28 | ports: 29 | - containerPort: 80 30 | securityContext: 31 | runAsNonRoot: true 32 | runAsUser: 10001 33 | capabilities: 34 | drop: 35 | - all 36 | add: 37 | - NET_BIND_SERVICE 38 | readOnlyRootFilesystem: true 39 | volumeMounts: 40 | - mountPath: /tmp 41 | name: tmp-volume 42 | livenessProbe: 43 | httpGet: 44 | path: /health 45 | port: 80 46 | initialDelaySeconds: 300 47 | periodSeconds: 3 48 | readinessProbe: 49 | httpGet: 50 | path: /health 51 | port: 80 52 | initialDelaySeconds: 180 53 | periodSeconds: 3 54 | volumes: 55 | - name: tmp-volume 56 | emptyDir: 57 | medium: Memory 58 | nodeSelector: 59 | beta.kubernetes.io/os: linux 60 | -------------------------------------------------------------------------------- /manifests/orders-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: orders 6 | labels: 7 | name: orders 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 80 15 | targetPort: 80 16 | selector: 17 | name: orders 18 | -------------------------------------------------------------------------------- /manifests/payment-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: payment 6 | labels: 7 | name: payment 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: payment 15 | spec: 16 | containers: 17 | - name: payment 18 | image: weaveworksdemos/payment:0.4.3 19 | resources: 20 | requests: 21 | cpu: 30m 22 | memory: 30Mi 23 | ports: 24 | - containerPort: 80 25 | securityContext: 26 | runAsNonRoot: true 27 | runAsUser: 10001 28 | capabilities: 29 | drop: 30 | - all 31 | add: 32 | - NET_BIND_SERVICE 33 | readOnlyRootFilesystem: true 34 | livenessProbe: 35 | httpGet: 36 | path: /health 37 | port: 80 38 | initialDelaySeconds: 300 39 | periodSeconds: 3 40 | readinessProbe: 41 | httpGet: 42 | path: /health 43 | port: 80 44 | initialDelaySeconds: 180 45 | periodSeconds: 3 46 | nodeSelector: 47 | beta.kubernetes.io/os: linux 48 | -------------------------------------------------------------------------------- /manifests/payment-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: payment 6 | labels: 7 | name: payment 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 80 15 | targetPort: 80 16 | selector: 17 | name: payment 18 | -------------------------------------------------------------------------------- /manifests/queue-master-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: queue-master 6 | labels: 7 | name: queue-master 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: queue-master 15 | spec: 16 | containers: 17 | - name: queue-master 18 | image: weaveworksdemos/queue-master:0.3.1 19 | env: 20 | - name: ZIPKIN 21 | value: zipkin.jaeger.svc.cluster.local 22 | - name: JAVA_OPTS 23 | value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom 24 | resources: 25 | requests: 26 | cpu: 120m 27 | memory: 300Mi 28 | ports: 29 | - containerPort: 80 30 | livenessProbe: 31 | httpGet: 32 | path: /health 33 | port: 80 34 | initialDelaySeconds: 300 35 | periodSeconds: 3 36 | readinessProbe: 37 | httpGet: 38 | path: /health 39 | port: 80 40 | initialDelaySeconds: 180 41 | periodSeconds: 3 42 | nodeSelector: 43 | beta.kubernetes.io/os: linux 44 | -------------------------------------------------------------------------------- /manifests/queue-master-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: queue-master 6 | labels: 7 | name: queue-master 8 | annotations: 9 | prometheus.io/path: "/prometheus" 10 | prometheus.io/scrape: "true" 11 | namespace: sock-shop 12 | spec: 13 | ports: 14 | # the port that this service should serve on 15 | - port: 80 16 | targetPort: 80 17 | selector: 18 | name: queue-master 19 | -------------------------------------------------------------------------------- /manifests/rabbitmq-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: rabbitmq-config 5 | namespace: sock-shop 6 | data: 7 | enabled_plugins: | 8 | [rabbitmq_management,rabbitmq_peer_discovery_k8s]. 9 | rabbitmq.conf: | 10 | cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s 11 | cluster_formation.k8s.host = kubernetes.default.svc.cluster.local 12 | cluster_formation.k8s.address_type = ip 13 | cluster_formation.node_cleanup.interval = 30 14 | cluster_formation.node_cleanup.only_log_warning = true 15 | cluster_partition_handling = autoheal 16 | queue_master_locator=min-masters 17 | loopback_users.guest = false 18 | -------------------------------------------------------------------------------- /manifests/rabbitmq-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: rabbitmq 6 | labels: 7 | name: rabbitmq 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: rabbitmq 15 | annotations: 16 | prometheus.io/scrape: "false" 17 | spec: 18 | initContainers: 19 | - name: configmap-copy 20 | image: busybox 21 | command: ['/bin/sh', '-c', 'cp /etc/rabbitmq/files/* /etc/rabbitmq/'] 22 | volumeMounts: 23 | - name: config-volume 24 | mountPath: /etc/rabbitmq/files 25 | - name: config 26 | mountPath: /etc/rabbitmq 27 | containers: 28 | - name: rabbitmq 29 | image: rabbitmq:3.7.8-management 30 | ports: 31 | - name: management 32 | containerPort: 15672 33 | - name: rabbitmq 34 | containerPort: 5672 35 | - name: dist 36 | containerPort: 25672 37 | - name: epmd 38 | containerPort: 4369 39 | securityContext: 40 | capabilities: 41 | drop: 42 | - all 43 | add: 44 | - CHOWN 45 | - SETGID 46 | - SETUID 47 | - DAC_OVERRIDE 48 | readOnlyRootFilesystem: false 49 | env: 50 | - name: MY_POD_IP 51 | valueFrom: 52 | fieldRef: 53 | fieldPath: status.podIP 54 | - name: RABBITMQ_USE_LONGNAME 55 | value: "true" 56 | - name: RABBITMQ_NODENAME 57 | value: "rabbit@$(MY_POD_IP)" 58 | - name: K8S_SERVICE_NAME 59 | value: "rabbitmq" 60 | - name: RABBITMQ_ERLANG_COOKIE 61 | value: "mycookie" 62 | - name: rabbitmq-exporter 63 | image: kbudde/rabbitmq-exporter 64 | resources: 65 | requests: 66 | cpu: 50m 67 | memory: 50Mi 68 | ports: 69 | - name: exporter 70 | containerPort: 9090 71 | volumes: 72 | - name: config 73 | emptyDir: {} 74 | - name: config-volume 75 | configMap: 76 | name: rabbitmq-config 77 | items: 78 | - key: rabbitmq.conf 79 | path: rabbitmq.conf 80 | - key: enabled_plugins 81 | path: enabled_plugins 82 | nodeSelector: 83 | beta.kubernetes.io/os: linux 84 | -------------------------------------------------------------------------------- /manifests/rabbitmq-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "authentication.istio.io/v1alpha1" 2 | kind: "Policy" 3 | metadata: 4 | name: "disable-mtls-epmd" 5 | namespace: sock-shop 6 | spec: 7 | targets: 8 | - name: rabbitmq 9 | ports: 10 | - number: 4369 11 | peers: 12 | -------------------------------------------------------------------------------- /manifests/rabbitmq-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: rabbitmq 6 | labels: 7 | name: rabbitmq 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - name: rabbitmq 15 | port: 5672 16 | targetPort: rabbitmq 17 | - name: exporter 18 | port: 9090 19 | targetPort: exporter 20 | protocol: TCP 21 | - name: epmd 22 | port: 4369 23 | targetPort: epmd 24 | - name: dist 25 | port: 25672 26 | targetPort: dist 27 | - name: management 28 | port: 15672 29 | targetPort: management 30 | selector: 31 | name: rabbitmq 32 | -------------------------------------------------------------------------------- /manifests/secret-frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: sock-shop-secret 5 | type: Opaque 6 | data: 7 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQWhZQ0NRREFPRjl0THNhWFdqQU5CZ2txaGtpRzl3MEJBUXNGQURCYU1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhJVEFmQmdOVkJBb01HRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MApaREViTUJrR0ExVUVBd3dTWTJGbVpTNWxlR0Z0Y0d4bExtTnZiU0FnTUI0WERURTRNRGt4TWpFMk1UVXpOVm9YCkRUSXpNRGt4TVRFMk1UVXpOVm93V0RFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ01Ba05CTVNFd0h3WUQKVlFRS0RCaEpiblJsY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEdUQVhCZ05WQkFNTUVHTmhabVV1WlhoaApiWEJzWlM1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDcDZLbjdzeTgxCnAwanVKL2N5ayt2Q0FtbHNmanRGTTJtdVpOSzBLdGVjcUcyZmpXUWI1NXhRMVlGQTJYT1N3SEFZdlNkd0kyaloKcnVXOHFYWENMMnJiNENaQ0Z4d3BWRUNyY3hkam0zdGVWaVJYVnNZSW1tSkhQUFN5UWdwaW9iczl4N0RsTGM2SQpCQTBaalVPeWwwUHFHOVNKZXhNVjczV0lJYTVyRFZTRjJyNGtTa2JBajREY2o3TFhlRmxWWEgySTVYd1hDcHRDCm42N0pDZzQyZitrOHdnemNSVnA4WFprWldaVmp3cTlSVUtEWG1GQjJZeU4xWEVXZFowZXdSdUtZVUpsc202OTIKc2tPcktRajB2a29QbjQxRUUvK1RhVkVwcUxUUm9VWTNyemc3RGtkemZkQml6Rk8yZHNQTkZ4MkNXMGpYa05MdgpLbzI1Q1pyT2hYQUhBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLSEZDY3lPalp2b0hzd1VCTWRMClJkSEliMzgzcFdGeW5acS9MdVVvdnNWQTU4QjBDZzdCRWZ5NXZXVlZycTVSSWt2NGxaODFOMjl4MjFkMUpINnIKalNuUXgrRFhDTy9USkVWNWxTQ1VwSUd6RVVZYVVQZ1J5anNNL05VZENKOHVIVmhaSitTNkZBK0NuT0Q5cm4yaQpaQmVQQ0k1ckh3RVh3bm5sOHl3aWozdnZRNXpISXV5QmdsV3IvUXl1aTlmalBwd1dVdlVtNG52NVNNRzl6Q1Y3ClBwdXd2dWF0cWpPMTIwOEJqZkUvY1pISWc4SHc5bXZXOXg5QytJUU1JTURFN2IvZzZPY0s3TEdUTHdsRnh2QTgKN1dqRWVxdW5heUlwaE1oS1JYVmYxTjM0OWVOOThFejM4Zk9USFRQYmRKakZBL1BjQytHeW1lK2lHdDVPUWRGaAp5UkU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 8 | tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcWVpcCs3TXZOYWRJN2lmM01wUHJ3Z0pwYkg0N1JUTnBybVRTdENyWG5LaHRuNDFrCkcrZWNVTldCUU5semtzQndHTDBuY0NObzJhN2x2S2wxd2k5cTIrQW1RaGNjS1ZSQXEzTVhZNXQ3WGxZa1YxYkcKQ0pwaVJ6ejBza0lLWXFHN1BjZXc1UzNPaUFRTkdZMURzcGRENmh2VWlYc1RGZTkxaUNHdWF3MVVoZHErSkVwRwp3SStBM0kreTEzaFpWVng5aU9WOEZ3cWJRcCt1eVFvT05uL3BQTUlNM0VWYWZGMlpHVm1WWThLdlVWQ2cxNWhRCmRtTWpkVnhGbldkSHNFYmltRkNaYkp1dmRySkRxeWtJOUw1S0Q1K05SQlAvazJsUkthaTAwYUZHTjY4NE93NUgKYzMzUVlzeFR0bmJEelJjZGdsdEkxNURTN3lxTnVRbWF6b1Z3QndJREFRQUJBb0lCQVFDUFNkU1luUXRTUHlxbApGZlZGcFRPc29PWVJoZjhzSStpYkZ4SU91UmF1V2VoaEp4ZG01Uk9ScEF6bUNMeUw1VmhqdEptZTIyM2dMcncyCk45OUVqVUtiL1ZPbVp1RHNCYzZvQ0Y2UU5SNThkejhjbk9SVGV3Y290c0pSMXBuMWhobG5SNUhxSkpCSmFzazEKWkVuVVFmY1hackw5NGxvOUpIM0UrVXFqbzFGRnM4eHhFOHdvUEJxalpzVjdwUlVaZ0MzTGh4bndMU0V4eUZvNApjeGI5U09HNU9tQUpvelN0Rm9RMkdKT2VzOHJKNXFmZHZ5dGdnOXhiTGFRTC94MGtwUTYyQm9GTUJEZHFPZVBXCktmUDV6WjYvMDcvdnBqNDh5QTFRMzJQem9idWJzQkxkM0tjbjMyamZtMUU3cHJ0V2wrSmVPRmlPem5CUUZKYk4KNHFQVlJ6NWhBb0dCQU50V3l4aE5DU0x1NFArWGdLeWNrbGpKNkY1NjY4Zk5qNUN6Z0ZScUowOXpuMFRsc05ybwpGVExaY3hEcW5SM0hQWU00MkpFUmgySi9xREZaeW5SUW8zY2czb2VpdlVkQlZHWTgrRkkxVzBxZHViL0w5K3l1CmVkT1pUUTVYbUdHcDZyNmpleHltY0ppbS9Pc0IzWm5ZT3BPcmxEN1NQbUJ2ek5MazRNRjZneGJYQW9HQkFNWk8KMHA2SGJCbWNQMHRqRlhmY0tFNzdJbUxtMHNBRzR1SG9VeDBlUGovMnFyblRuT0JCTkU0TXZnRHVUSnp5K2NhVQprOFJxbWRIQ2JIelRlNmZ6WXEvOWl0OHNaNzdLVk4xcWtiSWN1YytSVHhBOW5OaDFUanNSbmU3NFowajFGQ0xrCmhIY3FIMHJpN1BZU0tIVEU4RnZGQ3haWWRidUI4NENtWmlodnhicFJBb0dBSWJqcWFNWVBUWXVrbENkYTVTNzkKWVNGSjFKelplMUtqYS8vdER3MXpGY2dWQ0thMzFqQXdjaXowZi9sU1JxM0hTMUdHR21lemhQVlRpcUxmZVpxYwpSMGlLYmhnYk9jVlZrSkozSzB5QXlLd1BUdW14S0haNnpJbVpTMGMwYW0rUlk5WUdxNVQ3WXJ6cHpjZnZwaU9VCmZmZTNSeUZUN2NmQ21mb09oREN0enVrQ2dZQjMwb0xDMVJMRk9ycW40M3ZDUzUxemM1em9ZNDR1QnpzcHd3WU4KVHd2UC9FeFdNZjNWSnJEakJDSCtULzZzeXNlUGJKRUltbHpNK0l3eXRGcEFOZmlJWEV0LzQ4WGY2ME54OGdXTQp1SHl4Wlp4L05LdER3MFY4dlgxUE9ucTJBNWVpS2ErOGpSQVJZS0pMWU5kZkR1d29seHZHNmJaaGtQaS80RXRUCjNZMThzUUtCZ0h0S2JrKzdsTkpWZXN3WEU1Y1VHNkVEVXNEZS8yVWE3ZlhwN0ZjanFCRW9hcDFMU3crNlRYcDAKWmdybUtFOEFSek00NytFSkhVdmlpcS9udXBFMTVnMGtKVzNzeWhwVTl6WkxPN2x0QjBLSWtPOVpSY21Vam84UQpjcExsSE1BcWJMSjhXWUdKQ2toaVd4eWFsNmhZVHlXWTRjVmtDMHh0VGwvaFVFOUllTktvCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== 9 | 10 | -------------------------------------------------------------------------------- /manifests/service/carts-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: carts-db 6 | labels: 7 | name: carts-db 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 27017 15 | targetPort: 27017 16 | selector: 17 | name: carts-db 18 | -------------------------------------------------------------------------------- /manifests/service/catalogue-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: catalogue-db 6 | labels: 7 | name: catalogue-db 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 3306 15 | targetPort: 3306 16 | selector: 17 | name: catalogue-db 18 | -------------------------------------------------------------------------------- /manifests/service/catalogue-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: catalogue 6 | labels: 7 | name: catalogue 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 80 15 | targetPort: 80 16 | selector: 17 | name: catalogue 18 | -------------------------------------------------------------------------------- /manifests/service/front-end-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: front-end 6 | labels: 7 | name: front-end 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | type: NodePort 13 | ports: 14 | - port: 80 15 | targetPort: 8079 16 | nodePort: 31125 17 | protocol: TCP 18 | name: http 19 | selector: 20 | name: front-end 21 | 22 | -------------------------------------------------------------------------------- /manifests/service/orders-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: orders-db 6 | labels: 7 | name: orders-db 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 27017 15 | targetPort: 27017 16 | selector: 17 | name: orders-db 18 | -------------------------------------------------------------------------------- /manifests/service/orders-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: orders 6 | labels: 7 | name: orders 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 80 15 | targetPort: 80 16 | selector: 17 | name: orders 18 | -------------------------------------------------------------------------------- /manifests/service/payment-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: payment 6 | labels: 7 | name: payment 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 80 15 | targetPort: 80 16 | selector: 17 | name: payment 18 | -------------------------------------------------------------------------------- /manifests/service/queue-master-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: queue-master 6 | labels: 7 | name: queue-master 8 | annotations: 9 | prometheus.io/path: "/prometheus" 10 | prometheus.io/scrape: "true" 11 | namespace: sock-shop 12 | spec: 13 | ports: 14 | # the port that this service should serve on 15 | - port: 80 16 | targetPort: 80 17 | selector: 18 | name: queue-master 19 | -------------------------------------------------------------------------------- /manifests/service/rabbitmq-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: rabbitmq 6 | labels: 7 | name: rabbitmq 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - name: rabbitmq 15 | port: 5672 16 | targetPort: rabbitmq 17 | - name: exporter 18 | port: 9090 19 | targetPort: exporter 20 | protocol: TCP 21 | - name: epmd 22 | port: 4369 23 | targetPort: epmd 24 | - name: dist 25 | port: 25672 26 | targetPort: dist 27 | - name: management 28 | port: 15672 29 | targetPort: management 30 | selector: 31 | name: rabbitmq 32 | -------------------------------------------------------------------------------- /manifests/service/session-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: session-db 6 | labels: 7 | name: session-db 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 6379 15 | targetPort: 6379 16 | selector: 17 | name: session-db 18 | -------------------------------------------------------------------------------- /manifests/service/shipping-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: shipping 6 | labels: 7 | name: shipping 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 80 15 | targetPort: 80 16 | selector: 17 | name: shipping 18 | 19 | -------------------------------------------------------------------------------- /manifests/service/user-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: user-db 6 | labels: 7 | name: user-db 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 27017 15 | targetPort: 27017 16 | selector: 17 | name: user-db 18 | 19 | -------------------------------------------------------------------------------- /manifests/service/user-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: user 6 | labels: 7 | name: user 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 80 15 | targetPort: 80 16 | selector: 17 | name: user 18 | 19 | -------------------------------------------------------------------------------- /manifests/session-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: session-db 6 | labels: 7 | name: session-db 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: session-db 15 | annotations: 16 | prometheus.io.scrape: "false" 17 | spec: 18 | containers: 19 | - name: session-db 20 | image: redis:alpine 21 | ports: 22 | - name: redis 23 | containerPort: 6379 24 | securityContext: 25 | capabilities: 26 | drop: 27 | - all 28 | add: 29 | - CHOWN 30 | - SETGID 31 | - SETUID 32 | readOnlyRootFilesystem: true 33 | nodeSelector: 34 | beta.kubernetes.io/os: linux 35 | -------------------------------------------------------------------------------- /manifests/session-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: session-db 6 | labels: 7 | name: session-db 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 6379 15 | targetPort: 6379 16 | selector: 17 | name: session-db 18 | -------------------------------------------------------------------------------- /manifests/shipping-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: shipping 6 | labels: 7 | name: shipping 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: shipping 15 | spec: 16 | containers: 17 | - name: shipping 18 | image: weaveworksdemos/shipping:0.4.8 19 | env: 20 | - name: ZIPKIN 21 | value: zipkin.jaeger.svc.cluster.local 22 | - name: JAVA_OPTS 23 | value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom 24 | resources: 25 | requests: 26 | cpu: 200m 27 | memory: 300Mi 28 | ports: 29 | - containerPort: 80 30 | securityContext: 31 | runAsNonRoot: true 32 | runAsUser: 10001 33 | capabilities: 34 | drop: 35 | - all 36 | add: 37 | - NET_BIND_SERVICE 38 | readOnlyRootFilesystem: true 39 | volumeMounts: 40 | - mountPath: /tmp 41 | name: tmp-volume 42 | livenessProbe: 43 | httpGet: 44 | path: /health 45 | port: 80 46 | initialDelaySeconds: 300 47 | periodSeconds: 3 48 | readinessProbe: 49 | httpGet: 50 | path: /health 51 | port: 80 52 | initialDelaySeconds: 180 53 | periodSeconds: 3 54 | volumes: 55 | - name: tmp-volume 56 | emptyDir: 57 | medium: Memory 58 | nodeSelector: 59 | beta.kubernetes.io/os: linux 60 | -------------------------------------------------------------------------------- /manifests/shipping-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: shipping 6 | labels: 7 | name: shipping 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 80 15 | targetPort: 80 16 | selector: 17 | name: shipping 18 | 19 | -------------------------------------------------------------------------------- /manifests/sock-shop-ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: sock-shop 6 | -------------------------------------------------------------------------------- /manifests/user-db-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: user-db 6 | labels: 7 | name: user-db 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: user-db 15 | spec: 16 | containers: 17 | - name: user-db 18 | image: weaveworksdemos/user-db:0.3.0 19 | ports: 20 | - name: mongo 21 | containerPort: 27017 22 | securityContext: 23 | capabilities: 24 | drop: 25 | - all 26 | add: 27 | - CHOWN 28 | - SETGID 29 | - SETUID 30 | readOnlyRootFilesystem: true 31 | volumeMounts: 32 | - mountPath: /tmp 33 | name: tmp-volume 34 | volumes: 35 | - name: tmp-volume 36 | emptyDir: 37 | medium: Memory 38 | nodeSelector: 39 | beta.kubernetes.io/os: linux 40 | -------------------------------------------------------------------------------- /manifests/user-db-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: user-db 6 | labels: 7 | name: user-db 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 27017 15 | targetPort: 27017 16 | selector: 17 | name: user-db 18 | 19 | -------------------------------------------------------------------------------- /manifests/user-dep.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: user 6 | labels: 7 | name: user 8 | namespace: sock-shop 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | name: user 15 | spec: 16 | containers: 17 | - name: user 18 | image: weaveworksdemos/user:0.4.7 19 | resources: 20 | requests: 21 | cpu: 120m 22 | memory: 50Mi 23 | ports: 24 | - containerPort: 80 25 | env: 26 | - name: mongo 27 | value: user-db:27017 28 | securityContext: 29 | runAsNonRoot: true 30 | runAsUser: 10001 31 | capabilities: 32 | drop: 33 | - all 34 | add: 35 | - NET_BIND_SERVICE 36 | readOnlyRootFilesystem: true 37 | livenessProbe: 38 | httpGet: 39 | path: /health 40 | port: 80 41 | initialDelaySeconds: 300 42 | periodSeconds: 3 43 | readinessProbe: 44 | httpGet: 45 | path: /health 46 | port: 80 47 | initialDelaySeconds: 180 48 | periodSeconds: 3 49 | nodeSelector: 50 | beta.kubernetes.io/os: linux 51 | -------------------------------------------------------------------------------- /manifests/user-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: user 6 | labels: 7 | name: user 8 | namespace: sock-shop 9 | annotations: 10 | prometheus.io/scrape: "true" 11 | spec: 12 | ports: 13 | # the port that this service should serve on 14 | - port: 80 15 | targetPort: 80 16 | selector: 17 | name: user 18 | 19 | -------------------------------------------------------------------------------- /manifests/virtualservice-all.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: carts 5 | spec: 6 | hosts: 7 | - carts 8 | http: 9 | - route: 10 | - destination: 11 | host: carts 12 | subset: v1 13 | --- 14 | apiVersion: networking.istio.io/v1alpha3 15 | kind: DestinationRule 16 | metadata: 17 | name: carts 18 | spec: 19 | host: carts 20 | subsets: 21 | - name: v1 22 | labels: 23 | version: v1 24 | name: carts 25 | --- 26 | apiVersion: networking.istio.io/v1alpha3 27 | kind: VirtualService 28 | metadata: 29 | name: carts-db 30 | spec: 31 | hosts: 32 | - carts-db 33 | http: 34 | - route: 35 | - destination: 36 | host: carts-db 37 | subset: v1 38 | --- 39 | apiVersion: networking.istio.io/v1alpha3 40 | kind: DestinationRule 41 | metadata: 42 | name: carts-db 43 | spec: 44 | host: carts-db 45 | subsets: 46 | - name: v1 47 | labels: 48 | version: v1 49 | name: carts-db 50 | --- 51 | apiVersion: networking.istio.io/v1alpha3 52 | kind: VirtualService 53 | metadata: 54 | name: catalogue 55 | spec: 56 | hosts: 57 | - catalogue 58 | http: 59 | - route: 60 | - destination: 61 | host: catalogue 62 | subset: v1 63 | --- 64 | apiVersion: networking.istio.io/v1alpha3 65 | kind: DestinationRule 66 | metadata: 67 | name: catalogue 68 | spec: 69 | host: catalogue 70 | subsets: 71 | - name: v1 72 | labels: 73 | version: v1 74 | name: catalogue 75 | --- 76 | apiVersion: networking.istio.io/v1alpha3 77 | kind: VirtualService 78 | metadata: 79 | name: catalogue-db 80 | spec: 81 | hosts: 82 | - catalogue-db 83 | http: 84 | - route: 85 | - destination: 86 | host: catalogue-db 87 | subset: v1 88 | --- 89 | apiVersion: networking.istio.io/v1alpha3 90 | kind: DestinationRule 91 | metadata: 92 | name: catalogue-db 93 | spec: 94 | host: catalogue-db 95 | subsets: 96 | - name: v1 97 | labels: 98 | version: v1 99 | name: catalogue-db 100 | --- 101 | apiVersion: networking.istio.io/v1alpha3 102 | kind: VirtualService 103 | metadata: 104 | name: orders 105 | spec: 106 | hosts: 107 | - orders 108 | http: 109 | - route: 110 | - destination: 111 | host: catalogue-db 112 | subset: v1 113 | --- 114 | apiVersion: networking.istio.io/v1alpha3 115 | kind: DestinationRule 116 | metadata: 117 | name: orders 118 | spec: 119 | host: orders 120 | subsets: 121 | - name: v1 122 | labels: 123 | version: v1 124 | name: orders 125 | --- 126 | apiVersion: networking.istio.io/v1alpha3 127 | kind: VirtualService 128 | metadata: 129 | name: orders-db 130 | spec: 131 | hosts: 132 | - orders-db 133 | http: 134 | - route: 135 | - destination: 136 | host: orders-db 137 | subset: v1 138 | --- 139 | apiVersion: networking.istio.io/v1alpha3 140 | kind: DestinationRule 141 | metadata: 142 | name: orders-db 143 | spec: 144 | host: orders-db 145 | subsets: 146 | - name: v1 147 | labels: 148 | version: v1 149 | name: orders-db 150 | --- 151 | apiVersion: networking.istio.io/v1alpha3 152 | kind: VirtualService 153 | metadata: 154 | name: payment 155 | spec: 156 | hosts: 157 | - payment 158 | http: 159 | - route: 160 | - destination: 161 | host: payment 162 | subset: v1 163 | --- 164 | apiVersion: networking.istio.io/v1alpha3 165 | kind: DestinationRule 166 | metadata: 167 | name: payment 168 | spec: 169 | host: payment 170 | subsets: 171 | - name: v1 172 | labels: 173 | version: v1 174 | name: payment 175 | --- 176 | apiVersion: networking.istio.io/v1alpha3 177 | kind: VirtualService 178 | metadata: 179 | name: queue-master 180 | spec: 181 | hosts: 182 | - queue-master 183 | http: 184 | - route: 185 | - destination: 186 | host: queue-master 187 | subset: v1 188 | --- 189 | apiVersion: networking.istio.io/v1alpha3 190 | kind: DestinationRule 191 | metadata: 192 | name: queue-master 193 | spec: 194 | host: queue-master 195 | subsets: 196 | - name: v1 197 | labels: 198 | version: v1 199 | name: queue-master 200 | --- 201 | apiVersion: networking.istio.io/v1alpha3 202 | kind: VirtualService 203 | metadata: 204 | name: rabbitmq 205 | spec: 206 | hosts: 207 | - rabbitmq 208 | http: 209 | - route: 210 | - destination: 211 | host: rabbitmq 212 | subset: v1 213 | --- 214 | apiVersion: networking.istio.io/v1alpha3 215 | kind: DestinationRule 216 | metadata: 217 | name: rabbitmq 218 | spec: 219 | host: rabbitmq 220 | subsets: 221 | - name: v1 222 | labels: 223 | version: v1 224 | name: rabbitmq 225 | --- 226 | apiVersion: networking.istio.io/v1alpha3 227 | kind: VirtualService 228 | metadata: 229 | name: shipping 230 | spec: 231 | hosts: 232 | - shipping 233 | http: 234 | - route: 235 | - destination: 236 | host: shipping 237 | subset: v1 238 | --- 239 | apiVersion: networking.istio.io/v1alpha3 240 | kind: DestinationRule 241 | metadata: 242 | name: shipping 243 | spec: 244 | host: shipping 245 | subsets: 246 | - name: v1 247 | labels: 248 | version: v1 249 | name: shipping 250 | --- 251 | apiVersion: networking.istio.io/v1alpha3 252 | kind: VirtualService 253 | metadata: 254 | name: user 255 | spec: 256 | hosts: 257 | - user 258 | http: 259 | - route: 260 | - destination: 261 | host: user 262 | subset: v1 263 | --- 264 | apiVersion: networking.istio.io/v1alpha3 265 | kind: DestinationRule 266 | metadata: 267 | name: user 268 | spec: 269 | host: user 270 | subsets: 271 | - name: v1 272 | labels: 273 | version: v1 274 | name: user 275 | --- 276 | apiVersion: networking.istio.io/v1alpha3 277 | kind: VirtualService 278 | metadata: 279 | name: user-db 280 | spec: 281 | hosts: 282 | - user-db 283 | http: 284 | - route: 285 | - destination: 286 | host: user-db 287 | subset: v1 288 | --- 289 | apiVersion: networking.istio.io/v1alpha3 290 | kind: DestinationRule 291 | metadata: 292 | name: user-db 293 | spec: 294 | host: user-db 295 | subsets: 296 | - name: v1 297 | labels: 298 | version: v1 299 | name: user-db 300 | --------------------------------------------------------------------------------