Merge pull request #35 from seifrajhi/microservices-demo-grpc

feat: Cloud-first app with 10 microservices showcasing Kubernetes, Is…

.github/ISSUE_TEMPLATE/bug-report.md

@@ -0,0 +1,34 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+### Describe the bug 
+<!-- A clear and concise description of what the bug is. -->
+
+### To Reproduce 
+<!-- Steps to reproduce the behavior: -->
+<!-- 1. Built image '...' -->
+<!-- 2. Ran command '....' -->
+<!-- 3. See error -->
+
+### Logs  
+<!-- Add logs to help explain your problem -->
+
+### Screenshots 
+<!-- If applicable, add screenshots to help explain your problem -->
+
+### Environment 
+<!--  - OS: [e.g. MacOS Big Sur v11.6] -->
+<!--  - Kubernetes distribution, version: [e.g. minikube, GKE (Standard or Autopilot), EKS, AWS ... ] -->
+<!--  - Any relevant tool version: [e.g. Docker v20.10.8] -->
+
+### Additional context 
+<!-- Add any other context about the problem here -->
+
+### Exposure 
+<!-- Is the bug intermittent, persistent? Is it widespread, local? -->

.github/ISSUE_TEMPLATE/feature-request.md

@@ -0,0 +1,14 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+### Describe request or inquiry 
+<!-- Add any other context about the problem or helpful links here! -->
+
+### What purpose/environment will this feature serve? 
+<!-- Add reasoning -->

.github/ISSUE_TEMPLATE/other.md

@@ -0,0 +1,10 @@
+---
+name: Other
+about: Have a question or need clarification?
+title: ''
+labels: ''
+assignees: ''
+
+---
+### Write down your inquiry 
+<!-- Write your question/inquiry here and any addition context -->

.github/auto-approve.yml

@@ -0,0 +1,23 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# https://github.com/googleapis/repo-automation-bots/tree/main/packages/auto-approve
+processes:
+  - "PythonDependency"
+  - "PythonSampleAppDependency"
+  - "JavaDependency"
+  - "JavaSampleAppDependency"
+  - "GoDependency"
+  - "NodeDependency"
+  - "DockerDependency"

.github/header-checker-lint.yml

@@ -0,0 +1,47 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This file configures a GitHub Bot called "License Header Lint GCF": https://github.com/apps/license-header-lint-gcf
+# The bot runs a GitHub check called "header-check" (inside pull-requests) that warns us about invalid/missing license headers.
+# The schema for this configutation file is documented at https://github.com/googleapis/repo-automation-bots/tree/main/packages/header-checker-lint#header-checker-lint.
+
+allowedCopyrightHolders:
+  - 'Google LLC'
+
+allowedLicenses:
+  - 'Apache-2.0'
+
+# If you want to ignore certain files/folders, use ignoreFiles.
+# ignoreFiles:
+#  - '**/requirements.txt'
+
+# If you want to ignore checking the license year, use ignoreLicenseYear.
+# ignoreLicenseYear: true # Useful when migrating in code licensed at previous years.
+
+sourceFileExtensions:
+  - 'cs'
+  - 'css'
+  - 'Dockerfile'
+  - 'dockerignore'
+  - 'gitignore'
+  - 'go'
+  - 'html'
+  - 'java'
+  - 'js'
+  - 'proto'
+  - 'py'
+  - 'sh'
+  - 'tf'
+  - 'yaml'
+  - 'yml'

.github/pull_request_template.md

@@ -0,0 +1,16 @@
+### Background 
+<!-- What was happening before this PR, and the problem(s) it solves -->
+
+### Fixes 
+<!-- Link the issue(s) this PR fixes-->
+### Change Summary
+<!-- Short summary of the changes submitted -->
+
+### Additional Notes
+<!-- Any remaining concerns -->
+
+### Testing Procedure
+<!-- If applicable, write how to test for reviewers-->
+
+### Related PRs or Issues 
+<!-- Dependent PRs, or any relevant linked issues -->

.github/release-cluster/README.md

@@ -0,0 +1,75 @@
+# cymbal-shops.retail.cymbal.dev manifests
+
+This directory contains extra deploy manifests for configuring Online Boutique solution on GKE for cymbal-shops.retail.cymbal.dev.
+
+_Note: before moving forward, the Online Boutique apps should already be deployed [on the online-boutique-release GKE cluster](/docs/releasing#10-deploy-releasekubernetes-manifestsyaml-to-our-online-boutique-release-gke-cluster)._
+
+## Public static IP address
+
+Create the static public IP address:
+```
+STATIC_IP_NAME=online-boutique-ip # name hard-coded in: frontend-ingress.yaml
+gcloud compute addresses create $STATIC_IP_NAME --global
+```
+
+When ready to do so, you could grab this public IP address and update your DNS:
+```
+gcloud compute addresses describe $STATIC_IP_NAME \
+    --global \
+    --format "value(address)"
+```
+
+## Cloud Armor
+
+Set up Cloud Armor:
+```
+SECURITY_POLICY_NAME=online-boutique-security-policy # Name hard-coded in: backendconfig.yaml
+gcloud compute security-policies create $SECURITY_POLICY_NAME \
+    --description "Block various attacks"
+gcloud compute security-policies rules create 1000 \
+    --security-policy $SECURITY_POLICY_NAME \
+    --expression "evaluatePreconfiguredExpr('xss-stable')" \
+    --action "deny-403" \
+    --description "XSS attack filtering"
+gcloud compute security-policies rules create 12345 \
+    --security-policy $SECURITY_POLICY_NAME \
+    --expression "evaluatePreconfiguredExpr('cve-canary')" \
+    --action "deny-403" \
+    --description "CVE-2021-44228 and CVE-2021-45046"
+gcloud compute security-policies update $SECURITY_POLICY_NAME \
+    --enable-layer7-ddos-defense
+gcloud compute security-policies update $SECURITY_POLICY_NAME \
+    --log-level=VERBOSE
+```
+
+## SSL Policy
+
+Set up an SSL policy in order to later set up a redirect from HTTP to HTTPs:
+```
+SSL_POLICY_NAME=online-boutique-ssl-policy # Name hard-coded in: frontendconfig.yaml
+gcloud compute ssl-policies create $SSL_POLICY_NAME \
+    --profile COMPATIBLE  \
+    --min-tls-version 1.0
+```
+
+## Deploy Kubernetes manifests
+
+Deploy the Kubernetes manifests in this current folder:
+```
+kubectl apply -f .
+```
+
+Wait for the `ManagedCertificate` to be provisioned. This usually takes about 30 minutes.
+```
+kubectl get managedcertificates
+```
+
+Remove the default `LoadBalancer` `Service` not used at this point:
+```
+kubectl delete service frontend-external
+```
+
+Remove the `loadgenerator` `Deployment` not used at this point:
+```
+kubectl delete deployment loadgenerator
+```

.github/release-cluster/backend-config.yaml

@@ -0,0 +1,21 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: cloud.google.com/v1
+kind: BackendConfig
+metadata:
+  name: frontend-backend-config
+spec:
+  securityPolicy:
+    name: online-boutique-security-policy

.github/release-cluster/frontend-config.yaml

@@ -0,0 +1,23 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: networking.gke.io/v1beta1
+kind: FrontendConfig
+metadata:
+  name: frontend-frontend-config
+spec:
+  sslPolicy: online-boutique-ssl-policy
+  redirectToHttps:
+    enabled: true
+    responseCodeName: MOVED_PERMANENTLY_DEFAULT

.github/release-cluster/frontend-ingress.yaml

@@ -0,0 +1,38 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: frontend-ingress
+  annotations:
+    kubernetes.io/ingress.global-static-ip-name: online-boutique-ip
+    networking.gke.io/managed-certificates: online-boutique-certificate
+    networking.gke.io/v1beta1.FrontendConfig: frontend-frontend-config
+spec:
+  defaultBackend:
+    service:
+      name: frontend
+      port:
+        number: 80
+  rules:
+  - http:
+      paths:
+      - path: /*
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: frontend
+            port:
+              number: 80

.github/release-cluster/frontend-service.yaml

@@ -0,0 +1,29 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend
+  annotations:
+    cloud.google.com/neg: '{"ingress": true}'
+    cloud.google.com/backend-config: '{"default": "frontend-backend-config"}'
+spec:
+  type: ClusterIP
+  selector:
+    app: frontend
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8080

.github/release-cluster/managed-cert.yaml

@@ -0,0 +1,21 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: networking.gke.io/v1
+kind: ManagedCertificate
+metadata:
+  name: online-boutique-certificate
+spec:
+  domains:
+    - cymbal-shops.retail.cymbal.dev

.github/renovate.json5

@@ -0,0 +1,24 @@
+{
+  "extends": [
+    "github>GoogleCloudPlatform/kubernetes-engine-samples//.github/renovate-configs/dee-platform-ops.json5",
+    "schedule:earlyMondays",
+  ],
+  "pip-compile": {
+    "enabled": true,
+    "fileMatch": ["(^|/)requirements\\.in$"]
+  },
+  // pip-compile handles requirements.txt updates.
+  "pip_requirements": {
+    "enabled": false
+  },
+  "constraints": {
+    "python": "~=3.11.0"
+  },
+  "kubernetes": {
+    "fileMatch": ["\\.yaml$"],
+    "ignorePaths": [
+      "release/**",
+      "kustomize/base/**"
+    ]
+  },
+}