diff --git a/hack/make-release-artifacts.sh b/hack/make-release-artifacts.sh
index 6deee997d4e..f2194bf93b2 100755
--- a/hack/make-release-artifacts.sh
+++ b/hack/make-release-artifacts.sh
@@ -117,8 +117,6 @@ main() {
mk_kubernetes_manifests > "${k8s_manifests_file}"
log "Written ${k8s_manifests_file}"
- cp ${k8s_manifests_file} ../kustomize/base
-
istio_manifests_file="${OUT_DIR}/istio-manifests.yaml"
mk_istio_manifests > "${istio_manifests_file}"
log "Written ${istio_manifests_file}"
diff --git a/kustomize/base/adservice.yaml b/kustomize/base/adservice.yaml
new file mode 100644
index 00000000000..f3befe8a4ca
--- /dev/null
+++ b/kustomize/base/adservice.yaml
@@ -0,0 +1,83 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: adservice
+spec:
+ selector:
+ matchLabels:
+ app: adservice
+ template:
+ metadata:
+ labels:
+ app: adservice
+ spec:
+ serviceAccountName: default
+ terminationGracePeriodSeconds: 5
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ containers:
+ - name: server
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
+ image: gcr.io/google-samples/microservices-demo/adservice:v0.4.0
+ ports:
+ - containerPort: 9555
+ env:
+ - name: PORT
+ value: "9555"
+ - name: DISABLE_STATS
+ value: "1"
+ - name: DISABLE_TRACING
+ value: "1"
+ resources:
+ requests:
+ cpu: 200m
+ memory: 180Mi
+ limits:
+ cpu: 300m
+ memory: 300Mi
+ readinessProbe:
+ initialDelaySeconds: 20
+ periodSeconds: 15
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:9555"]
+ livenessProbe:
+ initialDelaySeconds: 20
+ periodSeconds: 15
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:9555"]
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: adservice
+spec:
+ type: ClusterIP
+ selector:
+ app: adservice
+ ports:
+ - name: grpc
+ port: 9555
+ targetPort: 9555
diff --git a/kustomize/base/cartservice.yaml b/kustomize/base/cartservice.yaml
new file mode 100644
index 00000000000..e93d3c18c94
--- /dev/null
+++ b/kustomize/base/cartservice.yaml
@@ -0,0 +1,78 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: cartservice
+spec:
+ selector:
+ matchLabels:
+ app: cartservice
+ template:
+ metadata:
+ labels:
+ app: cartservice
+ spec:
+ serviceAccountName: default
+ terminationGracePeriodSeconds: 5
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ containers:
+ - name: server
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
+ image: gcr.io/google-samples/microservices-demo/cartservice:v0.4.0
+ ports:
+ - containerPort: 7070
+ env:
+ - name: REDIS_ADDR
+ value: "redis-cart:6379"
+ resources:
+ requests:
+ cpu: 200m
+ memory: 64Mi
+ limits:
+ cpu: 300m
+ memory: 128Mi
+ readinessProbe:
+ initialDelaySeconds: 15
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:7070", "-rpc-timeout=5s"]
+ livenessProbe:
+ initialDelaySeconds: 15
+ periodSeconds: 10
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:7070", "-rpc-timeout=5s"]
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: cartservice
+spec:
+ type: ClusterIP
+ selector:
+ app: cartservice
+ ports:
+ - name: grpc
+ port: 7070
+ targetPort: 7070
diff --git a/kustomize/base/checkoutservice.yaml b/kustomize/base/checkoutservice.yaml
new file mode 100644
index 00000000000..3a399845d63
--- /dev/null
+++ b/kustomize/base/checkoutservice.yaml
@@ -0,0 +1,92 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: checkoutservice
+spec:
+ selector:
+ matchLabels:
+ app: checkoutservice
+ template:
+ metadata:
+ labels:
+ app: checkoutservice
+ spec:
+ serviceAccountName: default
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ containers:
+ - name: server
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
+ image: gcr.io/google-samples/microservices-demo/checkoutservice:v0.4.0
+ ports:
+ - containerPort: 5050
+ readinessProbe:
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:5050"]
+ livenessProbe:
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:5050"]
+ env:
+ - name: PORT
+ value: "5050"
+ - name: PRODUCT_CATALOG_SERVICE_ADDR
+ value: "productcatalogservice:3550"
+ - name: SHIPPING_SERVICE_ADDR
+ value: "shippingservice:50051"
+ - name: PAYMENT_SERVICE_ADDR
+ value: "paymentservice:50051"
+ - name: EMAIL_SERVICE_ADDR
+ value: "emailservice:5000"
+ - name: CURRENCY_SERVICE_ADDR
+ value: "currencyservice:7000"
+ - name: CART_SERVICE_ADDR
+ value: "cartservice:7070"
+ - name: DISABLE_STATS
+ value: "1"
+ - name: DISABLE_TRACING
+ value: "1"
+ - name: DISABLE_PROFILER
+ value: "1"
+ resources:
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ limits:
+ cpu: 200m
+ memory: 128Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: checkoutservice
+spec:
+ type: ClusterIP
+ selector:
+ app: checkoutservice
+ ports:
+ - name: grpc
+ port: 5050
+ targetPort: 5050
diff --git a/kustomize/base/currencyservice.yaml b/kustomize/base/currencyservice.yaml
new file mode 100644
index 00000000000..b10ca5c0d3f
--- /dev/null
+++ b/kustomize/base/currencyservice.yaml
@@ -0,0 +1,82 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: currencyservice
+spec:
+ selector:
+ matchLabels:
+ app: currencyservice
+ template:
+ metadata:
+ labels:
+ app: currencyservice
+ spec:
+ serviceAccountName: default
+ terminationGracePeriodSeconds: 5
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ containers:
+ - name: server
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
+ image: gcr.io/google-samples/microservices-demo/currencyservice:v0.4.0
+ ports:
+ - name: grpc
+ containerPort: 7000
+ env:
+ - name: PORT
+ value: "7000"
+ - name: DISABLE_TRACING
+ value: "1"
+ - name: DISABLE_PROFILER
+ value: "1"
+ - name: DISABLE_DEBUGGER
+ value: "1"
+ readinessProbe:
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:7000"]
+ livenessProbe:
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:7000"]
+ resources:
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ limits:
+ cpu: 200m
+ memory: 128Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: currencyservice
+spec:
+ type: ClusterIP
+ selector:
+ app: currencyservice
+ ports:
+ - name: grpc
+ port: 7000
+ targetPort: 7000
diff --git a/kustomize/base/emailservice.yaml b/kustomize/base/emailservice.yaml
new file mode 100644
index 00000000000..d85a29ffa60
--- /dev/null
+++ b/kustomize/base/emailservice.yaml
@@ -0,0 +1,81 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: emailservice
+spec:
+ selector:
+ matchLabels:
+ app: emailservice
+ template:
+ metadata:
+ labels:
+ app: emailservice
+ spec:
+ serviceAccountName: default
+ terminationGracePeriodSeconds: 5
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ containers:
+ - name: server
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
+ image: gcr.io/google-samples/microservices-demo/emailservice:v0.4.0
+ ports:
+ - containerPort: 8080
+ env:
+ - name: PORT
+ value: "8080"
+ - name: DISABLE_TRACING
+ value: "1"
+ - name: DISABLE_PROFILER
+ value: "1"
+ readinessProbe:
+ periodSeconds: 5
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:8080"]
+ livenessProbe:
+ periodSeconds: 5
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:8080"]
+ resources:
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ limits:
+ cpu: 200m
+ memory: 128Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: emailservice
+spec:
+ type: ClusterIP
+ selector:
+ app: emailservice
+ ports:
+ - name: grpc
+ port: 5000
+ targetPort: 8080
diff --git a/kustomize/base/frontend.yaml b/kustomize/base/frontend.yaml
new file mode 100644
index 00000000000..6f13d0bfa01
--- /dev/null
+++ b/kustomize/base/frontend.yaml
@@ -0,0 +1,123 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: frontend
+spec:
+ selector:
+ matchLabels:
+ app: frontend
+ template:
+ metadata:
+ labels:
+ app: frontend
+ annotations:
+ sidecar.istio.io/rewriteAppHTTPProbers: "true"
+ spec:
+ serviceAccountName: default
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ containers:
+ - name: server
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
+ image: gcr.io/google-samples/microservices-demo/frontend:v0.4.0
+ ports:
+ - containerPort: 8080
+ readinessProbe:
+ initialDelaySeconds: 10
+ httpGet:
+ path: "/_healthz"
+ port: 8080
+ httpHeaders:
+ - name: "Cookie"
+ value: "shop_session-id=x-readiness-probe"
+ livenessProbe:
+ initialDelaySeconds: 10
+ httpGet:
+ path: "/_healthz"
+ port: 8080
+ httpHeaders:
+ - name: "Cookie"
+ value: "shop_session-id=x-liveness-probe"
+ env:
+ - name: PORT
+ value: "8080"
+ - name: PRODUCT_CATALOG_SERVICE_ADDR
+ value: "productcatalogservice:3550"
+ - name: CURRENCY_SERVICE_ADDR
+ value: "currencyservice:7000"
+ - name: CART_SERVICE_ADDR
+ value: "cartservice:7070"
+ - name: RECOMMENDATION_SERVICE_ADDR
+ value: "recommendationservice:8080"
+ - name: SHIPPING_SERVICE_ADDR
+ value: "shippingservice:50051"
+ - name: CHECKOUT_SERVICE_ADDR
+ value: "checkoutservice:5050"
+ - name: AD_SERVICE_ADDR
+ value: "adservice:9555"
+ # # ENV_PLATFORM: One of: local, gcp, aws, azure, onprem, alibaba
+ # # When not set, defaults to "local" unless running in GKE, otherwies auto-sets to gcp
+ # - name: ENV_PLATFORM
+ # value: "aws"
+ - name: DISABLE_TRACING
+ value: "1"
+ - name: DISABLE_PROFILER
+ value: "1"
+ # - name: CYMBAL_BRANDING
+ # value: "true"
+ resources:
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ limits:
+ cpu: 200m
+ memory: 128Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: frontend
+spec:
+ type: ClusterIP
+ selector:
+ app: frontend
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: frontend-external
+spec:
+ type: LoadBalancer
+ selector:
+ app: frontend
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8080
diff --git a/kustomize/base/kubernetes-manifests.yaml b/kustomize/base/kubernetes-manifests.yaml
deleted file mode 100644
index 8752cb456ab..00000000000
--- a/kustomize/base/kubernetes-manifests.yaml
+++ /dev/null
@@ -1,896 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: emailservice
-spec:
- selector:
- matchLabels:
- app: emailservice
- template:
- metadata:
- labels:
- app: emailservice
- spec:
- containers:
- - env:
- - name: PORT
- value: "8080"
- - name: DISABLE_TRACING
- value: "1"
- - name: DISABLE_PROFILER
- value: "1"
- image: gcr.io/google-samples/microservices-demo/emailservice:v0.3.9
- livenessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:8080
- periodSeconds: 5
- name: server
- ports:
- - containerPort: 8080
- readinessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:8080
- periodSeconds: 5
- resources:
- limits:
- cpu: 200m
- memory: 128Mi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- privileged: false
- readOnlyRootFilesystem: true
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsNonRoot: true
- runAsUser: 1000
- serviceAccountName: default
- terminationGracePeriodSeconds: 5
----
-apiVersion: v1
-kind: Service
-metadata:
- name: emailservice
-spec:
- ports:
- - name: grpc
- port: 5000
- targetPort: 8080
- selector:
- app: emailservice
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: checkoutservice
-spec:
- selector:
- matchLabels:
- app: checkoutservice
- template:
- metadata:
- labels:
- app: checkoutservice
- spec:
- containers:
- - env:
- - name: PORT
- value: "5050"
- - name: PRODUCT_CATALOG_SERVICE_ADDR
- value: productcatalogservice:3550
- - name: SHIPPING_SERVICE_ADDR
- value: shippingservice:50051
- - name: PAYMENT_SERVICE_ADDR
- value: paymentservice:50051
- - name: EMAIL_SERVICE_ADDR
- value: emailservice:5000
- - name: CURRENCY_SERVICE_ADDR
- value: currencyservice:7000
- - name: CART_SERVICE_ADDR
- value: cartservice:7070
- - name: DISABLE_STATS
- value: "1"
- - name: DISABLE_TRACING
- value: "1"
- - name: DISABLE_PROFILER
- value: "1"
- image: gcr.io/google-samples/microservices-demo/checkoutservice:v0.3.9
- livenessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:5050
- name: server
- ports:
- - containerPort: 5050
- readinessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:5050
- resources:
- limits:
- cpu: 200m
- memory: 128Mi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- privileged: false
- readOnlyRootFilesystem: true
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsNonRoot: true
- runAsUser: 1000
- serviceAccountName: default
----
-apiVersion: v1
-kind: Service
-metadata:
- name: checkoutservice
-spec:
- ports:
- - name: grpc
- port: 5050
- targetPort: 5050
- selector:
- app: checkoutservice
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: recommendationservice
-spec:
- selector:
- matchLabels:
- app: recommendationservice
- template:
- metadata:
- labels:
- app: recommendationservice
- spec:
- containers:
- - env:
- - name: PORT
- value: "8080"
- - name: PRODUCT_CATALOG_SERVICE_ADDR
- value: productcatalogservice:3550
- - name: DISABLE_TRACING
- value: "1"
- - name: DISABLE_PROFILER
- value: "1"
- - name: DISABLE_DEBUGGER
- value: "1"
- image: gcr.io/google-samples/microservices-demo/recommendationservice:v0.3.9
- livenessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:8080
- periodSeconds: 5
- name: server
- ports:
- - containerPort: 8080
- readinessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:8080
- periodSeconds: 5
- resources:
- limits:
- cpu: 200m
- memory: 450Mi
- requests:
- cpu: 100m
- memory: 220Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- privileged: false
- readOnlyRootFilesystem: true
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsNonRoot: true
- runAsUser: 1000
- serviceAccountName: default
- terminationGracePeriodSeconds: 5
----
-apiVersion: v1
-kind: Service
-metadata:
- name: recommendationservice
-spec:
- ports:
- - name: grpc
- port: 8080
- targetPort: 8080
- selector:
- app: recommendationservice
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: frontend
-spec:
- selector:
- matchLabels:
- app: frontend
- template:
- metadata:
- annotations:
- sidecar.istio.io/rewriteAppHTTPProbers: "true"
- labels:
- app: frontend
- spec:
- containers:
- - env:
- - name: PORT
- value: "8080"
- - name: PRODUCT_CATALOG_SERVICE_ADDR
- value: productcatalogservice:3550
- - name: CURRENCY_SERVICE_ADDR
- value: currencyservice:7000
- - name: CART_SERVICE_ADDR
- value: cartservice:7070
- - name: RECOMMENDATION_SERVICE_ADDR
- value: recommendationservice:8080
- - name: SHIPPING_SERVICE_ADDR
- value: shippingservice:50051
- - name: CHECKOUT_SERVICE_ADDR
- value: checkoutservice:5050
- - name: AD_SERVICE_ADDR
- value: adservice:9555
- - name: DISABLE_TRACING
- value: "1"
- - name: DISABLE_PROFILER
- value: "1"
- image: gcr.io/google-samples/microservices-demo/frontend:v0.3.9
- livenessProbe:
- httpGet:
- httpHeaders:
- - name: Cookie
- value: shop_session-id=x-liveness-probe
- path: /_healthz
- port: 8080
- initialDelaySeconds: 10
- name: server
- ports:
- - containerPort: 8080
- readinessProbe:
- httpGet:
- httpHeaders:
- - name: Cookie
- value: shop_session-id=x-readiness-probe
- path: /_healthz
- port: 8080
- initialDelaySeconds: 10
- resources:
- limits:
- cpu: 200m
- memory: 128Mi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- privileged: false
- readOnlyRootFilesystem: true
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsNonRoot: true
- runAsUser: 1000
- serviceAccountName: default
----
-apiVersion: v1
-kind: Service
-metadata:
- name: frontend
-spec:
- ports:
- - name: http
- port: 80
- targetPort: 8080
- selector:
- app: frontend
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- name: frontend-external
-spec:
- ports:
- - name: http
- port: 80
- targetPort: 8080
- selector:
- app: frontend
- type: LoadBalancer
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: paymentservice
-spec:
- selector:
- matchLabels:
- app: paymentservice
- template:
- metadata:
- labels:
- app: paymentservice
- spec:
- containers:
- - env:
- - name: PORT
- value: "50051"
- - name: DISABLE_TRACING
- value: "1"
- - name: DISABLE_PROFILER
- value: "1"
- - name: DISABLE_DEBUGGER
- value: "1"
- image: gcr.io/google-samples/microservices-demo/paymentservice:v0.3.9
- livenessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:50051
- name: server
- ports:
- - containerPort: 50051
- readinessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:50051
- resources:
- limits:
- cpu: 200m
- memory: 128Mi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- privileged: false
- readOnlyRootFilesystem: true
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsNonRoot: true
- runAsUser: 1000
- serviceAccountName: default
- terminationGracePeriodSeconds: 5
----
-apiVersion: v1
-kind: Service
-metadata:
- name: paymentservice
-spec:
- ports:
- - name: grpc
- port: 50051
- targetPort: 50051
- selector:
- app: paymentservice
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: productcatalogservice
-spec:
- selector:
- matchLabels:
- app: productcatalogservice
- template:
- metadata:
- labels:
- app: productcatalogservice
- spec:
- containers:
- - env:
- - name: PORT
- value: "3550"
- - name: DISABLE_STATS
- value: "1"
- - name: DISABLE_TRACING
- value: "1"
- - name: DISABLE_PROFILER
- value: "1"
- image: gcr.io/google-samples/microservices-demo/productcatalogservice:v0.3.9
- livenessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:3550
- name: server
- ports:
- - containerPort: 3550
- readinessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:3550
- resources:
- limits:
- cpu: 200m
- memory: 128Mi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- privileged: false
- readOnlyRootFilesystem: true
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsNonRoot: true
- runAsUser: 1000
- serviceAccountName: default
- terminationGracePeriodSeconds: 5
----
-apiVersion: v1
-kind: Service
-metadata:
- name: productcatalogservice
-spec:
- ports:
- - name: grpc
- port: 3550
- targetPort: 3550
- selector:
- app: productcatalogservice
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: cartservice
-spec:
- selector:
- matchLabels:
- app: cartservice
- template:
- metadata:
- labels:
- app: cartservice
- spec:
- containers:
- - env:
- - name: REDIS_ADDR
- value: redis-cart:6379
- image: gcr.io/google-samples/microservices-demo/cartservice:v0.3.9
- livenessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:7070
- - -rpc-timeout=5s
- initialDelaySeconds: 15
- periodSeconds: 10
- name: server
- ports:
- - containerPort: 7070
- readinessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:7070
- - -rpc-timeout=5s
- initialDelaySeconds: 15
- resources:
- limits:
- cpu: 300m
- memory: 128Mi
- requests:
- cpu: 200m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- privileged: false
- readOnlyRootFilesystem: true
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsNonRoot: true
- runAsUser: 1000
- serviceAccountName: default
- terminationGracePeriodSeconds: 5
----
-apiVersion: v1
-kind: Service
-metadata:
- name: cartservice
-spec:
- ports:
- - name: grpc
- port: 7070
- targetPort: 7070
- selector:
- app: cartservice
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: loadgenerator
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: loadgenerator
- template:
- metadata:
- annotations:
- sidecar.istio.io/rewriteAppHTTPProbers: "true"
- labels:
- app: loadgenerator
- spec:
- containers:
- - env:
- - name: FRONTEND_ADDR
- value: frontend:80
- - name: USERS
- value: "10"
- image: gcr.io/google-samples/microservices-demo/loadgenerator:v0.3.9
- name: main
- resources:
- limits:
- cpu: 500m
- memory: 512Mi
- requests:
- cpu: 300m
- memory: 256Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- privileged: false
- readOnlyRootFilesystem: true
- initContainers:
- - command:
- - /bin/sh
- - -exc
- - |
- echo "Init container pinging frontend: ${FRONTEND_ADDR}..."
- STATUSCODE=$(wget --server-response http://${FRONTEND_ADDR} 2>&1 | awk '/^ HTTP/{print $2}')
- if test $STATUSCODE -ne 200; then
- echo "Error: Could not reach frontend - Status code: ${STATUSCODE}"
- exit 1
- fi
- env:
- - name: FRONTEND_ADDR
- value: frontend:80
- image: busybox:latest
- name: frontend-check
- restartPolicy: Always
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsNonRoot: true
- runAsUser: 1000
- serviceAccountName: default
- terminationGracePeriodSeconds: 5
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: currencyservice
-spec:
- selector:
- matchLabels:
- app: currencyservice
- template:
- metadata:
- labels:
- app: currencyservice
- spec:
- containers:
- - env:
- - name: PORT
- value: "7000"
- - name: DISABLE_TRACING
- value: "1"
- - name: DISABLE_PROFILER
- value: "1"
- - name: DISABLE_DEBUGGER
- value: "1"
- image: gcr.io/google-samples/microservices-demo/currencyservice:v0.3.9
- livenessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:7000
- name: server
- ports:
- - containerPort: 7000
- name: grpc
- readinessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:7000
- resources:
- limits:
- cpu: 200m
- memory: 128Mi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- privileged: false
- readOnlyRootFilesystem: true
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsNonRoot: true
- runAsUser: 1000
- serviceAccountName: default
- terminationGracePeriodSeconds: 5
----
-apiVersion: v1
-kind: Service
-metadata:
- name: currencyservice
-spec:
- ports:
- - name: grpc
- port: 7000
- targetPort: 7000
- selector:
- app: currencyservice
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: shippingservice
-spec:
- selector:
- matchLabels:
- app: shippingservice
- template:
- metadata:
- labels:
- app: shippingservice
- spec:
- containers:
- - env:
- - name: PORT
- value: "50051"
- - name: DISABLE_STATS
- value: "1"
- - name: DISABLE_TRACING
- value: "1"
- - name: DISABLE_PROFILER
- value: "1"
- image: gcr.io/google-samples/microservices-demo/shippingservice:v0.3.9
- livenessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:50051
- name: server
- ports:
- - containerPort: 50051
- readinessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:50051
- periodSeconds: 5
- resources:
- limits:
- cpu: 200m
- memory: 128Mi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- privileged: false
- readOnlyRootFilesystem: true
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsNonRoot: true
- runAsUser: 1000
- serviceAccountName: default
----
-apiVersion: v1
-kind: Service
-metadata:
- name: shippingservice
-spec:
- ports:
- - name: grpc
- port: 50051
- targetPort: 50051
- selector:
- app: shippingservice
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: redis-cart
-spec:
- selector:
- matchLabels:
- app: redis-cart
- template:
- metadata:
- labels:
- app: redis-cart
- spec:
- containers:
- - image: redis:alpine
- livenessProbe:
- periodSeconds: 5
- tcpSocket:
- port: 6379
- name: redis
- ports:
- - containerPort: 6379
- readinessProbe:
- periodSeconds: 5
- tcpSocket:
- port: 6379
- resources:
- limits:
- cpu: 125m
- memory: 256Mi
- requests:
- cpu: 70m
- memory: 200Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- privileged: false
- readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /data
- name: redis-data
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsNonRoot: true
- runAsUser: 1000
- volumes:
- - emptyDir: {}
- name: redis-data
----
-apiVersion: v1
-kind: Service
-metadata:
- name: redis-cart
-spec:
- ports:
- - name: tls-redis
- port: 6379
- targetPort: 6379
- selector:
- app: redis-cart
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: adservice
-spec:
- selector:
- matchLabels:
- app: adservice
- template:
- metadata:
- labels:
- app: adservice
- spec:
- containers:
- - env:
- - name: PORT
- value: "9555"
- - name: DISABLE_STATS
- value: "1"
- - name: DISABLE_TRACING
- value: "1"
- image: gcr.io/google-samples/microservices-demo/adservice:v0.3.9
- livenessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:9555
- initialDelaySeconds: 20
- periodSeconds: 15
- name: server
- ports:
- - containerPort: 9555
- readinessProbe:
- exec:
- command:
- - /bin/grpc_health_probe
- - -addr=:9555
- initialDelaySeconds: 20
- periodSeconds: 15
- resources:
- limits:
- cpu: 300m
- memory: 300Mi
- requests:
- cpu: 200m
- memory: 180Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- privileged: false
- readOnlyRootFilesystem: true
- securityContext:
- fsGroup: 1000
- runAsGroup: 1000
- runAsNonRoot: true
- runAsUser: 1000
- serviceAccountName: default
- terminationGracePeriodSeconds: 5
----
-apiVersion: v1
-kind: Service
-metadata:
- name: adservice
-spec:
- ports:
- - name: grpc
- port: 9555
- targetPort: 9555
- selector:
- app: adservice
- type: ClusterIP
diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml
index 110fc78d6ca..ce2068d77a7 100644
--- a/kustomize/base/kustomization.yaml
+++ b/kustomize/base/kustomization.yaml
@@ -15,4 +15,15 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
-- kubernetes-manifests.yaml
+- adservice.yaml
+- cartservice.yaml
+- checkoutservice.yaml
+- currencyservice.yaml
+- emailservice.yaml
+- frontend.yaml
+- loadgenerator.yaml
+- paymentservice.yaml
+- productcatalogservice.yaml
+- recommendationservice.yaml
+- redis.yaml
+- shippingservice.yaml
diff --git a/kustomize/base/loadgenerator.yaml b/kustomize/base/loadgenerator.yaml
new file mode 100644
index 00000000000..d4514a69a40
--- /dev/null
+++ b/kustomize/base/loadgenerator.yaml
@@ -0,0 +1,82 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: loadgenerator
+spec:
+ selector:
+ matchLabels:
+ app: loadgenerator
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: loadgenerator
+ annotations:
+ sidecar.istio.io/rewriteAppHTTPProbers: "true"
+ spec:
+ serviceAccountName: default
+ terminationGracePeriodSeconds: 5
+ restartPolicy: Always
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ initContainers:
+ - command:
+ - /bin/sh
+ - -exc
+ - |
+ echo "Init container pinging frontend: ${FRONTEND_ADDR}..."
+ STATUSCODE=$(wget --server-response http://${FRONTEND_ADDR} 2>&1 | awk '/^ HTTP/{print $2}')
+ if test $STATUSCODE -ne 200; then
+ echo "Error: Could not reach frontend - Status code: ${STATUSCODE}"
+ exit 1
+ fi
+ name: frontend-check
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
+ image: busybox:latest
+ env:
+ - name: FRONTEND_ADDR
+ value: "frontend:80"
+ containers:
+ - name: main
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
+ image: gcr.io/google-samples/microservices-demo/loadgenerator:v0.4.0
+ env:
+ - name: FRONTEND_ADDR
+ value: "frontend:80"
+ - name: USERS
+ value: "10"
+ resources:
+ requests:
+ cpu: 300m
+ memory: 256Mi
+ limits:
+ cpu: 500m
+ memory: 512Mi
diff --git a/kustomize/base/paymentservice.yaml b/kustomize/base/paymentservice.yaml
new file mode 100644
index 00000000000..ab76b053c46
--- /dev/null
+++ b/kustomize/base/paymentservice.yaml
@@ -0,0 +1,81 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: paymentservice
+spec:
+ selector:
+ matchLabels:
+ app: paymentservice
+ template:
+ metadata:
+ labels:
+ app: paymentservice
+ spec:
+ serviceAccountName: default
+ terminationGracePeriodSeconds: 5
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ containers:
+ - name: server
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
+ image: gcr.io/google-samples/microservices-demo/paymentservice:v0.4.0
+ ports:
+ - containerPort: 50051
+ env:
+ - name: PORT
+ value: "50051"
+ - name: DISABLE_TRACING
+ value: "1"
+ - name: DISABLE_PROFILER
+ value: "1"
+ - name: DISABLE_DEBUGGER
+ value: "1"
+ readinessProbe:
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:50051"]
+ livenessProbe:
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:50051"]
+ resources:
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ limits:
+ cpu: 200m
+ memory: 128Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: paymentservice
+spec:
+ type: ClusterIP
+ selector:
+ app: paymentservice
+ ports:
+ - name: grpc
+ port: 50051
+ targetPort: 50051
diff --git a/kustomize/base/productcatalogservice.yaml b/kustomize/base/productcatalogservice.yaml
new file mode 100644
index 00000000000..fda91f52bf1
--- /dev/null
+++ b/kustomize/base/productcatalogservice.yaml
@@ -0,0 +1,81 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: productcatalogservice
+spec:
+ selector:
+ matchLabels:
+ app: productcatalogservice
+ template:
+ metadata:
+ labels:
+ app: productcatalogservice
+ spec:
+ serviceAccountName: default
+ terminationGracePeriodSeconds: 5
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ containers:
+ - name: server
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
+ image: gcr.io/google-samples/microservices-demo/productcatalogservice:v0.4.0
+ ports:
+ - containerPort: 3550
+ env:
+ - name: PORT
+ value: "3550"
+ - name: DISABLE_STATS
+ value: "1"
+ - name: DISABLE_TRACING
+ value: "1"
+ - name: DISABLE_PROFILER
+ value: "1"
+ readinessProbe:
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:3550"]
+ livenessProbe:
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:3550"]
+ resources:
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ limits:
+ cpu: 200m
+ memory: 128Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: productcatalogservice
+spec:
+ type: ClusterIP
+ selector:
+ app: productcatalogservice
+ ports:
+ - name: grpc
+ port: 3550
+ targetPort: 3550
diff --git a/kustomize/base/recommendationservice.yaml b/kustomize/base/recommendationservice.yaml
new file mode 100644
index 00000000000..0a1ae7f6300
--- /dev/null
+++ b/kustomize/base/recommendationservice.yaml
@@ -0,0 +1,85 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: recommendationservice
+spec:
+ selector:
+ matchLabels:
+ app: recommendationservice
+ template:
+ metadata:
+ labels:
+ app: recommendationservice
+ spec:
+ serviceAccountName: default
+ terminationGracePeriodSeconds: 5
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ containers:
+ - name: server
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
+ image: gcr.io/google-samples/microservices-demo/recommendationservice:v0.4.0
+ ports:
+ - containerPort: 8080
+ readinessProbe:
+ periodSeconds: 5
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:8080"]
+ livenessProbe:
+ periodSeconds: 5
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:8080"]
+ env:
+ - name: PORT
+ value: "8080"
+ - name: PRODUCT_CATALOG_SERVICE_ADDR
+ value: "productcatalogservice:3550"
+ - name: DISABLE_TRACING
+ value: "1"
+ - name: DISABLE_PROFILER
+ value: "1"
+ - name: DISABLE_DEBUGGER
+ value: "1"
+ resources:
+ requests:
+ cpu: 100m
+ memory: 220Mi
+ limits:
+ cpu: 200m
+ memory: 450Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: recommendationservice
+spec:
+ type: ClusterIP
+ selector:
+ app: recommendationservice
+ ports:
+ - name: grpc
+ port: 8080
+ targetPort: 8080
diff --git a/kustomize/base/redis.yaml b/kustomize/base/redis.yaml
new file mode 100644
index 00000000000..455a5995975
--- /dev/null
+++ b/kustomize/base/redis.yaml
@@ -0,0 +1,78 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: redis-cart
+spec:
+ selector:
+ matchLabels:
+ app: redis-cart
+ template:
+ metadata:
+ labels:
+ app: redis-cart
+ spec:
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ containers:
+ - name: redis
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
+ image: redis:alpine
+ ports:
+ - containerPort: 6379
+ readinessProbe:
+ periodSeconds: 5
+ tcpSocket:
+ port: 6379
+ livenessProbe:
+ periodSeconds: 5
+ tcpSocket:
+ port: 6379
+ volumeMounts:
+ - mountPath: /data
+ name: redis-data
+ resources:
+ limits:
+ memory: 256Mi
+ cpu: 125m
+ requests:
+ cpu: 70m
+ memory: 200Mi
+ volumes:
+ - name: redis-data
+ emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: redis-cart
+spec:
+ type: ClusterIP
+ selector:
+ app: redis-cart
+ ports:
+ - name: tls-redis
+ port: 6379
+ targetPort: 6379
diff --git a/kustomize/base/shippingservice.yaml b/kustomize/base/shippingservice.yaml
new file mode 100644
index 00000000000..1c09b5e056f
--- /dev/null
+++ b/kustomize/base/shippingservice.yaml
@@ -0,0 +1,81 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: shippingservice
+spec:
+ selector:
+ matchLabels:
+ app: shippingservice
+ template:
+ metadata:
+ labels:
+ app: shippingservice
+ spec:
+ serviceAccountName: default
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ containers:
+ - name: server
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
+ image: gcr.io/google-samples/microservices-demo/shippingservice:v0.4.0
+ ports:
+ - containerPort: 50051
+ env:
+ - name: PORT
+ value: "50051"
+ - name: DISABLE_STATS
+ value: "1"
+ - name: DISABLE_TRACING
+ value: "1"
+ - name: DISABLE_PROFILER
+ value: "1"
+ readinessProbe:
+ periodSeconds: 5
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:50051"]
+ livenessProbe:
+ exec:
+ command: ["/bin/grpc_health_probe", "-addr=:50051"]
+ resources:
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ limits:
+ cpu: 200m
+ memory: 128Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: shippingservice
+spec:
+ type: ClusterIP
+ selector:
+ app: shippingservice
+ ports:
+ - name: grpc
+ port: 50051
+ targetPort: 50051
diff --git a/release/kubernetes-manifests.yaml b/release/kubernetes-manifests.yaml
index 7686c172f70..10ae70d1746 100644
--- a/release/kubernetes-manifests.yaml
+++ b/release/kubernetes-manifests.yaml
@@ -47,7 +47,7 @@ spec:
- all
privileged: false
readOnlyRootFilesystem: true
- image: gcr.io/google-samples/microservices-demo/emailservice:v0.3.9
+ image: gcr.io/google-samples/microservices-demo/emailservice:v0.4.0
ports:
- containerPort: 8080
env:
@@ -114,7 +114,7 @@ spec:
- all
privileged: false
readOnlyRootFilesystem: true
- image: gcr.io/google-samples/microservices-demo/checkoutservice:v0.3.9
+ image: gcr.io/google-samples/microservices-demo/checkoutservice:v0.4.0
ports:
- containerPort: 5050
readinessProbe:
@@ -144,8 +144,6 @@ spec:
value: "1"
- name: DISABLE_PROFILER
value: "1"
- # - name: JAEGER_SERVICE_ADDR
- # value: "jaeger-collector:14268"
resources:
requests:
cpu: 100m
@@ -196,7 +194,7 @@ spec:
- all
privileged: false
readOnlyRootFilesystem: true
- image: gcr.io/google-samples/microservices-demo/recommendationservice:v0.3.9
+ image: gcr.io/google-samples/microservices-demo/recommendationservice:v0.4.0
ports:
- containerPort: 8080
readinessProbe:
@@ -269,7 +267,7 @@ spec:
- all
privileged: false
readOnlyRootFilesystem: true
- image: gcr.io/google-samples/microservices-demo/frontend:v0.3.9
+ image: gcr.io/google-samples/microservices-demo/frontend:v0.4.0
ports:
- containerPort: 8080
readinessProbe:
@@ -313,8 +311,6 @@ spec:
value: "1"
- name: DISABLE_PROFILER
value: "1"
- # - name: JAEGER_SERVICE_ADDR
- # value: "jaeger-collector:14268"
# - name: CYMBAL_BRANDING
# value: "true"
resources:
@@ -380,7 +376,7 @@ spec:
- all
privileged: false
readOnlyRootFilesystem: true
- image: gcr.io/google-samples/microservices-demo/paymentservice:v0.3.9
+ image: gcr.io/google-samples/microservices-demo/paymentservice:v0.4.0
ports:
- containerPort: 50051
env:
@@ -448,7 +444,7 @@ spec:
- all
privileged: false
readOnlyRootFilesystem: true
- image: gcr.io/google-samples/microservices-demo/productcatalogservice:v0.3.9
+ image: gcr.io/google-samples/microservices-demo/productcatalogservice:v0.4.0
ports:
- containerPort: 3550
env:
@@ -460,8 +456,6 @@ spec:
value: "1"
- name: DISABLE_PROFILER
value: "1"
- # - name: JAEGER_SERVICE_ADDR
- # value: "jaeger-collector:14268"
readinessProbe:
exec:
command: ["/bin/grpc_health_probe", "-addr=:3550"]
@@ -518,7 +512,7 @@ spec:
- all
privileged: false
readOnlyRootFilesystem: true
- image: gcr.io/google-samples/microservices-demo/cartservice:v0.3.9
+ image: gcr.io/google-samples/microservices-demo/cartservice:v0.4.0
ports:
- containerPort: 7070
env:
@@ -590,6 +584,13 @@ spec:
exit 1
fi
name: frontend-check
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ privileged: false
+ readOnlyRootFilesystem: true
image: busybox:latest
env:
- name: FRONTEND_ADDR
@@ -603,7 +604,7 @@ spec:
- all
privileged: false
readOnlyRootFilesystem: true
- image: gcr.io/google-samples/microservices-demo/loadgenerator:v0.3.9
+ image: gcr.io/google-samples/microservices-demo/loadgenerator:v0.4.0
env:
- name: FRONTEND_ADDR
value: "frontend:80"
@@ -646,7 +647,7 @@ spec:
- all
privileged: false
readOnlyRootFilesystem: true
- image: gcr.io/google-samples/microservices-demo/currencyservice:v0.3.9
+ image: gcr.io/google-samples/microservices-demo/currencyservice:v0.4.0
ports:
- name: grpc
containerPort: 7000
@@ -714,7 +715,7 @@ spec:
- all
privileged: false
readOnlyRootFilesystem: true
- image: gcr.io/google-samples/microservices-demo/shippingservice:v0.3.9
+ image: gcr.io/google-samples/microservices-demo/shippingservice:v0.4.0
ports:
- containerPort: 50051
env:
@@ -726,8 +727,6 @@ spec:
value: "1"
- name: DISABLE_PROFILER
value: "1"
- # - name: JAEGER_SERVICE_ADDR
- # value: "jaeger-collector:14268"
readinessProbe:
periodSeconds: 5
exec:
@@ -850,7 +849,7 @@ spec:
- all
privileged: false
readOnlyRootFilesystem: true
- image: gcr.io/google-samples/microservices-demo/adservice:v0.3.9
+ image: gcr.io/google-samples/microservices-demo/adservice:v0.4.0
ports:
- containerPort: 9555
env:
@@ -860,8 +859,6 @@ spec:
value: "1"
- name: DISABLE_TRACING
value: "1"
- # - name: JAEGER_SERVICE_ADDR
- # value: "jaeger-collector:14268"
resources:
requests:
cpu: 200m