From 936bd8d136495b6ed5adf3a21cbf3cf4cd693d70 Mon Sep 17 00:00:00 2001 From: Leonard Cohnen Date: Tue, 13 Feb 2024 11:54:24 +0100 Subject: [PATCH] service-mesh: add emojivoto example --- .../emojivoto-sm-egress/coordinator.yml | 48 +++++++++ deployments/emojivoto-sm-egress/emoji.yml | 90 ++++++++++++++++ deployments/emojivoto-sm-egress/ns.yml | 4 + .../emojivoto-sm-egress/portforwarder.yml | 59 +++++++++++ deployments/emojivoto-sm-egress/vote-bot.yml | 35 ++++++ deployments/emojivoto-sm-egress/voting.yml | 90 ++++++++++++++++ deployments/emojivoto-sm-egress/web.yml | 100 ++++++++++++++++++ justfile | 2 +- 8 files changed, 427 insertions(+), 1 deletion(-) create mode 100644 deployments/emojivoto-sm-egress/coordinator.yml create mode 100644 deployments/emojivoto-sm-egress/emoji.yml create mode 100644 deployments/emojivoto-sm-egress/ns.yml create mode 100644 deployments/emojivoto-sm-egress/portforwarder.yml create mode 100644 deployments/emojivoto-sm-egress/vote-bot.yml create mode 100644 deployments/emojivoto-sm-egress/voting.yml create mode 100644 deployments/emojivoto-sm-egress/web.yml diff --git a/deployments/emojivoto-sm-egress/coordinator.yml b/deployments/emojivoto-sm-egress/coordinator.yml new file mode 100644 index 0000000000..2b698f4142 --- /dev/null +++ b/deployments/emojivoto-sm-egress/coordinator.yml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: coordinator + namespace: edg-default +spec: + selector: + matchLabels: + app.kubernetes.io/name: coordinator + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: coordinator + annotations: + nunki.edgeless.systems/pod-role: coordinator + spec: + runtimeClassName: kata-cc-isolation + containers: + - name: coordinator + image: "ghcr.io/edgelesssys/nunki/coordinator:latest" + ports: + - containerPort: 7777 + - containerPort: 1313 + env: + - name: NUNKI_LOG_LEVEL + value: "debug" + resources: + requests: + memory: 100Mi + limits: + memory: 100Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: coordinator + namespace: edg-default +spec: + ports: + - name: intercom + port: 7777 + protocol: TCP + - name: coordapi + port: 1313 + protocol: TCP + selector: + app.kubernetes.io/name: coordinator diff --git a/deployments/emojivoto-sm-egress/emoji.yml b/deployments/emojivoto-sm-egress/emoji.yml new file mode 100644 index 0000000000..8da5e46731 --- /dev/null +++ b/deployments/emojivoto-sm-egress/emoji.yml @@ -0,0 +1,90 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: emoji + namespace: edg-default +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: emoji + namespace: edg-default + labels: + app.kubernetes.io/name: emoji + app.kubernetes.io/part-of: emojivoto + app.kubernetes.io/version: v11 +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: emoji-svc + version: v11 + template: + metadata: + labels: + app.kubernetes.io/name: emoji-svc + version: v11 + spec: + runtimeClassName: kata-cc-isolation + initContainers: + - name: initializer + image: "ghcr.io/edgelesssys/nunki/initializer:latest" + env: + - name: COORDINATOR_HOST + value: coordinator + volumeMounts: + - name: tls-certs + mountPath: /tls-config + resources: + requests: + memory: 50Mi + limits: + memory: 50Mi + serviceAccountName: emoji + containers: + - env: + - name: GRPC_PORT + value: "8080" + - name: PROM_PORT + value: "8801" + - name: EDG_CERT_PATH + value: /tls-config/certChain.pem + - name: EDG_CA_PATH + value: /tls-config/MeshCACert.pem + - name: EDG_KEY_PATH + value: /tls-config/key.pem + image: ghcr.io/3u13r/emojivoto-emoji-svc:coco-1 + name: emoji-svc + ports: + - containerPort: 8080 + name: grpc + - containerPort: 8801 + name: prom + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + memory: 50Mi + volumeMounts: + - name: tls-certs + mountPath: /tls-config + volumes: + - name: tls-certs + emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: emoji-svc + namespace: edg-default +spec: + selector: + app.kubernetes.io/name: emoji-svc + ports: + - name: grpc + port: 8080 + targetPort: 8080 + - name: prom + port: 8801 + targetPort: 8801 diff --git a/deployments/emojivoto-sm-egress/ns.yml b/deployments/emojivoto-sm-egress/ns.yml new file mode 100644 index 0000000000..ed2712cc89 --- /dev/null +++ b/deployments/emojivoto-sm-egress/ns.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: edg-default diff --git a/deployments/emojivoto-sm-egress/portforwarder.yml b/deployments/emojivoto-sm-egress/portforwarder.yml new file mode 100644 index 0000000000..a5adcf9c36 --- /dev/null +++ b/deployments/emojivoto-sm-egress/portforwarder.yml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Pod +metadata: + name: port-forwarder-coordinator + namespace: edg-default + labels: + app.kubernetes.io/name: port-forwarder-coordinator +spec: + containers: + - name: port-forwarder + image: "ghcr.io/edgelesssys/nunki/port-forwarder:latest" + env: + - name: LISTEN_PORT + value: "1313" + - name: FORWARD_HOST + value: coordinator + - name: FORWARD_PORT + value: "1313" + command: + - /bin/bash + - "-c" + - echo Starting port-forward with socat; exec socat -d -d TCP-LISTEN:${LISTEN_PORT},fork TCP:${FORWARD_HOST}:${FORWARD_PORT} + ports: + - containerPort: 1313 + resources: + requests: + memory: 50Mi + limits: + memory: 50Mi +--- +apiVersion: v1 +kind: Pod +metadata: + name: port-forwarder-emojivoto-web + namespace: edg-default + labels: + app.kubernetes.io/name: port-forwarder-emojivoto-web +spec: + containers: + - name: port-forwarder + image: "ghcr.io/edgelesssys/nunki/port-forwarder:latest" + env: + - name: LISTEN_PORT + value: "8080" + - name: FORWARD_HOST + value: web-svc + - name: FORWARD_PORT + value: "443" + command: + - /bin/bash + - "-c" + - echo Starting port-forward with socat; exec socat -d -d TCP-LISTEN:${LISTEN_PORT},fork TCP:${FORWARD_HOST}:${FORWARD_PORT} + ports: + - containerPort: 8080 + resources: + requests: + memory: 50Mi + limits: + memory: 50Mi diff --git a/deployments/emojivoto-sm-egress/vote-bot.yml b/deployments/emojivoto-sm-egress/vote-bot.yml new file mode 100644 index 0000000000..2149d7b470 --- /dev/null +++ b/deployments/emojivoto-sm-egress/vote-bot.yml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vote-bot + namespace: edg-default + labels: + app.kubernetes.io/name: vote-bot + app.kubernetes.io/part-of: emojivoto + app.kubernetes.io/version: v11 +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: vote-bot + version: v11 + template: + metadata: + labels: + app.kubernetes.io/name: vote-bot + version: v11 + spec: + containers: + - command: + - emojivoto-vote-bot + env: + - name: WEB_HOST + value: web-svc:443 + image: docker.l5d.io/buoyantio/emojivoto-web:v11 + name: vote-bot + resources: + requests: + cpu: 10m + memory: 25Mi + limits: + memory: 25Mi diff --git a/deployments/emojivoto-sm-egress/voting.yml b/deployments/emojivoto-sm-egress/voting.yml new file mode 100644 index 0000000000..a87963a857 --- /dev/null +++ b/deployments/emojivoto-sm-egress/voting.yml @@ -0,0 +1,90 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: voting + namespace: edg-default +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: voting + namespace: edg-default + labels: + app.kubernetes.io/name: voting + app.kubernetes.io/part-of: emojivoto + app.kubernetes.io/version: v11 +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: voting-svc + version: v11 + template: + metadata: + labels: + app.kubernetes.io/name: voting-svc + version: v11 + spec: + runtimeClassName: kata-cc-isolation + initContainers: + - name: initializer + image: "ghcr.io/edgelesssys/nunki/initializer:latest" + env: + - name: COORDINATOR_HOST + value: coordinator + volumeMounts: + - name: tls-certs + mountPath: /tls-config + resources: + requests: + memory: 50Mi + limits: + memory: 50Mi + serviceAccountName: voting + containers: + - env: + - name: GRPC_PORT + value: "8080" + - name: PROM_PORT + value: "8801" + - name: EDG_CERT_PATH + value: /tls-config/certChain.pem + - name: EDG_CA_PATH + value: /tls-config/MeshCACert.pem + - name: EDG_KEY_PATH + value: /tls-config/key.pem + image: ghcr.io/3u13r/emojivoto-voting-svc:coco-1 + name: voting-svc + ports: + - containerPort: 8080 + name: grpc + - containerPort: 8801 + name: prom + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + memory: 50Mi + volumeMounts: + - name: tls-certs + mountPath: /tls-config + volumes: + - name: tls-certs + emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: voting-svc + namespace: edg-default +spec: + selector: + app.kubernetes.io/name: voting-svc + ports: + - name: grpc + port: 8080 + targetPort: 8080 + - name: prom + port: 8801 + targetPort: 8801 diff --git a/deployments/emojivoto-sm-egress/web.yml b/deployments/emojivoto-sm-egress/web.yml new file mode 100644 index 0000000000..4414f2d5a5 --- /dev/null +++ b/deployments/emojivoto-sm-egress/web.yml @@ -0,0 +1,100 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: web + namespace: edg-default +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: web + namespace: edg-default + labels: + app.kubernetes.io/name: web + app.kubernetes.io/part-of: emojivoto + app.kubernetes.io/version: v11 +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: web-svc + version: v11 + template: + metadata: + labels: + app.kubernetes.io/name: web-svc + version: v11 + spec: + runtimeClassName: kata-cc-isolation + initContainers: + - name: initializer + image: "ghcr.io/edgelesssys/nunki/initializer:latest" + env: + - name: COORDINATOR_HOST + value: coordinator + volumeMounts: + - name: tls-certs + mountPath: /tls-config + serviceAccountName: web + containers: + - name: sidecar + image: "ghcr.io/edgelesssys/nunki/service-mesh-proxy:latest" + volumeMounts: + - name: tls-certs + mountPath: /tls-config + env: + - name: EDG_PROXY_CONFIG + value: "emoji#127.137.0.1:8080#emoji-svc##voting#127.137.0.2:8080#voting-svc" + securityContext: + capabilities: + add: + - NET_ADMIN + - NET_RAW + - env: + - name: WEB_PORT + value: "8080" + - name: EMOJISVC_HOST + value: 127.137.0.1:8080 + - name: VOTINGSVC_HOST + value: 127.137.0.2:8080 + - name: INDEX_BUNDLE + value: dist/index_bundle.js + - name: EDG_CERT_PATH + value: /tls-config/certChain.pem + - name: EDG_CA_PATH + value: /tls-config/MeshCACert.pem + - name: EDG_KEY_PATH + value: /tls-config/key.pem + - name: EDG_DISABLE_CLIENT_AUTH + value: "true" + image: docker.l5d.io/buoyantio/emojivoto-web:v11 + name: web-svc + ports: + - containerPort: 8080 + name: https + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + memory: 50Mi + volumeMounts: + - name: tls-certs + mountPath: /tls-config + volumes: + - name: tls-certs + emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: web-svc + namespace: edg-default +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: web-svc + ports: + - name: https + port: 443 + targetPort: 8080 diff --git a/justfile b/justfile index e731cdcf25..784010b8c6 100644 --- a/justfile +++ b/justfile @@ -127,7 +127,7 @@ wait-for-workload target=default_deploy_target: nix run .#scripts.kubectl-wait-ready -- $ns openssl-client nix run .#scripts.kubectl-wait-ready -- $ns openssl-frontend ;; - "emojivoto") + "emojivoto" | "emojivoto-sm-egress") nix run .#scripts.kubectl-wait-ready -- $ns emoji-svc nix run .#scripts.kubectl-wait-ready -- $ns vote-bot nix run .#scripts.kubectl-wait-ready -- $ns voting-svc