Kustomize update for OnlineBoutique

Mathieu Benoit · Mathieu Benoit · commit 4284aed32e76 · 2022-03-29T23:55:45.000-04:00
diff --git a/content/onlineboutique/deploy-onlineboutique.md b/content/onlineboutique/deploy-onlineboutique.md
@@ -16,60 +16,34 @@ Get the upstream Kubernetes manifests:
 ```Bash
 cd ~/$ONLINE_BOUTIQUE_DIR_NAME
 mkdir upstream
-mkdir upstream/base
-curl https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/main/release/kubernetes-manifests.yaml > upstream/base/kubernetes-manifests.yaml
-cd upstream/base
-kustomize create --resources kubernetes-manifests.yaml
+cd upstream
+kpt pkg get https://github.com/GoogleCloudPlatform/anthos-service-mesh-samples.git/docs/online-boutique-asm-manifests/base@asm-acm-tutorial
 ```
 
 ## Create base overlay
 
 Create Kustomize base overlay files:
 ```Bash
-mkdir ~/$ONLINE_BOUTIQUE_DIR_NAME/base
-cd ~/$ONLINE_BOUTIQUE_DIR_NAME/base
-kustomize create --resources ../upstream/base
-cat <<EOF >> ~/$ONLINE_BOUTIQUE_DIR_NAME/base/kustomization.yaml
-patchesJson6902:
-- target:
-    kind: Deployment
-    name: cartservice
-  patch: |-
-    - op: replace
-      path: /spec/template/spec/containers/0/env/0
-      value:
-        name: REDIS_ADDR
-        value: $REDIS_IP:$REDIS_PORT
+cd ~/$ONLINE_BOUTIQUE_DIR_NAME
+mkdir base
+cd base
+kustomize create --resources ../upstream/base/all
+cat <<EOF >> kustomization.yaml
 patchesStrategicMerge:
-- |-
-  apiVersion: apps/v1
-  kind: Deployment
-  metadata:
-    name: redis-cart
-  \$patch: delete
 - |-
   apiVersion: v1
-  kind: Service
+  kind: Namespace
   metadata:
-    name: redis-cart
-  \$patch: delete
-- |-
-  apiVersion: v1
-  kind: Service
-  metadata:
-    name: frontend-external
+    name: onlineboutique
   \$patch: delete
 EOF
 ```
-{{% notice note %}}
-Here we are removing the `redis-cart` `Deployment` and `Service` because we are leveraging Memorystore (redis) instead. We are also removing the default `frontend-external` `Service` because we will use the ASM Ingress Gateway to expose the Online Boutique's `frontend`.
+{{% notice info %}}
+Here, we are removing the upstream `Namespace` resource as we already defined it in a previous section while configuring the associated Config Sync's `RepoSync` setup.
 {{% /notice %}}
 
-## Define VirtualService
-
-Define the `VirtualService` resource in order to establish the Ingress Gateway routing to the OnlineBoutique app:
-```Bash
-cat <<EOF > ~/$ONLINE_BOUTIQUE_DIR_NAME/base/virtual-service-frontend.yaml
+You could browse the files in the `~/$ONLINE_BOUTIQUE_DIR_NAME/upstream/base` folder, along with the `Namespace`, `Deployment` and `Service` resources for the OnlineBoutique apps, you could see the  `VirtualService` resource which will allow to establish the Ingress Gateway routing to the OnlineBoutique app. The `spec.hosts` value is `"*"` but in the following part you will replace this value by the actual DNS of the OnlineBoutique solution (i.e. `ONLINE_BOUTIQUE_INGRESS_GATEWAY_HOST_NAME`) defined a previous section.
+```YAML
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
@@ -78,43 +52,30 @@ spec:
   hosts:
   - "*"
   gateways:
-  - ${INGRESS_GATEWAY_NAMESPACE}/${INGRESS_GATEWAY_NAME}
+  - asm-ingress/asm-ingressgateway
   http:
   - route:
     - destination:
         host: frontend
         port:
           number: 80
-EOF
-```
-
-Update the Kustomize base overlay:
-```Bash
-cd ~/$ONLINE_BOUTIQUE_DIR_NAME/base
-kustomize edit add resource virtual-service-frontend.yaml
 ```
 
 ## Define Staging namespace overlay
 
+Here are the updates for the overlay files needed to define the Staging namespace:
 ```Bash
 cd ~/$ONLINE_BOUTIQUE_DIR_NAME/staging
+mkdir base
+cd base
 kustomize edit add resource ../base
 kustomize edit set namespace $ONLINEBOUTIQUE_NAMESPACE
-```
-
-Update the Kustomize base overlay in order to set proper `hosts` value in the `VirtualService` resource:
-```Bash
-cat <<EOF >> ~/$ONLINE_BOUTIQUE_DIR_NAME/staging/kustomization.yaml
-patchesJson6902:
-- target:
-    kind: VirtualService
-    name: frontend
-  patch: |-
-    - op: replace
-      path: /spec/hosts
-      value:
-        - ${ONLINE_BOUTIQUE_INGRESS_GATEWAY_HOST_NAME}
-EOF
+cp -r ../../upstream/base/for-memorystore/ .
+sed -i "s/REDIS_IP/${REDIS_IP}/g;s/REDIS_PORT/${REDIS_PORT}/g" for-memorystore/kustomization.yaml
+kustomize edit add component for-memorystore
+cp -r ../../upstream/base/for-virtualservice-host/ .
+sed -i "s/HOST_NAME/${ONLINE_BOUTIQUE_INGRESS_GATEWAY_HOST_NAME}/g" for-virtualservice-host/kustomization.yaml
+kustomize edit add component for-virtualservice-host
 ```
 
 ## Deploy Kubernetes manifests
diff --git a/content/onlineboutique/set-up-authorization-policies.md b/content/onlineboutique/set-up-authorization-policies.md
@@ -15,12 +15,8 @@ source ~/acm-workshop-variables.sh
 Get the upstream Kubernetes manifests:
 ```Bash
 cd ~/$ONLINE_BOUTIQUE_DIR_NAME/upstream
-kpt pkg get https://github.com/GoogleCloudPlatform/microservices-demo.git/docs/service-accounts@mathieu-benoit/authorization-policies
-rm service-accounts/Kptfile
-rm service-accounts/kustomization.yaml
-kpt pkg get https://github.com/GoogleCloudPlatform/microservices-demo.git/docs/authorization-policies@mathieu-benoit/authorization-policies
-rm authorization-policies/Kptfile
-rm authorization-policies/kustomization.yaml
+kpt pkg get https://github.com/GoogleCloudPlatform/anthos-service-mesh-samples.git/docs/online-boutique-asm-manifests/service-accounts@asm-acm-tutorial
+kpt pkg get https://github.com/GoogleCloudPlatform/anthos-service-mesh-samples.git/docs/online-boutique-asm-manifests/authorization-policies@asm-acm-tutorial
 ```
 
 ## Update the Kustomize base overlay
@@ -31,10 +27,19 @@ kustomize edit add component ../upstream/service-accounts/all
 kustomize edit add component ../upstream/service-accounts/for-memorystore
 kustomize edit add component ../upstream/authorization-policies/all
 kustomize edit add component ../upstream/authorization-policies/for-memorystore
-kustomize edit add component ../upstream/authorization-policies/for-ingress-gateway
+```
+
+## Update Staging namespace overlay
 
-sed -i "s,ns/default,ns/${ONLINEBOUTIQUE_NAMESPACE},g" ../upstream/authorization-policies/all/kustomization.yaml
-sed -i "s,ns/default,ns/${ONLINEBOUTIQUE_NAMESPACE},g" ../upstream/authorization-policies/for-ingress-gateway/kustomization.yaml
+```Bash
+cd ~/$ONLINE_BOUTIQUE_DIR_NAME/staging
+mkdir authorization-policies
+cp -r ../upstream/authorization-policies/for-namespace/ authorization-policies/.
+sed -i "s/ONLINEBOUTIQUE_NAMESPACE/${ONLINEBOUTIQUE_NAMESPACE}/g" authorization-policies/for-namespace/kustomization.yaml
+kustomize edit add component authorization-policies/for-namespace
+cp -r ../upstream/authorization-policies/for-ingress-gateway/ authorization-policies/.
+sed -i "s/ONLINEBOUTIQUE_NAMESPACE/${ONLINEBOUTIQUE_NAMESPACE}/g;s/INGRESS_GATEWAY_NAMESPACE/${INGRESS_GATEWAY_NAMESPACE}/g;s/INGRESS_GATEWAY_NAME/${INGRESS_GATEWAY_NAME}/g" authorization-policies/for-ingress-gateway/kustomization.yaml
+kustomize edit add component authorization-policies/for-ingress-gateway
 ```
 
 ## Deploy Kubernetes manifests
diff --git a/content/onlineboutique/set-up-network-policies.md b/content/onlineboutique/set-up-network-policies.md
@@ -15,18 +15,51 @@ source ~/acm-workshop-variables.sh
 Get the upstream Kubernetes manifests:
 ```Bash
 cd ~/$ONLINE_BOUTIQUE_DIR_NAME/upstream
-kpt pkg get https://github.com/GoogleCloudPlatform/microservices-demo.git/docs/network-policies@mathieu-benoit/authorization-policies
-rm network-policies/Kptfile
-rm network-policies/kustomization.yaml
+kpt pkg get https://github.com/GoogleCloudPlatform/microservices-demo.git/docs/network-policies@main
+cd network-policies
+kustomize create --autodetect
+kustomize edit remove resource Kptfile
 ```
 
 ## Update the Kustomize base overlay
 
 ```Bash
 cd ~/$ONLINE_BOUTIQUE_DIR_NAME/base
-kustomize edit add component ../upstream/network-policies/all
-kustomize edit add component ../upstream/network-policies/for-ingress-gateway
-kustomize edit add component ../upstream/network-policies/for-memorystore
+mkdir network-policies
+cat <<EOF >> network-policies/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+patchesStrategicMerge:
+- |-
+  apiVersion: networking.k8s.io/v1
+  kind: NetworkPolicy
+  metadata:
+    name: redis-cart
+  \$patch: delete
+patchesJson6902:
+- target:
+    kind: NetworkPolicy
+    name: frontend
+  patch: |-
+    - op: replace
+      path: /spec/ingress
+      value:
+        - from:
+          - podSelector:
+              matchLabels:
+                app: loadgenerator
+          - namespaceSelector:
+              matchLabels:
+                name: ${INGRESS_GATEWAY_NAMESPACE}
+            podSelector:
+              matchLabels:
+                app: ${INGRESS_GATEWAY_NAME}
+          ports:
+          - port: 8080
+            protocol: TCP
+EOF
+kustomize edit add resources ../upstream/network-policies
+kustomize edit add component network-policies
 ```
 
 ## Deploy Kubernetes manifests
diff --git a/content/onlineboutique/set-up-onlineboutique-git-repo.md b/content/onlineboutique/set-up-onlineboutique-git-repo.md
@@ -84,7 +84,7 @@ roleRef:
 EOF
 ```
 {{% notice tip %}}
-We are using the [`edit` user-facing role](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) here, to follow the least privilege principle. Earlier in this workshop during the ASM installation, we extended the default `edit` role with more capabilities regarding to the Istio resources: `VirtualService`, `Sidecar` and `Authorization` wich will be leveraged in the OnlineBoutique's namespace.
+We are using the [`edit` user-facing role](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) here, to follow the least privilege principle. Earlier in this workshop during the ASM installation, we extended the default `edit` role with more capabilities regarding to the Istio resources: `VirtualService`, `Sidecar` and `Authorization` which will be leveraged in the OnlineBoutique's namespace.
 {{% /notice %}}
 
 ## Deploy Kubernetes manifests
diff --git a/content/onlineboutique/set-up-sidecar.md b/content/onlineboutique/set-up-sidecar.md
@@ -10,24 +10,30 @@ Initialize variables:
 source ~/acm-workshop-variables.sh
 ```
 
-## Get upstream Kubernetes manifests
+## Prepare upstream Kubernetes manifests
 
-Get the upstream Kubernetes manifests:
+Prepare the upstream Kubernetes manifests:
 ```Bash
 cd ~/$ONLINE_BOUTIQUE_DIR_NAME/upstream
-kpt pkg get https://github.com/GoogleCloudPlatform/microservices-demo.git/docs/sidecars@mathieu-benoit/authorization-policies
-rm sidecars/Kptfile
-rm sidecars/kustomization.yaml
+kpt pkg get https://github.com/GoogleCloudPlatform/anthos-service-mesh-samples.git/docs/online-boutique-asm-manifests/sidecars@asm-acm-tutorial
 ```
 
 ## Update the Kustomize base overlay
 
 ```Bash
 cd ~/$ONLINE_BOUTIQUE_DIR_NAME/base
 kustomize edit add component ../upstream/sidecars/all
-kustomize edit add component ../upstream/sidecars/for-memorystore
+```
+
+## Update Staging namespace overlay
 
-sed -i "s/default.svc.cluster.local/${ONLINEBOUTIQUE_NAMESPACE}.svc.cluster.local/g" ../upstream/sidecars/all/*
+```Bash
+cd ~/$ONLINE_BOUTIQUE_DIR_NAME/staging
+mkdir sidecars
+cp -r ../upstream/sidecars/for-namespace/ sidecars/.
+sed -i "s/ONLINEBOUTIQUE_NAMESPACE/${ONLINEBOUTIQUE_NAMESPACE}/g" sidecars/for-namespace/kustomization.yaml
+kustomize edit add component sidecars/for-namespace
+kustomize edit add component ../upstream/sidecars/for-memorystore
 ```
 
 ## Deploy Kubernetes manifests
