Deploy apps

Apps Operator Apps Operator Duration: 5 min | Persona: Apps Operator

In this section, you will deploy the Bank of Anthos apps.

Initialize variables:

WORK_DIR=~/
source ${WORK_DIR}acm-workshop-variables.sh

Get upstream Kubernetes manifests

Get the upstream Kubernetes manifests:

cd ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME
kpt pkg get https://github.com/GoogleCloudPlatform/bank-of-anthos/kubernetes-manifests
mv kubernetes-manifests upstream
cd upstream
rm Kptfile
curl -L https://raw.githubusercontent.com/GoogleCloudPlatform/bank-of-anthos/main/extras/jwt/jwt-secret.yaml > jwt-secret.yaml
kustomize create --autodetect

Create base overlay

Create Kustomize base overlay files:

mkdir ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/base
cd ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/base
kustomize create
kustomize edit add resource ../upstream
cat <<EOF >> ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/base/kustomization.yaml
patchesJson6902:
- target:
    kind: Service
    name: frontend
  patch: |-
    - op: replace
      path: /spec/type
      value: ClusterIP
EOF
Info

Here we are changing the Service type to ClusterIP because the frontend app will be exposed by the Ingress Gateway.

Define VirtualService

Define the VirtualService resource in order to establish the Ingress Gateway routing to the Online Boutique apps:

cat <<EOF > ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/base/virtualservice.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: frontend
spec:
  hosts:
  - "*"
  gateways:
  - ${INGRESS_GATEWAY_NAMESPACE}/${INGRESS_GATEWAY_NAME}
  http:
  - route:
    - destination:
        host: frontend
        port:
          number: 80
EOF

Update the Kustomize base overlay:

cd ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/base
kustomize edit add resource virtualservice.yaml

Define Staging namespace overlay

cd ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/staging
kustomize edit add resource ../base
kustomize edit set namespace $BANKOFANTHOS_NAMESPACE
Info

The kustomization.yaml file was already existing from the GitHub repository template used when we created the Bank of Anthos app repository.

Update the Staging namespace overlay

Set the proper hosts value in the VirtualService:

mkdir ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/staging/virtualservice
cat <<EOF > ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/staging/virtualservice/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
patchesJson6902:
- target:
    kind: VirtualService
    name: frontend
  patch: |-
    - op: replace
      path: /spec/hosts
      value:
        - ${BANK_OF_ANTHOS_INGRESS_GATEWAY_HOST_NAME}
EOF

Update the StatefulSets and Deployments’s container images to point to the private Artifact Registry:

mkdir ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/staging/container-images
cat <<EOF > ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/staging/container-images/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
patchesJson6902:
- target:
    kind: StatefulSet
    name: accounts-db
  patch: |-
    - op: replace
      path: /spec/template/spec/containers/0/image
      value: ${PRIVATE_BANK_OF_ANTHOS_REGISTRY}/accounts-db:${BANK_OF_ANTHOS_VERSION}
- target:
    kind: Deployment
    name: balancereader
  patch: |-
    - op: replace
      path: /spec/template/spec/containers/0/image
      value: ${PRIVATE_BANK_OF_ANTHOS_REGISTRY}/balancereader:${BANK_OF_ANTHOS_VERSION}
- target:
    kind: Deployment
    name: contacts
  patch: |-
    - op: replace
      path: /spec/template/spec/containers/0/image
      value: ${PRIVATE_BANK_OF_ANTHOS_REGISTRY}/contacts:${BANK_OF_ANTHOS_VERSION}
- target:
    kind: Deployment
    name: frontend
  patch: |-
    - op: replace
      path: /spec/template/spec/containers/0/image
      value: ${PRIVATE_BANK_OF_ANTHOS_REGISTRY}/frontend:${BANK_OF_ANTHOS_VERSION}
- target:
    kind: StatefulSet
    name: ledger-db
  patch: |-
    - op: replace
      path: /spec/template/spec/containers/0/image
      value: ${PRIVATE_BANK_OF_ANTHOS_REGISTRY}/ledger-db:${BANK_OF_ANTHOS_VERSION}
- target:
    kind: Deployment
    name: ledgerwriter
  patch: |-
    - op: replace
      path: /spec/template/spec/containers/0/image
      value: ${PRIVATE_BANK_OF_ANTHOS_REGISTRY}/ledgerwriter:${BANK_OF_ANTHOS_VERSION}
- target:
    kind: Deployment
    name: loadgenerator
  patch: |-
    - op: replace
      path: /spec/template/spec/containers/0/image
      value: ${PRIVATE_BANK_OF_ANTHOS_REGISTRY}/loadgenerator:${BANK_OF_ANTHOS_VERSION}
- target:
    kind: Deployment
    name: transactionhistory
  patch: |-
    - op: replace
      path: /spec/template/spec/containers/0/image
      value: ${PRIVATE_BANK_OF_ANTHOS_REGISTRY}/transactionhistory:${BANK_OF_ANTHOS_VERSION}
- target:
    kind: Deployment
    name: userservice
  patch: |-
    - op: replace
      path: /spec/template/spec/containers/0/image
      value: ${PRIVATE_BANK_OF_ANTHOS_REGISTRY}/userservice:${BANK_OF_ANTHOS_VERSION}
EOF

Update the StatefulSets and Deployments’s container images to point to the private Artifact Registry:

mkdir ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/staging/disable-monitoring
cat <<EOF > ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/staging/disable-monitoring/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
patchesStrategicMerge:
- |-
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: balancereader
  spec:
    template:
      spec:
        containers:
          - name: balancereader
            env:
            - name: ENABLE_TRACING
              value: "false"
            - name: ENABLE_METRICS
              value: "false"
- |-
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: contacts
  spec:
    template:
      spec:
        containers:
          - name: contacts
            env:
            - name: ENABLE_TRACING
              value: "false"
- |-
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: frontend
  spec:
    template:
      spec:
        containers:
          - name: frontend
            env:
            - name: ENABLE_TRACING
              value: "false"
- |-
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: ledgerwriter
  spec:
    template:
      spec:
        containers:
          - name: ledgerwriter
            env:
            - name: ENABLE_TRACING
              value: "false"
            - name: ENABLE_METRICS
              value: "false"
- |-
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: transactionhistory
  spec:
    template:
      spec:
        containers:
          - name: transactionhistory
            env:
            - name: ENABLE_TRACING
              value: "false"
            - name: ENABLE_METRICS
              value: "false"
- |-
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: userservice
  spec:
    template:
      spec:
        containers:
          - name: userservice
            env:
            - name: ENABLE_TRACING
              value: "false"
EOF

Update the Staging Kustomize overlay:

cd ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/staging
kustomize edit add component virtualservice
kustomize edit add component container-images
kustomize edit add component disable-monitoring

Deploy Kubernetes manifests

cd ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME/
git add . && git commit -m "Bank of Anthos apps" && git push origin main

Check deployments

List the Kubernetes resources managed by Config Sync in GKE cluster for the Bank of Anthos apps repository:

Run this command and click on this link:

echo -e "https://console.cloud.google.com/kubernetes/config_management/packages?project=${TENANT_PROJECT_ID}"

Wait until you see the Sync status column as Synced and the Reconcile status column as Current.

Run this command:

gcloud alpha anthos config sync repo describe \
    --project $TENANT_PROJECT_ID \
    --managed-resources all \
    --sync-name repo-sync \
    --sync-namespace $BANKOFANTHOS_NAMESPACE

Wait and re-run this command above until you see "status": "SYNCED".

List the GitHub runs for the Bank of Anthos apps repository:

cd ${WORK_DIR}$BANK_OF_ANTHOS_DIR_NAME && gh run list

Check the Bank of Anthos website

Navigate to the Bank of Anthos website, click on the link displayed by the command below:

echo -e "https://${BANK_OF_ANTHOS_INGRESS_GATEWAY_HOST_NAME}"

You should see the error: RBAC: access denied. In the next section, you will see how to track this error and how to fix it.