[Blocked] Online Boutique v0.8.0 with gRPC probes

.github/workflows/ob-frontend-pr.yaml

@@ -0,0 +1,117 @@
+name: Pull Request
+on:
+ pull_request:
+ paths:
+ - 'samples/onlineboutique/frontend/**'
+ - '.github/workflows/ob-frontend-pr.yaml'
+permissions:
+ contents: read
+ pull-requests: write
+env:
+ WORKLOAD_FOLDER: 'samples/onlineboutique/frontend/'
+ BASE_ENVIRONMENT: 'development'
+ ENVIRONMENT_TYPE: 'development'
+ ENVIRONMENT_ID: pr-${{ github.event.number }}-frontend
+ ENVIRONMENT_NAME: PR-${{ github.event.number }}
+jobs:
+ ob-frontend-pr:
+ runs-on: ubuntu-latest
+ steps:
+ - name: checkout code
+ uses: actions/checkout@v3
+ - name: create humanitec env
+ run: |
+ .github/workflows/bin/humctl create environment ${{ env.ENVIRONMENT_ID }} \
+ --token ${{ secrets.HUMANITEC_TOKEN }} \
+ --context /orgs/${{ secrets.HUMANITEC_ORG }}/apps/${{ vars.APP_NAME }} \
+ --name ${{ env.ENVIRONMENT_NAME }} \
+ -t ${{ env.ENVIRONMENT_TYPE }} \
+ --from ${{ env.BASE_ENVIRONMENT }} \
+ || true
+ - name: install score-humanitec
+ run: |
+ curl https://gist.githubusercontent.com/mathieu-benoit/18ecd796c50c27badf0f00218bac2ba2/raw/06c49e649f630bc91199da119046d7e821e4337e/install-score-humanitec.sh | bash
+ - name: deploy score-humanitec
+ run: |
+ score-humanitec delta \
+ --retry \
+ --deploy \
+ --token ${{ secrets.HUMANITEC_TOKEN }} \
+ --org ${{ secrets.HUMANITEC_ORG }} \
+ --app ${{ vars.APP_NAME }} \
+ --env ${{ env.ENVIRONMENT_ID }} \
+ -f ${{ env.WORKLOAD_FOLDER }}/score.yaml \
+ --extensions ${{ env.WORKLOAD_FOLDER }}/humanitec.score.yaml \
+ | tee score_output.json
+ - name: wait for deployment
+ run: |
+ sleep 1
+
+ IS_DONE=false
+
+ while [ "$IS_DONE" = false ]; do
+ CURRENT_STATUS=$(.github/workflows/bin/humctl get environment ${{ env.ENVIRONMENT_ID }} -o json \
+ --token ${{ secrets.HUMANITEC_TOKEN }} \
+ --context /orgs/${{ secrets.HUMANITEC_ORG }}/apps/${{ vars.APP_NAME }} \
+ | jq -r .object.last_deploy.status)
+
+ INPROGRESS="in progress"
+
+ if [ "$CURRENT_STATUS" = "$INPROGRESS" ]; then
+ echo "Deployment still in progress..."
+ sleep 1
+ else
+ echo "Deployment complete!"
+ IS_DONE=true
+ fi
+ done
+ - name: build comment message
+ run: |
+ ENV_URL=$(jq -r ".metadata.url" score_output.json)
+ DEPLOYMENT_ID=$(jq -r ".id" score_output.json)
+ DOMAINS=$(.github/workflows/bin/humctl get active-resources \
+ --token ${{ secrets.HUMANITEC_TOKEN }} \
+ --context /orgs/${{ secrets.HUMANITEC_ORG }}/apps/${{ vars.APP_NAME }}/envs/${{ env.ENVIRONMENT_ID }} -o json \
+ | jq -r '. | map(. | select(.object.type == "dns")) | map((.object.res_id | split(".") | .[1]) + ": [" + .object.resource.host + "](https://" + .object.resource.host + ")") | join("\n")')
+
+ echo "## Deployment Complete for ${{ env.ENVIRONMENT_NAME }}! :tada:" >> pr_message.txt
+ echo "" >> pr_message.txt
+
+ echo "### [View in Humanitec]($ENV_URL)" >> pr_message.txt
+ echo "Deployment ID: $DEPLOYMENT_ID" >> pr_message.txt
+
+ echo "" >> pr_message.txt
+ echo "### Domains:" >> pr_message.txt
+ echo "" >> pr_message.txt
+ echo "$DOMAINS" >> pr_message.txt
+ echo "" >> pr_message.txt
+
+ echo "<details><summary>Deployment diff</summary>" >> pr_message.txt
+ echo "" >> pr_message.txt
+ echo "### Deployment diff:" >> pr_message.txt
+ echo '```json' >> pr_message.txt
+ echo "" >> pr_message.txt
+ .github/workflows/bin/humctl diff env ${{ env.ENVIRONMENT_ID }} ${{ env.BASE_ENVIRONMENT }} \
+ --token ${{ secrets.HUMANITEC_TOKEN }} \
+ --context /orgs/${{ secrets.HUMANITEC_ORG }}/apps/${{ vars.APP_NAME }} -o json >> pr_message.txt
+ echo "" >> pr_message.txt
+ echo '```' >> pr_message.txt
+ echo "" >> pr_message.txt
+ echo "</details>" >> pr_message.txt
+
+ echo "<details><summary>Score Output</summary>" >> pr_message.txt
+ echo "" >> pr_message.txt
+ echo "### Score Output:" >> pr_message.txt
+ echo '```json' >> pr_message.txt
+ echo "" >> pr_message.txt
+ cat score_output.json >> pr_message.txt
+ echo "" >> pr_message.txt
+ echo '```' >> pr_message.txt
+ echo "" >> pr_message.txt
+ echo "</details>" >> pr_message.txt
+
+ cat pr_message.txt
+ - name: comment pr
+ uses: thollander/actions-comment-pull-request@v2
+ with:
+ filePath: pr_message.txt

.github/workflows/ob-pr-closed.yaml

@@ -0,0 +1,21 @@
+name: Pull Request
+on:
+ pull_request:
+ paths:
+ - 'samples/onlineboutique/frontend/**'
+ - '.github/workflows/ob-frontend-pr.yaml'
+ types:
+ - closed
+env:
+ ENVIRONMENT_ID: pr-${{ github.event.number }}-frontend
+jobs:
+ ob-pr-closed:
+ runs-on: ubuntu-latest
+ steps:
+ - name: checkout humctl bin
+ uses: actions/checkout@v3
+ - name: delete humanitec env
+ run: |
+ .github/workflows/bin/humctl delete env ${{ env.ENVIRONMENT_ID }} \
+ --token ${{ secrets.HUMANITEC_TOKEN }} \
+ --context /orgs/${{ secrets.HUMANITEC_ORG }}/apps/${{ vars.APP_NAME }}

.gitignore

@@ -0,0 +1,2 @@
+.terraform
+.terraform.lock.hcl

README.md

@@ -1,41 +1,41 @@
 # hello-humanitec
 
 2 personas:
-- **Platform admin** (PA) interacting with either Google Cloud (**PA-GCP**), Azure (**PA-AZ**) or Humanitec (**PA-HUM**)
+- **Platform Engineer** (PE) interacting with either Google Cloud (**PE-GCP**), Azure (**PE-AZ**) or Humanitec (**PE-HUM**)
 - **Developer** (DE) interacting with Humanitec (**DE-HUM**)
 
 ![personas](/images/personas.png)
 
 Agenda:
 - [Humanitec default setup in Development](./docs/humanitec-default.md)
- - [PA-HUM] Create Online Boutique App
- - [PA-HUM] Create an in-cluster Redis database
+ - [PE-HUM] Create Online Boutique App
+ - [PE-HUM] Create an in-cluster Redis database
  - [DE-HUM] Deploy Online Boutique Workloads in the Development Environment
 - [Common setup](./docs/common.md)
- - [PA-HUM] Create `staging` and `production` Environment types
- - [PA-HUM] Create custom name `Namespace`
- - [PA-HUM] Create custom `ServiceAccount`
- - [PA-HUM] Create custom unprivileged Workload
+ - [PE-HUM] Create `staging` and `production` Environment types
+ - [PE-HUM] Create custom name `Namespace`
+ - [PE-HUM] Create custom `ServiceAccount`
+ - [PE-HUM] Create custom unprivileged Workload
 - [GKE basic setup in Staging](./docs/gke-basic.md)
- - [PA-GCP] Create basic GKE setup
- - [PA-GCP] Deploy a simple Nginx Ingress controller
- - [PA-HUM] Create Staging Environment
- - [PA-GCP] Create a Memorystore (Redis) database
- - [PA-HUM] Deploy the Staging Environment
+ - [PE-GCP] Create basic GKE setup
+ - [PE-GCP] Deploy a simple Nginx Ingress controller
+ - [PE-HUM] Create Staging Environment
+ - [PE-GCP] Create a Memorystore (Redis) database
+ - [PE-HUM] Deploy the Staging Environment
 - [AKS basic setup in Staging](./docs/aks-basic.md)
- - [PA-AZ] Create basic AKS setup
- - [PA-AZ] Deploy a simple Nginx Ingress controller
- - [PA-HUM] Create Staging Environment
- - [PA-AZ] Create a Memorystore (Redis) database
- - [PA-HUM] Deploy the Staging Environment
+ - [PE-AZ] Create basic AKS setup
+ - [PE-AZ] Deploy a simple Nginx Ingress controller
+ - [PE-HUM] Create Staging Environment
+ - [PE-AZ] Create a Memorystore (Redis) database
+ - [PE-HUM] Deploy the Staging Environment
 - [GKE advanced setup in Production](./docs/gke-advanced.md)
- - [PA-GCP] Create advanced and secured GKE setup
- - [PA-GCP] Deploy an Nginx Ingress controller
- - [PA-GCP] Protect the Nginx Ingress controller behind a Global Cloud Load Balancer (GCLB) and Cloud Armor (WAF)
- - [PA-GCP] Use Cloud Logging for Workload's logs
- - [PA-HUM] Create Production Environment
- - [PA-GCP] Create a Spanner database
- - [PA-GCP] Create Kubernetes and Google Service Accounts to access Spanner via Workload Identity
+ - [PE-GCP] Create advanced and secured GKE setup
+ - [PE-GCP] Deploy an Nginx Ingress controller
+ - [PE-GCP] Protect the Nginx Ingress controller behind a Global Cloud Load Balancer (GCLB) and Cloud Armor (WAF)
+ - [PE-GCP] Use Cloud Logging for Workload's logs
+ - [PE-HUM] Create Production Environment
+ - [PE-GCP] Create a Spanner database
+ - [PE-GCP] Create Kubernetes and Google Service Accounts to access Spanner via Workload Identity
  - [DE-HUM] Deploy `cartservice` Workload connected to the Spanner database in the Production Environment
 
 

docs/aks-advanced.md

@@ -9,4 +9,6 @@ az aks create \
  --enable-addons monitoring \
  --enable-msi-auth-for-monitoring \
  --no-ssh-key
-```
+```
+
+https://denniszielke.medium.com/advanced-load-balancing-scenarios-with-the-new-azure-application-gateway-for-containers-dd35c4de64df

docs/aks-basic.md

@@ -2,14 +2,14 @@
 
 # AKS basic setup in Staging
 
-- [[PA-AZ] Create the AKS cluster](#pa-az-create-the-aks-cluster)
-- [[PA-AZ] Deploy the Nginx Ingress controller](#pa-az-deploy-the-nginx-ingress-controller)
-- [[PA-AZ] Create the Service Principal to access the AKS cluster](#pa-az-create-the-service-principal-to-access-the-aks-cluster)
-- [[PA-HUM] Create the GKE access resource definition](#pa-hum-create-the-gke-access-resource-definition)
-- [[PA-HUM] Create the Staging Environment](#pa-hum-create-the-staging-environment)
-- [[PA-AZ] Create an Azure Redis Cache database](#pa-az-create-an-azure-redis-cache-database)
-- [[PA-HUM] Create the Azure Redis Cache access resource definition](#pa-hum-create-the-azure-redis-cache-access-resource-definition)
-- [[PA-HUM] Deploy the Staging Environment](#pa-hum-deploy-the-staging-environment)
+- [[PE-AZ] Create the AKS cluster](#pe-az-create-the-aks-cluster)
+- [[PE-AZ] Deploy the Nginx Ingress controller](#pe-az-deploy-the-nginx-ingress-controller)
+- [[PE-AZ] Create the Service Principal to access the AKS cluster](#pe-az-create-the-service-principal-to-access-the-aks-cluster)
+- [[PE-HUM] Create the AKS access resource definition](#pe-hum-create-the-aks-access-resource-definition)
+- [[PE-HUM] Create the Staging Environment](#pe-hum-create-the-staging-environment)
+- [[PE-AZ] Create an Azure Redis Cache database](#pe-az-create-an-azure-redis-cache-database)
+- [[PE-HUM] Create the Azure Redis Cache access resource definition](#pe-hum-create-the-azure-redis-cache-access-resource-definition)
+- [[PE-HUM] Deploy the Staging Environment](#pe-hum-deploy-the-staging-environment)
 - [Test the Online Boutique website](#test-the-online-boutique-website)
 
 ```mermaid
@@ -65,9 +65,9 @@ export HUMANITEC_TOKEN=FIXME
 ENVIRONMENT=${STAGING_ENV}-aks
 ```
 
-## [PA-AZ] Create the AKS cluster
+## [PE-AZ] Create the AKS cluster
 
-As Platform Admin, in Azure.
+As Platform Engineer, in Azure.
 
 ```bash
 az provider register \
@@ -90,9 +90,9 @@ az aks get-credentials \
  -n ${CLUSTER_NAME}
 ```
 
-## [PA-AZ] Deploy the Nginx Ingress controller
+## [PE-AZ] Deploy the Nginx Ingress controller
 
-As Platform Admin, in Azure.
+As Platform Engineer, in Azure.
 
 Deploy the Nginx Ingress Controller:
 ```bash
@@ -113,9 +113,9 @@ echo ${INGRESS_IP}
 ```
 _Note: re-run the above command until you get a value._
 
-## [PA-AZ] Create the Service Principal to access the AKS cluster
+## [PE-AZ] Create the Service Principal to access the AKS cluster
 
-As Platform Admin, in Azure.
+As Platform Engineer, in Azure.
 
 Create the Service Principal with the appropriate role:
 ```bash
@@ -135,9 +135,9 @@ az role assignment create \
  --scope ${AKS_ID}
 ```
 
-## [PA-HUM] Create the AKS access resource definition
+## [PE-HUM] Create the AKS access resource definition
 
-As Platform Admin, in Humanitec.
+As Platform Engineer, in Humanitec.
 
 Create the AKS access resource definition:
 ```bash
@@ -199,9 +199,9 @@ rm ${CLUSTER_NAME}.yaml
 rm ${CLUSTER_NAME}.json
 ```
 
-## [PA-HUM] Create the Staging Environment
+## [PE-HUM] Create the Staging Environment
 
-As Platform Admin, in Humanitec.
+As Platform Engineer, in Humanitec.
 
 Create the new Environment by cloning the existing Environment from its latest Deployment:
 ```bash
@@ -250,9 +250,9 @@ humctl deploy env ${CLONED_ENVIRONMENT} ${ENVIRONMENT} \
 
 At this stage, you can already [test the Online Boutique website](#test-the-online-boutique-website) in its existing state.
 
-## [PA-AZ] Create an Azure Redis Cache database
+## [PE-AZ] Create an Azure Redis Cache database
 
-As Platform Admin, in Azure.
+As Platform Engineer, in Azure.
 
 Create the Azure Redis Cache database:
 ```bash
@@ -293,9 +293,9 @@ echo ${REDIS_AUTH}
 ```
 _Note: re-run the above commands until you get the 3 values._
 
-## [PA-HUM] Create the Azure Redis Cache access resource definition
+## [PE-HUM] Create the Azure Redis Cache access resource definition
 
-As Platform Admin, in Humanitec.
+As Platform Engineer, in Humanitec.
 
 ```bash
 cat <<EOF > ${REDIS_NAME}.yaml
@@ -351,9 +351,9 @@ Clean sensitive information locally:
 rm ${REDIS_NAME}.yaml
 ```
 
-## [PA-HUM] Deploy the Staging Environment
+## [PE-HUM] Deploy the Staging Environment
 
-As Platform admin, in Humanitec.
+As Platform Engineer, in Humanitec.
 
 Deploy the new Environment to take into account all the new resource definitions:
 ```bash

docs/common.md

@@ -6,10 +6,10 @@
 
 ## Common setup
 
-- [[PA-HUM] Create `staging` and `production` Environment types](#pa-hum-create-staging-and-production-environment-types)
-- [[PA-HUM] Create a custom `Namespace` resource definition](#pa-hum-create-a-custom-namespace-resource-definition)
-- [[PA-HUM] Create a custom `ServiceAccount` resource definition](#pa-hum-create-a-custom-serviceaccount-resource-definition)
-- [[PA-HUM] Create a custom Workload resource definition](#pa-hum-create-a-custom-workload-resource-definition)
+- [[PE-HUM] Create `staging` and `production` Environment types](#pe-hum-create-staging-and-production-environment-types)
+- [[PE-HUM] Create a custom `Namespace` resource definition](#pe-hum-create-a-custom-namespace-resource-definition)
+- [[PE-HUM] Create a custom `ServiceAccount` resource definition](#pe-hum-create-a-custom-serviceaccount-resource-definition)
+- [[PE-HUM] Create a custom Workload resource definition](#pe-hum-create-a-custom-workload-resource-definition)
 
 ```mermaid
 flowchart LR
@@ -33,7 +33,7 @@ export HUMANITEC_CONTEXT=/orgs/${HUMANITEC_ORG}
 export HUMANITEC_TOKEN=FIXME
 ```
 
-### [PA-HUM] Create `staging` and `production` Environment types
+### [PE-HUM] Create `staging` and `production` Environment types
 
 The `development` Environment type is already created by default in Humanitec.
 
@@ -83,9 +83,9 @@ humctl create environment-type ${PRODUCTION_ENV} \
  ```
 </details>
 
-### [PA-HUM] Create a custom `Namespace` resource definition
+### [PE-HUM] Create a custom `Namespace` resource definition
 
-As Platform Admin, in Humanitec.
+As Platform Engineer, in Humanitec.
 
 Customize the name of the Kubernetes `Namespace` for all our Apps in Production Environment Type ([reference](https://docs.humanitec.com/guides/orchestrate-infrastructure/define-namespaces)). One per App/Env. We are also adding the label to enforce [Pod Security Standards `restricted`](https://kubernetes.io/docs/concepts/security/pod-security-standards/):
 ```bash
@@ -159,9 +159,9 @@ humctl create \
  ```
 </details>
 
-### [PA-HUM] Create a custom `ServiceAccount` resource definition
+### [PE-HUM] Create a custom `ServiceAccount` resource definition
 
-As Platform Admin, in Humanitec.
+As Platform Engineer, in Humanitec.
 
 Create a dedicated Kubernetes `ServiceAccount` for all our Apps, one per Workload:
 ```bash
@@ -231,9 +231,9 @@ humctl create \
  ```
 </details>
 
-### [PA-HUM] Create a custom Workload resource definition
+### [PE-HUM] Create a custom Workload resource definition
 
-As Platform Admin, in Humanitec.
+As Platform Engineer, in Humanitec.
 
 Customize the Kubernetes `Deployment` manifests for all our Workloads in Production Environment Type by adding the `securityContext` sections and other security features ([reference](https://docs.humanitec.com/integrations/resource-types/workload)):
 ```bash