Skip to content

crcsmnky/movieweb

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
backend
backend
 
 
dataset
dataset
 
 
frontend
frontend
 
 
manifests
manifests
 
 
unused
unused
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
skaffold.yaml
skaffold.yaml
 
 

Repository files navigation

Hello and Welcome to MovieWeb

MovieWeb is a project meant to demonstrate some of the particulars of Istio.

Data

This sample uses data from MovieLens, specifically the "latest small" dataset. The dataset is available as exports for Cloud SQL/MySQL, Cloud Firestore, and MongoDB. For more information check out dataset/README.

Prerequisites

Setup

Kubernetes Engine and Istio Add-On

gcloud beta container clusters create [CLUSTER-NAME] \
--addons=Istio --istio-config=auth=MTLS_PERMISSIVE \
--cluster-version=latest \
--machine-type=n1-standard-2 \
--num-nodes=4

gcloud container clusters get-credentials [CLUSTER-NAME]

kubectl create namespace movieweb
kubectl label namespace movieweb istio-injection=enabled

Service accounts

Cloud SQL

gcloud iam service-accounts create cloudsql-client --display-name "cloudsql-client"

gcloud projects add-iam-policy-binding [PROJECT-ID] \
--member serviceAccount:cloudsql-client@[PROJET-ID].iam.gserviceaccount.com \
--role roles/cloudsql.client

gcloud iam service-accounts keys create backend/cloudsql/cloudsql-credentials.json \
--iam-account cloudsql-client@[PROJECT-ID].iam.gserviceaccount.com

Cloud Firestore

gcloud iam service-accounts create cloudfirestore-user --display-name "cloudfirestore-user"

gcloud projects add-iam-policy-binding [PROJECT-ID] \
--member serviceAccount:cloudfirestore-user@[PROJET-ID].iam.gserviceaccount.com \
--role roles/datastore.user

gcloud iam service-accounts keys create backend/firestore/cloudfirestore-credentials.json \
--iam-account cloudfirestore-user@[PROJECT-ID].iam.gserviceaccount.com

Secrets

Cloud SQL

kubectl create secret generic cloudsql-credentials \
--from-file=backend/cloudsql/cloudsql-credentials.json \
-n movieweb

Cloud Firestore

kubectl create secret generic cloudfirestore-credentials \
--from-file=backend/firestore/cloudfirestore-credentials.json \
-n movieweb

MongoDB

Use Deployment Manager to deploy the MongoDB instance:

gcloud deployment-manager deployments create mongodb-instance \
--config=dataset/mongodb-instance.yaml \
--template=dataset/mongodb-instance.jinja

By default, the instance allows traffic from other GCE instances, but the GKE Pod IP range isn't included. So create a new rule that allows traffic from the GKE Pod's IP range:

export PODIP_RANGE=$(gcloud container clusters describe [CLUSTER_NAME] --format="value(clusterIpv4Cidr")

gcloud compute firewall-rules create default-allow-podip \
--allow=tcp,udp,icmp \
--source-ranges=$PODIP_RANGE

Deploy Istio rules

First create the Istio routing rules for external databases:

kubectl create -f manifests/database-services.yaml

Then create the movieweb routing rules:

kubectl create -f manifests/movieweb-services.yaml

Build container images

VERSION=1.0 skaffold build

Deploy microservices

skaffold deploy

Or

kubectl create -f manifests/deployments.yaml

Monitoring, tracing, logging

Prometheus:

Tracing:

Logging:

Cleanup

  • Delete GKE cluster
  • Delete MongoDB instance
  • Delete service accounts

About

Hello and welcome to MovieWeb

Resources

Readme

License

Apache-2.0 license
Activity

Stars

4 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages