Update demo charts and CLI command to not presume tproxy (#1657)

hashicorp · Oct 31, 2022 · f5104b8 · f5104b8
1 parent 767340c
commit f5104b8
Show file tree

Hide file tree

Showing 8 changed files with 59 additions and 223 deletions.
diff --git a/charts/demo/templates/frontend.yaml b/charts/demo/templates/frontend.yaml
@@ -1,11 +1,3 @@
-# WARNING: The HashiCups files have been copied directly from
-# https://github.com/hashicorp/learn-consul-kubernetes/tree/main/layer7-observability/hashicups
-# Any modifications begin with the comment # BEGIN CONSUL-K8S MODIFICATION
-# and end with the comment # BEGIN CONSUL-K8S MODIFICATION.
-# If keeping these files manually up to date with their upstream source,
-# the files will need to be copied from the above repo and transferred here.
-# Once transferred, all modifications will need to be reapplied.
----
 apiVersion: v1
 kind: Service
 metadata:
@@ -15,8 +7,8 @@ metadata:
 spec:
   type: ClusterIP
   ports:
-    - port: 80
-      targetPort: 80
+    - port: 3000
+      targetPort: 3000
   selector:
     app: frontend
 ---
@@ -33,39 +25,6 @@ metadata:
 spec:
   protocol: "http"
 ---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: nginx-configmap
-data:
-  config: |
-    # /etc/nginx/conf.d/default.conf
-    server {
-        listen       80;
-        server_name  localhost;
-        #charset koi8-r;
-        #access_log  /var/log/nginx/host.access.log  main;
-        location / {
-            root   /usr/share/nginx/html;
-            index  index.html index.htm;
-        }
-        # Proxy pass the api location to save CORS
-        # Use location exposed by Consul connect
-        location /api {
-            # BEGIN CONSUL-K8S MODIFICATION
-            proxy_pass http://public-api.{{ .Release.Namespace }}.svc.cluster.local:8080;
-            # END CONSUL-K8S MODIFICATION
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "Upgrade";
-            proxy_set_header Host $host;
-        }
-        error_page   500 502 503 504  /50x.html;
-        location = /50x.html {
-            root   /usr/share/nginx/html;
-        }
-    }
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -81,36 +40,22 @@ spec:
       labels:
         service: frontend
         app: frontend
-      # BEGIN CONSUL-K8S MODIFICATION
       annotations:
-        'consul.hashicorp.com/connect-inject': 'true'
-      # END CONSUL-K8S MODIFICATION
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9102"
+        consul.hashicorp.com/connect-inject: "true"
     spec:
       serviceAccountName: frontend
-      volumes:
-      - name: config
-        configMap:
-          name: nginx-configmap
-          items:
-          - key: config
-            path: default.conf
       containers:
         - name: frontend
-          image: hashicorpdemoapp/frontend:v0.0.3
+          image: hashicorpdemoapp/frontend:v1.0.3
+          imagePullPolicy: Always
+          env:
+            - name: NEXT_PUBLIC_PUBLIC_API_URL
+              value: "/"
           ports:
-            - containerPort: 80
-          volumeMounts:
-            - name: config
-              mountPath: /etc/nginx/conf.d
-              readOnly: true
----
-apiVersion: consul.hashicorp.com/v1alpha1
-kind: ServiceIntentions
-metadata:
-  name: frontend-to-public-api
-spec:
-  destination:
-    name: public-api
-  sources:
-    - name: frontend
-      action: allow
+            - containerPort: 3000
+          # Added for debugging purposes - NOT RECOMMENDED
+          # securityContext:
+          #   allowPrivilegeEscalation: false
+          #   runAsUser: 0
diff --git a/charts/demo/templates/postgres.yaml b/charts/demo/templates/postgres.yaml
@@ -1,10 +1,3 @@
-# WARNING: The HashiCups files have been copied directly from
-# https://github.com/hashicorp/learn-consul-kubernetes/tree/main/layer7-observability/hashicups
-# Any modifications begin with the comment # BEGIN CONSUL-K8S MODIFICATION
-# and end with the comment # BEGIN CONSUL-K8S MODIFICATION.
-# If keeping these files manually up to date with their upstream source,
-# the files will need to be copied from the above repo and transferred here.
-# Once transferred, all modifications will need to be reapplied.
 ---
 apiVersion: v1
 kind: Service
@@ -13,10 +6,10 @@ metadata:
   labels:
     app: postgres
 spec:
-  type: ClusterIP
   ports:
     - port: 5432
       targetPort: 5432
+      protocol: TCP
   selector:
     app: postgres
 ---
@@ -31,7 +24,7 @@ kind: ServiceDefaults
 metadata:
   name: postgres
 spec:
-  protocol: tcp
+  protocol: "tcp"
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -48,15 +41,16 @@ spec:
       labels:
         service: postgres
         app: postgres
-      # BEGIN CONSUL-K8S MODIFICATION
       annotations:
-        'consul.hashicorp.com/connect-inject': 'true'
-      # END CONSUL-K8S MODIFICATION
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9102"
+        consul.hashicorp.com/connect-inject: "true"
     spec:
       serviceAccountName: postgres
       containers:
         - name: postgres
-          image: hashicorpdemoapp/product-api-db:v0.0.11
+          image: hashicorpdemoapp/product-api-db:v0.0.21
+          imagePullPolicy: Always
           ports:
             - containerPort: 5432
           env:
@@ -66,8 +60,6 @@ spec:
               value: postgres
             - name: POSTGRES_PASSWORD
               value: password
-          # only listen on loopback so only access is via connect proxy
-          args: ["-c", "listen_addresses=127.0.0.1"]
           volumeMounts:
             - mountPath: "/var/lib/postgresql/data"
               name: "pgdata"

diff --git a/charts/demo/templates/product-api.yaml b/charts/demo/templates/product-api.yaml
diff --git a/charts/demo/templates/public-api.yaml b/charts/demo/templates/public-api.yaml
@@ -1,11 +1,3 @@
-# WARNING: The HashiCups files have been copied directly from
-# https://github.com/hashicorp/learn-consul-kubernetes/tree/main/layer7-observability/hashicups
-# Any modifications begin with the comment # BEGIN CONSUL-K8S MODIFICATION
-# and end with the comment # BEGIN CONSUL-K8S MODIFICATION.
-# If keeping these files manually up to date with their upstream source,
-# the files will need to be copied from the above repo and transferred here.
-# Once transferred, all modifications will need to be reapplied.
----
 apiVersion: v1
 kind: Service
 metadata:
@@ -48,32 +40,47 @@ spec:
       labels:
         service: public-api
         app: public-api
-      # BEGIN CONSUL-K8S MODIFICATION
       annotations:
-        'consul.hashicorp.com/connect-inject': 'true'
-      # END CONSUL-K8S MODIFICATION
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9102"
+        consul.hashicorp.com/connect-inject: "true"
+        # BEGIN CONSUL-K8S MODIFICATION
+        consul.hashicorp.com/connect-service-upstreams: 'products-api:9090, payments:1800'
+        # END CONSUL-K8S MODIFICATION
     spec:
       serviceAccountName: public-api
       containers:
         - name: public-api
-          image: hashicorpdemoapp/public-api:v0.0.3
+          image: hashicorpdemoapp/public-api:v0.0.6
+          imagePullPolicy: Always
           ports:
             - containerPort: 8080
           env:
             - name: BIND_ADDRESS
               value: ":8080"
             - name: PRODUCT_API_URI
-              # BEGIN CONSUL-K8S MODIFICATION
-              value: "http://product-api.{{ .Release.Namespace }}.svc.cluster.local:9090"
-              # END CONSUL-K8S MODIFICATION
----
-apiVersion: consul.hashicorp.com/v1alpha1
-kind: ServiceIntentions
-metadata:
-  name: public-api-to-product-api
-spec:
-  destination:
-    name: product-api
-  sources:
-    - name: public-api
-      action: allow
+              value: "http://localhost:9090"
+            - name: PAYMENT_API_URI
+              value: "http://localhost:1800"
+        - name: jaeger-agent
+          image: jaegertracing/jaeger-agent:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 5775
+              name: zk-compact-trft
+              protocol: UDP
+            - containerPort: 5778
+              name: config-rest
+              protocol: TCP
+            - containerPort: 6831
+              name: jg-compact-trft
+              protocol: UDP
+            - containerPort: 6832
+              name: jg-binary-trft
+              protocol: UDP
+            - containerPort: 14271
+              name: admin-http
+              protocol: TCP
+          args:
+            - --reporter.grpc.host-port=dns:///jaeger-collector-headless.default:14250
+            - --reporter.type=grpc
diff --git a/cli/cmd/install/install_test.go b/cli/cmd/install/install_test.go
@@ -595,7 +595,7 @@ func TestInstall(t *testing.T) {
 				"\n==> Installing Consul\n ✓ Downloaded charts.\n ✓ Consul installed in namespace \"consul\".\n",
 				"\n==> Consul Demo Application Installation Summary\n    Name: consul-demo\n    Namespace: consul\n    \n    \n",
 				"\n==> Installing Consul demo application\n ✓ Downloaded charts.\n ✓ Consul demo application installed in namespace \"consul\".\n",
-				"\n==> Accessing Consul Demo Application UI\n    kubectl port-forward deploy/frontend 8080:80 --namespace consul\n    Browse to http://localhost:8080.\n",
+				"\n==> Accessing Consul Demo Application UI\n    kubectl port-forward service/nginx 8080:80 --namespace consul\n    Browse to http://localhost:8080.\n",
 			},
 			helmActionsRunner:                       &helm.MockActionRunner{},
 			expectedReturnCode:                      0,

diff --git a/cli/cmd/upgrade/upgrade_test.go b/cli/cmd/upgrade/upgrade_test.go
@@ -341,7 +341,7 @@ func TestUpgrade(t *testing.T) {
 				"\n==> Upgrading Consul\n ✓ Consul upgraded in namespace \"consul\".\n",
 				"\n==> Consul Demo Application Installation Summary\n    Name: consul-demo\n    Namespace: consul\n    \n    \n",
 				"\n==> Installing Consul demo application\n ✓ Downloaded charts.\n ✓ Consul demo application installed in namespace \"consul\".\n",
-				"\n==> Accessing Consul Demo Application UI\n    kubectl port-forward deploy/frontend 8080:80 --namespace consul\n    Browse to http://localhost:8080.\n",
+				"\n==> Accessing Consul Demo Application UI\n    kubectl port-forward service/nginx 8080:80 --namespace consul\n    Browse to http://localhost:8080.\n",
 			},
 			helmActionsRunner: &helm.MockActionRunner{
 				CheckForInstallationsFunc: func(options *helm.CheckForInstallationsOptions) (bool, string, string, error) {

diff --git a/cli/helm/install.go b/cli/helm/install.go
@@ -73,7 +73,7 @@ func InstallDemoApp(options *InstallOptions) error {
 
 	options.UI.Output("Accessing %s UI", cases.Title(language.English).String(common.ReleaseTypeConsulDemo), terminal.WithHeaderStyle())
 	port := "8080"
-	portForwardCmd := fmt.Sprintf("kubectl port-forward deploy/frontend %s:80", port)
+	portForwardCmd := fmt.Sprintf("kubectl port-forward service/nginx %s:80", port)
 	if options.Settings.Namespace() != "default" {
 		portForwardCmd += fmt.Sprintf(" --namespace %s", options.Settings.Namespace())
 	}

diff --git a/cli/helm/install_test.go b/cli/helm/install_test.go
@@ -26,7 +26,7 @@ func TestInstallDemoApp(t *testing.T) {
 			messages: []string{
 				"\n==> Consul Demo Application Installation Summary\n    Name: consul-demo\n    Namespace: default\n    \n    \n",
 				"\n==> Installing Consul\n ✓ Downloaded charts.\n ✓ Consul installed in namespace \"consul-namespace\".\n",
-				"\n==> Accessing Consul Demo Application UI\n    kubectl port-forward deploy/frontend 8080:80 --namespace consul-namespace\n    Browse to http://localhost:8080.\n",
+				"\n==> Accessing Consul Demo Application UI\n    kubectl port-forward service/nginx 8080:80 --namespace consul-namespace\n    Browse to http://localhost:8080.\n",
 			},
 			helmActionsRunner: &MockActionRunner{},
 		},