update samples for version 0.3.4

GoogleCloudPlatform · Nov 21, 2019 · 4ae009e · 4ae009e
1 parent f7b250b
commit 4ae009e
Show file tree

Hide file tree

Showing 108 changed files with 806 additions and 115 deletions.
diff --git a/apps/README.md b/apps/README.md
@@ -53,4 +53,8 @@ The [bookstore](bookstore) is a simple application with a web user interface.
 
 ## Musicians
 
-The [musicians](musicians) sample is a simple web service which uses a Cloud SQL database.
+The [musicians](musicians) sample is a simple web service which uses a Cloud SQL database.
+
+## WordPress
+
+The [WordPress](wordpress) sample demonstrates how you can use Config Connector to provision a WordPress site powered by Google Cloud SQL MySQL database and using Workload Identity for authentication.
diff --git a/apps/wordpress/README.md b/apps/wordpress/README.md
@@ -0,0 +1,57 @@
+# WordPress
+
+The WordPress application demonstrates how you can configure a WordPress site powered by GCP MySQL database and using Workload Identity for authentication.
+
+## Prerequisites
+
+1. Create or identify a GCP project.
+1. Create or identify a GKE cluster where Config Connector has not yet been installed.
+1. [Enable Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#enable_workload_identity_on_a_new_cluster) on the cluster where you will install Config Connector.
+1. Follow the steps [here](https://cloud.google.com/config-connector/docs/how-to/install-upgrade-uninstall) to install Config Connector
+
+## Steps with Helm
+
+All steps are run from this directory.
+
+1. [Install Helm](https://helm.sh/docs/using_helm/)
+1. Review and update the values in `./charts/wordpress-gcp/values.yaml` .
+1. Validate and install the sample with Helm
+
+    ```bash
+    # validate your chart
+    helm lint ./charts/wordpress-gcp/ --set google.projectId=[PROJECT_ID]
+
+    # check the output of your chart
+    helm template ./charts/wordpress-gcp/ --set google.projectId=[PROJECT_ID]
+
+    # install your chart
+    helm install ./charts/wordpress-gcp/ --set google.projectId=[PROJECT_ID]
+    ```
+
+1.  Check the status of your database by running `kubectl describe sqlinstance wp-db`. Once the database is created, obtain the external IP address of your WordPress application by checking `kubectl get svc wordpress-external`. Navigate to this address and validate that you see WordPress installation page.
+
+1. Clean up the installation:
+
+    ```bash
+    # list Helm releases
+    helm list
+    
+    # delete release
+    helm delete [release_name]
+
+## Steps with kustomize
+
+1. [Install kustomize](https://github.com/kubernetes-sigs/kustomize/blob/master/docs/INSTALL.md)
+1. Review and update the values in `overlays/production/`. Note how patches are used to update the values.
+1. Install the sample with kustomize
+
+    ```bash
+    kustomize build ./kustomize/overlays/production | kubectl apply -f -
+    ```
+
+1.  Check the status of your database by running `kubectl describe sqlinstance wp-db`. Once the database is created, obtain the external IP address of your wordpress application by checking `kubectl get svc wordpress-external`. Navigate to this address and validate that you see WordPress installation page.
+1. Uninstall the sample:
+
+    ```bash
+    kustomize build ./kustomize/overlays/production | kubectl delete -f -
+    ```
diff --git a/apps/wordpress/charts/wordpress-gcp/.helmignore b/apps/wordpress/charts/wordpress-gcp/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode
diff --git a/apps/wordpress/charts/wordpress-gcp/Chart.yaml b/apps/wordpress/charts/wordpress-gcp/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy WordPress powered by Google Cloud SQL MySQL database and Config Connector to Kubernetes
+name: wordpress-gcp
+version: 0.1.0
diff --git a/apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-db.yaml b/apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-db.yaml
@@ -0,0 +1,8 @@
+apiVersion: sql.cnrm.cloud.google.com/v1alpha3
+kind: SQLDatabase
+metadata:
+  name: {{ required "dbName is required!" .Values.database.dbName }}
+spec:
+  charset: utf8
+  instanceRef:
+    name: {{ required "instanceName is required!" .Values.database.instanceName }}
diff --git a/apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-instance.yaml b/apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-instance.yaml
@@ -0,0 +1,9 @@
+apiVersion: sql.cnrm.cloud.google.com/v1alpha3
+kind: SQLInstance
+metadata:
+  name: {{ required "instanceName is required!" .Values.database.instanceName }}
+spec:
+  databaseVersion: {{ required "version is required!" .Values.database.version }}
+  region: {{ required "region is required!" .Values.google.region }}
+  settings:
+    tier: {{ required "tier is required!" .Values.database.tier }}
diff --git a/apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-policy-member.yaml b/apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-policy-member.yaml
@@ -0,0 +1,10 @@
+apiVersion: iam.cnrm.cloud.google.com/v1alpha1
+kind: IAMPolicyMember
+metadata:
+  name: sql-wp-sa-project-policymember
+spec:
+  member: serviceAccount:sql-wp-sa@{{ required "projectId is required!" .Values.google.projectId }}.iam.gserviceaccount.com
+  role: roles/cloudsql.client
+  resourceRef:
+    kind: Project
+    name: {{ required "projectId is required!" .Values.google.projectId }}
diff --git a/apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-service-account.yaml b/apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-service-account.yaml
@@ -0,0 +1,6 @@
+apiVersion: iam.cnrm.cloud.google.com/v1alpha1
+kind: IAMServiceAccount
+metadata:
+  name: sql-wp-sa
+spec:
+  displayName: Service Account for WordPress Config Connector Sample
diff --git a/apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-user.yaml b/apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-user.yaml
@@ -0,0 +1,9 @@
+apiVersion: sql.cnrm.cloud.google.com/v1alpha3
+kind: SQLUser
+metadata:
+  name: {{ required "user is required!" .Values.database.user }}
+spec:
+  instanceRef:
+    name: {{ required "instanceName is required!" .Values.database.instanceName }}
+  host: "%"
+  password: {{ required "password is required!" .Values.database.password }}
diff --git a/apps/wordpress/charts/wordpress-gcp/templates/gcp-wi-policy.yaml b/apps/wordpress/charts/wordpress-gcp/templates/gcp-wi-policy.yaml
@@ -0,0 +1,13 @@
+apiVersion: iam.cnrm.cloud.google.com/v1alpha1
+kind: IAMPolicy
+metadata:
+  name: sql-wp-sa-wi-policy
+spec:
+  resourceRef:
+    apiVersion: iam.cnrm.cloud.google.com/v1alpha1
+    kind: IAMServiceAccount
+    name: sql-wp-sa
+  bindings:
+    - role: roles/iam.workloadIdentityUser
+      members:
+        - serviceAccount:{{ required "projectId is required!" .Values.google.projectId }}.svc.id.goog[{{ required "Namespace is requried!" .Release.Namespace }}/sql-wp-ksa-wi]
diff --git a/apps/wordpress/charts/wordpress-gcp/templates/k8s-external-load-balancer.yaml b/apps/wordpress/charts/wordpress-gcp/templates/k8s-external-load-balancer.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: default
+  name: wordpress-external
+  labels:
+    app: wordpress
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 80
+      name: web
+      targetPort: 80
+      protocol: TCP
+  selector:
+    app: wordpress
diff --git a/apps/wordpress/charts/wordpress-gcp/templates/k8s-service-account.yaml b/apps/wordpress/charts/wordpress-gcp/templates/k8s-service-account.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sql-wp-ksa-wi
+  annotations:
+    iam.gke.io/gcp-service-account: sql-wp-sa@{{ required "projectId is required!" .Values.google.projectId }}.iam.gserviceaccount.com
diff --git a/apps/wordpress/charts/wordpress-gcp/templates/k8s-sql-db-credentials.yaml b/apps/wordpress/charts/wordpress-gcp/templates/k8s-sql-db-credentials.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wordpress-cloudsql-db-credentials
+stringData:
+  projectId: {{ required "projectId is required!" .Values.google.projectId }}
+  username: {{ required "user is required!" .Values.database.user }}
+  password: {{ required "password is required!" .Values.database.password }}
+  connectionName: {{ required "region is required!" .Values.google.region }}:{{ required "instanceName is required!" .Values.database.instanceName }}
diff --git a/apps/wordpress/charts/wordpress-gcp/templates/k8s-stateful-set.yaml b/apps/wordpress/charts/wordpress-gcp/templates/k8s-stateful-set.yaml
@@ -0,0 +1,87 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  namespace: default
+  name: wordpress
+spec:
+  selector:
+    matchLabels:
+      app: wordpress
+  serviceName: "wordpress"
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: wordpress
+    spec:
+      terminationGracePeriodSeconds: 30
+      serviceAccountName: sql-wp-ksa-wi
+      containers:
+      - name: wordpress
+        resources: 
+{{ toYaml .Values.wordpress.resources | indent 10 }}
+        image: {{ required "image is required!" .Values.wordpress.image}}
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: WORDPRESS_DB_HOST
+          value: 127.0.0.1:3306
+        - name: WORDPRESS_DB_USER
+          valueFrom:
+            secretKeyRef:
+              name: wordpress-cloudsql-db-credentials
+              key: username
+        - name: WORDPRESS_DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: wordpress-cloudsql-db-credentials
+              key: password
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: wordpress-volume
+          mountPath: /var/www/html
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 80
+          initialDelaySeconds: 180
+          periodSeconds: 10
+          timeoutSeconds: 10
+          failureThreshold: 10
+          successThreshold: 1
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 80
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 10
+          failureThreshold: 20
+          successThreshold: 1
+      - name: cloudsql-proxy
+        resources:
+          limits:
+            cpu: "200m"
+            memory: "100Mi"
+        image: gcr.io/cloudsql-docker/gce-proxy:1.11
+        env:
+          - name: CONNECTION_NAME
+            valueFrom:
+              secretKeyRef:
+                name: wordpress-cloudsql-db-credentials
+                key: connectionName
+          - name: PROJECT_ID
+            valueFrom:
+              secretKeyRef:
+                name: wordpress-cloudsql-db-credentials
+                key: projectId
+        command: ["/cloud_sql_proxy",
+                  "-instances=$(PROJECT_ID):$(CONNECTION_NAME)=tcp:3306"]
+  volumeClaimTemplates:
+    - metadata:
+        name: wordpress-volume
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        resources:
+          requests:
+            storage: {{ required "storage is required!" .Values.wordpress.storage}}
diff --git a/apps/wordpress/charts/wordpress-gcp/values.yaml b/apps/wordpress/charts/wordpress-gcp/values.yaml
@@ -0,0 +1,23 @@
+# Default values for opsman.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+google:
+  projectId:
+  region: us-central1
+
+database:
+  instanceName: wp-db
+  dbName: wordpress
+  version: MYSQL_5_7
+  tier: db-f1-micro
+  user: wordpress
+  password: change-me
+
+wordpress:
+  image: wordpress:5.2.2-apache
+  storage: 10Gi
+  resources:
+    limits:
+      cpu: "200m"
+      memory: "100Mi"
diff --git a/apps/wordpress/kustomize/base/gcp-sql-db.yaml b/apps/wordpress/kustomize/base/gcp-sql-db.yaml
@@ -0,0 +1,8 @@
+apiVersion: sql.cnrm.cloud.google.com/v1alpha3
+kind: SQLDatabase
+metadata:
+  name: wordpress
+spec:
+  charset: utf8
+  instanceRef:
+    name: wp2-db
diff --git a/...th-sql-user/sql_v1alpha3_sqlinstance.yaml → ...ress/kustomize/base/gcp-sql-instance.yaml b/...th-sql-user/sql_v1alpha3_sqlinstance.yaml → ...ress/kustomize/base/gcp-sql-instance.yaml
@@ -1,9 +1,9 @@
 apiVersion: sql.cnrm.cloud.google.com/v1alpha3
 kind: SQLInstance
 metadata:
-  name: mysql-instance-sample-with-sql-user
+  name: wp2-db
 spec:
   databaseVersion: MYSQL_5_7
   region: us-central1
   settings:
-    tier: db-f1-micro
+    tier: db-f1-micro
diff --git a/apps/wordpress/kustomize/base/gcp-sql-policy-member.yaml b/apps/wordpress/kustomize/base/gcp-sql-policy-member.yaml
@@ -0,0 +1,10 @@
+apiVersion: iam.cnrm.cloud.google.com/v1alpha1
+kind: IAMPolicyMember
+metadata:
+  name: sql-wp-sa-project-policymember
+spec:
+  member: serviceAccount:[email protected]
+  role: roles/cloudsql.client
+  resourceRef:
+    kind: Project
+    name: project-id
diff --git a/apps/wordpress/kustomize/base/gcp-sql-service-account.yaml b/apps/wordpress/kustomize/base/gcp-sql-service-account.yaml
@@ -0,0 +1,6 @@
+apiVersion: iam.cnrm.cloud.google.com/v1alpha1
+kind: IAMServiceAccount
+metadata:
+  name: sql-wp-sa
+spec:
+  displayName: Service Account for WordPress Config Connector Sample
diff --git a/apps/wordpress/kustomize/base/gcp-sql-user.yaml b/apps/wordpress/kustomize/base/gcp-sql-user.yaml
@@ -0,0 +1,9 @@
+apiVersion: sql.cnrm.cloud.google.com/v1alpha3
+kind: SQLUser
+metadata:
+  name: wordpress
+spec:
+  instanceRef:
+    name: wp2-db
+  host: "%"
+  password: change-me
diff --git a/apps/wordpress/kustomize/base/gcp-wi-policy.yaml b/apps/wordpress/kustomize/base/gcp-wi-policy.yaml
@@ -0,0 +1,13 @@
+apiVersion: iam.cnrm.cloud.google.com/v1alpha1
+kind: IAMPolicy
+metadata:
+  name: sql-wp-sa-wi-policy
+spec:
+  resourceRef:
+    apiVersion: iam.cnrm.cloud.google.com/v1alpha1
+    kind: IAMServiceAccount
+    name: sql-wp-sa
+  bindings:
+    - role: roles/iam.workloadIdentityUser
+      members:
+        - serviceAccount:project-id.svc.id.goog[default/sql-wp-ksa-wi]
diff --git a/apps/wordpress/kustomize/base/k8s-external-load-balancer.yaml b/apps/wordpress/kustomize/base/k8s-external-load-balancer.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: default
+  name: wordpress-external
+  labels:
+    app: wordpress
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 80
+      name: web
+      targetPort: 80
+      protocol: TCP
+  selector:
+    app: wordpress
diff --git a/apps/wordpress/kustomize/base/k8s-service-account.yaml b/apps/wordpress/kustomize/base/k8s-service-account.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sql-wp-ksa-wi
+  annotations:
+    iam.gke.io/gcp-service-account: [email protected]