added files for pyroscope

Author: beellz

CODEOWNERS

@@ -0,0 +1,3 @@
+# Repo owners - Anthos DPE
+*   @anthos-dpe
+

README.md

@@ -1,3 +1,17 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 # This configuration file is used to build and deploy the app into a 
 # GKE cluster using Google Cloud Build.
 #

cloudbuild.yaml

@@ -0,0 +1,128 @@
+# Development Guide 
+
+This doc explains how to build and run the OnlineBoutique source code locally using the `skaffold` command-line tool.  
+
+## Prerequisites 
+
+- [Docker for Desktop](https://www.docker.com/products/docker-desktop).
+- kubectl (can be installed via `gcloud components install kubectl`)
+- [skaffold]( https://skaffold.dev/docs/install/), a tool that builds and deploys Docker images in bulk. 
+- A Google Cloud Project with Google Container Registry enabled. 
+- Enable GCP APIs for Cloud Monitoring, Tracing, Debugger, Profiler:
+```
+gcloud services enable monitoring.googleapis.com \
+    cloudtrace.googleapis.com \
+    clouddebugger.googleapis.com \
+    cloudprofiler.googleapis.com
+```
+- [Minikube](https://minikube.sigs.k8s.io/docs/start/) (optional - see Local Cluster)
+- [Kind](https://kind.sigs.k8s.io/) (optional - see Local Cluster)
+
+## Option 1: Google Kubernetes Engine (GKE)
+
+> 💡 Recommended if you're using Google Cloud Platform and want to try it on
+> a realistic cluster. **Note**: If your cluster has Workload Identity enabled, 
+> [see these instructions](/docs/workload-identity.md)
+
+1.  Create a Google Kubernetes Engine cluster and make sure `kubectl` is pointing
+    to the cluster.
+
+    ```sh
+    gcloud services enable container.googleapis.com
+    ```
+
+    ```sh
+    gcloud container clusters create demo --enable-autoupgrade \
+        --enable-autoscaling --min-nodes=3 --max-nodes=10 --num-nodes=5 --zone=us-central1-a
+    ```
+
+    ```
+    kubectl get nodes
+    ```
+
+2.  Enable Google Container Registry (GCR) on your GCP project and configure the
+    `docker` CLI to authenticate to GCR:
+
+    ```sh
+    gcloud services enable containerregistry.googleapis.com
+    ```
+
+    ```sh
+    gcloud auth configure-docker -q
+    ```
+
+3.  In the root of this repository, run `skaffold run --default-repo=gcr.io/[PROJECT_ID]`,
+    where [PROJECT_ID] is your GCP project ID.
+
+    This command:
+
+    - builds the container images
+    - pushes them to GCR
+    - applies the `./kubernetes-manifests` deploying the application to
+      Kubernetes.
+
+    **Troubleshooting:** If you get "No space left on device" error on Google
+    Cloud Shell, you can build the images on Google Cloud Build: [Enable the
+    Cloud Build
+    API](https://console.cloud.google.com/flows/enableapi?apiid=cloudbuild.googleapis.com),
+    then run `skaffold run -p gcb --default-repo=gcr.io/[PROJECT_ID]` instead.
+
+4.  Find the IP address of your application, then visit the application on your
+    browser to confirm installation.
+
+        kubectl get service frontend-external
+
+
+## Option 2 - Local Cluster 
+
+1. Launch a local Kubernetes cluster with one of the following tools:
+
+    - To launch **Minikube** (tested with Ubuntu Linux). Please, ensure that the
+       local Kubernetes cluster has at least:
+        - 4 CPUs
+        - 4.0 GiB memory
+        - 32 GB disk space
+
+      ```shell
+      minikube start --cpus=4 --memory 4096 --disk-size 32g
+      ```
+
+    - To launch **Docker for Desktop** (tested with Mac/Windows). Go to Preferences:
+        - choose “Enable Kubernetes”,
+        - set CPUs to at least 3, and Memory to at least 6.0 GiB
+        - on the "Disk" tab, set at least 32 GB disk space
+
+    - To launch a **Kind** cluster:
+
+      ```shell
+      kind create cluster
+      ```
+
+2. Run `kubectl get nodes` to verify you're connected to the respective control plane.
+
+3. Run `skaffold run` (first time will be slow, it can take ~20 minutes).
+   This will build and deploy the application. If you need to rebuild the images
+   automatically as you refactor the code, run `skaffold dev` command.
+
+4. Run `kubectl get pods` to verify the Pods are ready and running.
+
+5. Access the web frontend through your browser
+    - **Minikube** requires you to run a command to access the frontend service:
+
+    ```shell
+    minikube service frontend-external
+    ```
+
+    - **Docker For Desktop** should automatically provide the frontend at http://localhost:80
+
+    - **Kind** does not provision an IP address for the service.
+      You must run a port-forwarding process to access the frontend at http://localhost:8080:
+
+    ```shell
+    kubectl port-forward deployment/frontend 8080:8080
+    ```
+
+## Cleanup
+
+If you've deployed the application with `skaffold run` command, you can run
+`skaffold delete` to clean up the deployed resources.

docs/development-guide.md

@@ -1,7 +1,7 @@
 # Development Principles
 
 > **Note:** This document outlines guidances behind some development decisions
-> behind the Hipster Shop demo application.
+> behind the Online Boutique demo application.
 
 ### Minimal configuration
 

docs/development-principles.md

@@ -0,0 +1,94 @@
+# Memorystore (redis) + OnlineBoutique
+
+This guide contains instructions for overriding the default in-cluster `redis` database for `cartservice` with Memorystore (redis).
+
+Important notes:
+- You can connect to a Memorystore (redis) instance from GKE clusters that are in the same region and use the same network as your instance.
+- You cannot connect to a Memorystore (redis) instance from a GKE cluster without VPC-native/IP aliasing enabled.
+
+![Architecture diagram with Memorystore](./img/memorystore.png)
+
+## Steps
+ 
+1. Create a GKE cluster with VPC-native/IP aliasing enabled.
+
+```sh
+PROJECT_ID="<your-project-id>"
+ZONE="<your-GCP-zone>"
+REGION="<your-GCP-region>"
+
+gcloud container clusters create onlineboutique \
+    --project=${PROJECT_ID} \
+    --zone=${ZONE} \
+    --machine-type=e2-standard-2 \
+    --enable-ip-alias
+```
+
+2. Enable the Memorystore (redis) service on your project.
+
+```sh
+gcloud services enable redis.googleapis.com --project=${PROJECT_ID}
+```
+
+3. Create the Memorystore (redis) instance. 
+
+```sh
+gcloud redis instances create redis-cart --size=1 --region=${REGION} --zone=${ZONE} --redis-version=redis_5_0 --project=${PROJECT_ID}
+```
+
+After a few minutes, you will see the `STATUS` as `READY` when your Memorystore instance will be successfully provisioned:
+
+```sh
+gcloud redis instances list --region ${REGION}
+```
+
+4. Update current manifests to target this Memorystore (redis) instance.
+
+```sh
+cp ./release/kubernetes-manifests.yaml ./release/updated-manifests.yaml
+REDIS_IP=$(gcloud redis instances describe redis-cart --region=${REGION} --format='get(host)')
+sed -i "s/value: \"redis-cart:6379\"/value: \"${REDIS_IP}\"/g" ./release/updated-manifests.yaml
+```
+
+In addition, in the `./release/updated-manifests.yaml` file you need also to manually remove the `Deployment` and `Service` sections of the `redis-cart` which are not needed anymore.
+
+5. Apply all the updated manifests. 
+
+```sh
+kubectl apply -f ./release/updated-manifests.yaml
+```
+
+6. **Wait for the Pods to be ready.**
+
+```
+kubectl get pods
+```
+
+After a few minutes, you should see:
+
+```
+NAME                                     READY   STATUS    RESTARTS   AGE
+adservice-76bdd69666-ckc5j               1/1     Running   0          2m58s
+cartservice-66d497c6b7-dp5jr             1/1     Running   0          2m59s
+checkoutservice-666c784bd6-4jd22         1/1     Running   0          3m1s
+currencyservice-5d5d496984-4jmd7         1/1     Running   0          2m59s
+emailservice-667457d9d6-75jcq            1/1     Running   0          3m2s
+frontend-6b8d69b9fb-wjqdg                1/1     Running   0          3m1s
+loadgenerator-665b5cd444-gwqdq           1/1     Running   0          3m
+paymentservice-68596d6dd6-bf6bv          1/1     Running   0          3m
+productcatalogservice-557d474574-888kr   1/1     Running   0          3m
+recommendationservice-69c56b74d4-7z8r5   1/1     Running   0          3m1s
+shippingservice-6ccc89f8fd-v686r         1/1     Running   0          2m58s
+```
+
+7. **Access the web frontend in a browser** using the frontend's `EXTERNAL_IP`.
+
+```
+kubectl get service frontend-external | awk '{print $4}'
+```
+
+**Note**- you may see `<pending>` while GCP provisions the load balancer. If this happens, wait a few minutes and re-run the command.
+
+## Resources
+
+- [Connecting to a Redis instance from a Google Kubernetes Engine cluster](https://cloud.google.com/memorystore/docs/redis/connect-redis-instance-gke)

docs/img/architecture-diagram.png

@@ -0,0 +1,56 @@
+# Deploying to an Istio-enabled cluster 
+
+This repository provides an [`istio-manifests`](/istio-manifests) directory containing ingress resources (an Istio `Gateway` and `VirtualService`) needed to expose the app frontend running inside a Kubernetes cluster.
+
+You can apply these resources to your cluster in addition to the `kubernetes-manifests`, then use the Istio IngressGateway's external IP to view the app frontend. See the following instructions for Istio steps.   
+
+## Steps
+ 
+1. Create a GKE cluster with at least 4 nodes, machine type `e2-standard-4`. 
+
+```
+PROJECT_ID="<your-project-id>"
+ZONE="<your-GCP-zone>"
+
+gcloud container clusters create onlineboutique \
+    --project=${PROJECT_ID} --zone=${ZONE} \
+    --machine-type=e2-standard-4 --num-nodes=4
+```
+
+2. [Install Istio](https://istio.io/latest/docs/setup/getting-started/) on your cluster. 
+
+3. Enable Istio sidecar proxy injection in the `default` Kubernetes namespace. 
+
+   ```sh
+   kubectl label namespace default istio-injection=enabled
+   ```
+
+4. Apply all the manifests in the `/release` directory. This includes the Istio and Kubernetes manifests. 
+
+   ```sh
+   kubectl apply -f ./release 
+   ```
+
+5. Run `kubectl get pods` to see pods are in a healthy and ready state.
+
+6. Find the IP address of your Istio gateway Ingress or Service, and visit the
+   application frontend in a web browser.
+
+   ```sh
+   INGRESS_HOST="$(kubectl -n istio-system get service istio-ingressgateway \
+      -o jsonpath='{.status.loadBalancer.ingress[0].ip}')"
+   echo "$INGRESS_HOST"
+   ```
+
+   ```sh
+   curl -v "http://$INGRESS_HOST"
+   ```
+
+
+## Aditional service mesh demos using OnlineBoutique 
+
+- [Canary deployment](https://github.com/GoogleCloudPlatform/istio-samples/tree/master/istio-canary-gke)
+- [Security (mTLS, JWT, Authorization)](https://github.com/GoogleCloudPlatform/istio-samples/tree/master/security-intro)
+- [Cloud Operations (Stackdriver)](https://github.com/GoogleCloudPlatform/istio-samples/tree/master/istio-stackdriver)
+- [Stackdriver metrics (Open source Istio)](https://github.com/GoogleCloudPlatform/istio-samples/tree/master/stackdriver-metrics)
+

docs/img/hipster-shop-frontend-1.png

@@ -0,0 +1,48 @@
+# Setup for Workload Identity clusters 
+
+If you have enabled [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) on your GKE cluster ([a requirement for Anthos Service Mesh](https://cloud.google.com/service-mesh/docs/gke-anthos-cli-new-cluster#requirements)), follow these instructions to ensure that OnlineBoutique pods can communicate with GCP APIs.
+
+*Note* - These instructions have only been validated in GKE on GCP clusters. [Workload Identity is not yet supported](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#creating_a_relationship_between_ksas_and_gsas) in Anthos GKE on Prem. 
+
+
+
+1. **Set up Workload Identity** on your GKE cluster [using the instructions here](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#enable_on_new_cluster). These instructions create the Kubernetes Service Account (KSA) and Google Service Account (GSA) that the OnlineBoutique pods will use to authenticate to GCP. Take note of what Kubernetes `namespace` you use during setup.
+
+2. **Add IAM Roles** to your GSA. These roles allow workload identity-enabled OnlineBoutique pods to send traces and metrics to GCP. 
+
+```bash
+PROJECT_ID=<your-gcp-project-id>
+GSA_NAME=<your-gsa>
+
+gcloud projects add-iam-policy-binding ${PROJECT_ID} \
+  --member "serviceAccount:${GSA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com" \
+  --role roles/cloudtrace.agent
+
+gcloud projects add-iam-policy-binding ${PROJECT_ID} \
+  --member "serviceAccount:${GSA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com" \
+  --role roles/monitoring.metricWriter
+  
+gcloud projects add-iam-policy-binding ${PROJECT_ID} \
+  --member "serviceAccount:${GSA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com" \
+  --role roles/cloudprofiler.agent
+  
+gcloud projects add-iam-policy-binding ${PROJECT_ID} \
+  --member "serviceAccount:${GSA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com" \
+  --role roles/clouddebugger.agent
+```
+
+3. **Generate OnlineBoutique manifests** using your KSA as the Pod service account. In `kubernetes-manifests/`, replace `serviceAccountName: default` with the name of your KSA. (**Note** - sample below is Bash.)
+
+```bash
+
+KSA_NAME=<your-ksa>
+sed "s/serviceAccountName: default/serviceAccountName: ${KSA_NAME}/g" release/kubernetes-manifests.yaml > release/wi-kubernetes-manifests.yaml
+done
+```
+
+4. **Deploy OnlineBoutique** to your GKE cluster using the install instructions above, except make sure that instead of the default namespace, you're deploying the manifests into your KSA namespace: 
+
+```bash
+NAMESPACE=<your-ksa-namespace>
+kubectl apply -n ${NAMESPACE} -f release/wi-kubernetes-manifests.yaml
+```

docs/img/hipster-shop-frontend-2.png

@@ -27,9 +27,15 @@ REPO_PREFIX="${REPO_PREFIX:?REPO_PREFIX env variable must be specified}"
 while IFS= read -d $'\0' -r dir; do
     # build image
     svcname="$(basename "${dir}")"
+    builddir="${dir}"
+    #PR 516 moved cartservice build artifacts one level down to src
+    if [ $svcname == "cartservice" ] 
+    then
+        builddir="${dir}/src"
+    fi
     image="${REPO_PREFIX}/$svcname:$TAG"
     (
-        cd "${dir}"
+        cd "${builddir}"
         log "Building: ${image}"
         docker build -t "${image}" .
 

docs/img/memorystore.png

@@ -40,12 +40,13 @@ fi
 # update yaml
 "${SCRIPTDIR}"/make-release-artifacts.sh
 
-# create git release / push to master
+# create git release / push to new branch
+git checkout -b "release/${TAG}"
 git add "${SCRIPTDIR}/../release/"
 git commit --allow-empty -m "Release $TAG"
-log "Pushing k8s manifests to master..."
+log "Pushing k8s manifests to release/${TAG}..."
 git tag "$TAG"
+git push --set-upstream origin "release/${TAG}"
 git push --tags
-git push origin master
 
 log "Successfully tagged release $TAG."