Release/v0.6.0

docs/README.md

@@ -1,3 +1,4 @@
+<!-- @todo: https://github.com/badges/shields/pull/7759 -->
 ![GitHub branch checks state](https://img.shields.io/github/checks-status/GoogleCloudPlatform/bank-of-anthos/main)
 [![Website](https://img.shields.io/website?label=live%20demo&url=https%3A%2F%2Fbank-of-anthos.xyz%2F)](https://bank-of-anthos.xyz)
 
@@ -42,102 +43,98 @@ The following button opens up an interactive tutorial showing how to deploy Bank
 
 ## Quickstart (GKE)
 
-1. **[Create a Google Cloud project](https://cloud.google.com/resource-manager/docs/creating-managing-projects#creating_a_project)** or use an existing project. Set the `PROJECT_ID` environment variable and ensure the Google Kubernetes Engine API is enabled.
+1. Ensure you have the following requirements:
+   - [Google Cloud project](https://cloud.google.com/resource-manager/docs/creating-managing-projects#creating_a_project).
+   - Shell environment with `gcloud`, `git`, and `kubectl`.
 
-```
-PROJECT_ID=<YOUR-PROJECT-ID>
-gcloud services enable container --project ${PROJECT_ID}
-```
+2. Clone the repository.
 
-2. **Clone this repository.**
+   ```sh
+   git clone https://github.com/GoogleCloudPlatform/bank-of-anthos
+   cd bank-of-anthos/
+   ```
 
-```
-git clone https://github.com/GoogleCloudPlatform/bank-of-anthos.git
-cd bank-of-anthos/
-```
+3. Set the Google Cloud project and region and ensure the Google Kubernetes Engine API is enabled.
 
-3. **Create a GKE cluster** and get the credentials for it.
+   ```sh
+   export PROJECT_ID=<PROJECT_ID>
+   export REGION=us-central1
+   gcloud services enable container.googleapis.com \
+     --project=${PROJECT_ID} --region=${REGION}
+   ```
 
-We recommend using [GKE Autopilot](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview):
+   Substitute `<PROJECT_ID>` with the ID of your Google Cloud project.
 
-```
-gcloud services enable container.googleapis.com monitoring.googleapis.com \
-  --project ${PROJECT_ID}
+4. Create a GKE cluster and get the credentials for it.
 
-REGION=us-central1
-gcloud container clusters create-auto bank-of-anthos \
-  --project=${PROJECT_ID} --region=${REGION}
+   ```sh
+   gcloud container clusters create-auto bank-of-anthos \
+     --project=${PROJECT_ID} --region=${REGION}
+   ```
 
-gcloud container clusters get-credentials bank-of-anthos \
-  --project=${PROJECT_ID} --region=${REGION}
-```
+   Creating the cluster may take a few minutes.
 
-Alternatively, you can deploy using GKE Standard instead:
+5. Deploy Bank of Anthos to the cluster.
 
-```
-ZONE=us-central1-b
-gcloud beta container clusters create bank-of-anthos \
-  --project=${PROJECT_ID} --zone=${ZONE} \
-  --machine-type=e2-standard-2 --num-nodes=4 \
-  --monitoring=SYSTEM --logging=SYSTEM,WORKLOAD --subnetwork=default \
-  --tags=bank-of-anthos --labels csm=
+   ```sh
+   kubectl apply -f ./extras/jwt/jwt-secret.yaml
+   kubectl apply -f ./kubernetes-manifests
+   ```
 
-gcloud container clusters get-credentials bank-of-anthos \
-  --project=${PROJECT_ID} --zone=${ZONE}
-```
+6. Wait for the pods to be ready.
 
-4. **Deploy Bank of Anthos to the cluster.**
+   ```sh
+   kubectl get pods
+   ```
 
-```
-kubectl apply -f ./extras/jwt/jwt-secret.yaml
-kubectl apply -f ./kubernetes-manifests
-```
+   After a few minutes, you should see the Pods in a `Running` state:
 
-5. **Wait for the Pods to be ready.**
+   ```
+   NAME                                  READY   STATUS    RESTARTS   AGE
+   accounts-db-6f589464bc-6r7b7          1/1     Running   0          99s
+   balancereader-797bf6d7c5-8xvp6        1/1     Running   0          99s
+   contacts-769c4fb556-25pg2             1/1     Running   0          98s
+   frontend-7c96b54f6b-zkdbz             1/1     Running   0          98s
+   ledger-db-5b78474d4f-p6xcb            1/1     Running   0          98s
+   ledgerwriter-84bf44b95d-65mqf         1/1     Running   0          97s
+   loadgenerator-559667b6ff-4zsvb        1/1     Running   0          97s
+   transactionhistory-5569754896-z94cn   1/1     Running   0          97s
+   userservice-78dc876bff-pdhtl          1/1     Running   0          96s
+   ```
 
-```
-kubectl get pods
-```
+7. Access the web frontend in a browser using the frontend's external IP.
 
-After a few minutes, you should see the Pods in a `Running` state:
+   ```sh
+   kubectl get service frontend | awk '{print $4}'
+   ```
 
-```
-NAME                                  READY   STATUS    RESTARTS   AGE
-accounts-db-6f589464bc-6r7b7          1/1     Running   0          99s
-balancereader-797bf6d7c5-8xvp6        1/1     Running   0          99s
-contacts-769c4fb556-25pg2             1/1     Running   0          98s
-frontend-7c96b54f6b-zkdbz             1/1     Running   0          98s
-ledger-db-5b78474d4f-p6xcb            1/1     Running   0          98s
-ledgerwriter-84bf44b95d-65mqf         1/1     Running   0          97s
-loadgenerator-559667b6ff-4zsvb        1/1     Running   0          97s
-transactionhistory-5569754896-z94cn   1/1     Running   0          97s
-userservice-78dc876bff-pdhtl          1/1     Running   0          96s
-```
+   Visit `http://EXTERNAL_IP` in a web browser to access your instance of Bank of Anthos.
 
-6. **Access the web frontend in a browser** using the frontend's external IP.
+8. Once you are done with it, delete the GKE cluster.
 
-```
-kubectl get service frontend | awk '{print $4}'
-```
+   ```sh
+   gcloud container clusters delete bank-of-anthos \
+     --project=${PROJECT_ID} --region=${REGION}
+   ```
 
-Visit `https://EXTERNAL_IP` to access your instance of Bank of Anthos.
+   Deleting the cluster may take a few minutes.
 
 ## Additional deployment options
 
 - **Workload Identity**: [See these instructions.](/docs/workload-identity.md)
 - **Cloud SQL**: [See these instructions](/extras/cloudsql) to replace the in-cluster databases with hosted Google Cloud SQL.
 - **Multi Cluster with Cloud SQL**: [See these instructions](/extras/cloudsql-multicluster) to replicate the app across two regions using GKE, Multi Cluster Ingress, and Google Cloud SQL.
-- **Istio**: Apply `istio-manifests/` to your cluster to access the frontend through the IngressGateway.
-- **Anthos Service Mesh**: ASM requires Workload Identity to be enabled in your GKE cluster. [See the workload identity instructions](/docs/workload-identity.md) to configure and deploy the app. Then, apply `istio-manifests/` to your cluster to configure frontend ingress.
+- **Istio**: [See these instructions](/extras/istio) to configure an IngressGateway.
+- **Anthos Service Mesh**: ASM requires Workload Identity to be enabled in your GKE cluster. [See the workload identity instructions](/docs/workload-identity.md) to configure and deploy the app. Then, apply `extras/istio-manifests/` to your cluster to configure frontend ingress.
 - **Java Monolith (VM)**: We provide a version of this app where the three Java microservices are coupled together into one monolithic service, which you can deploy inside a VM (eg. Google Compute Engine). See the [ledgermonolith](/src/ledgermonolith) directory.
 
 ## Troubleshooting
 
-See the [troubleshooting guide](/docs/troubleshooting.md) for resolving common problems.
+See the [Troubleshooting guide](/docs/troubleshooting.md) for resolving common problems.
 
 ## Development
 
-See the [development guide](/docs/development.md) to learn how to run and develop this app locally.
+See the [Development guide](/docs/development.md) to learn how to run and develop this app locally.
 
 ## Demos featuring Bank of Anthos
 - [Tutorial: Explore Anthos (Google Cloud docs)](https://cloud.google.com/anthos/docs/tutorials/explore-anthos)

docs/releasing.md → docs/releasing/README.md

@@ -4,33 +4,39 @@ This document describes how maintainers can tag and push a new release of Bank o
 
 ## Prerequisites for tagging a release
 
-1. **Manually test** the latest main commit by verifying the user journeys below. If you encounter any bugs or documentation in need of fixing, make those changes before proceeding with the release.
-
-- User can deploy Bank of Anthos on a new GCP project/GKE cluster following README instructions, replacing `kubernetes-manifests/` with `dev-kubernetes-manifests/`
-- User can deploy Bank of Anthos on a GKE cluster with the latest Anthos Service Mesh enabled, by deploying `istio-manifests/` on top of the kubernetes manifests
-- User can deploy Bank of Anthos on a GKE cluster with Workload Identity enabled, using the WI instructions in the README.
-- User can see Java app-level metrics by creating the Cloud Monitoring dashboard in the `extras/` directory
-- User can see traces in Cloud Trace
-- User can toggle `ENABLE_METRICS=false` and `ENABLE_TRACING=false` to turn off metrics and trace export to Cloud Operations
-- User can create an account and see expected home page
-- User is blocked from signing in with bad credentials
-- User can create account and see zero balance
-- User can deposit funds, see balance update, see transaction history, see new contact show up
-- can transfer funds, see balance update, see transaction in history, see new contact show up
-- User is blocked from sending invalid data
-- User is redirected from `/home` to `/login` when not authenticated
-- User is redirected from `/login` and `/signup` to `/home` when already authenticated
-- Makefile commands work as intended
-- Makefile commands reflect what is in docs
-
-2. **Choose the logical [next release tag](https://github.com/GoogleCloudPlatform/bank-of-anthos/releases)**, using [semantic versioning](https://semver.org/): `vX.Y.Z`. If this release includes significant feature changes, update the minor version (`Y`). Otherwise, for bug-fix releases or standard quarterly release, update the patch version `Z`).
-
-## Tag the new release
-
-Make sure that the following commands are in your `PATH`:
-- `realpath` (found in the `coreutils` package)
-- `skaffold`
-- `gcloud`
+1. Manually test the latest main commit by verifying the user journeys below:
+
+   - User can deploy Bank of Anthos on a new GCP project/GKE cluster following README instructions.
+   - User can deploy Bank of Anthos on a GKE cluster with the latest Anthos Service Mesh enabled, by deploying `extras/istio-manifests/` on top of the kubernetes manifests.
+   - User can see Java app-level metrics by creating the Cloud Monitoring dashboard in the `extras/metrics-dashboard/` directory.
+   - User can see traces in Cloud Trace.
+   - User can toggle `ENABLE_METRICS=false` and `ENABLE_TRACING=false` to turn off metrics and trace export to Cloud Operations.
+   - User can create an account and see expected home page.
+   - User is blocked from signing in with bad credentials.
+   - User can create account and see zero balance.
+   - User can deposit funds, see balance update, see transaction history, see new contact show up.
+   - User can transfer funds, see balance update, see transaction in history, see new contact show up.
+   - User is blocked from sending invalid data.
+   - User is redirected from `/home` to `/login` when not authenticated.
+   - User is redirected from `/login` and `/signup` to `/home` when already authenticated.
+
+2. Choose the logical [next release tag](https://github.com/GoogleCloudPlatform/bank-of-anthos/releases), using [semantic versioning](https://semver.org/): `vX.Y.Z`.
+
+   If this release includes significant feature changes, update the minor version (`Y`). Otherwise, for bug-fix releases or standard quarterly release, update the patch version `Z`).
+
+3. Ensure that the following commands are in your `PATH`:
+   - `realpath` (found in the `coreutils` package)
+   - `skaffold`
+   - `gcloud`
+
+4. Make sure that your `gcloud` is authenticated:
+
+   ```sh
+   gcloud auth login
+   gcloud auth configure-docker us-central1-docker.pkg.dev
+   ```
+
+## Create and tag the new release
 
 Run the `make-release.sh` script found inside the `docs/releasing` directory:
 
@@ -83,7 +89,7 @@ Once the release notes are published, you should then replace the version of the
 
 2. For each service, click on it, verify that its staging version is green, and then click **Promote**.
 
-   [![Cloud Deploy](./img/cloud-deploy.png)](./img/cloud-deploy.png)
+   ![Cloud Deploy](/docs/img/cloud-deploy.png)
 
 3. Wait for all promotion builds to be green.
 

iac/acm-multienv-cicd-anthos-autopilot/overlays/development/namespace.yaml → docs/releasing/header.txt

@@ -1,19 +1,13 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: bank-of-anthos-development
-  labels:
-    istio-injection: enabled # enable ASM sidecar injection on namespace

docs/releasing/make-release.sh

@@ -18,7 +18,7 @@ set -euxo pipefail
 # set env
 REPO_PREFIX="${REPO_PREFIX:-us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos}"
 PROFILE="development"
-RELEASE_DIR="kubernetes-manifests/"
+RELEASE_DIR="kubernetes-manifests"
 
 # move to repo root
 SCRIPT_DIR=$(dirname $(realpath -s $0))
@@ -56,18 +56,28 @@ skaffold build --file-output="artifacts.json" --profile "${PROFILE}" \
 skaffold config unset local-cluster
 
 # render manifests
-for service in "frontend contacts userservice balancereader ledgerwriter transactionhistory loadgenerator"; do
-  skaffold render --build-artifacts="artifacts.json" --profile "${PROFILE}" \
-                  --module="${service}" > "${REPO_PREFIX}/${RELEASE_DIR}/${service}.yaml"
+# FIXME: tidy this up
+for moduleDashed in frontend contacts userservice balance-reader ledger-writer transaction-history loadgenerator; do
+  module=`echo ${moduleDashed} | tr -d '-'`
+  cp "${SCRIPT_DIR}/header.txt" "${REPO_ROOT}/${RELEASE_DIR}/${moduleDashed}.yaml"
+  skaffold render --build-artifacts="artifacts.json" --profile "${PROFILE}" --namespace "default" \
+                  --module="${module}" >> "${REPO_ROOT}/${RELEASE_DIR}/${moduleDashed}.yaml"
 done
+cp "${SCRIPT_DIR}/header.txt" "${REPO_ROOT}/${RELEASE_DIR}/ledger-db.yaml"
+skaffold render --build-artifacts="artifacts.json" --profile "${PROFILE}" --namespace "default" \
+                  --module="ledger-db" > "${REPO_ROOT}/${RELEASE_DIR}/ledger-db.yaml"
+cp "${SCRIPT_DIR}/header.txt" "${REPO_ROOT}/${RELEASE_DIR}/accounts-db.yaml"
+skaffold render --build-artifacts="artifacts.json" --profile "${PROFILE}" --namespace "default" \
+                  --module="accounts-db" > "${REPO_ROOT}/${RELEASE_DIR}/accounts-db.yaml"
+cp "${REPO_ROOT}/iac/acm-multienv-cicd-anthos-autopilot/base/config.yaml" "${REPO_ROOT}/${RELEASE_DIR}/config.yaml"
 
 # update version in manifests
-find "${REPO_ROOT}/${RELEASE_DIR}" -name '*.yaml' -exec sed -i -e "s'value: \"dev\"'value: \"${NEW_VERSION}\"'g" {} \;
-rm "${REPO_ROOT}/${RELEASE_DIR}/*-e"
+find "${REPO_ROOT}/${RELEASE_DIR}" -name '*.yaml' -exec sed -i -e "s'value: dev'value: ${NEW_VERSION}'g" {} \;
+rm ${REPO_ROOT}/${RELEASE_DIR}/*-e
 
 # update version in terraform scripts
 sed -i -e "s@sync_branch  = .*@sync_branch  = \"${NEW_VERSION}\"@g" ${REPO_ROOT}/iac/tf-anthos-gke/terraform.tfvars
-rm "${REPO_ROOT}/iac/tf-anthos-gke/terraform.tfvars-e"
+rm ${REPO_ROOT}/iac/tf-anthos-gke/terraform.tfvars-e
 
 # create release branch and tag
 git checkout -b "release/${NEW_VERSION}"

docs/troubleshooting.md

@@ -91,7 +91,7 @@ This means that your cluster's [Node Pools](https://cloud.google.com/kubernetes-
 
 You may see a `503: Service Unavailble` error if you have added Istio or Anthos Service Mesh to the cluster namespace where Bank of Anthos is deployed. A 503 error typically comes from an Envoy proxy - either the IngressGateway proxy, or the sidecar proxy for a service pod. For the frontend specifically, the 503 is likely coming from the IngressGateway. 
 
-Make sure you've deployed the `VirtualService` and `Gateway` resources provided in [`istio-manifests/`](/istio-manifests), and that they're deployed into the namespace where the app is running. If you've modified the frontend's Service or Deployment port, make sure the `VirtualService` port is updated, too.  
+Make sure you've deployed the `VirtualService` and `Gateway` resources provided in [`istio-manifests/`](/extras/istio-manifests), and that they're deployed into the namespace where the app is running. If you've modified the frontend's Service or Deployment port, make sure the `VirtualService` port is updated, too.  
 
 See the [Istio troubleshooting docs](https://istio.io/latest/docs/ops/common-problems/network-issues/) for more support.
 

extras/asm-multicluster/README.md

@@ -78,7 +78,7 @@ kubectl apply -f ../../kubernetes-manifests/contacts.yaml
 kubectl apply -f ../../kubernetes-manifests/frontend.yaml
 kubectl apply -f ../../kubernetes-manifests/userservice.yaml
 kubectl apply -f ../../kubernetes-manifests/loadgenerator.yaml
-kubectl apply -f ../../istio-manifests/frontend-ingress.yaml
+kubectl apply -f ../../extras/istio-manifests/frontend-ingress.yaml
 
 kubectx cluster-2
 kubectl apply -f services-all.yaml

extras/istio/README.md

@@ -0,0 +1,4 @@
+# Istio manifests
+
+To use, simply `kubectl apply -f frontend-ingress.yaml` on top of a deployment
+of Bank of Anthos. You can then access the frontend through the IngressGateway.

iac/acm-multienv-cicd-anthos-autopilot/overlays/development/kustomization.yaml

@@ -13,8 +13,6 @@
 # limitations under the License.
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-resources:
-  - namespace.yaml
 components:
   - ../../base
 patches:

iac/tf-anthos-gke/boa.tf

@@ -33,6 +33,6 @@ module "boa-istio" {
   cluster_location  = module.gke.location
   module_depends_on = [module.asm.wait]
 
-  kubectl_create_command  = "kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/bank-of-anthos/${var.sync_branch}/istio-manifests/frontend-ingress.yaml"
-  kubectl_destroy_command = "kubectl delete -f https://raw.githubusercontent.com/GoogleCloudPlatform/bank-of-anthos/${var.sync_branch}/istio-manifests/frontend-ingress.yaml"
+  kubectl_create_command  = "kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/bank-of-anthos/${var.sync_branch}/extras/istio-manifests/frontend-ingress.yaml"
+  kubectl_destroy_command = "kubectl delete -f https://raw.githubusercontent.com/GoogleCloudPlatform/bank-of-anthos/${var.sync_branch}/extras/istio-manifests/frontend-ingress.yaml"
 }

iac/tf-anthos-gke/terraform.tfvars

@@ -18,6 +18,6 @@ region       = "us-central1"
 zone         = "us-central1-b"
 cluster_name = "anthos-sample-cluster1"
 sync_repo    = "https://github.com/GoogleCloudPlatform/bank-of-anthos"
-sync_branch  = "v0.5.11"
+sync_branch  = "v0.6.0"
 sync_rev     = ""
 policy_dir   = "/kubernetes-manifests"