Merge remote-tracking branch 'upstream/main'

splunk · Oct 8, 2024 · b54612a · b54612a
2 parents 672cf21 + 30a6e01
commit b54612a
Show file tree

Hide file tree

Showing 47 changed files with 416 additions and 363 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -3,4 +3,4 @@
 
 # These owners will be the default owners for everything in
 # the repo. Unless a later match takes precedence.
-*                        @GoogleCloudPlatform/dee-platform-ops @yoshi-approver
+* @GoogleCloudPlatform/devrel-flagship-app-maintainers @yoshi-approver
diff --git a/.github/workflows/ui-tests/Dockerfile b/.github/workflows/ui-tests/Dockerfile
@@ -9,7 +9,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM cypress/included:13.7.0@sha256:508f932087925790b7111a8b38091bb74c26797634f0868c881a7e95c9d538d9
+FROM cypress/included:13.15.0@sha256:962fea580e73b931471105137d3b4e5a80bc007f57bfa8582b6f2bc3ee1a081b
 
 WORKDIR /e2e
 COPY . .

diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
@@ -12,5 +12,5 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.zip
 wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar
diff --git a/Makefile b/Makefile
@@ -27,11 +27,11 @@ cluster: check-env
 deploy: check-env
 	echo ${CLUSTER}
 	gcloud container clusters get-credentials --project ${PROJECT_ID} ${CLUSTER} --zone ${ZONE}
-	skaffold run --default-repo=gcr.io/${PROJECT_ID} -l skaffold.dev/run-id=${CLUSTER}-${PROJECT_ID}-${ZONE}
+	skaffold run --default-repo=us-central1-docker.pkg.dev/${PROJECT_ID}/bank-of-anthos -l skaffold.dev/run-id=${CLUSTER}-${PROJECT_ID}-${ZONE}
 
 deploy-continuous: check-env
 	gcloud container clusters get-credentials --project ${PROJECT_ID} ${CLUSTER} --zone ${ZONE}
-	skaffold dev --default-repo=gcr.io/${PROJECT_ID}
+	skaffold dev --default-repo=us-central1-docker.pkg.dev/${PROJECT_ID}/bank-of-anthos
 
 monolith-fw-rule: check-env
 	export CLUSTER_POD_CIDR="$(shell gcloud container clusters describe ${CLUSTER} --format="value(clusterIpv4Cidr)" --project ${PROJECT_ID} --zone=${ZONE})" && \

diff --git a/README.md b/README.md
@@ -1,7 +1,6 @@
 # Bank of Splunk - a CISCO company
 
-<!-- @todo: https://github.com/badges/shields/pull/7759 -->
-<!-- ![GitHub branch checks state](https://img.shields.io/github/checks-status/GoogleCloudPlatform/bank-of-anthos/main)-->
+![GitHub branch check runs](https://img.shields.io/github/check-runs/GoogleCloudPlatform/bank-of-anthos/main)
 [![Website](https://img.shields.io/website?url=https%3A%2F%2Fcymbal-bank.fsi.cymbal.dev%2F&label=live%20demo
 )](https://cymbal-bank.fsi.cymbal.dev)
 

diff --git a/docs/development.md b/docs/development.md
@@ -120,7 +120,7 @@ export PROJECT_ID="your project id"
 The [`skaffold dev`](https://skaffold.dev/docs/references/cli/#skaffold-dev) command watches your local code, and continuously builds and deploys container images to your GKE cluster anytime you save a file. Skaffold uses Docker Desktop to build the Python images, then [Jib](https://github.com/GoogleContainerTools/jib#jib) (installed via Maven) to build the Java images. 
 
 ```
-skaffold dev --profile development --default-repo=gcr.io/${PROJECT_ID}/bank-of-anthos
+skaffold dev --profile development --default-repo=us-central1-docker.pkg.dev/${PROJECT_ID}/bank-of-anthos
 ```
 
 Note that you can skip tests by running `skaffold` with `--skip-tests=true`, if needed.
@@ -130,7 +130,7 @@ Note that you can skip tests by running `skaffold` with `--skip-tests=true`, if
 The [`skaffold run`](https://skaffold.dev/docs/references/cli/#skaffold-run) command build and deploys the services to your GKE cluster one time, then exits. 
 
 ```
-skaffold run --profile development --default-repo=gcr.io/${PROJECT_ID}/bank-of-anthos
+skaffold run --profile development --default-repo=us-central1-docker.pkg.dev/${PROJECT_ID}/bank-of-anthos
 ```
 
 ### Running services selectively
@@ -143,7 +143,7 @@ Skaffold reads the [skaffold.yaml](../skaffold.yaml) file to understand the proj
 
 For example, to work with only the `frontend` module, run:
 ```
-skaffold dev --profile development --default-repo=gcr.io/${PROJECT_ID}/bank-of-anthos --module frontend
+skaffold dev --profile development --default-repo=us-central1-docker.pkg.dev/${PROJECT_ID}/bank-of-anthos --module frontend
 ```
 
 ## Cleaning up your deployment

diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
@@ -66,8 +66,8 @@ Events:
   ----     ------       ----               ----                                             -------
   Normal   Scheduled    73s                default-scheduler                                Successfully assigned default/balancereader-fb6784fc-9fw2k to gke-toggles-default-pool-28882412-xljt
   Warning  FailedMount  72s (x2 over 72s)  kubelet, gke-toggles-default-pool-28882412-xljt  MountVolume.SetUp failed for volume "publickey" : secret "jwt-key" not found
-  Normal   Pulling      70s                kubelet, gke-toggles-default-pool-28882412-xljt  Pulling image "gcr.io/my-cool-project/bank-of-anthos/gcr.io/bank-of-anthos-ci/balancereader:ver.0-171-gd459ddb-dirty@sha256:5b178bd029d04e25bf68df57096b961a28dfb243717d380524a89de994d81ff6"
-  Normal   Pulled       69s                kubelet, gke-toggles-default-pool-28882412-xljt  Successfully pulled image "gcr.io/my-cool-projectt/bank-of-anthos/gcr.io/bank-of-anthos-ci/balancereader:ver.0-171-gd459ddb-dirty@sha256:5b178bd029d04e25bf68df57096b961a28dfb243717d380524a89de994d81ff6"
+  Normal   Pulling      70s                kubelet, gke-toggles-default-pool-28882412-xljt  Pulling image "us-central1-docker.pkg.dev/my-cool-project/bank-of-anthos/balancereader:ver.0-171-gd459ddb-dirty@sha256:5b178bd029d04e25bf68df57096b961a28dfb243717d380524a89de994d81ff6"
+  Normal   Pulled       69s                kubelet, gke-toggles-default-pool-28882412-xljt  Successfully pulled image "us-central1-docker.pkg.dev/my-cool-project/bank-of-anthos/balancereader:ver.0-171-gd459ddb-dirty@sha256:5b178bd029d04e25bf68df57096b961a28dfb243717d380524a89de994d81ff6"
   Normal   Created      69s                kubelet, gke-toggles-default-pool-28882412-xljt  Created container balancereader
   Normal   Started      69s                kubelet, gke-toggles-default-pool-28882412-xljt  Started container balancereader
   Warning  Unhealthy    4s (x2 over 9s)    kubelet, gke-toggles-default-pool-28882412-xljt  Readiness probe failed: Get http://10.0.1.141:8080/ready: dial tcp 10.0.1.141:8080: connect: connection refused

diff --git a/extras/cloudsql/kubernetes-manifests/balance-reader.yaml b/extras/cloudsql/kubernetes-manifests/balance-reader.yaml
@@ -91,7 +91,7 @@ spec:
           limits:
             cpu: "200m"
             memory: "100Mi"
-        image: gcr.io/cloudsql-docker/gce-proxy:1.34.1@sha256:5a5ceee978457047a6f73b197f5f2647a8a82f0b5dac914068d9ddbe227189c0
+        image: gcr.io/cloudsql-docker/gce-proxy:1.37.0@sha256:5cda69b84c0fb61de9b664872b2da9f8ef9333144b36d67b7a7f84f8dabdced5
         env:
         - name: CONNECTION_NAME
           valueFrom:

diff --git a/extras/cloudsql/kubernetes-manifests/contacts.yaml b/extras/cloudsql/kubernetes-manifests/contacts.yaml
@@ -69,7 +69,7 @@ spec:
           limits:
             cpu: "200m"
             memory: "100Mi"
-        image: gcr.io/cloudsql-docker/gce-proxy:1.34.1@sha256:5a5ceee978457047a6f73b197f5f2647a8a82f0b5dac914068d9ddbe227189c0
+        image: gcr.io/cloudsql-docker/gce-proxy:1.37.0@sha256:5cda69b84c0fb61de9b664872b2da9f8ef9333144b36d67b7a7f84f8dabdced5
         env:
         - name: CONNECTION_NAME
           valueFrom:

diff --git a/extras/cloudsql/kubernetes-manifests/ledger-writer.yaml b/extras/cloudsql/kubernetes-manifests/ledger-writer.yaml
@@ -80,7 +80,7 @@ spec:
           limits:
             cpu: "200m"
             memory: "100Mi"
-        image: gcr.io/cloudsql-docker/gce-proxy:1.34.1@sha256:5a5ceee978457047a6f73b197f5f2647a8a82f0b5dac914068d9ddbe227189c0
+        image: gcr.io/cloudsql-docker/gce-proxy:1.37.0@sha256:5cda69b84c0fb61de9b664872b2da9f8ef9333144b36d67b7a7f84f8dabdced5
         env:
         - name: CONNECTION_NAME
           valueFrom:

diff --git a/extras/cloudsql/kubernetes-manifests/transaction-history.yaml b/extras/cloudsql/kubernetes-manifests/transaction-history.yaml
@@ -96,7 +96,7 @@ spec:
           limits:
             cpu: "200m"
             memory: "100Mi"
-        image: gcr.io/cloudsql-docker/gce-proxy:1.34.1@sha256:5a5ceee978457047a6f73b197f5f2647a8a82f0b5dac914068d9ddbe227189c0
+        image: gcr.io/cloudsql-docker/gce-proxy:1.37.0@sha256:5cda69b84c0fb61de9b664872b2da9f8ef9333144b36d67b7a7f84f8dabdced5
         env:
         - name: CONNECTION_NAME
           valueFrom:

diff --git a/extras/cloudsql/kubernetes-manifests/userservice.yaml b/extras/cloudsql/kubernetes-manifests/userservice.yaml
@@ -75,7 +75,7 @@ spec:
           limits:
             cpu: "200m"
             memory: "100Mi"
-        image: gcr.io/cloudsql-docker/gce-proxy:1.34.1@sha256:5a5ceee978457047a6f73b197f5f2647a8a82f0b5dac914068d9ddbe227189c0
+        image: gcr.io/cloudsql-docker/gce-proxy:1.37.0@sha256:5cda69b84c0fb61de9b664872b2da9f8ef9333144b36d67b7a7f84f8dabdced5
         env:
         - name: CONNECTION_NAME
           valueFrom:

diff --git a/extras/cloudsql/populate-jobs/populate-accounts-db.yaml b/extras/cloudsql/populate-jobs/populate-accounts-db.yaml
@@ -258,7 +258,7 @@ spec:
       serviceAccountName: boa-ksa
       containers:
       - name: sidecar-controller
-        image: bash@sha256:5353512b79d2963e92a2b97d9cb52df72d32f94661aa825fcfa0aede73304743
+        image: bash@sha256:b2ecea0c7afaa96b245b9bc1f207c1399bd7358f1be6b45964ae6a31dec60da9
         command: ['bash', '-c', '. /scripts/wait-to-complete-sidecar.sh "initialize-database.sh" "cloud_sql_proxy"']
         volumeMounts:
         - name: scripts
@@ -269,7 +269,7 @@ spec:
             cpu: "200m"
             memory: "100Mi"
       - name: populate-accounts-db
-        image: postgres:16.2-alpine@sha256:49fd8c13fbd0eb92572df9884ca41882a036beac0f12e520274be85e7e7806e9
+        image: postgres:16.4-alpine@sha256:d898b0b78a2627cb4ee63464a14efc9d296884f1b28c841b0ab7d7c42f1fffdf
         command: ['bash', '-c','. /scripts/initialize-database.sh 127.0.0.1 5432 accounts-db']
         volumeMounts:
         - name: scripts
@@ -318,7 +318,7 @@ spec:
           limits:
             cpu: "200m"
             memory: "100Mi"
-        image: gcr.io/cloudsql-docker/gce-proxy:1.34.1@sha256:5a5ceee978457047a6f73b197f5f2647a8a82f0b5dac914068d9ddbe227189c0
+        image: gcr.io/cloudsql-docker/gce-proxy:1.37.0@sha256:5cda69b84c0fb61de9b664872b2da9f8ef9333144b36d67b7a7f84f8dabdced5
         env:
         - name: CONNECTION_NAME
           valueFrom:

diff --git a/extras/cloudsql/populate-jobs/populate-ledger-db.yaml b/extras/cloudsql/populate-jobs/populate-ledger-db.yaml
@@ -255,7 +255,7 @@ spec:
       serviceAccountName: boa-ksa
       containers:
       - name: sidecar-controller
-        image: bash@sha256:5353512b79d2963e92a2b97d9cb52df72d32f94661aa825fcfa0aede73304743
+        image: bash@sha256:b2ecea0c7afaa96b245b9bc1f207c1399bd7358f1be6b45964ae6a31dec60da9
         command: ['bash', '-c', '. /scripts/wait-to-complete-sidecar.sh "initialize-database.sh" "cloud_sql_proxy"']
         volumeMounts:
         - name: scripts
@@ -266,7 +266,7 @@ spec:
             cpu: "200m"
             memory: "100Mi"
       - name: populate-ledger-db
-        image: postgres:16.2-alpine@sha256:49fd8c13fbd0eb92572df9884ca41882a036beac0f12e520274be85e7e7806e9
+        image: postgres:16.4-alpine@sha256:d898b0b78a2627cb4ee63464a14efc9d296884f1b28c841b0ab7d7c42f1fffdf
         command: ['bash', '-c','. /scripts/initialize-database.sh 127.0.0.1 5432 ledger-db']
         volumeMounts:
         - name: scripts
@@ -315,7 +315,7 @@ spec:
           limits:
             cpu: "200m"
             memory: "100Mi"
-        image: gcr.io/cloudsql-docker/gce-proxy:1.34.1@sha256:5a5ceee978457047a6f73b197f5f2647a8a82f0b5dac914068d9ddbe227189c0
+        image: gcr.io/cloudsql-docker/gce-proxy:1.37.0@sha256:5cda69b84c0fb61de9b664872b2da9f8ef9333144b36d67b7a7f84f8dabdced5
         env:
         - name: CONNECTION_NAME
           valueFrom:

diff --git a/extras/postgres-hpa/kubernetes-manifests/pgpool-operator.yaml b/extras/postgres-hpa/kubernetes-manifests/pgpool-operator.yaml
@@ -190,7 +190,7 @@ spec:
       serviceAccountName: pgpool-operator
       containers:
         - name: operator
-          image: python:3.12-bullseye@sha256:a28fccb1208ad76a39e8398f7c99e40316d9b69adfb809c47ed3f33199888ebd
+          image: python:3.12-bullseye@sha256:93d6aa03a5fc0fc8eafee91572da38dae0571880260c978a7e7ff56eb9348859
           env:
           - name: NAMESPACE
             valueFrom:

diff --git a/extras/prometheus/gmp/blackbox-exporter.yaml b/extras/prometheus/gmp/blackbox-exporter.yaml
@@ -45,7 +45,7 @@ spec:
               - all
           privileged: false
           readOnlyRootFilesystem: true
-        image: quay.io/prometheus/blackbox-exporter:v0.24.0@sha256:3af31f8bd1ad2907b4b0f7c485fde3de0a8ee0b498d42fc971f0698885c03acb
+        image: quay.io/prometheus/blackbox-exporter:v0.25.0@sha256:b04a9fef4fa086a02fc7fcd8dcdbc4b7b35cc30cdee860fdc6a19dd8b208d63e
         resources:
           requests:
             cpu: 250m

diff --git a/extras/prometheus/gmp/rules.yaml b/extras/prometheus/gmp/rules.yaml
@@ -21,51 +21,51 @@ spec:
   - name: Micro services uptime
     interval: 60s
     rules:
-    - alert: BalancereaderUnavaiable
+    - alert: BalancereaderUnavailable
       expr: probe_success{job="balancereader-probe"} == 0
       for: 1m
       annotations:
         summary: Balance Reader Service is unavailable
-        description: Check Balance Reader pods and it's logs
+        description: Check Balance Reader pods and its logs
       labels:
         severity: 'critical'
-    - alert: ContactsUnavaiable
+    - alert: ContactsUnavailable
       expr: probe_success{job="contacts-probe"} == 0
       for: 1m
       annotations:
-        summary: Contacs Service is unavailable
-        description: Check Contacs pods and it's logs
+        summary: Contacts Service is unavailable
+        description: Check Contacts pods and its logs
       labels:
         severity: 'warning'
-    - alert: FrontendUnavaiable
+    - alert: FrontendUnavailable
       expr: probe_success{job="frontend-probe"} == 0
       for: 1m
       annotations:
         summary: Frontend Service is unavailable
-        description: Check Frontend pods and it's logs
+        description: Check Frontend pods and its logs
       labels:
         severity: 'critical'
-    - alert: LedgerwriterUnavaiable
+    - alert: LedgerwriterUnavailable
       expr: probe_success{job="ledgerwriter-probe"} == 0
       for: 1m
       annotations:
         summary: Ledger Writer Service is unavailable
-        description: Check Ledger Writer pods and it's logs
+        description: Check Ledger Writer pods and its logs
       labels:
         severity: 'critical'
-    - alert: TransactionhistoryUnavaiable
+    - alert: TransactionhistoryUnavailable
       expr: probe_success{job="transactionhistory-probe"} == 0
       for: 1m
       annotations:
         summary: Transaction History Service is unavailable
-        description: Check Transaction History pods and it's logs
+        description: Check Transaction History pods and its logs
       labels:
         severity: 'critical'
-    - alert: UserserviceUnavaiable
+    - alert: UserserviceUnavailable
       expr: probe_success{job="userservice-probe"} == 0
       for: 1m
       annotations:
         summary: User Service is unavailable
-        description: Check User Service pods and it's logs
+        description: Check User Service pods and its logs
       labels:
         severity: 'critical'
diff --git a/iac/tf-anthos-gke/terraform.tfvars b/iac/tf-anthos-gke/terraform.tfvars
@@ -18,6 +18,6 @@ region       = "us-central1"
 zone         = "us-central1-b"
 cluster_name = "anthos-sample-cluster1"
 sync_repo    = "https://github.com/GoogleCloudPlatform/bank-of-anthos"
-sync_branch  = "release/v1.0.9"
+sync_branch  = "release/v0.6.5"
 sync_rev     = ""
 policy_dir   = "/kubernetes-manifests"
diff --git a/iac/tf-multienv-cicd-anthos-autopilot/env-production.tf b/iac/tf-multienv-cicd-anthos-autopilot/env-production.tf
@@ -73,9 +73,10 @@ resource "google_service_account_iam_member" "gke_workload_production_identity"
   ]
 }
 
-# CloudSQL Postgres production instance 
+# CloudSQL Postgres production instance
 module "cloudsql_production" {
-  source = "GoogleCloudPlatform/sql-db/google//modules/postgresql"
+  source  = "GoogleCloudPlatform/sql-db/google//modules/postgresql"
+  version = "~> 20.2.0"
 
   project_id = var.project_id
   region     = var.region

diff --git a/iac/tf-multienv-cicd-anthos-autopilot/env-staging.tf b/iac/tf-multienv-cicd-anthos-autopilot/env-staging.tf
@@ -73,9 +73,10 @@ resource "google_service_account_iam_member" "gke_workload_staging_identity" {
   ]
 }
 
-# CloudSQL Postgres staging instance 
+# CloudSQL Postgres staging instance
 module "cloudsql_staging" {
-  source = "GoogleCloudPlatform/sql-db/google//modules/postgresql"
+  source  = "GoogleCloudPlatform/sql-db/google//modules/postgresql"
+  version = "~> 20.2.0"
 
   project_id = var.project_id
   region     = var.region

diff --git a/iac/tf-multienv-cicd-anthos-autopilot/main.tf b/iac/tf-multienv-cicd-anthos-autopilot/main.tf
@@ -19,10 +19,12 @@ terraform {
   }
   required_providers {
     google = {
-      source = "hashicorp/google"
+      source  = "hashicorp/google"
+      version = "~> 5.40.0"
     }
     google-beta = {
-      source = "hashicorp/google-beta"
+      source  = "hashicorp/google-beta"
+      version = "~> 5.40.0"
     }
   }
 }