Reorganize docs and update releasing script & README

.github/CONTRIBUTING.md

@@ -30,4 +30,4 @@ Guidelines](https://opensource.google/conduct/).
 
 ## Development Guide 
 
-Please see the [development guide](../docs/development.md) for how to set up your local environment.
+Please see the [development guide](../docs/development.md) for how to set up your local environment.

docs/README.md

@@ -0,0 +1,147 @@
+![GitHub branch checks state](https://img.shields.io/github/checks-status/GoogleCloudPlatform/bank-of-anthos/main)
+![Website](https://img.shields.io/website?label=live%20demo&url=https%3A%2F%2Fbank-of-anthos.xyz%2F)
+![GitHub commit activity](https://img.shields.io/github/commit-activity/m/GoogleCloudPlatform/bank-of-anthos)
+
+# Bank of Anthos
+
+**Bank of Anthos** is a sample HTTP-based web app that simulates a bank's payment processing network, allowing users to create artificial bank accounts and complete transactions.
+
+Google uses this application to demonstrate how developers can modernize enterprise applications using Google Cloud products, including: [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine), [Anthos Service Mesh (ASM)](https://cloud.google.com/anthos/service-mesh), [Anthos Config Management (ACM)](https://cloud.google.com/anthos/config-management), [Migrate to Containers](https://cloud.google.com/migrate/containers), [Spring Cloud GCP](https://spring.io/projects/spring-cloud-gcp), [Cloud Operations](https://cloud.google.com/products/operations), [Cloud SQL](https://cloud.google.com/sql/docs), [Cloud Build](https://cloud.google.com/build), and [Cloud Deploy](https://cloud.google.com/deploy). This application works on any Kubernetes cluster.
+
+If you are using Bank of Anthos, please ★Star this repository to show your interest!
+
+**Note to Googlers:** Please fill out the form at [go/bank-of-anthos-form](https://goto2.corp.google.com/bank-of-anthos-form).
+
+## Screenshots
+
+| Sign in                                                                                                        | Home                                                                                                    |
+| ----------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |
+| [![Login](./img/login.png)](./img/login.png) | [![User Transactions](./img/transactions.png)](./img/transactions.png) |
+
+
+## Service architecture
+
+![Architecture Diagram](./img/architecture.png)
+
+| Service                                                 | Language      | Description                                                                                                                                  |
+| ------------------------------------------------------- | ------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
+| [frontend](../src/frontend)                              | Python        | Exposes an HTTP server to serve the website. Contains login page, signup page, and home page.                                                |
+| [ledger-writer](../src/ledger/ledgerwriter)              | Java          | Accepts and validates incoming transactions before writing them to the ledger.                                                               |
+| [balance-reader](../src/ledger/balancereader)            | Java          | Provides efficient readable cache of user balances, as read from `ledger-db`.                                                                |
+| [transaction-history](../src/ledger/transactionhistory)  | Java          | Provides efficient readable cache of past transactions, as read from `ledger-db`.                                                            |
+| [ledger-db](../src/ledger/ledger-db)                     | PostgreSQL    | Ledger of all transactions. Option to pre-populate with transactions for demo users.                                                         |
+| [user-service](../src/accounts/userservice)              | Python        | Manages user accounts and authentication. Signs JWTs used for authentication by other services.                                              |
+| [contacts](../src/accounts/contacts)                     | Python        | Stores list of other accounts associated with a user. Used for drop down in "Send Payment" and "Deposit" forms.                              |
+| [accounts-db](../src/accounts/accounts-db)               | PostgreSQL    | Database for user accounts and associated data. Option to pre-populate with demo users.                                                      |
+| [loadgenerator](../src/loadgenerator)                    | Python/Locust | Continuously sends requests imitating users to the frontend. Periodically creates new accounts and simulates transactions between them.      |
+
+## Interactive quickstart (GKE)
+
+The following button opens up an interactive tutorial showing how to deploy Bank of Anthos in GKE:
+
+[![Open in Cloud Shell](https://gstatic.com/cloudssh/images/open-btn.svg)](https://ssh.cloud.google.com/cloudshell/editor?show=ide&cloudshell_git_repo=https://github.com/GoogleCloudPlatform/bank-of-anthos&cloudshell_workspace=.&cloudshell_tutorial=extras/cloudshell/tutorial.md)
+
+## Quickstart (GKE)
+
+1. **[Create a Google Cloud project](https://cloud.google.com/resource-manager/docs/creating-managing-projects#creating_a_project)** or use an existing project. Set the `PROJECT_ID` environment variable and ensure the Google Kubernetes Engine API is enabled.
+
+```
+PROJECT_ID=<YOUR-PROJECT-ID>
+gcloud services enable container --project ${PROJECT_ID}
+```
+
+2. **Clone this repository.**
+
+```
+git clone https://github.com/GoogleCloudPlatform/bank-of-anthos.git
+cd bank-of-anthos/
+```
+
+3. **Create a GKE cluster** and get the credentials for it.
+
+We recommend using [GKE Autopilot](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview):
+
+```
+gcloud services enable container.googleapis.com monitoring.googleapis.com \
+  --project ${PROJECT_ID}
+
+REGION=us-central1
+gcloud container clusters create-auto bank-of-anthos \
+  --project=${PROJECT_ID} --region=${REGION}
+
+gcloud container clusters get-credentials bank-of-anthos \
+  --project=${PROJECT_ID} --region=${REGION}
+```
+
+Alternatively, you can deploy using GKE Standard instead:
+
+```
+ZONE=us-central1-b
+gcloud beta container clusters create bank-of-anthos \
+  --project=${PROJECT_ID} --zone=${ZONE} \
+  --machine-type=e2-standard-2 --num-nodes=4 \
+  --monitoring=SYSTEM --logging=SYSTEM,WORKLOAD --subnetwork=default \
+  --tags=bank-of-anthos --labels csm=
+
+gcloud container clusters get-credentials bank-of-anthos \
+  --project=${PROJECT_ID} --zone=${ZONE}
+```
+
+4. **Deploy Bank of Anthos to the cluster.**
+
+```
+kubectl apply -f ./extras/jwt/jwt-secret.yaml
+kubectl apply -f ./kubernetes-manifests
+```
+
+5. **Wait for the Pods to be ready.**
+
+```
+kubectl get pods
+```
+
+After a few minutes, you should see the Pods in a `Running` state:
+
+```
+NAME                                  READY   STATUS    RESTARTS   AGE
+accounts-db-6f589464bc-6r7b7          1/1     Running   0          99s
+balancereader-797bf6d7c5-8xvp6        1/1     Running   0          99s
+contacts-769c4fb556-25pg2             1/1     Running   0          98s
+frontend-7c96b54f6b-zkdbz             1/1     Running   0          98s
+ledger-db-5b78474d4f-p6xcb            1/1     Running   0          98s
+ledgerwriter-84bf44b95d-65mqf         1/1     Running   0          97s
+loadgenerator-559667b6ff-4zsvb        1/1     Running   0          97s
+transactionhistory-5569754896-z94cn   1/1     Running   0          97s
+userservice-78dc876bff-pdhtl          1/1     Running   0          96s
+```
+
+6. **Access the web frontend in a browser** using the frontend's external IP.
+
+```
+kubectl get service frontend | awk '{print $4}'
+```
+
+Visit `https://EXTERNAL_IP` to access your instance of Bank of Anthos.
+
+## Additional deployment options
+
+- **Workload Identity**: [See these instructions.](./workload-identity.md)
+- **Cloud SQL**: [See these instructions](../extras/cloudsql) to replace the in-cluster databases with hosted Google Cloud SQL.
+- **Multi Cluster with Cloud SQL**: [See these instructions](../extras/cloudsql-multicluster) to replicate the app across two regions using GKE, Multi Cluster Ingress, and Google Cloud SQL.
+- **Istio**: Apply `istio-manifests/` to your cluster to access the frontend through the IngressGateway.
+- **Anthos Service Mesh**: ASM requires Workload Identity to be enabled in your GKE cluster. [See the workload identity instructions](./workload-identity.md) to configure and deploy the app. Then, apply `istio-manifests/` to your cluster to configure frontend ingress.
+- **Java Monolith (VM)**: We provide a version of this app where the three Java microservices are coupled together into one monolithic service, which you can deploy inside a VM (eg. Google Compute Engine). See the [ledgermonolith](../src/ledgermonolith) directory.
+
+## Troubleshooting
+
+See the [troubleshooting guide](./troubleshooting.md) for resolving common problems.
+
+## Development
+
+See the [development guide](./development.md) to learn how to run and develop this app locally.
+
+## Demos featuring Bank of Anthos
+- [Explore Anthos (Google Cloud docs)](https://cloud.google.com/anthos/docs/tutorials/explore-anthos)
+- [Tutorial - Migrate for Anthos - Migrating a monolith VM to GKE](https://cloud.google.com/migrate/containers/docs/migrating-monolith-vm-overview-setup)
+- [Google Cloud Architecture Center - Running distributed services on GKE private clusters using Anthos Service Mesh](https://cloud.google.com/architecture/distributed-services-on-gke-private-using-anthos-service-mesh)
+- [Google Cloud Next '20 - Hands-on Keynote](https://www.youtube.com/watch?v=7QR1z35h_yc)  (Anthos, Cloud Operations, Spring Cloud GCP, BigQuery, AutoML)

release/README.md → docs/releasing.md

@@ -32,22 +32,22 @@ Make sure that the following commands are in your `PATH`:
 - `skaffold`
 - `gcloud`
 
-Run the `make-release.sh` script found inside the `release` directory:
+Run the `make-release.sh` script found inside the `docs/releasing` directory:
 
 ```sh
 # assuming you are inside the root path of the bank-of-anthos repository
 export NEW_VERSION=vX.Y.Z
-export REPO_PREFIX=gcr.io/bank-of-anthos-ci
-./release/make-release.sh
+export REPO_PREFIX=us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos
+./docs/releasing/make-release.sh
 ```
 
 This script does the following:
-1. Replaces the existing `kubernetes-manifests` with the content of `dev-kubernetes-manifests`.
-2. Updates the image tags for all the Deployments in `kubernetes-manifests` with the new release tag.
-3. Uses `git tag` to create a new local tag.
-4. Creates a new release branch.
-5. Uses `skaffold` to build and push new stable release images to `gcr.io/bank-of-anthos-ci`.
-6. Pushes the git tag and the release branch.
+1. Clears out the previous release in `kubernetes-manifests/`.
+2. Build, tag, and pushes release images in Artifact Registry using `skaffold build`.
+3. Renders new k8s manifests using `skaffold render`.
+4. Update version environment variables in k8s and TF manifests.
+5. Creates a new git release branch and tag.
+6. Pushes the git release branch and tag upstream.
 
 ### Troubleshooting script failures
 
@@ -57,9 +57,6 @@ In the event of any of the steps above failing you might have to revert the repo
 git checkout main
 git branch -D release/$NEW_VERSION
 git tag -d $NEW_VERSION
-
-# delete temporary files created
-rm kubernetes-manifests/*-e
 ```
 
 ## Create the PR
@@ -82,31 +79,15 @@ The release notes should contain a brief description of the changes since the pr
 
 Once the release notes are published, you should then replace the version of the production environment to the newly published version.
 
-First, make sure you are connected to the production cluster (**note:** this requires authorization access to the Bank of Anthos cluster):
-```
-gcloud container clusters get-credentials bank-of-anthos-release --zone us-central1-c --project bank-of-anthos-ci
-```
+1. Open up the [Cloud Deploy dashboard](https://pantheon.corp.google.com/deploy/delivery-pipelines?project=bank-of-anthos-ci).
 
-1. ***[Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) enabled production cluster***
+2. For each service, click on it, verify that its staging version is green, and then click **Promote**.
 
-Currently the `bank-of-anthos-release` cluster has [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) enabled. Thus, when deploying to this cluster the pod service account (`boa-ksa-release`) used by _Workload Identity_ must be used as the serviceAccount in the manifests.
+   [![Cloud Deploy](./img/cloud-deploy.png)](./img/cloud-deploy.png)
 
-Follow steps 3 and 4 of the [workload identity setup](https://github.com/GoogleCloudPlatform/bank-of-anthos/blob/main/docs/workload-identity.md) with the following config values to deploy into production:
-- `boa-ksa-release` as the `KSA_NAME`
-- `default` as the `NAMESPACE`
+3. Wait for all promotion builds to be green.
 
-2. ***Non Workload Identity cluster***
-
-You can simply apply the new manifest versions on top of the current environment:
-```
-kubectl apply -f ./kubernetes-manifests
-```
-
-Alternatively, you can also choose to start from scratch by deleting the previously applied manifests first:
-```
-kubectl delete -f kubernetes-manifests
-kubectl apply -f ./kubernetes-manifests
-```
+4. Verify that the production environment is still up and running: https://bank-of-anthos.xyz
 
 ## Update the ledgermonolith bucket
 

release/make-release.sh → docs/releasing/make-release.sh

@@ -15,12 +15,14 @@
 
 set -euxo pipefail
 
-# set default repo
-REPO_PREFIX="${REPO_PREFIX:-gcr.io/bank-of-anthos-ci}"
+# set env
+REPO_PREFIX="${REPO_PREFIX:-us-central1-docker.pkg.dev/bank-of-anthos-ci/bank-of-anthos}"
+PROFILE="development"
+RELEASE_DIR="kubernetes-manifests/"
 
 # move to repo root
 SCRIPT_DIR=$(dirname $(realpath -s $0))
-REPO_ROOT=$SCRIPT_DIR/..
+REPO_ROOT=$SCRIPT_DIR/../..
 cd $REPO_ROOT
 
 # validate version number (format: v0.0.0)
@@ -43,35 +45,40 @@ then
     exit 1
 fi
 
-# replace kubernetes-manifests/ contents 
-rm -rf "${REPO_ROOT}/kubernetes-manifests"
-mkdir "${REPO_ROOT}/kubernetes-manifests"
-cp -a "${REPO_ROOT}/dev-kubernetes-manifests/." "${REPO_ROOT}/kubernetes-manifests/"
+# clear out previous release content
+rm -rf "${REPO_ROOT}/${RELEASE_DIR}"
+mkdir "${REPO_ROOT}/${RELEASE_DIR}"
+
+# build and push release images
+skaffold config set local-cluster false
+skaffold build --file-output="artifacts.json" --profile "${PROFILE}" \
+               --default-repo="${REPO_PREFIX}" --tag="${NEW_VERSION}"
+skaffold config unset local-cluster
+
+# render manifests
+for service in "frontend contacts userservice balancereader ledgerwriter transactionhistory loadgenerator"; do
+  skaffold render --build-artifacts="artifacts.json" --profile "${PROFILE}" \
+                  --module="${service}" > "${REPO_PREFIX}/${RELEASE_DIR}/${service}.yaml"
+done
 
 # update version in manifests
-find "${REPO_ROOT}/kubernetes-manifests" -name '*.yaml' -exec sed -i -e "s'image: \(.*\)'image: ${REPO_PREFIX}\/\1:${NEW_VERSION}'g" {} \;
-find "${REPO_ROOT}/kubernetes-manifests" -name '*.yaml' -exec sed -i -e "s'value: \"dev\"'value: \"${NEW_VERSION}\"'g" {} \;
+find "${REPO_ROOT}/${RELEASE_DIR}" -name '*.yaml' -exec sed -i -e "s'value: \"dev\"'value: \"${NEW_VERSION}\"'g" {} \;
+rm "${REPO_ROOT}/${RELEASE_DIR}/*-e"
 
 # update version in terraform scripts
 sed -i -e "s@sync_branch  = .*@sync_branch  = \"${NEW_VERSION}\"@g" ${REPO_ROOT}/iac/tf-anthos-gke/terraform.tfvars
+rm "${REPO_ROOT}/iac/tf-anthos-gke/terraform.tfvars-e"
 
-# remove the region tags so that there are no duplicates 
-find "${REPO_ROOT}/kubernetes-manifests" -name '*.yaml' -exec sed -i -e  "s/dev_kubernetes_manifests/boa_kubernetes_manifests/g" {} \;
-
-# push release PR
+# create release branch and tag
 git checkout -b "release/${NEW_VERSION}"
-git add "${REPO_ROOT}/kubernetes-manifests/*.yaml"
+git add "${REPO_ROOT}/${RELEASE_DIR}/*.yaml"
 git add "${REPO_ROOT}/iac/tf-anthos-gke/terraform.tfvars"
 git commit -m "release/${NEW_VERSION}"
-
-# add tag
 git tag "${NEW_VERSION}"
 
-# build and push release images
-skaffold config set local-cluster false
-skaffold build --default-repo="${REPO_PREFIX}" --tag="${NEW_VERSION}"
-skaffold config unset local-cluster
-
-# push to repo
+# push branch and tag upstream
 git push --set-upstream origin "release/${NEW_VERSION}"
 git push --tags
+
+# clean up
+rm "${REPO_ROOT}/artifacts.json"

src/accounts/userservice/k8s/base/userservice.yaml

@@ -74,7 +74,7 @@ spec:
           timeoutSeconds: 10
         resources:
           requests:
-            cpu: 300m
+            cpu: 250m
             memory: 128Mi
             ephemeral-storage: 0.25Gi
           limits: