Create DNS Records:
Enable in microservices.yaml file like below
https://github.com/SafiBank/SaFiMono/blob/main/devops/terraform/_files/microservices.yaml#L31-L32
tyk_grpc: true app_grpc: true
Terraform code to create DNS records
resource "google_dns_record_set" "grpc_apps" {
for_each = { for k, v in setproduct( [for k, v in local.safi_microservices : k if lookup(v, "app_grpc", false) != false], [for key in keys(local.safi_environments) : key if lookup(local.safi_environments[key], "enabled",false) != false] ) : format("%s-%s", v[0], v[1]) => {app=v[0], env=v[1]} }
name = format("%s-grpc.apps.%s.safibank.online.", replace(each.value.app, "_", "-"), each.value.env)
managed_zone = google_dns_managed_zone.env_safibank_online[each.value.env].name
type = "A"
ttl = 300
rrdatas = [local.dns_app_internal_loadbalancer[each.value.env]]
}
resource "google_dns_record_set" "grpc_tyk" {
for_each = {for k,v in setproduct([for k, v in local.safi_microservices : k if lookup(v, "tyk_grpc", false) != false], [for key in keys(local.safi_environments) : key if lookup(local.safi_environments[key], "enabled",false) != false]) : format("%s-%s", v[0], v[1]) => {app=v[0], env=v[1]}}
name = format("%s-tyk-grpc.tyk.%s.safibank.online.", replace(each.value.app, "_", "-"), each.value.env)
managed_zone = google_dns_managed_zone.env_safibank_online[each.value.env].name
type = "A"
ttl = 300
rrdatas = [local.dns_tyk_external_loadbalancer[each.value.env]]
}
Run the terraform workspace
https://app.terraform.io/app/safi/workspaces/safi-dns-safibankonline
Helm Chart Modification:
Need to modify kotlin chart to create ingress for GRPC
https://github.com/SafiBank/SaFiMono/blob/main/devops/charts/kotlin/templates/ingress-grpc.yaml
{{- if .Values.ingressGrpc.enabled -}}
{{- $fullName := include "kotlin.fullname" . -}}
{{- $svcPort := .Values.serviceGrpc.port -}}
{{- if and .Values.ingressGrpc.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingressGrpc.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingressGrpc.annotations "kubernetes.io/ingress.class" .Values.ingressGrpc.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}-grpc
labels:
{{- include "kotlin.labels" . | nindent 4 }}
{{- with .Values.ingressGrpc.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingressGrpc.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingressGrpc.className }}
{{- end }}
{{- if .Values.ingressGrpc.tls }}
tls:
{{- range .Values.ingressGrpc.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingressGrpc.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}-grpc
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
Modify values.yaml
ingressGrpc:
enabled: true
annotations:
cert-manager.io/cluster-issuer: zerossl-dns
ingress.kubernetes.io/protocol: h2c
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
kubernetes.io/ingress.class: traefik-internal
hosts:
- host: card-manager-grpc.apps.brave.safibank.online
paths:
- path: /
pathType: Prefix
tls:
- secretName: card-manager-grpc.apps.brave.safibank.online-tls
hosts:
- card-manager-grpc.apps.brave.safibank.online
TYK Modification:
Deploy Traefik ingress with external load balancer
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: traefik-external
spec:
generators:
- list:
elements:
- name: safi-brave-tyk-a
server: https://172.21.111.236:8081
values:
override: |
deployment:
replicas: 1
podDisruptionBudget:
enabled: true
maxUnavailable: 1
ingressClass:
enabled: true
isDefaultClass: true
ingressRoute:
dashboard:
enabled: false
providers:
kubernetesIngress:
ingressClass: traefik
publishedService:
enabled: true
ports:
metrics:
expose: true
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "300m"
memory: "150Mi"
metrics:
prometheus:
serviceMonitor:
relabelings:
- sourceLabels: [__meta_kubernetes_pod_node_name]
separator: ;
regex: ^(.*)$
targetLabel: nodename
replacement: $1
action: replace
jobLabel: traefik-external
scrapeInterval: 30s
scrapeTimeout: 5s
honorLabels: true
template:
metadata:
name: '{{name}}-traefik-external'
spec:
project: dev-infra
source:
chart: traefik
repoURL: https://helm.traefik.io/traefik
targetRevision: 20.3.0
helm:
releaseName: traefik-external
values: |
{{values.override}}
destination:
server: '{{server}}'
namespace: traefik-external
syncPolicy:
automated:
prune: true
syncOptions:
- CreateNamespace=true
- Replace=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
Create GRPC SVC in TYK
apiVersion: v1
kind: Service
metadata:
annotations:
traefik.ingress.kubernetes.io/service.serversscheme: h2c
labels:
app: gateway-svc-tyk-apigw-brave-tyk-pro
name: grpc-svc
namespace: tyk
spec:
ports:
- name: grpc
port: 4444
protocol: TCP
targetPort: 4444
selector:
app: gateway-tyk-apigw-brave-tyk-pro
Create GRPC Ingress in TYK
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: zerossl-dns
ingress.kubernetes.io/protocol: h2c
kubernetes.io/ingress.class: traefik-internal
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
labels:
app: gateway-tyk-apigw-brave-tyk-pro
name: card-manager-grpc
namespace: tyk
spec:
rules:
- host: card-manager-grpc.smallog.tech
http:
paths:
- backend:
service:
name: grpc-svc
port:
number: 4444
path: /
pathType: Prefix
tls:
- hosts:
- card-manager-grpc.smallog.tech
secretName: card-manager-grpc.smallog.tech-tls
Mapping in TYK
GRPC Testing
MS Level Testing
❯ grpcurl -proto CardManagerV1.proto -d '{"cardId": "02ca3c4b-ba09-4aef-81e6-0419cd15ad4d", "isSyncTracking": "false"}' card-manager-grpc.apps.brave.safibank.online:443 cardmanagerv1.CardManagerV1/GetCardDetails
{
"cardId": "02ca3c4b-ba09-4aef-81e6-0419cd15ad4d",
"accountNo": "0275243584",
"customerId": "ebe2e661-8e08-4b47-a938-97449aed1a78",
"cardType": "DD1",
"cardPicture": "https://storage.googleapis.com/test-safi-dev/ebe2e661-8e08-4b47-a938-97449aed1a78/ebe2e661-8e08-4b47-a938-97449aed1a78_02ca3c4b-ba09-4aef-81e6-0419cd15ad4d_7.png",
"namePrinted": false,
"dynamicCVV": false,
"internationalBlockingFlag": false,
"embossName": "Maria Santos Dela Cruz",
"maskingCardNo": "436434XXXXXX5438",
"expiration": "20271130",
"cardStatus": "ACTIVE",
"orderingNumber": 1,
"key": "COrqNGD",
"createdAt": "2022-11-03T08:56:54.802Z",
"updatedAt": "2022-12-05T02:55:33.905Z"
}
TYK Level Testing
❯ grpcurl -proto CardManagerV1.proto -d '{"cardId": "02ca3c4b-ba09-4aef-81e6-0419cd15ad4d", "isSyncTracking": "false"}' card-manager-grpc.smallog.tech:443 cardmanagerv1.CardManagerV1/GetCardDetails
{
"cardId": "02ca3c4b-ba09-4aef-81e6-0419cd15ad4d",
"accountNo": "0275243584",
"customerId": "ebe2e661-8e08-4b47-a938-97449aed1a78",
"cardType": "DD1",
"cardPicture": "https://storage.googleapis.com/test-safi-dev/ebe2e661-8e08-4b47-a938-97449aed1a78/ebe2e661-8e08-4b47-a938-97449aed1a78_02ca3c4b-ba09-4aef-81e6-0419cd15ad4d_7.png",
"namePrinted": false,
"dynamicCVV": false,
"internationalBlockingFlag": false,
"embossName": "Maria Santos Dela Cruz",
"maskingCardNo": "436434XXXXXX5438",
"expiration": "20271130",
"cardStatus": "ACTIVE",
"orderingNumber": 1,
"key": "COrqNGD",
"createdAt": "2022-11-03T08:56:54.802Z",
"updatedAt": "2022-12-05T02:55:33.905Z"
}
Attachments:
image-20230309-223923.png (image/png)
image-20230309-224054.png (image/png)
image-20230309-224139.png (image/png)