github.com/yoanyombapro1234/feelguuds/src/services/authentication_handler_service

FeelGuuds Authentication Handler Service - (Recon)

Specifications:

• Health checks (readiness and liveness)
• Graceful shutdown on interrupt signals
• File watcher for secrets and configmaps
• Instrumented with Prometheus
• Tracing with Istio and Jaeger
• Linkerd service profile
• Structured logging with zap
• 12-factor app with viper
• Fault injection (random errors and latency)
• Swagger docs
• Helm and Kustomize installers
• End-to-End testing with Kubernetes Kind and Helm
• Kustomize testing with GitHub Actions and Open Policy Agent
• Multi-arch container image with Docker buildx and Github Actions
• CVE scanning with trivy

Web API:

• GET / prints runtime information
• GET /version prints service version and git commit hash
• GET /metrics return HTTP requests duration and Go runtime metrics
• GET /healthz used by Kubernetes liveness probe
• GET /readyz used by Kubernetes readiness probe
• POST /readyz/enable signals the Kubernetes LB that this instance is ready to receive traffic
• POST /readyz/disable signals the Kubernetes LB to stop sending requests to this instance
• GET /status/{code} returns the status code
• GET /panic crashes the process with exit code 255
• POST /echo forwards the call to the backend service and echos the posted content
• GET /env returns the environment variables as a JSON array
• GET /headers returns a JSON with the request HTTP headers
• GET /delay/{seconds} waits for the specified period
• POST /token issues a JWT token valid for one minute JWT=$(curl -sd 'anon' service:9898/token | jq -r .token)
• GET /token/validate validates the JWT token curl -H "Authorization: Bearer $JWT" service:9898/token/validate
• GET /configs returns a JSON with configmaps and/or secrets mounted in the config volume
• POST/PUT /cache/{key} saves the posted content to Redis
• GET /cache/{key} returns the content from Redis if the key exists
• DELETE /cache/{key} deletes the key from Redis if exists
• POST /store writes the posted content to disk at /data/hash and returns the SHA1 hash of the content
• GET /store/{hash} returns the content of the file /data/hash if exists
• GET /ws/echo echos content via websockets servicecli ws ws://localhost:9898/ws/echo
• GET /chunked/{seconds} uses transfer-encoding type chunked to give a partial response and then waits for the specified period
• GET /swagger.json returns the API Swagger docs, used for Linkerd service profiling and Gloo routes discovery

gRPC API:

• /grpc.health.v1.Health/Check health checking

Web UI:

To access the Swagger UI open <service-host>/swagger/index.html in a browser.

Guides

• GitOps Progressive Deliver with Flagger, Helm v3 and Linkerd
• GitOps Progressive Deliver on EKS with Flagger and AppMesh
• Automated canary deployments with Flagger and Istio
• Kubernetes autoscaling with Istio metrics
• Autoscaling EKS on Fargate with custom metrics
• Managing Helm releases the GitOps way
• Securing EKS Ingress With Contour And Let’s Encrypt The GitOps Way

Install

Helm:

helm repo add service https://stefanprodan.github.io/service

helm upgrade --install --wait frontend \
--namespace test \
--set replicaCount=2 \
--set backend=http://backend-service:9898/echo \
service/service

helm test frontend

helm upgrade --install --wait backend \
--namespace test \
--set redis.enabled=true \
service/service

Kustomize:

kubectl apply -k github.com/yoanyombapro1234/FeelGuuds/src/services/authentication_handler_service/kustomize

Docker:

docker run -dp 9898:9898 yoanyombapro1234/FeelGuuds/src/services/authentication_handler_service

Continuous Delivery

In order to install service on a Kubernetes cluster and keep it up to date with the latest release in an automated manner, you can use Flux.

Install the Flux CLI on MacOS and Linux using Homebrew:

brew install fluxcd/tap/flux

Install the Flux controllers needed for Helm operations:

flux install \
--namespace=flux-system \
--network-policy=false \
--components=source-controller,helm-controller

Add service's Helm repository to your cluster and configure Flux to check for new chart releases every ten minutes:

flux create source helm service \
--namespace=default \
--url=https://stefanprodan.github.io/service \
--interval=10m

Create a service-values.yaml file locally:

cat > service-values.yaml <<EOL
replicaCount: 2
resources:
  limits:
    memory: 256Mi
  requests:
    cpu: 100m
    memory: 64Mi
EOL

Create a Helm release for deploying service in the default namespace:

flux create helmrelease service \
--namespace=default \
--source=HelmRepository/service \
--release-name=service \
--chart=service \
--chart-version=">5.0.0" \
--values=service-values.yaml

Based on the above definition, Flux will upgrade the release automatically when a new version of service is released. If the upgrade fails, Flux can rollback to the previous working version.

You can check what version is currently deployed with:

flux get helmreleases -n default

To delete service's Helm repository and release from your cluster run:

flux -n default delete source helm service
flux -n default delete helmrelease service

If you wish to manage the lifecycle of your applications in a GitOps manner, check out this workflow example for multi-env deployments with Flux, Kustomize and Helm.

Authentication Handler Service Documentation