From c8d1496ddf8354a5c29bb2962dfa91808e0304ba Mon Sep 17 00:00:00 2001 From: Christopher Tauchen Date: Fri, 13 Mar 2026 15:42:20 +0000 Subject: [PATCH] DOCS-2802: Add namespaced Online Boutique manifest Add a namespaced version of Google's Online Boutique microservices demo for use in quickstart guides. Each of the 12 services is placed in its own namespace for a richer Service Graph topology. Co-Authored-By: Claude Opus 4.6 --- static/files/online-boutique-namespaced.yaml | 1028 ++++++++++++++++++ 1 file changed, 1028 insertions(+) create mode 100644 static/files/online-boutique-namespaced.yaml diff --git a/static/files/online-boutique-namespaced.yaml b/static/files/online-boutique-namespaced.yaml new file mode 100644 index 0000000000..bd3c1a543a --- /dev/null +++ b/static/files/online-boutique-namespaced.yaml @@ -0,0 +1,1028 @@ +# Online Boutique microservices demo (namespaced) +# +# Adapted from Google's microservices-demo, licensed under Apache 2.0. +# https://github.com/GoogleCloudPlatform/microservices-demo +# +# Each service is placed in its own namespace so that Calico Cloud +# Service Graph shows a rich cross-namespace topology. +# All cross-service env vars use . DNS format. + +# -------------------------------------------------------------------------- +# adservice +# -------------------------------------------------------------------------- +apiVersion: v1 +kind: Namespace +metadata: + name: adservice +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: adservice + namespace: adservice +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: adservice + namespace: adservice +spec: + selector: + matchLabels: + app: adservice + template: + metadata: + labels: + app: adservice + spec: + serviceAccountName: adservice + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: server + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/adservice:v0.10.5 + ports: + - containerPort: 9555 + env: + - name: PORT + value: "9555" + resources: + requests: + cpu: 200m + memory: 180Mi + limits: + cpu: 300m + memory: 300Mi + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 15 + grpc: + port: 9555 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 15 + grpc: + port: 9555 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true +--- +apiVersion: v1 +kind: Service +metadata: + name: adservice + namespace: adservice +spec: + type: ClusterIP + selector: + app: adservice + ports: + - name: grpc + port: 9555 + targetPort: 9555 +--- +# -------------------------------------------------------------------------- +# cartservice +# -------------------------------------------------------------------------- +apiVersion: v1 +kind: Namespace +metadata: + name: cartservice +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cartservice + namespace: cartservice +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cartservice + namespace: cartservice +spec: + selector: + matchLabels: + app: cartservice + template: + metadata: + labels: + app: cartservice + spec: + serviceAccountName: cartservice + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: server + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/cartservice:v0.10.5 + ports: + - containerPort: 7070 + env: + - name: REDIS_ADDR + value: "redis-cart.redis-cart:6379" + resources: + requests: + cpu: 200m + memory: 64Mi + limits: + cpu: 300m + memory: 128Mi + readinessProbe: + initialDelaySeconds: 15 + grpc: + port: 7070 + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 10 + grpc: + port: 7070 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true +--- +apiVersion: v1 +kind: Service +metadata: + name: cartservice + namespace: cartservice +spec: + type: ClusterIP + selector: + app: cartservice + ports: + - name: grpc + port: 7070 + targetPort: 7070 +--- +# -------------------------------------------------------------------------- +# checkoutservice +# -------------------------------------------------------------------------- +apiVersion: v1 +kind: Namespace +metadata: + name: checkoutservice +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: checkoutservice + namespace: checkoutservice +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: checkoutservice + namespace: checkoutservice +spec: + selector: + matchLabels: + app: checkoutservice + template: + metadata: + labels: + app: checkoutservice + spec: + serviceAccountName: checkoutservice + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: server + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/checkoutservice:v0.10.5 + ports: + - containerPort: 5050 + env: + - name: PORT + value: "5050" + - name: PRODUCT_CATALOG_SERVICE_ADDR + value: "productcatalogservice.productcatalogservice:3550" + - name: SHIPPING_SERVICE_ADDR + value: "shippingservice.shippingservice:50051" + - name: PAYMENT_SERVICE_ADDR + value: "paymentservice.paymentservice:50051" + - name: EMAIL_SERVICE_ADDR + value: "emailservice.emailservice:5000" + - name: CURRENCY_SERVICE_ADDR + value: "currencyservice.currencyservice:7000" + - name: CART_SERVICE_ADDR + value: "cartservice.cartservice:7070" + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi + readinessProbe: + grpc: + port: 5050 + livenessProbe: + grpc: + port: 5050 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true +--- +apiVersion: v1 +kind: Service +metadata: + name: checkoutservice + namespace: checkoutservice +spec: + type: ClusterIP + selector: + app: checkoutservice + ports: + - name: grpc + port: 5050 + targetPort: 5050 +--- +# -------------------------------------------------------------------------- +# currencyservice +# -------------------------------------------------------------------------- +apiVersion: v1 +kind: Namespace +metadata: + name: currencyservice +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: currencyservice + namespace: currencyservice +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: currencyservice + namespace: currencyservice +spec: + selector: + matchLabels: + app: currencyservice + template: + metadata: + labels: + app: currencyservice + spec: + serviceAccountName: currencyservice + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: server + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/currencyservice:v0.10.5 + ports: + - containerPort: 7000 + name: grpc + env: + - name: PORT + value: "7000" + - name: DISABLE_PROFILER + value: "1" + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi + readinessProbe: + grpc: + port: 7000 + livenessProbe: + grpc: + port: 7000 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true +--- +apiVersion: v1 +kind: Service +metadata: + name: currencyservice + namespace: currencyservice +spec: + type: ClusterIP + selector: + app: currencyservice + ports: + - name: grpc + port: 7000 + targetPort: 7000 +--- +# -------------------------------------------------------------------------- +# emailservice +# -------------------------------------------------------------------------- +apiVersion: v1 +kind: Namespace +metadata: + name: emailservice +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: emailservice + namespace: emailservice +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: emailservice + namespace: emailservice +spec: + selector: + matchLabels: + app: emailservice + template: + metadata: + labels: + app: emailservice + spec: + serviceAccountName: emailservice + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: server + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/emailservice:v0.10.5 + ports: + - containerPort: 8080 + env: + - name: PORT + value: "8080" + - name: DISABLE_PROFILER + value: "1" + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi + readinessProbe: + periodSeconds: 5 + grpc: + port: 8080 + livenessProbe: + periodSeconds: 5 + grpc: + port: 8080 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true +--- +apiVersion: v1 +kind: Service +metadata: + name: emailservice + namespace: emailservice +spec: + type: ClusterIP + selector: + app: emailservice + ports: + - name: grpc + port: 5000 + targetPort: 8080 +--- +# -------------------------------------------------------------------------- +# frontend +# -------------------------------------------------------------------------- +apiVersion: v1 +kind: Namespace +metadata: + name: frontend +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: frontend + namespace: frontend +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: frontend +spec: + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + spec: + serviceAccountName: frontend + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: server + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/frontend:v0.10.5 + ports: + - containerPort: 8080 + env: + - name: PORT + value: "8080" + - name: PRODUCT_CATALOG_SERVICE_ADDR + value: "productcatalogservice.productcatalogservice:3550" + - name: CURRENCY_SERVICE_ADDR + value: "currencyservice.currencyservice:7000" + - name: CART_SERVICE_ADDR + value: "cartservice.cartservice:7070" + - name: RECOMMENDATION_SERVICE_ADDR + value: "recommendationservice.recommendationservice:8080" + - name: SHIPPING_SERVICE_ADDR + value: "shippingservice.shippingservice:50051" + - name: CHECKOUT_SERVICE_ADDR + value: "checkoutservice.checkoutservice:5050" + - name: AD_SERVICE_ADDR + value: "adservice.adservice:9555" + - name: SHOPPING_ASSISTANT_SERVICE_ADDR + value: "disabled" + - name: ENABLE_PROFILER + value: "0" + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi + readinessProbe: + initialDelaySeconds: 10 + httpGet: + path: /_healthz + port: 8080 + httpHeaders: + - name: Cookie + value: shop_session-id=x-readiness-probe + livenessProbe: + initialDelaySeconds: 10 + httpGet: + path: /_healthz + port: 8080 + httpHeaders: + - name: Cookie + value: shop_session-id=x-liveness-probe + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend + namespace: frontend +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 8080 +--- +# -------------------------------------------------------------------------- +# loadgenerator +# -------------------------------------------------------------------------- +apiVersion: v1 +kind: Namespace +metadata: + name: loadgenerator +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: loadgenerator + namespace: loadgenerator +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: loadgenerator + namespace: loadgenerator +spec: + selector: + matchLabels: + app: loadgenerator + replicas: 1 + template: + metadata: + labels: + app: loadgenerator + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + spec: + serviceAccountName: loadgenerator + terminationGracePeriodSeconds: 5 + restartPolicy: Always + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: frontend-check + image: busybox:latest + command: + - /bin/sh + - -exc + - | + MAX_RETRIES=12 + RETRY_INTERVAL=10 + for i in $(seq 1 $MAX_RETRIES); do + echo "Attempt $i: Pinging frontend: ${FRONTEND_ADDR}..." + STATUSCODE=$(wget --server-response http://${FRONTEND_ADDR} 2>&1 | awk '/^ HTTP/{print $2}') + if [ $STATUSCODE -eq 200 ]; then + echo "Frontend is reachable." + exit 0 + fi + echo "Error: Could not reach frontend - Status code: ${STATUSCODE}" + sleep $RETRY_INTERVAL + done + echo "Failed to reach frontend after $MAX_RETRIES attempts." + exit 1 + env: + - name: FRONTEND_ADDR + value: "frontend.frontend:80" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + containers: + - name: main + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/loadgenerator:v0.10.5 + env: + - name: FRONTEND_ADDR + value: "frontend.frontend:80" + - name: USERS + value: "10" + - name: RATE + value: "1" + resources: + requests: + cpu: 300m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true +--- +# -------------------------------------------------------------------------- +# paymentservice +# -------------------------------------------------------------------------- +apiVersion: v1 +kind: Namespace +metadata: + name: paymentservice +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: paymentservice + namespace: paymentservice +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: paymentservice + namespace: paymentservice +spec: + selector: + matchLabels: + app: paymentservice + template: + metadata: + labels: + app: paymentservice + spec: + serviceAccountName: paymentservice + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: server + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/paymentservice:v0.10.5 + ports: + - containerPort: 50051 + env: + - name: PORT + value: "50051" + - name: DISABLE_PROFILER + value: "1" + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi + readinessProbe: + grpc: + port: 50051 + livenessProbe: + grpc: + port: 50051 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true +--- +apiVersion: v1 +kind: Service +metadata: + name: paymentservice + namespace: paymentservice +spec: + type: ClusterIP + selector: + app: paymentservice + ports: + - name: grpc + port: 50051 + targetPort: 50051 +--- +# -------------------------------------------------------------------------- +# productcatalogservice +# -------------------------------------------------------------------------- +apiVersion: v1 +kind: Namespace +metadata: + name: productcatalogservice +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: productcatalogservice + namespace: productcatalogservice +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: productcatalogservice + namespace: productcatalogservice +spec: + selector: + matchLabels: + app: productcatalogservice + template: + metadata: + labels: + app: productcatalogservice + spec: + serviceAccountName: productcatalogservice + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: server + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/productcatalogservice:v0.10.5 + ports: + - containerPort: 3550 + env: + - name: PORT + value: "3550" + - name: DISABLE_PROFILER + value: "1" + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi + readinessProbe: + grpc: + port: 3550 + livenessProbe: + grpc: + port: 3550 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true +--- +apiVersion: v1 +kind: Service +metadata: + name: productcatalogservice + namespace: productcatalogservice +spec: + type: ClusterIP + selector: + app: productcatalogservice + ports: + - name: grpc + port: 3550 + targetPort: 3550 +--- +# -------------------------------------------------------------------------- +# recommendationservice +# -------------------------------------------------------------------------- +apiVersion: v1 +kind: Namespace +metadata: + name: recommendationservice +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: recommendationservice + namespace: recommendationservice +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: recommendationservice + namespace: recommendationservice +spec: + selector: + matchLabels: + app: recommendationservice + template: + metadata: + labels: + app: recommendationservice + spec: + serviceAccountName: recommendationservice + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: server + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/recommendationservice:v0.10.5 + ports: + - containerPort: 8080 + env: + - name: PORT + value: "8080" + - name: PRODUCT_CATALOG_SERVICE_ADDR + value: "productcatalogservice.productcatalogservice:3550" + - name: DISABLE_PROFILER + value: "1" + resources: + requests: + cpu: 100m + memory: 220Mi + limits: + cpu: 200m + memory: 450Mi + readinessProbe: + periodSeconds: 5 + grpc: + port: 8080 + livenessProbe: + periodSeconds: 5 + grpc: + port: 8080 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true +--- +apiVersion: v1 +kind: Service +metadata: + name: recommendationservice + namespace: recommendationservice +spec: + type: ClusterIP + selector: + app: recommendationservice + ports: + - name: grpc + port: 8080 + targetPort: 8080 +--- +# -------------------------------------------------------------------------- +# redis-cart +# -------------------------------------------------------------------------- +apiVersion: v1 +kind: Namespace +metadata: + name: redis-cart +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis-cart + namespace: redis-cart +spec: + selector: + matchLabels: + app: redis-cart + template: + metadata: + labels: + app: redis-cart + spec: + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: redis + image: redis:alpine + ports: + - containerPort: 6379 + readinessProbe: + periodSeconds: 5 + tcpSocket: + port: 6379 + livenessProbe: + periodSeconds: 5 + tcpSocket: + port: 6379 + volumeMounts: + - name: redis-data + mountPath: /data + resources: + requests: + cpu: 70m + memory: 200Mi + limits: + cpu: 125m + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + volumes: + - name: redis-data + emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: redis-cart + namespace: redis-cart +spec: + type: ClusterIP + selector: + app: redis-cart + ports: + - name: tcp-redis + port: 6379 + targetPort: 6379 +--- +# -------------------------------------------------------------------------- +# shippingservice +# -------------------------------------------------------------------------- +apiVersion: v1 +kind: Namespace +metadata: + name: shippingservice +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: shippingservice + namespace: shippingservice +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: shippingservice + namespace: shippingservice +spec: + selector: + matchLabels: + app: shippingservice + template: + metadata: + labels: + app: shippingservice + spec: + serviceAccountName: shippingservice + terminationGracePeriodSeconds: 5 + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: server + image: us-central1-docker.pkg.dev/google-samples/microservices-demo/shippingservice:v0.10.5 + ports: + - containerPort: 50051 + env: + - name: PORT + value: "50051" + - name: DISABLE_PROFILER + value: "1" + resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi + readinessProbe: + periodSeconds: 5 + grpc: + port: 50051 + livenessProbe: + grpc: + port: 50051 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true +--- +apiVersion: v1 +kind: Service +metadata: + name: shippingservice + namespace: shippingservice +spec: + type: ClusterIP + selector: + app: shippingservice + ports: + - name: grpc + port: 50051 + targetPort: 50051