.

.

Author: engel80

.github/workflows/build.yml

@@ -0,0 +1,37 @@
+name: Build
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Gradle packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Build and analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./gradlew build sonarqube --info

.gitignore

@@ -1,3 +1,28 @@
+build
+.gradle
+.vscode
+
+*.log
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# MAC
+**/.DS_Store
+
+# internal
+*internal*
+
+# GKE
+service-account.json
+
+# k8s
+python-ping-api.yaml
+
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]

README.md

@@ -1,2 +1,126 @@
-# python-gradle
-Python, pytest, Gradle, Sonarqbue
+# Python sample project for GKE
+
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=DevSecOpsSamples_gke-python-api&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=DevSecOpsSamples_gke-python-api) [![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=DevSecOpsSamples_gke-python-api&metric=ncloc)](https://sonarcloud.io/summary/new_code?id=DevSecOpsSamples_gke-python-api)
+
+The sample project to deploy Python REST API application, Service, HorizontalPodAutoscaler, Ingress, and BackendConfig on GKE.
+
+- [app.py](app/app.py)
+- [python-ping-api-template.yaml](app/python-ping-api-template.yaml)
+
+---
+
+## Prerequisites
+
+### Installation
+
+- [Install the gcloud CLI](https://cloud.google.com/sdk/docs/install)
+- [Install kubectl and configure cluster access](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl)
+
+### Set environment variables
+
+```bash
+PROJECT_ID="sample-project" # replace with your project
+COMPUTE_ZONE="us-central1"
+```
+
+### Set GCP project
+
+```bash
+gcloud config set project ${PROJECT_ID}
+gcloud config set compute/zone ${COMPUTE_ZONE}
+```
+
+---
+
+## Create a GKE cluster
+
+Create an Autopilot GKE cluster. It may take around 9 minutes.
+
+```bash
+gcloud container clusters create-auto sample-cluster --region=${COMPUTE_ZONE}
+gcloud container clusters get-credentials sample-cluster
+```
+
+---
+
+## Deploy python-ping-api
+
+Build and push to GCR:
+
+```bash
+cd ../app
+docker build -t python-ping-api . --platform linux/amd64
+docker tag python-ping-api:latest gcr.io/${PROJECT_ID}/python-ping-api:latest
+
+gcloud auth configure-docker
+docker push gcr.io/${PROJECT_ID}/python-ping-api:latest
+```
+
+Create and deploy K8s Deployment, Service, HorizontalPodAutoscaler, Ingress, and GKE BackendConfig using the [python-ping-api-template.yaml](app/python-ping-api-template.yaml) template file.
+
+```bash
+sed -e "s|<project-id>|${PROJECT_ID}|g" python-ping-api-template.yaml > python-ping-api.yaml
+cat python-ping-api.yaml
+
+kubectl apply -f python-ping-api.yaml
+```
+
+It may take around 5 minutes to create a load balancer, including health checking.
+
+Confirm that pod configuration and logs after deployment:
+
+```bash
+kubectl logs -l app=python-ping-api
+
+kubectl describe pods
+
+kubectl get ingress python-ping-api-ingress
+```
+
+Confirm that response of `/ping` API.
+
+```bash
+LB_IP_ADDRESS=$(gcloud compute forwarding-rules list | grep python-ping-api | awk '{ print $2 }')
+echo ${LB_IP_ADDRESS}
+```
+
+```bash
+curl http://${LB_IP_ADDRESS}/ping
+```
+
+```json
+{
+  "host": "<your-ingress-endpoint-ip>",
+  "message": "ping-api",
+  "method": "GET",
+  "url": "http://<your-ingress-endpoint-ip>/ping"
+}
+```
+
+---
+
+## Screenshots
+
+- Loadbalncer
+
+![loadbalancer](./screenshots/loadbalancer.png?raw=true)
+
+- Loadbalncer Details
+
+![loadbalancer-details](./screenshots/loadbalancer-details.png?raw=true)
+
+---
+
+## Cleanup
+
+```bash
+kubectl delete -f app/python-ping-api.yaml
+
+gcloud container clusters delete sample-cluster
+```
+
+## References
+
+- [Cloud SDK > Documentation > Reference > gcloud container clusters](https://cloud.google.com/sdk/gcloud/reference/container/clusters)
+
+- [Google Kubernetes Engine (GKE) > Documentation > Guides > GKE Ingress for HTTP(S) Load Balancing](https://cloud.google.com/kubernetes-engine/docs/concepts/ingress)

app/Dockerfile

@@ -0,0 +1,14 @@
+FROM python:3.9-alpine
+
+VOLUME ./:app/
+
+COPY requirements.txt requirements.txt
+RUN pip install -r requirements.txt
+
+COPY . /app/
+
+WORKDIR /app
+
+EXPOSE 8000
+
+CMD ["gunicorn", "app:app", "--bind", "0.0.0.0:8000"]

app/app.py

@@ -0,0 +1,37 @@
+from flask import Flask
+from flask import request
+from flask import json
+from werkzeug.exceptions import HTTPException
+
+app = Flask(__name__)
+
+@app.route("/")
+def ping_root():
+    return ping()
+
+@app.route("/<string:path1>")
+def ping_path1(path1):
+    return ping()
+
+def ping():
+    return {
+        "host": request.host,
+        "url": request.url,
+        "method": request.method,
+        "message": "ping-api"
+    }
+
+@app.errorhandler(HTTPException)
+def handle_exception(e):
+    response = e.get_response()
+    response.data = json.dumps({
+        "code": e.code,
+        "name": e.name,
+        "description": e.description,
+    })
+    response.content_type = "application/json"
+    return response
+
+if __name__ == '__main__':
+    app.debug = True
+    app.run(host='0.0.0.0', port=8000)

app/deploy-test.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+echo "PROJECT_ID: ${PROJECT_ID}"
+
+docker build -t python-ping-api . --platform linux/amd64
+docker tag python-ping-api:latest gcr.io/${PROJECT_ID}/python-ping-api:latest
+
+gcloud auth configure-docker
+docker push gcr.io/${PROJECT_ID}/python-ping-api:latest
+
+kubectl scale deployment python-ping-api --replicas=0
+kubectl scale deployment python-ping-api --replicas=3
+sleep 3
+kubectl get pods

app/local-test.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+echo "PROJECT_ID: ${PROJECT_ID}"
+
+docker build -t python-ping-api . --platform linux/amd64
+docker tag python-ping-api:latest gcr.io/${PROJECT_ID}/python-ping-api:latest
+docker push gcr.io/${PROJECT_ID}/python-ping-api:latest
+
+docker run -it -p 8000:8000 gcr.io/${PROJECT_ID}/python-ping-api:latest
+
+curl http://127.0.0.1:8000

app/python-ping-api-template.yaml

@@ -0,0 +1,95 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: python-ping-api
+  annotations:
+    app: python-ping-api
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: python-ping-api
+  template:
+    metadata:
+      labels:
+        app: python-ping-api
+    spec:
+      containers:
+        - name: python-ping-api
+          image: gcr.io/<project-id>/python-ping-api:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8000
+          resources:
+            requests:
+              cpu: "0.25"
+              memory: "256Mi"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: python-ping-api
+  annotations:
+    app: python-ping-api
+    cloud.google.com/backend-config: '{"default": "python-ping-api-backend-config"}'
+spec:
+  selector:
+    app: python-ping-api
+  type: ClusterIP
+  ports:
+    - port: 8000
+      targetPort: 8000
+      protocol: TCP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: python-ping-api-ingress
+  annotations:
+    app: python-ping-api
+    kubernetes.io/ingress.class: gce
+spec:
+  rules:
+  - http:
+        paths:
+          - path: /*
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: python-ping-api
+                port:
+                  number: 8000
+---
+apiVersion: cloud.google.com/v1
+kind: BackendConfig
+metadata:
+  name: python-ping-api-backend-config
+spec:
+  healthCheck:
+    checkIntervalSec: 10
+    timeoutSec: 10
+    healthyThreshold: 1
+    unhealthyThreshold: 3
+    port: 8000
+    type: HTTP
+    requestPath: /ping
+---
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: 'python-ping-api-hpa'
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: 'python-ping-api'
+  minReplicas: 2
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 50

app/requirements.txt

@@ -0,0 +1,2 @@
+Flask==2.1.1
+gunicorn==20.1.0