Expose EPP via saidcar proxy (#2680)

jetty/deploy-nomulus-for-env.sh

@@ -37,15 +37,19 @@ for service in frontend backend pubapi console
 do
   sed s/GCP_PROJECT/"${project}"/g "./kubernetes/nomulus-${service}.yaml" | \
   sed s/ENVIRONMENT/"${environment}"/g | \
+  sed s/PROXY_ENV/"${environment}"/g | \
+  sed s/EPP/"epp"/g | \
   kubectl apply -f -
+  kubectl rollout restart deployment/${service}
   # canary
   sed s/GCP_PROJECT/"${project}"/g "./kubernetes/nomulus-${service}.yaml" | \
   sed s/ENVIRONMENT/"${environment}"/g | \
+  sed s/PROXY_ENV/"${environment}_canary"/g | \
+  sed s/EPP/"epp-canary"/g | \
   sed s/"${service}"/"${service}-canary"/g | \
   kubectl apply -f -
+  kubectl rollout restart deployment/${service}-canary
 done
-# Kills all running pods, new pods created will be pulling the new image.
-kubectl delete pods --all
 kubectl apply -f "./kubernetes/gateway/nomulus-gateway.yaml"
 kubectl apply -f "./kubernetes/gateway/nomulus-iap-${environment}.yaml"
 for service in frontend backend console pubapi
@@ -57,4 +61,16 @@ do
   sed s/SERVICE/"${service}-canary"/g "./kubernetes/gateway/nomulus-backend-policy-${environment}.yaml" | \
   kubectl apply -f -
 done
+
+# Restart proxies
+while read line
+do
+  parts=(${line})
+  echo "Updating cluster ${parts[0]} in location ${parts[1]}..."
+  gcloud container clusters get-credentials ${parts[0]} \
+    --project ${project} --location ${parts[1]}
+  kubectl rollout restart deployment/proxy-deployment
+  kubectl rollout restart deployment/proxy-deployment-canary
+done < <(gcloud container clusters list --project ${project} | grep proxy-cluster)
+
 kubectl config use-context "$current_context"

jetty/kubernetes/nomulus-backend.yaml

@@ -12,6 +12,8 @@ spec:
         service: backend
     spec:
       serviceAccountName: nomulus
+      nodeSelector:
+        cloud.google.com/compute-class: "Performance"
       containers:
       - name: backend
         image: gcr.io/GCP_PROJECT/nomulus
@@ -20,7 +22,8 @@ spec:
           name: http
         resources:
           requests:
-            cpu: "500m"
+            cpu: "100m"
+            memory: "512Mi"
         args: [ENVIRONMENT]
         env:
         - name: POD_ID

jetty/kubernetes/nomulus-console.yaml

@@ -12,6 +12,8 @@ spec:
         service: console
     spec:
       serviceAccountName: nomulus
+      nodeSelector:
+        cloud.google.com/compute-class: "Performance"
       containers:
       - name: console
         image: gcr.io/GCP_PROJECT/nomulus
@@ -20,7 +22,8 @@ spec:
           name: http
         resources:
           requests:
-            cpu: "500m"
+            cpu: "100m"
+            memory: "512Mi"
         args: [ENVIRONMENT]
         env:
         - name: POD_ID

jetty/kubernetes/nomulus-frontend.yaml

@@ -12,6 +12,8 @@ spec:
         service: frontend
     spec:
       serviceAccountName: nomulus
+      nodeSelector:
+        cloud.google.com/compute-class: "Performance"
       containers:
       - name: frontend
         image: gcr.io/GCP_PROJECT/nomulus
@@ -20,7 +22,8 @@ spec:
           name: http
         resources:
           requests:
-            cpu: "500m"
+            cpu: "100m"
+            memory: "512Mi"
         args: [ENVIRONMENT]
         env:
         - name: POD_ID
@@ -37,6 +40,27 @@ spec:
               fieldPath: metadata.namespace
         - name: CONTAINER_NAME
           value: frontend
+      - name: EPP
+        image: gcr.io/GCP_PROJECT/proxy
+        ports:
+        - containerPort: 30002
+          name: epp
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "512Mi"
+        args: [--env, PROXY_ENV, --log, --local]
+        env:
+        - name: POD_ID
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: NAMESPACE_ID
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: CONTAINER_NAME
+          value: EPP
 ---
 # Only need to define the service account once per cluster.
 apiVersion: v1
@@ -55,7 +79,7 @@ spec:
     apiVersion: apps/v1
     kind: Deployment
     name: frontend
-  minReplicas: 5
+  minReplicas: 15
   maxReplicas: 15
   metrics:
     - type: Resource
@@ -77,6 +101,26 @@ spec:
       targetPort: http
       name: http
 ---
+apiVersion: v1
+kind: Service
+metadata:
+  name: EPP
+  annotations:
+    cloud.google.com/l4-rbs: enabled
+    networking.gke.io/weighted-load-balancing: pods-per-node
+spec:
+  type: LoadBalancer
+  # Traffic is directly delivered to a node, preserving the original source IP.
+  externalTrafficPolicy: Local
+  ipFamilies: [IPv4, IPv6]
+  ipFamilyPolicy: RequireDualStack
+  selector:
+    service: frontend
+  ports:
+  - port: 700
+    targetPort: epp
+    name: epp
+---
 apiVersion: net.gke.io/v1
 kind: ServiceExport
 metadata:

jetty/kubernetes/nomulus-pubapi.yaml

@@ -12,6 +12,8 @@ spec:
         service: pubapi
     spec:
       serviceAccountName: nomulus
+      nodeSelector:
+        cloud.google.com/compute-class: "Performance"
       containers:
       - name: pubapi
         image: gcr.io/GCP_PROJECT/nomulus
@@ -20,7 +22,8 @@ spec:
           name: http
         resources:
           requests:
-            cpu: "500m"
+            cpu: "100m"
+            memory: "512Mi"
         args: [ENVIRONMENT]
         env:
         - name: POD_ID