/software-delivery-shield-demo-java

Primary LanguageJavaApache License 2.0Apache-2.0

Software Delivery Shield Demo for Java

This sample demonstrates security features for an end to end Java workflow. This samples deploys a multi-tiered application with a frontend service and a backend service to Google Kubernetes Engine or Cloud Run using Cloud Deploy.

⚠️ WARNING: This demo includes a vulnerable dependency in backend/pom.xml for illustrative purposes!

Demo Instructions

Deploy to GKE Deploy to Cloud Run

Pre-Reqs

The permissions needed for these tutorials can be fulfilled by the Owner or Editor roles.

Note: Organization or Binary Authorization policies may already be set for your organization and may cause deployment errors.

You will need:

  • To create or select a Google Cloud project.

    Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.

  • To make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  • To Install and initialize the gcloud CLI and authenticate via: gcloud auth login.

Directory contents

  • cloudbuild.yaml - Cloud Build configuration file to build images and deploy with Cloud Deploy

  • clouddeploy.yaml - Cloud Deploy pipeline definition

  • skaffold.yaml - A schema file that defines Skaffold configurations (skaffold.yaml reference). The Skaffold files are used by Cloud Deploy releases.

  • policy.yaml - Binary Authorization policy

  • kubernetes-manifests/ - Contains Kubernetes YAML files for the Guestbook services and deployments, including:

    • guestbook-frontend.deployment.yaml - deploys a pod with the frontend container image
    • guestbook-frontend.service.yaml - creates a load balancer and exposes the frontend service on an external IP in the cluster
    • guestbook-backend.deployment.yaml - deploys a pod with the backend container image
    • guestbook-backend.service.yaml - exposes the backend service on an internal IP in the cluster

  • cloudrun-manifests/ - Cloud Run Service YAML files

    • guestbook-backend.dev.service.yaml
    • guestbook-backend.prod.service.yaml
    • guestbook-frontend.dev.service.yaml
    • guestbook-frontend.prod.service.yaml