obch/README.md

# Challenge

The infrastructure is set up with minikube and fluxcd.
The bitnami PostgreSQL HA chart is used for a highly available PostgreSQL
database backend.  
The app consists of two parts: an import job for PostgreSQL
and the HA API deployment with the /success endpoint and a ReplicaSet of 2.
  
- Database: PostgresqlHA  
- Import: gtfso-import  
- API: gtfso-vbb  
  Monitoring: kube-prometheus-stack
  Vulnerability Scanning: Trivy

## Clone repository
```
$ git clone https://git.e2m.io/mue/obch
$ cd obch
```

## Setup minikube and flux
### Optionally remove remnants of previous minikube clusters
```
$ minikube delete --all

# The above was not sufficient to setup a new cluster
# See also: https://github.com/kubernetes/minikube/issues/17683
# Additionally deleting the local minikube config folder helped:
$ rm -rf ~/.minikube
```

### Setup cluster and deploy app
run sh sources 'setup-cluster' and 'deploy'
```
$ ./run.sh
```

### Setup cluster
```
$ ./setup-cluster
```

## Deploy Service
```
$ ./deploy
```
### Stop cluster
```
$ minikube stop
```

## TODOs / Notes
gtfso-import needs the database secret for import  
Vulnerability scanning in github action with https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning   
Add monitoring target to kube-prometheus-stack  
Define strategy for version updates  
Consider SOPS for secret management  
Terraform has minikube and flux providers  

## Resources
[Flux bootstrap for Gitea](https://fluxcd.io/flux/installation/bootstrap/gitea/)  
[Flux github action](https://fluxcd.io/flux/flux-gh-action/)  
[Flux Monitoring](https://github.com/fluxcd/flux2-monitoring-example)  
[Terraform Flux Provider](https://github.com/fluxcd/terraform-provider-flux)  
[Mozilla SOPS](https://fluxcd.io/flux/guides/mozilla-sops/)  
[bitnami PostgreSQL HA Helm](https://bitnami.com/stack/postgresql-ha/helm)  
[Trivy](https://github.com/aquasecurity/trivy)