diff --git a/README.md b/README.md index c2ba406..1027b53 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,22 @@ # Challenge -The infrastructure is set up with minikube and fluxcd. +The infrastructure is set up with minikube and fluxcd. The bitnami PostgreSQL HA chart is used for a highly available PostgreSQL -database backend. +database backend. kube-prometheus-stack is used for monitoring. +Trivy scans for vulnerabilities. + The app consists of two parts: an import job for PostgreSQL and the HA API deployment with the /success endpoint and a ReplicaSet of 2. - Database: PostgresqlHA - Import: gtfso-import - API: gtfso-vbb - Monitoring: kube-prometheus-stack + Monitoring: kube-prometheus-stack Vulnerability Scanning: Trivy ## Clone repository ``` -$ git clone https://git.e2m.io/mue/obch +$ git clone https://github.com/bbusse/obch $ cd obch ``` @@ -31,6 +33,9 @@ $ rm -rf ~/.minikube ### Setup cluster and deploy app run sh sources 'setup-cluster' and 'deploy' +> [!NOTE] +> A Personal Access Token (PAT) is needed for fluxcd +> to create and/or write to its state repository ``` $ ./run.sh ``` @@ -49,17 +54,55 @@ $ ./deploy $ minikube stop ``` +## Expected Result +Probe APIs /success endpoint +``` +$ kubectl port-forward --namespace app gtfso-vbb-8586b6cddc-f29bh 8080:5000 & +$ curl http://localhost:8080/success +Success! +``` +Show services +``` + kubectl get service -A NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +app gtfso-vbb ClusterIP 10.99.63.60 80/TCP 31m +app pgsql-ha-postgresql-ha-pgpool ClusterIP 10.96.68.65 5432/TCP 3h23m +app pgsql-ha-postgresql-ha-postgresql ClusterIP 10.101.13.69 5432/TCP 3h23m +app pgsql-ha-postgresql-ha-postgresql-headless ClusterIP None 5432/TCP 3h23m +default kubernetes ClusterIP 10.96.0.1 443/TCP 3h31m +flux-system notification-controller ClusterIP 10.111.215.54 80/TCP 3h27m +flux-system source-controller ClusterIP 10.107.64.201 80/TCP 3h27m +flux-system webhook-receiver ClusterIP 10.109.54.68 80/TCP 3h27m +kube-system kube-dns ClusterIP 10.96.0.10 53/UDP,53/TCP,9153/TCP 3h31m +kube-system prometheus-kube-prometheus-coredns ClusterIP None 9153/TCP 3h10m +kube-system prometheus-kube-prometheus-kube-controller-manager ClusterIP None 10257/TCP 3h10m +kube-system prometheus-kube-prometheus-kube-etcd ClusterIP None 2381/TCP 3h10m +kube-system prometheus-kube-prometheus-kube-proxy ClusterIP None 10249/TCP 3h10m +kube-system prometheus-kube-prometheus-kube-scheduler ClusterIP None 10259/TCP 3h10m +kube-system prometheus-kube-prometheus-kubelet ClusterIP None 10250/TCP,10255/TCP,4194/TCP 3h8m +monitoring alertmanager-operated ClusterIP None 9093/TCP,9094/TCP,9094/UDP 3h8m +monitoring prometheus-grafana ClusterIP 10.105.202.74 80/TCP 3h10m +monitoring prometheus-kube-prometheus-alertmanager ClusterIP 10.110.246.137 9093/TCP,8080/TCP 3h10m +monitoring prometheus-kube-prometheus-operator ClusterIP 10.105.238.213 443/TCP 3h10m +monitoring prometheus-kube-prometheus-prometheus ClusterIP 10.102.52.55 9090/TCP,8080/TCP 3h10m +monitoring prometheus-kube-state-metrics ClusterIP 10.106.92.254 8080/TCP 3h10m +monitoring prometheus-operated ClusterIP None 9090/TCP 3h8m +monitoring prometheus-prometheus-node-exporter ClusterIP 10.109.107.194 9100/TCP 3h10m +security-scan trivy-trivy-operator ClusterIP None 80/TCP 3h6m +``` + ## TODOs / Notes gtfso-import needs the database secret for import -Add monitoring target for gtfs/vbb to prometheus +Add gtfs-vbb as target to prometheus +Change default credentials for the kube-prometheus-stack Define strategy for version updates -Consider SOPS for secret management +Consider SOPS / Vault for secret management Terraform has minikube and flux providers ## Resources [Flux bootstrap for Gitea](https://fluxcd.io/flux/installation/bootstrap/gitea/) [Flux github action](https://fluxcd.io/flux/flux-gh-action/) [Flux Monitoring](https://github.com/fluxcd/flux2-monitoring-example) +[Flux Monotioring custom metrics](https://fluxcd.io/flux/monitoring/custom-metrics/) [Terraform Flux Provider](https://github.com/fluxcd/terraform-provider-flux) [Mozilla SOPS](https://fluxcd.io/flux/guides/mozilla-sops/) [bitnami PostgreSQL HA Helm](https://bitnami.com/stack/postgresql-ha/helm)