Go to file

Björn Busse 7affe70fac CI: Add image to scan		2024-01-11 00:10:37 +01:00
.github/workflows	CI: Add image to scan	2024-01-11 00:10:37 +01:00
charts	CI: Add image scan	2024-01-10 23:36:10 +01:00
tf	Initial commit	2024-01-07 21:03:28 +01:00
.gitignore	CI: Add image scan	2024-01-10 23:36:10 +01:00
README.md	Update README	2024-01-10 23:40:21 +01:00
deploy	Deploy Trivy	2024-01-10 23:40:48 +01:00
run.sh	Initial commit	2024-01-07 21:03:28 +01:00
setup-cluster	CI: Add image scan	2024-01-10 23:36:10 +01:00

README.md

Challenge

The infrastructure is set up with minikube and fluxcd. The bitnami PostgreSQL HA chart is used for a highly available PostgreSQL database backend.
The app consists of two parts: an import job for PostgreSQL and the HA API deployment with the /success endpoint and a ReplicaSet of 2.

Database: PostgresqlHA
Import: gtfso-import
API: gtfso-vbb
Monitoring: kube-prometheus-stack Vulnerability Scanning: Trivy

Clone repository

$ git clone https://git.e2m.io/mue/obch
$ cd obch

Setup minikube and flux

Optionally remove remnants of previous minikube clusters

$ minikube delete --all

# The above was not sufficient to setup a new cluster
# See also: https://github.com/kubernetes/minikube/issues/17683
# Additionally deleting the local minikube config folder helped:
$ rm -rf ~/.minikube

Setup cluster and deploy app

run sh sources 'setup-cluster' and 'deploy'

$ ./run.sh

Setup cluster

$ ./setup-cluster

Deploy Service

$ ./deploy

Stop cluster

$ minikube stop

TODOs / Notes

gtfso-import needs the database secret for import
Add monitoring target for gtfs/vbb to prometheus
Define strategy for version updates
Consider SOPS for secret management
Terraform has minikube and flux providers

Resources

Flux bootstrap for Gitea
Flux github action
Flux Monitoring
Terraform Flux Provider
Mozilla SOPS
bitnami PostgreSQL HA Helm
Trivy