Go to file
2024-01-10 23:36:10 +01:00
.github/workflows CI: Add image scan 2024-01-10 23:36:10 +01:00
charts CI: Add image scan 2024-01-10 23:36:10 +01:00
tf Initial commit 2024-01-07 21:03:28 +01:00
.gitignore CI: Add image scan 2024-01-10 23:36:10 +01:00
deploy CI: Add image scan 2024-01-10 23:36:10 +01:00
README.md CI: Add image scan 2024-01-10 23:36:10 +01:00
run.sh Initial commit 2024-01-07 21:03:28 +01:00
setup-cluster CI: Add image scan 2024-01-10 23:36:10 +01:00

Challenge

The infrastructure is set up with minikube and fluxcd. The bitnami PostgreSQL HA chart is used for a highly available PostgreSQL database backend.
The app consists of two parts: an import job for PostgreSQL and the HA API deployment with the /success endpoint and a ReplicaSet of 2.

  • Database: PostgresqlHA
  • Import: gtfso-import
  • API: gtfso-vbb
    Monitoring: kube-prometheus-stack Vulnerability Scanning: Trivy

Clone repository

$ git clone https://git.e2m.io/mue/obch
$ cd obch

Setup minikube and flux

Optionally remove remnants of previous minikube clusters

$ minikube delete --all

# The above was not sufficient to setup a new cluster
# See also: https://github.com/kubernetes/minikube/issues/17683
# Additionally deleting the local minikube config folder helped:
$ rm -rf ~/.minikube

Setup cluster and deploy app

run sh sources 'setup-cluster' and 'deploy'

$ ./run.sh

Setup cluster

$ ./setup-cluster

Deploy Service

$ ./deploy

Stop cluster

$ minikube stop

TODOs / Notes

gtfso-import needs the database secret for import
Vulnerability scanning in github action with https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
Add monitoring target to kube-prometheus-stack
Define strategy for version updates
Consider SOPS for secret management
Terraform has minikube and flux providers

Resources

Flux bootstrap for Gitea
Flux github action
Flux Monitoring
Terraform Flux Provider
Mozilla SOPS
bitnami PostgreSQL HA Helm
Trivy