obch/README.md

68 lines
1.9 KiB
Markdown

# Challenge
The infrastructure is set up with minikube and fluxcd.
The bitnami PostgreSQL HA chart is used for a highly available PostgreSQL
database backend.
The app consists of two parts: an import job for PostgreSQL
and the HA API deployment with the /success endpoint and a ReplicaSet of 2.
- Database: PostgresqlHA
- Import: gtfso-import
- API: gtfso-vbb
Monitoring: kube-prometheus-stack
Vulnerability Scanning: Trivy
## Clone repository
```
$ git clone https://git.e2m.io/mue/obch
$ cd obch
```
## Setup minikube and flux
### Optionally remove remnants of previous minikube clusters
```
$ minikube delete --all
# The above was not sufficient to setup a new cluster
# See also: https://github.com/kubernetes/minikube/issues/17683
# Additionally deleting the local minikube config folder helped:
$ rm -rf ~/.minikube
```
### Setup cluster and deploy app
run sh sources 'setup-cluster' and 'deploy'
```
$ ./run.sh
```
### Setup cluster
```
$ ./setup-cluster
```
## Deploy Service
```
$ ./deploy
```
### Stop cluster
```
$ minikube stop
```
## TODOs / Notes
gtfso-import needs the database secret for import
Vulnerability scanning in github action with https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
Add monitoring target to kube-prometheus-stack
Define strategy for version updates
Consider SOPS for secret management
Terraform has minikube and flux providers
## Resources
[Flux bootstrap for Gitea](https://fluxcd.io/flux/installation/bootstrap/gitea/)
[Flux github action](https://fluxcd.io/flux/flux-gh-action/)
[Flux Monitoring](https://github.com/fluxcd/flux2-monitoring-example)
[Terraform Flux Provider](https://github.com/fluxcd/terraform-provider-flux)
[Mozilla SOPS](https://fluxcd.io/flux/guides/mozilla-sops/)
[bitnami PostgreSQL HA Helm](https://bitnami.com/stack/postgresql-ha/helm)
[Trivy](https://github.com/aquasecurity/trivy)