root
/
public
mirror of https://github.com/01-edu/public.git
14
27
Fork 3
Code Issues 178 Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5714 Commits
73 Branches
1 Tag
310 MiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
public/subjects/devops/cloud-kube
nprimo 57067a8478
docs(cloud-kube): implemented suggestions to increase subject clarity 		3 months ago
..
audit chore: run prettier 3 months ago
resources feat(cloud-kube): replace meme 3 months ago
README.md docs(cloud-kube): implemented suggestions to increase subject clarity 3 months ago

README.md

Cloud-Kube

Objective

The objective of this project is to challenge your understanding of DevOps and cloud technologies by providing hands-on experience in deploying and managing a microservices-based application with a Cloud Provider platform. Your mission is:

You are a Cloud engineer working with a scalable company and your manager want you to create an infrastructure based on Kubernetes in a cloud provider of you choice, so your team can benefit from the features and scalability of Kubernetes.

Deploy the provided microservices' application to the defined environment. Implement monitoring, logging, and scaling to ensure that the application runs efficiently. Implement security measures, such as securing the databases and making private resources accessible only from a Virtual Private Cloud (VPC). Incorporate managed authentication for publicly accessible applications using an Authentication management services (e.g. AWS Cognito). Optimize the application to handle varying workloads and unexpected events.

Hints

Before starting this project, you should know the following:

  • Basic DevOps concepts and practices.
  • Familiarity with containerization and orchestration tools, such as Docker and Kubernetes.
  • Understanding of your chosen Cloud provider platform.
  • Familiarity with Terraform as a Infrastructure as Code (IaC) tools.
  • Knowledge of monitoring and logging tools, such as Prometheus, Grafana, and ELK stack.

Any lack of understanding of the concepts of this project may affect the difficulty of future projects, take your time to understand all concepts.

Be curious and never stop searching!

Role play

To enhance the learning experience and assess your knowledge, a role play question session will be included as part of the Cloud-Kube Project. This section will involve answering a series of questions in a simulated real-world scenario where you assume the role of a Cloud engineer explaining your solution to a team or stakeholder.

The goal of the role play question session is to:

  • Assess your understanding of the concepts and technologies used in the project.
  • Test your ability to communicate effectively and explain your decisions.
  • Challenge you to think critically about your solution and consider alternative approaches.

Prepare for a role play question session where you will assume the role of a Cloud engineer presenting your solution to your team or a stakeholder. You should be ready to answer questions and provide explanations about your decisions, architecture, and implementation.

Architecture

By using the provided container images you have to define your K8s manifests and deploy your infrastructure on your chosen cloud provider respecting the project requirements, consisting of the following components:

  • inventory-database container is a PostgreSQL database server that contains your inventory database, it must be accessible via port 5432.
  • billing-database container is a PostgreSQL database server that contains your billing database, it must be accessible via port 5432.
  • inventory-app container is a server that contains your inventory-app code running and connected to the inventory database and accessible via port 8080.
  • billing-app container is a server that contains your billing-app code running and connected to the billing database and consuming the messages from the RabbitMQ queue, and it can be accessed via port 8080.
  • RabbitMQ container is a RabbitMQ server that contains the queue.
  • api-gateway-app container is a server that contains your API Gateway code running and forwarding the requests to the other services, and it's accessible via port 3000.

Design the architecture for your cloud-based microservices' application. You must use K8s. You are free to choose services and architectural patterns that best suit your needs, as long as they meet the project requirements and remain within a reasonable cost range. Consider the following when designing your architecture:

  1. Scalability: Ensure that your architecture can handle varying workloads and can scale up or down as needed.

  2. Availability: Design your architecture to be fault-tolerant and maintain high availability, even in the event of component failures.

  3. Security: Incorporate security best practices into your architecture, such as encrypting data at rest and in transit, using private networks, and securing API endpoints. Also, ensure that the databases and private resources are accessible only from the VPC and using the cloud provider managed authentication for publicly accessible applications.

  4. Cost-effectiveness: Be mindful of the costs associated with the services and resources you select. Aim to design a cost-effective architecture without compromising performance, security, or scalability.

  5. Simplicity: Keep your architecture as simple as possible, while still meeting the project requirements. Avoid overcomplicating the design with unnecessary components or services.

Cost management:

  1. Understand the pricing model: Familiarize yourself with the pricing model of the cloud provider and services you are using. Be aware of any free tiers, usage limits, and pay-as-you-go pricing structures.

  2. Monitor your usage: Regularly check your cloud provider's billing dashboard to keep track of your usage and spending. Set up billing alerts to notify you when your spending exceeds a certain threshold.

  3. Clean up resources: Remember to delete or stop any resources that you no longer need, such as virtual machines, storage services, and load balancers. This will help you avoid ongoing charges for idle resources.

  4. Optimize resource allocation: Use the appropriate resource sizes for your needs and experiment with different configurations to find the most cost-effective solution. Consider using spot instances, reserved instances, or committed use contracts to save on costs, if applicable.

  5. Leverage cost management tools: Many cloud providers offer cost management tools and services to help you optimize your spending. Use these tools to analyze your usage patterns and identify opportunities for cost savings.

By being aware of your cloud usage and proactively managing your resources, you can avoid unexpected costs and make the most of your cloud environment. Remember that the responsibility for cost management lies with you, and it is crucial to stay vigilant and proactive throughout the project.

Infrastructure as Code:

Provision the necessary resources for your Cloud environment using Terraform as an Infrastructure as Code (IaC) tools. This includes setting up Cloud computing instances, containers, networking components, and storage services (e.g. AWS S3).

Deployment:

Deploy the containerized microservices on your cloud provider using K8s. You can choose to a cloud provider K8s managed service or deploy your cluster directly on a cloud computing instance. Ensure that the services are load-balanced (consider using a load balancer) and can communicate with each other securely.

Monitoring and logging:

Set up monitoring and logging tools to track the performance and health of your application. Use tools like Prometheus, Grafana, ELK stack or any managed service offered by your chosen cloud provider to visualize metrics and logs.

Optimization:

Implement auto-scaling policies to handle varying workloads and ensure high availability. Test the application under different load scenarios and adjust the resources accordingly.

Security:

Implement security best practices by provisioning and managing SSL/TLS certificates for HTTPS, securing API endpoints with an API Gateway, regularly scanning for vulnerabilities with a proper service, and implementing managed authentication for publicly accessible applications with an authentication management services. Ensure that the databases and private resources are secure and accessible only from the VPC.

Documentation

Create a README.md file that provides comprehensive documentation for your architecture, which must include well-structured diagrams, thorough descriptions of components, and an explanation of your design decisions, presented in a clear and concise manner. Make sure it contains all the necessary information about the solution (prerequisites, setup, configuration, usage, ...). This file must be submitted as part of the solution for the project.

Bonus

If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:

  • Use your own container images instead of the provided ones.

  • Use Content Delivery Network (CDN) to optimize your solution.

  • Implementing alert systems to ensure your application runs smoothly.

Challenge yourself!

Submission and audit

Upon completing this project, you should submit the following:

  • Your documentation in the README.md file.
  • Source code for the microservices and any scripts used for deployment.
  • Configuration files for your Infrastructure as Code (IaC), containerization, and orchestration tools.