Hey
There!

This project demonstrates a streamlined and automated approach to deploying containerized flask application using a combination of GitHub Actions, k3s, and ArgoCD. It provides a complete DevOps workflow for building, pushing, and deploying Docker images to a Kubernetes cluster.

Key Features:

1. GitHub Actions for CI/CD: Leveraging GitHub Actions, this project automates the Continuous Integration (CI) and Continuous Deployment (CD) processes. It includes a CI pipeline that builds Docker images and a CD pipeline for deploying applications.
2. Docker Hub Integration: The CI pipeline builds Docker images for the application and pushes them to Docker Hub, making the images available for deployment.
3. k3s Kubernetes Cluster: This project utilizes k3s, a lightweight Kubernetes distribution, to create and manage the Kubernetes cluster. k3s is ideal for development, testing, and lightweight production environments.
4. GitOps with ArgoCD: ArgoCD is employed for GitOps-style application deployment. It continuously monitors a Git repository for application configurations, ensuring that the desired state matches the actual state in the cluster.

Technologies Used:

1. GitHub Actions for CI/CD automation
2. Docker for containerization
3. Docker Hub as a container registry
4. k3s for lightweight Kubernetes orchestration
5. ArgoCD for GitOps deployment
6. Vagrant for local development environments
7. Helm for Kubernetes package management
8. Flask application that lists the latest articles within the cloud-native ecosystem.

Why This Project Matters:

This project exemplifies the power of automation in modern software development. It showcases how using GitHub Actions, Docker, k3s, and ArgoCD can streamline and enhance the development and deployment processes. The use of GitOps principles ensures consistency and traceability in application deployment across different environments.

Conferences and conventions are hotspots for making connections. Professionals in attendance often share the same interests and can make valuable business and personal connections with one another. At the same time, these events draw a large crowd and it's often hard to make these connections in the midst of all of these events' excitement and energy. To help attendees make connections, we are building the infrastructure for a service that can inform attendees if they have attended the same booths and presentations at an event.

Goal:

I work for a company that is building an app that uses location data from mobile devices. My company has built a POC application to ingest location data named UdaTracker. This POC was built with the core functionality of ingesting location and identifying individuals who have shared a close geographic proximity. Management loved the POC so now that there is buy-in, they want to enhance this application. I was tasked to enhance the POC application into a MVP to handle the large volume of location data that will be ingested. To do so, I refactored the application into a microservice architecture using message passing techniques. It’s easy to get lost in the countless optimizations and changes that can be made: my priority was to approach the task as an architect and refactor the application into microservices.

TECH STACK: Flask, Python, SQLAlchemy, PostGIS, PostgreSQL, Vagrant, VirtualBox, K3s, Kubernetes, Docker, Kafka, gRPC

Background:

Security is a highly dynamic topic with ever changing threats and priorities. Newsworthy topics ranging from fortune 500 companies like Garmin paying $10 million in ransom for ransomware attacks to supply chain attacks such as Solarwinds are ever-present. Security is becoming harder as the velocity of deployments is accelerating. The Synopsis 2020 Open Source Security Risk Analysis Report revealed that 99% of audited code bases contained open source, and within those codebases 75% of vulnerabilities were left unpatched, creating risk. Incorporating security checks into each step of the build and deployment process is vital to identify security defects before they hit production. Our company CTO is worried about what our engineering team is doing to harden and monitor the company's new microservice application against malicious threat actors and payloads. In response to the CTOs concerns I will threat model, build and harden a microservices environment.

Goal:

I was presented with the challenge to build a secure Microservice environment, threat modeling and hardening the container image, run-time environment and application itself. For purposes of the project, I was instructed to use a secure base opensuse image, covering considerations for the importance of using trustworthy base images and verifying the baseline. I was provided with instructions to build, harden, ship and run an environment analogous to the company's new microservice application, simplified for project purposes. In the project I will define and build a new environment from the ground-up. In a real-world scenario, I may have an existing environment that needs to be hardened or may decide to re-build parts or all net-new, regardless, the tools and techniques in the project are directly applicable. The beauty of microservices vs a monolith architecture is that all core components (image, container, run-time, application) are abstracted allowed for isolation boundaries and iterative development. In the real-world, I could choose to harden and redeploy all base-images as one project phase and tackle docker container security, kubernetes hardening and the software composition analysis, as individual project phases. The best approach is to bake these requirements and security hardening into the build and deploy process. In an enterprise setting, much of this can be enforced with security units test via CI/CD prior to deployment. Hardening the base-image and baking security into the CI/CD is beyond the scope of this project. For this project, once the Microservice environment is hardened and provisioned, I configured sysdig Falco to perform run-time monitoring on the node, sending logs to a Grafana node for visualization. To demonstrate to the CTO that the company can respond to a real security event, I simulated a tabletop cyber exercise by running a script to introduce an unknown binary from the starter code that disrupt the environment! My goal was to evaluate Grafana to determine what the unknown binary is, contain and remediate the environment, write an incident response report and present it to the CTO.

TECH STACK: Flask, Python, Sysdig Falco, Grafana, Kubernetes, Vagrant, K3s, Docker, Bash

Udagram is a simple cloud application developed alongside the Udacity Cloud Engineering Nanodegree. It allows users to register and log into a Web client, post photos to the feed, and process photos using an image filtering microservice.

The project is split into four parts:

1. Frontend - Angular Web application built with Ionic Framework.
2. Backend RESTFUL API - Node-Express application.
3. The Image Filtering Microservice - It is a Node- Express application which runs a simple script to process images.
4. Infrastructure as Code with Terraform and Elastic Kubernetes Service

TECH STACK: Angular, Ionic, Nodejs, Express, REST API, PostgreSQL, Docker, Kubernetes, CircleCI, EKS, Terraform, S3.

This project is a full-fledged demonstration of microservices orchestration and observability in a complex architecture. It harnesses the power of various cutting-edge technologies to create a scalable and manageable system. It revolves around a Flask-based microservices application that employs Docker for containerization and utilizes k3s as a lightweight Kubernetes distribution. This project showcases end-to-end observability and monitoring capabilities with MongoDB as the database, Jaeger for distributed tracing, Prometheus for metrics collection, Grafana for data visualization, and OpenTelemetry for tracing instrumentation.

Key Features:

1. Microservices Architecture: The project embraces a microservices architecture that enables modular and scalable development.
2. Docker Containers: Docker containers are used for packaging and deploying each microservice, ensuring consistency and portability.
3. k3s Kubernetes Cluster: k3s, a lightweight Kubernetes distribution, is employed to create and manage the Kubernetes cluster, simplifying development and testing environments.
4. Flask Application: The microservices are built using Flask, a Python web framework, providing flexibility and ease of development.
5. MongoDB Database: MongoDB is used to store and manage data for the microservices, allowing for flexible, schema-less data storage.
6. Jaeger Tracing: Jaeger is integrated for distributed tracing, enabling end-to-end visibility into service interactions and latency analysis.
7. Prometheus Monitoring: Prometheus is implemented to collect metrics and performance data, empowering proactive system monitoring.
8. Grafana Visualization: Grafana is used to visualize and analyze metrics collected by Prometheus, offering insightful dashboards and alerts.
9. OpenTelemetry Instrumentation: OpenTelemetry provides distributed tracing instrumentation, enhancing application observability.

Technologies Used:

1. Docker for containerization
2. Docker Hub as a container registry
3. k3s for lightweight Kubernetes orchestration
4. Vagrant for local development environments
5. Helm for Kubernetes package management
6. Flask for microservices development
7. MongoDB for data storage
8. Jaeger for distributed tracing
9. Prometheus for metrics collection
10. Grafana for data visualization
11. OpenTelemetry for tracing instrumentation

Why This Project Matters:

This project showcases the potential of microservices architecture, demonstrating how modern technologies can work in harmony to enable scalable, observable, and maintainable systems. By combining Flask, Docker, k3s, MongoDB, Jaeger, Prometheus, Grafana, and OpenTelemetry, it highlights the benefits of each technology and their synergistic impact on the entire ecosystem.