Skip to content

Latest commit

 

History

History
111 lines (93 loc) · 5.65 KB

README.md

File metadata and controls

111 lines (93 loc) · 5.65 KB

Go Http Web Server

A simple http web server written in Golang exposing application metrics as a microservice. This project is built on the basic DevOps principles like building images securely through CI mechanism which includes signing of images, scanning for vulnerabilities and also does a continuous deployment test on every push and pull request. The application can be deployed easily on your kubernetes cluster using helm chart.

Build Status Build Status License

Pre-requisites for installation on Linux Machines

Setup tools and environment using OpenTofu

  1. Clone this repo in your local laptop
git clone https://github.com/cherrymu/process-out-challenge.git
  1. Install all the necessary cli tools using makescript. Before running the makefile please make sure you have make and unzip utility installed on your machine
make all 
  1. Switch directory into environments/local-dev
cd environments/local-dev/
  1. Initialize OpenTofu
tofu init
  1. Apply OpenTofu Configuration to Create Kind Cluster
tofu apply -auto-approve
  1. Set your KUBECONFIG path and check the status of the nodes
export KUBECONFIG=./environments/local-dev/kubeconfig_example

kubectl get nodes -o wide
  1. Create a namespace for our application deployment and an imagepull secret to securely pull a private image from the container registry
kubectl create ns go-web-app

kubectl create secret docker-registry my-registry-secret --docker-server=docker.io --docker-username=tincher --docker-password=dckr_pat_rNnP750_a_Jt6MKeTyaK0uomSQk -n go-web-app

Deploying the application using Helm

  1. Add the helm repo and perform a repo update
helm repo add go-http-server https://cherrymu.github.io/process-out-challenge/charts

helm repo update 
  1. Deploy the application
helm install web-server go-http-server/go-simple-web-server -n go-web-app
  1. Please follow the instructions on your screen to do a port-forward of the app service to test it the locally for the path / for webpage displaying Hello,World! and the path /metricsto view the metrics exposed by the application.

Bonus Points

You can fetch the values.yaml of the chart locally to make changes and upgrade your helm release

helm show values go-http-server/go-simple-web-server > custom-values.yaml

helm upgrade web-server go-http-server/go-simple-web-server -f custom-values.yaml

Clean Up

  1. Delete the helm release
helm delete web-server
  1. Destroy the KIND cluster after testing
cd environments/local-dev/

tofu destroy

Things Covered

  • Create a golang application listening on port 8080 with open telemetry metrics
  • Application built in a secure CI pipeline using github actions and test the release using CD process.
  • Packaged into a Docker container and push it to a container registry
  • Deployed on to a local kind cluster
  • Used private cloud container registry
  • Used helm to deploy the packaged application easily
  • Usage of infrastructure-as-code tool (OpenTofu) to provision local KIND cluster
  • Security scanners implementation using Trivy during the build process

Assumptions

After building the application from the CI pipeline, deploy it manually using helm on any k8s distribution. However, also written a github workflow to do a continous test of the latest image built using OpenTofu on a local kind cluster running in the workflow job.

Project Highlights/Features

  1. Modular Golang code with Separate HTTP handlers and telemetry into different files for better organization and error handling.
  2. Built the CI workflow using github actions for building the image on every push andpull requests before merging.
  3. Used Trivy as a security vulnerability scanner to scan the built images before pushing it to the private container registry
  4. Used Cosign to sign off the images securely to the private container registy.
  5. Used OpenTofu to automate the provision of the creating a quick local KIND cluster even when we don't have native KIND package support in OpenTofu yet. So used a bash script under the hoods and taking advantage of OpenTofu's null_resource to manage the execution of your Kind cluster script
  6. Created and hosted Helm Chart using GitHub pages for easy access.

Areas for Future Improvement

  1. Use an ingress gateway like Istio to route the traffic inside the cluster securely with more granularity and access control for the backend services with claims and policies.
  2. Use ArgoCD/Flux to deploy and manage applications more efficiently
  3. Extend OpenTofu configuration to automate installation of pre-requisites tools.
  4. Use sigstore policy controller to enforce a strict image policy such that only signed and verified images will be allowed to deploy in a namespace and other images will be rejected by the admission webhook controller.