This repository contains the infrastructure and application code for deploying a Webapp using Kubernetes. It's managed through ArgoCD for GitOps, and provisioned using Terraform.
.github/: Contains PR template and release.yml.github/workflows/: GithubActions to manage CI and CD using.charts/argocd-apps: Helm chart for ArgoCD Apps and AppSets.charts/cluster-bootstrap: Helm chart for the required applications (e.g ALB Controller, External DNS, etc).charts/webapp: Helm chart for the web application.terraform: Terraform configurations for provisioning infrastructure onA AWS and setting up ArgoCD.Dockerfile: Dockerfile for building the web application's container image.main.go: The application source file.main_test.go: The application test source file.
To deploy this project, ensure you have the following installed:
- AWS Credentials
- AWS CLI
- Terraform
- Make
- Docker
- GitHub CLI
-
Initialize Terraform
Navigate to the
terraform/directory:terraform init terraform apply
It will output a command to add the cluster to you local context for troubleshooting
aws eks --region us-east-1 update-kubeconfig --name ex-terraform --alias ex-terraform
For local development, build the Docker container and perform GET on port 8080:
make deps && make build
curl localhost:8080Run and test the application locally:
go test -v
go run main.go
origin/main- Always reflects a production-ready state.
origin/develop- Always reflects a state with the latest delivered development changes for the next release.
- Go to
developbranch and create afeature/*branch regarding your change e.g.:
git checkout -b feature/update-code- Update the code and create PR to
developbranch- It will run unit tests
- After that, you have to merge. The pipeline will execute:
- Run unit tests
- Run vulnerability checks
- Build the development new image
- Deploy in
dev
- After check in
dev, now you need to create a Release Candidate to be validated in a pre-prod environment- From
developbranch follow the steps:- Create a release PR (This PR will be executed to
main):
- The script will get the latest release version, calculate the release and branch name
make release
- Create a release PR (This PR will be executed to
- Pipeline will:
- Run unit tests
- Run vulnerability checks
- Build the new release candidate image
- Deploy in
stg(pre-prod)
- After check in
stg, approve the merge and deploy in production
- From
- In Production the Pipeline will trigger:
- Run unit tests
- Run vulnerability checks
- Build the new release candidate image
- Create a new Release on GitHub
- And create a PR to synchronize
mainwithdevelop
- Merge the PR creted
- Go to
mainbranch and run:
- The Script will create a
hotfix/*with any name that you choose and calculate hotfix version
make hotfix- Then, do your modification and push. It will deploy your change into non-prod environment performing the same checks as in RC pipeline
- After that, merge and a new release will be created and deployed in prod
- Manage ArgoCD secrets using a secret manager/vault
- ArgoCD authentication via SSO
- Setup Ingress for ArgoCD
- Create IaC CI/CD pipeline
- IaC secrity checks (tfsec, checkov, OPA, etc)
- Create application registry
- Set dynamically the hard-coded registries and variables
- Move App of Apps setup to another repository.
- Create script to handle semver releases
- Create a S3 bucket and DynamoDB table to manage statefile and state lockfile
- Notify Deployment in a communication channel
- Implement pre-commit
- Sign container image with Cosign
- Distroless image
- Create security polices to manage the cluster (Kyverno, Cilium)
- Cluster and App monitoring (Prometheus, Grafana, Loki)
- Setup Autoscaler tool (Karpenter or Autoscaler)
- Runtime Security system (Kubearmor, Falco, Tetragon)