Leqx/three-tier-eks-iac

Three-tier eks iac

View Demo · Documentation · Report Bug · Request Feature

This a three tier microservice TODO List application project. It's meant to showcase my understanding of devsecops by utilizing terraform, aws and k8s.

📔 Table of Contents

• 📔 Table of Contents
  • 🌟 About the Project
    • 👾 Tech Stack
    • 🎯 Features
  • 🧰 Getting Started
    • ‼️ Prerequisites
    • ⚙️ Installation
      • 🔹 Build Docker image
      • 🔹 MongoDB Database Setup
      • 🔹 Backend API Setup
      • 🔹 Frontend Client Setup
      • 🔸 Any issue with the pods ? check logs
      • 🔹 Monitoring Setup
      • 🔹 Destroy Kubernetes Resources and Cluster
  • 🧭 Roadmap
  • 👋 Contributing
  • ⚠️ License
  • 🤝 Contact
  • 💎 Acknowledgements

🌟 About the Project

System Architecture Diagram

Frontend UI

👾 Tech Stack

Languages

Client

Server

Database

Devops

Cloud

🎯 Features

• Create TODOs
• Read TODOs
• Update TODOs
• Delete TODOs

🧰 Getting Started

‼️ Prerequisites

Install Kubectl https://kubernetes.io/docs/tasks/tools/

Install Helm https://helm.sh/docs/intro/install/

helm repo update

⚙️ Installation

Install/update latest AWS CLI: (make sure install v2 only) https://aws.amazon.com/cli/

Update the Kubernetes context:

aws eks update-kubeconfig --name my-eks-cluster --region us-west-2

Verify access:

kubectl auth can-i "*" "*"
kubectl get nodes

Verify autoscaler running:

kubectl get pods -n kube-system

Check Autoscaler logs:

kubectl logs -f \
  -n kube-system \
  -l app=cluster-autoscaler

Check load balancer logs:

kubectl logs -f -n kube-system \
  -l app.kubernetes.io/name=aws-load-balancer-controller

🔹 Build Docker image

For Mac:

export DOCKER_CLI_EXPERIMENTAL=enabled
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/w8u5e4v2

Build Front End :

docker buildx build --platform linux/amd64 -t workshop-frontend:v1 .
docker tag workshop-frontend:v1 public.ecr.aws/w8u5e4v2/workshop-frontend:v1
docker push public.ecr.aws/w8u5e4v2/workshop-frontend:v1

Build Back End :

docker buildx build --platform linux/amd64 -t workshop-backend:v1 .
docker tag workshop-backend:v1 public.ecr.aws/w8u5e4v2/workshop-backend:v1
docker push public.ecr.aws/w8u5e4v2/workshop-backend:v1

For Linux/Windows:

Build Front End :

docker build -t workshop-frontend:v1 .
docker tag workshop-frontend:v1 public.ecr.aws/w8u5e4v2/workshop-frontend:v1
docker push public.ecr.aws/w8u5e4v2/workshop-frontend:v1

Build Back End :

docker build -t workshop-backend:v1 .
docker tag workshop-backend:v1 public.ecr.aws/w8u5e4v2/workshop-backend:v1
docker push public.ecr.aws/w8u5e4v2/workshop-backend:v1

Update Kubeconfig Syntax: aws eks update-kubeconfig --region region-code --name your-cluster-name

aws eks update-kubeconfig --region us-west-2 --name my-eks-cluster

Create Namespace

kubectl create ns workshop

kubectl config set-context --current --namespace workshop

🔹 MongoDB Database Setup

To create MongoDB Resources

cd k8s_manifests/mongo_v1
kubectl apply -f secrets.yaml
kubectl apply -f deploy.yaml
kubectl apply -f service.yaml

🔹 Backend API Setup

Create NodeJs API deployment by running the following command:

kubectl apply -f backend-deployment.yaml
kubectl apply -f backend-service.yaml

🔹 Frontend Client Setup

Create the Frontend  resource. In the terminal run the following command:

kubectl apply -f frontend-deployment.yaml
kubectl apply -f frontend-service.yaml

Finally create the final load balancer to allow internet traffic:

kubectl apply -f full_stack_lb.yaml

🔸 Any issue with the pods ? check logs

kubectl logs -f POD_ID -f

🔹 Monitoring Setup

Verify Services

kubectl get svc -n prometheus

edit the Prometheus-grafana service:

kubectl edit svc prometheus-grafana -n prometheus

change ‘type: ClusterIP’ to 'LoadBalancer'

Username: admin Password: prom-operator

Import Dashboard ID: 1860

Exlore more at: https://grafana.com/grafana/dashboards/

🔹 Destroy Kubernetes Resources and Cluster

cd ./k8s_manifests
kubectl delete -f -f

Remove AWS Resources to stop billing

cd terraform
terraform destroy --auto-approve

🧭 Roadmap

• Add CI Server
  • Jenkins
  • SonarQube
  • Trivy
  • OWASP
• Add CD Capabilities
  • ArgoCD
  • Argo Events
  • Argo Workflows
  • Argo Rollouts
• Add Service Mesh
  • Istio

👋 Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

⚠️ License

Distributed under the no License. See LICENSE.txt for more information.

🤝 Contact

Eugene Alex - @twitter_handle - email@email_client.com

Project Link: https://github.com/Leqx/three-tier-eks-iac

💎 Acknowledgements

I would like to acknowledge the following developers,please follow them and star there work:

• Understanding EKS
• Understanding Terraform