This project demonstrates an Infrastructure as Code (IaaC) approach using Terraform to deploy a microservices-based architecture on AWS Elastic Kubernetes Service (EKS). The primary goal is to provision a web application with a frontend proxy using nginx/httpd and a backend database (mongo, PostgreSQL) and deploy the Socks Shop example microservice application using Kubernetes. The CI/CD pipeline is set up using CircleCI. The emphasis is on readability, maintainability, and following DevOps methodologies.
- Overview
- Setup Details
- Task Instructions
- Technologies Used
- Prerequisites
- Getting Started
- HTTPS and Network Security**
- Sensitive Information Encryption**
- Challenges Faced
In this project, we deploy a microservices-based architecture on AWS Elastic Kubernetes Service (EKS) using an Infrastructure as Code approach with Terraform. The deployment includes provisioning a web application with nginx/httpd frontend proxy and a backend database and deploying the Socks Shop microservice application. The CI/CD pipeline is managed using CircleCI.
The project requires the following setup:
- Web application with nginx/httpd frontend proxy
- Backend database (mongo, PostgreSQL)
- Socks Shop microservice application (https://microservices-demo.github.io/)
The deployment is orchestrated using Kubernetes and an IaaC approach with Terraform. The CI/CD pipeline is set up with CircleCI, ensuring automated and consistent implementations.
Metrics are collected and monitored using Prometheus. The monitoring setup helps in tracking the health and performance of the deployed services.
Prometheus is used for monitoring the infrastructure and microservices. Grafana is integrated to create visual dashboards for monitoring and analysis of metrics.
- AWS Elastic Kubernetes Service (EKS)
- Terraform
- CircleCI
- Prometheus
- Grafana
- Nginx/Httpd
- MongoDB/PostgreSQL
- Socks Shop microservices
- Let’s Encrypt for HTTPS[Optional]
- AWS account set up
- Terraform installed
- Setup CircleCI account
- Clone this repository.
- Set up AWS resources and EKS cluster.
- Use Terraform to deploy the web application and backend database on EKS.
- Deploy the Socks Shop microservices on EKS.
For Prometheus Deployment:
- Run the following commands to install Helm and Prometheus:
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
sudo apt-get install apt-transport-https --yes
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helm
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
- Update Helm repositories:
helm repo update
- Install Prometheus
helm install prometheus prometheus-community/prometheus
- Expose Prometheus service using LoadBalancer:
kubectl expose service prometheus-server --type=LoadBalancer --target-port=9090 --name=prometheus-server-ext
- Check the external IP for Prometheus:
kubectl get service prometheus-server-ext
Configure the web application to run on HTTPS with Let’s Encrypt certificates. Implement network security access rules to secure the infrastructure.
Utilize Terraform Vault or CircleCI context for encrypting sensitive information, ensuring secure management of credentials and secrets.
During the course of the Sock Shop project, I encountered challenges that, unfortunately, I wasn't able to fully address due to billing constraints. These challenges highlight areas where technical limitations and budget considerations impacted the project:
I faced an issue where the voting app didn't display as expected on web browsers. Despite my efforts to troubleshoot and identify the issue, I wasn't able to allocate the necessary resources to resolve it due to the associated costs. I recognize the importance of delivering a functional application and apologize for any inconvenience this might cause to users.
Implementing HTTPS for the deployed applications, including obtaining SSL/TLS certificates and configuring web servers, is crucial for security. However, due to the increasing project costs, I wasn't able to implement HTTPS at this time. Ensuring secure communication requires resources beyond the scope of the current project constraints.
I want to be transparent about these challenges and the decisions made. While these specific issues remain unresolved, I'm actively learning and considering options to address them in the future, possibly with more optimized resource allocation or alternative approaches.
Your understanding and input are greatly appreciated as I continue to refine and enhance the project within the given limitations.
**Optional