This project demonstrates deploying the YelpCamp application, a full-stack website for campground reviews, with a 3-tier architecture across various environments (test
, dev
, prod
) using Cloud DevOps practices.
This project aims to showcase the following functionalities:
- Creating three separate environments (
test
,dev
,prod
) using Terraform and deploying the application across these environments. - Test Environment: Setting up a local development environment for testing the YelpCamp application (done on a GCP Compute Engine).
- Dev Environment: Building and deploying the application in a Docker container using a Jenkins pipeline.
- Prod Environment: Automating deployment of the application to a Google Kubernetes Engine (GKE) cluster through a Jenkins pipeline.
- Leveraging automation wherever possible, including the use of GCP's metadata feature and startup scripts to install all necessary tools.
- Google Kubernetes Engine (GKE)
- Terraform
- Docker
- Jenkins
- Node.js
- Git
- Bash
- SonarQube
- Trivy
This project requires the following prerequisites:
- A Google Cloud Platform account
- Docker installed locally
- Basic understanding of Cloud Shell, Jenkins, and Kubernetes concepts
To clone the repository and set it up locally, use the following commands:
git clone https://github.com/ChetanThapliyal/3-tier-architecture-deployment-GKE.git
cd 3-tier-architecture-deployment-GKE
Create a terraform.tfvars
file for each environment (test
, dev
, prod
) with the necessary variables. Below is a generic structure of what your terraform.tfvars
file might look like:
# terraform.tfvars
project = "your-gcp-project-id"
region = "your-gcp-region"
credentials = "path-to-your-service-account-file.json"
Global VPC
- Navigate to the
Infra
directory:cd Infra
- Create and configure the
terraform.tfvars
file for the VPC. - Initialize Terraform and apply the configuration:
terraform init terraform apply
Test Environment: Testing the YelpCamp application with npm
- Navigate to the
test
environment directory:cd Infra/environments/test
- Create and configure the
terraform.tfvars
file for the test environment. - Initialize Terraform and apply the configuration:
terraform init terraform apply
Dev Environment: Docker Deployment with Jenkins
- Navigate to the
dev
environment directory:cd Infra/environments/dev
- Create and configure the
terraform.tfvars
file for the dev environment. - Initialize Terraform and apply the configuration:
terraform init terraform apply
- Configure Jenkins following the instructions in the Jenkins directory.
Prod Environment: GKE Deployment with Jenkins
- Navigate to the
prod
environment directory:cd Infra/environments/prod
- Create and configure the
terraform.tfvars
file for the prod environment. - Initialize Terraform and apply the configuration:
terraform init terraform apply
- Set up a GKE cluster following the GCP documentation or the instructions in the GKE directory.
- The
root
directory includes Jenkins pipelines for both 'dev' and 'prod' environments that automate building, containerizing, and deploying the application to your GKE cluster.
To keep the YelpCamp project aligned with industry best practices and to ensure its security and scalability, the following updates and enhancements are planned:
-
Binary Authorization for GKE:
- Implementing Binary Authorization to ensure that only trusted container images are deployed to the GKE cluster.
- Enforcing policies to require image signatures and validating them against pre-approved trusted sources.
-
Federated Identity for GKE:
- Integrating federated identity solutions to manage user access and authentication more effectively.
- Using Identity-Aware Proxy (IAP) to provide secure access to the application without a VPN, leveraging OAuth for authentication.
-
Service Mesh Implementation:
- Introducing Istio or Linkerd to manage microservices traffic, increase security, and improve observability.
- Enabling mTLS (Mutual TLS) for secure service-to-service communication within the cluster.
-
Enhanced Monitoring and Logging:
- Utilizing Prometheus and Grafana for better monitoring of the application and infrastructure.
- Integrating Google Cloud Logging and Google Cloud Monitoring for centralized log management and alerting.
-
Security Scanning and Compliance:
- Integrating Trivy and Clair for continuous security scanning of container images.
- Ensuring compliance with industry standards and regulations by conducting regular security audits.
-
Automated Scaling and Load Balancing:
- Configuring Horizontal Pod Autoscaler (HPA) and Cluster Autoscaler for dynamic scaling based on traffic and resource usage.
- Implementing Google Cloud Load Balancing to distribute traffic effectively and ensure high availability.
-
CI/CD Pipeline Enhancements:
- Refining the Jenkins pipeline to include automated rollback strategies and blue-green deployments.
- Incorporating Canary deployments to test new features with a subset of users before full rollout.
-
Infrastructure as Code (IaC) Improvements:
- Modularizing Terraform configurations further to promote reusability and maintainability.
- Implementing Terratest for automated testing of Terraform configurations to ensure infrastructure reliability.
By implementing these enhancements, the YelpCamp project will not only adhere to best practices but also provide a robust, secure, and scalable architecture for its users.
We welcome contributions to this project! Please see the CONTRIBUTING.md
file for guidelines on how to contribute.
This project is licensed under the MIT License. See the LICENSE
file for details.