Architecture Decisions
- Plan - Jira and Confluence would be my preffered planning tools if I had business and product owners
- Code - Github is where the code is stored
- Build - Docker is used to build the images
- Test - , Checkov, Behave
- Trivvy scans the image for vunlerabilities
- Checkov scans the terraform code for vunlerabilities
- Behave performs end to end testing
- Release - Jenkins runs the CI/CD
- Deploy - Terraform deploys the infrastructure to AWS
- Operate - Argo CD keeps the kubernetes cluster in sync with github
- Monitor - Cloudwatch, Prometheus & Grafana
- Cloudwatch logs events and has alarms to send emails
- Prometheus & Grafana provide a dashoboard for monitoring Kubernetes
Kubernetes Deployment
- Jenkins Pulls the Image repo
- Docker builds the image
- Trivy scans the image
- Jenkins pushs the image to ECR
- Jenkins triggers another Jenkins job to update the manifest
- Jenkins pulls the repo of manifest
- The manifest's image tag is updated and update in github
- Argocd periodically polls the github repo for changes and applies them to the cluster
Terraform Deployment
- Jenkins Pulls the Terraform repo
- Checkov scans the Terraform code for vulnerablilites
- Terraform applies the code to AWS
Architecture Decisions
- Security - Sits behind ALB in private subnet.
- Alarms - The standard AWS alarms are applied to EC2. These alarms will also send an email when triggered.
- EC2 - Error log detection, High CPU, Low CPU