{"id":19287064,"url":"https://github.com/alexlast/clearscore","last_synced_at":"2026-03-02T11:02:23.326Z","repository":{"id":102545274,"uuid":"139467288","full_name":"AlexLast/clearscore","owner":"AlexLast","description":"ClearScore Interview Task","archived":false,"fork":false,"pushed_at":"2018-07-03T18:38:51.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-23T23:22:49.306Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AlexLast.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-07-02T16:25:41.000Z","updated_at":"2019-02-25T10:45:35.000Z","dependencies_parsed_at":null,"dependency_job_id":"fd3a156d-fbdf-4ad2-9f4b-ea9ee411e109","html_url":"https://github.com/AlexLast/clearscore","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/AlexLast/clearscore","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlexLast%2Fclearscore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlexLast%2Fclearscore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlexLast%2Fclearscore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlexLast%2Fclearscore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AlexLast","download_url":"https://codeload.github.com/AlexLast/clearscore/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlexLast%2Fclearscore/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29999224,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-02T09:59:02.300Z","status":"ssl_error","status_checked_at":"2026-03-02T09:59:02.001Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T22:05:11.375Z","updated_at":"2026-03-02T11:02:23.304Z","avatar_url":"https://github.com/AlexLast.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Interview task\n\n## About\n\nMy experience deploying Kubernetes clusters and kubernetes resources is with kops and spinnaker,\nhowever I've been dying to get my hands on EKS + Terraform EKS + Terraform kubernetes provider - so this \nseemed like a good opportunity to test it out.\n\nOverall it seems EKS and the Terraform kubernetes provider are still quite immature so a couple of workarounds were required - namely depoying resources in\nkubernetes, an example of this would be the lack of ability to ability to add pod level annotations or service level annotations e.g specifying an ACM certificate ARN to use when creating a loadbalancer. I had\nto use local-exec's with kubectl to work around this, however with more time I would have looked at Spinnaker or Helm.\n\nThe stack:\n\n* EKS deployed via Terraform\n* Kubernetes resources provisoned with kubectl (Terraform provider doesn't support many options)\n* Example wordpress service deployed\n* Node autoscaling with cluster-autoscaler\n* HPA for service\n* Readiness/Liveness probes for service\n* SSL configured for service on test domain\n\n## Pre-requisites\nThe following is required before deploying:\n\n* Cloudflare account with domain configured and referenced in the tfvars file (Unfortunately \nthe only domain I have access to for this excercise is setup with Cloudflare, otherwise I would have used route53 to make testing easier for reviewers without Cloudflare access). \nThe following environment variables will need to be set:\n    * ```export CLOUDFLARE_TOKEN=CLOUDFLARE_API_TOKEN```\n    * ```export CLOUDFLARE_EMAIL=CLOUDFLARE_ACCOUNT_EMAIL```\n* kubectl version \u003e= v1.10.3\n* heptio-authenticator-aws \u003e=v0.3.0\n* terraform \u003e= 0.11.7\n* jq \u003e= 1.5\n* AWS account with a completed credentials file or the following environment variables set at a minimum:\n    * ```export AWS_ACCESS_KEY_ID=xyz```\n    * ```export AWS_SECRET_ACCESS_KEY=xyz```\n    * ```export AWS_DEFAULT_REGION=us-east-1```\n* Must be run in a Linux type shell (Required by some local-execs)\n* An S3 bucket and DynamoDB table that can be used to store terraform state and provide locking (referenced in the example init). The table must have a primary key named LockID.\n\n## Modules\n\nThe terraform modules in this repository:\n\n* eks - Provisions a Kubernetes cluster in AWS with EKS, as well as cluster add ons such as: Heapster, cluster-autoscaler etc\n* wordpress - Provisions wordpress on said Kubernetes cluster, as well as surrounding resources such as: SSL certificates, DNS records\n\n## Scaling\n\nKubernetes is running cluster-autoscaler and configured to scale up the node count if pods can\nno longer be scheduled or scale down the node count if there's unused resources, this currently defaults to a minimum of 1 and maximum of 2 as a proof of concept, however\nit's completely configurable via the top-level variables in ```variables.tf```, just add them to the tfvars file you're deploying with.\n\nThe WordPress pods are also configured to scale up if they're utilising more than 70% CPU via Horizontal Pod Autoscaling - This is currently set to a minimum of 3 replicas and a maximum of 10 to fix the current node size, however this can obviously be configured to a higher/lower minimum and maximum.\n\nWith more time, I would like to have implemented Autoscaling in Aurora and performed a load test to show scaling up and down.\n\n## Deploying\n\nThe following is an example of deploying a dev environment, the same commands/tfvars files can be modified to create a staging/prod environment etc. You can find all the variables \n that can be set and their descriptions in ```terraform/variables.tf```. You can remove any backend config options you don't wish to use.\n\n```bash\ncd terraform\nterraform init -backend-config=\"bucket=S3_BUCKET_NAME\" -backend-config=\"region=S3_BUCKET_REGION\" -backend-config=\"dynamodb_table=DYNAMODB_TABLE_NAME\"\nterraform workspace new dev\nterraform plan -var-file=clearscore-dev.tfvars -var 'master_password=secure_password' -out /tmp/dev-plan\n# Apply if plan looks good, ensure the master password is recorded securely (Should be \u003e= characters)\nterraform apply /tmp/dev-plan\n```\n\nOnce the above apply has completed navigate to https://```${terraform.env}```-wordpress.```${var.service_base_domain}``` in a browser to complete the WP initial install.\n\nIf you wish to interact directly with the Kubernetes cluster post installation, the kubeconfig file can be found in ```/tmp/${var.cluster_name}-kubeconfig```\n\n## Concessions/Improvements \nSome improvements I would have made with more time/AWS credits:\n\n* Service deployment via Spinnaker pipeline (promotion to staging/prod) or Helm (In hindsight this may even have been quicker than the local apply's)\n* Implement service level caching and session storage with W3TC \u0026 Redis/Memcached\n* Automated WP install with WPCLI or similar (or restore from pre-installe RDS snapshot)\n* AWS Aurora autoscaling\n* Create own Defanged docker image for WP\n* Implement monitoring and alerting\n* More fine grained modules, with versioning\n* Aurora/MySQL encryption at rest and in-transit\n* Vault for secret storage\n* Higher starting node count\n* Cloudflare as a configurable option (e.g use ELB DNS only)\n* Remove any local-exec workarounds or storage in /tmp\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexlast%2Fclearscore","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falexlast%2Fclearscore","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexlast%2Fclearscore/lists"}