{"id":29811672,"url":"https://github.com/ericgitangu/ecommerce_evaluation_with_apps","last_synced_at":"2026-04-10T22:46:51.535Z","repository":{"id":294028057,"uuid":"898068794","full_name":"ericgitangu/ecommerce_evaluation_with_apps","owner":"ericgitangu","description":"Evaluation: An e-commerce project with flask microservices running in a Kubernetes in Docker (Kind) Cluster with an Istio ingress and egress, autonomous CI/CD with github actions ","archived":false,"fork":false,"pushed_at":"2026-02-20T21:16:14.000Z","size":230,"stargazers_count":1,"open_issues_count":8,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-10T22:45:53.223Z","etag":null,"topics":["dockerfile","flask","helm","ingress-controller","istio","istioctl","kind","kubectl","kubernetes-cluster","ngin","postgre","python3","rabbit"],"latest_commit_sha":null,"homepage":"https://developer.ericgitangu.com","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ericgitangu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-12-03T18:23:35.000Z","updated_at":"2026-01-09T01:43:45.000Z","dependencies_parsed_at":null,"dependency_job_id":"da01ddef-7a59-4a61-8e26-66a2d876390b","html_url":"https://github.com/ericgitangu/ecommerce_evaluation_with_apps","commit_stats":null,"previous_names":["ericgitangu/ecommerce_evaluation_with_apps"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ericgitangu/ecommerce_evaluation_with_apps","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ericgitangu%2Fecommerce_evaluation_with_apps","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ericgitangu%2Fecommerce_evaluation_with_apps/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ericgitangu%2Fecommerce_evaluation_with_apps/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ericgitangu%2Fecommerce_evaluation_with_apps/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ericgitangu","download_url":"https://codeload.github.com/ericgitangu/ecommerce_evaluation_with_apps/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ericgitangu%2Fecommerce_evaluation_with_apps/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31662169,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-10T17:19:37.612Z","status":"ssl_error","status_checked_at":"2026-04-10T17:19:13.364Z","response_time":98,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dockerfile","flask","helm","ingress-controller","istio","istioctl","kind","kubectl","kubernetes-cluster","ngin","postgre","python3","rabbit"],"created_at":"2025-07-28T17:09:26.074Z","updated_at":"2026-04-10T22:46:51.512Z","avatar_url":"https://github.com/ericgitangu.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# E-commerce Microservices Project - Evaluation\n\n[![CI/CD Pipeline](https://github.com/ericgitangu/microservices/actions/workflows/github-actions.yml/badge.svg)](https://github.com/ericgitangu/microservices/actions/workflows/github-actions.yml) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\nThis project implements an e-commerce system using a microservices architecture. Each service is built with Flask, and the project is designed to be cloud-native, leveraging Kubernetes for orchestration and Prometheus and Grafana for observability.\n\n## Achievements:\n\nAs per the requirements, the following have been achieved, all works have been cited within the relevant manifest files\n\n1. Debug and deploy the services using provided manifests - each service and 3rd party app has its own manifests files within folders named k8s.\n2. Address issues in the CI/CD pipeline - set up an automated CI/CD pipeline which is passing, click on the badge for more information.\n3. Use logs and metrics to identify and fix issues - using prometheus, integrated grafana and local logs mounted on containers (git excluded for security).\n4. Provide solutions for security and cost optimization - using istio for app mesh for secure intra service interactions (mTLS, RBAC, sidecar injection - envoy) enabled. Project is using the host ecommerce.local, routes traffic approproately and for cost using light weight containers and a lightweight Kubernetes in docker setup.\n\n## Project Structure\n\n```bash\n.\n├── LICENSE\n├── README.md\n├── app\n│   ├── catalog\n│   │   ├── Dockerfile\n│   │   ├── app.py\n│   │   ├── data\n│   │   │   └── catalogue_data.json\n│   │   ├── gunicorn-config.py\n│   │   ├── k8s\n│   │   │   ├── deployment.yaml\n│   │   │   ├── hpa.yaml\n│   │   │   └── service.yaml\n│   │   ├── requirements.txt\n│   │   └── utils\n│   │       ├── __init__.py\n│   │       └── logger.py\n│   ├── frontend\n│   │   ├── Dockerfile\n│   │   ├── app.py\n│   │   ├── gunicorn-config.py\n│   │   ├── k8s\n│   │   │   ├── deployment.yaml\n│   │   │   ├── hpa.yaml\n│   │   │   └── service.yaml\n│   │   ├── requirements.txt\n│   │   └── utils\n│   │       ├── __init__.py\n│   │       └── logger.py\n│   ├── order\n│   │   ├── Dockerfile\n│   │   ├── app.py\n│   │   ├── gunicorn-config.py\n│   │   ├── k8s\n│   │   │   ├── deployment.yaml\n│   │   │   ├── hpa.yaml\n│   │   │   └── service.yaml\n│   │   ├── requirements.txt\n│   │   └── utils\n│   │       ├── __init__.py\n│   │       └── logger.py\n│   └── search\n│       ├── Dockerfile\n│       ├── app.py\n│       ├── data\n│       │   └── search_data.json\n│       ├── gunicorn-config.py\n│       ├── k8s\n│       │   ├── deployment.yaml\n│       │   ├── hpa.yaml\n│       │   └── service.yaml\n│       ├── requirements.txt\n│       └── utils\n│           ├── __init__.py\n│           └── logger.py\n├── ci_cd\n│   └── README.md\n├── elasticsearch\n│   └── k8s\n│       ├── deployment.yaml\n│       └── service.yaml\n├── grafana\n│   ├── dashboards\n│   │   └── flask-services.json\n│   └── k8s\n│       ├── dashboard-provisioning.yaml\n│       ├── datasource.yaml\n│       ├── deployment.yaml\n│       └── service.yaml\n├── istio\n│   └── k8s\n│       ├── auth-policy.yaml\n│       ├── deployment.yaml\n│       ├── mesh-config.yaml\n│       └── service.yaml\n├── kind\n│   └── k8s\n│       ├── kind-config.yaml\n│       └── storage-class.yaml\n├── logs_and_metrics\n│   ├── catalog\n│   ├── frontend\n│   ├── order\n│   └── search\n├── manifests\n│   └── README.md\n├── nginx\n│   └── k8s\n│       ├── deployment.yaml\n│       └── service.yaml\n├── postgres\n│   └── k8s\n│       ├── deployment.yaml\n│       └── service.yaml\n├── prometheus\n│   ├── k8s\n│   │   ├── config\n│   │   │   └── prometheus.yml\n│   │   ├── deployment.yaml\n│   │   └── service.yaml\n│   └── prometheus-configmap.yaml\n├── rabbitmq\n│   └── k8s\n│       ├── deployment.yaml\n│       └── service.yaml\n├── scripts\n│   ├── deploy-helm.sh\n│   ├── deploy-kubectl.sh\n│   └── test-local.sh\n└── secrets.yaml\n```\n\n\n## Microservices Overview\n\n### 1. Catalog Service\n- **Purpose**: Manages product catalog data.\n- **Endpoints**:\n  - `/catalog`: Fetch catalog data.\n  - `/metrics`: Metrics for Prometheus.\n  - `/health`: Health check endpoint.\n- **Integrations**:\n  - PostgreSQL for storage.\n  - Prometheus for metrics collection.\n\n### 2. Frontend Service\n- **Purpose**: Acts as a gateway for the user-facing application.\n- **Endpoints**:\n  - `/`: Home route.\n  - `/health`: Health check.\n\n### 3. Order Service\n- **Purpose**: Manages customer orders.\n- **Endpoints**:\n  - `/create-order`: Handles new orders.\n  - `/metrics`: Metrics for Prometheus.\n  - `/health`: Health check endpoint.\n- **Integrations**:\n  - RabbitMQ for message queueing.\n  - PostgreSQL for order persistence.\n\n### 4. Search Service\n- **Purpose**: Provides search functionality over the catalog data.\n- **Endpoints**:\n  - `/search`: Query products.\n  - `/metrics`: Metrics for Prometheus.\n  - `/health`: Health check.\n- **Integrations**:\n  - Elasticsearch for search indexing.\n\n### 5. Service Mesh Security\n\n#### Istio Integration\n- Replaces Nginx Ingress with Istio Service Mesh\n- Provides mTLS encryption between services\n- Implements fine-grained RBAC\n- Manages traffic routing and load balancing\n\n#### Security Features\n1. **mTLS Authentication**\n   - Automatic encryption between services\n   - Certificate management handled by Istio\n   - STRICT mode enforced across namespace\n\n2. **Authorization Policies**\n   - Frontend Service: Public access to / and /health\n   - Catalog Service: Only accessible by Frontend\n   - Order Service: Protected endpoints with method restrictions\n   - Search Service: Controlled access from Frontend\n\n3. **Traffic Management**\n   - Route definitions via Virtual Services\n   - Load balancing across service instances\n   - Circuit breaking and fault injection capabilities\n\n#### Accessing Services\n- All external traffic routes through Istio Ingress Gateway\n- Internal service-to-service communication secured by mTLS\n- Original ports and endpoints remain unchanged\n\n## Deployment\n\n### Prerequisites\n- Kubernetes cluster (local or cloud-based).\n- `kubectl` installed and configured.\n- Helm installed for package management.\n\n### Steps\n\n1. **Deploy Secrets**:\n    ```bash\n      kubectl apply -f secrets.yaml\n    ```\n2. **Deploy Services**:\n    ```bash\n      ./scripts/deploy-kubectl.sh\n    ```\n3. **Verify Resources**:\n    ```\n      kubectl get pods -n ecommerce\n      kubectl get services -n ecommerce\n    ```\n4. **Deploy Helm Charts**:\n    ```\n      ./scripts/deploy-helm.sh\n    ```\n5. **Access Services**:\n    - Frontend: \u003cNode_IP\u003e:\u003cPort\u003e\n    - Metrics: Access Prometheus and Grafana for system observability. \n\n### Observability\n\n#### **Prometheus**\n\n- Scrapes metrics from the microservices and system components.\n- Configured with prometheus.yml.\n\n#### **Grafana**:\n\n- Visualizes metrics collected by Prometheus.\n- Dashboards defined in flask-services.json.\n\n#### **Logging**\n    \n- Local file logging under the folder logs_and_metrics, each service has a volume mount for the logs. \n- Configured with utils/logger.py.\n\n## Testing Microservices\n\nTo run this project locally you can use the following script: \n\n**Requirements**:\n- Kind\n- Kubectl\n- Istioctl\n- Helm\n\nRun Locally:\n\n    ```bash\n      ./scripts/test-local.sh\n    ```\nIt is Worth looking at the deploy-helm.sh that consolidates all of our helm installations and deploy-kubectl.sh that consolidates all of our deployment, service, hpa and configuration manifests applies them to deploy our apps and 3rd party dependencies to better understand how the test script works.\n\n## Service Endpoints and Ports\n\n### Catalog Service\n- **Port**: 5001\n- **Endpoints**:\n  - `/catalog`: Fetch catalog data\n  - `/metrics`: Prometheus metrics\n  - `/health`: Health check endpoint\n- **Internal Service Name**: catalog-service.ecommerce.svc.cluster.local\n\n### Search Service\n- **Port**: 5002\n- **Endpoints**:\n  - `/search`: Query products\n  - `/metrics`: Prometheus metrics\n  - `/health`: Health check endpoint\n- **Internal Service Name**: search-service.ecommerce.svc.cluster.local\n\n### Order Service\n- **Port**: 5003\n- **Endpoints**:\n  - `/`: Home route\n  - `/create-order`: Create new orders\n  - `/metrics`: Prometheus metrics\n  - `/health`: Health check endpoint\n- **Internal Service Name**: order-service.ecommerce.svc.cluster.local\n\n### Frontend Service\n- **Port**: 5004\n- **Endpoints**:\n  - `/`: Home route\n  - `/metrics`: Prometheus metrics\n  - `/health`: Health check endpoint\n- **Internal Service Name**: frontend-service.ecommerce.svc.cluster.local\n\n### Supporting Services\n\n#### Prometheus\n\n(Mmonitoring): Scrapes orders, frontend, search \u0026 catalogue for metrics to report.\n- **Port**: 9090\n- **Internal Service Name**: prometheus.monitoring.svc.cluster.local\n- **Access**: http://localhost:9090\n\n#### Grafana\n\n(Observability): Integrates with prometheus, pre-configured dashboards to highlight app level info.\n- **Port**: 3000\n- **Internal Service Name**: grafana.monitoring.svc.cluster.local\n- **Access**: http://localhost:3000\n- **Default Credentials**: admin/admin\n\n#### Elasticsearch\n\nProvides a convenient way to search; we have data folders with some rows for simulating searching.\n- **Port**: 9200\n- **Internal Service Name**: elasticsearch.logging.svc.cluster.local\n- **Access**: http://localhost:9200\n\n#### RabbitMQ\n\nFor message brokerage, orders are placed in queue and can be polled for processing and viewed on our dashboard.\n- **Ports**: \n  - 5672 (AMQP)\n  - 15672 (Management Interface)\n- **Internal Service Name**: rabbitmq.messaging.svc.cluster.local\n- **Access**: http://localhost:15672\n- **Default Credentials**: admin/adminpassword\n\n#### PostgreSQL\n\nFor ACID persistent storage using a slim version 15 package; for orders.\n- **Port**: 5432\n- **Internal Service Name**: postgres-postgresql.database.svc.cluster.local\n- **Access**: localhost:5432\n- **Default Credentials**: postgres/postgrespass\n\n#### Nginx Ingress (Deprecated)\n\n**Deprecated** over Istio, the folders and the deploy and service configs are still available.\n- **Port**: 80\n- **Internal Service Name**: nginx-ingress.ecommerce.svc.cluster.local\n- **Access**: http://localhost:80\n- **Configuration**: Managed via ConfigMap nginx-config\n\n## **CI/CD Workflow**\n\nSteps 1,2 \u0026 3 happen in one step then proceeds to 4,5 \u0026 6 if successful. \n\n1. Install: Installs helm charts for 3rd parties and install the apps requirements.\n2. Deploy: Specifies the deploy parameters, deploys the services into our Kind cluster.\n3. Test: Run a local test with Kind, this ensures we can create a cluster and operate interoperably with the services.\n4. Build: Docker images for each service locally and load them into our Kind cluster.\n5. Scan: Vulnerability scanning using Trivy - Optional to discover CVE's present.\n6. Publish: Automate publish using GitHub Actions to my public [Dockhub Repo](https://hub.docker.com/repositories/egitangu).\n\n## **License**\nThis project is licensed under the MIT License. See LICENSE for details, credits to Bineyame \u003cbineyame.afework@engie.com\u003e.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fericgitangu%2Fecommerce_evaluation_with_apps","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fericgitangu%2Fecommerce_evaluation_with_apps","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fericgitangu%2Fecommerce_evaluation_with_apps/lists"}