{"id":21221369,"url":"https://github.com/garryone/parkbee-interview","last_synced_at":"2026-04-08T17:33:16.982Z","repository":{"id":220187252,"uuid":"750984795","full_name":"GarryOne/parkbee-interview","owner":"GarryOne","description":null,"archived":false,"fork":false,"pushed_at":"2025-06-04T12:38:42.000Z","size":10464,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-03T10:28:50.665Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GarryOne.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-01-31T17:55:18.000Z","updated_at":"2024-02-04T21:43:32.000Z","dependencies_parsed_at":"2025-06-04T13:44:02.657Z","dependency_job_id":"3cd245f1-d78e-4511-ba15-be91eb813b70","html_url":"https://github.com/GarryOne/parkbee-interview","commit_stats":null,"previous_names":["garryone/parkbee-interview"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/GarryOne/parkbee-interview","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GarryOne%2Fparkbee-interview","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GarryOne%2Fparkbee-interview/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GarryOne%2Fparkbee-interview/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GarryOne%2Fparkbee-interview/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GarryOne","download_url":"https://codeload.github.com/GarryOne/parkbee-interview/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GarryOne%2Fparkbee-interview/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31567027,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-08T14:31:17.711Z","status":"ssl_error","status_checked_at":"2026-04-08T14:31:17.202Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-20T22:27:21.666Z","updated_at":"2026-04-08T17:33:16.953Z","avatar_url":"https://github.com/GarryOne.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"### Live URLs\n\n* App: http://a3152e2806ab64cab9e58e6a8a14d7c4-740023050.eu-north-1.elb.amazonaws.com\n* Grafana: http://a0d2c363309bf49479d09072b5b2cf7e-1539834057.eu-north-1.elb.amazonaws.com\n* Prometheus: http://a3aa9d91199b24398a7b53b783e43dfe-1812134370.eu-north-1.elb.amazonaws.com:9090\n\n### TODOs\n* Move the `tfstate` to s3 storage\n* Add HTTPS to the services (but for this we need either a domain, either self-signed certificate)\n* Optionally, for a better flexibility, there can be added `outputs.tf` and `variables.tf`\n* Make the Kubernetes cluster API endpoint private\n\n\n## CI/CD Pipelines\n* `.github/workflows/deploy.yml` -\u003e `terraform` - this one deploys the terraform infrastructure defined in `main.tf`\n* `.github/workflows/deploy.yml` -\u003e `k8s-deployment` - this one deploys the kubernetes cluster defined in `k8s-deployment.yml` \n\n## See it action\n\n* Run the pipelines for the first time. (this will do `kubectl apply -f secrets.yaml` where is **MONGODB** connection defined)\n* Connect local kubectl to EKS cluster \n```\naws eks update-kubeconfig --name parkbee-cluster-v3 --region eu-north-1\n```\n\n# Monitoring\n\n## Helm charts for Prometheus and Grafana\n\n```\nhelm repo add prometheus-community https://prometheus-community.github.io/helm-charts\nhelm repo update\n\nhelm install prometheus-release prometheus-community/kube-prometheus-stack\n```\n\n### Exposing Prometheus and Grafana publicly URLs\n\n```\nkubectl patch svc prometheus-release-grafana -n default -p '{\"spec\": {\"type\": \"LoadBalancer\"}}'\n```\n\n```\nkubectl patch svc prometheus-release-kube-pr-prometheus -n default -p '{\"spec\": {\"type\": \"LoadBalancer\"}}'\n```\n\n### Get the public URLs of Grafana and Prometheus\n\n```\nkubectl get svc -n default\n```\n\nThey should look like this.\n\n* Prometheus - http://a2bdb2dec9fc54714ab344f9e16e571f-539306497.eu-north-1.elb.amazonaws.com:9090/\n\n* Grafana - http://abb804b0ded9a4736813d580290e8f16-253192928.eu-north-1.elb.amazonaws.com/login\n\n### Access Grafana and Prometheus locally\n\n```\nkubectl port-forward pod/prometheus-prometheus-release-kube-pr-prometheus-0 9090:9090 -n default\nkubectl port-forward --address 0.0.0.0 service/prometheus-release-grafana 3000:80\n```\n\nhttp://localhost:3000/ - Grafana\nhttp://localhost:9090/ - Prometheus\n\n### Grafana credentials\nUser: `admin`\nPass: `prom-operator`\n\n---\n\n## Kubernetes limited account\n\nThis one adds a `limited-access-account` that has access only to the `myapp` namespace\n```\nkubectl apply -f service-account.yaml\n```\n\nNow, we can get the `SA_TOKEN` using it later\n```\nSA_TOKEN=$(kubectl get secret limited-access-account-token -n myapp -o jsonpath='{.data.token}' | base64 --decode)\n```\n\n### One command test (as admin)\n\nThis one would not work\n```\n❯ kubectl --token=$SA_TOKEN get pods -n default\nError from server (Forbidden): pods is forbidden: User \"system:serviceaccount:myapp:limited-access-account\" cannot list resource \"pods\" in API group \"\" in the namespace \"default\"\n```\n\nThe below one would work\n```\nkubectl --token=$SA_TOKEN get pods -n myapp\n```\n\n### Create context\n\n```\nkubectl config set-credentials limited-access-account --token=$SA_TOKEN\nkubectl config set-context limited-access-context --cluster=arn:aws:eks:eu-north-1:665357118005:cluster/parkbee-cluster-v3 --namespace=myapp --user=limited-access-account\n```\n\n### Switch context as admin\n```\nkubectl config use-context limited-access-context\n```\n\n### Switch back to normal user/context\n```\nkubectl config use-context arn:aws:eks:eu-north-1:665357118005:cluster/parkbee-cluster-v3\n```\n\n\n### Login with another user\nReplace `limited-access-kubeconfig.yaml` token with `$SA_TOKEN` and run:\n```\nexport KUBECONFIG=/path/to/limited-access-kubeconfig.yaml\n```\n\n### Test\n```\nkubectl get pods\n```\n\nYou should see only the pods in the `myapp` namespace\n\n\n## Docker Compose integration (`docker-compose.yml`)\n```\ndocker compose up\n```\n\n## ECR Repositories\n\n* `665357118005.dkr.ecr.eu-north-1.amazonaws.com/app:latest`\n* `665357118005.dkr.ecr.eu-north-1.amazonaws.com/api:latest`\n\n## AWS Region\n`eu-north-1`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgarryone%2Fparkbee-interview","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgarryone%2Fparkbee-interview","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgarryone%2Fparkbee-interview/lists"}