{"id":23241133,"url":"https://github.com/mdmourao/cloudprojectgroup7","last_synced_at":"2026-04-09T12:55:21.150Z","repository":{"id":42698386,"uuid":"469417486","full_name":"mdmourao/CloudProjectGroup7","owner":"mdmourao","description":"The goal of the project is to develop a cloud native application that offers a set of services that provide relevant information extracted from a dataset. The services will be provided through a REST API and should be organized in two sets: user-oriented and administrator-oriented. Deploy the solution on the cloud using Kubernetes!","archived":false,"fork":false,"pushed_at":"2022-07-05T23:50:28.000Z","size":4233,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-19T05:06:44.366Z","etag":null,"topics":["cloud","docker","google","grafana","grpc","kubernetes","prometheus","rbac","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mdmourao.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null}},"created_at":"2022-03-13T15:49:46.000Z","updated_at":"2023-11-10T15:05:36.000Z","dependencies_parsed_at":"2022-08-29T10:10:45.843Z","dependency_job_id":null,"html_url":"https://github.com/mdmourao/CloudProjectGroup7","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdmourao%2FCloudProjectGroup7","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdmourao%2FCloudProjectGroup7/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdmourao%2FCloudProjectGroup7/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdmourao%2FCloudProjectGroup7/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mdmourao","download_url":"https://codeload.github.com/mdmourao/CloudProjectGroup7/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247411263,"owners_count":20934650,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud","docker","google","grafana","grpc","kubernetes","prometheus","rbac","security"],"created_at":"2024-12-19T05:15:28.905Z","updated_at":"2025-12-30T23:07:21.898Z","avatar_url":"https://github.com/mdmourao.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Project Cloud\n\nThe goal of the project is to develop a cloud native application that offers a set of services that provide\nrelevant information extracted from a dataset. The services will be provided through a REST API.\n\n## To deploy on the CLOUD!\n\nCreate a Project on google cloud  \nOpen gcloud shell:   \n```\ngit clone https://github.com/mdmourao/CloudProjectGroup7  \ncd CloudProjectGroup7  \nsh googlecloud.sh  \n```\n\nNote: If you already have the docker images pushed to the container registry just run:  \n```\nsh googlecloud_noDocker.sh\n```\n\n### To populate the db\n\n```\ncd DB\nsh db.sh\n```\nNote: If you already have the docker images of the db just run:  \n```\nsh db_noDocker.sh\n```\n\n### To use the services API\n\nExport the EXTERNAL-IP of the NGINX ingress controller in a variable:\n\n```\nexport NGINX_INGRESS_IP=$(kubectl get service nginx-ingress-ingress-nginx-controller -ojson | jq -r '.status.loadBalancer.ingress[].ip')\n```\n\nEnsure that you have the correct IP address value stored in the $NGINX_INGRESS_IP variable\n```\necho $NGINX_INGRESS_IP\n```\n\nAccess the web application by going to the:\n```\nhttp://$NGINX_INGRESS_IP.nip.io/[SERVICE_ENDPOINT]\n```\n\n### To setup Grafana Dashboard\n\n```\nhttp://$GRAFANA_IP:3000/\n```\n1. Open Configurations - Data Sources - Add Data Source - Prometheus\n2. URL: http://$PROMETHEUS_IP:9090/\n3. Save \u0026 Test\n4. Dashboard - Import - Import file from **Prometheus directory** - *grafanaDashboard.json*\n\nNote: Sometimes the graphs are empty you need to open the graph on the dashboard and set the Data Source again\n1. Edit - Data Source - Prometheus(deafult)\n\nYou can check:\n1. Number of requests for each microservices\n2. Time of the request for each microservices\n3. CPU usage per pod\n4. Memory usage per pod\n\n### Clean up\n\n```\nsh teardown.sh\n```\n\n### Links Dataset\n\nhttps://www.kaggle.com/najzeko/steam-reviews-2021   \nhttps://www.kaggle.com/trolukovich/steam-games-complete-dataset  \n\n## Elementos do Grupo\n\nAndré Grilo  \nCatarina Moita  \nMartim Mourão  \nThomas Marques  \nTomás Dias  \n\n### Organização\n\n1. System and API Architect (CEO) - Martim\n2. Networking  - Catarina\n3. Security Specialist - Thomas\n4. DevOps Officer - Tomas\n5. Data Scientist - Andre\n\n### Microservices \n\nMartim Mourão - Admin Operations \u0026 User Management  \nCatarinaMoita - WishList \u0026 Library  \nTomás Dias  - Reviews  \nThomas Marques  - Suggestions  \nAndré Grilo - Searchs  \n\n\n# Google Cloud\n\n(1) deploy the containers to a kubernetes cluster on the cloud (ALL)  \n\n(2) deploy the databases to Kubernetes volumes - (Catarina)  \n\n(3) use an HTTP(s) ingress to connect each external service to the cloud load balancer  (Tomas)  \n\n(4) configure kubernetes policy for scalability (HPA and if required VPA and Cluster)  (Thomas)  \n\n(5) expose only the services that really need to be accessed from the outside (ALL)  \n\n(6) use a managed authentication service and implement the planned authorization policies (Martim)  \n\n(7) configure resource utilization through requests and limits (try to be as cost-effective as possible) (ALL)  \n\n(8) setup metrics per pod for monitoring with Prometheus (Martim)  \n\n(9) setup your own probes for liveness, readiness and start-up (Grilo)  \n\n(10) implement rolling updates and rollback (Catarina)  \n\n# Security\n\n\nCheck the need for config maps (Todos)  \nActions with Git CA (Martim)  \n\n\n\n1. Managing multiple namespaces. Create different RBAC policies for each namespace.  \n    (TODOS)  \n    a. Criar namespace para o seu microserviço  \n    b. Role para seu microserviço  \n    c. ClusterRole para seu microserviço  \n    d. RoleBinding para seu microserviço  \n    Referencia: https://kubernetes.io/docs/reference/access-authn-authz/rbac/\n2. Check if the current configuration of the network architecture isolates critical points from the public Internet. (Grilo)\n3. Secure channels in all communications. (Martim)\n4. Creation of logs (Audit Logging). (Tomas)\n5. Creation of NetworkPolicy. (Catarina)\n6. Protection for DoS, each request needs an access token, to monitor maximum requests per user. (Martim/Catarina)\n7. Check for attack Broken Object Level Authorization (when sensitive fields within an object are incorrectly exposed),\n   test for database inputs injection. (Thomas)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmdmourao%2Fcloudprojectgroup7","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmdmourao%2Fcloudprojectgroup7","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmdmourao%2Fcloudprojectgroup7/lists"}