{"id":25918089,"url":"https://github.com/nrndev/ultimate-stack","last_synced_at":"2025-03-03T14:02:50.991Z","repository":{"id":217086075,"uuid":"350954574","full_name":"nrndev/ultimate-stack","owner":"nrndev","description":"Ultimate Stack [Glotixz] is a  Event Driven Microservices  Ecommerce App  running on Kubernetes with Istio as the service-mesh and cloudnative serverless components by knative and deployed to kubernetes via Gitops pipeline with ArgoCD and the kubernetes platform is built as Infrastructure as Code [IaC] with Terraform.","archived":false,"fork":false,"pushed_at":"2021-04-24T16:51:54.000Z","size":11285,"stargazers_count":21,"open_issues_count":1,"forks_count":9,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-03T14:02:19.332Z","etag":null,"topics":["argocd","aws","aws-eks-cluster","azure","azure-aks","civo-k3s","cloudnative-services","event-driven","expressjs","gitops-pipeline","istio","javascript","knative-serving","kubernetes","longhorn","microservices","nextjs","okteto","terraform","typescript"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nrndev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2021-03-24T05:17:44.000Z","updated_at":"2024-08-24T19:22:15.000Z","dependencies_parsed_at":"2024-01-14T13:56:29.801Z","dependency_job_id":null,"html_url":"https://github.com/nrndev/ultimate-stack","commit_stats":null,"previous_names":["narenarjun/ultimate-stack","nrndev/ultimate-stack"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nrndev%2Fultimate-stack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nrndev%2Fultimate-stack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nrndev%2Fultimate-stack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nrndev%2Fultimate-stack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nrndev","download_url":"https://codeload.github.com/nrndev/ultimate-stack/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241678154,"owners_count":20001682,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argocd","aws","aws-eks-cluster","azure","azure-aks","civo-k3s","cloudnative-services","event-driven","expressjs","gitops-pipeline","istio","javascript","knative-serving","kubernetes","longhorn","microservices","nextjs","okteto","terraform","typescript"],"created_at":"2025-03-03T14:01:45.729Z","updated_at":"2025-03-03T14:02:50.984Z","avatar_url":"https://github.com/nrndev.png","language":"TypeScript","readme":"# \u003cdiv align=\"center\" \u003e✨Glotixz - Ultimate Stack \u003c/div\u003e\n\n\n **Ultimate Stack** *[Glotixz]* is a  Event Driven Microservices Ecommerce App deployed and  running on `Kubernetes` with `istio` as the *`service-mesh`* and cloudnative serverless components by `knative` and deployed to `Kubernetes` via Gitops pipeline with `ArgoCD` and the kubernetes platform is built as Infrastructure as Code [IaC] with `Terraform` .\n\n\nThe complete Glotixz microservices apps are developed and deployed in [CIVO Kubernetes platform](https://www.civo.com/).\n\n\u003e #### ✨✨✨Note 📚:\n\u003e The deployments are optimized only for staging k8s cluster only and not yet for production cluster.\n\n## ✨✨✨ Overview 🍁:\n\nUltimate Stack [Glotixz] is a Typescript/Javascript based fullstack ecommerce app which can be used to sell tickets for events by users registered in the app and payment is fullfilled by [stripe](stripe.com).\n\nThe Backend services are a microservices built with [Expressjs](https://expressjs.com/) + [Typescript](https://www.typescriptlang.org/) which are event driven systems with the [`nats-streaming-server`](https://nats.io/) as the event-bus publishing/delivering events from and  to the services respectively.\n\nAll the backend serivces along with their respective databases and frontend is deployed in kubernetes by Gitops via [`ArgoCD`](https://argoproj.github.io/projects/argo-cd/)\n\nThe complete overview of the Architecture and workflow:\n\n![Glotix - (Ultimate Stack) Overall Architecture Overview](./pictures/ultimate-stack-overview.png \"Glotix - (Ultimate Stack) Overall Architecture Overview\")\n\n\n\n#### ✨Tools used during development and pre \u0026 post deployment 🛠️ :\n\n- [vscode](https://code.visualstudio.com/) - Code Editior of choice\n- [okteto cli](https://okteto.com/docs/getting-started/installation) - cloudnative dev container management tool\n- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) - CLI to interact with Kubernetes Cluster\n- [kubens \u0026 kubectx](https://github.com/ahmetb/kubectx) - awesome tools to help with switiching namespaces and cluster contexts respectively with ease\n- [istioctl](https://istio.io/latest/docs/setup/getting-started/#download) - CLI to install and interact with istio in the k8s cluster\n- [kubeseal](https://github.com/bitnami-labs/sealed-secrets/releases) - CLI to create sealedsecrets by interacting with the k8s cluster\n- [terraform](https://www.terraform.io/downloads.html) - To provision k8s cluster and other resources with the preferred providers via IaC [Infrastructure as Code]\n- [kn](https://www.knative.dev/docs/client/install-kn/) - CLI to create/interact with KNative deployments in the k8s cluster\n- [argocd](https://github.com/argoproj/argo-cd/releases/latest) - CLI to interact with argocd resources in the kubernetes cluster\n- [draw.io](draw.io) - to create the architecture overview diagram\n- [Excalidraw](https://www.excalidraw.com/) - used to sketch out various simple architecture decision diagrams\n\n### ✨✨ Cloud Native development ☸️:\n\nThis project is entirely built with cloud native development process on kubernetes with the use of the [okteto cli](https://okteto.com/docs/getting-started/installation). \nOkteto cli make the development process ease with the use of the [okteto.yaml](https://okteto.com/docs/reference/manifest) manifest file as it does the abstraction of connection between the local IDE/Editor (vscode was my preferred editor).\n\nEvery service folder will have a [`okteto.yml`]('./Auth-Service/okteto.yml') manifest file. This file can be generated with followig command:\n\n```bash\n\n$\u003e\u003e okteto init\n\n```\n\nThe `okteto init` command will scan the available deployments in your Kubernetes namespace, and ask you to pick one deployment where we want to do our development.\n\n\u003e ### ✨✨Note 📚:\n\u003e *Okteto CLI* will work only if we have the kubernetes config file set in the `~/.kube` folder or `KUBECONFIG=\"/Foldername/config\"` as a environment variable. \n\nthe okteto.yml file will be like the following:\n\n```yaml\n\n#this it the developemt-service name we can set which will reflect in the k8s environment dev container in the deployment.\n\nname: mcs-auth-service \n\n# autocreate when set to true will create a new deployment if it's not present already.\n\nautocreate: true \n\n# this is the container image used inside the development container.\n\nimage: quay.io/narendev/fishnode:1.0\n\n# the first command which to be executed when the dev container is up.\n\ncommand: fish\n\n# This will set which folders \u0026 files to track and sync for the new changes happens in the dev container to the local files respectively. [The synchronization is completely taken care by the okteto cli (which is awesome !!!) ]\n\nsync:\n- .:/usr/src/app\n\n# These are the ports forwarded from the container to the local system\n\nforward:\n- 9229:9229\n- 3000:3000\npersistentVolume: {}\n\n# Annotations which needs to be applied on the container while deploying can be mentioned under this `annotations` section\n\nannotations:\n  sidecar.istio.io/inject: \"false\"\n\n```\n\nNow, we have the `okteto.yml` file, now run the okteto command to start/stop the dev container in the kubernetes:\n\n\nTo starting the dev container:\n```bash\n\n$\u003e\u003e okteto up\n\n```\n\nTo stop the dev container:\n```bash\n\n$\u003e\u003e okteto down\n\n```\n\n\n\u003e ### ✨✨Note 📚:\n\u003e Okteto have a vscode extension which will help a lot by streamlinging the dev process by just few clicks.\n\u003e [https://marketplace.visualstudio.com/items?itemName=okteto.remote-kubernetes](https://marketplace.visualstudio.com/items?itemName=okteto.remote-kubernetes)\n\n### ✨✨ Infrastructure as Code with Terraform:\n\n[Terraform](https://www.terraform.io) is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.\n\nThe kubernetes clusters is created with the terrafrom.\n\nIt's a good practice to have a `dev`, `staging` and `production` clusters to streamline the `development` , `testing` and `production` deployment process aligned respectively.\n\nThese different clusters can be created with ease by using terraform and utilizings it [`workspace`](https://www.terraform.io/docs/language/state/workspaces.html) feature to create many cluster with the same config in the provider of our choice.\n\nhttps://www.terraform.io/docs/language/state/workspaces.html\n\nVersion of terraform used:\n```bash\n$\u003e\u003e terraform version\nTerraform v0.15.0\n\n```\nThe terraform IaC codes is in the ['./Terraform'](\"./Terraform\") folder.\n\n\n### ✨✨ Frontend:\n\nThe Frontend for the Glotixz app is created by using the [`NextJS`](https://nextjs.org/) - a reactjs based Javascript framework.\n\n\n\n### ✨✨ Details of the Backend MicroServices ⛓️:\nThe Backend services are written in `Typescript` with `Expressjs` web framework  which runs on the `NodeJS` **v14** runtime.\n\nThere are a total of 5 microservices which handles one core group functionality each respectively. The microservices are:\n- `Auth-Service`\n- `Expiration-Service`\n- `Orders-Service`\n- `Payment-Service`\n- `Ticket-Service`\n\nAll the services endpoints are covered with tests via `Jest` testing library.\n\n#### ✨ Auth-Service : \nThis microservice have endpoints for the user creation `signup` and authentication of users like `signin`,`signout` and `currentuser`. The authroization is done via creation of `JWT` tokens which are sent via `Cookies` \\ `Session-Cookies` which is used by the other microservices to know about the user access and authorization privilages.The auth-service uses a `MongoDB` as its' database which is also deployed in the cluster as a `statesfulset` resource.\n\nThe [`Auth-Service`]('./Auth-Service') folder have the code for the Auth-Service microservice.\n\n#### ✨ Expiration-Service:\nThis microservice endpoints are used internally by other microservices and not exposed to the users. This microservice keeps track of the expiraiton time and sends a `event` to the `event-bus` when the expiration time for a order is reached. This microservies use a redisDB as its' database which is also deployed in the cluster as a `statefulset` resource.\n\nThe [`Expiration-Service`]('./Expiration-Service) folder have the code for the Expiration-Service microservice.\n\n#### ✨ Orders-Service:\nThis microservice have endpoints for the order creation, listing , deleting and showing a particular order. The Orders-Service will expect to receive the `Authentication Cookie` to validate if the user is authenticated to access the protected routes along with the request. The orders-service uses a `MongoDB` as its' database which is also deployed in the cluster as a `statesfulset` resource.\n\nThe [`Orders-Service`]('./Orders-Service') folder have the code for the Orders-Service microservice.\n\n\n#### ✨ Payment-Service:\nThis microservice have endpoints for fullfilling a Orders' payment with [`Stripe`](https://www.stripe.com). The Payment-Service will expect to receive the `Authentication Cookie` to validate if the user is authenticated to access the protected routes along with the request. The payment-service uses a `MongoDB` as its' database which is also deployed in the cluster as a `statesfulset` resource.\n\nThe [`Payment-Service`]('./Payment-Service') folder have the code for the Payment-Service microservice.\n\n\n#### ✨ Ticket-Service:\nThis microservice have endpoints for the creation,listing, updating and showing tickets. The Ticket-Service will expect to receive the `Authentication Cookie` to validate if the user is authenticated to access the protected routes along with the request. The Ticket-service uses a `MongoDB` as its' database which is also deployed in the cluster as a `statesfulset` resource.\n\nThe [`Ticket-Service`]('./Ticket-Service') folder have the code for the Ticket-Service microservice.\n\n\n### ✨✨ Swagger OpenAPI spec:\nThe Backend services endpoints are documented with [**Swagger OpenAPI spec** `Version 3.0.3`](https://swagger.io/specification/) and hosted with swagger express UI in the service itself.\n\nLinks to the Backend services Swagger Docs:\n- [`Auth-Service`](http://e20b4706-9ba3-4496-a857-b8b531dd5a38.k8s.civo.com/api/auth/docs/)\n- [`Orders-Service`](http://e20b4706-9ba3-4496-a857-b8b531dd5a38.k8s.civo.com/api/orders/docs/)\n- [`Payment-Service`](http://e20b4706-9ba3-4496-a857-b8b531dd5a38.k8s.civo.com/api/payments/docs/)\n- [`Ticket-Service`](http://e20b4706-9ba3-4496-a857-b8b531dd5a38.k8s.civo.com/api/tickets/doc)\n\n![Glotixz Order-Service Swagger Spec](./pictures/glotixz-swagger-spec.PNG \"Order-service Glotixz Backend Service Swagger Spec\")\n\u003e ### ✨✨ Note 📚:\n\u003e The following VS Code extension OpenAPI (swagger) Editor was very useful while writting the swagger specs.\n[https://marketplace.visualstudio.com/items?itemName=42Crunch.vscode-openapi](https://marketplace.visualstudio.com/items?itemName=42Crunch.vscode-openapi)\n\n### ✨✨ Common Modules Published to NPM 📁⬇️⬆️:\nMost commonly used methods, middlewars and object model types are abstracted and created into a javascript library which is in the [./Library/common](\"./Library/common\") folder.\n\nThis common module is published into the npm as standalone package which can be downloaded by our microservices.\n\n```bash\n\n#  with npm\n$\u003e\u003e npm i @wowowow/common\n```\nor\n```bash\n# with yarn\n$\u003e\u003e yarn add @wowowow/common\n```\n\nhere is the package url: [https://www.npmjs.com/package/@wowowow/common](https://www.npmjs.com/package/@wowowow/common)\n\n### ✨✨ EventBus ◀️↔️▶️:\n[Nats-Streaming-Server](https://nats.io) is the event-bus of choice for the Glotixz fullstack event driven microservices app.  \n\n![Nats-Streaming-Server-EventBus](./pictures/nats-eventbus.png \"\")\n\nNodeJS [NATS-Streaming-Server](https://www.npmjs.com/package/node-nats-streaming) client is used in the each of the microservices to `publish` and `listen` to the events respectively.\n\n```bash\n\n$\u003e\u003e npm i node-nats-streaming\n\n#   or  \n\n$\u003e\u003e yarn add node-nats-streaming\n\n```\n\u003e ### ✨✨ Note 📚:\n\u003e  while using `NATS-Streaming-Server` with `istio` servicemesh, the names of the exposed ports in the  kubernetes service for the Nats-streaming-server deployment must follow the istios' port naming convention as mentioned in the [**`Istio`** docs.](https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/)\n\u003e During deployment this have caused a issues which led the backend services not working as intented as the istio-side cars blocked the incoming/outing requests from the eventbus.\n\u003e  https://github.com/nats-io/nats-operator/issues/88 \n\n\n### ✨✨ ServiceMesh ✳️:\n\nIstio is the service mesh chosen for this event-driven microservices.\n\nFor now, the `PeerAuthentication` is set in mtls `PERMISSIVE` mode. [which can be upgraded to `STRICT` mode if required.]\n\nInstallation yamls for istio is in the [\"./kubernetes/staging/cluster-setup/istio-install/install-manifest-istio.yaml\"](./kubernetes/staging/cluster-setup/istio-install/install-manifest-istio.yaml) file.\n\nThe above yaml is generated via the `istioctl` CLI:\n\n```bash\n\n$\u003e\u003e istioctl manifest generate --set profile=demo \u003e install-manifest-istio.yaml\n\n```\n\u003e ### ✨✨ Note :\n\u003e The istio version installed in the cluster is:\n\u003e ```bash\n\u003e $\u003e\u003eistioctl version\n\u003e client version: 1.9.0\n\u003e control plane version: 1.9.0\n\u003e\n\u003e```\n\u003e\n\nHere is the routes overview seen in the `Kiali` dashboard graph ,which also show the traffic coming into the cluster.\n![Kiali dashboard graph shows routes traffic](./pictures/glotixz-kiali-overview.PNG \"kiali dashboard shows routes and traffic\")\n\n\u003e ### ✨✨Note 📚:\n\u003e `Kiali` is one of the observability add-ons which is compatible with istio, the following metrics of routes and it's traffic is collected via the sidecar injected into the pods of the deployment.\n\n#### ✨ Reasons for choosing istio:\n* Istio comes with a  traffic management solution  and have routing ingress gateway called \"Istio IngressGateway\" which is powered by `Envoy` , it is a powerful L7 Proxy which acts as the ingress controller\n* Routing for Services can be created by utilizing `VirtualService` and `Gateway` API object exposed by Istio.\n* Istio have automatic side-car injection to all the pods in the  deployments and statefulsets in a namespace, if that namespace has a Labeled `istio-injection=enabled`.\n* Istio have powerful mutual TLS support which can upgrade all the traffic from http to https and istio will take care of the issuing and maintaining the tls certificate with ease.\n* Istio's authentication and authorization policies can be used to restrict and enable communication between containers in the pod as per our intented wish. With `AuthorizationPolicy` set on a workload, we can lock down which containers can make network requests and which can't.\n* Istio is one of the supported mesh used by [KNative](https://knative.dev/docs/install/install-serving-with-yaml/#install-a-networking-layer).\n\n\u003e### ✨✨ Note 📚:\n\u003e To disable sidecar injection in one or many pods on the deployments in the namespace, we can add the following annotation in the deployment yaml.\n\u003e ```yaml\n\u003e annotations:\n\u003e   sidecar.istio.io/inject: \"false\"\n\u003e ```\n\n### ✨✨Longhorn 🗨️:\nStorageclasses are important in managing and assigning storage volumes via PV and PVC to a deployment or a StatefulSet.\n\n[`Longhorn`](https://longhorn.io/) is a lightweight, reliable and easy-to-use distributed block storage system for Kubernetes is the chosen storageclass to manage stroage volumes for this project.\n\nInstalling Longhorn in the k8s cluster:\n\n```bash\n$\u003e\u003e kubectl apply -f ./kubernetes/staging/cluster-setup/longhorn-install/longhorn-install.yaml\n```\n\nThe longhorn UI dashboard can be accessed via port-forwarding with kubectl:\n```bash\n\n# port-forwarding the longhorn UI\n$\u003e\u003e kubectl -n longhorn-system  port-forward svc/longhorn-frontend 80:80\n\n```\n\n\n![Longhorn UI dashboard](./pictures/glotixz-longhorn.PNG \"longhorn UI dashboard showing storage Info\")\n\n### ✨✨ Secret Management 🔏:\nSecrets are sensitive info which are critical for the working of the app and it shouldn't be publicly exposed, which makes the management of secrets a **Herculean** task as we can't store them in git repos.\n\nTo overcome this shortfalls, Kubernetes community have `Sealed Secrets`. \n\n`Sealed Secrets` are a \"one-way\" encrypted Secret that can be created by anyone, but can only be decrypted by the controller running in the target cluster. \nThe `Sealed Secret` is safe to **share publicly, upload to git repositories, share on blogs, tweets, etc**. Once the `SealedSecret` is safely uploaded to the target Kubernetes cluster, the sealed secrets controller will decrypt it and recover the original Secret.\n\nThe SealedSecrets implementation have two parts:\n\n* A controller that runs in-cluster, and implements a new SealedSecret Kubernetes API object via the \"third party resource\" mechanism.\n* A `kubeseal` CLI that encrypts a regular Kubernetes Secret object (as YAML or JSON) into a SealedSecret.\n\nOnce decrypted by the controller, **the enclosed Secret can be used exactly like a regular K8s Secret.**[just like a regular kubernetes secret]\n\nInstalling Sealed Secrets in the Cluster:\n\n```bash\n\n$\u003e\u003e kubectl apply -f ./kubernetes/staging/cluster-setup/sealed-secrets-install/sealed-secret-install.yaml\n\n```\n⭐🎉🎉🎉`SealedSecrets` is the `Gitops` way of managing secrets and it's never been eaiser than now.\n\nMore details about the working of the sealed secrets can be found in my [sealedsecrets-explored repo](https://github.com/narenarjun/sealedsecrets-explored)\n\n\n\u003e ### ✨✨ Note 📚:\n\u003e There are other secret management soultions exists for kubernetes such as HashiCorps' Vault, Azure Key Vault, AWS Secrets Manager ,etc.,.\n\n### ✨✨ Container Image Repository 🚢:\n[Quay](quay.io) is the container Image Repository chosed for building and storing all the container images related to this Ultimate stack project/repo.\n\n[Quay](quay.io) is Red Hat®s'  private container registry that stores, builds, and deploys container images. It analyzes container images for security vulnerabilities, identifying potential issues that can help you mitigate security risks.\n\nA new organization called \"[`Ultimate stack`](https://quay.io/organization/ultimatestack)\" is created in Quay to store all the container images related to this microservice project.\n\n\u003ca href=\"https://quay.io/organization/ultimatestack\"\u003e![Glotixz Ultimate Stack image repository ](./pictures/glotixz-quay-repository.PNG \"image of containers in the ultimatestack organization image repository in quay\")\u003c/a\u003e\n\nAll the container are built via git based build triggers set in quay registry which are triggered to a build when a commit is made.\n\n\n### ✨✨ Gitops 🧿:\n\nGitOps is the modern way of implementing Continuous Deployment and Continuous Integration [CI/CD] for cloud native applications in the kubernetes cluster.\n\n#### ✨ ArgoCD 🐙:\n\n[ArgoCD](https://argoproj.github.io/projects/argo-cd) is the choice of Gitops tool chosen to do Continuous deployment for this project.\n[ArgoCD](https://argoproj.github.io/projects/argo-cd) is a declarative, GitOps continuous delivery tool for Kubernetes.\n\nArgoCD is installed in the `argocd` namespace in the k8s cluster.\n\n```bash\n\n# creating the argocd namespace first\n$\u003e\u003e kubectl apply -f ./kubernetes/staging/cluster-setup/argocd-install/argocd-namespace.yaml\n\n\n#installing argocd in the cluster \n$\u003e\u003e kubectl apply -f  ./kubernetes/staging/cluster-setup/argocd-install/argocd-install.yaml\n\n```\n\nNow the ArgoCD is installed in the cluster, we can create a argocd application \nto do the Continuous Deployment into the K8s cluster.\n\nThe argocd application config is declaratively defined in the [./kubernetes/staging/gitops-setup/argocd-app-config.yaml](./kubernetes/staging/gitops-setup/argocd-app-config.yaml) file.\n\n\n```bash\n\n# creating the argocd app with default project\n$\u003e\u003e kubectl apply -f ./kubernetes/staging/gitops-setup/argocd-app-config.yaml\n\n```\n\nThe ArgoCD app is set to track for the changes happening in the [gitops](\"./gitops\") folder.\n\n![ArgoCD successful deployment seen in the ArgoCD UI](./pictures/glotixz-app-argocd-deploy.png \"ArgoCD UI showing successful deployments\")\n\n\nSync policy is set to automated, prune is set to false and self-heal is set to true in the argocd application.\n\n```yaml\nsyncPolicy:\n    automated:\n      prune: false\n      selfHeal: true\n```\n\u003e ### ✨✨ Note 📚:\n\u003e ArgoCD UI can be accessed via port-forwarding the argocd svc:\n\u003e```bash\n\u003e $\u003e\u003e kubectl port-forward svc/argocd-server -n argocd 8080:443\n\u003e```\n\u003e the password for login and how to reset can be found in the [docs here](https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli).\n\n\n#### ✨ Tekton :\n\n[Tekton](https://tekton.dev/) is a powerful and flexible open-source framework for creating CI/CD systems,\nallowing developers to build, test, and deployacross cloud providers and on-premise systems.\n\nTekton pipelines are very powerful and it can be run directly in the k8s cluster.\n\nInstalling tekton in the cluster:\n```bash\n$\u003e\u003e kubectl apply -f ./kubernetes/staging/cluster-setup/tekton-install/tekton-install.yaml\n```\n\nTekton comes with a `tkn` cli to create tasks and pipelines.\n\n\u003e tekton pipelines for the glotixz - ultimate stack project is still under desigining phase and testing phase. Will be added to the repo once it's done.\n\n\n### ✨✨ Observability, Monitoring and Tracing:\nWhile installing `istio`, the addons for observability and monitoring such `prometheus`, `jaeger`,`grafana`,`kiali` which are paired well with istio are installed.\n\nThe installation yamls for these addons are in the [./kubernetes/staging/cluster-setup/istio-install/addons/](\"./kubernetes/staging/cluster-setup/istio-install/addons/\") folder.\n\n```bash\n\n# changing to the istio-install/addons/ folder\n$\u003e\u003e cd ./kubernetes/staging/cluster-setup/istio-install/addons/\n\n# installing all of them into the k8s cluster\n$\u003e\u003e kubectl apply -f .\n\n```\n\u003e ### ✨✨ Note 📚:\n\u003e All the obervability and monitoring addons are installed with default configuration provided with the istio release\n\n\n#### ✨ Kiali:\n`Kiali` is an observability console for Istio with service mesh configuration and validation capabilities. It helps you understand the structure and health of your service mesh by monitoring traffic flow to infer the topology and report errors. Kiali provides detailed metrics and a basic `Grafana` integration, which can be used for advanced queries. Distributed tracing is provided by integration with `Jaeger`.\n\nAccessing the kiali dashboard:\n\nwith `istioctl`:\n```bash\n$\u003e\u003e istioctl dashboard kiali\n```\n\nwith `kubectl`:\n```bash\n$\u003e\u003e kubectl -n istio-system port-forward svc/kiali 20001:20001\n```\n\n#### ✨ Grafana:\n`Grafana` is an open source monitoring solution that can be used to configure dashboards for Istio. \nWe can use Grafana to monitor the health of Istio and of applications within the service mesh.\n\nThe metrics from the glotixz app:\n![Grafana dashboard](./pictures/glotixz-grafana-overview.PNG \"grafana dashboard showing workload metrics\")\n\n#### ✨ Prometheus:\nPrometheus is an open source monitoring system and time series database. We can use Prometheus with Istio to record metrics that track the health of Istio and of applications within the service mesh. We can visualize metrics using tools like Grafana and Kiali.\n\n\n#### ✨ Jaeger:\n`Jaeger` is an open source end to end distributed tracing system, allowing users to monitor and troubleshoot transactions in complex distributed systems.\n\nApp overview in the Jaeger Dashboard:\n![Jaeger App Architecture Overview in dashboard](./pictures/glotixz-jaeger-overview.PNG \"Glotixz App system architecture\")\n\nTracing for the requests in the Jaeger Dashboard:\n![tracing in Jaeger dashboard UI](./pictures/glotixz-jaeger-traces-overview.PNG \"Jaeger dashboard tracing overview\")\n\n\u003e ### ✨✨ Note 📚:\n\u003e All the metrics are collected from the istio sidecar injected into the pods in the deployments.\n\u003e Application level Observability, tracing and monitoring needs to be built into the app, so that we can get fine  grain details of the realtime process from inside the app for each requests and operations.\n\n\u003c!--\n# total overview of the app and deployment architecture  ✅\n    # tools used ✅\n# building everything via cloud native development ✅\n\n# details of the services and it's components ✅\n# event bus ✅\n# service mesh ✅\n# secret management ✅\n# Container repository ✅ \n# Gitops ✅\n  # tekton piplines needs to be done 🌀\n# Observability, tracing and monitoring ✅ \n# Terraform [IaC]\n# Futher Future Improvements ✅\n --\u003e\n\n\u003c!-- ### ✨✨  --\u003e\n### ✨✨ Futher Future Improvements ⏳:\nThese are the possible future improvement which can be made to make the even more solid and functional. They are:\n- ☐ Upgrade connection from `http` to `https` with TLS certifactes by use of `cert-manager` which automates certificate management in the k8s cluster.\n- ☐ Lock `authentication` and `authorization` access to the apps deployemts and to it's relative Database statefulset deployemts respectively in the Istio's `PeerAuthentication` mode set to `STRICT`.\n- ☐ Move to use a solid Typescript based framework like nestjs for the Backend APIs.\n- ☐ Implement and Migrate the backend service from the `cookie/cookie-session` based authentication to the `Authentication bearer token` based auth.\n- ☐ Improve  styling in the Frontend App.\n- ☐ Make Frontend a static site and remove all the SSR components and use `redux` or `redux-tool` for solid statemanagment and use `typescript` in the frontend too.\n- ☐ Create and deploy database with replicasets with primary and secondary replicators enabled with data replication. https://docs.mongodb.com/manual/core/replica-set-architecture-three-members/\n- ☐ Improve cluster security with using [Falco](https://falco.org/).\n- ☐ Create and add more Services such as `Ads-service`, `User-service`, `Recommendation-Service` and `Email-service` respectively in accordance with their useage to the Glotixz app.\n- ☐ Add `Chaos-Testing` \n- ☐ Create and add kustomise templated for the k8s yamls for the glotixz app\n- ☐ Test the application in a `Openshift` environment\n- ☐ Try to create IaC with [pulumi](https://www.pulumi.com/)","funding_links":[],"categories":["📦 Legacy \u0026 Inactive Projects","TypeScript"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnrndev%2Fultimate-stack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnrndev%2Fultimate-stack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnrndev%2Fultimate-stack/lists"}