https://github.com/flobehejohn/doctrine-demo
https://github.com/flobehejohn/doctrine-demo
Last synced: 1 day ago
JSON representation
- Host: GitHub
- URL: https://github.com/flobehejohn/doctrine-demo
- Owner: flobehejohn
- Created: 2025-10-20T09:22:49.000Z (8 months ago)
- Default Branch: main
- Last Pushed: 2026-05-21T13:42:48.000Z (27 days ago)
- Last Synced: 2026-05-21T19:36:30.436Z (26 days ago)
- Language: PowerShell
- Size: 3.21 MB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Audit: audit/demo_audit/5xx.csv
- Security: docs/security/npm-audit-policy.md
Awesome Lists containing this project
README
# Doctrine Demo — DevOps Proof (Observability E2E)
[](https://github.com/flobehejohn/doctrine-demo/actions/workflows/ci.yml)
[](#stack)
[](#dashboards)
[](#run-demo)
[](#preuves)
**But :** montrer en un coup d’œil ma capacité à **déployer**, **observer** et **raconter** l’état d’une app (Node) sur Kubernetes avec **Prometheus / Grafana / Alertmanager**, dashboards provisionnés, requêtes PromQL, alertes, et **livrables partageables** (PNG, CSV, PDF).
_Extraits d’audit & preuves inclus dans `audit/demo_audit`._ ([rapport HTML/PDF + panneaux Grafana + CSV]).
## Sommaire
- Stack
- Schéma (vue rapide)
- Rejouer la démo (5 min)
- Dashboards & Requêtes clés
- Preuves livrées (recruteur)
- Traçabilité Git
## Stack
- **App** : Node.js + `prom-client` (metrics `/metrics`, `/healthz`)
- **Container** : Dockerfile non-root (UID 10001), healthcheck
- **Kubernetes** : Deployment, Service, HPA, PDB, Ingress
- **Observability** : Prometheus (scrape, rules), Alertmanager (route par défaut), Grafana (datasource & dashboards JSON provisionnés)
- **Scripting** : PowerShell pour audit, snapshots PNG/CSV, packaging
- **Infra as Code** : Manifests K8s + dossiers Terraform (eks/k3d)
## Schéma (vue rapide)
```text
[Users] -> Ingress -> Service (80->8080) -> Pods "doctrine-demo" (Node)
|
+-> /metrics -----------------------> Prometheus (Kube-Prometheus-Stack)
|
+-> Alertmanager (routes)
+-> Grafana (datasource + dashboards JSON)
```
## Rejouer la démo (5 min)
```bash
# App container
docker build -t doctrine-demo:local -f Dockerfile .
docker run -p 8080:8080 doctrine-demo:local
# K8s (extraits)
kubectl apply -f k8s/sa.yaml
kubectl apply -f k8s/deployment.yaml
kubectl apply -f k8s/service.yaml
kubectl apply -f k8s/hpa.yaml
kubectl apply -f k8s/pdb.yaml
kubectl apply -f k8s/ingress.yaml
# Monitoring
kubectl apply -f monitoring/grafana/datasources/grafana-datasource-prom.yaml
kubectl apply -f monitoring/prometheus.yml
kubectl apply -f monitoring/prometheusrule.yaml
kubectl apply -f monitoring/alertmanager.yml
kubectl apply -f monitoring/podmonitor-app.yaml
```
**Astuce incident :** passer `latency_ms` à `300` dans `k8s/deployment.yaml` (ConfigMap) pour déclencher l’alerte p95.
## Dashboards & Requêtes clés
- `RPS` : `sum(rate(http_requests_total[1m])) by (route)`
- `p95` : `histogram_quantile(0.95, sum(rate(http_request_duration_seconds_bucket[5m])) by (le, route))`
- `5xx` : `sum(rate(http_requests_total{code=~"5.."}[5m])) by (route)`
- `CPU` : `sum(rate(container_cpu_usage_seconds_total{pod=~"doctrine-demo.*"}[5m]))`
- `RAM` : `sum(container_memory_working_set_bytes{pod=~"doctrine-demo.*"})`
## Livrables
`audit/demo_audit/`
- `images/panel_01..06.png` : RPS, p95, 5xx, CPU, RAM, Restarts
- `rps.csv`, `p95.csv`, `5xx.csv`, `cpu.csv`, `mem.csv` : tableaux de synthèse 8h
- `report.html`, `report.pdf` : rapport prêt à partager (cluster, pods, services, targets & alertes)
- `alerts.json`, `targets.json` : cibles Prometheus & alertes actives (preuve SRE)
- `demo.gif` : aperçu animé (si ImageMagick installé lors de l’audit)
Un exemple de rapport généré est visible dans le repo (section Graphiques + Tableaux) pour un partage immédiat.
## Traçabilité Git
- Commit conventionnel : `feat(repo): demo DevOps observability E2E + preuves (Grafana/Prom/AM)`
- Tags : `demo-v1` + timestamp `audit-YYYYMMDD-HHmm` pour snapshoter l’audit
- Remote cible : `https://github.com/flobehejohn/doctrine-demo`
## Staff-level CI & Observability Proof
This repository now includes a Staff-level proof gate for CI and observability:
- strict local core gate: scripts/validate-full.ps1 -SkipDocker;
- HTTP contract tests for /healthz, /search, and /metrics;
- GitHub Actions split between core and container;
- observability proof inventory under docs/proofs/observability-evidence.md;
- Docker-deferred validation strategy under docs/operations/docker-deferred-validation.md;
- ADR and case study documentation under docs/adr/ and docs/case-studies/.
## 3-minute review path
Pour une lecture rapide du case study :
1. [Recruiter one-pager](./docs/presentation/recruiter-one-pager.md)
2. [Release scorecard](./docs/presentation/release-scorecard.md)
3. [Staff / Lead review guide](./docs/presentation/staff-review-guide.md)
4. [Evidence gallery](./docs/presentation/evidence-gallery.md)
5. [Observability evidence index](./docs/proofs/observability-evidence.md)
6. [npm audit policy](./docs/security/npm-audit-policy.md)
7. [GitHub Actions Node 24 readiness](./docs/operations/github-actions-node24-readiness.md)
Le repo distingue volontairement la preuve locale sans Docker (`validate-full.ps1 -SkipDocker`) et la preuve container distante via GitHub Actions.
## Hardening readiness path
Cette section répond explicitement aux objections classiques d’un entretien DevOps/SRE senior :
1. [PowerShell cross-platform rationale](./docs/operations/powershell-crossplatform-rationale.md)
2. [GitOps readiness](./docs/gitops/README.md)
3. [Terraform remote state readiness](./docs/terraform/remote-state-readiness.md)
4. [Shift-left SAST readiness](./docs/security/shift-left-sast-readiness.md)
5. [ArgoCD example application](./gitops/argocd/doctrine-demo-application.example.yaml)
Le repo ne prétend pas être une plateforme Kubernetes complète de production. Il montre un socle démontrable, auditable et extensible vers GitOps, remote state Terraform et DevSecOps.