https://github.com/lokeshkarra/filehub-server-infra-devsecops

Complete CI/CD Pipeline using Jenkins and ArgoCD
https://github.com/lokeshkarra/filehub-server-infra-devsecops

Last synced: 4 months ago
JSON representation

Complete CI/CD Pipeline using Jenkins and ArgoCD

Host: GitHub
URL: https://github.com/lokeshkarra/filehub-server-infra-devsecops
Owner: lokeshkarra
License: apache-2.0
Created: 2025-04-11T19:12:30.000Z (6 months ago)
Default Branch: main
Last Pushed: 2025-04-14T09:44:12.000Z (6 months ago)
Last Synced: 2025-05-19T16:16:23.270Z (5 months ago)
Language: Python
Size: 333 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# 📁 FileHub Server - Cloud-Native Django Backend

A scalable, secure, and production-ready **Django backend** for a file management platform — built with modern DevSecOps principles using **Kubernetes, Jenkins, Argo CD, Terraform, AWS, Prometheus, and Grafana**.

---

## Architecture

---

## 🚀 Tech Stack

| Layer | Tech Used |
|---------------|------------------------------------------------|
| **Backend** | Django REST Framework, PostgreSQL (AWS RDS) |
| **CI/CD** | Jenkins (CI), Argo CD (CD), Docker |
| **Infra** | AWS EKS, RDS, S3, VPC, IAM — provisioned via Terraform |
| **Monitoring**| Prometheus, Grafana, Node Exporter, Django Metrics |
| **Storage** | AWS S3 for static files and uploads |
| **Frontend** | React + TypeScript (Hosted on Netlify) |

---

## 📦 Features

- 🧾 RESTful API for file management (upload, list, delete)
- ☁️ Static files uploaded directly to **AWS S3**
- 🐳 Dockerized and deployed via **Kubernetes (EKS)**
- 🔁 Continuous Integration via **Jenkins**
- 🚀 Continuous Deployment via **Argo CD** (GitOps)
- 📈 Application metrics via **django-prometheus**
- 📊 Monitoring dashboards via **Grafana**
- 🔐 Follows DevSecOps best practices

---

## 🧩 Architecture

```txt
+------------------+
| Netlify Frontend|
+--------+---------+
|
v
+--------+---------+
| Django Backend | <-- EKS Deployment (Docker)
| REST API |
+--------+---------+
|
+-----------------+------------------+
| |
v v
PostgreSQL (RDS) AWS S3 (Static files)
```

---

## ⚙️ Frontend Repo

[https://github.com/lokeshkarra/filehub-client.git](https://github.com/lokeshkarra/filehub-client.git)

---

## ⚙️ Infrastructure as Code (IaC)

Infrastructure is provisioned using **Terraform**:

- `terraform/vpc` - VPC, subnets, routing
- `terraform/iam` - IAM roles for EKS
- `terraform/eks` - EKS cluster + node groups

### 🚀 Deploy:
```bash
terraform init
terraform apply
aws eks update-kubeconfig --name --region
```

---

## 🛠️ Jenkins CI Pipeline

The Jenkins pipeline automates:

- Code checkout and build
- Docker image build + push
- Kubernetes manifest update (optional)
- Git commit triggers Argo CD sync

---

## 🌀 Argo CD for GitOps Deployment

- Automatically deploys any change in Kubernetes YAMLs
- Keeps Git and cluster always in sync

```bash
argocd app create filehub-backend \
--repo https://github.com/yourusername/your-k8s-manifests.git \
--path k8s \
--dest-server https://kubernetes.default.svc \
--dest-namespace default
```

---

## 🔐 Secure Secrets with SealedSecrets

All sensitive environment variables and Django secrets are stored using **SealedSecrets**, ensuring Kubernetes secrets are encrypted and Git-safe.

- Replace `k8s/secrets.yaml` with `k8s/sealed-secret.yaml`
- Sealed using `kubeseal` and Bitnami SealedSecrets controller
- Automatically decrypted and mounted at runtime in cluster

### 🔑 How to seal a secret:

```bash
kubectl create secret generic django-secret \
--from-literal=SECRET_KEY='your-secret-key' \
--dry-run=client -o yaml > secret.yaml

kubeseal --controller-name=sealed-secrets \
--controller-namespace=kube-system \
-o yaml < secret.yaml > sealed-secret.yaml
```

---

## 📊 Monitoring

- Prometheus scrapes Django metrics via `/metrics` endpoint
- Grafana dashboards visualize request count, latency, and error rates
- Node Exporter monitors system-level metrics

> Dashboards auto-provisioned via Terraform or Helm

---

## 🔍 Django Metrics Integration

```python
# settings.py
INSTALLED_APPS += ["django_prometheus"]
MIDDLEWARE = [
"django_prometheus.middleware.PrometheusBeforeMiddleware",
...
"django_prometheus.middleware.PrometheusAfterMiddleware",
]

# urls.py
path('', include('django_prometheus.urls'))
```

---

## 🧪 API Testing

Refer the following Link
[Github repo](https://github.com/lokeshkarra/filehub-server/blob/main/README.md#authentication)

---

## 🚧 Work in Progress

- [x] Backend API
- [x] Docker & Kubernetes deployment
- [x] Argo CD GitOps
- [x] Jenkins CI Pipeline
- [x] SealedSecrets for secure secrets
- [ ] Prometheus + Grafana monitoring
- [ ] Unit and integration tests
- [ ] Advanced S3 permission hardening

---

## 🧠 Learning Outcomes

- Kubernetes app deployment with EKS
- Secure AWS infrastructure provisioning via Terraform
- GitOps CI/CD using Argo CD
- End-to-end monitoring with Prometheus and Grafana
- Production-grade Django application design

---

## 📁 Repo Structure

```
.
├── app_code/
│ └── backend/
│ ├── Dockerfile
│ └── Django Server Code...
├── jenkins-pipeline/
│ └── jenkinsfile-backend
├── terraform/
│ ├── main.tf
│ ├── variable.tf
│ ├── outputs.tf
│ ├── vpc/
│ ├── eks/
│ ├── ec2/
│ └── iam/
└── k8s/
├── deployment.yaml
├── service.yaml
├── sealed-secret.yaml <-- 🔐 Sealed Secret
```

---

## 📜 License

[Apache 2.0](https://github.com/lokeshkarra/filehub-server-infra-devsecops?tab=Apache-2.0-1-ov-file)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/lokeshkarra/filehub-server-infra-devsecops

Awesome Lists containing this project

README