https://github.com/sloweyyy/cloud-native-ecommerce-platform
Cloud-native e-commerce platform built on .NET 8 microservices with React/Nx microfrontends, containerized for Docker/Kubernetes, integrating MongoDB, Redis, PostgreSQL, SQL Server, RabbitMQ, and Ocelot API gateway (with legacy Angular included)
https://github.com/sloweyyy/cloud-native-ecommerce-platform
angular cloud-native csharp devops docker dotnet elasticsearch elk-stack grafana istio jaeger kibana kubernetes logstash microservice prometheus
Last synced: about 1 month ago
JSON representation
Cloud-native e-commerce platform built on .NET 8 microservices with React/Nx microfrontends, containerized for Docker/Kubernetes, integrating MongoDB, Redis, PostgreSQL, SQL Server, RabbitMQ, and Ocelot API gateway (with legacy Angular included)
- Host: GitHub
- URL: https://github.com/sloweyyy/cloud-native-ecommerce-platform
- Owner: sloweyyy
- License: mit
- Created: 2025-03-29T16:52:37.000Z (11 months ago)
- Default Branch: main
- Last Pushed: 2026-01-14T06:43:56.000Z (about 1 month ago)
- Last Synced: 2026-01-14T09:22:54.186Z (about 1 month ago)
- Topics: angular, cloud-native, csharp, devops, docker, dotnet, elasticsearch, elk-stack, grafana, istio, jaeger, kibana, kubernetes, logstash, microservice, prometheus
- Language: TypeScript
- Homepage:
- Size: 81 MB
- Stars: 17
- Watchers: 1
- Forks: 3
- Open Issues: 36
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
README
# Cloud-Native E-Commerce Platform
[](https://dotnet.microsoft.com/)
[](https://react.dev/)
[](https://nx.dev/)
[](https://www.typescriptlang.org/)
[](https://aws.amazon.com/eks/)
[](https://kubernetes.io/)
[](https://www.docker.com/)
[](LICENSE)
> **Enterprise-grade cloud-native e-commerce platform** built with modern microfrontend architecture, microservices, and cloud-native DevOps. Production-ready with full observability, security scanning, and multi-environment deployment.
## โจ Key Features
- **๐๏ธ Microfrontend Architecture** - Webpack Module Federation with runtime composition, independent deployment, and shared authentication
- **โ๏ธ Enterprise Cloud Infrastructure** - AWS EKS with auto-scaling, multi-AZ, CloudFormation IaC, and IRSA for secure AWS access
- **๐ฏ Microservices Backend** - Clean Architecture with CQRS pattern, event-driven design, and gRPC communication
- **๐ Full Observability** - Elastic Stack, Prometheus, Grafana, Jaeger distributed tracing, and Istio service mesh
- **๐ Security & Compliance** - JWT authentication, IRSA, Istio mTLS, Trivy/CodeQL scanning, and secrets management
- **๐จ Advanced Admin Dashboard** - Real-time analytics, activity tracking, product management, and audit logs
- **โก Developer Experience** - Nx monorepo with caching, hot reload, type-safe APIs, and E2E testing (Playwright)
## ๐๏ธ Architecture Overview
### System Architecture
```mermaid
graph TB
subgraph "Client Layer"
Web["๐ฅ๏ธ Web Application
React Microfrontends"]
end
subgraph "Microfrontend Shell (Host)"
Host["Host Shell
Port 4200
Router & Auth"]
end
subgraph "Microfrontends (Runtime Federation)"
Store["Store MFE
Port 4201
Product Browsing"]
Checkout["Checkout MFE
Port 4202
Cart & Checkout"]
Account["Account MFE
Port 4203
User Profile"]
Admin["Admin MFE
Port 4204
Management"]
end
subgraph "Shared Packages"
Auth["@ecommerce-platform/
auth-provider"]
Layout["@ecommerce-platform/
shared-layout"]
Injector["@ecommerce-platform/
app-injector"]
end
subgraph "API Gateway"
Gateway["Ocelot Gateway
Port 8010
CORS, Auth, Routing"]
end
subgraph "Identity & Security"
AuthServer["Identity Server 4
JWT Authentication
Azure AD B2C"]
end
subgraph "Microservices"
Catalog["Catalog Service
Port 8000
Product Management"]
Basket["Basket Service
Port 8001
Shopping Cart"]
Discount["Discount Service
Port 8002
Coupon System"]
Ordering["Ordering Service
Port 8003
Order Processing"]
end
subgraph "Data Layer"
CatalogDB["MongoDB
Catalog DB"]
BasketDB["Redis
Session Store"]
DiscountDB["PostgreSQL
Discount DB"]
OrderDB["SQL Server
Order DB"]
S3["AWS S3
Product Images"]
end
subgraph "Event Bus & Communication"
MessageBus["RabbitMQ
Event Bus
MassTransit"]
end
subgraph "Infrastructure & Monitoring"
ServiceMesh["Istio Service Mesh
Envoy Sidecars
mTLS, Traffic Mgmt"]
Logs["Elasticsearch
Log Aggregation"]
Metrics["Prometheus
Metrics Collection"]
Dashboard["Grafana
Dashboards"]
Tracing["Jaeger
Distributed Tracing"]
end
Web --> Host
Host --> Auth
Host --> Layout
Host --> Injector
Host --> Store
Host --> Checkout
Host --> Account
Host --> Admin
Store --> Gateway
Checkout --> Gateway
Account --> Gateway
Admin --> Gateway
Gateway --> AuthServer
Gateway --> Catalog
Gateway --> Basket
Gateway --> Discount
Gateway --> Ordering
Catalog --> CatalogDB
Catalog --> S3
Basket --> BasketDB
Discount --> DiscountDB
Ordering --> OrderDB
Basket --> MessageBus
Ordering --> MessageBus
Catalog --> MessageBus
Basket -.->|gRPC| Discount
Catalog --> ServiceMesh
Basket --> ServiceMesh
Discount --> ServiceMesh
Ordering --> ServiceMesh
ServiceMesh --> Logs
ServiceMesh --> Metrics
Logs --> Dashboard
Metrics --> Dashboard
ServiceMesh --> Tracing
```
### Microfrontend Architecture
```mermaid
graph LR
subgraph "Development Mode"
D_Host["Host
localhost:4200"]
D_Store["Store Remote
localhost:4201"]
D_Checkout["Checkout Remote
localhost:4202"]
D_Account["Account Remote
localhost:4203"]
D_Admin["Admin Remote
localhost:4204"]
D_Shared["Shared Packages
auth-provider, app-injector,
shared-layout"]
end
subgraph "Production Mode"
P_Host["Host App
/"]
P_Store["Store
/remotes/store"]
P_Checkout["Checkout
/remotes/checkout"]
P_Account["Account
/remotes/account"]
P_Admin["Admin
/remotes/admin"]
P_MFE["Module Federation
Runtime Loading"]
end
D_Host -.->|Dynamic Load| D_Store
D_Host -.->|Dynamic Load| D_Checkout
D_Host -.->|Dynamic Load| D_Account
D_Host -.->|Dynamic Load| D_Admin
D_Store -.-> D_Shared
D_Checkout -.-> D_Shared
D_Account -.-> D_Shared
D_Admin -.-> D_Shared
P_Host -->|Runtime Load| P_MFE
P_MFE -->|Load| P_Store
P_MFE -->|Load| P_Checkout
P_MFE -->|Load| P_Account
P_MFE -->|Load| P_Admin
```
### Cloud Infrastructure (AWS)
```mermaid
graph TB
subgraph "AWS Region: ap-southeast-1"
subgraph "VPC: 10.0.0.0/16"
subgraph "Public Subnets"
NAT["NAT Gateway
10.0.1.0/24"]
IGW["Internet Gateway"]
end
subgraph "Private Subnets"
EKS["EKS Cluster
Kubernetes Control Plane"]
NodeGroup["Node Group (1-3 EC2)
m7i-flex.large
80GB EBS"]
end
end
ECR["ECR Repositories
catalogapi, basketapi,
discountapi, orderingapi,
ocelotapigateway"]
subgraph "Load Balancing"
NLB["Network Load Balancer
HTTPS/TLS Termination
ACM Certificate"]
ALB["Application Load Balancer
Path-based Routing"]
end
S3["S3 Bucket
Product Images"]
end
subgraph "Kubernetes Deployments"
Databases["Databases (Helm)
MongoDB, Redis,
PostgreSQL, SQL Server"]
Apps["Microservices (Helm)
Catalog, Basket, Discount,
Ordering, API Gateway"]
Monitoring["Monitoring Stack (Helm)
Prometheus, Grafana,
Elasticsearch, Kibana, Jaeger"]
end
EKS --> NodeGroup
NodeGroup --> Databases
NodeGroup --> Apps
NodeGroup --> Monitoring
NLB --> EKS
ALB --> EKS
ECR -->|Pull Images| NodeGroup
Apps -->|Read/Write| S3
IAM["IRSA
IAM Roles for
Service Accounts"]
IAM -.->|Pod Identity| Apps
```
### Clean Architecture (Per Microservice)
```mermaid
graph TD
API["API Layer
Controllers, Endpoints"]
App["Application Layer
Commands, Queries, Handlers
MediatR, CQRS"]
Domain["Domain Layer
Entities, Value Objects
Business Rules"]
Infra["Infrastructure Layer
Repositories, External Services
Database, S3, gRPC"]
API --> App
App --> Domain
App --> Infra
Infra --> Domain
classDef api fill:#e3f2fd,stroke:#1976d2,color:#000
classDef app fill:#f3e5f5,stroke:#7b1fa2,color:#000
classDef domain fill:#e8f5e9,stroke:#388e3c,color:#000
classDef infra fill:#fff3e0,stroke:#f57c00,color:#000
class API api
class App app
class Domain domain
class Infra infra
```
## ๐ Quick Start
Choose your deployment path:
### ๐ Option 1: Local Development (Minikube)
Best for: Development, testing, and learning
```bash
# Clone repository
git clone https://github.com/sloweyyy/cloud-native-ecommerce-platform.git
cd cloud-native-ecommerce-platform
# Deploy locally (all services + monitoring)
./deploy.sh
```
**Time**: ~15-20 minutes
**Includes**: Minikube cluster, all services, LocalStack (S3), monitoring stack (Prometheus, Grafana, Jaeger, Kibana)
### โ๏ธ Option 2: AWS Minimal (Cost-Optimized)
Best for: Budget-conscious deployments, small teams
```bash
# Deploy to AWS with minimal services
./deploy-aws-minimal.sh
```
**Time**: ~20-25 minutes
**Includes**: EKS cluster (single AZ), core services, AWS S3, no monitoring stack
**Cost**: ~$20-50/month
### ๐ข Option 3: AWS Production (Full Stack)
Best for: Production workloads, enterprise deployments
```bash
# Full production deployment with monitoring
./deploy-aws.sh
```
**Time**: ~30-40 minutes
**Includes**: Multi-AZ EKS, all services, full monitoring (Prometheus, Grafana, Jaeger, Elasticsearch, Kibana), HTTPS, auto-scaling
**Cost**: ~$150-300/month
For detailed deployment instructions, see [DEPLOYMENT-GUIDE.md](DEPLOYMENT-GUIDE.md)
## ๐ Access Services
### Frontend Applications
| Service | Local | Description |
| --- | --- | --- |
| **Host Shell** | [localhost:4200](http://localhost:4200) | Main application (router) |
| **Store** | [localhost:4201](http://localhost:4201) | Public product browsing |
| **Checkout** | [localhost:4202](http://localhost:4202) | Shopping cart & checkout |
| **Account** | [localhost:4203](http://localhost:4203) | User profile & orders |
| **Admin Dashboard** | [localhost:4204](http://localhost:4204) | Admin management |
### Backend Services
| Service | Local | Swagger UI |
| --- | --- | --- |
| **API Gateway** | [localhost:8010](http://localhost:8010) | [Swagger](http://localhost:8010/swagger) |
| **Catalog API** | [localhost:8000](http://localhost:8000) | [Swagger](http://localhost:8000/swagger) |
| **Basket API** | [localhost:8001](http://localhost:8001) | [Swagger](http://localhost:8001/swagger) |
| **Discount API** | [localhost:8002](http://localhost:8002) | [Swagger](http://localhost:8002/swagger) |
| **Ordering API** | [localhost:8003](http://localhost:8003) | [Swagger](http://localhost:8003/swagger) |
| **Identity Server** | [localhost:9009](http://localhost:9009) | - |
### Monitoring & Observability
| Tool | Local | Purpose |
| --- | --- | --- |
| **Prometheus** | [localhost:9090](http://localhost:9090) | Metrics collection |
| **Grafana** | [localhost:3000](http://localhost:3000) | Dashboards & visualization |
| **Kibana** | [localhost:5601](http://localhost:5601) | Log analytics |
| **Jaeger** | [localhost:16686](http://localhost:16686) | Distributed tracing |
| **Kiali** | [localhost:20001](http://localhost:20001) | Service mesh visualization |
| **RabbitMQ** | [localhost:15672](http://localhost:15672) | Message broker UI |
## ๐ ๏ธ Tech Stack
### Frontend Architecture
| Component | Technology | Version | Purpose |
| --- | --- | --- | --- |
| **Microfrontend Framework** | Webpack Module Federation | 5 | Runtime app composition |
| **Monorepo** | Nx | 21.6 | Build orchestration & caching |
| **Runtime** | React | 18.3 | UI framework |
| **Language** | TypeScript | 5.9 | Type-safe development |
| **Routing** | React Router (Host) / TanStack Router (Remotes) | 6 / 1 | URL management |
| **State Management** | TanStack Query + Zustand | 5 / 5 | Server + client state |
| **UI Components** | Ant Design | 5.22 | Component library |
| **Authentication** | Azure MSAL | 3.27 | OAuth/OIDC support |
| **Form Validation** | Zod | 3.24 | Type-safe validation |
| **Testing** | Playwright + Jest | 1.56 / 30 | E2E and unit tests |
### Backend Services
| Component | Technology | Version | Purpose |
| --- | --- | --- | --- |
| **Runtime** | .NET | 8.0 | Framework |
| **Framework** | ASP.NET Core | 8.0 | Web API |
| **Architecture** | Clean Architecture | - | SOLID principles |
| **Pattern** | CQRS + MediatR | 12.5 | Command/Query separation |
| **ORM** | Entity Framework Core | 8.0 | Database abstraction |
| **Mapping** | AutoMapper | 13.0 | DTO mapping |
| **Validation** | FluentValidation | 11.9 | Input validation |
| **Communication** | gRPC + REST | - | Service communication |
| **API Documentation** | Swagger/OpenAPI | 3.0 | Interactive docs |
### Data & Storage
| Database | Type | Purpose | Port |
| --- | --- | --- | --- |
| **MongoDB** | Document DB | Product catalog | 27017 |
| **Redis** | Cache/Session | Shopping baskets | 6379 |
| **PostgreSQL** | Relational | Discount coupons | 5432 |
| **SQL Server** | Relational | Orders & activity | 1433 |
| **AWS S3** | Object Storage | Product images | - |
### Message Bus & Communication
| Technology | Purpose |
| --- | --- |
| **RabbitMQ** | Event bus for asynchronous communication |
| **MassTransit** | .NET messaging framework |
| **gRPC** | High-performance RPC (Basket โ Discount) |
| **REST/JSON** | Client-facing APIs |
### Cloud & DevOps
| Component | Technology | Purpose |
| --- | --- | --- |
| **Container Platform** | Docker | Application containerization |
| **Orchestration** | Kubernetes (EKS) | Container management |
| **IaC** | CloudFormation + Helm | Infrastructure automation |
| **Service Mesh** | Istio (1.20) | Traffic management, security |
| **CI/CD** | GitHub Actions | Automated build & deploy |
| **Container Registry** | ECR (AWS) / GHCR (GitHub) | Image storage |
| **Local Development** | Minikube + LocalStack | Local simulation |
### Monitoring & Observability
| Stack | Components | Purpose |
| --- | --- | --- |
| **Logs** | Serilog โ Elasticsearch โ Kibana | Centralized logging |
| **Metrics** | Prometheus | Metrics collection (15s scrape) |
| **Dashboards** | Grafana | Metrics visualization |
| **Traces** | Jaeger Collector | Distributed tracing |
| **Service Mesh** | Istio + Envoy sidecars | Service observability |
| **Topology** | Kiali | Service mesh visualization |
| **Health Checks** | Custom endpoints | Service health monitoring |
## ๐ฆ Project Structure
```text
cloud-native-ecommerce-platform/
โ
โโโ ๐ ecommerce-micro-frontend/ # Microfrontend monorepo (Nx)
โ โโโ host/ # Shell app (Host) - Router, Auth
โ โโโ store/ # Store MFE - Product browsing
โ โโโ checkout/ # Checkout MFE - Cart & checkout
โ โโโ account/ # Account MFE - User profile
โ โโโ admin/ # Admin MFE - Management dashboard
โ โโโ packages/
โ โ โโโ app-injector/ # MFE injection utilities
โ โ โโโ auth-provider/ # Shared authentication provider
โ โ โโโ shared-layout/ # Shared UI components (Navbar, Footer)
โ โโโ e2e/ # E2E tests (Playwright)
โ โโโ nx.json # Nx configuration
โ โโโ tsconfig.base.json # TypeScript base config
โ โโโ package.json # Dependencies
โ
โโโ ๐ Services/ # Backend microservices (.NET 8)
โ โโโ Catalog/
โ โ โโโ Catalog.API/ # REST endpoints
โ โ โโโ Catalog.Core/ # Domain entities
โ โ โโโ Catalog.Infrastructure/ # MongoDB, S3
โ โโโ Basket/
โ โ โโโ Basket.API/ # REST endpoints
โ โ โโโ Basket.Core/ # Domain entities
โ โ โโโ Basket.Infrastructure/ # Redis, gRPC client
โ โโโ Discount/
โ โ โโโ Discount.API/ # gRPC & REST endpoints
โ โ โโโ Discount.Core/ # Domain entities
โ โ โโโ Discount.Infrastructure/ # PostgreSQL
โ โโโ Ordering/
โ โโโ Ordering.API/ # REST endpoints
โ โโโ Ordering.Core/ # Domain entities, Activity tracking
โ โโโ Ordering.Infrastructure/ # SQL Server, RabbitMQ consumer
โ
โโโ ๐ ApiGateways/
โ โโโ Ocelot.ApiGateway/ # API Gateway configuration
โ
โโโ ๐ Infrastructure/ # Shared libraries & IaC
โ โโโ aws/
โ โ โโโ cloudformation/ # AWS infrastructure templates
โ โ โโโ vpc.yaml # VPC, subnets, NAT
โ โ โโโ eks-cluster.yaml # EKS cluster & node groups
โ โ โโโ minimal-stack.yaml # Combined VPC + EKS
โ โ โโโ alb-ingress.yaml # Load balancer
โ โโโ EventBus/ # RabbitMQ, MassTransit setup
โ
โโโ ๐ Deployments/
โ โโโ helm/ # Helm charts (19 total)
โ โ โโโ catalogdb/ # MongoDB chart
โ โ โโโ basketdb/ # Redis chart
โ โ โโโ discountdb/ # PostgreSQL chart
โ โ โโโ orderdb/ # SQL Server chart
โ โ โโโ rabbitmq/ # RabbitMQ chart
โ โ โโโ catalog/ # Catalog service chart
โ โ โโโ basket/ # Basket service chart
โ โ โโโ discount/ # Discount service chart
โ โ โโโ ordering/ # Ordering service chart
โ โ โโโ ocelotapigw/ # API Gateway chart
โ โ โโโ prometheus/ # Prometheus chart
โ โ โโโ grafana/ # Grafana chart
โ โ โโโ elasticsearch/ # Elasticsearch chart
โ โ โโโ kibana/ # Kibana chart
โ โโโ k8s/ # Kubernetes manifests
โ โ โโโ deployments/ # Service deployments
โ โ โโโ services/ # Service definitions
โ โ โโโ ingress/ # Ingress rules
โ โ โโโ monitoring/ # Monitoring resources
โ โโโ monitoring/ # Observability configs
โ
โโโ ๐ .github/
โ โโโ workflows/ # CI/CD pipelines
โ โโโ ci.yml # Build, test, security scan
โ โโโ cd.yml # Build images, push ECR, deploy
โ โโโ docker.yml # Publish to GHCR
โ
โโโ ๐ scripts/
โ โโโ deploy.sh # Local Minikube deployment
โ โโโ deploy-aws.sh # Full AWS EKS deployment
โ โโโ deploy-aws-minimal.sh # Cost-optimized AWS deployment
โ โโโ cleanup.sh # Resource cleanup
โ โโโ monitoring/ # Observability setup scripts
โ
โโโ ๐ PostmanCollection/ # API testing collections
โโโ ๐ diagrams/ # Architecture diagrams
โโโ ๐ wiki/ # Documentation
โ
โโโ README.md # This file
โโโ DEPLOYMENT-GUIDE.md # Detailed deployment docs
โโโ LICENSE # MIT License
โโโ docker-compose.yml # Local development stack
```
## ๐ง Architecture Patterns & Design
### Microfrontend Architecture
The platform uses **Webpack Module Federation** with a shell-based orchestration pattern:
- **Host Application** (Shell): Manages routing, authentication, shared layout
- **Remote Applications**: Store, Checkout, Account, Admin - independently deployed
- **Shared Packages**: Common authentication, UI components, injection utilities
- **Runtime Loading**: Remotes loaded dynamically at runtime (no compile-time dependencies)
- **Development**: Each micro-app runs on separate port (4200-4204)
- **Production**: All apps bundled together, remotes served from `/remotes/` directory
**Benefits**:
- โ
Independent deployability per micro-app
- โ
Team autonomy (each team owns a micro-app)
- โ
Technology flexibility (each remote can use different versions)
- โ
Better performance (lazy loading of remotes)
### Backend Architecture
Each microservice follows **Clean Architecture** with **CQRS Pattern**:
```text
Controllers/Endpoints โ MediatR Pipeline โ Commands/Queries
โ
Command Handlers / Query Handlers
โ
Domain Layer
โ
Infrastructure (Repositories, Services)
โ
Data Layer
```
### Communication Patterns
1. **Synchronous**: REST APIs, gRPC (Basket โ Discount)
2. **Asynchronous**: RabbitMQ with MassTransit (Event-driven)
3. **Frontend-Backend**: REST APIs with JWT authentication
### Security Architecture
- **Authentication**: JWT tokens via Identity Server 4 + Azure AD B2C
- **Authorization**: Role-based access control (RBAC)
- **Service-to-Service**: Istio mTLS for encrypted communication
- **Data Security**: Encryption at rest (S3, databases) and in transit (HTTPS/TLS)
## ๐ข Business Features
### Product Management
- Full CRUD operations for products
- Brand and type management
- Image upload & storage (AWS S3 or LocalStack)
- Product search and filtering
### Shopping Experience
- Real-time shopping basket (Redis-backed)
- Coupon/discount application
- Product recommendations
- Multi-item checkout
### Order Processing
- Event-driven order creation
- Order status tracking
- Payment information handling
- Order history and details
### Admin Dashboard
- **Products**: CRUD, bulk upload, categorization
- **Orders**: View, manage, track
- **Brands & Types**: Management
- **Activity Tracking**: Audit log of all changes
- **Analytics**: Real-time statistics and insights
### Activity Tracking & Audit
- Track all product changes (Create, Update, Delete)
- Track all order lifecycle events
- User accountability
- Compliance reporting
## ๐งช Testing
### E2E Testing (Playwright)
```bash
cd ecommerce-micro-frontend
npm run test:e2e # Run all tests
npm run test:e2e:ui # Interactive mode
npm run test:e2e:debug # Debug mode
npm run test:e2e:report # View report
```
Tests cover:
- Cross-microfrontend navigation
- Authentication flows
- Shopping journey (browse โ add to cart โ checkout)
- Admin dashboard functionality
- Error handling
### Unit Tests
```bash
# Frontend tests
npm test # All frontend tests
npm run test:coverage # Coverage report
# Backend tests
dotnet test # All backend tests
dotnet test --filter Category=Integration # Integration tests only
```
### API Testing (Postman)
- Pre-built Postman collections for all services
- Located in: [PostmanCollection/](PostmanCollection/)
## ๐ Security
### Application Security
- **JWT Authentication** with Identity Server 4
- **Role-Based Access Control** (RBAC)
- **Input Validation** with FluentValidation
- **SQL Injection Prevention** via parameterized queries & ORM
- **CORS Configuration** at API Gateway level
### Cloud Security
- **IRSA** (IAM Roles for Service Accounts) - no static credentials
- **Secrets Management** via Kubernetes Secrets
- **Network Policies** for pod-to-pod communication
- **Service Mesh mTLS** for encrypted communication
### CI/CD Security
- **Trivy** for container image scanning
- **CodeQL** for static code analysis
- **Dependency Scanning** via GitHub Dependabot
- **SBOM Generation** for supply chain security
### Data Protection
- **Encryption at Rest**: All databases encrypted
- **Encryption in Transit**: HTTPS/TLS for all connections
- **S3 Bucket Policies**: Restricted access to product images
## ๐ Monitoring & Observability
The platform follows the **3 Pillars of Observability**:
### 1๏ธโฃ Logs (ELK Stack)
- **Serilog**: Structured logging in backend
- **Elasticsearch**: Log aggregation and indexing
- **Kibana**: Log exploration and visualization
- **Access**: [Kibana at localhost:5601](http://localhost:5601)
### 2๏ธโฃ Metrics (Prometheus & Grafana)
- **Prometheus**: Metrics collection (15-second scrape interval)
- **Scrape Targets**: API servers, Node Exporter, Kubernetes components
- **Grafana**: Custom dashboards for application and infrastructure metrics
- **Access**:
- [Prometheus at localhost:9090](http://localhost:9090)
- [Grafana at localhost:3000](http://localhost:3000)
### 3๏ธโฃ Traces (Jaeger & Istio)
- **Istio/Envoy**: Automatic trace collection (service mesh layer)
- **Jaeger Collector**: Trace aggregation
- **Jaeger UI**: Trace visualization and analysis
- **Access**: [Jaeger at localhost:16686](http://localhost:16686)
### Service Mesh Visualization
- **Kiali**: Real-time service topology, traffic flows, and health
- **Access**: [Kiali at localhost:20001](http://localhost:20001)
### Health Checks
All services expose health check endpoints:
- `/health` - Service health status
- `/health/live` - Liveness probe
- `/health/ready` - Readiness probe
## โ๏ธ CI/CD Pipeline
### GitHub Actions Workflows
#### 1. CI Pipeline (Continuous Integration)
Triggered on: Pull requests, pushes to main
**Steps**:
1. **Code Quality**
- Build .NET 8 backend
- Run backend unit tests (with Cobertura coverage)
- Run frontend tests via Nx affected
- ESLint and Prettier
2. **Security Scanning**
- Trivy: Container vulnerability scanning
- CodeQL: Static code analysis (C#, TypeScript)
3. **Docker Build**
- Build all 5 microservice images
- Multi-arch support (linux/amd64)
- Cache integration for speed
4. **Integration Tests**
- Start service containers (Redis, PostgreSQL, MongoDB, RabbitMQ)
- Run integration test suite
5. **Deployment Validation**
- Helm chart linting
- Kubernetes manifest validation
#### 2. CD Pipeline (Continuous Deployment)
Triggered on: Tags, manual workflow dispatch
**Steps**:
1. **Build & Push to ECR**
- Build 5 microservice images
- Push to AWS ECR
- Scan images with Trivy
- Tag: latest, git sha, version
2. **Deploy to EKS** (per environment)
- Environment-specific deployment (dev/staging/prod)
- Helm upgrade --install for databases
- Helm upgrade --install for services
- S3 configuration and image migration
- Health checks and smoke tests
#### 3. Docker Pipeline
Triggered on: Pushes to main/release branches
**Steps**:
- Build 5 microservice images
- Publish to GitHub Container Registry (GHCR)
- Automatic semantic versioning
- Security scanning with Trivy
## ๐ Deployment
### Local Development
```bash
# Requires: Docker, Docker Compose, Minikube, Helm, kubectl
# Start everything locally
./deploy.sh
# Access at http://localhost:4200
```
**What's deployed**:
- Minikube Kubernetes cluster (10GB RAM, 8 CPUs)
- All 5 microservices
- All 4 databases
- RabbitMQ message broker
- LocalStack (S3 emulation)
- Monitoring stack (Prometheus, Grafana, Elasticsearch, Kibana, Jaeger)
### AWS Deployment
#### Prerequisites
```bash
aws configure # Configure AWS credentials
export AWS_REGION=ap-southeast-1 # Set region
```
#### Full Production Deployment
```bash
./deploy-aws.sh
```
**What's deployed**:
- AWS EKS cluster (multi-AZ)
- EC2 node group (1-3 m7i-flex.large instances)
- RDS-managed databases (in Kubernetes)
- Network Load Balancer with HTTPS
- Full monitoring stack
- Auto-scaling policies (HPA)
**Time**: ~30-40 minutes
**Cost**: ~$150-300/month
#### Minimal Deployment (Cost-Optimized)
```bash
./deploy-aws-minimal.sh
```
**What's deployed**:
- AWS EKS cluster (single AZ)
- Single m7i-flex.large node (1-3 auto-scaling)
- Core services only (no monitoring)
- AWS S3 for image storage
**Time**: ~20-25 minutes
**Cost**: ~$20-50/month
### Configuration
For detailed configuration options, see:
- [Deployments/DEPLOYMENT-CONFIGURATION.md](Deployments/DEPLOYMENT-CONFIGURATION.md)
- [DEPLOYMENT-GUIDE.md](DEPLOYMENT-GUIDE.md)
## ๐ป Development
### Frontend Development
```bash
cd ecommerce-micro-frontend
# Install dependencies
npm install
# Start all micro-apps in parallel
npm start
# Or run individual micro-apps
npm run start:host # Port 4200
npm run start:store # Port 4201
npm run start:checkout # Port 4202
npm run start:account # Port 4203
npm run start:admin # Port 4204
```
### Backend Development
```bash
# Catalog Service
cd Services/Catalog/Catalog.API
dotnet watch run # Auto-reload on changes
# Other services (similar pattern)
cd Services/Basket/Basket.API && dotnet watch run
cd Services/Discount/Discount.API && dotnet watch run
cd Services/Ordering/Ordering.API && dotnet watch run
```
### Available npm Commands
```bash
# Building
npm run build # Build all apps (dev)
npm run build:prod # Build all apps (production)
npm run build:packages # Build shared packages
# Testing
npm test # Run all tests
npm run test:watch # Watch mode
npm run test:coverage # Coverage report
npm run test:e2e # E2E tests (Playwright)
# Linting & Formatting
npm run lint # ESLint
npm run lint:fix # Fix linting issues
npm run format # Prettier
# Nx Commands
npm run affected:test # Test affected apps
npm run affected:build # Build affected apps
npm run graph # View dependency graph
npm run clean # Clean cache and dist
```
## ๐ค Contributing
We welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for:
- Development environment setup
- Coding standards and guidelines
- Testing requirements
- Pull request process
- Issue reporting guidelines
Also review:
- [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)
- [SECURITY.md](SECURITY.md)
## ๐ Documentation
- [DEPLOYMENT-GUIDE.md](DEPLOYMENT-GUIDE.md) - Complete deployment instructions
- [Deployments/DEPLOYMENT-CONFIGURATION.md](Deployments/DEPLOYMENT-CONFIGURATION.md) - Service configurations
- [wiki/](wiki/) - Comprehensive documentation
- [Architecture](wiki/Architecture.md)
- [Microservices](wiki/Microservices.md)
- [Deployment](wiki/Deployment.md)
- [Monitoring](wiki/Monitoring.md)
- [Development](wiki/Development.md)
## ๐ License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## ๐ Support
For issues and questions:
- ๐ [GitHub Issues](https://github.com/sloweyyy/cloud-native-ecommerce-platform/issues)
- ๐ฌ [GitHub Discussions](https://github.com/sloweyyy/cloud-native-ecommerce-platform/discussions)
- ๐ง Create a detailed issue with reproduction steps