This repository contains a architecture for a scalable and secure 3-tier Node application with proper GitOps practices in-place.
High-level Components:
Backend
: A simple Node.js application that serves APIsFrontend
: A simple React application that serves HTML files and communicates with backend APIs to get required dataDatabase
: Postgres is usedRedis
: to cache backend data
http://abd8a590dfbe6423c840dbae0760cc3c-2127572997.us-west-2.elb.amazonaws.com
High Level Architecture Diagram
NOTE
- HPA is enabled on Backend and Frontend Applications
- (optional) Multi-region EKS clusters could be used to support wide geographies
Refer to this README.md for details related to the codebase and local setup
Refer to this README.md for details related to infra setup and deployment
- Cloud: AWS
- Container Registry: Dockerhub
- CI/CD Tools: Github Action and ArgoCD
DOCKER_USER
: username for dockerhubDOCKER_PASSWORD
: password for dockerhub - used to upload docker imagesDOCKER_REGISTRY
: name of docker registryAWS_ACCESS_KEY_ID
: Key Id with access to sandbox cluster in which ephemeral environment should be deployedAWS_SECRET_ACCESS_KEY
: Secret Key with access to sandbox cluster in which ephemeral environment should be deployedEKS_CLUSTER_NAME
: AWS EKS sandbox cluster name
- Prod Deployment Pipeline:
.github/workflows/prod-release.yaml
generates new dockerimage, push to dockerhub and updates image tag in values.yaml
NOTE: Make sure "AutoSync" is enabled in ArgoCD for these application project
NOTES:
-
self-managed deployments for
Postgres
andRedis
have been used to save cost -
vCluster has been used to provide light-weight isolated environment that can be used to deploy short-lived ephemeral environments.
-
Deploy Ephemeral Environment:
.github/workflows/pr-open.yaml
generates new dockerimage, push to dockerhub and deploys ephemeral environment. This github action is triggered whenever a PR against main branch has been created or updated. This pipeline outputs the URL to ephemeral deployment in the PR comment. -
Destroy Ephemeral Environment:
.github/workflows/pr-close.yaml
destroys ephemeral environment. This github action is triggered whenever a PR against main branch has been merged or closed.
- Support https in endpoints
- Support to serve frontend app from a static storage and CDN
- Setup multiple replicas of Backend application in different nodes/zones for HA
- Add support for mTLS between frontend and backend
- Support to add CI/CD for IaC (Terraform)
- Integrate WAF