Lab17

README.md

@@ -42,8 +42,8 @@ Master **production-grade DevOps practices** through hands-on labs. Build, conta
 | 15 | 15 | StatefulSets | Persistent Storage, Headless Services |
 | 16 | 16 | Cluster Monitoring | Kube-Prometheus, Init Containers |
 | — | **Exam Alternative Labs** | | |
-| 17 | 17 | Edge Deployment | Fly.io, Global Distribution |
-| 18 | 18 | Decentralized Storage | 4EVERLAND, IPFS, Web3 |
+| 17 | 17 | Edge Deployment | Cloudflare Workers, Global Edge |
+| 18 | 18 | Reproducible Builds | Nix, Deterministic Builds, Flakes |
 
 ---
 
@@ -64,8 +64,8 @@ Don't want to take the exam? Complete **both** bonus labs:
 
 | Lab | Topic | Points |
 |-----|-------|--------|
-| **Lab 17** | Fly.io Edge Deployment | 20 pts |
-| **Lab 18** | 4EVERLAND & IPFS | 20 pts |
+| **Lab 17** | Cloudflare Workers Edge Deployment | 20 pts |
+| **Lab 18** | Reproducible Builds with Nix | 20 pts |
 
 **Requirements:**
 - Complete both labs (17 + 18 = 40 pts, replaces exam)
@@ -146,7 +146,7 @@ Each lab is worth **10 points** (main tasks) + **2.5 points** (bonus).
 - StatefulSets, Monitoring
 
 **Exam Alternative (Labs 17-18)**
-- Fly.io, 4EVERLAND/IPFS
+- Cloudflare Workers, Nix Reproducible Builds
 
 </details>
 

WORKERS.md

@@ -0,0 +1,145 @@
+# Lab 17
+
+## **Deployment Summary**
+
+### Worker URL
+
+- <https://edge-api.pizza1093.workers.dev>
+
+### Main routes
+
+| Route | Purpose | Returns |
+|-------|---------|---------|
+| **`/`** | Root endpoint with app metadata | JSON with app name, greeting, and timestamp |
+| **`/health`** | Health check | `{ "status": "ok" }` |
+| **`/edge`** | Edge metadata (geolocation, network info) | JSON with colo, country, city, ASN, HTTP protocol, TLS version |
+| **`/counter`** | KV-backed persistent visit counter | JSON with current visit count |
+
+### Configuration used
+
+**Plaintext Environment Variables (in `wrangler.jsonc`):**
+
+- `APP_NAME`: "edge-api"
+- `COURSE_NAME`: "devops-core"
+
+**Secrets (configured with `npx wrangler secret put`):**
+
+- `API_TOKEN`
+- `ADMIN_EMAIL`
+
+**Bindings:**
+
+- **KV Namespace:** `SETTINGS`
+  - Stores: visit counter with key `"visits"`
+  - Persists across deployments and redeployments
+
+## **Evidence**
+
+- Screenshot of Cloudflare dashboard
+
+![alt text](screenshots/image-1.png)
+
+- Example `/edge` JSON response
+
+```bash
+curl https://edge-api.pizza1093.workers.dev/edge
+{"colo":"WAW","country":"PL","city":"Warsaw","asn":209693,"httpProtocol":"HTTP/2","tlsVersion":"TLSv1.3"}
+```
+
+- Example log or metrics screenshot
+
+```bash
+ npx wrangler tail
+
+ ⛅️ wrangler 4.90.1
+───────────────────
+Successfully created tail, expires at 2026-05-14T13:35:12Z
+Connected to edge-api, waiting for logs...
+
+GET https://edge-api.pizza1093.workers.dev/edge - Ok @ 5/14/2026, 10:41:55 AM
+  (log) path /edge colo WAW
+GET https://edge-api.pizza1093.workers.dev/counter - Ok @ 5/14/2026, 10:42:08 AM
+  (log) path /counter colo WAW
+
+```
+
+![alt text](screenshots/image.png)
+
+- Persistency verification
+
+```bash
+curl https://edge-api.pizza1093.workers.dev/counter
+{"visits":4}
+curl https://edge-api.pizza1093.workers.dev/counter
+{"visits":5}
+```
+
+## **Kubernetes vs Cloudflare Workers Comparison**
+
+| Aspect | Kubernetes | Cloudflare Workers |
+| ------ | ---------- | ------------------ |
+| Setup complexity | Very high, requires deep kubernetes understanding | Low enough, just some commands and one config file |
+| Deployment speed | several minutes (it depends) | about minute |
+| Global distribution | Manual choose region | Automatic |
+| Cost (for small apps) | expensive, because you pay also for the cluster itself | very cheap |
+| State/persistence model | external database or pv | workers KV: simple key-value store at the edge; automatic global replication |
+| Control/flexibility | very high, any runtime, any network configuration and etc | V8 runtime only, no arbitrary system access |
+| Best use case | Long-running services, stateful applications, monoliths, complex microservices, batch jobs, custom infrastructure | Lightweight APIs, edge routing, request transformation, serverless functions, globally distributed logic |
+
+1. **When to Use Each**
+
+- Scenarios favoring Kubernetes
+  - Long-running background jobs - Workers cold-start in milliseconds but are designed for request-response cycles, not persistent processes
+  - Complex stateful systems - Multi-service architectures with inter-service communication, transactions, and shared databases
+  - Custom runtime requirements - Need Python, Go, Java, or other languages; Workers is JavaScript/TypeScript only
+  - Direct hardware/OS access - Require low-level networking, file system control, or specific system libraries
+  - High compute intensity - CPU-heavy workloads (video processing, ML models); Workers have execution time limits (~30 seconds)
+  - Large teams - RBAC, audit logs, resource quotas, and multi-tenant isolation are native to Kubernetes
+
+- Scenarios favoring Workers
+
+  - Global low-latency APIs - Your code runs in 300+ data centers; no "cold region" problem like Kubernetes
+  - Request/response workflows - HTTP APIs, webhooks, reverse proxies, content transformation
+  - Rapid deployment cycles - Deploy new versions in seconds; rollbacks are instant
+  - Low traffic, high uptime - Pay for what you use; no idle cluster costs
+  - Edge logic & routing - Request modification, authentication, A/B testing, geolocation-based responses
+  - Simple persistence needs - KV is perfect for sessions, caches, feature flags, leaderboards
+  - Teams starting serverless - Less operational overhead; no cluster management, networking, or scaling configuration
+
+- Your recommendation
+
+    **Choose Cloudflare Workers if:**
+  - You're building a lightweight, globally distributed API or edge function
+  - Your deployment speed and operational simplicity matter
+  - You want to avoid infrastructure management
+
+    **Choose Kubernetes if:**
+  - You need advanced runtime features, multiple languages, or direct system access
+  - Your workload is complex, stateful, or requires long-running processes
+  - Your team has Kubernetes expertise and wants maximum control
+
+1. **Reflection**
+
+- What felt easier than Kubernetes?
+  - Deployment is actually trivial, no need to build docker image, configure and etc.
+- What felt more constrained?
+  - I cannot run anything that I may want, only specific runtimes, Also, If I understand it right, I cannot use custom protocols, sockets and etc. Only http based. I can deploy it only to Cloudflare.
+- What changed because Workers is not a Docker host?
+  - Now app running in sandboxed env with his own rules.
+
+## Checklist
+
+- [X] Cloudflare account created
+- [X] Workers project initialized
+- [X] Wrangler authenticated
+- [X] Worker deployed to `workers.dev`
+- [X] `/health` endpoint working
+- [X] Edge metadata endpoint implemented
+- [X] At least 1 plaintext variable configured
+- [X] At least 2 secrets configured
+- [X] KV namespace created and bound
+- [X] Persistence verified after redeploy
+- [X] Logs or metrics reviewed
+- [X] Deployment history viewed
+- [] `WORKERS.md` documentation complete
+- [] Kubernetes comparison documented

edge-api/.editorconfig

@@ -0,0 +1,12 @@
+# http://editorconfig.org
+root = true
+
+[*]
+indent_style = tab
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.yml]
+indent_style = space

edge-api/.gitignore

@@ -0,0 +1,167 @@
+# Logs
+
+logs
+_.log
+npm-debug.log_
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+.pnpm-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+
+report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json
+
+# Runtime data
+
+pids
+_.pid
+_.seed
+\*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+
+lib-cov
+
+# Coverage directory used by tools like istanbul
+
+coverage
+\*.lcov
+
+# nyc test coverage
+
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+
+bower_components
+
+# node-waf configuration
+
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+
+build/Release
+
+# Dependency directories
+
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+
+web_modules/
+
+# TypeScript cache
+
+\*.tsbuildinfo
+
+# Optional npm cache directory
+
+.npm
+
+# Optional eslint cache
+
+.eslintcache
+
+# Optional stylelint cache
+
+.stylelintcache
+
+# Microbundle cache
+
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+
+.node_repl_history
+
+# Output of 'npm pack'
+
+\*.tgz
+
+# Yarn Integrity file
+
+.yarn-integrity
+
+# parcel-bundler cache (https://parceljs.org/)
+
+.cache
+.parcel-cache
+
+# Next.js build output
+
+.next
+out
+
+# Nuxt.js build / generate output
+
+.nuxt
+dist
+
+# Gatsby files
+
+.cache/
+
+# Comment in the public line in if your project uses Gatsby and not Next.js
+
+# https://nextjs.org/blog/next-9-1#public-directory-support
+
+# public
+
+# vuepress build output
+
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+
+.temp
+.cache
+
+# Docusaurus cache and generated files
+
+.docusaurus
+
+# Serverless directories
+
+.serverless/
+
+# FuseBox cache
+
+.fusebox/
+
+# DynamoDB Local files
+
+.dynamodb/
+
+# TernJS port file
+
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+
+.vscode-test
+
+# yarn v2
+
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.\*
+
+# wrangler project
+
+.dev.vars*
+!.dev.vars.example
+.env*
+!.env.example
+.wrangler/

edge-api/.prettierrc

@@ -0,0 +1,6 @@
+{
+	"printWidth": 140,
+	"singleQuote": true,
+	"semi": true,
+	"useTabs": true
+}

edge-api/.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+	"files.associations": {
+		"wrangler.json": "jsonc"
+	}
+}