Welcome to the Enterprise-Grade Cloud-Native DevOps Platform project! This repository demonstrates a production-style, local DevOps/SRE/Platform Engineering architecture using free and open-source tools.
It is designed to serve as a high-impact resume project, demonstrating advanced topics in containerization, local cluster provisioning, service meshes, CI/CD automation pipelines, and SRE observability.
External Client Requests (Browser)
↓
NGINX Ingress Controller (Port 80/443 Outer Gateway)
↓
Istio Ingress Gateway (Mesh Gatekeeper)
↓
┌─────┴────────────────────────┐
↓ ↓
React Frontend (Nginx SPA) FastAPI Backend (v1/v2 Canary)
↓
PostgreSQL Database
- Observability Plane: Prometheus Server + Grafana Dashboards (NodePort 32000)
- CI/CD Pipeline: GitHub Actions (Lint, Test, Docker Build, & Kubernetes/Istio Integration Tests) or Jenkins Pipeline
- Infrastructure Plane: Terraform provisioning Local Namespaces, Ingress, and Monitoring
- Application Layer:
- React frontend: Sleek glassmorphic dark-mode dashboard showcasing service inventory status, replicas, and api latency.
- FastAPI backend: REST API with JWT authentication, CRUD service endpoints, database migrations, and telemetry instrumentation.
- PostgreSQL: Stateful database with persistent volumes.
- Containerization:
- Dockerfiles: Multi-stage compilation files separating builds from unprivileged non-root runner environments (
USER 10001). - Docker Compose: Standardized developer orchestrator for local sandbox testing.
- Dockerfiles: Multi-stage compilation files separating builds from unprivileged non-root runner environments (
- Kubernetes WORKLOADS:
- Declarative Deployments, ClusterIP Services, ConfigMaps, and Base64-encoded Secrets.
- Horizontal Pod Autoscaler (HPA) using
autoscaling/v2withmetrics-serverintegration. - Persistent Volume Claims (PVC) managing Postgres storage state.
- Istio Service Mesh:
istio-proxyEnvoy sidecar injections enabling strict service communication mutual TLS (STRICT mTLS).- Istio Gateways and VirtualServices for path-based routing.
- Canary Deployment (90/10 split) and DestinationRule subsets.
- Infrastructure as Code:
- Terraform scripts managing providers (Kubernetes, Helm) to automate local addon provisioning.
- SRE & Observability:
kube-prometheus-stackmanaging metrics collection.- Prometheus ServiceMonitors auto-scraping FastAPI telemetry.
- Custom alerting thresholds for CPU, memory, and HTTP 5xx error rate spikes.
├── .github/ # GitHub configuration
│ └── workflows/
│ └── ci-cd.yml # GitHub Actions CI/CD pipeline
├── README.md # Main project guide
├── docker-compose.yml # Sandbox developer compose setup
├── app/ # Application Source Code
│ ├── frontend/ # React SPA (Vite + Nginx)
│ │ ├── Dockerfile # Multi-stage frontend compilation
│ │ └── nginx.conf # SPA routing fallback config
│ └── backend/ # FastAPI REST backend
│ ├── Dockerfile # Multi-stage unprivileged python runner
│ └── requirements.txt # Backend package dependencies
├── terraform/ # IaC infrastructure provisioning
│ ├── main.tf # Helm releases & namespace configuration
│ ├── variables.tf
│ └── outputs.tf
├── k8s/ # Kubernetes Workload Manifests
│ ├── base/
│ │ ├── postgres.yaml # Database, PVC, secret definitions
│ │ ├── backend.yaml # Backend v1 config, deployment, HPA
│ │ ├── backend-v2.yaml # Backend v2 canary deployment
│ │ ├── frontend.yaml # Static frontend deployment
│ │ └── ingress.yaml # Outer NGINX Ingress controller config
│ ├── istio/
│ │ ├── peer-authentication.yaml # Enforces STRICT mTLS encryption
│ │ ├── gateway.yaml # Mesh gateway routes
│ │ ├── destination-rule.yaml # Define subsets v1 / v2
│ │ └── traffic-split.yaml # Canary 90/10 weights VirtualService
│ └── monitoring/
│ ├── prometheus-rules.yaml # SRE custom alert groups
│ └── servicemonitor.yaml # Prometheus auto-scrape config
├── jenkins/ # Continuous Integration configurations
│ ├── Dockerfile # Custom Jenkins image with CLI capabilities
│ └── Jenkinsfile # Multi-stage CI/CD pipeline
└── docs/ # Handover Documentation
├── deployment_guide.md # Detailed deployment instructions
├── troubleshooting_guide.md # SRE debugging playbook
└── interview_prep.md # Resume bullets & mock interview prep
Ready to dive in? Navigate to the guides below:
- Deployment Instructions: Follow the step-by-step Deployment Guide to set up Docker, Minikube, Terraform, and K8s.
- Troubleshooting Playbook: Encountering connection issues or permission errors? Reference the Troubleshooting Guide.
- Interview & Resume Prep: Access the Interview Preparation Guide to see resume bullet templates and common DevOps interview questions.