devops-project/project-documentation
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Final version of week1

Browse Source
This commit is contained in:
Florian 2025-10-28 08:50:13 +01:00
parent 6ba8b0d2af
commit b1e730fb30
3 changed files with 46 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -2,4 +2,6 @@
This will host each weeks deliverables.
- [week 0](week0.md)
- [week 0](week0.md)
- [week 1](week1.md)

BIN
assets/week1/week1.pdf Normal file
View File

Binary file not shown.

79
week1.md
View File

@ -4,6 +4,8 @@
This project will migrate the Spring PetClinic Microservices demo from its local/on-premise setup to AWS Cloud. The focus is infrastructure modernization, CI/CD automation, observability, and resilience but not application feature development.
[**Pdf Download (click me)**](assets/week1/week1.pdf)
### Stakeholders
| Role | Responsibility |
@ -57,7 +59,7 @@ This project will migrate the Spring PetClinic Microservices demo from its local
| Excluded items | Reason |
|----|----|
| Application feature or UI changes | Funcitoniality remains unchanged. |
| Application feature or UI changes | Functionality remains unchanged. |
| Multi-cloud or hybrid deployment | Focus solely on AWS environment. |
| Cost-optimization | Addressed in a later project if necessary |
@ -86,7 +88,7 @@ This project will migrate the Spring PetClinic Microservices demo from its local
| **Maintainability** | IaC | Code stored in version control |
| **Performance** | Pipeline execution time | < 10 minutes per merge |
| | Scaling | Services can be scaled horizontally |
| | API / UI response | p95 latency < 200 ms under normal demo load |
| | API / UI response | < 200 ms under normal demo load |
| **Reliability** | Deployment success rate | ≥ 99% successful deployments |
| | Alert response | Alerts trigger within < 5 minutes of failure detection |
| | Error tolerance | < 0.1% failed requests |
@ -94,24 +96,22 @@ This project will migrate the Spring PetClinic Microservices demo from its local
| **Observability** | Logs, Metrics, Traces | Centralized in monitoring solution |
| **Security** | Least-privileged Roles | Roles restricted per service; no default full-access policies |
| | Secret encryption | Secrets stored in AWS |
| **Continuity** | RPO / RTO | RPO ≤ 5 min, RTO ≤ 30 min using RDS Multi-AZ and S3 backups |
| **Cost** | Budget target | Monthly AWS cost ≤ defined cap |
## System Components — Spring PetClinic Microservices
| Component | Role / Function | Dependencies | Notes |
|----|----|----|----|
| `spring-petclinic-admin-server` | Provides admin UI and dashboards | Microservices, Config Server | Central monitoring and management interface |
| `spring-petclinic-api-gateway` | Routes external requests to microservices | Customers, Vets, Visits, GenAI services | Single entry point for all APIs; can handle load balancing |
| `spring-petclinic-config-server` | Centralized configuration | Git repo | Supplies configuration to all microservices at runtime |
| `spring-petclinic-customers-service` | Manages customer data | RDBMS, Config Server | Core domain service |
| `spring-petclinic-vets-service` | Manages veterinary staff | RDBMS, Config Server | Lookup and assignment of vets |
| `spring-petclinic-visits-service` | Manages pet visit records | RDBMS, Customers Service | Tracks appointments and visit history |
| `spring-petclinic-genai-service` | Optional AI / generative service | Microservices, RDBMS | Provides a chatbot interface to the application. |
| `spring-petclinic-discovery-server` | Service registry / discovery | All microservices | Enables service-to-service discovery |
| RDBMS | Persistent storage | Customers, Vets, Visits | Single relational database supporting multiple services |
| Component | Role / Function | Dependencies |
|----|----|----|
| `spring-petclinic-admin-server` | Provides admin UI and dashboards | Microservices, Config Server |
| `spring-petclinic-api-gateway` | Routes external requests to microservices | Customers, Vets, Visits, GenAI services |
| `spring-petclinic-config-server` | Centralized configuration | Git repo |
| `spring-petclinic-customers-service` | Manages customer data | RDBMS, Config Server |
| `spring-petclinic-vets-service` | Manages veterinary staff | RDBMS, Config Server |
| `spring-petclinic-visits-service` | Manages pet visit records | RDBMS, Customers Service |
| `spring-petclinic-genai-service` | Optional AI chat-bot | Microservices, RDBMS |
| `spring-petclinic-discovery-server` | Service registry / discovery | All microservices |
| RDBMS | Persistent storage | Customers, Vets, Visits |
## Architecture and Specifications
### Project
- Kanban as agile methodology
- Breakdown of work and phases:
@ -176,8 +176,8 @@ This project will migrate the Spring PetClinic Microservices demo from its local
| **Type** | **Service** | **Use / Description** | **IOPS / Performance** | **Volume / Size** | **Backup Strategy** |
|-----|-----|-----|-----|-----|-----|
| **1. Database (RDBMS)** | Amazon RDS (MySQL) | Structured data for each microservice schema | 3,0006,000 (gp3 default) or provisioned as needed | 20 GB per schema | Automated daily snapshots (14-day retention) |
| **2. Block Storage** | Amazon EBS (gp3) | EC2-hosted Jenkins, logs, or stateful containers | 3,000 baseline | / | Not necessary |
| **3. Object Storage** | Amazon S3 | Logs, backups, images | Standard or Infrequent Access tiers | / | Cross-region replication or versioning enabled |
| **2. Block Storage** | Amazon EBS (gp3) | EC2-hosted Jenkins & ECS servers| 3,000 baseline | / | Not necessary |
| **3. Object Storage** | Amazon S3 | Logs, backups, images | Standard or Infrequent Access tiers | / | Cross-region replication or versioning enabled |
## Data
@ -211,8 +211,8 @@ This project will migrate the Spring PetClinic Microservices demo from its local
- Isolate the network from public internet by default
### Network Segmentation & Filtering
- Public subnets: For ALB ,NAT gateway if needed.
- Private subnets: For ECS/EKS tasks, RDS, Config Server, and internal microservices.
- Public subnets: ALB, NAT gateway.
- Private subnets: ECS, RDS.
- Security groups: Service-specific firewall rules
- Tweak default ACLs if necessary
@ -240,11 +240,6 @@ This project will migrate the Spring PetClinic Microservices demo from its local
- Amazon ECR for all microservice Docker images.
- Each microservice image tagged by Git commit SHA.
#### Microservice Packaging:
- Dockerized images for each service.
- Multi-stage Docker builds to reduce image size.
#### Deployment Strategy:
- ECS tasks run one or more containers per node.
@ -263,22 +258,34 @@ This project will migrate the Spring PetClinic Microservices demo from its local
## Security
| **Area** | **Focus** | **Implementation / Notes** |
|----|----|----|
| **1. Authentication, Authorization, Auditing (AAA)** | - User & service identity <br> - Access control <br> - Activity tracking | - Spring Security with JWT or OAuth2 <br> - IAM roles restrict AWS access per service <br> - Auditing: Not relevant since we don't handle sensitive data <br> - CloudWatch for app/service logs |
| **2. Code Security** | - Application code <br> - Secrets <br> - Dependencies | - Static analysis via SonarQube or CodeQL <br> - No hardcoded credentials <br> - Secrets in AWS Secrets Manager or Parameter Store <br> - Dependency scanning (OWASP, GitHub Dependabot) |
| **3. Traffic Security** | - Encryption <br> - Routing <br> - Network boundaries | - HTTPS enforced via ALB <br> - Internal TLS optional for microservices <br> - Security groups restrict inbound/outbound ports <br> - Private subnets for internal services and databases |
| **4. Instance / Container Security** | - Node hardening <br> - Container runtime <br> - Secrets handling | - Use minimal and updated AMIs <br> - Regular patching, no direct SSH (bastion-only) <br> - Containers run as non-root users <br> - Vulnerability scanning before deploy <br> - Secrets passed via IAM roles or ECS environment vars |
| **Area** | **Implementation / Notes** |
|----|----|
| **1. Authentication, Authorization, Auditing (AAA)** | Spring Security |
| | IAM roles restrict AWS access per service |
| | Auditing: Not relevant since we don't handle sensitive data|
| | CloudWatch for app/service logs |
| **2. Code Security** | Static analysis via SonarQube|
| | No hardcoded credentials |
| | Secrets in AWS Secrets Manager |
| | Dependency scanning via Dependabot |
| **3. Traffic Security** | HTTPS enforced via ALB |
| | Internal TLS optional for microservices |
| | Security groups restrict inbound/outbound ports |
| | Private subnets for internal services and databases |
| **4. Instance / Container Security** | Use minimal and updated AMIs |
| | Regular patching, no direct SSH (bastion-only) |
| | Containers run as non-root users |
| | Vulnerability scanning before deploy |
| | Secrets passed via IAM roles or ECS environment vars |
## Observability
| **Aspect** | **Tools** | **Notes** |
|----|----|----|
| **Metrics** | **Prometheus** | Collect CPU, memory, and ECS task metrics from node exporters |
| | | If microservices expose `/prometheus`, integrate directly. |
| | | If microservices expose `prometheus-metrics`, integrate directly. |
| | **Grafana** | Dashboards for system and service health |
| **Logs** | **AWS CloudWatch Logs** | ECS task logs streamed to CloudWatch via Log Drivers. |
| **Logs** | **AWS CloudWatch Logs** | ECS task logs streamed to CloudWatch|
| | |Structured JSON logging for easy filtering and search.|
| | |Optional integration into Grafana Loki later. |
| **Traces** | **AWS X-Ray** | Trace API calls across microservices. |
| **Alerts** | **CloudWatch Alarms** | CloudWatch for infrastructure-level alerts (CPU, memory, ECS health)
| | **Grafana Alerts** | Grafana alert rules for application metrics from Prometheus. |
@ -291,7 +298,7 @@ This project will migrate the Spring PetClinic Microservices demo from its local
| **Redundancy** | Multi-AZ deployment | RDS and ECS nodes deployed across multiple Availability Zones for high availability.|
| | | Load balancer automatically routes traffic to healthy tasks. |
| **Failover** | AWS-managed failover | RDS Multi-AZ provides automatic database failover.
| | |ECS services automatically restart failed tasks on healthy nodes.|
| | |ECS services automatically restart failed tasks on healthy nodes.|
| | | Manual intervention only needed for regional failures. |
| **Backup** | AWS Backup / RDS Snapshots| Automated RDS daily backups with retention policy.
| | S3 Versioning | S3 bucket versioning for uploaded images and configs.|
@ -312,9 +319,9 @@ This project will migrate the Spring PetClinic Microservices demo from its local
| **Application Layer** | Spring Boot microservices |
| **Runtime / Platform Layer** | Docker, Amazon ECS, Amazon ECR |
| **CI/CD Layer** | Jenkins, Gitea |
| **Infrastructure Layer** | Terraform, Ansible, Amazon EC2 (for Jenkins), VPC, subnets, security groups |
| **Infrastructure Layer** | Terraform, Ansible, Amazon EC2, VPC, subnets, security groups |
| **Database / Storage Layer** | Amazon RDS (MySQL), Amazon S3, Amazon EBS |
| **Observability Layer** | Prometheus, Grafana, CloudWatch |
| **Security Layer** | AWS IAM, Security Groups, HTTPS via ALB, Secrets Manager |
| **Continuity & Recovery Layer** | RDS automated snapshots, S3 versioning/replication, multi-AZ RDS, Terraform for redeploy |
| **Network & Delivery Layer** | Application Load Balancer (ALB), Route 53 (DNS), NAT Gateway, Internet Gateway |
| **Network & Delivery Layer** | Application Load Balancer (ALB), Route 53, NAT Gateway, Internet Gateway |