A complete production-grade cloud-native application demonstrating modern DevOps practices, GitOps workflows, and AWS EKS deployment.
- Overview
- Architecture
- Repository Structure
- Technology Stack
- Features
- Prerequisites
- Quick Start
- Detailed Setup
- Application Components
- Infrastructure Details
- GitOps Workflow
- CI/CD Pipeline
- Monitoring & Operations
- Security
- Troubleshooting
- Contributing
BIGRS is a modern task management application built with a microservices architecture, deployed on AWS EKS using GitOps principles. The project demonstrates industry best practices for cloud-native applications including:
- Infrastructure as Code (Terraform)
- GitOps deployment (ArgoCD)
- CI/CD automation (Jenkins)
- Container orchestration (Kubernetes)
- Secret management (External Secrets Operator)
- Automated image updates (ArgoCD Image Updater)
- TLS certificate management (cert-manager)
- High availability and auto-scaling
Live Application:
- Frontend: https://bigrs.app
- Backend API: https://api.bigrs.app
- ArgoCD: https://argocd.bigrs.app
- Jenkins: https://jenkins.bigrs.app
┌─────────────────────────────────────────────────────────────────────────┐
│ AWS Cloud │
│ │
│ ┌────────────────────────────────────────────────────────────────────┐ │
│ │ VPC (Multi-AZ) │ │
│ │ │ │
│ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │
│ │ │ Public Subnet│ │ Public Subnet│ │ Public Subnet│ │ │
│ │ │ (AZ-1) │ │ (AZ-2) │ │ (AZ-3) │ │ │
│ │ │ │ │ │ │ │ │ │
│ │ │ ┌────────┐ │ │ ┌────────┐ │ │ ┌────────┐ │ │ │
│ │ │ │NAT GW │ │ │ │NAT GW │ │ │ │NAT GW │ │ │ │
│ │ │ └────────┘ │ │ └────────┘ │ │ └────────┘ │ │ │
│ │ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │ │
│ │ │ │ │ │ │
│ │ ┌──────▼──────┐ ┌───────▼──────┐ ┌──────▼───────┐ │ │
│ │ │Private Sub │ │Private Sub │ │Private Sub │ │ │
│ │ │ (AZ-1) │ │ (AZ-2) │ │ (AZ-3) │ │ │
│ │ │ │ │ │ │ │ │ │
│ │ │ ┌─────────┐ │ │ ┌─────────┐ │ │ ┌─────────┐ │ │ │
│ │ │ │EKS Nodes│ │ │ │EKS Nodes│ │ │ │EKS Nodes│ │ │ │
│ │ │ └─────────┘ │ │ └─────────┘ │ │ └─────────┘ │ │ │
│ │ └─────────────┘ └──────────────┘ └──────────────┘ │ │
│ └────────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────────────────────┐ │
│ │ EKS Cluster Components │ │
│ │ │ │
│ │ ┌────────────┐ ┌────────────┐ ┌────────────┐ ┌──────────┐ │ │
│ │ │ ArgoCD │ │ Jenkins │ │ Nginx │ │ Cert │ │ │
│ │ │ │ │ │ │ Ingress │ │ Manager │ │ │
│ │ └────────────┘ └────────────┘ └────────────┘ └──────────┘ │ │
│ │ │ │
│ │ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ │
│ │ │ External │ │ Image │ │ ECR │ │ │
│ │ │ Secrets │ │ Updater │ │ Token │ │ │
│ │ └────────────┘ └────────────┘ └────────────┘ │ │
│ │ │ │
│ │ ┌─────────────────────────────────────────────────────────┐ │ │
│ │ │ Task Manager Application │ │ │
│ │ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌────────┐ │ │ │
│ │ │ │ Frontend │ │ Backend │ │ Redis │ │ MySQL │ │ │ │
│ │ │ │ (Nginx) │ │(Node.js) │ │ (Cache) │ │ (RDS) │ │ │ │
│ │ │ └──────────┘ └──────────┘ └──────────┘ └────────┘ │ │ │
│ │ └─────────────────────────────────────────────────────────┘ │ │
│ └─────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ ECR │ │ RDS MySQL │ │ Secrets │ │
│ │ Repositories│ │ Database │ │ Manager │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
└─────────────────────────────────────────────────────────────────────────┘
┌──────────┐
│ User │
└────┬─────┘
│
▼
┌──────────────────────────┐
│ Route53 / CloudFlare │
│ DNS Resolution │
└────┬─────────────────────┘
│
▼
┌──────────────────────────┐
│ Network Load Balancer │
│ (AWS NLB) │
└────┬─────────────────────┘
│
▼
┌──────────────────────────┐
│ NGINX Ingress │
│ Controller │
│ - TLS Termination │
│ - Routing │
└────┬─────────────────────┘
│
├──────────────────────────────┬──────────────────────┐
▼ ▼ ▼
┌──────────┐ ┌──────────────┐ ┌────────────────┐
│ Frontend │ │ Backend │ │ ArgoCD │
│ (Nginx) │──────────────│ (API) │ │ (GitOps) │
│ │ HTTP │ │ │ │
│ bigrs.app│ │api.bigrs.app │ │argocd.bigrs.app│
└──────────┘ └──────┬───────┘ └────────────────┘
│
┌────────────┼────────────┐
▼ ▼ ▼
┌─────────┐ ┌─────────┐ ┌─────────┐
│ Redis │ │ MySQL │ │ Secrets │
│ (Cache) │ │ (RDS) │ │ Manager │
└─────────┘ └─────────┘ └─────────┘
The project is organized into three main repositories:
Contains all Terraform code for provisioning AWS infrastructure:
Infrastructure/
├── terraform/
│ ├── environment/
│ │ ├── dev/ # Development environment
│ │ │ ├── main.tf
│ │ │ ├── variables.tf
│ │ │ ├── terraform.tfvars
│ │ │ ├── outputs.tf
│ │ │ ├── provider.tf
│ │ │ └── creds # AWS credentials (gitignored)
│ │ └── prod/ # Production environment
│ │ └── (same structure as dev)
│ └── modules/
│ ├── vpc/ # Network infrastructure
│ ├── eks/ # Kubernetes cluster
│ ├── ecr/ # Container registry
│ ├── iam/ # IAM roles & policies
│ ├── rds/ # MySQL database
│ ├── bastion/ # Bastion host (prod only)
│ └── argocd/ # ArgoCD bootstrap
├── scripts/
│ ├── bootstrap-argocd.sh # ArgoCD installation
│ ├── cleanup-argocd.sh # ArgoCD cleanup
│ └── delete-nlb.sh # Load balancer cleanup
├── argocd/
│ └── bootstrap-app.yaml # App of Apps config
└── helm-values/
└── argocd-values.yaml # ArgoCD customization
Key Features:
- Multi-AZ high availability
- Auto-scaling node groups
- Private subnet deployment
- Pod Identity (modern IRSA)
- S3 backend state management
- Automated cleanup scripts
Contains Kubernetes manifests and ArgoCD applications:
Platform/
├── argo-apps/ # ArgoCD Application definitions
│ ├── pre-apps.yaml # Prerequisites (wave -1)
│ ├── cert-manager.yaml # TLS certificates (wave 0)
│ ├── cert-manager-issuers.yaml # Let's Encrypt issuer (wave 1)
│ ├── nginx-ingress-controller.yaml # Ingress controller (wave 2)
│ ├── external-secrets-operator.yaml # Secret manager (wave 3)
│ ├── external-secrets-app.yaml # Secret store config (wave 4)
│ ├── jenkins-app.yaml # CI/CD server (wave 5)
│ ├── image-updater-app.yaml # Auto updates (wave 6)
│ └── nodejs-app.yaml # Main application (wave 7)
│
├── helm-values/ # Helm chart values
│ ├── cert-manager-values.yaml
│ ├── cluster_issuer.yaml
│ ├── nginx-values.yaml
│ ├── nginx-values-tf.yaml # Terraform-generated
│ ├── jenkins-values.yaml
│ ├── external-secrets-values.yaml
│ └── image-updater-values.yaml
│
└── apps/ # Application manifests
├── pre-apps/ # Bootstrap resources
│ ├── nginx-ingress-contrller/
│ ├── pre-jenkins/
│ ├── pre-ESO/
│ ├── ecr-token-refresher/
│ └── argocd-ingress.yaml
│
├── external-secrets/ # Secret management
│ ├── cluster-secretstore.yaml
│ └── secrets/
│ └── db-credentials.yaml
│
└── nodejs-app/ # Task Manager app
├── Backend/
│ ├── backend-deployment.yaml
│ ├── configmap.yaml
│ └── backend-ingress.yaml # api.bigrs.app
├── Frontend/
│ ├── frontend-deployment.yaml
│ └── ingress.yaml # bigrs.app
├── Redis/
│ └── redis-deployment.yaml
├── serviceaccount.yaml
└── kustomization.yaml
Key Features:
- App of Apps pattern
- Sync wave ordering
- Multi-source applications
- Automated image updates
- Secret synchronization
- Network policies
Contains application source code:
nodejs_app/
├── server.js # Express server
├── package.json
├── Dockerfile.backend
├── Dockerfile.frontend
├── Jenkinsfile # CI/CD pipeline
├── docker-compose.yml # Local development
├── docker-entrypoint.sh
├── docker-entrypoint-frontend.sh
│
├── config/ # Configuration
│ ├── database.js # MySQL connection pool
│ └── redis.js # Redis client
│
├── controllers/ # Business logic
│ └── taskController.js
│
├── models/ # Data models
│ └── Task.js
│
├── routes/ # API routes
│ └── tasks.js
│
├── public/ # Frontend (SPA)
│ ├── index.html
│ ├── css/
│ │ └── style.css
│ └── js/
│ └── app.js
│
├── scripts/ # Utilities
│ └── init-db.js # Database initialization
│
├── k8s/ # Kubernetes manifests
│ ├── namespace.yaml
│ ├── backend-deployment.yaml
│ ├── frontend-deployment.yaml
│ ├── redis-deployment.yaml
│ ├── mysql-deployment.yaml
│ ├── configmaps.yaml
│ ├── secrets.yaml
│ ├── persistent-volumes.yaml
│ ├── ingress.yaml
│ └── deploy.sh
│
└── nginx.conf # Frontend web server config
Key Features:
- RESTful API
- Redis caching
- MySQL persistence
- Health checks
- Docker multi-stage builds
- Horizontal pod autoscaling
- Cloud Provider: AWS
- IaC Tool: Terraform 1.5+
- Kubernetes: AWS EKS 1.31
- Container Registry: Amazon ECR
- Database: Amazon RDS MySQL 8.0
- Cache: Redis 7.0
- Load Balancer: AWS Network Load Balancer
- DNS: Route53 / CloudFlare
- Secrets: AWS Secrets Manager
- GitOps: ArgoCD 8.1.0
- CI/CD: Jenkins 2.528.1-lts-jdk21
- Ingress: NGINX Ingress Controller 4.14.0
- TLS: cert-manager 1.16.1 + Let's Encrypt
- Secret Management: External Secrets Operator 1.0.0
- Image Updates: ArgoCD Image Updater 0.14.0
- Package Manager: Helm 3.x
- Backend: Node.js 18 + Express.js 4.18
- Frontend: HTML5, CSS3, JavaScript (Vanilla) + Tailwind CSS
- Database ORM: mysql2 (Promise-based)
- Cache Client: redis 4.6
- Web Server: Nginx (Alpine)
- Version Control: Git + GitHub
- Container Runtime: Docker 25.x
- Container Orchestration: Docker Compose 2.x
- Code Editor: VS Code (recommended)
- CLI Tools: kubectl, helm, aws-cli, terraform
- ✅ Task Management: Create, read, update, delete tasks
- ✅ Status Tracking: Pending, In Progress, Completed
- ✅ Priority Levels: Low, Medium, High
- ✅ Due Dates: Track task deadlines
- ✅ Statistics Dashboard: Real-time task metrics
- ✅ Redis Caching: ~80% faster response times
- ✅ Responsive UI: Mobile-friendly design
- ✅ Real-time Updates: Live task synchronization
- 🏗️ Multi-AZ Deployment: High availability across 3 AZs
- 🔄 Auto-scaling: HPA for both frontend and backend
- 🔐 Pod Identity: Secure AWS service access
- 🌐 Private Networking: Services in private subnets
- 💾 Persistent Storage: EBS volumes for stateful apps
- 🔒 Network Policies: Restricted pod-to-pod communication
- 🚀 Blue-Green Deployments: Zero-downtime updates
- 📊 Resource Limits: CPU and memory constraints
- 🔄 GitOps Workflow: Declarative infrastructure
- 🤖 Automated CI/CD: Build, test, deploy pipeline
- 🖼️ Automated Image Updates: Latest images auto-deployed
- 🔐 Secret Management: External Secrets Operator
- 📜 TLS Certificates: Automated cert issuance/renewal
- 🔍 Health Monitoring: Liveness and readiness probes
- 📦 Container Scanning: ECR image vulnerability scans
- 🧹 Automated Cleanup: Resource lifecycle management
For Infrastructure Deployment:
- AWS CLI 2.x
- Terraform 1.5+
- kubectl 1.28+
- helm 3.x
- Git 2.x
For Application Development:
- Node.js 18+
- Docker 25.x
- Docker Compose 2.x
- MySQL 8.0 (for local development)
- Redis 7.0 (for local development)
AWS Account Setup:
- AWS account with appropriate permissions
- IAM user with programmatic access
- AWS credentials configured (
aws configure)
Required IAM Permissions:
- EC2 (VPC, Security Groups, etc.)
- EKS (Cluster management)
- ECR (Container registry)
- RDS (Database)
- IAM (Role management)
- S3 (Terraform state)
- Secrets Manager (Secret storage)
- EBS (Persistent volumes)
- ELB (Load balancers)
Estimated AWS Costs:
- EKS Control Plane: ~$73/month
- EC2 Instances (3x t3.medium): ~$90/month
- RDS MySQL (db.t3.micro): ~$15/month
- NAT Gateways (3x): ~$100/month
- Load Balancers: ~$20/month
- Total: ~$300/month (varies by usage)
- Domain name (e.g., bigrs.app)
- DNS management access (Route53 or CloudFlare)
- SSL/TLS certificate (automated via Let's Encrypt)
- GitHub account
- Personal Access Token (PAT) with repo permissions
- Three repositories created:
- Infrastructure
- Platform
- nodejs_app
# Clone all three repositories
git clone https://github.com/BIGRS-ITI/Infrastructure.git
git clone https://github.com/BIGRS-ITI/Platform.git
git clone https://github.com/BIGRS-ITI/nodejs_app.gitcd Infrastructure/terraform/environment/dev
# Create credentials file
cat > creds << EOF
[default]
aws_access_key_id = YOUR_AWS_ACCESS_KEY
aws_secret_access_key = YOUR_AWS_SECRET_KEY
EOF
chmod 600 creds# Edit terraform.tfvars
vim terraform.tfvarsMinimum required variables:
cluster_name = "bigrs-cluster"
aws_region = "us-east-1"
github_platform_repo = "BIGRS-ITI/Platform"
github_token = "ghp_your_github_token"# Initialize Terraform
terraform init
# Review plan
terraform plan
# Deploy (takes ~15-20 minutes)
terraform apply# Configure kubectl
aws eks update-kubeconfig --name bigrs-cluster --region us-east-1
# Verify access
kubectl get nodes
kubectl get pods -A# Check ArgoCD applications
kubectl get applications -n argocd
# Wait for all apps to be healthy
kubectl wait --for=condition=Healthy application --all -n argocd --timeout=600s
# Get ingress URLs
kubectl get ingress -A# Get ArgoCD admin password
kubectl -n argocd get secret argocd-initial-admin-secret \
-o jsonpath='{.data.password}' | base64 -d
# Get Jenkins admin password
kubectl exec -n jenkins deployment/jenkins -- \
cat /run/secrets/additional/chart-admin-passwordAccess URLs:
- Task Manager: https://bigrs.app
- Backend API: https://api.bigrs.app
- ArgoCD UI: https://argocd.bigrs.app
- Jenkins: https://jenkins.bigrs.app
cd Infrastructure/terraform/environment/dev
# 1. Create AWS credentials
cat > creds << EOF
[default]
aws_access_key_id = YOUR_KEY
aws_secret_access_key = YOUR_SECRET
EOF
# 2. Configure variables
cat > terraform.tfvars << EOF
# Cluster Configuration
cluster_name = "bigrs-cluster"
eks_version = "1.31"
aws_region = "us-east-1"
# VPC Configuration
vpc_cidr = "10.0.0.0/16"
vpc_name = "bigrs-vpc"
subnets_config = {
public-1 = {
cidr_block = "10.0.1.0/24"
availability_zone = "us-east-1a"
map_public_ip = true
}
public-2 = {
cidr_block = "10.0.2.0/24"
availability_zone = "us-east-1b"
map_public_ip = true
}
public-3 = {
cidr_block = "10.0.3.0/24"
availability_zone = "us-east-1c"
map_public_ip = true
}
private-1 = {
cidr_block = "10.0.11.0/24"
availability_zone = "us-east-1a"
map_public_ip = false
}
private-2 = {
cidr_block = "10.0.12.0/24"
availability_zone = "us-east-1b"
map_public_ip = false
}
private-3 = {
cidr_block = "10.0.13.0/24"
availability_zone = "us-east-1c"
map_public_ip = false
}
}
# ECR Configuration
repositories = {
backend = {
name = "bigrs-nodejs-app-backend"
description = "Backend API container"
}
frontend = {
name = "bigrs-nodejs-app-frontend"
description = "Frontend web application"
}
}
image_retention_count = 5
scan_on_push = true
image_tag_mutability = "MUTABLE"
# GitHub Configuration
github_platform_repo = "BIGRS-ITI/Platform"
github_token = "ghp_your_token_here"
# EKS Configuration
endpoint_private_access_var = true
endpoint_public_access_var = false
node_group_instance_type = "t3.medium"
# Environment
use_bastion = false
bastion_private_key_path = ""
environment = "dev"
EOF
# 3. Initialize and deploy
terraform init
terraform plan
terraform apply -auto-approveProduction includes a bastion host for secure access:
cd Infrastructure/terraform/environment/prod
# Additional production variables:
bastion_key_name = "bigrs-bastion-key"
bastion_instance_type = "t3.micro"
bastion_allowed_cidrs = ["YOUR_IP/32"]
enable_bastion_elastic_ip = true
use_bastion = true
bastion_private_key_path = "/path/to/bastion-key.pem"cd nodejs_app
# 1. Copy environment template
cp .env.example .env
# 2. Edit environment variables
vim .env
# 3. Start with Docker Compose
docker-compose up -d
# 4. Initialize database
docker-compose exec backend npm run init-db
# 5. Access application
open http://localhost:8080Environment Variables:
# Server
NODE_ENV=development
PORT=3000
# Database
DB_HOST=mysql
DB_PORT=3306
DB_USER=taskuser
DB_PASSWORD=taskpassword
DB_NAME=taskmanager
# Redis
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=
# Cache
CACHE_TTL=300
# Frontend
FRONTEND_URL=http://localhost:8080cd nodejs_app/k8s
# 1. Update image references
vim backend-deployment.yaml
vim frontend-deployment.yaml
# 2. Deploy resources
kubectl apply -f namespace.yaml
kubectl apply -f secrets.yaml
kubectl apply -f configmaps.yaml
kubectl apply -f persistent-volumes.yaml
kubectl apply -f mysql-deployment.yaml
kubectl apply -f redis-deployment.yaml
kubectl apply -f backend-deployment.yaml
kubectl apply -f frontend-deployment.yaml
kubectl apply -f ingress.yaml
# 3. Verify deployment
kubectl get all -n taskmanagerApplications are automatically deployed via ArgoCD after infrastructure provisioning.
Deployment Flow:
- Terraform deploys ArgoCD
- ArgoCD syncs from Platform repository
- Applications deployed in sync wave order:
- Wave -1: Pre-requisites (namespaces, etc.)
- Wave 0: cert-manager
- Wave 1: Cluster issuers
- Wave 2: NGINX Ingress
- Wave 3: External Secrets Operator
- Wave 4: External Secrets app
- Wave 5: Jenkins
- Wave 6: Image Updater
- Wave 7: Task Manager app
Location: nodejs_app/
Key Features:
- RESTful API endpoints
- MySQL database integration
- Redis caching layer
- Health check endpoints
- Request validation
- Error handling middleware
API Endpoints:
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/health |
Health check |
| GET | /api/tasks |
Get all tasks (with filters) |
| GET | /api/tasks/stats |
Get task statistics |
| GET | /api/tasks/:id |
Get task by ID |
| POST | /api/tasks |
Create new task |
| PUT | /api/tasks/:id |
Update task |
| DELETE | /api/tasks/:id |
Delete task |
| GET | /api/redis-stats |
Redis cache statistics |
| POST | /api/redis-reset |
Reset Redis cache |
Request Examples:
# Create task
curl -X POST https://api.bigrs.app/api/tasks \
-H "Content-Type: application/json" \
-d '{
"title": "Deploy to production",
"description": "Deploy v2.0 to EKS cluster",
"status": "pending",
"priority": "high",
"due_date": "2025-12-01"
}'
# Get all tasks
curl https://api.bigrs.app/api/tasks
# Filter by status
curl https://api.bigrs.app/api/tasks?status=in-progress
# Get statistics
curl https://api.bigrs.app/api/tasks/stats
# Health check
curl https://api.bigrs.app/api/healthResponse Format:
{
"success": true,
"count": 5,
"data": [
{
"id": 1,
"title": "Deploy to production",
"description": "Deploy v2.0 to EKS cluster",
"status": "pending",
"priority": "high",
"due_date": "2025-12-01",
"created_at": "2025-11-18T10:00:00.000Z",
"updated_at": "2025-11-18T10:00:00.000Z"
}
]
}Location: nodejs_app/public/
Key Features:
- Single Page Application (SPA)
- Responsive design (Tailwind CSS)
- Real-time task updates
- Redis cache statistics
- Toast notifications
- Task filtering
- Dark mode support
UI Components:
- Task cards with drag-and-drop (planned)
- Statistics dashboard
- Modal forms
- Filter buttons
- Redis stats viewer
MySQL (RDS)
CREATE TABLE tasks (
id INT AUTO_INCREMENT PRIMARY KEY,
title VARCHAR(255) NOT NULL,
description TEXT,
status ENUM('pending', 'in-progress', 'completed') DEFAULT 'pending',
priority ENUM('low', 'medium', 'high') DEFAULT 'medium',
due_date DATE,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
INDEX idx_status (status),
INDEX idx_priority (priority),
INDEX idx_due_date (due_date)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;Redis Cache Strategy:
// Cache Keys Pattern
tasks:all:{"status":"pending"} // Filtered task lists
task:123 // Individual tasks
tasks:stats // Statistics
// TTL Configuration
Task List: 300 seconds (5 minutes)
Individual Task: 600 seconds (10 minutes)
Statistics: 60 seconds (1 minute)
// Cache Invalidation
- On task creation: Clear all task lists
- On task update: Clear specific task + all lists
- On task deletion: Clear specific task + all listsIngress Configuration:
# Frontend Ingress (bigrs.app)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: frontend-ingress
namespace: taskmanager
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- bigrs.app
- www.bigrs.app
secretName: bigrs-app-tls
rules:
- host: bigrs.app
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend
port:
number: 80# Backend Ingress (api.bigrs.app)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: backend-ingress
namespace: taskmanager
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "https://bigrs.app"
spec:
ingressClassName: nginx
tls:
- hosts:
- api.bigrs.app
secretName: api-bigrs-app-tls
rules:
- host: api.bigrs.app
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: backend
port:
number: 3000Network Policies:
# Backend can only access MySQL and Redis
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: backend-db-access
namespace: taskmanager
spec:
podSelector:
matchLabels:
app: backend
policyTypes:
- Egress
egress:
- to:
- podSelector:
matchLabels:
app: mysql
ports:
- protocol: TCP
port: 3306
- to:
- podSelector:
matchLabels:
app: redis
ports:
- protocol: TCP
port: 6379
- to: # DNS
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
ports:
- protocol: UDP
port: 53CIDR Blocks:
- VPC CIDR:
10.0.0.0/16 - Public Subnets:
10.0.1.0/24,10.0.2.0/24,10.0.3.0/24 - Private Subnets:
10.0.11.0/24,10.0.12.0/24,10.0.13.0/24
Resources per AZ:
- 1 Public Subnet
- 1 Private Subnet
- 1 NAT Gateway
- 1 Elastic IP
Total Resources:
- 3 Availability Zones
- 6 Subnets (3 public + 3 private)
- 3 NAT Gateways
- 3 Elastic IPs
- 1 Internet Gateway
- 4 Route Tables (1 public + 3 private)
Control Plane:
- Version: Kubernetes 1.31
- Endpoint: Private + Public access
- Authentication: API + ConfigMap
- Pod Identity: Enabled
Node Group:
- Instance Type: t3.medium
- Min Nodes: 3
- Desired: 3
- Max Nodes: 6
- Capacity Type: ON_DEMAND
- Labels:
role=general
Addons:
- vpc-cni (Latest)
- kube-proxy (Latest)
- coredns (Latest)
- ebs-csi-driver (Latest)
- pod-identity-agent (Latest)
Cluster Roles:
- eks-cluster-role: EKS control plane
- eks-nodes-role: Worker nodes
- ebs-csi-driver-role: Volume provisioning
Pod Identity Roles: 4. jenkins-role: ECR push access 5. argo-image-updater-role: ECR read access 6. nodejs-app-role: ECR pull access 7. external-secrets-role: AWS Secrets Manager access 8. nginx-ingress-role: Load balancer management 9. bastion-role: EKS API access (prod only)
Instance Details:
- Engine: MySQL 8.0
- Instance Class: db.t3.micro
- Storage: 20 GB gp2
- Multi-AZ: Disabled (dev), Enabled (prod)
- Backup Retention: 7 days
- Encryption: Enabled
Network:
- Deployment: Private subnets only
- Security Group: EKS nodes only
- Port: 3306
Connection String:
mysql://admin:password@bigrs-rds.xxxxx.us-east-1.rds.amazonaws.com:3306/mydb
Created Repositories:
bigrs-nodejs-app-backendbigrs-nodejs-app-frontend
Features:
- Scan on push: Enabled
- Image tagging: MUTABLE
- Lifecycle policy: Keep last 5 images
- Encryption: KMS (AES256)
Image Naming Convention:
backend-{BUILD_NUMBER}
backend-latest
frontend-{BUILD_NUMBER}
frontend-latest
Installation:
- Deployed by Terraform automatically
- Namespace:
argocd - Release: Helm chart version 8.1.0
- Access: https://argocd.bigrs.app
Configuration:
# Bootstrap Application (App of Apps)
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: platform-apps
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/BIGRS-ITI/Platform
path: argo-apps
targetRevision: prod
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: trueArgoCD deploys applications in order using sync waves:
Wave -1: Prerequisites
- Namespaces (jenkins, external-secrets, ingress-nginx, taskmanager)
- Priority classes
- Storage classes
- Persistent volumes
Wave 0: Certificate Management
- cert-manager deployment
- CRDs installation
Wave 1: Certificate Issuers
- ClusterIssuer for Let's Encrypt
Wave 2: Ingress Controller
- NGINX Ingress Controller
- LoadBalancer service
Wave 3: Secret Management
- External Secrets Operator
- CRDs installation
Wave 4: Secret Store
- ClusterSecretStore configuration
- AWS Secrets Manager integration
Wave 5: Platform Services
- Jenkins deployment
- Jenkins ingress
Wave 6: Automation
- ArgoCD Image Updater
- ECR token refresher (CronJob)
- ArgoCD ingress
Wave 7: Applications
- Task Manager frontend
- Task Manager backend
- Redis cache
- MySQL client pods
Several applications use ArgoCD's multi-source feature:
# Example: cert-manager
sources:
# Helm chart from upstream
- repoURL: https://charts.jetstack.io
chart: cert-manager
targetRevision: v1.16.1
helm:
valueFiles:
- $values/helm-values/cert-manager-values.yaml
# Values from Platform repo
- repoURL: https://github.com/BIGRS-ITI/Platform
targetRevision: prod
ref: valuesConfiguration:
# Automatic image updates
annotations:
argocd-image-updater.argoproj.io/image-list: |
backend=608713827966.dkr.ecr.us-east-1.amazonaws.com/bigrs-nodejs-app-backend,
frontend=608713827966.dkr.ecr.us-east-1.amazonaws.com/bigrs-nodejs-app-frontend
argocd-image-updater.argoproj.io/backend.update-strategy: newest-build
argocd-image-updater.argoproj.io/frontend.update-strategy: newest-build
argocd-image-updater.argoproj.io/backend.allow-tags: regexp:^backend-([0-9]+)$
argocd-image-updater.argoproj.io/frontend.allow-tags: regexp:^frontend-([0-9]+)$
argocd-image-updater.argoproj.io/write-back-method: git
argocd-image-updater.argoproj.io/write-back-target: "kustomization:."Update Flow:
- Image Updater checks ECR every 2 minutes
- Detects new image tags matching pattern
- Updates kustomization.yaml in Platform repo
- Commits change with message
- ArgoCD detects Git change
- Syncs new image to cluster
Purpose: Keeps ArgoCD credentials fresh for ECR access
Components:
- Initial Job: Runs on deployment
- CronJob: Runs every 6 hours
- Secret:
ecr-credentialsin argocd namespace
How it works:
# Get ECR authorization token
TOKEN=$(aws ecr get-authorization-token --query 'authorizationData[0].authorizationToken' --output text)
# Decode to get password
PASSWORD=$(echo $TOKEN | base64 -d | cut -d: -f2)
# Create Kubernetes secret
kubectl create secret docker-registry ecr-credentials \
--docker-server=608713827966.dkr.ecr.us-east-1.amazonaws.com \
--docker-username=AWS \
--docker-password=$PASSWORD \
-n argocdDeployment:
- Namespace:
jenkins - Persistent Storage: 20Gi EBS volume
- JDK: 21 LTS
- Configuration: JCasC (YAML)
- Access: https://jenkins.bigrs.app
Agent Configuration:
# Kubernetes cloud with docker-in-docker
templates:
- name: docker-build
label: jenkins-agent
containers:
- name: jnlp
image: jenkins/inbound-agent:latest
resources:
requests:
cpu: 200m
memory: 256Mi
limits:
cpu: 1000m
memory: 1Gi
- name: docker
image: docker:25.0.0-dind
privileged: true
command: dockerd-entrypoint.sh
args: --host=tcp://0.0.0.0:2375
- name: aws-cli
image: amazon/aws-cli:2.17.0
command: catJenkinsfile Overview:
pipeline {
agent { label 'jenkins-agent' }
stages {
stage('Checkout') {
// Clone repository
}
stage('Get AWS Account ID') {
container('aws-cli') {
// Retrieve account ID for ECR
}
}
stage('Build Docker Images') {
parallel {
stage('Build Backend') {
container('docker') {
// Build backend image
}
}
stage('Build Frontend') {
container('docker') {
// Build frontend image
}
}
}
}
stage('Login to ECR') {
container('aws-cli') {
// Get ECR credentials
}
container('docker') {
// Docker login
}
}
stage('Tag Images for ECR') {
parallel {
stage('Tag Backend') { }
stage('Tag Frontend') { }
}
}
stage('Push to ECR') {
parallel {
stage('Push Backend') { }
stage('Push Frontend') { }
}
}
stage('Cleanup') {
// Remove local images
}
stage('Verify Push') {
container('aws-cli') {
// Verify in ECR
}
}
}
}Step-by-Step:
-
Checkout Code: Clone from GitHub
git clone https://github.com/BIGRS-ITI/nodejs_app.git
-
Build Images: Parallel builds
# Backend docker build -f Dockerfile.backend -t backend:${BUILD_NUMBER} . # Frontend docker build -f Dockerfile.frontend -t frontend:${BUILD_NUMBER} .
-
Push to ECR:
# Login aws ecr get-login-password | docker login --username AWS --password-stdin ${ECR_REGISTRY} # Tag docker tag backend:${BUILD_NUMBER} ${ECR_REGISTRY}/bigrs-nodejs-app-backend:backend-${BUILD_NUMBER} # Push docker push ${ECR_REGISTRY}/bigrs-nodejs-app-backend:backend-${BUILD_NUMBER} docker push ${ECR_REGISTRY}/bigrs-nodejs-app-backend:backend-latest
-
ArgoCD Auto-Sync:
- Image Updater detects new image
- Updates kustomization.yaml
- ArgoCD syncs to cluster
Manual Trigger:
# Via Jenkins UI
https://jenkins.bigrs.app/job/codebuild/build
# Via CLI
curl -X POST https://jenkins.bigrs.app/job/codebuild/build \
-u admin:API_TOKEN \
-H "Jenkins-Crumb: $CRUMB"Webhook Trigger (Optional):
# GitHub Webhook
URL: https://jenkins.bigrs.app/github-webhook/
Events: Push, Pull RequestAutomated Trigger on Deployment:
# Job in Platform repo
apiVersion: batch/v1
kind: Job
metadata:
name: trigger-jenkins-pipeline
namespace: jenkins
spec:
template:
spec:
containers:
- name: trigger
image: curlimages/curl:7.88.1
command: ["/bin/sh", "-c"]
args:
- |
# Wait for Jenkins
until curl -s http://jenkins:8080/login; do sleep 5; done
# Get crumb
CRUMB=$(curl -s -u admin:$PASSWORD \
http://jenkins:8080/crumbIssuer/api/json | jq -r '.crumb')
# Trigger build
curl -X POST http://jenkins:8080/job/codebuild/build \
-u admin:$PASSWORD \
-H "Jenkins-Crumb: $CRUMB"Backend Health Endpoint:
curl https://api.bigrs.app/api/health
# Response:
{
"status": "ok",
"timestamp": "2025-11-19T12:00:00.000Z",
"services": {
"database": "connected",
"redis": "connected",
"api": "running"
}
}Kubernetes Probes:
# Liveness Probe
livenessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
# Readiness Probe
readinessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3Check Pod Resources:
# CPU and Memory usage
kubectl top pods -n taskmanager
# Detailed resource metrics
kubectl describe nodeHPA Status:
# Check autoscaler status
kubectl get hpa -n taskmanager
# Watch scaling events
kubectl get hpa -n taskmanager --watchView Application Logs:
# Backend logs
kubectl logs -f deployment/backend -n taskmanager
# Frontend logs
kubectl logs -f deployment/frontend -n taskmanager
# Redis logs
kubectl logs -f deployment/redis -n taskmanager
# Follow logs from all pods
kubectl logs -f -l app=backend -n taskmanager --all-containers=trueArgoCD Logs:
# Application controller
kubectl logs -f deployment/argocd-application-controller -n argocd
# Image updater
kubectl logs -f deployment/argocd-image-updater -n argocd
# Repo server
kubectl logs -f deployment/argocd-repo-server -n argocdJenkins Logs:
# Jenkins master
kubectl logs -f deployment/jenkins -n jenkins
# Build logs (via UI)
https://jenkins.bigrs.app/job/codebuild/lastBuild/consoleRedis Cache Statistics:
Access via UI: https://bigrs.app → Click "Redis Stats" button
Or via API:
curl https://api.bigrs.app/api/redis-stats
# Response:
{
"success": true,
"data": {
"total_commands_processed": "15234",
"keyspace_hits": "12187",
"keyspace_misses": "3047",
"hit_rate": "80.00%",
"cached_keys": 15,
"keys": ["tasks:all:{}", "task:1", "task:2", ...]
}
}Task Statistics:
curl https://api.bigrs.app/api/tasks/stats
# Response:
{
"success": true,
"data": {
"total": 25,
"pending": 8,
"in_progress": 12,
"completed": 5,
"high_priority": 7,
"overdue": 3
}
}Database Backup:
# Manual backup
kubectl exec -n taskmanager deployment/mysql -- \
mysqldump -u admin -p mydb > backup-$(date +%Y%m%d).sql
# Restore
kubectl exec -i -n taskmanager deployment/mysql -- \
mysql -u admin -p mydb < backup-20251119.sqlRDS Automated Backups:
- Retention: 7 days
- Window: 03:00-04:00 UTC
- Point-in-time recovery enabled
Persistent Volume Backup:
# Create volume snapshot
kubectl get pvc -n taskmanager
kubectl get volumesnapshot -n taskmanager
# Using AWS EBS snapshots
aws ec2 create-snapshot --volume-id vol-xxxxxExternal Secrets Operator:
# ClusterSecretStore
apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
metadata:
name: aws-secretsmanager
spec:
provider:
aws:
service: SecretsManager
region: us-east-1
auth:
jwt:
serviceAccountRef:
name: external-secrets
namespace: external-secretsCreating Secrets:
# Store in AWS Secrets Manager
aws secretsmanager create-secret \
--name prod/DB_CREDENTIALS \
--secret-string '{
"DB_PASSWORD": "your-secure-password",
"DB_USER": "admin",
"DB_HOST": "bigrs-rds.xxxxx.rds.amazonaws.com",
"DB_PORT": "3306",
"DB_NAME": "mydb"
}'
# ExternalSecret syncs to Kubernetes
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: db-credentials
namespace: taskmanager
spec:
secretStoreRef:
name: aws-secretsmanager
kind: ClusterSecretStore
target:
name: db-credentials
dataFrom:
- extract:
key: prod/DB_CREDENTIALSBackend Isolation:
# Only allow backend to talk to MySQL and Redis
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: backend-db-access
spec:
podSelector:
matchLabels:
app: backend
policyTypes:
- Egress
egress:
- to:
- podSelector:
matchLabels:
app: mysql
ports:
- port: 3306
- to:
- podSelector:
matchLabels:
app: redis
ports:
- port: 6379Security Context:
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: trueCertificate Management:
- Provider: Let's Encrypt
- Automation: cert-manager
- Renewal: Automatic (90 days)
- Domains: bigrs.app, api.bigrs.app, argocd.bigrs.app, jenkins.bigrs.app
Cert Issuance:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: admin@bigrs.app
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginxPod Identity (Modern IRSA):
- No long-lived credentials
- Automatic token rotation
- Scoped permissions per service
- Audit trail via CloudTrail
Least Privilege:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability"
],
"Resource": "arn:aws:ecr:us-east-1:ACCOUNT:repository/bigrs-*"
}]
}Symptoms:
- Application stuck in "Progressing" state
- Sync errors in UI
Solutions:
# Check application status
kubectl describe application nodejs-app -n argocd
# View sync errors
argocd app get nodejs-app
# Force refresh
argocd app get nodejs-app --refresh
# Manual sync
argocd app sync nodejs-app
# Hard refresh (ignore cache)
argocd app sync nodejs-app --forceSymptoms:
- Pods stuck in ImagePullBackOff
- Error: "Failed to pull image"
Solutions:
# Check image exists in ECR
aws ecr describe-images \
--repository-name bigrs-nodejs-app-backend \
--region us-east-1
# Verify ECR credentials secret
kubectl get secret ecr-credentials -n argocd
kubectl describe secret ecr-credentials -n argocd
# Refresh ECR token
kubectl delete job ecr-token-refresher-init -n argocd
kubectl apply -f Platform/apps/pre-apps/ecr-token-refresher/
# Check Pod Identity
kubectl describe pod <pod-name> -n taskmanagerSymptoms:
- Backend logs: "MySQL connection failed"
- Health check returns database: "disconnected"
Solutions:
# Check RDS endpoint
terraform output rds_endpoint
# Verify secret
kubectl get secret db-credentials -n taskmanager -o yaml
# Test connection from pod
kubectl exec -it deployment/backend -n taskmanager -- \
mysql -h $DB_HOST -u $DB_USER -p$DB_PASSWORD
# Check security group rules
aws ec2 describe-security-groups \
--group-ids sg-xxxxx \
--region us-east-1Symptoms:
- Cache misses: 100%
- Backend logs: "Redis connection error"
Solutions:
# Check Redis pod
kubectl get pods -l app=redis -n taskmanager
kubectl logs deployment/redis -n taskmanager
# Test Redis connection
kubectl exec -it deployment/backend -n taskmanager -- sh
redis-cli -h redis ping
# Restart Redis
kubectl rollout restart deployment/redis -n taskmanagerSymptoms:
- Ingress has no TLS
- Certificate stuck in "Pending"
Solutions:
# Check certificate status
kubectl get certificate -A
kubectl describe certificate bigrs-app-tls -n taskmanager
# Check cert-manager logs
kubectl logs -n cert-manager deployment/cert-manager
# Check challenges
kubectl get challenges -A
kubectl describe challenge <challenge-name> -n taskmanager
# Verify DNS
dig bigrs.app
nslookup bigrs.app
# Delete and recreate
kubectl delete certificate bigrs-app-tls -n taskmanagerSymptoms:
- Pipeline fails at build stage
- ECR push errors
Solutions:
# Check Jenkins pod
kubectl logs deployment/jenkins -n jenkins
# Verify IAM role
kubectl describe sa jenkins -n jenkins
# Test ECR access from Jenkins pod
kubectl exec -it deployment/jenkins -n jenkins -- \
aws ecr describe-repositories --region us-east-1
# Check agent pods
kubectl get pods -l jenkins=agent -n jenkins
# View build logs
# Access via Jenkins UI: https://jenkins.bigrs.appSymptoms:
- New images pushed but not deployed
- Image Updater logs show errors
Solutions:
# Check Image Updater logs
kubectl logs deployment/argocd-image-updater -n argocd
# Verify ECR credentials
kubectl get secret ecr-credentials -n argocd
# Check registries configuration
kubectl get cm argocd-image-updater-config -n argocd -o yaml
# Test ECR access
kubectl exec deployment/argocd-image-updater -n argocd -- \
aws ecr describe-images --repository-name bigrs-nodejs-app-backend
# Force update
argocd app set nodejs-app --parameter image.tag=backend-88Symptoms:
- Service type LoadBalancer has no external IP
- NLB not created in AWS
Solutions:
# Check service
kubectl get svc -n ingress-nginx
kubectl describe svc ingress-nginx-controller -n ingress-nginx
# Check AWS Load Balancer Controller logs
kubectl logs -n kube-system deployment/aws-load-balancer-controller
# Verify subnet tags
aws ec2 describe-subnets \
--filters "Name=tag:kubernetes.io/role/elb,Values=1"
# Check events
kubectl get events -n ingress-nginx --sort-by='.lastTimestamp'General Debugging:
# Get all resources in namespace
kubectl get all -n taskmanager
# Describe pod for events
kubectl describe pod <pod-name> -n taskmanager
# Get pod YAML
kubectl get pod <pod-name> -n taskmanager -o yaml
# Execute command in pod
kubectl exec -it <pod-name> -n taskmanager -- sh
# Port forward for local testing
kubectl port-forward svc/backend 3000:3000 -n taskmanager
# Check resource usage
kubectl top pods -n taskmanager
kubectl top nodes
# View events
kubectl get events -n taskmanager --sort-by='.lastTimestamp'ArgoCD Debugging:
# List all applications
argocd app list
# Get application details
argocd app get nodejs-app
# View application tree
argocd app resources nodejs-app
# Get sync status
argocd app sync-status nodejs-app
# View diff
argocd app diff nodejs-app
# Get logs
argocd app logs nodejs-appTerraform Debugging:
# Validate configuration
terraform validate
# View plan
terraform plan
# Show state
terraform state list
terraform state show module.eks.aws_eks_cluster.eks
# Taint resource for recreation
terraform taint module.eks.aws_eks_cluster.eks
# Import existing resource
terraform import module.vpc.aws_vpc.main vpc-xxxxx-
Fork Repositories
# Fork on GitHub, then clone git clone https://github.com/YOUR_USERNAME/Infrastructure.git git clone https://github.com/YOUR_USERNAME/Platform.git git clone https://github.com/YOUR_USERNAME/nodejs_app.git -
Create Feature Branch
git checkout -b feature/your-feature-name
-
Make Changes
- Follow code style guidelines
- Add tests if applicable
- Update documentation
-
Test Locally
# For application changes cd nodejs_app docker-compose up -d npm test # For infrastructure changes cd Infrastructure/terraform/environment/dev terraform plan
-
Commit Changes
git add . git commit -m "feat: add new feature description" # Follow conventional commits: # feat: new feature # fix: bug fix # docs: documentation # style: formatting # refactor: code restructuring # test: adding tests # chore: maintenance
-
Push and Create PR
git push origin feature/your-feature-name # Create Pull Request on GitHub
Terraform:
- Use consistent formatting:
terraform fmt - Validate before commit:
terraform validate - Add comments for complex logic
- Follow naming conventions:
resource_type-purpose
Kubernetes Manifests:
- Use YAML formatting (2 spaces)
- Add labels and annotations
- Include resource limits
- Document with comments
Application Code:
- Follow Node.js best practices
- Use async/await for async operations
- Add error handling
- Write meaningful comments
Commit Messages:
<type>(<scope>): <subject>
<body>
<footer>
Example:
feat(backend): add task priority filtering
- Add priority parameter to GET /api/tasks endpoint
- Update Task model with priority enum
- Add validation for priority values
Closes #123
Infrastructure Repository:
- Infrastructure README
- VPC Module
- EKS Module
- IAM Module
- RDS Module
- ECR Module
- ArgoCD Module
- Scripts Documentation
Platform Repository:
Application Repository:
AWS Documentation:
Kubernetes:
ArgoCD:
Terraform:
Jenkins:
Getting Started:
Advanced Topics:
Recommended:
Recommended Reading:
- Kubernetes Up & Running by Kelsey Hightower
- Terraform: Up & Running by Yevgeniy Brikman
- The DevOps Handbook by Gene Kim
- Site Reliability Engineering by Google
- ✅ Multi-AZ EKS deployment
- ✅ GitOps with ArgoCD
- ✅ CI/CD with Jenkins
- ✅ Task management application
- ✅ Automated image updates
- ✅ Secret management
- ✅ TLS certificates
- ✅ Redis caching
- ✅ MySQL database
Infrastructure:
- Multi-region deployment
- Disaster recovery setup
- Cost optimization with Spot instances
- Service mesh (Istio)
- Observability stack (Prometheus + Grafana)
- Log aggregation (ELK stack)
- Backup automation
Application:
- User authentication (OAuth2)
- Task assignments
- Email notifications
- File attachments
- Task comments
- Activity timeline
- Mobile app (React Native)
- Real-time collaboration (WebSockets)
DevOps:
- Automated testing (unit + integration)
- Performance testing (k6)
- Security scanning (Trivy, Snyk)
- Canary deployments
- A/B testing
- Feature flags
- Automated rollbacks
Monitoring:
- Prometheus metrics
- Grafana dashboards
- Alert manager
- Distributed tracing (Jaeger)
- APM (Application Performance Monitoring)
- Multi-tenancy support
- GraphQL API
- Machine learning task predictions
- Voice commands
- Integration with third-party tools (Slack, Jira)
- Advanced analytics
- Custom workflows
- API rate limiting
- Audit logging
Use GitHub Discussions or Issues with the "enhancement" label.
Feature Request Template:
**Is your feature request related to a problem?**
A clear description of the problem.
**Describe the solution you'd like**
What you want to happen.
**Describe alternatives you've considered**
Other solutions you've thought about.
**Additional context**
Mockups, examples, or other context.This project is licensed under the MIT License.
MIT License
Copyright (c) 2025 BIGRS-ITI
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
BIGRS-ITI Team
Technologies:
- AWS for cloud infrastructure
- Kubernetes community
- ArgoCD team
- cert-manager maintainers
- NGINX Ingress contributors
- Jenkins community
Special Thanks:
- ITI (Information Technology Institute)
- Open source community
- All contributors and supporters
If you find this project useful, please consider giving it a ⭐️ on GitHub!
# Clone and star all repositories
for repo in Infrastructure Platform nodejs_app; do
gh repo clone BIGRS-ITI/$repo
gh repo star BIGRS-ITI/$repo
doneLines of Code:
- Infrastructure: ~5,000 (Terraform + Scripts)
- Platform: ~3,000 (YAML manifests)
- Application: ~2,500 (JavaScript + HTML/CSS)
- Total: ~10,500 lines
Files:
- Terraform modules: 50+
- Kubernetes manifests: 80+
- Application files: 40+
- Documentation: 15+
Technologies Used:
- Infrastructure: 10+
- Platform: 12+
- Application: 8+
- Total: 30+ technologies
Performance:
- API Response Time: < 100ms (with cache)
- Frontend Load Time: < 2s
- Cache Hit Rate: > 80%
- Uptime: 99.9%
Scalability:
- Auto-scaling: 3-6 nodes
- HPA: 2-10 pods per service
- Max concurrent users: 10,000+
Security:
- Zero exposed credentials
- All traffic encrypted (TLS)
- Network policies enforced
- Regular security scans
DevOps:
- Deployment frequency: Daily
- Lead time: < 30 minutes
- MTTR (Mean Time to Recovery): < 15 minutes
- Change failure rate: < 5%
Our vision is to create a reference implementation for modern cloud-native applications that demonstrates:
- Best Practices: Industry-standard DevOps practices
- Automation: Minimal manual intervention
- Security: Security by default
- Scalability: Handle growth effortlessly
- Maintainability: Easy to understand and modify
- Documentation: Comprehensive and clear
- Community: Open source and collaborative
Backend:
// Use connection pooling
const pool = mysql.createPool({
connectionLimit: 10,
waitForConnections: true,
queueLimit: 0
});
// Implement caching
const cachedData = await cache.get(key);
if (cachedData) return cachedData;
// Use indexes on frequently queried columns
CREATE INDEX idx_status ON tasks(status);Frontend:
// Debounce search inputs
const debounce = (func, wait) => {
let timeout;
return (...args) => {
clearTimeout(timeout);
timeout = setTimeout(() => func.apply(this, args), wait);
};
};
// Lazy load images
<img loading="lazy" src="..." alt="...">
// Use service workers for offline support
navigator.serviceWorker.register('/sw.js');AWS Resources:
# Use Spot instances for dev environments
# Enable EBS GP3 (cheaper than GP2)
# Right-size instances based on metrics
# Use NAT instance instead of NAT Gateway (dev)
# Enable S3 lifecycle policies
# Use Reserved Instances for production
# Estimated savings: 40-60%Kubernetes:
# Set resource limits to avoid waste
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
# Use horizontal pod autoscaling
# Implement cluster autoscaling
# Use pod disruption budgets# Quick pod restart
kubectl rollout restart deployment/backend -n taskmanager
# Port forward multiple services
kubectl port-forward svc/backend 3000:3000 -n taskmanager &
kubectl port-forward svc/redis 6379:6379 -n taskmanager &
# Watch resources in real-time
watch kubectl get pods -n taskmanager
# Get shell in any pod
kubectl run -it --rm debug --image=alpine --restart=Never -- sh
# Copy files from pods
kubectl cp taskmanager/backend-xxx:/app/logs/error.log ./error.log
# Execute SQL in MySQL pod
kubectl exec -it deployment/mysql -n taskmanager -- \
mysql -u admin -p -e "SELECT * FROM tasks LIMIT 10;"Thank you for exploring the BIGRS Cloud-Native Task Manager Platform! This project represents a comprehensive implementation of modern DevOps practices, showcasing:
✅ Infrastructure as Code with Terraform
✅ GitOps deployment with ArgoCD
✅ CI/CD automation with Jenkins
✅ Container orchestration with Kubernetes
✅ Cloud-native architecture on AWS EKS
✅ Security best practices throughout
✅ High availability and auto-scaling
✅ Comprehensive documentation
Whether you're learning DevOps, building production systems, or contributing to open source, we hope this project serves as a valuable resource.
Happy Coding! 🚀
Last Updated: November 19, 2025
Version: 1.0.0
Maintained by: BIGRS-ITI Team