Project Motivation
I started creating this project in Mid of April 2026 to integrate all the tools & concept in one instead of creating multiple ones to make a proper system by documenting each and every possible thing.
Another motivation was to make something to include in resume to showcase my skills and knowledge. Although this project doesn't include IaC at all, for which I planned to make differnet project.
Project Infra/ Flow
- This is the current infra on which this project is deployed:
- This is the CI/CD flow to deploy a service on infra:
Application Architecture
Online Boutique is a cloud-first microservices demo application. The application is a web-based e-commerce app where users can browse items, add them to the cart, and purchase them. This application works on any Kubernetes cluster.
It is composed of 11 microservices written in different languages that talk to each other over gRPC.
Find Protocol Buffers Descriptions at the ./protos directory.
| Service | Language | Description |
|---|---|---|
| frontend | Go | Exposes an HTTP server to serve the website. Does not require signup/login and generates session IDs for all users automatically. |
| cartservice | C# | Stores the items in the user's shopping cart in Redis and retrieves it. |
| productcatalogservice | Go | Provides the list of products from a JSON file and ability to search products and get individual products. |
| currencyservice | Node.js | Converts one money amount to another currency. Uses real values fetched from European Central Bank. It's the highest QPS service. |
| paymentservice | Node.js | Charges the given credit card info (mock) with the given amount and returns a transaction ID. |
| shippingservice | Go | Gives shipping cost estimates based on the shopping cart. Ships items to the given address (mock) |
| emailservice | Python | Sends users an order confirmation email (mock). |
| checkoutservice | Go | Retrieves user cart, prepares order and orchestrates the payment, shipping and the email notification. |
| recommendationservice | Python | Recommends other products based on what's given in the cart. |
| adservice | Java | Provides text ads based on given context words. |
| loadgenerator | Python/Locust | Continuously sends requests imitating realistic user shopping flows to the frontend. |
Screenshots
| Home Page | Checkout Screen |
|---|---|
 |
 |
Tooling Specs
| Tool Name | Version | Located at |
|---|---|---|
| Ubuntu Host | 22.04.15 LTS | - |
| containerd | 1.7.14 | Cluster Nodes |
| runc | 1.1.12 | Cluster Nodes |
| CNI Plugin | 1.5.0 | Cluster Nodes |
| kubelet | 1.33.0 | Cluster Nodes |
| kubeadm | 1.33.0 | Cluster Nodes |
| kubectl | 1.33.0 | Cluster Nodes |
| Calico CNI | 3.26.0 | kube-system namespace |
| Metrics Server | 0.8.1 | kube-system namespace |
| Helm | 4.1.3 | Master Node 1 VM |
| HAProxy | 2.8.16 | Load Balancer VM |
| Azure DevOps Agent | 4.271.0 | Ubuntu Host |
| Gitleaks | 8.30.1 | Ubuntu Host |
| Trivy | 0.68.2 | Ubuntu Host |
| Vault | 2.0.0 | Ubuntu Host |
| Docker | 29.4.1 | Ubuntu Host |
| Git | 2.34.1 | Ubuntu Host |
| External Secrets Operator | 0.15.0 | external-secrets namespace |
| Loki | 2.6.1 | monitoring namespace |
| Grafana | 10.3.3 | monitoring namespace |
| Prometheus | 3.11.3-distroless | monitoring namespace |
| ArgoCD | 9.5.11 | argocd namespace |
| Sonarqube | 25.11.0 | Azure Cloud VM |
| Azure Container Registry | Basic Tier | Azure cloud |
| MendBolt | 22.12.10 | Azure DevOps Extension |
| SARIF SAST Scans Tab | 0.5.11 | Azure DevOps Extension |
Setup Documentation
- Multi-Control Plane Cluster Setup
- Ubuntu Host Machine Setup
- Helm Charts
- Azure Cloud: Sonarqube on VM and ACR
- Azure DevOps Setup
CI/CD Workflow
- It starts with developer writing the code in their local environment; when it's time to make a commit, a git prehook is run that will do linting of source code and run some local test cases.
- After a commit is created and pushed to the azure repos with developer own branch
dev/dev_name. A PR is created from it to the protecteddevbranch for review. - When code is merged into
dev, the CI/CD pipeline whose flow looks like this:
CI
Stage 1:
- Code is checked out on the pipeline agent directory at
/home/shivesh/myagent/_work/2/s/. - Create a directory that will store the reports files generated throughout the stage run.
- Perform SCA (Software Composition Analysis) Scan using Mend Bolt (Whitesource) tool. It's result are uploaded onto Azure Devops pipeline run tab automatically.
- Run test cases and generate code coverage report file. Publish test results and coverage report to azure devops.
- Prepare Sonarqube with the configuration for a service source code path and settings.
- Perform Sonarqube Code scanning.
- Publish Sonarqube Quality Gate Result, if failed it will fail the entire pipeline.
- Publish Gitleaks report to azure devops.
Stage 2:
- Code is checked out on the pipeline agent directory at
/home/shivesh/myagent/_work/2/s/. - Create a directory that will store the reports files generated throughout the stage run.
- Build the Docker image targeting the service's
DockerfileusingSERVICE_SOURCE_PATHvariable. - Perform trivy image scan to check for any vulnerabilities and generate its report.
- Push the image to the Azure Container Registry with
Build.BuildIdas image tag for uniqueness.
- Upload Trivy report to azure devops and publish trivy report to be used by SARIF SAST Scan extension to display the report on azure devops pipeline run tab.
Stage 3:
- Finally Update the newly built image tag into the gitops repo containing service's manifest file.
CD
After successfully finishing the CI, CD will look like this:
- As the image is get updated in the gitops repo with new tag. The ArgoCD reconciliation loop will see the drift between application state, and will go OutOfSync.
- If the sync policy is set to automated, argocd will apply new changes to the application or manually sync the application for newly built image.
- For successful and Healthy state of argocd application, a mail is received via
argocd-notifications:
After Full Workflow
The application can be seen by forwading frontend service by running kubectl port-forward service/frontend 8081:80 -n online-boutique --address 0.0.0.0 :
Monitoring with Grafana Dashboard
Loki for Logs:
Prometheus for metrics:
Some wrongdoings/ Future scope work
In this project, you may came across some things that look wrong, missing or the way they are configured. For that the explanation is I made this project to showcase integration and working of all the concepts and tools only. I am aware of all the wrong's I intentionally did, here are following:
- Vault server is in dev mode and runs on
0.0.0.0to make it reachable to KVM. - No Build pipeline for PRs.
- Full Fledged RBAC missing in kubeadm cluster.
- Metric server in kube-system namespace running with
insecure-tlsflag. - Unoptimized Dockerfiles. (to catch things in trivy scan for reports).
- No unit test cases, the source code were missing those so the task is commented out in CI pipelines.
- No persistance in monitoring stack's pods data using PV and PVC.
- ArgoCD Image Updater implementation.
- Gateway API and DNS implementation to expose application.