This repository demonstrates a highly scalable, production-grade DevOps pipeline for a polyglot microservices-based enterprise application deployed on Kubernetes. It includes CI/CD automation, infrastructure-as-code, monitoring, logging, secrets management, and resilient deployment strategies.
- Kubernetes: Manifests & Helm charts for microservices, autoscaling, and service mesh (Istio or Linkerd).
- CI/CD: Automated pipelines using GitHub Actions.
- Infrastructure-as-Code: Provision EKS/GKE/AKS clusters and supporting resources with Terraform.
- Containerization: Dockerfiles for each service.
- Monitoring: Prometheus + Grafana dashboards.
- Centralized Logging: ELK Stack (Elasticsearch, Logstash, Kibana) setup.
- Secrets Management: HashiCorp Vault integration.
- Resilient Deployments: Blue/Green or Canary deployment via Argo Rollouts.
- Horizontal Scaling: Kubernetes HPA enabled by custom metrics.
graph TD;
SCM(GitHub)-->CI/CD;
CI/CD-->DockerHub;
CI/CD-->Kubernetes;
Kubernetes-->Microservices;
Kubernetes-->Prometheus;
Kubernetes-->ELK;
Kubernetes-->Vault;
Microservices-->Prometheus;
Microservices-->ELK;
Vault-->Microservices;
.
├── .github/workflows/ # GitHub Actions pipelines
├── terraform/ # Infrastructure-as-Code modules
├── charts/ # Helm charts for microservices
├── k8s/ # Raw Kubernetes manifests
├── services/ # Microservices source code (polyglot)
│ ├── service-a/
│ ├── service-b/
│ └── ...
├── monitoring/ # Prometheus & Grafana configs
├── logging/ # ELK deployment configs
├── secrets/ # Vault policies & examples
└── README.md
- On push/PR:
- Lint, test, build Docker images
- Push images to registry
- Deploy to staging using Helm
- Run integration tests
- Manual/auto promotion to production (blue/green)
See .github/workflows/ for pipeline YAMLs.
cd terraform/
terraform init
terraform applyCreates cloud K8s cluster, VPC, monitoring/logging resources.
-
Build and Push Images:
cd services/service-a docker build -t <dockerhub-username>/service-a:latest . docker push <dockerhub-username>/service-a:latest
-
Deploy via Helm:
helm upgrade --install service-a charts/service-a -n production
-
Monitor:
- Access Grafana:
kubectl port-forward svc/grafana 3000:3000 - Access Kibana:
kubectl port-forward svc/kibana 5601:5601
- Access Grafana:
- Store secrets in Vault.
- Inject secrets using Kubernetes Vault Injector or CSI driver.
- Edit
values.yamlfor replica count or HPA settings. - Use Argo Rollouts or Kubernetes native blue/green configuration.
- Prometheus scrapes and alerts on service metrics.
- Grafana dashboards for visualization.
- ELK stack aggregates logs from all pods.
- RBAC enabled
- NetworkPolicies in place
- Secrets never stored in source code
- Fork the repo
- Create your feature branch (
git checkout -b feature/foo) - Commit your changes
- Push to the branch
- Open a Pull Request
MIT
. ├── .github/ │ └── workflows/ │ └── ci-cd.yaml ├── charts/ │ └── service-a/ │ ├── Chart.yaml │ ├── values.yaml │ └── templates/ │ ├── deployment.yaml │ └── service.yaml ├── k8s/ │ ├── service-a.yaml │ └── service-a-rollout.yaml ├── logging/ │ └── elk.yaml ├── monitoring/ │ ├── prometheus.yaml │ └── grafana.yaml ├── secrets/ │ └── policy.hcl ├── services/ │ └── service-a/ │ ├── index.js │ ├── package.json │ └── Dockerfile ├── terraform/ │ ├── main.tf │ ├── variables.tf │ └── outputs.tf ├── .gitignore └── README.md