Initial commit

cloudowski · cloudowski · commit 77dabac41276 · 2023-12-20T09:12:51.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.hugo_build.lock
diff --git a/README.md b/README.md
@@ -0,0 +1,3 @@
+# DevOps self-study projects
+
+This is a source for the [selfstudy.cloudowski.com](https://selfstudy.cloudowski.com/) website with the projects for learning DevOps technologies and tools.`
diff --git a/archetypes/default.md b/archetypes/default.md
@@ -0,0 +1,5 @@
++++
+title = '{{ replace .File.ContentBaseName "-" " " | title }}'
+date = {{ .Date }}
+draft = true
++++
diff --git a/content/1/_index.md b/content/1/_index.md
@@ -0,0 +1,25 @@
++++
+title = "Task 1"
+weight = 10
+# tags = ["container", "replicas", "registry"]
++++
+
+## Start - simple web application
+
+### Level 1
+
+1. Create a simple web application in the language of your choice (e.g. Go, Python) that just displays a hostname and the app version
+1. Create a container image definition in a Dockerfile
+Use advanced techniques if applicable (e.g. multistage, build from “scratch”)
+    1. Make it as small as possible
+    1. Ensure the image is available for both amd64 and arm64 architectures
+    1. Publish the image in a private registry
+1. Run the application on the cluster in multiple instances
+    1. Don’t forget about best practices (probes, resources requests/limits)
+
+### Level 2
+
+1. Automate the build process
+    1. Ensure that after each push to the git repository with the application’s source a build process starts and publish the image
+    1. Make sure the image doesn’t have critical vulnerabilities after each build
+
diff --git a/content/1/tips.md b/content/1/tips.md
@@ -0,0 +1,4 @@
++++
+title = 'Tips'
+draft = true
++++
diff --git a/content/2/_index.md b/content/2/_index.md
@@ -0,0 +1,25 @@
++++
+title = "Task 2"
+weight = 20
+# tags = ["observability", "tls", "database"]
++++
+
+## Simple app with a database
+
+### Level 1
+
+1. Deploy a database instance of your choice
+1. Add connectivity to the database from the application
+    1. Expose database version under additional http endpoint (e.g. /db)
+
+### Level 2
+
+1. Enable telemetry for the application
+    1. Expose uptime
+    1. Expose number of requests processed (excluding the ones from probes)
+    1. Expose the application outside the cluster via https
+1. Implement database operational practices
+    1. Ensure it is backed up automatically
+    1. Ensure backups are stored on a separate volume or some object storage (e.g. S3 bucket or similar)
+    1. Ensure there are at least two instances of the database (e.g. in the active/active or active/passive mode)
+    1. Ensure the database exposes metrics compatible with the Prometheus format
diff --git a/content/2/tips.md b/content/2/tips.md
@@ -0,0 +1,4 @@
++++
+title = 'Tips'
+draft = true
++++
diff --git a/content/3/_index.md b/content/3/_index.md
@@ -0,0 +1,30 @@
++++
+title = "Task 3"
+weight = 30
+# tags = ["observability", "tls", "database"]
++++
+
+## Make the app (more) secure
+
+### Level 1
+
+1. Deploy HashiCorp Vault
+    1. Deploy outside or inside the cluster
+    1. Store the database password in Vault and make it accessible directly to the app (i.e bypassing the creation of a Secret object)
+1. Gather the metrics from the app - set up proper metrics & monitoring system
+
+### Level 2
+
+1. Use the dynamic database secrets feature instead of static (KV) engine
+1. Create a dashboard with the metrics from the app
+    1. Include the number of ready/running replicas
+    1. Include the number of requests
+1. Ensure that the cluster is monitored and the necessary notifications are configured.
+1. Set up monitoring for the app
+    1. Send an email notification when there are fewer than 3 ready instances
+    1. Send an email notification when there is a Pod in Pending or CrashLoopbackOff state for more than 3 minutes
+
+### Level 3
+
+1. Ensure logs from the cluster and apps are stored and can be viewed
+1. Ensure that cluster events are archived and can be viewed
diff --git a/content/3/tips.md b/content/3/tips.md
@@ -0,0 +1,4 @@
++++
+title = 'Tips'
+draft = true
++++
diff --git a/content/4/_index.md b/content/4/_index.md
@@ -0,0 +1,27 @@
++++
+title = "Task 4"
+weight = 40
+# tags = ["observability", "tls", "database"]
++++
+
+## Bring even more security
+
+### Level 1
+
+1. Ensure that the app doesn’t run as a root user
+2. The service should try to automatically fix vulnerabilities in the dependencies by creating a Pull/Merge Request
+
+### Level 2
+
+1. Add a scanning service for the source code of the app
+1. Ensure that each Pod **MUST** in selected namespaces run a container on non-root user
+1. Ensure that the traffic from and to the app is restricted
+    1. Forbid traffic from other namespaces
+    1. Explicitly allow traffic between the app instances and the database
+
+### Level 3
+
+1. Ensure that a trusted TLS certificate is used to provide the https access 
+1. Minimize the syscalls used by the app with a custom syscomp profile
+1. Monitor each time when someone execs into the app container and send a mail notification
+1. Ensure that the whole network traffic is encrypted within the cluster
diff --git a/content/4/tips.md b/content/4/tips.md
@@ -0,0 +1,4 @@
++++
+title = 'Tips'
+draft = true
++++
diff --git a/content/5/_index.md b/content/5/_index.md
@@ -0,0 +1,35 @@
++++
+title = "Task 5"
+weight = 50
+# tags = ["observability", "tls", "database"]
++++
+
+## Run the app in the cloud
+
+### Level 1
+
+1. Provision a database as a service on the chosen cloud provider
+   1. Set up replication
+   1. Set up backups
+1. Build a virtual machine image with the app
+   1. The application can run inside a container or as standalone Linux service (systemd)
+   1. The application should start when the VM starts
+1. Run the app in multiple instances
+   1. Use the created VM image to run the app
+   1. Ensure that the number of VM instances can be changed in any time
+   1. Ensure that access to the application is handled by a load balancer service configured in the cloud
+
+### Level 2
+
+1. Prepare code to create an environment in the cloud
+   1. Ensure the code can be used to update the application after new version of the VM image is created
+   2. All components except the database should be managed with code
+
+### Level 3
+
+1. Add an additional, cloud-specific feature to the application
+   1. Create a bucket on the object storage service and upload there a simple webpage (`index.html` with a basic *“Hello Cloud!”* message)
+   1. At the start of the VM download the index.html file and save in a directory that makes the page accessible from the outside
+   1. Ensure that the content of the downloaded website can be displayed in the `/cloudpage` path.
+1. Create and automated pipeline that builds a new VM image when a new commit is pushed to the application’s git repository
+   1. Add a deployment step that also triggers a deployment to the cloud using the previously created code
diff --git a/content/5/tips.md b/content/5/tips.md
@@ -0,0 +1,4 @@
++++
+title = 'Tips'
+draft = true
++++
diff --git a/content/_index.md b/content/_index.md
@@ -0,0 +1,28 @@
++++
+title = "Start learning"
+archetype = "home"
+# weight = 10
++++
+
+## What is it?
+
+This site contains projects that inspire those who want to learn DevOps approaches and Platform Engineering practices.
+Use them for self-study and learn more advanced topics to gain expert, more in-depth skills.  
+Discover gaps in your current knowledge and create solutions that are closer to real-world use cases.
+
+The projects you’ll find here focus on container, Kubernetes, Cloud and Cloud Native (CNCF) projects.
+
+## How to use it?
+
+Each project depends on the previous one, so it is recommended to start with the first and then proceed to the next.  
+Some projects have different levels (e.g. 1, 2 or even 3) and steps are grouped according to their difficulty. You don’t have to do them all, but if you do, you’ll learn more!
+
+## Which tools to choose?
+
+The instructions give you freedom of choice - choose the tools you are familiar with already, you have access to (e.g. cloud provider) or you want to learn first.
+
+If you’re confused or overwhelmed, see the Tips section for each project (if available) to see tools recommendations and other suggestions that can help if you get stuck.
+
+## How can I improve it?
+
+Use a link in the upper right corner ({{% icon icon="pen" %}}) to propose changes via a Pull Request to the GitHub repository.
diff --git a/go.mod b/go.mod
@@ -0,0 +1,5 @@
+module github.com/cloudowski/devops-challenges
+
+go 1.20
+
+require github.com/McShelby/hugo-theme-relearn v0.0.0-20231205153252-e08d5a54a55b // indirect
diff --git a/go.sum b/go.sum
@@ -0,0 +1,2 @@
+github.com/McShelby/hugo-theme-relearn v0.0.0-20231205153252-e08d5a54a55b h1:GFQZ0XzakjKAK/xTf4HYaSKZnCsC2DiCEl0dUGySsuA=
+github.com/McShelby/hugo-theme-relearn v0.0.0-20231205153252-e08d5a54a55b/go.mod h1:mKQQdxZNIlLvAj8X3tMq+RzntIJSr9z7XdzuMomt0IM=
diff --git a/hugo.toml b/hugo.toml
diff --git a/layouts/partials/logo.html b/layouts/partials/logo.html
diff --git a/static/images/hero.png b/static/images/hero.png
diff --git a/static/images/self-study.png b/static/images/self-study.png

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# DevOps self-study projects`
	`2`	`+`
	`3`	+This is a source for the [selfstudy.cloudowski.com](https://selfstudy.cloudowski.com/) website with the projects for learning DevOps technologies and tools.`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 ++++
 +title = 'Tips'
 +draft = true
 ++++