added

zudonu · zudonu · commit 74148b539474 · 2025-06-05T19:52:45.000+01:00
diff --git a/Surviving 10K Users/.github/workflows/deploy.yml b/Surviving 10K Users/.github/workflows/deploy.yml
@@ -0,0 +1,65 @@
+on:
+  push:
+    branches: [main]
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4  # Each job runs in fresh VM, so checkout is needed
+      
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+      
+      - name: Run tests
+        run: ./mvnw test
+      
+      - name: Run integration tests
+        run: ./mvnw verify
+  build:
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      
+      - name: Login to ECR
+        uses: aws-actions/amazon-ecr-login@v1
+      
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: |
+            ${{ secrets.ECR_REGISTRY }}/myapp:latest
+            ${{ secrets.ECR_REGISTRY }}/myapp:${{ github.sha }}
+        # Ensure you've set secrets: ECR_REGISTRY=123456789012.dkr.ecr.us-west-2.amazonaws.com
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+      
+      - name: Deploy to ECS
+        run: |
+          # Update ECS service with new image (requires AWS CLI v2+)
+          aws ecs update-service \
+            --cluster production-cluster \
+            --service app-service \
+            --force-new-deployment
+          
+          aws ecs wait services-stable \
+            --cluster production-cluster \
+            --services app-service
diff --git a/Surviving 10K Users/IAC/main.tf b/Surviving 10K Users/IAC/main.tf
@@ -0,0 +1,96 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = var.aws_region
+}
+
+# Get available AZs
+data "aws_availability_zones" "available" {}
+
+# VPC - Your isolated network
+resource "aws_vpc" "main" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+  
+  tags = {
+    Name = "main-vpc"
+  }
+}
+
+# Internet Gateway for public access
+resource "aws_internet_gateway" "main" {
+  vpc_id = aws_vpc.main.id
+  
+  tags = {
+    Name = "main-igw"
+  }
+}
+
+# Public subnets for load balancer
+resource "aws_subnet" "public" {
+  count             = 2
+  vpc_id            = aws_vpc.main.id
+  cidr_block        = "10.0.${count.index + 1}.0/24"
+  availability_zone = data.aws_availability_zones.available.names[count.index]
+  
+  map_public_ip_on_launch = true
+  
+  tags = {
+    Name = "public-subnet-${count.index + 1}"
+  }
+}
+
+# Private subnets for application servers
+resource "aws_subnet" "private" {
+  count             = 2
+  vpc_id            = aws_vpc.main.id
+  cidr_block        = "10.0.${count.index + 10}.0/24"
+  availability_zone = data.aws_availability_zones.available.names[count.index]
+  
+  tags = {
+    Name = "private-subnet-${count.index + 1}"
+  }
+}
+
+# Security group for ALB
+resource "aws_security_group" "alb" {
+  name_prefix = "alb-sg"
+  vpc_id      = aws_vpc.main.id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+# Application Load Balancer
+resource "aws_lb" "main" {
+  name               = "main-alb"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.alb.id]
+  subnets            = aws_subnet.public[*].id
+  
+  enable_deletion_protection = false
+  
+  tags = {
+    Name = "main-alb"
+  }
+}
diff --git a/Surviving 10K Users/IAC/var.tf b/Surviving 10K Users/IAC/var.tf
@@ -0,0 +1,11 @@
+variable "aws_region" {
+  description = "AWS region"
+  type        = string
+  default     = "us-west-2"
+}
+
+variable "instance_type" {
+  description = "EC2 instance type"
+  type        = string
+  default     = "t3.medium"
+}
diff --git a/Surviving 10K Users/docker/Dockerfile b/Surviving 10K Users/docker/Dockerfile
@@ -0,0 +1,23 @@
+FROM openjdk:17-jdk-slim
+
+# Create a non-root user for security
+RUN groupadd -r appuser && useradd -r -g appuser appuser
+
+WORKDIR /app
+
+# Copy and cache dependencies first (speeds up rebuilds)
+COPY pom.xml .
+COPY mvnw .
+COPY .mvn .mvn
+RUN ./mvnw dependency:go-offline
+
+# Then copy source code
+COPY src src
+RUN ./mvnw package -DskipTests
+
+USER appuser
+
+EXPOSE 8080
+
+# Use exec form for proper signal handling
+CMD ["java", "-jar", "-Xmx512m", "-XX:+UseContainerSupport", "target/app.jar"]
diff --git a/Surviving 10K Users/docker/docker-compose.yml b/Surviving 10K Users/docker/docker-compose.yml
@@ -0,0 +1,46 @@
+version: '3.8'
+
+services:
+  app:
+    build: .
+    ports:
+      - "8080:8080"
+    environment:
+      - SPRING_PROFILES_ACTIVE=production
+      - DATABASE_URL=jdbc:postgresql://db:5432/myapp
+    depends_on:
+      - db
+      - redis
+    restart: unless-stopped
+    
+    # Note: deploy settings only apply in swarm mode
+    # For plain docker-compose, use mem_limit and cpus at service level
+    mem_limit: 1G
+    cpus: 0.5
+    
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+  
+  db:
+    image: postgres:15
+    environment:
+      POSTGRES_DB: myapp
+      POSTGRES_USER: dbuser
+      POSTGRES_PASSWORD: ${DB_PASSWORD}  # Pass securely via .env file
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    restart: unless-stopped
+  
+  redis:
+    image: redis:7-alpine
+    command: redis-server --appendonly yes
+    volumes:
+      - redis_data:/data
+    restart: unless-stopped
+
+volumes:
+  postgres_data:
+  redis_data:
diff --git a/Surviving 10K Users/k8s/deployment.yml b/Surviving 10K Users/k8s/deployment.yml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: myapp
+  namespace: production
+spec:
+  replicas: 3
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0  # Zero downtime deployments
+  selector:
+    matchLabels:
+      app: myapp
+  template:
+    metadata:
+      labels:
+        app: myapp
+    spec:
+      containers:
+      - name: myapp
+        image: myregistry/myapp:latest
+        ports:
+        - containerPort: 8080
+        env:
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: db-secret
+              key: url
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+          limits:
+            memory: "512Mi"  # Prevents OOMKilled errors
+            cpu: "500m"
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 30  # Adjust based on your app's cold start time
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /health/ready
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 5
diff --git a/Surviving 10K Users/k8s/hpa.yml b/Surviving 10K Users/k8s/hpa.yml
@@ -0,0 +1,25 @@
+apiVersion: autoscaling/v2  # Ensure your cluster supports v2 HPA (1.23+)
+kind: HorizontalPodAutoscaler
+metadata:
+  name: myapp-hpa
+  namespace: production
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: myapp
+  minReplicas: 3
+  maxReplicas: 50
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 70
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: Utilization
+        averageUtilization: 80
diff --git a/Surviving 10K Users/monitoring/alert-rules.yml b/Surviving 10K Users/monitoring/alert-rules.yml
@@ -0,0 +1,28 @@
+groups:
+  - name: critical_alerts
+    rules:
+      - alert: HighErrorRate
+        expr: rate(http_requests_total{job="app",status=~"5.."}[5m]) > 0.1
+        for: 2m
+        labels:
+          severity: critical
+        annotations:
+          summary: "High error rate detected"
+          description: "Error rate is {{ $value }} errors per second"
+      
+      - alert: ResponseTimeHigh
+        expr: histogram_quantile(0.95, rate(http_request_duration_seconds_bucket{job="app"}[5m])) > 0.5
+        for: 5m
+        labels:
+          severity: warning
+        annotations:
+          summary: "High latency detected"
+          description: "95th percentile latency is {{ $value }}s"
+      
+      - alert: DatabaseConnectionsHigh
+        expr: db_connection_pool_active{job="app"} / db_connection_pool_max{job="app"} > 0.8
+        for: 3m
+        labels:
+          severity: warning
+        annotations:
+          summary: "Database connection pool nearly exhausted"
diff --git a/Surviving 10K Users/monitoring/docker-compose.yml b/Surviving 10K Users/monitoring/docker-compose.yml
diff --git a/Surviving 10K Users/monitoring/prometheus.yaml b/Surviving 10K Users/monitoring/prometheus.yaml
diff --git a/nginx-lb.conf b/nginx-lb.conf
