Main

.github/workflows/ci-cd.yml

@@ -0,0 +1,89 @@
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Build Docker Image
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/[email protected]
+
+      - name: Set up Docker Buildx
+        uses: docker/[email protected]
+
+      - name: Log in to Docker Hub
+        uses: docker/[email protected]
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build Docker image
+        run: |
+          docker build -t docker.io/${{ secrets.DOCKER_USERNAME }}/flask-web-app:${{ github.sha }} .
+
+      - name: Push Docker image to Docker Hub
+        uses: docker/[email protected]
+        with:
+          context: .
+          push: true
+          tags: |
+            docker.io/${{ secrets.DOCKER_USERNAME }}/flask-web-app:latest
+            docker.io/${{ secrets.DOCKER_USERNAME }}/flask-web-app:${{ github.sha }}
+
+  scan:
+    name: Scan Docker Image
+    runs-on: ubuntu-latest
+    needs: build
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner
+        id: trivy
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'docker.io/${{ secrets.DOCKER_USERNAME }}/flask-web-app:${{ github.sha }}'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Fail the workflow if vulnerabilities are found
+        if: ${{ steps.trivy.outputs.vulnerability_count > 0 }}
+        run: |
+          echo "Vulnerabilities found in image, failing the workflow."
+          exit 1
+
+  deploy:
+    name: Deploy to Kubernetes
+    runs-on: ubuntu-latest
+    needs: scan  # Only run if the scan job succeeds
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up kubectl
+        uses: azure/setup-kubectl@v3
+        with:
+          version: 'latest'
+
+      - name: Log in to Kubernetes cluster
+        run: |
+          echo "${{ secrets.KUBECONFIG }}" | base64 --decode > $HOME/.kube/config
+
+      - name: Deploy Docker image to Kubernetes
+        run: |
+          kubectl set image deployment/flask-web-app flask-web-app=docker.io/${{ secrets.DOCKER_USERNAME }}/flask-web-app:${{ github.sha }}
+          kubectl rollout status deployment/flask-web-app

Dockerfile

@@ -1,5 +1,17 @@
-FROM ubuntu:20.04
-RUN apt-get update && apt-get install -y python3 python3-pip
-RUN pip3 install flask
+# Use an official Python runtime as a parent image
+FROM python:3.8-slim
+
+# Set the working directory inside the container
+WORKDIR /opt
+
+# Copy app.py into the container
 COPY app.py /opt/
-ENTRYPOINT FLASK_APP=/opt/app.py flask run --host=0.0.0.0 --port=8080
+
+# Install Flask using pip
+RUN pip install flask
+
+# Expose port 8080 to allow external access
+EXPOSE 8080
+
+# Run the Flask application
+CMD ["flask", "run", "--host=0.0.0.0", "--port=8080"]

README.md

@@ -1,43 +1,112 @@
+
 # Simple Web Application
 
-This is a simple web application using [Python Flask](http://flask.pocoo.org/) and [MySQL](https://www.mysql.com/) database. 
-This is used in the demonstration of the development of Ansible Playbooks.
-
-  Below are the steps required to get this working on a base linux system.
-
-  - **Install all required dependencies**
-  - **Install and Configure Web Server**
-  - **Start Web Server**
-
+This is a simple web application using [Python Flask](http://flask.pocoo.org/) and [MySQL](https://www.mysql.com/) database. This project is a fork of the original [simple-webapp-flask repository](https://github.com/mmumshad/simple-webapp-flask), created by [mmumshad](https://github.com/mmumshad). This application is used in the demonstration of the development of Ansible Playbooks. 
+It implements a Flask web API that serves as a backend for web applications, providing various endpoints for CRUD operations, enabling developers to easily integrate and utilize its functionalities.
+The specific case here is to deploy and secure an api application, using a CI/CD pipeline.
+
+Below are the steps required to get this working on macOS.
+
+- **Install all required dependencies**
+- **Install and Configure Web Server**
+- **Start Web Server**
+
 ## 1. Install all required dependencies
-
-  Python and its dependencies
-  ```bash
-  apt-get install -y python3 python3-setuptools python3-dev build-essential python3-pip default-libmysqlclient-dev
-  ```
-
+
+Install Homebrew if you haven't already:
+```bash
+/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+```
+
+Install Python and its dependencies:
+```bash
+brew install [email protected]
+```
+
 ## 2. Install and Configure Web Server
 
-Install Python Flask dependency
+Install Python Flask dependency:
 ```bash
 pip3 install flask
-pip3 install flask-mysql
 ```
 
-- Copy `app.py` or download it from a source repository
-- Configure database credentials and parameters 
+- Copy `app.py` or download it from the original repository.
+- Configure database credentials and parameters.
+
+## Project Summary
+
+### API Functionality
+- **User Authentication**: Securely authenticate users with JWT tokens.
+- **Data Management**: Perform create, read, update, and delete operations on resources.
+- **Response Format**: All API responses are returned in JSON format for ease of integration.
 
-## 3. Start Web Server
+### Containerization
+The API is containerized using Docker, which allows for easy deployment and scalability. The Dockerfile includes:
+- Base image: Python
+- Dependencies installation: Using `requirements.txt`
+- Command to run the Flask application.
+
+### CI/CD Process
+The CI/CD pipeline automates the process of building and deploying the API. It consists of:
+1. **Continuous Integration**:
+   - The code is checked out from the repository.
+   - Docker Buildx is set up for multi-platform builds.
+   - The Docker image is built and pushed to Docker Hub.
+   - A security scan using Trivy is performed to check for vulnerabilities.
+
+2. **Continuous Deployment**:
+   - The Docker image is deployed to a Kubernetes cluster for production use.
+
+### CI/CD Pipeline Steps
+The CI/CD pipeline is defined in the GitHub Actions workflow file and includes the following steps:
+
+- Trigger: On push or pull request events to the main branch.
+- Checkout Code: Use the actions/checkout action to pull the latest code from the repository.
+- Set Up Docker Buildx: Configure Buildx for building multi-platform Docker images.
+- Build Docker Image: Build the Docker image and tag it with the commit SHA.
+- Push Docker Image: Push the built Docker image to Docker Hub.
+- Run Security Scan: Use Trivy to scan the Docker image for vulnerabilities.
+- Deploy to Kubernetes: Apply the Kubernetes manifests to deploy the application.
+
+### Deployment on Kubernetes
+The API is deployed on a Kubernetes cluster using the following resources:
+- **Deployment**: Manages the deployment of the application.
+- **Service**: Exposes the API to external traffic.
+
+### Security Measures Implemented
+To ensure the security of the API, the following measures are implemented:
+- **Environment Variables**: Sensitive data such as database credentials are stored as environment variables.
+- **JWT Authentication**: JSON Web Tokens are used for secure authentication.
+- **Vulnerability Scanning**: The CI/CD pipeline includes a step to scan the Docker image for vulnerabilities using Trivy.
+
+## Getting Started
+To get started with the Flask Web API, clone the repository and run the following commands:
 
-Start web server
 ```bash
-FLASK_APP=app.py flask run --host=0.0.0.0
-```
+# Clone the repository
+git clone https://github.com/<your-username>/flask-web-app.git
 
-## 4. Test
+# Navigate to the project directory
+cd flask-web-app
 
-Open a browser and go to URL
+# Build and run the Docker container
+docker-compose up --build
 ```
-http://<IP>:5000                            => Welcome
-http://<IP>:5000/how%20are%20you            => I am good, how about you?
+
+### Access the Application
+Once the application is running, open a browser and go to the following URLs:
+- [http://<IP>:8080](http://<IP>:8080) => Welcome
+- [http://<IP>:8080/how%20are%20you](http://<IP>:8080/how%20are%20you) => I am good, how about you?
+
+## Start Web Server
+To start the web server, run:
+```bash
+FLASK_APP=app.py flask run --host=0.0.0.0
 ```
+
+## Test
+This section is specifically for the Flask Web API.
+
+---
+
+**Note**: This README file includes a summary of the project, its functionality, CI/CD processes, and deployment details. 

deployment.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: flask-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: flask-app
+  template:
+    metadata:
+      labels:
+        app: flask-app
+    spec:
+      containers:
+      - name: flask-app
+        image: reginecyrille/flask-app:latest
+        ports:
+        - containerPort: 8080

service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: flask-app-service
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 80
+      targetPort: 8080
+  selector:
+    app: flask-app