DevOps course refactor

devops/flask_app/README.md

@@ -0,0 +1,8 @@
+To run this application, use Docker source image with python3.9+
+INstall requirements with ```pip install -r requirements.txt```
+
+Run application with:
+```
+FLASK_APP=main.py
+flask run --host=0.0.0.0 --port=8080
+```

devops/flask_app/main.py

@@ -0,0 +1,8 @@
+from flask import Flask
+
+app = Flask(__name__)
+
+
+@app.route('/')
+def hello():
+    return 'Hello, World!'

devops/flask_app/requirements.txt

@@ -0,0 +1 @@
+Flask

devops/modules/1_basic-configuration/task_1.md

@@ -7,9 +7,12 @@ In this task, you will:
 - Install and configure the required software on your local computer
 - Set up an AWS account with the necessary permissions and security configurations
 - Deploy S3 buckets for Terraform states
+- Create a Github Actions workflow to deploy infrastructure in AWS
+
+Extra steps: 
 - Create a federation with your AWS account for Github Actions
 - Create an IAM role for Github Actions
-- Create a Github Actions workflow to deploy infrastructure in AWS
+
 
 ## Steps
 
@@ -43,10 +46,11 @@ In this task, you will:
 
 5. **Create a bucket for Terraform states**
 
+   - Consider skipping the part with setting locks with DaynamoDB from the instructions down below. vvvv
    - [Managing Terraform states Best Practices](https://spacelift.io/blog/terraform-s3-backend)
    - [Terraform backend S3](https://developer.hashicorp.com/terraform/language/backend/s3)
 
-6. **Create an IAM role for Github Actions**
+6. **Create an IAM role for Github Actions(extra step)💫**
 
    - Create an IAM role `GithubActionsRole` with the same permissions as in step 2:
      - AmazonEC2FullAccess
@@ -58,7 +62,7 @@ In this task, you will:
      - AmazonEventBridgeFullAccess
    - [Terraform resource](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role)
 
-7. **Configure an Identity Provider and Trust policies for Github Actions**
+7. **Configure an Identity Provider and Trust policies for Github Actions💫**
 
    - Update the `GithubActionsRole` IAM role with Trust policy following the next guides
    - [IAM roles terms and concepts](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#id_roles_terms-and-concepts)
@@ -77,20 +81,21 @@ In this task, you will:
    - [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials)
 
 ## Submission
-
-Ensure that the AWS CLI and Terraform installations are verified using `aws --version` and `terraform version`.
+ - create branch task_1 in your repository.
+ - Provide PR from task_1 branch to main.
+ - Ensure that the AWS CLI and Terraform installations are verified using `aws --version` and `terraform version`.
 
 ## Evaluation Criteria (100 points for covering all criteria)
 
 1. **MFA User configured (10 points)**
 
    - Provide a screenshot of the non-root account secured by MFA (ensure sensitive information is not shared).
 
-2. **Bucket and GithubActionsRole IAM role configured (30 points)**
+2. **Bucket and GithubActionsRole IAM role configured (20 points)**
 
    - Terraform code is created and includes:
-     - A bucket for Terraform states
-     - IAM role with correct Identity-based and Trust policies
+     - Provider initialization
+     - Creation of S3 Bucket
 
 3. **Github Actions workflow is created (30 points)**
 
@@ -103,11 +108,12 @@ Ensure that the AWS CLI and Terraform installations are verified using `aws --ve
 
 5. **Verification (10 points)**
 
-   - Terraform plan is executed successfully for `GithubActionsRole`
-   - Terraform plan is executed successfully for a terraform state bucket
+   - Terraform plan is executed successfully
 
 6. **Additional Tasks (10 points)**
    - **Documentation (5 points)**
      - Document the infrastructure setup and usage in a README file.
    - **Submission (5 points)**
    - A GitHub Actions (GHA) pipeline is passing
+   - **Secure authorization (10 points)**
+   - IAM role with correct Identity-based and Trust policies used to connect GitHubActions to AWS.

devops/modules/1_basic-configuration/task_2.md

@@ -29,7 +29,8 @@ In this task, you will write Terraform code to configure the basic networking in
 
 4. **Submit Code**
 
-   - Create a PR with the Terraform code in a new repository.
+   - Create Task_2 branch in your repository.
+   - Create a PR with the Terraform code in your repository from task_2 repo to main.
    - (Optional) Set up a GitHub Actions (GHA) pipeline for the Terraform code.
 
 5. **Additional Tasks**

devops/modules/2_cluster-configuration/task_3.md

@@ -2,18 +2,14 @@
 
 ## Objective
 
-In this task, you will configure and deploy a Kubernetes (K8s) cluster on AWS using either kOps or k3s. You will also verify the cluster by running a simple workload.
+In this task, you will configure and deploy a Kubernetes (K8s) cluster on AWS using or k3s. You will also verify the cluster by running a simple workload.
 
 ## Steps
 
 1. **Choose Deployment Method**
 
-   - Get familiar with both [kOps](https://kops.sigs.k8s.io/) and [k3s](https://k3s.io/).
-   - Decide which deployment method is more suitable for you based on the following considerations:
-     - kOps handles the creation of most resources for you, while k3s requires you to manage the underlying infrastructure.
-     - kOps may lead to additional expenses due to the creation of more AWS resources.
-     - kOps requires a domain name or sub-domain.
-     - Use AWS EC2 instances from the Free Tier to avoid additional expenses.
+   - Get familiar with [k3s](https://k3s.io/).
+   - Use AWS EC2 instances from the Free Tier to avoid additional expenses.
 
 2. **Create or Extend Terraform Code**
 
@@ -22,12 +18,13 @@ In this task, you will configure and deploy a Kubernetes (K8s) cluster on AWS us
 
 3. **Deploy the Cluster**
 
-   - Deploy the K8s cluster using the chosen method (kOps or k3s).
-   - Ensure the cluster is accessible from your local computer.
+   - Deploy the K8s cluster using k3s.
+   - Ensure the cluster is accessible from your bastion host 
+   - Exra step to make it accessable from your local computer.
 
 4. **Verify the Cluster**
 
-   - Run the `kubectl get nodes` command from your local computer to get information about the cluster.
+   - Run the `kubectl get nodes` command from your bastion host to get information about the cluster.
    - Provide a screenshot of the `kubectl get nodes` command output.
 
 5. **Deploy a Simple Workload**
@@ -39,15 +36,14 @@ In this task, you will configure and deploy a Kubernetes (K8s) cluster on AWS us
    - Ensure the workload runs successfully on the cluster.
 
 6. **Additional Tasks**
-   - Implement monitoring for the cluster using Prometheus and Grafana.
    - Document the cluster setup and deployment process in a README file.
 
 ## Submission
 
+- Create task_3 branch in your repository
 - Provide a PR with the Terraform code for the K8s cluster and bastion host.
 - Provide a screenshot of the `kubectl get nodes` command output.
-- Ensure that the simple workload is deployed and running successfully on the cluster.
-- Provide a PR with the monitoring setup.
+- Provide a screenshot of the `kubectl get all` command output.
 - Provide a README file documenting the cluster setup and deployment process.
 
 ## Evaluation Criteria (100 points for covering all criteria)
@@ -57,20 +53,15 @@ In this task, you will configure and deploy a Kubernetes (K8s) cluster on AWS us
    - Terraform code is created or extended to manage AWS resources required for the cluster creation.
    - The code includes the creation of a bastion host.
 
-2. **Cluster Deployment (60 points)**
-
-   - A K8s cluster is deployed using either kOps or k3s.
-   - The deployment method is chosen based on the user's preference and understanding of the trade-offs.
-
-3. **Cluster Verification (10 points)**
+2. **Cluster Verification (50 points)**
 
    - The cluster is verified by running the `kubectl get nodes` command from the local computer.
    - A screenshot of the `kubectl get nodes` command output is provided.
 
-4. **Workload Deployment (10 points)**
+4. **Workload Deployment (30 points)**
 
    - A simple workload is deployed on the cluster using `kubectl apply -f https://k8s.io/examples/pods/simple-pod.yaml`.
-   - The workload runs successfully on the cluster.
+   - A screenshot of the `kubectl get all` command output is provided. (pod named "nginx" should be presented)
 
 5. **Additional Tasks (10 points)**
    - Document the cluster setup and deployment process in a README file.

devops/modules/3_ci-configuration/task_4.md

@@ -2,10 +2,12 @@
 
 ## Objective
 
-In this task, you will install Jenkins CI server on your Kubernetes (K8s) cluster using Helm and configure it to be accessible via internet.
-IMPORTANT! You better choose to use t3/t2.small VMs, since micro have not sufficient amount of RAM for running Jenkins. Be aware that small instances are not included in the free tier, so you'll be charged 0.05$/hour for them.
+In term to avoid unnecessary spendings, we'll not use cluster we've just created in the AWS. However, we'll leverage [Minikube](https://minikube.sigs.k8s.io/docs/start/?arch=%2Fmacos%2Fx86-64%2Fstable%2Fbinary+download). It's a k8s cluster, which you may install to your local machines. It should be enough for learning purposes. Follow the doumentation from taht link to install minikube on your local PC. And then, proceed right to [steps](#steps).
+
+If you're brave enough to keep using cluster deployed in the clouds - pay attention on the resource's consumption my your VM. And keep in mynd notification down bellow.
+
+IMPORTANT!( for cloud deployment only. Skip this one if you are chose to use minikube) You better choose to use t3/t2.small VMs, since micro have not sufficient amount of RAM for running Jenkins. Be aware that small instances are not included in the free tier, so you'll be charged 0.05$/hour for them.
 Best choise for saving - create 1 small instalnce in public network. Setup init script to install k3s and deploy all of the necessary HELM charts to startup jenkins. Destroy environment whenever you are not working with it.
-Have a look at this [JCasC article](https://medium.com/globant/jenkins-jcasc-for-beginners-819dff6f8bc) to store jenkins configuration and jobs as s code.
 
 ## Steps
 
@@ -16,7 +18,7 @@ Have a look at this [JCasC article](https://medium.com/globant/jenkins-jcasc-for
 
 2. **Prepare the Cluster**
 
-   - Ensure your cluster has a solution for managing persistent volumes (PV) and persistent volume claims (PVC). Refer to the [K8s documentation](https://kubernetes.io/docs/concepts/storage/volumes/) and [k3s documentation](https://docs.k3s.io/storage) for more details.
+   - Ensure your cluster has a solution for managing persistent volumes (PV) and persistent volume claims (PVC). Refer to the [K8s documentation](https://kubernetes.io/docs/concepts/storage/volumes/) and [k3s documentation](https://docs.k3s.io/storage) or [Minikube PVC](https://minikube.sigs.k8s.io/docs/handbook/persistent_volumes/)for more details.
 
 3. **Install Jenkins**
 
@@ -28,15 +30,18 @@ Have a look at this [JCasC article](https://medium.com/globant/jenkins-jcasc-for
    - Create a simple freestyle project in Jenkins that writes "Hello world" into the log.
 
 5. **Additional Tasks**
-   - Set up a GitHub Actions (GHA) pipeline to deploy Jenkins.
+   - Set up a GitHub Actions (GHA) pipeline to deploy Jenkins. (not applicable on minikube installation. Not "not" at all, actually. if you'll succeed with this one, ping someone from Administration, please)
    - Configure authentication and security settings for Jenkins.
+   - Use JCasC to store your Hello World job. 
 
 ## Submission
 
-- Provide a PR with the Helm chart for Jenkins deployment in a new repository.
-- Ensure that Jenkins is accessible via intenet. [Setup reverse proxy](https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-reverse-proxy-on-ubuntu-22-04) if you are working in the environment behind the bastion host.
+- Create a task_4 branch in your repository
+- Provide a PR with the Helm chart for Jenkins deployment.
+- Ensure that Jenkins is accessible via web browser. [Setup reverse proxy](https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-reverse-proxy-on-ubuntu-22-04) if you are working in the environment behind the bastion host.
 - Provide a screenshot of the Jenkins freestyle project log showing "Hello world".
 - Provide a PR with the GHA pipeline code for Jenkins deployment.
+- Attach screenshot with ```kubectl get all --all-namespaces``` to the PR
 - Document the authentication and security configurations in a README file.
 
 ## Evaluation Criteria (100 points for covering all criteria)
@@ -49,21 +54,23 @@ Have a look at this [JCasC article](https://medium.com/globant/jenkins-jcasc-for
 
    - The cluster has a solution for managing persistent volumes (PV) and persistent volume claims (PVC).
 
-3. **Jenkins Installation (50 points)**
+3. **Jenkins Installation (40 points)**
 
    - Jenkins is installed using Helm in a separate namespace.
-   - Jenkins is available from the internet.
+   - Jenkins is available from the web browser.
 
 4. **Jenkins Configuration (10 points)**
 
    - Jenkins configuration is stored on a persistent volume and is not lost when Jenkins' pod is terminated.
 
-5. **Verification (10 points)**
+5. **Verification (15 points)**
 
    - A simple Jenkins freestyle project is created and runs successfully, writing "Hello world" into the log.
 
-6. **Additional Tasks (10 points)**
+6. **Additional Tasks (15 points)**
    - **GitHub Actions (GHA) Pipeline (5 points)**
      - A GHA pipeline is set up to deploy Jenkins.
    - **Authentication and Security (5 points)**
      - Authentication and security settings are configured for Jenkins.
+   - **JCasC is used to describe job in Jenkins (5 points)**
+      - "Hello World" job is exists in helm values.

devops/modules/3_ci-configuration/task_5.md

@@ -2,59 +2,48 @@
 
 ## Objective
 
-In this task, you will create a Helm chart for a simple application and deploy it on your Kubernetes (K8s) cluster.
+In this task, you will create a Docker image and Helm chart for a simple application and deploy it on your Kubernetes (K8s) cluster.
 
 ## Steps
 
 1. **Create Helm Chart**
 
-   - Create a Helm chart for your application.
+   - Create a Helm chart for your [Application](https://github.com/rolling-scopes-school/tasks/tree/master/devops/flask_app/README.md).
 
 2. **Deploy the Application**
 
-   - Deploy the WordPress application using the Helm chart.
-   - Ensure the application is accessible from the internet.
+   - Deploy application using the Helm chart.
+   - Ensure the application is accessible from the web browser.
 
 3. **Store Artifacts in Git**
 
-   - Store the WordPress application and Helm chart in a new git repository.
+   - Store the application and Helm chart in your git repository.
 
-4. **Verify the Application**
-
-   - Verify that the application is running and accessible.
-
-5. **Additional Tasks**
-   - Implement a CI/CD pipeline to automate the deployment of the WordPress.
+4. **Additional Tasks**
    - Document the application setup and deployment process in a README file.
 
 ## Submission
 
-- Provide a PR with the application and Helm chart in a new repository.
-- Ensure that the application is accessible from the internet.
-- Provide a PR with the CI/CD pipeline code for the application deployment.
+- Create a task_5 branch in your repository
+- Provide a PR with the application and Helm chart in your repository.
+- Ensure that the application is accessible from the web browser. Provide a screenshot from your browser.
 - Provide a README file documenting the application setup and deployment process.
 
 ## Evaluation Criteria (100 points for covering all criteria)
 
 1. **Helm Chart Creation (40 points)**
 
-   - A Helm chart for the WordPress application is created.
+   - A Helm chart for the application is created.
 
-2. **Application Deployment (30 points)**
+2. **Application Deployment (50 points)**
 
    - The application is deployed using the Helm chart.
-   - The application is accessible from the internet.
-
-3. **Repository Submission (5 points)**
-
-   - A new repository is created with the WordPress and Helm chart.
+   - The application is accessible from the web browser.
 
-4. **Verification (5 points)**
-
-   - The application is verified to be running and accessible.
-
-5. **Additional Tasks (20 points)**
-   - **CI/CD Pipeline (10 points)**
-     - A CI/CD pipeline is set up to automate the deployment of the application.
+4. **Additional Tasks (10 points)**
    - **Documentation (10 points)**
      - The application setup and deployment process are documented in a README file.
+
+## References
+
+- [Create your HELM chart](https://helm.sh/docs/helm/helm_create/)

devops/modules/3_ci-configuration/task_6.md

@@ -6,33 +6,19 @@ In this task, you will configure a Jenkins pipeline to deploy your application o
 
 ## Steps
 
-1. **Create Docker Image and Store in ECR**
 
-   - Create a Docker image for your application.
-   - Store the Docker image in an AWS ECR repository.
-   - Ensure your K8s nodes can access the ECR repository by adjusting or creating a new instance profile for your EC2 instances.
+1. **Configure Jenkins Pipeline**
 
-2. **Create Helm Chart**
-
-   - Create a Helm chart for your application.
-   - Test the Helm chart manually from your local machine.
-
-3. **Store Artifacts in Git**
-
-   - Store the Dockerfile and Helm chart in a git repository accessible to Jenkins.
-
-4. **Configure Jenkins Pipeline**
-
-   - Create a Jenkins pipeline and store it as a Jenkinsfile in your main git repository.
+   - Create a Jenkins pipeline and store it as a Jenkinsfile in your git repository.
    - Configure the pipeline to be triggered on each push event to the repository.
 
-5. **Pipeline Steps**
+2. **Pipeline Steps**
 
    - The pipeline should include the following steps:
      1. Application build
      2. Unit test execution
      3. Security check with SonarQube
-     4. Docker image building and pushing to ECR (manual trigger)
+     4. Docker image building and pushing to any Registry
      5. Deployment to K8s cluster with Helm (dependent on the previous step)
      6. (Optional) Application verification (e.g., curl main page, send requests to API, smoke test)
 
@@ -42,6 +28,7 @@ In this task, you will configure a Jenkins pipeline to deploy your application o
 
 ## Submission
 
+- Create task_6 branch in your repository
 - Provide a PR with the application, Helm chart, and Jenkinsfile in a repository.
 - Ensure that the pipeline runs successfully and deploys the application to the K8s cluster.
 - Provide a README file documenting the pipeline setup and deployment process.