|
| 1 | +# DevOps Technical Assignment |
| 2 | + |
| 3 | +This project demonstrates practical DevOps implementation including structured Git workflow, CI/CD automation, Docker-based deployment, environment separation, monitoring strategy and production debugging approach. |
| 4 | + |
| 5 | +--- |
| 6 | + |
| 7 | +## 🔧 Tech Stack |
| 8 | + |
| 9 | +- FastAPI (Python) |
| 10 | +- Docker (Containerization) |
| 11 | +- GitHub Actions (CI/CD) |
| 12 | +- Azure Virtual Machine (Cloud Deployment) |
| 13 | +- Nginx (Reverse Proxy) |
| 14 | +- Git Branching Strategy (Feature → Develop → Main) |
| 15 | + |
| 16 | +--- |
| 17 | + |
| 18 | +## 🌿 Branching Strategy |
| 19 | + |
| 20 | +This repository follows a structured Git branching model: |
| 21 | + |
| 22 | +- `main` → Production environment |
| 23 | +- `develop` → Staging / integration environment |
| 24 | +- `feature/*` → Feature development branches |
| 25 | + |
| 26 | +### Workflow |
| 27 | + |
| 28 | +1. Feature branch is created from `develop` |
| 29 | +2. Pull Request is raised to `develop` |
| 30 | +3. CI pipeline validates build & container health |
| 31 | +4. Feature is merged into `develop` (staging deploy triggered) |
| 32 | +5. Release PR is created from `develop` to `main` |
| 33 | +6. Merge to `main` triggers production deployment |
| 34 | + |
| 35 | +Branch protection practices: |
| 36 | + |
| 37 | +- No direct push to `main` |
| 38 | +- CI must pass before merge |
| 39 | +- PR review required |
| 40 | + |
| 41 | +--- |
| 42 | + |
| 43 | +## ⚙️ CI/CD Pipeline |
| 44 | + |
| 45 | +CI/CD is implemented using GitHub Actions. |
| 46 | + |
| 47 | +### CI Stage |
| 48 | + |
| 49 | +- Dependency installation |
| 50 | +- Syntax validation |
| 51 | +- Docker image build verification |
| 52 | +- Container health endpoint validation |
| 53 | + |
| 54 | +### CD Stage |
| 55 | + |
| 56 | +- `develop` branch → Deploys staging container |
| 57 | +- `main` branch → Deploys production container |
| 58 | +- Deployment happens via secure SSH automation into Azure VM |
| 59 | +- Containers are rebuilt and restarted on each deployment |
| 60 | + |
| 61 | +--- |
| 62 | + |
| 63 | +## 🚀 Deployment Architecture |
| 64 | + |
| 65 | +Application is deployed on a single Azure VM using Docker containers. |
| 66 | + |
| 67 | +### Runtime Architecture |
| 68 | + |
| 69 | +- Production container runs on port **8000** |
| 70 | +- Staging container runs on port **8001** |
| 71 | +- Nginx reverse proxy routes external traffic |
| 72 | +- CI pipeline performs automated remote deployment |
| 73 | + |
| 74 | +### Live URLs |
| 75 | + |
| 76 | +- Staging → `http://20.244.44.228/staging/health` |
| 77 | +- Production → `http://20.244.44.228/prod/health` |
| 78 | + |
| 79 | +--- |
| 80 | + |
| 81 | +## 🔐 Environment & Secrets Management |
| 82 | + |
| 83 | +- SSH credentials stored in GitHub Secrets |
| 84 | +- Environment variables passed during container runtime |
| 85 | +- Azure Key Vault recommended for production scale deployments |
| 86 | + |
| 87 | +--- |
| 88 | + |
| 89 | +## 🔁 Rollback Strategy |
| 90 | + |
| 91 | +- Revert to previous Git commit |
| 92 | +- Redeploy previous Docker image tag |
| 93 | +- Restart container with last stable version |
| 94 | +- Re-run CI/CD workflow |
| 95 | + |
| 96 | +--- |
| 97 | + |
| 98 | +## 📊 Monitoring & Infrastructure Strategy |
| 99 | + |
| 100 | +- Container logs monitored using `docker logs` |
| 101 | +- Nginx access logs help identify traffic patterns |
| 102 | +- Azure Monitor can track CPU / memory utilization |
| 103 | +- Health endpoint alerts can detect service failure |
| 104 | +- Horizontal container scaling can be implemented for load handling |
| 105 | + |
| 106 | +--- |
| 107 | + |
| 108 | +## 🛠 Production Debugging Approach |
| 109 | + |
| 110 | +If production deployment fails: |
| 111 | + |
| 112 | +1. Identify blast radius (staging vs production impact) |
| 113 | +2. Check GitHub Actions logs |
| 114 | +3. SSH into Azure VM |
| 115 | +4. Validate container status and logs |
| 116 | +5. Verify environment configuration |
| 117 | +6. Rollback to last stable release |
| 118 | +7. Redeploy and monitor |
| 119 | + |
| 120 | +--- |
| 121 | + |
| 122 | +## 🌟 Bonus Implementation |
| 123 | + |
| 124 | +### Dockerization |
| 125 | + |
| 126 | +The application is fully containerized using Docker with a production-ready image design: |
| 127 | + |
| 128 | +- Dockerized application deployment |
| 129 | +- Environment separation using container ports |
| 130 | +- Reverse proxy routing via Nginx |
| 131 | +- Cloud VM deployment on Azure |
| 132 | +- CI validated container health checks |
| 133 | +- Uses slim Python base image for reduced size |
| 134 | +- Runs as non-root user for better security |
| 135 | +- Includes container healthcheck endpoint |
| 136 | +- Supports environment-based deployments |
| 137 | +- Enables reproducible builds across environments |
| 138 | + |
| 139 | +### Kubernetes Deployment Approach (High Level) |
| 140 | + |
| 141 | +For large-scale production deployment, this architecture can be migrated to Kubernetes: |
| 142 | + |
| 143 | +- Docker image can be deployed using Kubernetes Deployment resource |
| 144 | +- Service object can expose application internally |
| 145 | +- Ingress controller can replace Nginx reverse proxy |
| 146 | +- Horizontal Pod Autoscaler can scale pods based on CPU / memory usage |
| 147 | +- ConfigMaps and Secrets can manage runtime configuration |
| 148 | +- Rolling updates can ensure zero downtime deployments |
| 149 | + |
| 150 | +### AWS Exposure |
| 151 | + |
| 152 | +Although this implementation uses Azure VM for deployment, similar architecture can be implemented on AWS using: |
| 153 | + |
| 154 | +- EC2 instances for container hosting |
| 155 | +- Application Load Balancer for routing |
| 156 | +- CloudWatch for logs and metrics |
| 157 | +- Auto Scaling Groups for infrastructure scaling |
| 158 | +- ECS or EKS for container orchestration |
| 159 | + |
| 160 | +--- |
0 commit comments