Skip to content
/ eShopOnContainers Public
forked from dotnet-architecture/eShopOnContainers

Cross-platform .NET sample microservices and container based application that runs on Linux Windows and macOS. Powered by .NET 5, Docker Containers and Azure Kubernetes Services. Supports Visual Studio, VS for Mac and CLI based environments with Docker CLI, dotnet CLI, VS Code or any other code editor.

dot.net/architecture

License

MIT license
0 stars 10.4k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

oliviergaumond/eShopOnContainers

BranchesTags
 
 

Repository files navigation

eShopOnContainers Fork

This project is a fork of the eShopOnContainers .NET Microservices Sample Reference Application.

My goal was to use the reference app as a learning environment to try different cloud-native and DevOps concepts. I wanted to go beyond the basic Hello Worlds available for the different tools out-there. This project was the perfect starting point. Complex enough to show case some real-world use cases, but still simple enough to make it easy to master and deploy.

I documented each experiment in an article and kept and specific branch isolating the specific experiment. The main dev branch aims to integrate most of the experiments in a global reference app closer to a real-world enterprise scenario. The different experiment branches typically reflect the work done at the time of the experiment, so they may not all share the same base depending on when I did them.

Banches and experiments

Fully automated deployment

Goal: Consolidate in a single walkthrough all the steps needed to deploy the app to AKS with a fully automated CI/CD pipeline with GitHub Actions
Article: Walkthrough of eShop setup on Azure Kubernetes Services with GitHub Actions
Branch: experiment/aks-github-cicd)

Image scanning

Goal: Add a step in the CI pipeline to automatically scan images for vulnerabilities and fail the build if vulnerabilities are found
Article: eShopOnContainers experiment with image scanning
Branch: experiment/trivy-scan

Roadmap

Here are some future concepts I would like to explore and implement on the eShopOnContainers reference app.

  • Image signing and signature validation with an Admission Controller
  • Implement PodSecurityPolicy (or an alternative) to enforce securit best practices in the containers
  • Implement Network Policy to limit which pods can talk to each other
  • Use a GitOps tool such as Flux or ArgoCD instead of deploying the images using GitHub Actions
  • Configure observability with a tool such as Prometheus
  • Configure auto-scaling of resources and test it by simulating ariable degree of traffic
  • Use Azure KeyVault for secrets management
  • Configure minimal RBAC access that would enable a dev team to deploy the eSHop app on a dedicated namespace on a Kubernetes cluster without full cluster admin access
  • Detect runtime vulnerabilities using Falco

About

Cross-platform .NET sample microservices and container based application that runs on Linux Windows and macOS. Powered by .NET 5, Docker Containers and Azure Kubernetes Services. Supports Visual Studio, VS for Mac and CLI based environments with Docker CLI, dotnet CLI, VS Code or any other code editor.

dot.net/architecture

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

6 forks
Report repository

Releases

17 tags

Packages

No packages published

Languages

  • C# 57.0%
  • JavaScript 17.1%
  • HTML 6.1%
  • Dockerfile 4.0%
  • TypeScript 3.9%
  • CSS 3.5%
  • Other 8.4%