Skip to content

Week 15 - Final requirements

Last week, you deployed your application to a production environment with automatic scaling and fault tolerance through affinity constraints. Your application should now be resilient to chaos engineering experiments.

This week has the final requirements: security scanning to identify vulnerabilities in your container images and a production dashboard to visualize the health of your application.

Operations requirements

Security scanning

Container images can contain vulnerabilities inherited from base images or introduced through dependencies. Recent years have seen a dramatic increase in supply chain attacks targeting software dependencies and build systems. Scanning your container images is a baseline defence that can catch known vulnerabilities before they reach production.

Complete

Configure security scanning for your container images.

  • Integrate a container image scanner into your GitLab CI pipeline.
  • You may use Trivy or another tool of your choice.
  • The scan should run automatically when images are built.

Production dashboard

In the previous phase, you created a Grafana dashboard to monitor your staging environment. Now that you have a production deployment, you need dedicated observability for it.

Your production dashboard should build upon what you learned from your staging dashboard. Consider what worked well, what was missing, and what would help to make the dashboard readable and understandable to anyone seeing it.

Complete

Create a production dashboard for your application.

  • Build a Grafana dashboard specifically for your production namespace.

Consider these questions in addition to the metrics you displayed on your staging dashboard:

  • Can you tell at a glance if your application is healthy?
  • When a pod gets killed by chaos engineering, can you see it on your dashboard?
  • Are your autoscaling decisions visible? Can you see when KEDA/HPA scales your deployment?
  • Do you have visibility into all critical components, or just some of them?

Requirements:

  • Visualization titles should be concisce
  • Visualizations should be quickly understandable
  • Visualizations should have readable concisce labels
  • When representing usage of a certain amount of resources the thresholds should be visually represented
  • State of services should be represented with current status and with a time series representation of your choice e.g. to quickly display if there has been service gaps in the last 6 hours.
  • When you visualize one of the four golden signals, can you add thresholds to them as to visualize a potential problem happening with your application

Documentation requirements

What we expect your documentation to include?

Security scanning

  • Which scanning tool did you choose and why?
  • How is the scanner integrated into your pipeline?
  • What vulnerabilities were detected? How did/would you handle them?

Production dashboard

  • What metrics does your production dashboard display?
  • How would you use this dashboard to diagnose issues?

Tasks

  • Integrate container image security scanning into your CI pipeline.
  • Create a Grafana dashboard for your production environment.
    • Access the shared Grafana at: monitoring.kubernetes.devops.cs.ut.ee.
    • Create a new dashboard under your team folder.
    • When writing queries, make sure to only target your production namespace.
  • Document your work.

Feedback

We will be using a Google feedback form to collect feedback from the students to improve the course. Please fill it out as soon as possible.

You can stay anonymous if you wish, but we ask to be as honest as needed with the feedback. We will use the feedback only for course improvement purposes.

Feedback form