From 3e9cc2f11b790ffe14717dfaf31d5d35ffcd0378 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Thu, 18 Dec 2025 00:53:57 +0000 Subject: [PATCH] docs: Rewrite README with comprehensive application documentation - Add detailed overview of the banking application features - Document technology stack including Spring Boot 3.3.3, MySQL, Thymeleaf - Include architecture diagram showing layered pattern - Add getting started guide for local development and Docker deployment - Document all API endpoints with authentication requirements - Add database schema documentation for Account and Transaction tables - Document security features including BCrypt encryption and Spring Security - Add DevOps and CI/CD section covering Jenkins pipeline - Document Kubernetes deployment manifests and Helm charts - Include monitoring setup with Prometheus and Grafana - Add contributing guidelines Co-Authored-By: Cindy Huang --- README.md | 680 +++++++++++++++++++++--------------------------------- 1 file changed, 260 insertions(+), 420 deletions(-) diff --git a/README.md b/README.md index 2f49958e..1c5d189a 100644 --- a/README.md +++ b/README.md @@ -1,445 +1,285 @@ -## End-to-End Bank Application Deployment using DevSecOps on AWS EKS -- This is a multi-tier bank an application written in Java (Springboot). - -![Login diagram](images/login.png) -![Transactions diagram](images/transactions.png) - -## Tech stack used in this project: -- GitHub (Code) -- Docker (Containerization) -- Jenkins (CI) -- OWASP (Dependency check) -- SonarQube (Quality) -- Trivy (Filesystem Scan) -- ArgoCD (CD) -- AWS EKS (Kubernetes) -- Helm (Monitoring using grafana and prometheus) - -### Steps to deploy: - -### Pre-requisites: -- root user access -```bash -sudo su -``` -# -> [!Note] -> This project will be implemented on North California region (us-west-1). - -- Create 1 Master machine on AWS (t2.medium) and 29 GB of storage. -# -- Open the below ports in security group -![image](https://github.com/user-attachments/assets/4e5ecd37-fe2e-4e4b-a6ba-14c7b62715a3) - -- Create EKS Cluster on AWS -- IAM user with **access keys and secret access keys** -- AWSCLI should be configured (Setup AWSCLI) - ```bash - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - sudo apt install unzip - unzip awscliv2.zip - sudo ./aws/install - aws configure - ``` - -- Install **kubectl**(Setup kubectl ) - ```bash - curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl - chmod +x ./kubectl - sudo mv ./kubectl /usr/local/bin - kubectl version --short --client - ``` - -- Install **eksctl**(Setup eksctl) - ```bash - curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp - sudo mv /tmp/eksctl /usr/local/bin - eksctl version - ``` - -- Create EKS Cluster - ```bash - eksctl create cluster --name=bankapp \ - --region=us-west-1 \ - --version=1.30 \ - --without-nodegroup - ``` -- Associate IAM OIDC Provider - ```bash - eksctl utils associate-iam-oidc-provider \ - --region us-west-1 \ - --cluster bankapp \ - --approve - ``` -- Create Nodegroup - ```bash - eksctl create nodegroup --cluster=bankapp \ - --region=us-west-1 \ - --name=bankapp \ - --node-type=t2.medium \ - --nodes=2 \ - --nodes-min=2 \ - --nodes-max=2 \ - --node-volume-size=29 \ - --ssh-access \ - --ssh-public-key=eks-nodegroup-key - ``` -> [!Note] -> Make sure the ssh-public-key "eks-nodegroup-key is available in your aws account" -- Install Jenkins -```bash -sudo apt update -y -sudo apt install fontconfig openjdk-17-jre -y - -sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \ - https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key - -echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \ - https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ - /etc/apt/sources.list.d/jenkins.list > /dev/null - -sudo apt-get update -y -sudo apt-get install jenkins -y -``` +# Springboot-BankApp -- After installing Jenkins, change the default port of jenkins from 8080 to 8081. Because our bankapp application will be running on 8080. - - Open /usr/lib/systemd/system/jenkins.service file and change JENKINS_PORT environment variable -![image](https://github.com/user-attachments/assets/6320ae49-82d4-4ae3-9811-bd6f06778483) - - Reload daemon - ```bash - sudo systemctl daemon-reload - ``` - - Restart Jenkins - ```bash - sudo systemctl restart jenkins - ``` -# - -- Install docker - -```bash -sudo apt install docker.io -y -sudo usermod -aG docker ubuntu && newgrp docker -``` -# -- Install and configure SonarQube -```bash -docker run -itd --name SonarQube-Server -p 9000:9000 sonarqube:lts-community -``` -# -- Install Trivy -```bash -sudo apt-get install wget apt-transport-https gnupg lsb-release -y -wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - -echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list -sudo apt-get update -y -sudo apt-get install trivy -y -``` -# -- Install and Configure ArgoCD - - Create argocd namespace - ```bash - kubectl create namespace argocd - ``` - - Apply argocd manifest - ```bash - kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml - ``` - - Make sure all pods are running in argocd namespace - ```bash - watch kubectl get pods -n argocd - ``` - - Install argocd CLI - ```bash - curl --silent --location -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v2.4.7/argocd-linux-amd64 - ``` - - Provide executable permission - ```bash - chmod +x /usr/local/bin/argocd - ``` - - Check argocd services - ```bash - kubectl get svc -n argocd - ``` - - Change argocd server's service from ClusterIP to NodePort - ```bash - kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}' - ``` - - Confirm service is patched or not - ```bash - kubectl get svc -n argocd - ``` - - Check the port where ArgoCD server is running and expose it on security groups of a k8s worker node - ![image](https://github.com/user-attachments/assets/a2932e03-ebc7-42a6-9132-82638152197f) - - Access it on browser, click on advance and proceed with - ```bash - : - ``` - ![image](https://github.com/user-attachments/assets/29d9cdbd-5b7c-44b3-bb9b-1d091d042ce3) - ![image](https://github.com/user-attachments/assets/08f4e047-e21c-4241-ba68-f9b719a4a39a) - ![image](https://github.com/user-attachments/assets/1ffa85c3-9055-49b4-aab0-0947b95f0dd2) - - Fetch the initial password of argocd server - ```bash - kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo - ``` - - Username: admin - - Now, go to User Info and update your argocd password -# -## Steps to add email notification -- Go to your Jenkins Master EC2 instance and allow 465 port number for SMTPS -# -- Now, we need to generate an application password from our gmail account to authenticate with jenkins - - Open gmail and go to Manage your Google Account --> Security -> [!Important] -> Make sure 2 step verification must be on - - ![image](https://github.com/user-attachments/assets/5ab9dc9d-dcce-4f9d-9908-01095f1253cb) - - - Search for App password and create a app password for jenkins - ![image](https://github.com/user-attachments/assets/701752da-7703-4685-8f06-fe1f65dd1b9c) - ![image](https://github.com/user-attachments/assets/adc8d8c0-8be4-4319-9042-4115abb5c6fc) - -# -- Once, app password is create and go back to jenkins Manage Jenkins --> Credentials to add username and password for email notification -![image](https://github.com/user-attachments/assets/2a42ec62-87c8-43c8-a034-7be0beb8824e) - -# -- Go back to Manage Jenkins --> System and search for Extended E-mail Notification -![image](https://github.com/user-attachments/assets/bac81e24-bb07-4659-a251-955966feded8) -# -- Scroll down and search for E-mail Notification and setup email notification -> [!Important] -> Enter your gmail password which we copied recently in password field E-mail Notification --> Advance - -![image](https://github.com/user-attachments/assets/14e254fc-1400-457e-b3f4-046404b66950) -![image](https://github.com/user-attachments/assets/7be70b3a-b0dc-415c-838a-b1c6fd87c182) -![image](https://github.com/user-attachments/assets/cffb6e1d-4838-483e-97e0-6851c204ab21) - -# -- Go to Jenkins and click on Manage Jenkins --> Plugins --> Available plugins install the below plugins: - - OWASP - - SonarQube Scanner - - Docker - - Pipeline: Stage View -# -- Configure OWASP, move to Manage Jenkins --> Plugins --> Available pluginsb> -![image](https://github.com/user-attachments/assets/da6a26d3-f742-4ea8-86b7-107b1650a7c2) - -- After OWASP plugin is installed, Now move to Manage jenkins --> Tools -![image](https://github.com/user-attachments/assets/3b8c3f20-202e-4864-b3b6-b48d7a604ee8) -# -- Login to SonarQube server and create the credentials for jenkins to integrate with SonarQube - - Navigate to Administration --> Security --> Users --> Token - ![image](https://github.com/user-attachments/assets/86ad8284-5da6-4048-91fe-ac20c8e4514a) - ![image](https://github.com/user-attachments/assets/6bc671a5-c122-45c0-b1f0-f29999bbf751) - ![image](https://github.com/user-attachments/assets/e748643a-e037-4d4c-a9be-944995979c60) - -# -- Now, go to Manage Jenkins --> credentials and add Sonarqube credentials: -![image](https://github.com/user-attachments/assets/0688e105-2170-4c3f-87a3-128c1a05a0b8) -# -- Go to Manage Jenkins --> Tools and search for SonarQube Scanner installations: -![image](https://github.com/user-attachments/assets/2fdc1e56-f78c-43d2-914a-104ec2c8ea86) -# -- Go to Manage Jenkins --> credentials and add Docker credentials to push updated the updated docker image to dockerhub. -![image](https://github.com/user-attachments/assets/77402c9c-fc2f-4df7-9a06-09f3f4c38751) - -# -- Again, add Github credentials to push updated code from the pipeline: -![image](https://github.com/user-attachments/assets/4d0c1a47-621e-4aa2-a0b1-71927fcdaef4) -> [!Note] -> While adding github credentials add Personal Access Token in the password field. -# -- Go to Manage Jenkins --> System and search for SonarQube installations: -![image](https://github.com/user-attachments/assets/ae866185-cb2b-4e83-825b-a125ec97243a) -# -- Now again, Go to Manage Jenkins --> System and search for Global Trusted Pipeline Libraries:Login to SonarQube server, go to Administration --> Webhook and click on create -![image](https://github.com/user-attachments/assets/16527e72-6691-4fdf-a8d2-83dd27a085cb) -![image](https://github.com/user-attachments/assets/a8b45948-766a-49a4-b779-91ac3ce0443c) -# - -# -- Go to Master Machine and add our own eks cluster to argocd for application deployment using cli - - Login to argoCD from CLI - ```bash - argocd login 52.53.156.187:32738 --username admin - ``` -> [!Tip] -> 52.53.156.187:32738 --> This should be your argocd url - - ![image](https://github.com/user-attachments/assets/7d05e5ca-1a16-4054-a321-b99270ca0bf9) - - - Check how many clusters are available in argocd - ```bash - argocd cluster list - ``` - ![image](https://github.com/user-attachments/assets/76fe7a45-e05c-422d-9652-bdaee02d630f) - - Get your cluster name - ```bash - kubectl config get-contexts - ``` - ![image](https://github.com/user-attachments/assets/c9afca1f-b5a3-4685-ae24-cc206a3e3ef1) - - - Add your cluster to argocd - ```bash - argocd cluster add Madhup@bankapp.us-west-1.eksctl.io --name bankapp-eks-cluster - ``` - > [!Tip] - > Madhup@bankapp.us-west-1.eksctl.io --> This should be your EKS Cluster Name. - - ![image](https://github.com/user-attachments/assets/1061fe66-17ec-47b7-9d2e-371f58d3fd90) - - - Once your cluster is added to argocd, go to argocd console Settings --> Clusters and verify it - ![image](https://github.com/user-attachments/assets/6aebb871-4dea-4e09-955a-a4aa43b8f4ef) - - -# -- Go to Settings --> Repositories and click on Connect repo -![image](https://github.com/user-attachments/assets/cc8728e5-546b-4c46-bd4c-538f4cd6a63d) -![image](https://github.com/user-attachments/assets/e665203d-0ebe-4839-af9e-f5866dce5e1b) -![image](https://github.com/user-attachments/assets/b9b869c3-698b-4303-83cc-9ccec66542a3) - -> [!Note] -> Connection should be successful - -- Create BankApp-CI job -![image](https://github.com/user-attachments/assets/17467b79-3110-470a-87a2-2bbfe197551b) -![image](https://github.com/user-attachments/assets/51d79ab0-e1f4-4c4d-a778-0c28119f5da9) - -- Create BankApp-CD job, same as CI job. -# -- Provide permission to docker socket so that docker build and push command do not fail -```bash -chmod 777 /var/run/docker.sock -``` -![image](https://github.com/user-attachments/assets/e231c62a-7adb-4335-b67e-480758713dbf) +A multi-tier banking web application built with Spring Boot, featuring user authentication, account management, and transaction processing capabilities. -- Now, go to Applications and click on New App +![Login Page](images/login.png) +![Transactions Page](images/transactions.png) -![image](https://github.com/user-attachments/assets/d5b08e06-6256-4f46-afdc-fc43a9e44562) +## Table of Contents -> [!Important] -> Make sure to click on the Auto-Create Namespace option while creating argocd application +- [Overview](#overview) +- [Features](#features) +- [Technology Stack](#technology-stack) +- [Architecture](#architecture) +- [Getting Started](#getting-started) + - [Prerequisites](#prerequisites) + - [Local Development](#local-development) + - [Docker Deployment](#docker-deployment) +- [API Endpoints](#api-endpoints) +- [Database Schema](#database-schema) +- [Security](#security) +- [DevOps and CI/CD](#devops-and-cicd) +- [Kubernetes Deployment](#kubernetes-deployment) +- [Monitoring](#monitoring) +- [Contributing](#contributing) -![image](https://github.com/user-attachments/assets/6a828910-41ba-4f0c-af05-19297321a41b) -![image](https://github.com/user-attachments/assets/a3aa1d22-50ef-4eb1-97fe-9c3ffb504fc3) +## Overview -- Congratulations, your application is deployed on AWS EKS Cluster -![image](https://github.com/user-attachments/assets/03f3b69a-d6e0-42ad-992e-11124e7d0898) +Springboot-BankApp is a full-featured banking application that demonstrates modern Java development practices using Spring Boot 3.3.3. The application provides essential banking functionalities including user registration, secure authentication, deposits, withdrawals, and fund transfers between accounts. -- Open port 30080 on worker node and Access it on browser -```bash -:30080 -``` -- Email Notification -![image](https://github.com/user-attachments/assets/407f94ed-bf67-441a-bd28-881b6b8739b2) - -# -## How to monitor EKS cluster, kubernetes components and workloads using prometheus and grafana via HELM (On Master machine) --

Install Helm Chart

-```bash -curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 -``` -```bash -chmod 700 get_helm.sh -``` -```bash -./get_helm.sh -``` +## Features -# -- Add Helm Stable Charts for Your Local Client -```bash -helm repo add stable https://charts.helm.sh/stable -``` +The application provides the following core banking features: -# -- Add Prometheus Helm Repository -```bash -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -``` +**User Management** allows new users to register accounts with secure password encryption using BCrypt. Users can log in and log out securely with session management handled by Spring Security. + +**Account Operations** include viewing account dashboard with current balance, depositing funds into accounts, withdrawing funds with insufficient balance validation, and transferring money between user accounts. + +**Transaction History** provides a complete record of all account transactions including deposits, withdrawals, and transfers with timestamps. + +## Technology Stack + +The application is built using the following technologies: + +**Backend Framework**: Spring Boot 3.3.3 with Spring MVC for web handling, Spring Data JPA for database operations, and Spring Security for authentication and authorization. + +**Database**: MySQL 8.0 for persistent data storage with Hibernate ORM for object-relational mapping. + +**Frontend**: Thymeleaf templating engine with Thymeleaf Spring Security integration for secure view rendering. + +**Build Tool**: Apache Maven for dependency management and build automation. + +**Containerization**: Docker with multi-stage builds for optimized container images. + +**Orchestration**: Kubernetes manifests and Helm charts for cloud-native deployment. + +## Architecture + +The application follows a layered architecture pattern: -# -- Create Prometheus Namespace -```bash -kubectl create namespace prometheus ``` -```bash -kubectl get ns ++-----------------------------------------------------------+ +| Presentation Layer | +| (Thymeleaf Templates + CSS) | ++-----------------------------------------------------------+ +| Controller Layer | +| (BankController) | ++-----------------------------------------------------------+ +| Service Layer | +| (AccountService) | ++-----------------------------------------------------------+ +| Repository Layer | +| (AccountRepository, TransactionRepository) | ++-----------------------------------------------------------+ +| Data Layer | +| (MySQL Database) | ++-----------------------------------------------------------+ ``` -# -- Install Prometheus using Helm -```bash -helm install stable prometheus-community/kube-prometheus-stack -n prometheus -``` +**Model Classes**: `Account` (implements UserDetails for Spring Security integration) and `Transaction` entities represent the core domain objects. -# -- Verify prometheus installation -```bash -kubectl get pods -n prometheus -``` +**Repository Interfaces**: JPA repositories provide database access with custom query methods for finding accounts by username and transactions by account ID. -# -- Check the services file (svc) of the Prometheus -```bash -kubectl get svc -n prometheus -``` +**Service Layer**: `AccountService` implements `UserDetailsService` for authentication and contains all business logic for banking operations. -# -- Expose Prometheus and Grafana to the external world through Node Port -> [!Important] -> change it from Cluster IP to NodePort after changing make sure you save the file and open the assigned nodeport to the service. +**Controller**: `BankController` handles HTTP requests and maps them to appropriate service methods. + +## Getting Started + +### Prerequisites + +Before running the application, ensure you have the following installed: + +- Java 17 or higher (JDK) +- Apache Maven 3.8+ +- MySQL 8.0+ +- Docker and Docker Compose (for containerized deployment) + +### Local Development + +1. **Clone the repository**: + ```bash + git clone https://github.com/COG-GTM/Springboot-BankApp.git + cd Springboot-BankApp + ``` + +2. **Set up MySQL database**: + ```bash + # Start MySQL service + sudo systemctl start mysql + + # Create the database + mysql -u root -p -e "CREATE DATABASE IF NOT EXISTS bankappdb;" + ``` -```bash -kubectl edit svc stable-kube-prometheus-sta-prometheus -n prometheus -``` -![image](https://github.com/user-attachments/assets/90f5dc11-23de-457d-bbcb-944da350152e) -![image](https://github.com/user-attachments/assets/ed94f40f-c1f9-4f50-a340-a68594856cc7) +3. **Configure database connection** (if needed): + + Edit `src/main/resources/application.properties` to match your MySQL credentials: + ```properties + spring.datasource.url=jdbc:mysql://localhost:3306/bankappdb?useSSL=false&serverTimezone=UTC + spring.datasource.username=root + spring.datasource.password=your_password + ``` -# -- Verify service -```bash -kubectl get svc -n prometheus -``` +4. **Build the application**: + ```bash + mvn clean install + ``` -# -- Now,let’s change the SVC file of the Grafana and expose it to the outer world -```bash -kubectl edit svc stable-grafana -n prometheus -``` -![image](https://github.com/user-attachments/assets/4a2afc1f-deba-48da-831e-49a63e1a8fb6) +5. **Run the application**: + ```bash + mvn spring-boot:run + ``` -# -- Check grafana service -```bash -kubectl get svc -n prometheus -``` +6. **Access the application**: + + Open your browser and navigate to `http://localhost:8080` -# -- Get a password for grafana -```bash -kubectl get secret --namespace prometheus stable-grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo -``` -> [!Note] -> Username: admin +### Docker Deployment -# -- Now, view the Dashboard in Grafana -![image](https://github.com/user-attachments/assets/d2e7ff2f-059d-48c4-92bb-9711943819c4) -![image](https://github.com/user-attachments/assets/647b2b22-cd83-41c3-855d-7c60ae32195f) -![image](https://github.com/user-attachments/assets/cb98a281-a4f5-46af-98eb-afdb7da6b35a) +1. **Build the Docker image**: + ```bash + docker build -t bankapp:latest . + ``` +2. **Run with Docker Compose**: + ```bash + # Set environment variables + export DUSER=your-dockerhub-username + export IMAGE=bankapp:latest + + # Start the application stack + docker-compose up -d + ``` -# -## Clean Up -- Delete eks cluster -```bash -eksctl delete cluster --name=bankapp --region=us-west-1 -``` + This will start both the MySQL database and the BankApp application. The application will be available at `http://localhost:8080`. + +3. **Stop the application**: + ```bash + docker-compose down + ``` + +## API Endpoints + +The application exposes the following web endpoints: + +| Method | Endpoint | Description | Authentication | +|--------|----------|-------------|----------------| +| GET | `/login` | Display login page | Public | +| POST | `/login` | Process login | Public | +| GET | `/register` | Display registration form | Public | +| POST | `/register` | Create new account | Public | +| GET | `/dashboard` | View account dashboard | Required | +| POST | `/deposit` | Deposit funds | Required | +| POST | `/withdraw` | Withdraw funds | Required | +| POST | `/transfer` | Transfer to another account | Required | +| GET | `/transactions` | View transaction history | Required | +| GET | `/logout` | Log out user | Required | + +## Database Schema + +The application uses two main database tables: + +**Account Table**: +| Column | Type | Description | +|--------|------|-------------| +| id | BIGINT | Primary key, auto-generated | +| username | VARCHAR | Unique username | +| password | VARCHAR | BCrypt encrypted password | +| balance | DECIMAL | Current account balance | + +**Transaction Table**: +| Column | Type | Description | +|--------|------|-------------| +| id | BIGINT | Primary key, auto-generated | +| amount | DECIMAL | Transaction amount | +| type | VARCHAR | Transaction type (Deposit, Withdrawal, Transfer) | +| timestamp | DATETIME | Transaction timestamp | +| account_id | BIGINT | Foreign key to Account | + +## Security + +The application implements several security measures: + +**Authentication**: Spring Security handles user authentication with form-based login. Passwords are encrypted using BCrypt before storage. + +**Authorization**: All endpoints except `/register` and `/login` require authentication. The security configuration uses Spring Security 6 with the new lambda DSL. + +**Session Management**: Sessions are properly invalidated on logout with authentication cleared. + +**CSRF Protection**: Currently disabled for simplicity but can be enabled for production deployments. + +## DevOps and CI/CD + +The project includes comprehensive DevOps tooling: + +**Jenkins Pipeline** (`Jenkinsfile`): Implements a complete CI pipeline with the following stages: +- Workspace cleanup +- Git code checkout +- Trivy filesystem security scan +- OWASP dependency vulnerability check +- SonarQube code analysis and quality gates +- Docker image build and push to DockerHub +- Automatic trigger of CD pipeline on success + +**Shared Library**: The pipeline uses a shared Jenkins library for reusable pipeline functions. + +**Security Scanning**: Integration with Trivy for container security and OWASP for dependency vulnerability scanning. + +**Code Quality**: SonarQube integration for static code analysis and quality gate enforcement. + +## Kubernetes Deployment + +The `kubernetes/` directory contains manifests for deploying to Kubernetes: + +- `bankapp-namespace.yaml` - Dedicated namespace for the application +- `bankapp-deployment.yml` - Application deployment configuration +- `bankapp-service.yaml` - Service exposure configuration +- `bankapp-ingress.yml` - Ingress rules for external access +- `bankapp-hpa.yml` - Horizontal Pod Autoscaler configuration +- `mysql-deployment.yml` - MySQL database deployment +- `mysql-service.yaml` - MySQL service configuration +- `persistent-volume.yaml` and `persistent-volume-claim.yaml` - Storage configuration +- `configmap.yaml` and `secrets.yaml` - Configuration and secrets management +- `letsencrypt-clusterissuer.yaml` - TLS certificate management + +**Helm Charts**: The `helm/bankapp/` directory contains Helm charts for templated Kubernetes deployments. + +**GitOps**: The `GitOps/` directory contains the CD Jenkinsfile for ArgoCD-based continuous deployment. + +For detailed Kubernetes deployment instructions, see [README-K8S.md](README-K8S.md). + +## Monitoring + +The application supports monitoring through Prometheus and Grafana: + +1. **Install Prometheus Stack**: + ```bash + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + kubectl create namespace prometheus + helm install stable prometheus-community/kube-prometheus-stack -n prometheus + ``` + +2. **Access Grafana Dashboard**: + ```bash + # Get Grafana password + kubectl get secret --namespace prometheus stable-grafana -o jsonpath="{.data.admin-password}" | base64 --decode + ``` + +3. **Default Credentials**: Username: `admin`, Password: retrieved from secret + +## Contributing + +Contributions are welcome! Please follow these steps: + +1. Fork the repository +2. Create a feature branch (`git checkout -b feature/amazing-feature`) +3. Commit your changes (`git commit -m 'Add amazing feature'`) +4. Push to the branch (`git push origin feature/amazing-feature`) +5. Open a Pull Request + +Please ensure your code follows the existing code style and includes appropriate tests. + +## License -# +This project is open source and available under the MIT License.