Skip to content

CSYE-6225-hemanthnvd/.github

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
architecture
architecture
 
 
profile
profile
 
 
README.md
README.md
 
 

Repository files navigation

Cloud-Native Logistics Management Platform

Overview

Built a cloud-native logistics platform on Google Cloud Platform with automated CI/CD, infrastructure-as-code using Terraform, and rolling updates. Implemented serverless event-driven alerts via Cloud Functions, Pub/Sub, and the Mailgun API.

This project was developed as part of CSYE 6225: Network Structures and Cloud Computing at Northeastern University

Infrastructure Architecture

GCP Architecture Diagram

Repositories

Repository Description
webapp Node.js RESTful API, Packer image config, CI/CD workflows
tf-gcp-infra Terraform code for all GCP infrastructure
serverless Cloud Function — Pub/Sub triggered email verification via Mailgun

What Was Built

🚀 RESTful API

  • Developed a cloud-native RESTful API using Node.js and Sequelize ORM with endpoints including /healthz and /v1/user for health checks, user creation, updates, verification, and retrieval.
  • Secured authenticated endpoints using basic authentication with password hashing and salt generation via BCrypt.
  • Wrote integration tests validated in CI pipelines using GitHub Actions.

🌐 GCP Networking & Infrastructure

  • Provisioned VPCs, subnets, routing tables, and firewall rules using Terraform as the foundation for all infrastructure.
  • Launched a private Cloud SQL (PostgreSQL) instance with custom configuration.
  • Established VPC peering between the application VPC and the Cloud SQL service producer's VPC via Private Services Access, ensuring all database traffic stays on private IPs.
  • Created the database, database user, and a random password using Terraform and passed them as instance metadata. A startup script curls this metadata to generate a .env file for seamless application connectivity.

🔧 Custom Machine Image

  • Built custom Compute Engine images using HashiCorp Packer based on CentOS Stream 8.
  • Uploaded the application using Packer's file provisioner, set up a local nologin user with a primary group, and ensured the user's shell was set to nologin.
  • Created and configured a systemd service file so the application starts automatically when the instance launches.
  • Image builds are triggered automatically on the GitHub runner when a pull request is merged.

🔍 Monitoring, Logging & Observability

  • Installed and configured the Google Cloud Ops Agent on VMs to collect structured application logs.
  • Application logging implemented using the Winston library for consistent, queryable log output.

📨 Event-Driven Architecture — Email Verification

  • The RESTful API acts as a publisher, sending messages to a Pub/Sub topic whenever a new user is created.
  • A Cloud Function subscribes to the topic and sends a verification email to the user via the Mailgun API.
  • All authenticated endpoints remain inaccessible until the user verifies their email.

⚖️ Load Balancing, Autoscaling & SSL

  • Built a compute instance template from the custom Packer image.
  • Configured a managed instance group that autoscales based on CPU utilization.
  • Set up health checks to monitor the instance group every 10 seconds.
  • Deployed an external HTTPS application load balancer to distribute traffic across VMs.
  • Reserved a static external IP pointing to the load balancer and provisioned a Google-managed SSL certificate.

🔐 Security & Encryption (CMEK)

  • Created customer-managed encryption keys (CMEK) in a key ring to encrypt Virtual Machines, Cloud SQL instances, and Cloud Storage Buckets.
  • Configured a 30-day key rotation period for all encryption keys.
  • CMEK ensures full control over the lifecycle and access of encryption keys across all GCP services.

🔄 Continuous Deployment

  • On every merged pull request, GitHub Actions triggers a Packer build to create a new custom image.
  • A new instance template is created from the fresh image using gcloud CLI on the GitHub runner.
  • Instances in the managed instance group are gradually recreated using the new template — achieving zero-downtime rolling updates on every production merge.

Quick Start

Webapp

# Install dependencies
npm install
 
# Start the development server
npm run dev
 
# Start the production server
npm start
 
# Run integration tests
npm test

Terraform

# Initialize working directory
terraform init
 
# Format configuration files
terraform fmt
 
# Validate configuration
terraform validate
 
# Preview changes
terraform plan
 
# Apply infrastructure
terraform apply
 
# Destroy infrastructure
terraform destroy

Create a terraform.tfvars file with all required variables (see variables.tf).

Packer

cd packer
 
# Install required plugins
packer init build.pkr.hcl
 
# Format HCL files
packer fmt .
 
# Validate template
packer validate .
 
# Build the custom image
packer build -var-file=values.pkrvars.hcl build.pkr.hcl

Create a values.pkrvars.hcl file with your GCP credentials path.

Tech Stack

Layer Technology
API Node.js, Express, Sequelize
Authentication Basic Auth, BCrypt
Database PostgreSQL (Cloud SQL)
Testing Jest, Supertest
Infrastructure Terraform, Google Cloud Platform
Image Build HashiCorp Packer, CentOS Stream 8
Serverless Google Cloud Functions, Pub/Sub
Email Mailgun API
CI/CD GitHub Actions, gcloud CLI
Logging Winston, Google Cloud Ops Agent
DNS & SSL Cloud DNS, Google-managed SSL Certificates
Load Balancing External HTTPS Application Load Balancer
Encryption Customer-Managed Encryption Keys (CMEK)

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors