Skip to content
View Youngyz1's full-sized avatar
9 followers · 17 following

Achievements

Achievement: Pull SharkAchievement: YOLOAchievement: Quickdraw

Achievements

Achievement: Pull SharkAchievement: YOLOAchievement: Quickdraw

Block or report Youngyz1

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Youngyz1/README.md

Registration App — AWS EKS

Production-grade full-stack app (React 18 + FastAPI + PostgreSQL) deployed on AWS EKS with a complete DevSecOps pipeline, GitOps delivery via ArgoCD, Istio service mesh, and full observability.

AWS Terraform ArgoCD Security

Architecture

GitHub push
    │
    ▼
GitHub Actions (CI)
SonarQube (SAST) → Trivy (image scan) → OWASP ZAP (DAST) → Docker Hub
    │
    ▼ image tag updated in manifests
ArgoCD (GitOps CD) detects change → syncs to EKS
    │
    ▼
AWS EKS Cluster
├── WAF v2                    — bot/DDoS protection
├── Istio mTLS                — encrypted service mesh
├── React 18 (frontend)
├── FastAPI (backend)
├── PostgreSQL RDS Multi-AZ   — managed, high-availability DB
├── HPA (3–10 replicas)       — auto-scaling
├── External Secrets Operator — zero secrets in Git
└── Velero                    — automated backups
    │
    ▼
Observability: Prometheus → Grafana → Loki → Alertmanager → Slack

All infrastructure provisioned with Terraform (~72 resources). IAM IRSA, private subnets, Secrets Manager, encrypted at rest.

Stack

Layer Technology
Frontend React 18 + Nginx
Backend FastAPI (Python 3.9)
Database PostgreSQL 15 (RDS Multi-AZ)
Orchestration Kubernetes (EKS) + Helm
GitOps CD ArgoCD
CI Pipeline GitHub Actions (OIDC, self-hosted runners)
IaC Terraform (~72 resources)
Security WAF v2 · Istio mTLS · ESO · Trivy · SonarQube · OWASP ZAP
Observability Prometheus · Grafana · Loki · Alertmanager
Backup Velero

Repo structure

registration-app-EKS/
├── .github/workflows/    # GitHub Actions CI pipeline
├── frontend/             # React 18 app
├── backend/              # FastAPI app
├── k8s/                  # Kubernetes manifests
│   ├── namespace/        # Namespace, Secrets, ConfigMap
│   ├── postgres/         # PostgreSQL Deployment + PVC
│   ├── backend/          # Backend Deployment + Service
│   └── frontend/         # Frontend Deployment + Service
├── argocd/               # ArgoCD Application manifest
├── helm/                 # Helm chart
├── kind-config.yaml      # Local kind cluster config
└── sonar-project.properties

Quick start (local — kind)

kind create cluster --config kind-config.yaml
kubectl apply -f k8s/namespace/
kubectl apply -f k8s/postgres/
kubectl apply -f k8s/backend/
kubectl apply -f k8s/frontend/
# Frontend available at http://localhost:30080

GitHub Actions secrets required

Secret Purpose
DOCKER_USERNAME Docker Hub login
DOCKER_PASSWORD Docker Hub password
SONAR_TOKEN SonarQube auth
SONAR_HOST_URL SonarQube server
SNYK_TOKEN Snyk dependency scan
SLACK_WEBHOOK_URL Pipeline notifications
APP_URL Target URL for OWASP ZAP DAST
REACT_APP_API_URL Backend API URL for frontend build

Author

Ohia Uche Godwill — Cloud & DevOps Engineer LinkedIn · Portfolio

Pinned Loading

  1. candycrush-aws-eks-pipeline candycrush-aws-eks-pipeline Public

    Full DevOps pipeline: GitHub Actions → SonarQube → Trivy → Docker Hub → Terraform → AWS EKS → Prometheus/Grafana

    JavaScript

  2. easybank easybank Public

    EasyBank is a comprehensive online banking application built with PHP, MySQL, and AWS infrastructure. The system includes customer registration, PIN-based authentication, account activation workflo…

    JavaScript

  3. jpetstore-6 jpetstore-6 Public

    Forked from Aj7Ay/jpetstore-6

    This project demonstrates a complete DevSecOps pipeline that automates building, testing, securing, and deploying the JPetStore application to Kubernetes. Security is integrated at every stage—not …

    Java

  4. Portfolio-Website Portfolio-Website Public

    Secure static portfolio hosted on AWS S3 + CloudFront with custom domain, HTTPS, OIDC authentication, and fully automated CI/CD via GitHub Actions and Terraform

    CSS

  5. ritual-roast ritual-roast Public

    Production-grade coffee shop web app on AWS — ECS Fargate, RDS MySQL, ALB, ECR, Secrets Manager, Route 53, and full Terraform IaC with private networking and multi-AZ high availability

    CSS

  6. registration-app-EKS registration-app-EKS Public

    Production-grade full-stack registration app on AWS EKS — React + FastAPI + PostgreSQL · GitOps (ArgoCD) · DevSecOps (WAF, Istio mTLS, ESO, Trivy, OWASP ZAP) · Terraform IaC · Multi-AZ · HPA · Vele…

    JavaScript