Home Lab

The Cloud-Native Vending Machine 

A continuous delivery pipeline demonstrating the journey from Python source code to a self-hosted, bare-metal Kubernetes cluster. 

This project isn't just a web app; it's a simulation of modern platform engineering. I built a stateful Python microservice and automated its entire lifecycle using a GitOps workflow. From a Jenkins CI pipeline to Argo CD reconciliation, every commit is tested, built, and deployed to a custom K3s cluster with persistent Postgres and Longhorn storage—all exposed securely via Cloudflare Tunnels. 

Steps

1. Application Development & Containerization

• Developed a Vending Machine Microservice: Built a Python/Flask web application simulating financial transactions, wallet management, and inventory tracking.

• Dockerization: created a Dockerfile to containerize the application, ensuring consistency across development and production environments.

2. Continuous Integration (CI) Pipeline

• Jenkins Implementation: Deployed a Jenkins server to orchestrate the build process.

• Multibranch Pipelines: Configured a generic Webhook trigger that detects commits to GitHub. The pipeline automatically builds the Docker image, runs basic tests ( unittests ), tags the version, and pushes the artifact to Docker Hub.

3. Infrastructure Evolution (Migration to Bare Metal)

• Initial Prototype (Minikube): Launched a local Kubernetes cluster on a high-performance Windows workstation using Minikube for initial testing and proof-of-concept.

• Bare Metal Migration: Provisioned a dedicated Linux server (Ubuntu) on repurposed hardware to simulate a real-world edge environment.

• K3s Implementation: Migrated workloads from Minikube to K3s (Lightweight Kubernetes) to reduce resource overhead while maintaining full API compliance.

4. Storage & State Management

• Persistent Storage with Longhorn: Deployed Longhorn via Helm to manage distributed block storage and Persistent Volume Claims (PVCs). This resolved earlier compatibility issues with Minikube and enabled stateful workloads to survive pod restarts.

5. Continuous Deployment (CD) & GitOps

• Argo CD Integration: Installed Argo CD via Helm to implement a GitOps workflow.

• Automated Reconciliation: Configured Argo CD to monitor a dedicated "Infrastructure Repository." Any change to the Kubernetes manifests in Git is automatically synced to the cluster, ensuring the live state matches the desired state without manual intervention.

•  Argo CD Image Updater: Configured ArgoCD Image Updater to monitor Docker Hub for new digests, bypassing the need for manual kubectl updates and successfully automated the deployment of the site, through a completely hands-off reconciliation loop.

6. Advanced Environment Management

• Namespace Isolation: Architected a split-environment strategy (vending-dev and vending-prod) within the cluster to allow for safe feature testing before promotion.

• Database Integration: Refactored the application to move from ephemeral storage to a PostgreSQL database. Deployed Postgres as a stateful service, enabling persistent user inventory and stock tracking.

• Secrets Management: Implemented Kubernetes Secrets to securely manage database credentials, resolving authentication conflicts during the Dev-to-Prod promotion cycle.

7. Networking & Exposure

• Ingress & Cloudflare: Exposed the application to the public internet using Cloudflare Tunnels, securing the connection without opening direct firewall ports.

8. Observability

• Metrics & Visualization: Configuring Prometheus to scrape node and pod metrics, visualized through custom Grafana dashboards (e.g., "Cluster CPU Load", "Node memory utilization", and Postgres metrics). Sending Alerts to my Discord when the metrics reach a threshold set by me.

• Log Aggregation: Integrating Loki to aggregate logs from all microservices into a central searchable dashboard, eliminating the need for manual kubectl logs inspection.

Technologies Used

• Code: Python, Flask, Docker

• Orchestration: Kubernetes (K3s), Helm, Minikube

• CI/CD: Jenkins, Argo CD, Docker Hub, Git/GitHub

• Storage & DB: Longhorn, PostgreSQL

• OS: Ubuntu Server, Windows

Future Roadmap: DevSecOps and Hardening 

• Image Scanning: Adding Trivy to the Jenkins pipeline to scan the Python/Flask Docker images for vulnerabilities before they are pushed to Docker Hub.

• Secrets Management: Transitioning from native Kubernetes Secrets to a robust solution like the External Secrets Operator or HashiCorp Vault.

• Cluster Security: Implementing Open Policy Agent (OPA) to harden the cluster with policy as code

• Network Policies: Implementing default-deny network policies to restrict communication between the vending-dev and vending-prod namespaces, ensuring the dev environment cannot accidentally interact with the production PostgreSQL database.