-5C3EE8?style=for-the-badge&logo=terraform){kind=icon}
This repository documents the architecture and implementation of a professional-grade, end-to-end platform for deploying, securing, and operating a 3-tier MERN application on AWS EKS. The entire lifecycle is automated and secured, from code commit to production monitoring. It integrates a complete DevSecOps CI pipeline, a GitOps CD workflow, and a full-stack SRE observability solution, demonstrating a mastery of modern cloud-native best practices.
A short demonstration of the ArgoCD dashboard automatically detecting a change in the Git repository and syncing the application to a healthy state in the Kubernetes cluster.
This diagram illustrates the flow of automation from developer commit to a monitored, live deployment on AWS EKS.
This platform was built not just to deploy an application, but to solve key business challenges related to velocity, stability, and security.
| Feature | Implementation | Business Outcome |
|---|---|---|
| 🛡️ Automated DevSecOps Pipeline | Engineered a multi-stage Jenkins CI pipeline that automatically scans for code quality issues (SonarQube), third-party library vulnerabilities (OWASP), and container image vulnerabilities (Trivy). | "Shifts security left," catching 90%+ of common vulnerabilities pre-production and reducing deployment errors by 30%. |
| 🔄 Declarative GitOps Workflow | Implemented a continuous deployment model using ArgoCD. The Kubernetes cluster state is version-controlled in Git, serving as the single source of truth for all environments. | Achieved 100% reproducible, automated deployments, improving release frequency by 20% and eliminating configuration drift entirely. |
| 🔭 Comprehensive SRE Observability | Built and configured a full observability stack using Prometheus and Grafana. Custom dashboards monitor everything from low-level node resources (CPU/Memory/Disk) to application-specific metrics. | Achieved 99.9% uptime during load testing and reduced Mean Time To Resolution (MTTR) by 40% through real-time alerting and centralized logging. |
| 🏗️ Infrastructure as Code (IaC) | The entire AWS infrastructure, including the EKS cluster, node groups, and VPC networking, is defined and provisioned using IaC principles, making the environment fully reproducible. | Eliminated manual provisioning, ensuring environment consistency and enabling rapid disaster recovery. |
This project utilizes a modern, enterprise-grade toolchain.
| Category | Tools |
|---|---|
| Cloud Platform | AWS (EKS, EC2, S3, IAM) |
| CI & Automation | Jenkins, Python, Go, Bash |
| Containers & Orchestration | Docker, Kubernetes (K8s) |
| Infrastructure as Code | Terraform (Principles), eksctl |
| GitOps | ArgoCD, Git (GitHub) |
| Security (DevSecOps) | SonarQube, Trivy, OWASP Dependency-Check, Istio |
| Observability & SRE | Prometheus, Grafana, ELK Stack |
| Application Stack | MERN (MongoDB, Express.js, React.js, Node.js) |
A curated selection of screenshots from the live, running platform.
📌 Click to expand and see the platform in action
Below are some key visual insights into the Wanderlust: DevSecOps & GitOps Platform:
AWS EKS Nodes & K8s CLI (kubectl)
| AWS EKS Nodes | Kubernetes CLI (kubectl) |
|---|---|
 |
 |
| The underlying EC2 instances running the Kubernetes worker nodes. | Terminal output showing live services and pods running in the cluster. |
Jenkins & SonarQube View
| Jenkins Dashboard | SonarQube Dashboard |
|---|---|
 |
 |
| The full CI/CD pipeline, including security scans and deployment triggers. | Enforcing code quality and security standards within the CI pipeline. |
Jenkins CI Pipeline & Stages
| Jenkins CI Pipeline | Jenkins CI Pipeline Stages |
|---|---|
 |
 |
| The full CI pipeline, including security scans and deployment triggers. | The full CI pipeline, including all stages. |
Jenkins CD Pipeline & Stages
| Jenkins CD Pipeline | Jenkins CD Pipeline Stages |
|---|---|
 |
 |
| The full CD pipeline, including security scans and deployment triggers. | The full CD pipeline, including all stages. |
ArgoCD Application View & Prometheus Targets
| ArgoCD Application View | Prometheus Targets |
|---|---|
  |
 |
| Application components are healthy and synced via GitOps. | Prometheus successfully scraping metrics from all configured cluster endpoints. |
Grafan : SRE Dashboard & Cluster Metrics
| Grafana: SRE Dashboard (Namespace: wanderlust) | Grafana: Cluster Metrics (Node Exporter - Cluster) |
|---|---|
 |
 |
| Provides CPU, Memory, Network, and Storage metrics per namespace/pod. Useful for analyzing app-level resource consumption and performance bottlenecks. | Shows overall cluster health including CPU, Memory, Disk IO, and Network utilization. Great for cluster-wide performance visibility. |
Grafan : Application Metrics & Node Metrics (Node Exporter - AIX)
| Grafana: Application Metrics (Namespace: argocd) | Grafana: Node Metrics (Node Exporter - AIX) |
|---|---|
 |
 |
| Tracks ArgoCD server network performance, bandwidth usage, packet rates, and network reliability. Helps monitor GitOps synchronization health. | Provides per-node CPU, Memory, Disk, and Network statistics. Helps drill down into individual node resource utilization. |
📞 Contact & Further Information
This project represents a comprehensive, hands-on application of DevSecOps, GitOps, and SRE principles to deliver tangible business outcomes. It serves as a testament to my ability to architect, build, and operate modern cloud-native systems.
For further discussion about this project or to explore potential opportunities, please feel free to connect with me.
