Welcome to the repository for the Modern Container Application Reference Architecture. This repository contains a comprehensive guide and reference architecture for building scalable, portable, resilient, and agile containerized applications.
The project aims to create a multi-cloud environment that leverages containers for deploying modern applications. The key objective is to set up a unified authentication system using OIDC via Auth0 by Okta for AWS, GCP, Azure, GitHub, and Grafana Cloud.
In this first phase, we focus on implementing OpenID Connect (OIDC) login functionality for the following platforms:
| Component | Description | Tools/Technologies |
|---|---|---|
| 1. LDP (Login Delegation Protocol) | Centralized authentication and Single Sign-On (SSO) using Auth0 by Okta for various platforms. | Auth0 by Okta, OIDC |
| 2. IaC (Infrastructure as Code) | Infrastructure management and provisioning using automated tools. | Terraform, Pulumi |
| 3. Monitoring | Comprehensive observability and monitoring for the application, including system metrics, network, and performance. | Grafana Cloud, Prometheus, DeepFlow, ClickHouse |
| 4. Git Repository | Version control and source code management for the project. | GitHub |
| 5. CI/CD (Continuous Integration/Delivery) | Automated build, test, and deployment pipelines. | GitHub Actions |
| Name | Domain | Version | Deploy | Docker Compose | Chart | CI/CD |
|---|---|---|---|---|---|---|
| 1. Keycloak | keycloak.onwalk.net | 26.0 | Docker | Yes | Yes | GitHub Actions |
| 2. Harbor | images.onwalk.net | 2.12 | Docker | Yes | Yes | GitHub Actions |
| 3. ChartMuseum | charts.onwalk.net | 0.14.0 | Docker | Yes | Yes | GitHub Actions |
| 4. Vault | vault.onwalk.net | 1.15 | Docker | Yes | Yes | GitHub Actions |
| 5. Nginx/OSS | mirrors.onwalk.net | 1.21 | Kubernetes | Yes | Yes | GitHub Actions |
| Name | Domain | **Version | Deploy | Docker Compose** | Chart | CI/CD |
|---|---|---|---|---|---|---|
| 5. OpenIPA | freeipa.onwalk.net | 4.10 | Kubernetes, Docker, BareMetal | Yes | Yes | GitHub Actions |
| 1. PostgreSQL | db.onwalk.net | 16.0 | Kubernetes, Docker | Yes | Yes | GitHub Actions |
| 8. Prometheus | monitoring.onwalk.net | 2.35 | Kubernetes, Docker | Yes | Yes | GitHub Actions |
| 9. Grafana | monitoring.onwalk.net | 8.4 | Kubernetes, Docker | Yes | Yes | GitHub Actions |
| 10. Consul | consul.onwalk.net | 1.12 | Kubernetes, Docker | Yes | Yes | GitHub Actions |
| 12. Jenkins | jenkins.onwalk.net | 2.319 | Kubernetes, Docker | Yes | Yes | GitHub Actions |
| 13. GitLab | gitlab.onwalk.net | 15.5 | Kubernetes, Docker | Yes | Yes | GitHub Actions |
| 14. MinIO | minio.onwalk.net | 2023.2.0 | Kubernetes, Docker | Yes | Yes | GitHub Actions |
- Set up Auth0 by Okta as the identity provider to enable OpenID Connect (OIDC) login for multiple platforms:
- AWS, GCP, Azure, GitHub, Grafana Cloud
- OIDC allows secure Single Sign-On (SSO) across all these platforms.
- For more details, refer to Platform-Specific OIDC Setup Docs.
- Infrastructure for AWS, GCP, and Azure is provisioned using Terraform and Pulumi scripts.
- These scripts allow easy and reproducible deployment and management of cloud resources.
- See the
iac/folder for the setup files.
- Monitoring stack includes:
- Prometheus for metrics collection.
- DeepFlow for network and system observability.
- ClickHouse for storing and querying large amounts of observability data.
- Grafana Cloud for visualizing all collected metrics and logs.
- Configuration files for monitoring tools can be found in the
monitoring/folder.
- All project code, infrastructure configurations, and documentation are managed within this GitHub repository.
- GitHub also integrates with GitHub Actions for CI/CD.
- Automated CI/CD pipeline is set up using GitHub Actions to ensure continuous integration and deployment.
- Pipelines handle code testing, building, and multi-cloud deployments for platforms like AWS, GCP, and Azure.
- YAML workflow files for GitHub Actions can be found in the
.github/workflows/directory.
For detailed instructions on configuring each platform, see:
- Set up Auth0 by Okta for OIDC
- Configure OIDC login for AWS
- Configure OIDC login for GCP
- Configure OIDC login for Azure
- Configure OIDC login for GitHub
- Configure OIDC login for Grafana Cloud
- Test and validate OIDC logins
- Set up Auth0 by Okta as the identity provider for OIDC authentication.
- Configure OIDC login for AWS.
- Configure OIDC login for GCP.
- Configure OIDC login for Azure.
- Configure OIDC login for GitHub.
- Configure OIDC login for Grafana Cloud.
- Test and validate login workflows across all platforms.
For more detailed information, please refer to the documentation available in two languages:
git submodule add --force https://github.com/svc-design/ansible.git git submodule add --force https://github.com/svc-design/iac_modules.git git submodule init git submodule update
Follow the links above to the documentation in your preferred language to get started with using this reference architecture.
We welcome contributions to this project. If you have suggestions, improvements, or find any issues, feel free to submit a pull request.
This project is released under the GPL V3 license. For more details, see the LICENSE file.