Project case

About the project

We require a DevOps specialist to set up a production-ready web application infrastructure with microservices architecture and automate the deployment process.

Current state

We have an application consisting of four main components plus two databases:

Application components:

- Frontend: Next.js client

- Backend: NestJS server (main API)

- Bot: Python bot

- Microservice: NestJS microservice (works with Windows-specific software)

- Databases: MongoDB, Redis

Infrastructure:

- Server 1: Linux (for main application logic)

- Server 2: Windows (for microservice)

- CI/CD: Partially configured for Frontend, Backend, and microservice

- Container Registry: GitHub Container Registry

The CI/CD pipeline for the frontend, main server, and microservice is partially set up to automatically publish new image versions to GitHub Container Registry. A Dockerfile for the Python bot still needs to be created and integrated into the existing pipeline.

Main tasks

1. Complete containerization and CI/CD

Improve automation for building all components:

- Create a Dockerfile for the Python bot

- Update CI/CD pipeline to include the bot

- Ensure automatic publishing of all images

2. Kubernetes cluster setup

This is the main and most complex part of the work. A hybrid cluster with a special architecture must be deployed: the main application logic will be hosted on a Linux server, while the microservice must run on Windows because it interacts with software that exists only on Windows.

Key requirements:

- Automatic tracking of changes in Container Registry

- Automatic deployment of updated images

- Rolling updates for seamless updates

- Stable communication between Linux and Windows nodes

3. Distribution of components across nodes

Linux node:

- Frontend (Next.js)

- Backend (NestJS)

- Bot (Python)

- MongoDB

- Redis

Windows node:

- Microservice (NestJS)

- Windows-specific software

4. Security and network configuration

It is critically important to properly configure the network architecture. Users should only have access to the client application; all other components must be securely isolated.

Security requirements:

- Configure network policies and firewall rules

- Close all ports except necessary ones

- Provide access only to the Frontend application

- Set up the domain creonix.io with SSL certificates

5. Scaling and load balancing

It is desirable to set up horizontal scaling for applicable components with a load balancer to distribute the load. 

Important restriction: the microservice must run strictly in one instance, as the associated Windows program does not support parallel operation.

Requirements for the specialist

Mandatory skills:

- Experience with Kubernetes (including Windows nodes)

- Knowledge of Docker and containerization

- Experience configuring CI/CD pipelines

- Understanding of network security and firewall setup

- Experience with GitHub Actions or similar tools

Advantages:

- Experience working with MongoDB and Redis in Kubernetes

- Knowledge of Helm charts

- Experience setting up monitoring (Prometheus, Grafana)

- Understanding the specifics of hybrid Linux/Windows clusters

We especially value specialists who have already worked with hybrid clusters and understand the specifics of network interaction between Linux and Windows nodes.

Expected results

Ultimately, we want to achieve:

- Fully automated deployment system

- Secure and scalable infrastructure

- Application health monitoring system

- Detailed documentation for setup and maintenance

- Knowledge transfer to the team for ongoing support

Collaboration format

We consider consulting services with the possibility of remote work. Preferably, implementation should be phased with demonstration of intermediate results and weekly calls for synchronization.

It is important that the specialist is ready not only to implement the technical solution but also to explain the principles of operation to our team for subsequent independent maintenance of the system.