Budget: 5000 UAH Deadline: 5 days
Good day, I am ready to start working on this order in the near future.
It is necessary to create infrastructure for an international platform based on Google Cloud.
There is a main global site with its own API.
There are regional resources (front - NextJS and back - NestJS), the clusters of which should be located in the geographical regions they operate in. When adding a new country/region, a separate cluster is created.
Technologies: Kubernetes, Nest JS, Next JS, React JS, MongoDB, Redis, Prometheus, Grafana, Helm, Terraform, GitHub.
Main tasks:
- Create and configure an environment for the development team for several regions
- Databases, clusters, pods, etc.
- Implement CI/CD (a single codebase is used for regional resources, which has configurations for different regions)
- It is necessary to ensure continuous deployment of the product to accelerate the development process
- Set up monitoring (Prometheus/Grafana)
- Configure Helm and Terraform for convenient scaling
- Connect Cloudflare and set up rules for anti DDoS.
Budget: 5000 UAH Deadline: 5 days
Good day, I am ready to start working on this order in the near future.
Budget: 5000 UAH Deadline: 5 days
Добрий вечір. Можу допомогти з автоматизацією розгортання та подальшою підтримкою у разі необхідності. Маю досвід роботи з Kubernetes, GCP, Terraform, Prometheus+Grafana та базами даних більше трьох років. Пропоную обговорити онлайн більш детально та визначитись із термінами та іншими моментами проекту.
Budget: 15000 UAH Deadline: 14 days
Good evening. I can help with this issue. The only thing that might take a bit of adjustment. But I think this time will be enough.
As part of enhancing the cybersecurity level of our infrastructure, we need to abandon the practice of storing "eternal" and static API keys, passwords, and integration tokens in the configuration files (.env, appsettings.json, config.yaml) of our microservices. Business Goal: Create a single secure storage point for confidential data (secrets) with a mechanism for their automatic updating (rotation) in external systems on a schedule. Our other services will request current tokens "on the fly" via API, which will minimize damage in case of compromise of any system component.Security Model and Encryption (Crypto Core) No secret should be stored in plaintext in the database. Upon application startup, a Master Key is passed to the environment variables. If the key is missing or has an invalid length, the service should fail at the initialization stage with a clear error in the logs. Each secret is encrypted before being written to the database using this Master Key. Upon request, it is decrypted in memory and returned in the response body.Audit Logging (Audit Trail) Any action with secrets (creation, reading by the service, successful or unsuccessful rotation) must be recorded in a separate log file audit.log (or a separate table in the database). Strict Taboo: It is strictly prohibited to record the actual values of secrets in the audit log (neither in plaintext nor in encrypted form).
We have a dedicated server on Hetzner with a website on Docker (+ Laravel framework) Contact with the developers has been lost Need to: - restore and change server access (probably SSH) - recommend a storage location and set up a full server backup with easy recovery, probably not on Hetzner for security - fix the logo that is not displaying for some reason (it's unclear why the file has become inaccessible) Important - there is no website backup, and there is no room for error. We will only consider experienced specialists.