A comprehensive microservices architecture project designed for learning Kubernetes concepts in production-like environments. This project implements enterprise-grade security, multi-layered protection, and automated workflows.
- Development Environment: M2 Pro Mac (Code development)
- Kubernetes Cluster: M1 Mac with Rancher Desktop
- Production Access: Cloudflare tunnel + OAuth2 authentication
Internet → Cloudflare (DDoS/WAF) → Tunnel → macOS Firewall → SSH Port Forward → Rancher Desktop → Traefik → Applications
- Database: PostgreSQL 15 with multi-database setup
- Automation Platform: n8n with MCP support and OAuth2
- Ingress Controller: Traefik with security middleware
- Storage: Persistent volumes with local-path provisioner
- Security: NetworkPolicies, RBAC, and multi-layer protection
k8s-fullstack/
├── k8s/
│ ├── namespace.yaml # Resource namespacing
│ ├── database/ # PostgreSQL deployment
│ ├── n8n/ # n8n automation platform
│ ├── traefik/ # Ingress controller
│ ├── security/ # Security configurations
│ ├── backend/ # Future Go API services
│ └── frontend/ # Future React applications
├── docs/ # Documentation
├── scripts/ # Automation scripts
├── .local-test/ # Local development
└── environments/ # Environment-specific configs
- Pod Lifecycle Management: Health checks, restart policies, resource limits
- Service Discovery: ClusterIP, NodePort, and Ingress routing
- StatefulSets vs Deployments: Understanding stateful vs stateless applications
- Storage Management: PVCs, storage classes, and data persistence
- Network Policies: Inter-service communication and security isolation
- RBAC: Service accounts, roles, and security boundaries
- Cross-Namespace Communication: Service discovery with DNS
- Configuration Management: ConfigMaps, Secrets, and environment variables
- Load Balancing: kube-proxy mechanisms and traffic distribution
- Health Monitoring: Liveness and readiness probes
- Multi-Layer Security: Cloudflare → Firewall → SSH → K8s → Application
- OAuth2 Integration: Modern authentication with Google OAuth
- Network Isolation: NetworkPolicies for service segmentation
- Secret Management: Secure handling of credentials and API keys
- Kubernetes cluster (Rancher Desktop recommended)
- kubectl configured
- PostgreSQL client (optional, for testing)
# Create namespaces
kubectl apply -f k8s/namespace.yaml
# Deploy PostgreSQL database
kubectl apply -f k8s/database/kubectl apply -f k8s/traefik/kubectl apply -f k8s/n8n/kubectl apply -f k8s/security/- Cloudflare Protection: DDoS, WAF, and SSL/TLS termination
- System Firewall: macOS Application Firewall enabled
- SSH Tunnel: Encrypted port forwarding for secure access
- Network Policies: K8s-level service isolation
- OAuth2 Authentication: Google-based user authentication
- Remove insecure services
- Implement network isolation policies
- Enable system firewall protection
- Configure OAuth2 authentication
- Use HTTPS with secure cookies
- Implement RBAC for service accounts
- Setup Guide - Initial deployment instructions
- Security Guide - Complete security implementation
- Deployment Order Guide - Resource deployment sequence
- Troubleshooting - Common issues and solutions
This project serves as a learning platform for Kubernetes and microservices architecture with focus on:
- Infrastructure as Code: All configurations are version-controlled
- Security First: Multiple layers of protection and modern authentication
- Production Readiness: Real-world practices and enterprise patterns
- Documentation: Comprehensive guides for learning and reference
Project Focus: Learning Kubernetes through practical implementation of a secure, scalable microservices architecture.