Overview
Project: End-to-End DevSecOps Project (Movies Finder)
Overview While the visible application is a React-based Movie Finder (consuming TMDB API), this project serves as a comprehensive proof-of-concept for a production-grade DevSecOps lifecycle. It demonstrates the automated delivery of a secure, tested, and monitored web application onto a baremetal Kubernetes cluster using GitOps principles.
Goal To architect a "Zero-Touch" delivery pipeline that automates the build, testing, security scanning, and deployment processes, ensuring that only high-quality, secure code reaches production without manual intervention.
Tech Stack & Tools
Infrastructure & GitOps: Kubernetes, Docker, Helm, ArgoCD, Baremetal Homelab
CI/CD & Release: GitLab CI/CD, Release-it, Commitizen, Husky, Lint-Staged
Observability Stack: OpenTelemetry, Prometheus, Grafana, Alloy, Alertmanager, Slack
Security (DevSecOps): Trivy, OWASP ZAP, Gitleaks, Sealed-Secrets, Syft (SBOM)
Testing & QA: Playwright (E2E), Vitest (Unit), SonarCloud
Key Results & Achievements
Optimized Release Cycle: Automated the entire delivery chain, reducing deployment turnaround time by 50% (from 40m to 20m) while adding comprehensive testing and security stages.
360° Observability: Implemented the "Grafana Alloy" & OpenTelemetry stack to correlate metrics and logs, providing real-time performance monitoring and instant Slack alerts for node resource exhaustion.
Automated Compliance Gates: Shifted security left by integrating Trivy (container scanning) and Dependency Checkinto the CI pipeline, automatically blocking builds with critical CVEs.
Zero-Downtime Deployment: Leveraged ArgoCD to manage state drift and ensure seamless application updates via GitOps.
Check full article: https://cheulongsear.dev/projects/deploying-movies-finder
Leave a comment if you have any questions.
===========
Please keep in touch
Portfolio
Linkedin
Github
Youtube
Top comments (0)