DEV Community: Joel Oguntoye

Deploying AWS Solution for a company's Websites

Joel Oguntoye — Sat, 13 Apr 2024 21:35:07 +0000

Objective:

Build a secure infrastructure in AWS VPC for a company that uses Wordpress CMS for its main company site and a tooling website for its DevOps team.
Reverse proxy technology with Nginx has been selected with the aim to improve security and performance.
Cost, reliability and scalability are the major considerations for the company, to make the infrastructure resilient to server failures, accomodate increased traffic and have reasonable cost.

Infrastructure:

Credits: Darey.io

Initial setup

Create a subaccount in AWS to manage all resources for the company's AWS solution and assign any appropriate name e.g 'DevOps'
From the root account, create an organization unit (OU) and move the subaccount into the OU. We will launch Dev resources in the subaccount

Create a domain name for the company website on domain name providers. You can obtain a free domain name from freenom website
Create a hosted zone in AWS and map the hosted zone name servers to the domain name.

Setup a Virtual Private Cloud on AWS

Create a VPC
Create subnets (public and private subnets) as shown in the architecture. The subnets Ips are CIDR IPs. We can use utility sites like IPinfo.io to see the range of IP addresses associated with each subnet.

Create private and public route tables and associate it with with the private and public subnets respectively

Edit a route in public route table, and associate it with the Internet Gateway. This allows the public subnet to access the internet

Create a NAT gateway and assign an elastic IP to it. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.

Create security groups for:
- Nginx servers: To allow access to from external application load balancer to the Nginx server
- Bastion servers: Access to the Bastion servers should be allowed only from workstations that need to SSH into the bastion servers.
- External Load Balancer: The external application load balancer will be accessible from the internet
- Internal load balancer: The internal load balancer will allow https and http access from the Nginx server and SSH access from the bastion server
- Web servers: The webservers will allow https and http access from the internal load balancer and SSH access from the bastion server
- Data layer security group: The access to the data layer for the appliation (consisting of both the Amazon RDS storage and Amazon EFS as shown in the architecture), will consist of webserver access to the RDS storage and both webserver and Nginx access to the Amazon EFS file system.

Create a SSL/TLS certificate using Amazon Certificate Manager (ACM) to be used by the external and internal Application Load balancers (ALB)

Create a wild card SSL/TLS certificate to be used when creating the external ALB. We want to ensure connection to the external ALB is secured and data sent over the internet is encrypted. Since the external ALB will listen for client requests to both the tooling webserver and the wordpress server, we'll create a wild card TLS certificate. Select DNS validation

Create Amazon EFS

Create Amazon Elastic file System (EFS) to be used by the web servers for files storage. The mount targets to be specified fot the elastic file system will be the subnets for the webservers. Specifying the mount targets makes the EFS storage available to the webservers

Also, we specify access points on the EFS we created for the web servers. Amazon EFS access points are application-specific entry points into a shared file system. In this project, we create two access points on the EFS one for each web servers, each with its own root directory path specified. Set the POSIX user and user group ID to root user and the root directory path to /wordpress and /tooling respectively. - The root directory creation permission is set to 0755 to allow read write permissions on the file system by the clients

Create KMS key to be used for RDS

Next, navigate to AWS KMS page to create a cryptographic key to be used to secure the MySQL relational database for the project.
Create a symmetric key
Set the admin user for the key. You can leave the 'key usage permission' with the default settings

Create DB subnet group

A DB subnet group is a collection of subnets (typically private) that you create for a VPC and that you then designate for your DB instances.
From project architecture, specify the appropriate private subnets (private subnet 3 and 4) for the DB.

Create AWS RDS

Select MySQL engine for the RDS
Select Dev/Test template. This is an expensive service. For this purpose of this project we can still use free tier template, however, we will not be able to encrypt the database using the KMS key we created.
set the DB name
Set master username and password
Select the VPC for the DB
Ensure the DB is not publicly accessible
Select the appropriate security group for the DB
set the initial database name

Create compute resources

#### Setup compute resources for Nginx

provision EC2 instance for Nginx

Install the following packages

epel-release
python
htop
ntp
net-tools
vim
wget
telnet

We also need to install a self signed SSL certificate on the Nginx AMI. The Nginx AMI will be attached to a target group that uses HTTPs protocol and health checks. The load balancer establishes TLS connections with the targets using certificates that you install on the targets
Nginx instance installations:

  yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
  yum install -y dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm
  yum install wget vim python3 telnet htop git mysql net-tools chrony -y
  systemctl start chronyd
  systemctl enable chronyd

  #configure SELinux policies
  setsebool -P httpd_can_network_connect=1
  setsebool -P httpd_can_network_connect_db=1
  setsebool -P httpd_execmem=1
  setsebool -P httpd_use_nfs 1

  #install Amazon efs client utils
  git clone https://github.com/aws/efs-utils
  cd efs-utils
  yum install -y make
  yum install -y rpm-build
  make rpm 
  yum install -y  ./build/amazon-efs-utils*rpm

  #setup self-signed certificate for the Nginx AMI
  sudo mkdir /etc/ssl/private
  sudo chmod 700 /etc/ssl/private
  openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/kiff.key -out /etc/ssl/certs/kiff.crt
  sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

We will reference the SSL key and cert in the Nginx Reverse.conf configuration file. Also we will specify host header in the config file to forward traffic to the tooling server.

Nginx reverse.conf file

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;


    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

     server {
        listen       80;
        listen       443 http2 ssl;
        listen       [::]:443 http2 ssl;
        root          /var/www/html;
        server_name  *.kiff-web.space;


        ssl_certificate /etc/ssl/certs/kiff.crt;
        ssl_certificate_key /etc/ssl/private/kiff.key;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;



        location /healthstatus {
        access_log off;
        return 200;
       }


        location / {
            proxy_set_header             Host $host;
            proxy_pass                   https://internal-Kiff-internal-ALB-1756005909.eu-west-3.elb.amazonaws.com/; 
           }
    }
}

We perform the above installations on the EC2 instance for the AMI step by step instead of adding them all to the launch template's user data, to reduce to size of
the user data
Create an AMI from the instance
Create a Nginx target group of Instance type. Targets in the Nginx target groups will be accessed by the external Load balancer.
Prepare a launch template from the AMI instance
From EC2 Console, click Launch Templates from the left pane
- Choose the Nginx AMI
- Select the instance type (t2.micro)
- Select the key pair
- Select the security group
- Add resource tags
- Click Advanced details, scroll down to the end and configure the user data script to update the yum repo and install nginx. The userdata for Nginx:

   #!/bin/bash
   yum install -y nginx
   systemctl start nginx
   systemctl enable nginx
   git clone https://github.com/joeloguntoyeACS-project-config.git
   mv /ACS-project-config/reverse.conf /etc/nginx/
   mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf-distro
   cd /etc/nginx/
   touch nginx.conf
   sed -n 'w nginx.conf' reverse.conf
   systemctl restart nginx
   rm -rf reverse.conf
   rm -rf /ACS-project-config

Setup compute resources for Bastion server

Provision EC2 instance for Bastion server
Bastion instance installations:

yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm 
yum install -y dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm 
yum install wget vim python3 telnet htop git mysql net-tools chrony -y
systemctl start chronyd
systemctl enable chronyd

Connect to the RDS from the Bastion server and create DBs named toolingdb and wordpressdb for the two webservers

SSH into the RDS instance

eval `ssh-agent`
ssh-add project-key.pem
ssh -A ec2-user@ip_address
mysql -h <RDS_endpoint> -u <username> -p 
>>create database wordpressdb;
>>create database toolingdb;

Setup compute resources for web server

Provision EC2 instance for web servers
Web server installations:

yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
yum install -y dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm
yum install wget vim python3 telnet htop git mysql net-tools chrony -y
systemctl start chronyd
systemctl enable chronyd

#configure SELinux policies
setsebool -P httpd_can_network_connect=1
setsebool -P httpd_can_network_connect_db=1
setsebool -P httpd_execmem=1
setsebool -P httpd_use_nfs 1

#install Amazon EFS client utils for mounting the targets on the EFS
git clone https://github.com/aws/efs-utils
cd efs-utils
yum install -y make
yum install -y rpm-build
make rpm 
yum install -y  ./build/amazon-efs-utils*rpm

#setup self-signed certificate for apache server
yum install -y mod_ssl
openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/kiff-web.key -x509 -days 365 -out /etc/pki/tls/certs/kiff-web.crt

# edit the ssl.conf file to specify the part to the certificate and the key
vi /etc/httpd/conf.d/ssl.conf

Create an AMI from the instance
We will create two launch templates from this AMI, one each for the wordpress server and the tooling server. The launch templates will differ in the user data for each server. The launch tmeplate
Configure user data for the worpress launch template:

#!/bin/bash
mkdir /var/www/
sudo mount -t efs -o tls,accesspoint=fsap-0f9364679383ffbc0 fs-8b501d3f:/ /var/www/
yum install -y httpd 
systemctl start httpd
systemctl enable httpd
yum module reset php -y
yum module enable php:remi-7.4 -y
yum install -y php php-common php-mbstring php-opcache php-intl php-xml php-gd php-curl php-mysqlnd php-fpm php-json
systemctl start php-fpm
systemctl enable php-fpm
wget http://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz
rm -rf latest.tar.gz
cp wordpress/wp-config-sample.php wordpress/wp-config.php
mkdir /var/www/html/
cp -R /wordpress/* /var/www/html/
cd /var/www/html/
touch healthstatus
sed -i "s/localhost/kiff-database.cdqtynjthv7.eu-west-3.rds.amazonaws.com/g" wp-config.php 
sed -i "s/username_here/Kiffadmin/g" wp-config.php 
sed -i "s/password_here/admin12345/g" wp-config.php 
sed -i "s/database_name_here/wordpressdb/g" wp-config.php 
chcon -t httpd_sys_rw_content_t /var/www/html/ -R
systemctl restart httpd

Configure user data for tooling launch template:

#!/bin/bash
mkdir /var/www/
sudo mount -t efs -o tls,accesspoint=fsap-01c13a4019ca59dbe fs-8b501d3f:/ /var/www/
yum install -y httpd 
systemctl start httpd
systemctl enable httpd
yum module reset php -y
yum module enable php:remi-7.4 -y
yum install -y php php-common php-mbstring php-opcache php-intl php-xml php-gd php-curl php-mysqlnd php-fpm php-json
systemctl start php-fpm
systemctl enable php-fpm
git clone https://github.com/Livingstone95/tooling-1.git
mkdir /var/www/html
cp -R /tooling-1/html/*  /var/www/html/
cd /tooling-1
mysql -h kiff-db.cdqpbjkethv0.us-east-1.rds.amazonaws.com -u kiffAdmin -p toolingdb < tooling-db.sql
cd /var/www/html/
touch healthstatus
sed -i "s/$db = mysqli_connect('mysql.tooling.svc.cluster.local', 'admin', 'admin', 'tooling');/$db = mysqli_connect('kiff-db.cdqpbjkethv0.us-east-1.rds.amazonaws.com ', 'kiffAdmin', 'admin12345', 'toolingdb');/g" functions.php
chcon -t httpd_sys_rw_content_t /var/www/html/ -R
systemctl restart httpd

Target group IMG:

Create load balancers (the external load balancer and the internal load balancer)

Create external load balancer.
- Assign at least two public subnets
- set protocol as HTTPs on port 443
- Register the Nginx target group for the external load balancer
- select the security group for the external load balancer
- set path for healthchecks as /healthstatus
Create the internal load balancer
- Assign at least two private subnets
- set protocol as HTTPs on port 443
- select the security group for the internal load balancer
- set path for healthchecks as /healthstatus
- Register the wordpress target group as the default target for the internal load balancer
- Configure a listener rule to allow the internal load balancer forward traffic to the tooling target group based on the rule set.
- Since we'll configure host header in our Nginx reverse proxy server, we will specify the listener rule on the ALB to forward traffic to the tooling target if the host header is the domain name : tooling.kiff-web.space

Create Autoscaling groups for the launch templates (Bastion, Nginx, tooling and wordpress servers)

Configure Autoscaling for Nginx
- Select the right launch template
- Select the VPC
- Select both public subnets
- Enable Application Load Balancer for the AutoScalingGroup (ASG)
- Select the Nginx target you created before
- Ensure that you have health checks for both EC2 and ALB
- The desired capacity is 2
- Minimum capacity is 2
- Maximum capacity is 4
- Set scale out if CPU utilization reaches 90%
- Ensure there is an SNS topic to send scaling notifications
Configure Autoscaling For Bastion
- Select the right launch template
- Select the VPC
- Select both public subnets
- Select No load balancer for bastion Autoscaling group, since the Bastion server is not targeted by any load balancer
- Set scale out if CPU utilization reaches 90%
- Enable health checks
- The desired capacity is 2
- Set Minimum capacity to 2
- Maximum capacity to 4
- Ensure there is an SNS topic to send scaling notifications

Configure Autoscaling group for tooling and wordpress webserver
- Select the right launch template
- Select the VPC
- Select both private subnets 1 and 2
- Enable Application Load Balancer for the AutoScalingGroup (ASG)
- Select the target groups you created before
- Ensure that you have health checks for both EC2 and ALB
- The desired capacity is 2
- Minimum capacity is 2
- Maximum capacity is 4
- Set scale out if CPU utilization reaches 90%
- Ensure there is an SNS topic to send scaling notifications

Create A Records in the Route 53 hosted zone

We need to ensure that the main domain for the WordPress website can be reached, and the subdomain for Tooling website can also be reached using a browser.
create A record for tooling and wordpress
- set record type to 'A-Routes to a IPV4 address'
- Set Route Traffic to 'Alias to application load balancer and classic load balancer'
- Set the load balancer

Healthchecks status for wordpress targets:

Accessing the tooling and wordpress servers:

Note:

Ensure that SELinux policies are properly configured on the server instances.
Ensure you delete all the resources you created to avoid accumulating charges.

A Cloud Resume Challenge : A cloud engineer's journey to 'living in the cloud' - Part 1

Joel Oguntoye — Thu, 29 Sep 2022 14:03:48 +0000

TL:DR - This article is part of a series of articles that focus on my learning points from working on 'A Cloud Resume Challenge' by Forrest Brazeal. A multi-faceted projects for building competency as a cloud engineer. This first part is about setting up AWS accounts using cloudFormation templates.

Introduction

The end product of the Challenge is your resume presented as a website accessible by any one on the internet. In essence, your resume lives in the cloud.

I chose to use the AWS edition of the challenge(There's the Azure edition and also the Google edition). I already have experience working with AWS and thought it will be a good way to get more experience with AWS services.

Setting up AWS accounts

In typical work scenarios, you'll have several work environments, e.g. dev, QA, SIT, prod environments
The recommended best practice is to create separate AWS accounts for the different environments. This way, you create separate of concerns and reduce the blast radius of changes you make.
Also, you can simply delete an AWS account once done with it to prevent inadvertently accruing costs for resources that are no longer needed.
In this project, I used org-formation template to easily set up AWS organization and AWS accounts within organization units. (This article explains the advantage of using templates to quickly create accounts with cloudFormation templates)

Screenshot of CloudFormation template for creating AWS organization, OU, and accounts.

In part 2 of this series, I'll focus on setting up a stati website on S3 and importing infrastructure created in the AWS console into Terraform management. Its the DevOps way, so we have to get started with automation.

What is DevOps? How do I get started?

Joel Oguntoye — Sun, 28 Aug 2022 19:06:58 +0000

TL:DR - DevOps is about delivering software to customers fast and reliably. DevOps is actually a cultural philosophy or approach to software delivery, however the term DevOps engineer is often applied to persons who help enable the practice in a software team.

DevOps - Development + Operation
What's that?
To understand what DevOps is, we need to understand how software was delivered to users before DevOps become a thing.

Software developers (Dev team) write code based on user requirements gathered from users or based on business requirements. Then they hand over the finished software to the Operations team (Ops team).
The Ops team's job is to make the written software available to the users of the software. Ops team would deploy the software on either on-premise or cloud servers (a server owned by someone who offers servers for rent).

This approach to software delivery is often called waterfall. The Dev team must complete all requirements before delivering to Ops. Hence, it may take months before the software becomes available. - - Also, if there are any changes in user requirements while development is ongoing, it is often difficult to include in the current cycle. New requirements would have to wait...till the next changes could be planned.

The Dev team may also include a feature for which Ops does not have the infrastructure to run it on. The teams end up working in silos, not knowing what the other is doing...blames get pushed around as to why a product is failing or not available to customers.
This was the world before DevOps...
Enter DevOps...
DevOps started as a way to solve the problems associated with traditional methods of software delivery. Can software be released faster, updates available even several times a day, and millions of users supported all at once (scalability)?
To enable the kind of software delivery desired, Google started what was called Site Reliability Engineering-SRE (circa 2003) (See ebooks) eventually evolving into DevOps and SRE roles becoming clearly defined roles in the software industry. The goal was to ensure both Dev and Ops teams work together more seamlessly while delivering quality and reliable software

What does DevOps involve today?
While DevOps is called a philosophy or approach to software delivery, software teams today must use different tools and technologies to enable this practice. The major concepts in DevOps practice today include:

CI/CD (Continuous Integration and Continuous Delivery/Deployment)
Software Configuration and Automation
Cloud infrastructure services
Containerization and Container Orchestration
Monitoring and Alerting

CI/CD - Continuous Integration and Continuous Delivery/Deployment

Often several developers work on the same piece of software. How do they collaborate effectively, avoid code conflicts, ensure that bug-free code gets released (A.K.A testing), and deploy the software to the infrastructure on which it is accessed by users? They use a continuous integration and Continuous delivery pipeline.
A well-written article here on Kodekloud does a good job breaking down what a CICD pipeline is.
Popular tools used to create CI/CD pipelines - Jenkins, Github actions, Gitlab, CircleCI

Automation

Setting up the infrastructure on which your application runs on manually one at a time may not be a problem when you have a few servers. But if you have several hundred or thousands of servers to deploy and configure, you definitely need a way to automate repeatable processes. Also, while cloud providers like AWS and Azure allow you to create infrastructure using a GUI or console, using a console is not practical for large-scale infrastructure. Hence, you need a way to automate infrastructure provisioning with code. Also, each server you deploy may need certain software already configured on it for your application to use.
Popular tools for Automating infrastructure provisioning : Terraform (most popular), AWS cloudFormation, Pulumi
Popular tools for Software configuration management: Ansible, Chef, Puppet

Cloud infrastructure services

AWS, Azure, and Google cloud are popular cloud services. These providers give you access to servers, and many other services that you need to deploy your applications. DevOps engineers work with these services all the time. While learning DevOps, you could start with one cloud provider and later learn how to use others as they all offer similar services.

Containerization and Container Orchestration technologies

Applications are great when they can run reliably on any underlying infrastructure with limited worries about dependencies. But in the early days, a common problem with software delivery is the well-known phrase : "It works on my machine but doesn't work on yours". To overcome this challenge, containerization technologies were developed to have applications packaged into units called containers so they can run on any Operating system (Linux, windows MacOS) or environment.
Popular containerization and container orchestration tools: Docker, Kubernetes

Monitoring and Alerting
Your software is running smoothly...but how do you know if there is a sudden failure and users can no longer access your application? How do you monitor traffic? How do you quickly recover from failures? Think Netflix going down for several days, or your bank app going down for a 5 hours...it's the the SRE team's nightmare. To detect issues and respond to them immediately, you need to monitor your application. The metrics gathered can inform business decisions, plans for maintenance outages, and security concerns. DevOps and SRE teams often use these metrics to measure their performance. Its all about feedback as soon as possible.

Common tools for Monitoring and alerting: AWS CloudWatch, Promotheus, Grafana, ELK stack

How does one break into DevOps?

An intermediate level skill with a general programming language. Personally, I'll recommend Python, or Golang. Free resources to use: Freecodecamp python course, CodeCademy, w3schools
Learn about general computer networking. How the internet works, DNS etc
Learn about Linux OS. The cloud runs on Linux. Kodekloud.com is a great place to start with their DevOps prerequisite course and Linux basic course
Learn Ansible.
Pick up a cloud provider and learn about their services. Work on labs and do a cloud certification. e.g AWS cloud Solutions Architect Associate. Acloudguru, learn.cantrill.io, are good platforms for learning
Learn Terraform. Derek Morgan's course is a great resource
If possible, sign up for a DevOps bootcamp. e.g techworldwithnana, Darey.io. You get to work on projects, build a portfolio you can show recruiters.
Learn and practice Docker and Kubernetes using kodekloud.com
Document your projects on Github. Talk about your projects
Network on LinkedIn, apply to roles.

So far, we have considered what DevOps is all about and the skills you need to have. Perhaps, you are wondering, 'How long will this take to learn? (I get...You want to land a role as soon as possible), 'How can I land my first role?' 'What strategies can I use to get a foot through the door and break into DevOps roles?'.
To answer those questions, check out this nicely written article by Stuart Burns - How to Become a DevOps Engineer in Six Months. It is a detailed article explaining what path to take to become DevOps and what skills are best to learn at the beginning. You can also find tips on how to get a DevOps job in for example, how to structure your resume.

DevOps is still a growing field. Much changes coming up, many more businesses adopting DevOps practice, hence a growing need for more DevOps engineers. So, Keep learning, keep building and have fun doing it.

More resources: roadmap

Embracing errors and bug fixes as part of your projects (Yes you did not fail … unless you stop)

Joel Oguntoye — Fri, 19 Mar 2021 07:28:38 +0000

One of the reasons many take time to learn programming is they are learning alone. If you check the stats…most self-taught programmers take longer to become proficient enough to get a job. It’s faster if you have a personal mentor. That being said, learning to work your way through bugs is a vital skill every developer needs.

So you’ve started working on that project that you think will help you build your skills (and yes they do help you learn faster than watching tutorials). Perhaps you got the project ideas from a suggested project online, or you thought of a problem you’d like to solve. You excitedly started you project and set a timeline of when you will build features (Or perhaps the estimated time to complete the project was suggested for you). All too soon the reality dawns on you, you just can’t keep up with your schedule. You ran into build failures from your very first build after creating a new project even before writing any line of code. (Yeah, we’ve all been there). But the positive side is you learn from your error and may be moved to research deeper into things. Let me give an example.

I published some personal projects (android apps) to Google Play Store sometimes last year and the learning curve was phenomenal. But the major learning points came from bug fixes. I decided to build a Travel app and use Trip Advisor API for getting places data. Yes, you guessed it, I had to fix several bugs along the way as I tried to implement concepts I had learnt like dependency injection with Dagger and UI testing with Espresso.

After a month and a half of labor and toil (..wipes sweats), I thought I was ready to publish the app (Yeepee!!). But as expected came upon a new issue I could not have known about if I did not publish the app…Make way for Proguard and R8.
What’s that??
According to the developers' guide:
“To make your app as small as possible, you should enable
shrinking in your release build to remove unused code and
resources. When enabling shrinking, you also benefit from
obfuscation, which shortens the names of your app’s classes and
members, and optimization, which applies more aggressive
strategies to further reduce the size of your app.”
In short...Android studio uses Proguard (now replaced by R8) to remove unused code from your project, thus reducing the size of your app. Also, it does code obfuscation, which shortens the names of classes in your app.
So what happened to my project?
Proguard was removing useful classes from my project’s release build. When I published the app, the release build kept failing even tho’ the debug build worked fine.
Long story short, I had to modify the proguard rules file. ( I had never worked with that file before then).
So if you’re following the suggestion to build projects to learn, expect that most times things don’t go as planned, but embrace it as part of the process
If you want more to learn more about Proguard and R8, check out the developers guide here
Speaking of project ideas to work on..check out DevProjects by Codementor.io .
Also check out my projects on Github