A cloud-native Flask application containerized with Docker, deployed on Kubernetes, and integrated with monitoring, ingress routing, and CI/CD automation.
This project demonstrates a modern DevOps workflow for a containerized Python application running on Kubernetes.
It includes:
- Python Flask REST API
- Docker containerization
- Kubernetes deployment
- Namespace isolation
- NGINX Ingress routing
- GitHub Actions CI pipeline
- Docker image build automation
- Trivy vulnerability scanning
- AI-generated security review reporting
- Prometheus monitoring
- Grafana dashboards
- Custom application metrics
- Automated monitoring installation
- Python
- Flask
- Docker
- Kubernetes
- kind
- GitHub Actions
- Trivy
- Helm
- Prometheus
- Grafana
- NGINX Ingress
cloud-native-mini/
├── app/
│ ├── app.py
│ └── requirements.txt
├── k8s/
│ ├── namespace.yaml
│ ├── deployment.yaml
│ ├── service.yaml
│ ├── ingress.yaml
│ └── servicemonitor.yaml
├── monitoring/
│ └── grafana-dashboard.json
├── scripts/
│ ├── ai_review.py
│ └── install_monitoring.sh
├── .github/
│ └── workflows/
│ └── ci.yml
├── Dockerfile
├── deploy.sh
├── README.md
└── .gitignore
GET /
GET /health
GET /metrics{
"message": "Cloud Native Mini Project is running!",
"status": "success",
"version": "v1"
}Build the Docker image:
docker build -t cloud-native-mini:v2 .Run the container:
docker run -p 5000:5000 cloud-native-mini:v2Open:
http://localhost:5000
The application deployment process is automated with the deploy.sh script.
Run:
./deploy.shThis script automatically:
- Builds the Docker image
- Loads the Docker image into the kind cluster
- Applies Kubernetes manifests
- Restarts the Kubernetes deployment
- Waits for rollout completion
- Displays Kubernetes resources
Create a kind cluster:
kind create cluster --name cloud-mini-clusterRun the deployment script:
./deploy.shRun:
kubectl port-forward -n ingress-nginx service/ingress-nginx-controller 8080:80Access:
http://cloud-mini.local
Example request:
curl -H "Host: cloud-mini.local" http://localhost:8080The diagram below represents the current architecture of the project.
The architecture will continue evolving with future improvements such as:
- Helm Charts
- ArgoCD GitOps
- HPA Autoscaling
- Loki Logging
- Production Deployments
The GitHub Actions pipeline runs automatically on every push to the main branch.
Pipeline stages:
- Checkout repository
- Set up Python environment
- Install dependencies
- Validate Flask application syntax
- Build Docker image
- Run Trivy vulnerability scan
- Generate AI-assisted security review
- Upload AI review report artifact
This project uses Trivy to scan Docker images for vulnerabilities.
The scan checks for:
- CRITICAL vulnerabilities
- HIGH vulnerabilities
- Unfixed package issues
The pipeline includes a Python-based AI review script that generates a security analysis report based on vulnerability scan results.
Example report:
AI Security Review
==================
Analysis Result:
- No CRITICAL vulnerabilities detected.
- No HIGH severity vulnerabilities detected.
- Some MEDIUM and LOW vulnerabilities exist.
- Current container security posture is acceptable for development environments.
Recommendations:
- Keep base images updated regularly.
- Minimize unused packages.
- Run periodic vulnerability scans.
This project includes a monitoring stack based on Prometheus and Grafana.
- Prometheus → collects Kubernetes and application metrics
- Grafana → visualizes metrics using dashboards
- kube-prometheus-stack → production-ready monitoring stack
- Kubernetes cluster monitoring
- Node metrics
- Pod metrics
- Namespace monitoring
- Grafana dashboards
- Custom Flask metrics
- Automated monitoring installation
The Flask application exposes Prometheus metrics through:
/metrics
Example metric:
flask_app_requests_total
These metrics are collected by Prometheus and visualized through Grafana dashboards.
Run:
./scripts/install_monitoring.shThis script automatically:
- Creates the monitoring namespace
- Installs kube-prometheus-stack
- Deploys Prometheus and Grafana
- Displays monitoring pod status
- Provides Grafana access instructions
Run:
kubectl port-forward -n monitoring service/monitoring-grafana 3000:80Open:
http://localhost:3000
Grafana credentials are stored in Kubernetes secrets.
Included dashboards visualize:
- Kubernetes cluster metrics
- Namespace resource usage
- Pod resource usage
- HTTP request metrics
- Application monitoring
This project includes Helm chart support for Kubernetes deployments.
Deploy with Helm:
helm upgrade --install cloud-native-mini ./cloud-native-mini-chart -n cloud-miniThis project includes Horizontal Pod Autoscaler (HPA) support for Kubernetes deployments.
The HPA automatically scales Flask application pods based on CPU utilization.
Apply the HPA configuration:
kubectl apply -f k8s/hpa.yamlCheck HPA status:
kubectl get hpa -n cloud-miniThis monitoring setup demonstrates observability fundamentals in cloud-native environments.
It provides visibility into:
- Cluster health
- Pod resource usage
- Node metrics
- Application performance
- Request monitoring
This project was created as a practical DevOps / Cloud Engineering portfolio project.
It demonstrates how to:
- Build containerized applications
- Deploy applications on Kubernetes
- Configure ingress routing
- Monitor applications with Prometheus & Grafana
- Perform vulnerability scanning
- Automate CI/CD workflows
- Horizontal Pod Autoscaler (HPA)
- Loki centralized logging
- Production-grade Helm charts
- Multi-environment deployment strategy
- Terraform infrastructure provisioning
- GitOps deployment with ArgoCD
- Production-ready deployment pipeline
Mustafa Yucel