Task 3
Make the app (more) secure
Level 1
- Deploy HashiCorp Vault
- Deploy outside or inside the cluster
- Store the database password in Vault and make it accessible directly to the app (i.e bypassing the creation of a Secret object)
- Gather the metrics from the app - set up proper metrics & monitoring system
Level 2
- Use the dynamic database secrets feature instead of static (KV) engine
- Create a dashboard with the metrics from the app
- Include the number of ready/running replicas
- Include the number of requests
- Ensure that the cluster is monitored and the necessary notifications are configured.
- Set up monitoring for the app
- Send an email notification when there are fewer than 3 ready instances
- Send an email notification when there is a Pod in Pending or CrashLoopbackOff state for more than 3 minutes
Level 3
- Ensure logs from the cluster and apps are stored and can be viewed
- Ensure that cluster events are archived and can be viewed