How This Site Was Built

This site is a showcase of modern DevOps practices, running on Kubernetes with automated deployments, SSL certificates, and OAuth2 authentication.

Architecture Overview

The site runs as a containerized ASP.NET Core application deployed to a Kubernetes cluster. It leverages cloud-native patterns for scalability, reliability, and security.

Application Stack

  • .NET 8 - Modern, cross-platform framework for building web applications
  • ASP.NET Core MVC - Web framework for building the user interface
  • Bootstrap 5 - Responsive front-end framework for clean, mobile-friendly design
  • Docker - Containerization for consistent deployments across environments

Kubernetes Deployment

The application runs on K3s, a lightweight Kubernetes distribution, deployed on Oracle Cloud Infrastructure using ARM64 (aarch64) architecture for cost efficiency.

Key Components:

  • Deployment - Manages 2 replicas of the web application for high availability
  • Service - ClusterIP service exposing the application internally on port 80
  • Ingress - Traefik ingress controller routing external traffic to the service

Container Registry & CI/CD

Docker images are built for ARM64 architecture and stored in GitLab Container Registry. Kubernetes pulls these images using deploy tokens for secure authentication.

The deployment process involves:

  1. Building multi-stage Docker images optimized for size
  2. Pushing images to GitLab registry with proper tagging
  3. Kubernetes pulling the latest images automatically
  4. Rolling updates with zero downtime

SSL/TLS Certificates

The site uses cert-manager to automatically provision and renew SSL certificates from Let's Encrypt. This ensures all traffic is encrypted via HTTPS without manual certificate management.

Cert-manager handles:

  • Automatic certificate issuance via ACME protocol
  • HTTP-01 challenge validation
  • Certificate renewal before expiration
  • TLS secret management in Kubernetes

OAuth2 Proxy

For secure authentication, the site can be protected by oauth2-proxy, which provides:

  • Single sign-on (SSO) integration
  • Authentication via OAuth2 providers (Google, GitHub, etc.)
  • Authorization and access control
  • Session management

Ingress & Routing

Traefik serves as the ingress controller, handling:

  • HTTP to HTTPS redirection
  • Virtual host routing for nbucking.net and www.nbucking.net
  • TLS termination
  • Load balancing across pod replicas

Infrastructure

The entire stack runs on Oracle Cloud Infrastructure free tier, demonstrating how modern cloud-native applications can be built cost-effectively while maintaining enterprise-grade patterns.

Technologies Summary

Frontend & Application
  • ASP.NET Core 8 MVC
  • Bootstrap 5
  • jQuery
Infrastructure & DevOps
  • K3s Kubernetes
  • Docker
  • Traefik
  • cert-manager
  • oauth2-proxy
  • GitLab CI/CD

Source Code

The source code and Kubernetes manifests are managed in a private GitLab repository with proper version control and automated deployment pipelines.