Data

Tools

Indexes

Applications

Experiments

Open Source Science

high-perf-secure-cloud-arch

https://github.com/oleksiijko/high-perf-secure-cloud-arch

Science Score: 57.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
    Found 2 DOI reference(s) in README
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (11.2%) to scientific vocabulary
Last synced: 7 months ago · JSON representation ·

Repository

Basic Info
  • Host: GitHub
  • Owner: oleksiijko
  • License: mit
  • Language: JavaScript
  • Default Branch: main
  • Size: 242 KB
Statistics
  • Stars: 1
  • Watchers: 0
  • Forks: 0
  • Open Issues: 0
  • Releases: 1
Created 10 months ago · Last pushed 10 months ago
Metadata Files
Readme License Citation

README.md

high-perf-secure-cloud-arch

CI

Current version: v1.0.1

This repository accompanies the article "Architectural Solutions for High-Performance Secure Cloud Applications". It demonstrates a simple microservices stack with infrastructure-as-code and load testing tools.

Requirements

  • Docker 20.x
  • Kubernetes 1.24+
  • Terraform 1.4+
  • Istio 1.15+
  • Node.js 18.x
  • AWS CLI v2 configured with a free-tier account
  • AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must be set for Terraform

Quick Start

Generate self-signed certificates

bash openssl req -x509 -newkey rsa:2048 -days 365 -nodes \ -keyout certs/server.key -out certs/server.crt -subj "/CN=localhost" cp certs/server.crt certs/ca.crt

Start microservices over HTTPS

bash docker compose up -d Each service uses mTLS with the certificates from certs/.

Build custom images

bash docker compose build

Run Tests

bash npm ci npm test GitHub Actions executes the same commands in .github/workflows/ci.yml. Metrics can be aggregated locally with: bash python3 scripts/aggregate_metrics.py python3 scripts/plot_metrics.py

Run Load Tests

```bash

run-tests

jmeter -n -t jmeter/microservices-test-plan.jmx ```

Tear Down Infrastructure

```bash

teardown

terraform -chdir=terraform destroy ```

Architecture Diagram

System Architecture

Terraform Usage

bash terraform -chdir=terraform init terraform -chdir=terraform apply This configuration provisions an EKS cluster with an Istio service mesh. mTLS is enabled between pods by default.

Generate Metrics and Graphs

After running load tests, aggregate logs and create graphs: bash python3 scripts/aggregate_metrics.py python3 scripts/plot_metrics.py

JMeter Example

Install JMeter via brew install jmeter or download it from the official archive. bash jmeter -n -t jmeter/microservices-test-plan.jmx

Kubernetes Manifests

Manifests for running the microservices on Kubernetes live in k8s/. They include Deployments, Services and an Ingress resource. Istio configuration under k8s/istio/ enables mutual TLS between the services. Network policies restrict traffic so only the frontend or other backends can reach the microservices.

To apply everything: bash kubectl apply -f k8s/ kubectl apply -f k8s/istio/

Troubleshooting

For debugging failed deployments in the kind cluster see docs/k8s-debugging.md.

Logs

Sample run data lives in logs/sample_run.csv for reference. Running python metrics.py generates reports/metrics_report.pdf.

Security

All API calls require a JWT via the Authorization header: http Authorization: Bearer <token> Tokens are verified with the dummy secret demo-secret. Payloads must contain a role claim used by the ABAC middleware. Example token payload: json { "sub": "123", "role": "admin" } IDS alerts are written to the service logs whenever a pattern like ' OR 1=1 appears in a request. Check logs/ for details.

Supplementary Material

Supplementary_S1.zip contains additional datasets.

Changelog

  • v1.0.1: removed inline code comments for clarity

License

Content is licensed under the MIT license.

DOI: https://doi.org/10.5281/zenodo.15746968

Owner

  • Name: Oleksii Bondar
  • Login: oleksiijko
  • Kind: user
  • Location: Miami, FL
  • Company: Cisco

Software Engineer with over 5 years of experience

Citation (CITATION.cff) 

cff-version: 1.2.0
title: high-perf-secure-cloud-arch
version: 1.0.0
doi: 10.5281/zenodo.xxxxxxx
authors:
  - family-names: Bondar
    given-names: Oleksii
year: 2025

GitHub Events

Total
  • Watch event: 1
  • Push event: 219
  • Pull request event: 81
  • Create event: 48
Last Year
  • Watch event: 1
  • Push event: 219
  • Pull request event: 81
  • Create event: 48

Dependencies

.github/workflows/baseline.yml actions
  • actions/checkout v4 composite
  • actions/upload-artifact v4 composite
  • engineerd/setup-kind v0.5.0 composite
.github/workflows/secure.yml actions
  • actions/checkout v4 composite
  • actions/upload-artifact v4 composite
  • azure/setup-kubectl v3 composite
  • engineerd/setup-kind v0.5.0 composite
src/account-svc/Dockerfile docker
  • gcr.io/distroless/nodejs18 latest build
  • node 18-bullseye-slim build
src/analytics-svc/Dockerfile docker
  • gcr.io/distroless/nodejs18 latest build
  • node 18-bullseye-slim build
src/auth-svc/Dockerfile docker
  • gcr.io/distroless/nodejs18 latest build
  • node 18-bullseye-slim build
src/content-svc/Dockerfile docker
  • gcr.io/distroless/nodejs18 latest build
  • node 18-bullseye-slim build
src/crypto-svc/Dockerfile docker
  • gcr.io/distroless/nodejs18 latest build
  • node 18-bullseye-slim build
src/ids-agent/Dockerfile docker
  • gcr.io/distroless/python3-debian12 latest build
  • python 3.12-slim build
src/monolith-svc/Dockerfile docker
  • node 20-slim build
package-lock.json npm
  • 302 dependencies
package.json npm
  • jest 29.7.0 development
  • supertest ^7.1.1 development
src/account-svc/package-lock.json npm
  • 109 dependencies
src/account-svc/package.json npm
  • express ^4.21.2
  • jsonwebtoken ^9.0.2
  • winston ^3.13.0
src/analytics-svc/package-lock.json npm
  • 440 dependencies
src/analytics-svc/package.json npm
  • @ioredis/commands ^1.2.0 development
  • jest ^30.0.0 development
  • supertest ^7.1.1 development
  • cluster-key-slot ^1.1.2
  • express ^4.21.2
  • ioredis ^5.6.1
  • jsonwebtoken ^9.0.2
  • lodash.defaults ^4.2.0
  • redis-errors ^1.2.0
  • standard-as-callback ^2.1.0
  • winston ^3.17.0
src/auth-svc/package-lock.json npm
  • accepts 1.3.8
  • array-flatten 1.1.1
  • body-parser 1.20.3
  • buffer-equal-constant-time 1.0.1
  • bytes 3.1.2
  • call-bind-apply-helpers 1.0.2
  • call-bound 1.0.4
  • content-disposition 0.5.4
  • content-type 1.0.5
  • cookie 0.7.1
  • cookie-signature 1.0.6
  • debug 2.6.9
  • depd 2.0.0
  • destroy 1.2.0
  • dunder-proto 1.0.1
  • ecdsa-sig-formatter 1.0.11
  • ee-first 1.1.1
  • encodeurl 2.0.0
  • encodeurl 1.0.2
  • es-define-property 1.0.1
  • es-errors 1.3.0
  • es-object-atoms 1.1.1
  • escape-html 1.0.3
  • etag 1.8.1
  • express 4.21.2
  • finalhandler 1.3.1
  • forwarded 0.2.0
  • fresh 0.5.2
  • function-bind 1.1.2
  • get-intrinsic 1.3.0
  • get-proto 1.0.1
  • gopd 1.2.0
  • has-symbols 1.1.0
  • hasown 2.0.2
  • http-errors 2.0.0
  • iconv-lite 0.4.24
  • inherits 2.0.4
  • ipaddr.js 1.9.1
  • jsonwebtoken 9.0.2
  • jwa 1.4.2
  • jws 3.2.2
  • lodash.includes 4.3.0
  • lodash.isboolean 3.0.3
  • lodash.isinteger 4.0.4
  • lodash.isnumber 3.0.3
  • lodash.isplainobject 4.0.6
  • lodash.isstring 4.0.1
  • lodash.once 4.1.1
  • math-intrinsics 1.1.0
  • media-typer 0.3.0
  • merge-descriptors 1.0.3
  • methods 1.1.2
  • mime 1.6.0
  • mime-db 1.52.0
  • mime-types 2.1.35
  • ms 2.1.3
  • ms 2.0.0
  • negotiator 0.6.3
  • object-inspect 1.13.4
  • on-finished 2.4.1
  • parseurl 1.3.3
  • path-to-regexp 0.1.12
  • proxy-addr 2.0.7
  • qs 6.13.0
  • range-parser 1.2.1
  • raw-body 2.5.2
  • safe-buffer 5.2.1
  • safer-buffer 2.1.2
  • semver 7.7.2
  • send 0.19.0
  • serve-static 1.16.2
  • setprototypeof 1.2.0
  • side-channel 1.1.0
  • side-channel-list 1.0.0
  • side-channel-map 1.0.1
  • side-channel-weakmap 1.0.2
  • statuses 2.0.1
  • toidentifier 1.0.1
  • type-is 1.6.18
  • unpipe 1.0.0
  • utils-merge 1.0.1
  • vary 1.1.2
src/auth-svc/package.json npm
  • express ^4.21.2
  • jsonwebtoken ^9.0.2
src/content-svc/package-lock.json npm
  • 109 dependencies
src/content-svc/package.json npm
  • express ^4.21.2
  • jsonwebtoken ^9.0.2
  • winston ^3.13.0
src/crypto-svc/package-lock.json npm
  • 109 dependencies
src/crypto-svc/package.json npm
  • express ^4.21.2
  • jsonwebtoken ^9.0.2
  • winston ^3.13.0
src/monolith-svc/package-lock.json npm
  • accepts 1.3.8
  • array-flatten 1.1.1
  • basic-auth 2.0.1
  • body-parser 1.20.3
  • bytes 3.1.2
  • call-bind-apply-helpers 1.0.2
  • call-bound 1.0.4
  • content-disposition 0.5.4
  • content-type 1.0.5
  • cookie 0.7.1
  • cookie-signature 1.0.6
  • debug 2.6.9
  • depd 2.0.0
  • destroy 1.2.0
  • dunder-proto 1.0.1
  • ee-first 1.1.1
  • encodeurl 1.0.2
  • encodeurl 2.0.0
  • es-define-property 1.0.1
  • es-errors 1.3.0
  • es-object-atoms 1.1.1
  • escape-html 1.0.3
  • etag 1.8.1
  • express 4.21.2
  • finalhandler 1.3.1
  • forwarded 0.2.0
  • fresh 0.5.2
  • function-bind 1.1.2
  • get-intrinsic 1.3.0
  • get-proto 1.0.1
  • gopd 1.2.0
  • has-symbols 1.1.0
  • hasown 2.0.2
  • http-errors 2.0.0
  • iconv-lite 0.4.24
  • inherits 2.0.4
  • ipaddr.js 1.9.1
  • math-intrinsics 1.1.0
  • media-typer 0.3.0
  • merge-descriptors 1.0.3
  • methods 1.1.2
  • mime 1.6.0
  • mime-db 1.52.0
  • mime-types 2.1.35
  • morgan 1.10.0
  • ms 2.1.3
  • ms 2.0.0
  • negotiator 0.6.3
  • object-inspect 1.13.4
  • on-finished 2.3.0
  • on-finished 2.4.1
  • on-headers 1.0.2
  • parseurl 1.3.3
  • path-to-regexp 0.1.12
  • proxy-addr 2.0.7
  • qs 6.13.0
  • range-parser 1.2.1
  • raw-body 2.5.2
  • safe-buffer 5.1.2
  • safe-buffer 5.2.1
  • safer-buffer 2.1.2
  • send 0.19.0
  • serve-static 1.16.2
  • setprototypeof 1.2.0
  • side-channel 1.1.0
  • side-channel-list 1.0.0
  • side-channel-map 1.0.1
  • side-channel-weakmap 1.0.2
  • statuses 2.0.1
  • toidentifier 1.0.1
  • type-is 1.6.18
  • unpipe 1.0.0
  • utils-merge 1.0.1
  • vary 1.1.2
src/monolith-svc/package.json npm
  • express ^4.21.2
  • morgan ^1.10.0
src/ids-agent/requirements.txt pypi
  • psutil ==5.9.8
  • requests ==2.32.2