Merge branch 'main' of https://github.com/KarimZakzouk/Graduation-Project-Devops

Author: karimzakzouk

Dockerfile

@@ -1,7 +1,25 @@
+FROM python:3.11-alpine3.17 AS builder
+
+WORKDIR /usr/src/app
+
+RUN apk add --no-cache --virtual .build-deps \
+    gcc musl-dev libffi-dev
+
+COPY requirements.txt .
+
+RUN pip install --no-cache-dir --prefix=/install -r requirements.txt
+
 FROM python:3.11-alpine3.17
-WORKDIR /usr/app
-COPY requirements.txt /usr/app/
-RUN pip install -r requirements.txt
+
+WORKDIR /usr/src/app
+
+RUN addgroup -S app && adduser -S app -G app
+USER app
+
+COPY --from=builder /install /usr/local
+
 COPY . .
+
 EXPOSE 3000
-CMD [ "python", "app.py" ]
+
+CMD ["python", "app.py"]

Terraform/modules/eks/main.tf

@@ -79,15 +79,17 @@ resource "aws_iam_role" "node" {
 resource "aws_iam_role_policy_attachment" "node_policy" {
   for_each = toset([
     "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
+    "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
     "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly",
-    "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+    "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
   ])
 
   policy_arn = each.value
   role       = aws_iam_role.node.name
 }
 
 
+
 resource "aws_eks_node_group" "main" {
   for_each        = var.node_groups
   cluster_name    = aws_eks_cluster.main.name

Terraform/terraform.tfvars

@@ -13,7 +13,7 @@ public_subnet_cidrs  = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
 cluster_name    = "solar-system-app-cluster"  # Changed from otel-cluster
 cluster_version = "1.30"
 
- 
+
 # Node Groups Configuration
 node_groups = {
   # Development/Testing - Small instances