This repository contains the WebApp Team's application deployment infrastructure following ISO 27001, SOC 2 Type II, and GDPR compliance requirements.
webapp-team-app/
├── .github/workflows/ # GitOps CI/CD workflows for application
├── k8s-manifests/ # Kubernetes application manifests
├── k8s-infra/ # Team-managed infrastructure (RBAC, quotas)
├── configs/ # Environment-specific configurations
├── clouddeploy.yaml # Cloud Deploy pipeline configuration
├── skaffold.yaml # Application build and deploy
├── app.js # Sample application code
├── Dockerfile # Container image definition
└── README.md # This file
Infrastructure as Code is managed separately at: webapp-team-infrastructure
This includes:
- Terraform configuration for the tenant project
- GitOps workflows with Slack approval
- Kubernetes namespace and RBAC setup
- Infrastructure compliance automation
- A.12.1.2 Change management via GitOps workflows
- A.9.4.1 Access restriction through RBAC
- A.12.4.1 Comprehensive audit logging
- A.12.6.1 Vulnerability scanning via Binary Authorization
- CC8.1 Change control with approval gates
- CC6.1 Logical access controls
- CC6.6 Audit logging and monitoring
- CC7.2 Continuous monitoring
- Art. 25 Data protection by design
- Art. 32 Security of processing
- Data residency in EU (europe-west1)
- Feature branch → Create PR
- Automated checks → Compliance validation, security scanning
- Code review → Team approval required
- Merge to main → Auto-deploy to non-production
- Production release → Manual promotion from non-prod
- Security review → Automated compliance checks
- Approval gate → Security team approval required
- Production deployment → With full audit trail
- Access to
u2i-tenant-webappGCP project - Membership in
webapp-team@u2i.comGoogle Group - GitHub repository access with proper branch protection
# Build and test locally
docker build -t webapp .
docker run -p 8080:8080 webapp
# Deploy to non-production
gcloud deploy releases create dev-$(date +%Y%m%d-%H%M%S) \
--project=u2i-tenant-webapp \
--region=europe-west1 \
--delivery-pipeline=webapp-delivery-pipeline \
--source=.# Promote to production (requires approval)
gcloud deploy releases promote \
--project=u2i-tenant-webapp \
--region=europe-west1 \
--delivery-pipeline=webapp-delivery-pipeline \
--release=RELEASE_NAME \
--to-target=prod-gkeBefore each deployment, ensure:
- All containers have resource limits
- Security contexts are properly configured
- Images are from approved registries
- Secrets are managed via Secret Manager
- Network policies are in place
- Audit logging is enabled
- Team Lead: webapp-team@u2i.com
- Security Issues: security-team@u2i.com
- Platform Support: platform-team@u2i.com
- Compliance Questions: compliance@u2i.com# Test GitOps Pipeline