Capstone project
01 / 18

Opslora

A cloud-native SaaS operations platform for managing customers, inventory, orders, invoices, payments, notifications, and an AI-assisted operating workflow.

Minimal project presentationUse arrow keys
Problem statement
02 / 18

Small businesses run operations across disconnected tools.

  • Customer, stock, order, invoice, and payment data are scattered.
  • Manual follow-ups create missed revenue and slow collections.
  • Owners lack a single operating view for daily decisions.
  • AI tools are generic and usually disconnected from real business context.
ProblemOpslora project deck
Solution
03 / 18
Unified workspace
One flow from customer to cash.Manage customers, products, orders, invoices, and payments in one authenticated application.
Operational clarity
Daily signals instead of manual hunting.Open invoices, ready-to-invoice orders, low stock, and follow-up actions are surfaced together.
Lora AI
Business assistant grounded in tenant data.Lora uses app snapshots and stored knowledge chunks to generate focused operating guidance.
Application valueMinimal UI / SaaS workflow
Application architecture
04 / 18
Open editable Application Architecture in ExcalidrawEsc exits fullscreen
Architecture visual placeholderSVG/Excalidraw export can be embedded here
GitOps model
05 / 18
Application service reposEach microservice owns code, tests, Dockerfile, and CI checks.
Frontend / docs / landing reposIndependent static or UI deployables with their own release flow.
Helm repoEnvironment-specific values, app-of-apps manifests, and image tag promotions.
Terraform repoAzure subscriptions, networking, AKS, DNS, Key Vault, monitoring, and state-backed infrastructure.
Repository segregationCode, charts, and infra separated
GitOps model continued
06 / 18
Service PRFeature branch to main with tests and approval.
Image buildACR image tagged with immutable commit SHA.
Helm valuesTest branch or prod PR updates image tag.

Argo CDWatches Helm branch/main.
AKS rolloutApplies desired app state.
Smoke + evidencePublic endpoint and runtime verification.
GitOps deliveryGit is the deployment source of truth
CI/CD pipeline
07 / 18

Microservices are gated before image promotion.

  • Pull requests run unit tests, migration checks, Sonar quality gate, Snyk, and Trivy where configured.
  • Approved PR + build label controls post-merge image pipeline.
  • Images are pushed to Azure Container Registry with immutable tags.
  • Helm test values are updated for Argo-driven rollout.
Working CI/CD pathFail-fast quality gates
Branching rules
08 / 18
Service repos
PR → mainReview, checks, build label, then squash merge.
Test GitOps
test/opslora-helm-testArgo test tracks dedicated Helm branch.
Prod GitOps
mainProd promotion PRs update semver image tags.
Branch disciplineTest and prod remain separate
CI/CD architecture
09 / 18
Open editable CI/CD Architecture in ExcalidrawEsc exits fullscreen
Placeholder slideReady for SVG/output screenshot
Cloud architecture
10 / 18
Edge
Azure DNS + App GatewayPublic routing, TLS, WAF-ready ingress.
Runtime
AKSFrontend, app services, docs, landing, Lora AI.
Platform
ACR + Key Vault + MonitorImages, secrets, logs, metrics, alerts, Grafana dashboards.
Cloud architectureAzure hub/spoke style platform
Cloud architecture diagram
11 / 18
Open editable Cloud Architecture in ExcalidrawEsc exits fullscreen
Dedicated visual slide after slide 10Ready for SVG / Excalidraw export
Cloud security
12 / 18

Security is implemented across identity, ingress, secrets, and supply chain.

  • GitHub OIDC to Azure instead of static cloud credentials.
  • Key Vault-backed secret injection into AKS workloads.
  • App Gateway TLS and ingress routing for public apps.
  • Container scanning and quality gates in CI/CD.
  • Azure RBAC and environment separation for test/prod.
Security controlsCloud-native operating model
Governance / scaling / cost
13 / 18
Governance
Environment branches and approval gates.Prod changes move through PRs, release tags, and evidence-based promotion.
Scaling
AKS separates workloads by service.Replica counts and resource controls can scale independently per component.
Cost
Test/prod split with reversible pause patterns.Expensive Azure resources can be paused/deallocated when not demoing.
Operations postureGoverned but demo-friendly
Terraform structure
14 / 18
opslora-azure-terraform/
  environments/
    hub/        shared DNS, connectivity, monitoring foundations
    test/       AKS test, App Gateway, Key Vault, MySQL, ACR
    prod/       production AKS and platform resources
    prod-dr/    future disaster recovery region
  modules/
    aks/
    app-gateway/
    key-vault/
    mysql/
    monitoring/
    dns/
  .github/workflows/
    plan/apply/destroy/seed workflows
Terraform file structureEnvironment roots + reusable modules
Terraform state
15 / 18

State is separated by environment and protected through Azure backend storage.

  • Each environment root has its own state boundary.
  • Remote state keeps Terraform execution consistent across machines and CI runners.
  • Plan/apply workflows provide reviewable evidence before changes.
  • Drift is handled through import or Terraform-managed correction, not portal-only fixes.
tfstate managementRemote backend and environment isolation
Secrets and OIDC
16 / 18
GitHub ActionsWorkflow requests OIDC token.
Azure Entra IDFederated credential validates repo/environment subject.
Azure accessTerraform, ACR, Key Vault, AKS operations.

Secrets
Azure Key VaultRuntime values are mounted/synced into AKS; secrets are not committed.
Workload identity
Least privilegeActions and AKS identities receive scoped Azure roles.
Lora AI gateway
Gateway key redactedPrivate AI gateway key is kept in secret stores, not docs or repo output.
Secret managementOIDC + Key Vault
Output placeholder
17 / 18
Paste output screenshot here

Suggested: GitHub Actions success, Argo sync, Azure portal resource group, Grafana dashboard, or app smoke output.
Empty slideFor screenshots
Output placeholder
18 / 18
Paste final architecture or demo evidence here

This slide is intentionally empty for last-minute project evidence.