FreeCELPIPTest is a production-grade, real-world learning platform for CELPIP candidates. It blends a polished learning experience with a serious cloud architecture: Next.js 15 on AKS, Key Vaultβbacked secrets, PostgreSQL, and full CI/CD with azd.
This repository is also my Azure DevOps portfolio piece. It is intentionally end-to-end: frontend, backend, infra, security, and deployment automation in one place.
- Real users, real needs: practice tests, guided prep, and a learning-first UX
- Cloud-native by design: autoscaling, secrets, and zero-trust patterns
- Production workflow: CI/CD, observability, and reliable releases
- Next.js 15 App Router with TypeScript
- AKS deployment via azd and Helm
- Azure Key Vault + CSI driver for secrets
- PostgreSQL Flexible Server with private networking
- Application Insights for telemetry
- NGINX Ingress + cert-manager for HTTPS
- Mobile-first, accessible UI
Users reach the platform through DNS and an Azure Load Balancer. Traffic lands on NGINX Ingress in AKS, routes through Kubernetes Services, and hits the Next.js pods. Secrets are pulled securely from Azure Key Vault using the CSI driver, while the app talks to PostgreSQL over private networking. Telemetry flows into Application Insights, and container images come from ACR.
flowchart TB
%% ============================================
%% User & Domain Layer
%% ============================================
USER["π€ User Browser"]
PRODDOMAIN["π freecelpiptest.com"]
DEVDOMAIN["π dev.freecelpiptest.com"]
%% ============================================
%% GitHub Actions CI/CD Pipeline
%% ============================================
subgraph GITHUB["β‘ GitHub Actions CI/CD"]
direction TB
TRIGGER["π Triggers<br/>β’ Push: main/develop<br/>β’ PR: main"]
subgraph CI["π§ͺ CI Jobs"]
direction LR
LINT["β
Lint & Test<br/>ESLint β’ Jest β’ TSC"]
SECURITY["π Security Scan<br/>Trivy β’ CodeQL"]
end
subgraph BUILD["ποΈ Build Job"]
direction LR
DOCKER["π³ Docker Buildx<br/>linux/amd64,arm64"]
PUSH["π¦ Push ACR<br/>freecelpip:1.2.3"]
end
subgraph CD["π CD Jobs"]
direction LR
DEPLOYDEV["π± Deploy Dev<br/>Helm upgrade --set image.tag=1.2.3-dev"]
DEPLOYPROD["π₯ Deploy Prod<br/>Helm upgrade --set image.tag=1.2.3"]
SMOKE["π§ͺ Smoke Tests<br/>curl /api/health"]
end
OIDC["π Azure OIDC<br/>Workload Identity Federation"]
end
%% ============================================
%% Azure Infrastructure
%% ============================================
subgraph AZURE["βοΈ Azure Canada Central"]
direction TB
ACR["π¦ Azure Container Registry<br/>crdevru7klmqtlrise.azurecr.io<br/>freecelpip:1.2.3"]
subgraph AKS["βοΈ AKS Cluster"]
direction TB
INGRESS["π NGINX Ingress Controller<br/>52.139.19.34<br/>cert-manager SSL"]
subgraph FREECELPIP["π¦ Namespace: freecelpip"]
direction LR
POD["π’ Next.js Pod<br/>Port: 3000<br/>CPU: 100m-500m<br/>RAM: 256-512Mi<br/>/api/health"]
SERVICE["β‘ K8s Service<br/>ClusterIP:80β3000"]
end
end
subgraph SECRETS["π Secret Management"]
KV["Key Vault<br/>kv-dev-ru7klmqtlrise"]
CSI["CSI Driver<br/>SecretProviderClass"]
end
DB["ποΈ PostgreSQL Flexible Server<br/>psql-dev-ru7klmqtlrise<br/>B2s β’ 128GB β’ SSL"]
APPINSIGHTS["π Application Insights<br/>appi-dev-ru7klmqtlrise"]
end
%% ============================================
%% CI/CD Flow (Fixed Sequence)
%% ============================================
TRIGGER --> LINT --> SECURITY --> DOCKER --> PUSH
OIDC -.auth.-> ACR
PUSH -.->|develop| DEPLOYDEV
PUSH -.->|main| DEPLOYPROD
DEPLOYDEV --> SMOKE
DEPLOYPROD --> SMOKE
%% ============================================
%% Deployment Flow
%% ============================================
ACR -.docker-pull.-> POD
DEPLOYPROD -.helm-upgrade.-> AKS
DEPLOYDEV -.helm-upgrade.-> AKS
%% ============================================
%% Traffic Flow
%% ============================================
USER -->|HTTPS| PRODDOMAIN
USER -.->|HTTPS| DEVDOMAIN
PRODDOMAIN -->|443| INGRESS
DEVDOMAIN -->|443| INGRESS
INGRESS --> SERVICE
SERVICE --> POD
%% ============================================
%% Data & Secrets Flow
%% ============================================
POD <-->|Prisma ORM<br/>SSL Required| DB
KV -->|RBAC| CSI
CSI -.mount.-> POD
POD -.telemetry.-> APPINSIGHTS
%% ============================================
%% Prisma Migrations
%% ============================================
DEPLOYPROD -.->|"kubectl run migrate"| DB
DEPLOYDEV -.->|"kubectl run migrate"| DB
%% ============================================
%% Professional Styling
%% ============================================
style GITHUB fill:#1e3a8a,stroke:#3b82f6,stroke-width:3px,color:#ffffff
style AZURE fill:#0078d4,stroke:#0369a1,stroke-width:3px,color:#ffffff
style AKS fill:#0ea5e9,stroke:#0284c7,stroke-width:2px
style FREECELPIP fill:#fef3c7,stroke:#f59e0b,stroke-width:2px
style TRIGGER fill:#10b981,stroke:#059669,stroke-width:2px,color:#ffffff
style LINT fill:#3b82f6,stroke:#1d4ed8,color:#ffffff
style SECURITY fill:#ef4444,stroke:#dc2626,color:#ffffff
style DOCKER fill:#f59e0b,stroke:#d97706,color:#ffffff
style PUSH fill:#8b5cf6,stroke:#7c3aed,color:#ffffff
style DEPLOYDEV fill:#6b7280,stroke:#4b5563,color:#ffffff
style DEPLOYPROD fill:#ef4444,stroke:#dc2626,color:#ffffff
style SMOKE fill:#10b981,stroke:#059669,color:#ffffff
style ACR fill:#1e40af,stroke:#1d4ed8,color:#ffffff
style INGRESS fill:#f97316,stroke:#ea580c,color:#000
style POD fill:#22c55e,stroke:#16a34a,color:#000
style SERVICE fill:#3b82f6,stroke:#1d4ed8,color:#ffffff
style KV fill:#eab308,stroke:#ca8a04,color:#000
style CSI fill:#a855f7,stroke:#9333ea,color:#ffffff
style DB fill:#14b8a6,stroke:#0d9488,color:#ffffff
style APPINSIGHTS fill:#8b5cf6,stroke:#7c3aed,color:#ffffff
style USER fill:#6b7280,stroke:#4b5563,color:#ffffff
style PRODDOMAIN fill:#10b981,stroke:#059669,color:#ffffff
style DEVDOMAIN fill:#f59e0b,stroke:#d97706,color:#ffffff
- Node.js 18+
- PostgreSQL database
- Google OAuth credentials
npm install
cp .env.example .envPopulate .env with your values, then:
npx prisma generate
npx prisma db push
npm run devThis repo is wired for azd. The full production workflow is documented here:
Fast path:
azd auth login
azd env new dev
azd upFreeCelpipTest/
βββ app/ # Next.js App Router
βββ components/ # UI + sections + layout
βββ azure/ # Azure infra, Helm, and deployment scripts
βββ prisma/ # Prisma schema
βββ public/ # Static assets
- This project emphasizes reliability: pod disruption budgets, rolling updates, and HPA.
- Security is a first-class citizen: Key Vault, managed identity, private DB networking.
- The UI is practical and human-first, built for real learners.
This website is not affiliated with or endorsed by CELPIP. It is an independent study resource built for learners.
For questions or issues, please contact us through the contact page or open an issue on GitHub.