Production Level CICD Pipeline Project | CICD DevOps Project
Divya vasant satpute
What we are doing ????
Setup Repo
Set-Up Required Servers[Jenkins, SonarQube, Nexus, Monitoring Tools
Configure Tools
Create The Pipelines & Create EKS Clusters
Trigger The Pipeline To Deploy the Application
Assign a Custom domain to the deployed application
Monitor The Application
Prerequisites
Step 1
Setting up EKS Cluster Using Terraform
AWS Console launch server for terraform
t2 medium
40 storage
open this Ports inbound rule on security group
update repo
sudo apt update -y
Install AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo apt install unzip
unzip awscliv2.zip
sudo ./aws/install
AWS Configure Provide Access key and Secret key on Aws Console
aws configure
Install Kubectl
curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin
kubectl version --short --client
Installation of Terafform
sudo snap install terraform --classic
terraform --version
clone the Repo for EKS Terraform Script
git clone https://github.com/divyasatpute/FullStack-Blogging-App.git
change directory
cd FullStack-Blogging-App/
change directory
cd EKS_Terraform/
In Variables.tf file you just need to change Your key name
AND in main.tf file you just need to change region and availability zone as per your requirement
Now terraform initialization
terraform init
terraform plan
terraform apply --auto-approve
In Order to communicate with aws eks cluster we need to update our kubeconfig file
aws eks --region ap-south-1 update-kubeconfig --name devopsshack-cluster
Step 2
40 GB Storage
Launch 1 EC2 Machine one for Jenkins
t2.large
40 GB storage
Connect them with using gitbash
Installation Jenkins
step 1
Install java ( latest stable version )
sudo apt install openjdk-17-jre-headless -y
Install Jenkins
vi 1.sh
Paste the all command in 1.sh file
sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins -y
Change the permission
sudo chmod +x 1.sh
Run the file
./1.sh
Installation docker on Jenkins machine
Install docker
sudo apt install docker.io -y
change permission
sudo chmod 666 /var/run/docker.sock
Installation Trivy on Jenkins machine
sudo apt-get install wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y
Installation kubectl on Jenkins machine
curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin
kubectl version --short --client
Installation Nexus as a docker container
update machine
sudo apt update -y
Install docker
sudo apt install docker.io -y
Create container
sudo docker run -d -p 8081:8081 sonatype/nexus3
Access your Nexus On Browser http://PUBLIC_IP:8081/
our Nexus up and running but password is stored inside the container so for that we need to go inside the container
sudo docker exec -it 629f2dda1a74 /bin/bash
cd sonatype-work/nexus3/
cat admin.password
here you can got password
Now You Can See Our Nexus also working fine and able to sign in
Nexus Configuration
Go to nexus dashboard --> click on settings ---> click on repositories
copy the Maven-releases URL and Maven snapshot URL and paste it on POX.XML file
for credentials go to Jenkins Dashboard --->click on manage Jenkins---> Managed files---> click on Add new Config--->Global Maven settings.xml--->provide id "anything"---> click on next
Installation SonarQube as a docker container
update machine
sudo apt update -y
Install docker
sudo apt install docker.io -y
Create container
sudo docker run -it -p 9000:9000 sonarqube:lts-community
Configuration on Jenkins
Installation Plugins
SonarQube Scanner
Config File Provider
Maven Integration
Pipeline Maven Integration
Kubernetes
Kubernetes Client API
Kubernetes Credentials
Kubernetes CLI
Kubernetes Credentials Provider
Docker Pipeline
Docker Commons
Docker
Eclipse Temurin installer
Pipeline: Stage View
Configuration System
Sonar Scanner
Configuration tools
Go to Manage jenkins ----> tools
add SonarQube Scanner
add Maven
Add Docker
Deployment
Create Service Account, Role & Assign that role, And create a secret for Service Account and generate a Token
Create namespace
kubectl create ns webapps
Creating Service Account
vi svc.yml
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: webapps
kubectl apply -f svc.yml
Create Role
vi role.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: app-role
namespace: webapps
rules:
- apiGroups:
- ""
- apps
- autoscaling
- batch
- extensions
- policy
- rbac.authorization.k8s.io
resources:
- pods
- componentstatuses
- configmaps
- daemonsets
- deployments
- events
- endpoints
- horizontalpodautoscalers
- ingress
- jobs
- limitranges
- namespaces
- nodes
- secrets
- pods
- persistentvolumes
- persistentvolumeclaims
- resourcequotas
- replicasets
- replicationcontrollers
- serviceaccounts
- services
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
kubectl apply -f role.yml
Bind the role to service account
vi bind.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: app-rolebinding
namespace: webapps
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: app-role
subjects:
- namespace: webapps
kind: ServiceAccount
name: jenkins
kubectl apply -f bind.yml
for token
vi jen.secret.yml
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: mysecretname
annotations:
kubernetes.io/service-account.name: jenkins
kubectl apply -f jen.secret.yml -n webapps
for docker secret
kubectl create secret docker-registry regcred \
--docker-server=https://index.docker.io/v1/ \
--docker-username=divyasatpute \
--docker-password=123654 \
--namespace=webapps
kubectl describe secrets mysecretname -n webapps
Pipeline
pipeline {
agent any
tools {
jdk 'jdk17'
maven 'maven3'
}
environment{
SCANNER_HOME= tool 'sonar-scanner'
}
stages {
stage('Git Checkout') {
steps {
git branch: 'main', credentialsId: 'git-cred', url: 'https://github.com/divyasatpute/full-stack-app-project.git'
}
}
stage('Compile') {
steps {
sh 'mvn compile'
}
}
stage('Test') {
steps {
sh 'mvn test'
}
}
stage('Trivy fs scan') {
steps {
sh 'trivy fs --format table -o fs.html .'
}
}
stage('SonarQube Analysis') {
steps {
withSonarQubeEnv('sonar-server') {
sh '''$SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Blogging-app -Dsonar.projectKey=Blogging-app \
-Dsonar.java.binaries=target'''
}
}
}
stage('Build') {
steps {
sh 'mvn clean package'
}
}
stage('Publish Artifacts') {
steps {
withMaven(globalMavenSettingsConfig: 'maven-settings', jdk: 'jdk17', maven: 'maven3', mavenSettingsConfig: '', traceability: true) {
sh 'mvn deploy'
}
}
}
stage('Docker Build & Tag ') {
steps {
script{
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
sh 'docker build -t divyasatpute/bloggingapp:latest . --no-cache '
}
}
}
}
stage('Trivy image scan') {
steps {
sh 'trivy image --format table -o image.html divyasatpute/bloggingapp:latest'
}
}
stage('Docker Push') {
steps {
script{
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
sh 'docker push divyasatpute/bloggingapp:latest'
}
}
}
}
stage('k8-Deploy') {
steps {
withKubeConfig(caCertificate: '', clusterName: 'devopsshack-cluster', contextName: '', credentialsId: 'k8-cred', namespace: 'webapps', restrictKubeConfigAccess: false, serverUrl: 'https://0D7DFCF662ECC24043497267C6A5BDEB.gr7.ap-south-1.eks.amazonaws.com') {
sh 'kubectl apply -f deployment-service.yml'
sleep 20
}
}
}
stage('verify the Deployment') {
steps {
withKubeConfig(caCertificate: '', clusterName: 'devopsshack-cluster', contextName: '', credentialsId: 'k8-cred', namespace: 'webapps', restrictKubeConfigAccess: false, serverUrl: 'https://0D7DFCF662ECC24043497267C6A5BDEB.gr7.ap-south-1.eks.amazonaws.com') {
sh 'kubectl get pods'
sh 'kubectl get svc'
}
}
}
}
}
Installation Monitaring tool
sudo apt update -y
wget https://github.com/prometheus/prometheus/releases/download/v3.0.0-beta.0/prometheus-3.0.0-beta.0.linux-amd64.tar.gz
tar -xvf prometheus-3.0.0-beta.0.linux-amd64.tar.gz
wget https://github.com/prometheus/blackbox_exporter/releases/download/v0.25.0/blackbox_exporter-0.25.0.linux-amd64.tar.gz
tar -xvf blackbox_exporter-0.25.0.linux-amd64.tar.gz
cd prometheus-3.0.0-beta.0.linux-amd64
./prometheus &
cd prometheus-3.0.0-beta.0.linux-amd64
vi prometheus.yml
access prometheus http://13.232.13.30:9090
for blackbox exporter
cd blackbox_exporter-0.25.0.linux-amd64
./blackbox_exporter &
access blackbox http://13.232.13.30:9090
for Grafana
sudo apt-get install -y adduser libfontconfig1 musl
wget https://dl.grafana.com/enterprise/release/grafana-enterprise_11.2.0_amd64.deb
sudo dpkg -i grafana-enterprise_11.2.0_amd64.deb
sudo /bin/systemctl start grafana-server
Test Results
Subscribe to my newsletter
Read articles from Divya vasant satpute directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Divya vasant satpute
Divya vasant satpute
, I'm a seasoned DevOps engineer ๐ ๏ธ with a knack for optimizing software development lifecycles and infrastructure operations. ๐ก Specializing in cutting-edge DevOps practices and proficient in tools like Docker, Kubernetes, Ansible, and more, I'm committed to driving digital transformation and empowering teams to deliver high-quality software with speed and confidence. ๐ป