CI/CD Pipeline Integration with Automated Deployment to Amazon EKS
Durkesh blogs4 min read
Summary of Your Pipeline Workflow
Pipeline Highlights:
Jenkins-driven CI/CD pipeline with GitHub webhook
Static code analysis via SonarQube
OWASP dependency check and Trivy file scan
Docker image build, scan (Docker Scout), and push to DockerHub
Kubernetes (EKS) deployment
Monitoring with Prometheus, Node Exporter, and Grafana.
Step 1: Create EC2 Instance for Jenkins and Monitoring Stack
Launch an EC2 instance using the following configuration:
Instance Type:
t3.largeOS: Ubuntu 22.04 LTS
Create a Security Group with the following inbound rules:
| Protocol | Port | Purpose |
| TCP | 22 | SSH access |
| TCP | 80 | HTTP access |
| TCP | 443 | HTTPS access |
| TCP | 8080 | Jenkins Web UI |
| TCP | 3000 | Grafana Dashboard |
| TCP | 9000 | SonarQube Code Analysis |
| TCP | 9090 | Prometheus Monitoring |
| TCP | 9100 | Node Exporter Metrics Collection |
Step 2: Install Core Tools on EC2
๐น AWS CLI
bashCopyEditsudo apt update && sudo apt install unzip -y
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
๐น Jenkins + Temurin JDK 17
bashCopyEditsudo apt update -y
wget -O - https://packages.adoptium.net/artifactory/api/gpg/key/public | sudo tee /etc/apt/keyrings/adoptium.asc
echo "deb [signed-by=/etc/apt/keyrings/adoptium.asc] https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | sudo tee /etc/apt/sources.list.d/adoptium.list
sudo apt update -y
sudo apt install temurin-17-jdk -y
bashCopyEditcurl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee /usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian-stable binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list
sudo apt update -y
sudo apt install jenkins -y
sudo systemctl enable --now jenkins
๐น Docker
bashCopyEditsudo apt-get install ca-certificates curl -y
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo tee /etc/apt/keyrings/docker.asc
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
sudo usermod -aG docker ubuntu
๐น Trivy Security Scanner
bashCopyEditsudo apt install wget apt-transport-https gnupg -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee /etc/apt/sources.list.d/trivy.list
sudo apt update
sudo apt install trivy -y
๐น Docker Scout
bashCopyEditdocker login # Add DockerHub credentials
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- -b /usr/local/bin
Step 3: Set Up SonarQube in Docker
bashCopyEditdocker pull sonarqube
docker run -d --name sonarqubecontainer -p 9000:9000 sonarqube
Configure:
Webhook:
http://<JENKINS_PUBLIC_IP>:8080/sonarqube-webhook/Generate and store SonarQube token in Jenkins credentials
Step 4: Jenkins CI/CD Pipeline
Here is a snippet from a declarative Jenkins pipeline:
groovyCopyEditpipeline {
agent any
tools {
nodejs 'node18'
jdk 'jdk17'
}
environment {
SCANNER_HOME = tool 'sonar-scanner'
}
stages {
stage("Git Checkout") {
steps {
git branch: 'main', url: 'https://github.com/durkeshwaran1103/web-application'
}
}
stage("SonarQube Analysis") {
steps {
withSonarQubeEnv('sonar-server') {
sh '$SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=chatcord-app -Dsonar.projectKey=chatcord-app'
}
}
}
stage("Build Docker Image") {
steps {
sh 'docker build -t chatcord-app .'
}
}
stage("Push to DockerHub") {
steps {
withDockerRegistry(credentialsId: 'docker-red') {
sh '''
docker tag chatcord-app durkeshwaran1103/chatcord-app:latest
docker push durkeshwaran1103/chatcord-app:latest
'''
}
}
}
stage("Deploy Container") {
steps {
sh '''
docker stop chatcord-app || true
docker rm chatcord-app || true
docker run -d --name chatcord-app -p 3000:3000 durkeshwaran1103/chatcord-app:latest
'''
}
}
}
}
Step 5: Secure Credentials in Jenkins
Add these credentials via Jenkins > Manage Credentials:
SonarQube Token
DockerHub Username/Password
GitHub Token (optional)
Step 6: Create EKS Cluster with eksctl
bashCopyEditeksctl create cluster --name=chatapp \
--region=us-east-1 \
--zones=us-east-1a,us-east-1b \
--without-nodegroup
eksctl utils associate-iam-oidc-provider \
--region us-east-1 \
--cluster chatapp \
--approve
eksctl create nodegroup --cluster=chatapp --region=us-east-1 --name=workernode \
--node-type=t3.medium --nodes=2 --managed --ssh-access \
--ssh-public-key=dk --full-ecr-access --alb-ingress-access
Step 7: Install Prometheus + Node Exporter
Follow the official Prometheus setup or install using systemd and configure /etc/prometheus/prometheus.yml.
Add jobs like:
yamlCopyEditscrape_configs:
- job_name: 'node_exporter'
static_configs:
- targets: ['localhost:9100']
- job_name: 'jenkins'
metrics_path: '/prometheus'
static_configs:
- targets: ['<jenkins-ip>:8080']
Step 8: Install Grafana
bashCopyEditwget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -
echo "deb https://packages.grafana.com/oss/deb stable main" | sudo tee /etc/apt/sources.list.d/grafana.list
sudo apt update
sudo apt install grafana -y
sudo systemctl enable --now grafana-server
Access Grafana via http://<your-server-ip>:3000.
Step 9: Deploy Applications with ArgoCD
bashCopyEditkubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'
kubectl get svc -n argocd argocd-server
Login to ArgoCD:
bashCopyEditkubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d
0
Subscribe to my newsletter
Read articles from Durkesh blogs directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by