End-to-End DevOps Pipeline for BookMyShow Clone using Jenkins, EKS & Observability Stack
Rushikesh Mane
๐ Deploying and monitoring a full-stack application on AWS EKS with security scans, quality gates, and observability.
๐ฌ Project Overview
This blog demonstrates the deployment of a Book My Show Clone application through a complete DevOps pipeline. The project includes CI/CD with Jenkins, Dockerized deployment to EKS, security via Trivy and OWASP, quality gate checks using SonarQube, and full observability using Prometheus and Grafana.
๐ GitHub Repo: rushi2828/Book-My-Show-Clone
๐ง Tech Stack
| Tool | Purpose |
| Jenkins | CI/CD Pipeline |
| Docker & DockerHub | Containerization & Image Registry |
| SonarQube | Code Quality Analysis |
| Trivy & OWASP | Security Scanning |
| Amazon EKS | Kubernetes Cluster |
| Prometheus & Grafana | Monitoring & Visualization |
| NodeJS & npm | Frontend App Dependencies |
| AWS CLI, kubectl, eksctl | Infrastructure Automation |
Step-by-Step Setup
Jenkins Setup
Install Jenkins using a shell script:
#!/bin/bash
# Install OpenJDK 17 JRE Headless
sudo apt install openjdk-17-jre-headless -y
# Download Jenkins GPG key
sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
# Add Jenkins repository to package manager sources
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
# Update package manager repositories
sudo apt-get update
# Install Jenkins
sudo apt-get install jenkins -y
โ Installed Jenkins Plugins
To enable smooth CI/CD integrations and DevSecOps practices, the following plugins have been installed in Jenkins:
SonarQube Scanner
For static code analysis and code quality metrics.Docker Pipeline
Enables building and running Docker containers within pipeline scripts.Docker Commons
Provides shared Docker functionality for other Docker-related plugins.NodeJS Plugin
Integrates Node.js and npm into Jenkins builds.OWASP Dependency Check
Performs security vulnerability analysis on project dependencies.Kubernetes CLI Plugin
Allowskubectlcommands to be executed in Jenkins pipelines.Prometheus Metrics Plugin
Exposes Jenkins metrics in Prometheus format for observability.Email Extension Plugin
Advanced email notifications during pipeline stages.
๐ Global Credentials Configuration
To securely interact with external tools, the following credentials are configured under Manage Jenkins > Credentials:
| Credential ID | Description | Type |
docker | DockerHub login credentials | Username/Password |
Sonar-token | SonarQube authentication token | Secret Text |
email-creds | Gmail SMTP token for notifications | Username/Password |
โ SonarQube Webhook Setup (for Jenkins Integration)
To trigger quality gate status in Jenkins after a SonarQube scan, configure a webhook:
Go to SonarQube โ Administration โ Webhooks
Click Create Webhook
Set
Name: jenkins URL:http://<public-ip>:8080/sonarqube-webhook//sonarqube-webhook/` is included** at the end โ it's required for Jenkins to receive the response.
This enables Jenkins to wait for the SonarQube quality gate result before proceeding.
Docker, Trivy & SonarQube Setup
Install Docker & Login to DockerHub
#Dcoker.sh
#!/bin/bash
# Update package manager repositories
sudo apt-get update
# Install necessary dependencies
sudo apt-get install -y ca-certificates curl
# Create directory for Docker GPG key
sudo install -m 0755 -d /etc/apt/keyrings
# Download Docker's GPG key
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
# Ensure proper permissions for the key
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add Docker repository to Apt sources
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Update package manager repositories
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
If you unable to pull command and getting an error then add permission to the docker.sock
sudo chmod 666 /var/run/docker.sock
Login to DockerHub
# docker hub login
docker login -u <username>
password
๐ Install Trivy (Vulnerability Scanner)
# trivy.sh
#!/bin/bash
sudo apt-get install wget apt-transport-https gnupg
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy
๐ Run SonarQube using Docker
docker run -d --name sonar -p 9000:9000 sonarqube:lts-community
๐ Access SonarQube:http://<public-ip>:9000
๐ Default Credentials:admin / admin
3๏ธโฃ Create EKS Cluster
This section guides you through creating an Amazon EKS Cluster using eksctl, along with the necessary IAM policies and tooling.
๐ Step 1: Create IAM User with Required Policies
Attach the following Managed Policies to your IAM user:
AmazonEC2FullAccessAmazonEKSClusterPolicyAmazonEKSWorkerNodePolicyAWSCloudFormationFullAccessAmazonEKS_CNI_Policy
Additionally, add this Inline Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "eks:*",
"Resource": "*"
}
]
}
๐ ๏ธ Step 2: Install AWS CLI, kubectl, and eksctl
Install AWS CLI:
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo apt install unzip
unzip awscliv2.zip
sudo ./aws/install
Install kubectl
curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin
kubectl version --short --client
Install eksctl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version
โ๏ธ Step 3: Create EKS Cluster
eksctl create cluster --name=bms-eks --region=ap-south-1 --without-nodegroup
Associate the OIDC provider:
eksctl utils associate-iam-oidc-provider \
--region ap-south-1 \
--cluster bms-eks \
--approve
๐งฑ Step 4: Create Node Group
eksctl create nodegroup --cluster=bms-eks \
--region=ap-south-1 \
--name=node2 \
--node-type=t3.medium \
--nodes=3 \
--nodes-min=2 \
--nodes-max=4 \
--node-volume-size=20 \
--ssh-access \
--ssh-public-key=rushi-hp \
--managed \
--asg-access \
--external-dns-access \
--full-ecr-access \
--appmesh-access \
--alb-ingress-access
โ ๏ธ Important: Before Executing the Kubernetes Stage in Jenkins Pipeline
Before running the Kubernetes-related stages in your Jenkins CI/CD pipeline, ensure that Jenkins has valid AWS credentials and access to the EKS cluster.
Look for a line like this:
jenkins 1234 0.0 0.1 123456 7890 ? Ssl 12:34 0:00 /usr/bin/java -jar /usr/share/jenkins/jenkins.war
๐ค Step 2: Switch to the Jenkins User
sudo -su jenkins
pwd # Output: /home/ubuntu (or relevant path)
whoami # Output: jenkins
๐ Step 3: Configure AWS Credentials
aws configure
Enter your AWS Access Key and Secret Key when prompted.
This will generate the credentials file at:
/var/lib/jenkins/.aws/credentials
โ Step 4: Verify AWS Credentials
Run command:
aws sts get-caller-identity
Expected output:
{
"UserId": "EXAMPLEUSERID",
"Account": "123456789012",
"Arn": "arn:aws:iam::123456789012:user/example-user"
}
๐ Step 5: Restart Jenkins
Exit the jenkins user and restart the Jenkins service:
sudo systemctl restart jenkins
๐ Step 6: Switch Back and Configure kubeconfig
Switch again to the jenkins user:
sudo -su jenkins
aws eks update-kubeconfig --name bms-eks --region ap-south-1
Jenkins Pipeline (CI/CD)
Here's a simplified Jenkins pipeline setup:
pipeline {
agent any
tools {
jdk 'jdk17'
nodejs 'node24'
}
environment {
SCANNER_HOME = tool 'sonar-scanner'
DOCKER_IMAGE = 'rushi2323/bms:latest'
EKS_CLUSTER_NAME = 'bms-eks'
AWS_REGION = 'ap-south-1'
}
stages {
stage('Clean Workspace') {
steps {
cleanWs()
}
}
stage('Checkout from Git') {
steps {
git branch: 'main', url: 'https://github.com/rushi2828/Book-My-Show-Clone'
sh 'ls -la' // Verify files after checkout
}
}
stage('SonarQube Analysis') {
steps {
withSonarQubeEnv('sonar-server') {
sh '''
$SCANNER_HOME/bin/sonar-scanner \
-Dsonar.projectName=BMS \
-Dsonar.projectKey=BMS
'''
}
}
}
stage('Quality Gate') {
steps {
script {
waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-token'
}
}
}
stage('Install Dependencies') {
steps {
sh '''
cd bookmyshow-app
ls -la # Verify package.json exists
if [ -f package.json ]; then
rm -rf node_modules package-lock.json # Remove old dependencies
npm install # Install fresh dependencies
else
echo "Error: package.json not found in bookmyshow-app!"
exit 1
fi
'''
}
}
stage('OWASP FS Scan') {
steps {
dependencyCheck additionalArguments: '--scan ./ --disableYarnAudit --disableNodeAudit', odcInstallation: 'DP-Check'
dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
}
}
stage('Trivy FS Scan') {
steps {
sh 'trivy fs . > trivyfs.txt'
}
}
stage('Docker Build & Push') {
steps {
script {
withDockerRegistry(credentialsId: 'docker', toolName: 'docker') {
sh '''
echo "Building Docker image..."
docker build --no-cache -t $DOCKER_IMAGE -f bookmyshow-app/Dockerfile bookmyshow-app
echo "Pushing Docker image to Docker Hub..."
docker push $DOCKER_IMAGE
'''
}
}
}
}
stage('Deploy to EKS Cluster') {
steps {
script {
sh '''
echo "Verifying AWS credentials..."
aws sts get-caller-identity
echo "Configuring kubectl for EKS cluster..."
aws eks update-kubeconfig --name $EKS_CLUSTER_NAME --region $AWS_REGION
echo "Verifying kubeconfig..."
kubectl config view
echo "Deploying application to EKS..."
kubectl apply -f deployment.yml
kubectl apply -f service.yml
echo "Verifying deployment..."
kubectl get pods
kubectl get svc
'''
}
}
}
}
post {
always {
emailext attachLog: true,
subject: "'${currentBuild.result}'",
body: "Project: ${env.JOB_NAME}<br/>" +
"Build Number: ${env.BUILD_NUMBER}<br/>" +
"URL: ${env.BUILD_URL}<br/>",
to: 'rushimane2606@gmail.com',
attachmentsPattern: 'trivyfs.txt'
}
}
}
๐ Observability Stack
This section details the setup of Prometheus and Node Exporter for monitoring Jenkins and system metrics.
๐น Prometheus Setup (Monitoring VM)
โ Created a dedicated
prometheussystem userโ Installed Prometheus v2.47.1 from official binaries
โ Configured Prometheus as a
systemdserviceโ Exposed port 9090 for the Prometheus web UI
Access Prometheus UI at:
http://<monitor-ip>:9090
๐น Node Exporter (For System Metrics)
โ Installed Node Exporter
โ Set up as a
systemdserviceโ Exposed port 9100
This enables Prometheus to scrape system-level metrics such as CPU, memory, and disk
๐น Prometheus Configuration Example
Here's a sample snippet of the Prometheus prometheus.yml configuration to monitor Node Exporter and Jenkins:
- job_name: 'node_exporter'
static_configs:
- targets: ['<monitor-ip>:9100']
- job_name: 'jenkins'
metrics_path: '/prometheus'
static_configs:
- targets: ['<jenkins-ip>:8080']
๐ธ Installed Grafana
Install Grafana using the package manager:
sudo apt-get install -y grafana
- Start the Grafana service:
sudo systemctl start grafana-server
๐ Access Grafana Dashboard
URL: http://<vm-ip>:3000
๐ Default Login:
Username: admin
Password: admin
๐ Result Dashboards
Here are some key visual outputs from the complete CI/CD pipeline and observability stack:
๐ข Jenkins CI/CD Pipeline
๐ Visual representation of each stage in the pipeline:
Clean WorkspaceCheckout from GitSonarQube AnalysisQuality GateInstall dependencyOWASP FS ScanTrivy FS ScanDocker Image Build & PushDeployment to Kubernetes
๐งช SonarQube Code Quality Report
๐ Detailed analysis including:
Code Smells
Bugs
Vulnerabilities
Duplications
Test Coverage
๐ก๏ธ Trivy Security Scan Report
๐งฐ Displays security scan output with:
CVE Identifiers
Vulnerability Severity Levels
Affected Packages (OS, dependencies, etc.)
๐ก Prometheus Monitoring Targets
๐ง Prometheus Target View shows:
Scraped Jenkins metrics (
/prometheus)Node Exporter system metrics
๐ Grafana System & CI/CD Dashboards
๐ Real-time visualizations for:
CPU, RAM, Disk Utilization (Node Exporter)
Jenkins Build Metrics (Job duration, status, queue time)
BookMyShow App:
โ Final Thoughts
Demonstrates complete CI/CD with security, quality, containerization, and observability.
Can be extended to ArgoCD, GitOps, Kustomize, or Helm in future.
Forked from KastroVKiran's repo (https://github.com/KastroVKiran/Book-My-Show)
Thanks to KastroVKiran for the original app code
Subscribe to my newsletter
Read articles from Rushikesh Mane directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by