End-to-End DevOps Pipeline for BookMyShow Clone using Jenkins, EKS & Observability Stack

Rushikesh ManeRushikesh Mane
9 min read

๐Ÿš€ Deploying and monitoring a full-stack application on AWS EKS with security scans, quality gates, and observability.


๐ŸŽฌ Project Overview

This blog demonstrates the deployment of a Book My Show Clone application through a complete DevOps pipeline. The project includes CI/CD with Jenkins, Dockerized deployment to EKS, security via Trivy and OWASP, quality gate checks using SonarQube, and full observability using Prometheus and Grafana.


๐Ÿ“Œ GitHub Repo: rushi2828/Book-My-Show-Clone


๐Ÿ”ง Tech Stack

ToolPurpose
JenkinsCI/CD Pipeline
Docker & DockerHubContainerization & Image Registry
SonarQubeCode Quality Analysis
Trivy & OWASPSecurity Scanning
Amazon EKSKubernetes Cluster
Prometheus & GrafanaMonitoring & Visualization
NodeJS & npmFrontend App Dependencies
AWS CLI, kubectl, eksctlInfrastructure Automation

Step-by-Step Setup

Jenkins Setup

Install Jenkins using a shell script:

#!/bin/bash
# Install OpenJDK 17 JRE Headless
sudo apt install openjdk-17-jre-headless -y
# Download Jenkins GPG key
sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
  https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
# Add Jenkins repository to package manager sources
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
  /etc/apt/sources.list.d/jenkins.list > /dev/null
# Update package manager repositories
sudo apt-get update
# Install Jenkins
sudo apt-get install jenkins -y

โœ… Installed Jenkins Plugins

To enable smooth CI/CD integrations and DevSecOps practices, the following plugins have been installed in Jenkins:

  • SonarQube Scanner
    For static code analysis and code quality metrics.

  • Docker Pipeline
    Enables building and running Docker containers within pipeline scripts.

  • Docker Commons
    Provides shared Docker functionality for other Docker-related plugins.

  • NodeJS Plugin
    Integrates Node.js and npm into Jenkins builds.

  • OWASP Dependency Check
    Performs security vulnerability analysis on project dependencies.

  • Kubernetes CLI Plugin
    Allows kubectl commands to be executed in Jenkins pipelines.

  • Prometheus Metrics Plugin
    Exposes Jenkins metrics in Prometheus format for observability.

  • Email Extension Plugin
    Advanced email notifications during pipeline stages.


๐Ÿ” Global Credentials Configuration

To securely interact with external tools, the following credentials are configured under Manage Jenkins > Credentials:

Credential IDDescriptionType
dockerDockerHub login credentialsUsername/Password
Sonar-tokenSonarQube authentication tokenSecret Text
email-credsGmail SMTP token for notificationsUsername/Password

โœ… SonarQube Webhook Setup (for Jenkins Integration)

To trigger quality gate status in Jenkins after a SonarQube scan, configure a webhook:

  • Go to SonarQube โ†’ Administration โ†’ Webhooks

  • Click Create Webhook

  • Set

    Name: jenkins URL: http://<public-ip>:8080/sonarqube-webhook/

  • /sonarqube-webhook/` is included** at the end โ€” it's required for Jenkins to receive the response.

    This enables Jenkins to wait for the SonarQube quality gate result before proceeding.


Docker, Trivy & SonarQube Setup

Install Docker & Login to DockerHub

#Dcoker.sh

#!/bin/bash

# Update package manager repositories
sudo apt-get update

# Install necessary dependencies
sudo apt-get install -y ca-certificates curl

# Create directory for Docker GPG key
sudo install -m 0755 -d /etc/apt/keyrings

# Download Docker's GPG key
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc

# Ensure proper permissions for the key
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add Docker repository to Apt sources
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Update package manager repositories
sudo apt-get update

sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
  • If you unable to pull command and getting an error then add permission to the docker.sock

sudo chmod 666 /var/run/docker.sock

Login to DockerHub

# docker hub login 
docker login -u <username> 
password

๐Ÿ” Install Trivy (Vulnerability Scanner)

# trivy.sh
#!/bin/bash
sudo apt-get install wget apt-transport-https gnupg
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy

๐Ÿ“Š Run SonarQube using Docker

docker run -d --name sonar -p 9000:9000 sonarqube:lts-community

  • ๐Ÿ”— Access SonarQube: http://<public-ip>:9000

  • ๐Ÿ” Default Credentials: admin / admin


3๏ธโƒฃ Create EKS Cluster

This section guides you through creating an Amazon EKS Cluster using eksctl, along with the necessary IAM policies and tooling.


๐Ÿ” Step 1: Create IAM User with Required Policies

Attach the following Managed Policies to your IAM user:

  • AmazonEC2FullAccess

  • AmazonEKSClusterPolicy

  • AmazonEKSWorkerNodePolicy

  • AWSCloudFormationFullAccess

  • AmazonEKS_CNI_Policy

Additionally, add this Inline Policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "eks:*",
            "Resource": "*"
        }
    ]
}

๐Ÿ› ๏ธ Step 2: Install AWS CLI, kubectl, and eksctl

  • Install AWS CLI:
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo apt install unzip
unzip awscliv2.zip
sudo ./aws/install
  • Install kubectl
curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin
kubectl version --short --client
  • Install eksctl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version

โ˜๏ธ Step 3: Create EKS Cluster

eksctl create cluster --name=bms-eks --region=ap-south-1 --without-nodegroup

Associate the OIDC provider:

eksctl utils associate-iam-oidc-provider \
    --region ap-south-1 \
    --cluster bms-eks \
    --approve

๐Ÿงฑ Step 4: Create Node Group

eksctl create nodegroup --cluster=bms-eks \
                       --region=ap-south-1 \
                       --name=node2 \
                       --node-type=t3.medium \
                       --nodes=3 \
                       --nodes-min=2 \
                       --nodes-max=4 \
                       --node-volume-size=20 \
                       --ssh-access \
                       --ssh-public-key=rushi-hp \
                       --managed \
                       --asg-access \
                       --external-dns-access \
                       --full-ecr-access \
                       --appmesh-access \
                       --alb-ingress-access


โš ๏ธ Important: Before Executing the Kubernetes Stage in Jenkins Pipeline

Before running the Kubernetes-related stages in your Jenkins CI/CD pipeline, ensure that Jenkins has valid AWS credentials and access to the EKS cluster.

Look for a line like this:

jenkins   1234  0.0  0.1 123456 7890 ?  Ssl  12:34  0:00 /usr/bin/java -jar /usr/share/jenkins/jenkins.war

๐Ÿ‘ค Step 2: Switch to the Jenkins User

sudo -su jenkins
pwd        # Output: /home/ubuntu (or relevant path)
whoami     # Output: jenkins

๐Ÿ” Step 3: Configure AWS Credentials

aws configure
  • Enter your AWS Access Key and Secret Key when prompted.

This will generate the credentials file at:

/var/lib/jenkins/.aws/credentials

โœ… Step 4: Verify AWS Credentials

Run command:

aws sts get-caller-identity

Expected output:

{
  "UserId": "EXAMPLEUSERID",
  "Account": "123456789012",
  "Arn": "arn:aws:iam::123456789012:user/example-user"
}

๐Ÿ” Step 5: Restart Jenkins

Exit the jenkins user and restart the Jenkins service:

sudo systemctl restart jenkins

๐Ÿ”„ Step 6: Switch Back and Configure kubeconfig

Switch again to the jenkins user:

sudo -su jenkins
aws eks update-kubeconfig --name bms-eks --region ap-south-1

Jenkins Pipeline (CI/CD)

Here's a simplified Jenkins pipeline setup:

pipeline {
    agent any

    tools {
        jdk 'jdk17'
        nodejs 'node24'
    }

    environment {
        SCANNER_HOME = tool 'sonar-scanner'
        DOCKER_IMAGE = 'rushi2323/bms:latest'
        EKS_CLUSTER_NAME = 'bms-eks'
        AWS_REGION = 'ap-south-1'
    }

    stages {
        stage('Clean Workspace') {
            steps {
                cleanWs()
            }
        }

        stage('Checkout from Git') {
            steps {
                git branch: 'main', url: 'https://github.com/rushi2828/Book-My-Show-Clone'
                sh 'ls -la'  // Verify files after checkout
            }
        }

        stage('SonarQube Analysis') {
            steps {
                withSonarQubeEnv('sonar-server') {
                    sh ''' 
                    $SCANNER_HOME/bin/sonar-scanner \
                        -Dsonar.projectName=BMS \
                        -Dsonar.projectKey=BMS
                    '''
                }
            }
        }

        stage('Quality Gate') {
            steps {
                script {
                    waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-token'
                }
            }
        }

        stage('Install Dependencies') {
            steps {
                sh '''
                cd bookmyshow-app
                ls -la  # Verify package.json exists
                if [ -f package.json ]; then
                    rm -rf node_modules package-lock.json  # Remove old dependencies
                    npm install  # Install fresh dependencies
                else
                    echo "Error: package.json not found in bookmyshow-app!"
                    exit 1
                fi
                '''
            }
        }

        stage('OWASP FS Scan') {
            steps {
                dependencyCheck additionalArguments: '--scan ./ --disableYarnAudit --disableNodeAudit', odcInstallation: 'DP-Check'
                dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
            }
        }

        stage('Trivy FS Scan') {
            steps {
                sh 'trivy fs . > trivyfs.txt'
            }
        }

        stage('Docker Build & Push') {
            steps {
                script {
                    withDockerRegistry(credentialsId: 'docker', toolName: 'docker') {
                        sh ''' 
                        echo "Building Docker image..."
                        docker build --no-cache -t $DOCKER_IMAGE -f bookmyshow-app/Dockerfile bookmyshow-app

                        echo "Pushing Docker image to Docker Hub..."
                        docker push $DOCKER_IMAGE
                        '''
                    }
                }
            }
        }

        stage('Deploy to EKS Cluster') {
            steps {
                script {
                    sh '''
                    echo "Verifying AWS credentials..."
                    aws sts get-caller-identity

                    echo "Configuring kubectl for EKS cluster..."
                    aws eks update-kubeconfig --name $EKS_CLUSTER_NAME --region $AWS_REGION

                    echo "Verifying kubeconfig..."
                    kubectl config view

                    echo "Deploying application to EKS..."
                    kubectl apply -f deployment.yml
                    kubectl apply -f service.yml

                    echo "Verifying deployment..."
                    kubectl get pods
                    kubectl get svc
                    '''
                }
            }
        }
    }
    post {
        always {
            emailext attachLog: true,
                subject: "'${currentBuild.result}'",
                body: "Project: ${env.JOB_NAME}<br/>" +
                      "Build Number: ${env.BUILD_NUMBER}<br/>" +
                      "URL: ${env.BUILD_URL}<br/>",
                to: 'rushimane2606@gmail.com',
                attachmentsPattern: 'trivyfs.txt'
        }
    }
}

๐Ÿ“ˆ Observability Stack

This section details the setup of Prometheus and Node Exporter for monitoring Jenkins and system metrics.


๐Ÿ”น Prometheus Setup (Monitoring VM)

  • โœ… Created a dedicated prometheus system user

  • โœ… Installed Prometheus v2.47.1 from official binaries

  • โœ… Configured Prometheus as a systemd service

  • โœ… Exposed port 9090 for the Prometheus web UI

Access Prometheus UI at:

http://<monitor-ip>:9090


๐Ÿ”น Node Exporter (For System Metrics)

  • โœ… Installed Node Exporter

  • โœ… Set up as a systemd service

  • โœ… Exposed port 9100

  • This enables Prometheus to scrape system-level metrics such as CPU, memory, and disk


๐Ÿ”น Prometheus Configuration Example

Here's a sample snippet of the Prometheus prometheus.yml configuration to monitor Node Exporter and Jenkins:

- job_name: 'node_exporter'
  static_configs:
    - targets: ['<monitor-ip>:9100']

- job_name: 'jenkins'
  metrics_path: '/prometheus'
  static_configs:
    - targets: ['<jenkins-ip>:8080']

๐Ÿ”ธ Installed Grafana

Install Grafana using the package manager:

sudo apt-get install -y grafana
  • Start the Grafana service:
sudo systemctl start grafana-server

๐Ÿ“Š Access Grafana Dashboard

URL: http://<vm-ip>:3000

๐Ÿ” Default Login:

Username: admin

Password: admin


๐Ÿ“Š Result Dashboards

Here are some key visual outputs from the complete CI/CD pipeline and observability stack:


๐ŸŸข Jenkins CI/CD Pipeline

๐Ÿ“Œ Visual representation of each stage in the pipeline:

  • Clean Workspace

  • Checkout from Git

  • SonarQube Analysis

  • Quality Gate

  • Install dependency

  • OWASP FS Scan

  • Trivy FS Scan

  • Docker Image Build & Push

  • Deployment to Kubernetes


๐Ÿงช SonarQube Code Quality Report

๐Ÿ” Detailed analysis including:

  • Code Smells

  • Bugs

  • Vulnerabilities

  • Duplications

  • Test Coverage


๐Ÿ›ก๏ธ Trivy Security Scan Report

๐Ÿงฐ Displays security scan output with:

  • CVE Identifiers

  • Vulnerability Severity Levels

  • Affected Packages (OS, dependencies, etc.)


๐Ÿ“ก Prometheus Monitoring Targets

๐Ÿง  Prometheus Target View shows:

  • Scraped Jenkins metrics (/prometheus)

  • Node Exporter system metrics


๐Ÿ“ˆ Grafana System & CI/CD Dashboards

๐Ÿ“‰ Real-time visualizations for:

  • CPU, RAM, Disk Utilization (Node Exporter)

  • Jenkins Build Metrics (Job duration, status, queue time)

  • BookMyShow App:


โœ… Final Thoughts

0
Subscribe to my newsletter

Read articles from Rushikesh Mane directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Rushikesh Mane
Rushikesh Mane