Scribd
Upload
57 views25 pages

Production Level CICD Pipeline Project Notes

Uploaded by

Varun T Manoharan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
57 views25 pages

Production Level CICD Pipeline Project Notes

Uploaded by

Varun T Manoharan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

Divya satpute

Production Level CICD Pipeline Project |


CICD DevOps Project

Divya Satpute

@TeaCode1122

@TeaCode1122
Divya satpute

What we are doing ????

1. Setup Repo

2. Set-Up Required Servers[Jenkins, SonarQube, Nexus, Monitoring Tools

3. Configure Tools

4. Create The Pipelines & Create EKS Clusters

5. Trigger The Pipeline To Deploy the Application

6. Assign a Custom domain to the deployed application

7. Monitor The Application

Prerequisites

Step 1
Setting up EKS Cluster Using Terraform
AWS Console launch server for terraform

t2 medium

40 storage

open this Ports inbound rule on security group

update repo

$sudo apt update -y

Install AWS CLI

$curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

sudo apt install unzip

unzip awscliv2.zip

sudo ./aws/install

@TeaCode1122
Divya satpute

AWS Configure Provide Access key and Secret key on Aws Console

aws configure

Install Kubectl

$curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-


05/bin/linux/amd64/kubectl

$chmod +x ./kubectl

$sudo mv ./kubectl /usr/local/bin

$kubectl version --short --client

Installation of Terafform

$sudo snap install terraform --classic

terraform --version

clone the Repo for EKS Terraform Script

$git clone https://github.com/divyasatpute/FullStack-Blogging-App.git

change directory

$cd FullStack-Blogging-App/

change directory

$cd EKS_Terraform/

In Variables.tf file you just need to change Your key name

AND in main.tf file you just need to change region and availability zone as per your requirement

@TeaCode1122
Divya satpute

Now terraform initialization

$terraform init

$terraform plan

$terraform apply --auto-approve

In Order to communicate with aws eks cluster we need to update our kubeconfig file

$aws eks --region ap-south-1 update-kubeconfig --name devopsshack-cluster

Step 2

40 GB Storage

Launch 1 EC2 Machine one for Jenkins

t2.large

40 GB storage

@TeaCode1122
Divya satpute

Connect them with using gitbash

Installation Jenkins
step 1
Install java (latest stable version)

$sudo apt install openjdk-17-jre-headless -y

Install Jenkins

$vi 1.sh

Paste the all command in 1.sh file

$sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \

https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key

echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \

https://pkg.jenkins.io/debian-stable binary/ | sudo tee \

/etc/apt/sources.list.d/jenkins.list > /dev/null

sudo apt-get update

sudo apt-get install jenkins -y

Change the permission

$sudo chmod +x 1.sh

Run the file

$./1.sh

@TeaCode1122
Divya satpute

Installation docker on Jenkins machine


Install docker

$sudo apt install docker.io -y

change permission

$sudo chmod 666 /var/run/docker.sock

Installation Trivy on Jenkins machine


$sudo apt-get install wget apt-transport-https gnupg lsb-release

wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -

echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a


/etc/apt/sources.list.d/trivy.list

sudo apt-get update

sudo apt-get install trivy -y

Installation kubectl on Jenkins machine


$curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-
05/bin/linux/amd64/kubectl

chmod +x ./kubectl

@TeaCode1122
Divya satpute

sudo mv ./kubectl /usr/local/bin

kubectl version --short --client

Installation Nexus as a docker container


update machine

$sudo apt update -y

Install docker

$sudo apt install docker.io -y

Create container

$sudo docker run -d -p 8081:8081 sonatype/nexus3

Access your Nexus On Browser http://PUBLIC_IP:8081/

our Nexus up and running but password is stored inside the container so for that we need to go
inside the container

$sudo docker exec -it 629f2dda1a74 /bin/bash

$cd sonatype-work/nexus3/

$cat admin.password

here you can got password

Now You Can See Our Nexus also working fine and able to sign in

@TeaCode1122
Divya satpute

Nexus Configuration
Go to nexus dashboard --> click on settings ---> click on repositories

copy the Maven-releases URL and Maven snapshot URL and paste it on POX.XML file

@TeaCode1122
Divya satpute

for credentials go to Jenkins Dashboard --->click on manage Jenkins---> Managed files---> click on
Add new Config--->Global Maven settings.xml--->provide id "anything"---> click on next

Installation SonarQube as a docker container


update machine

$sudo apt update -y

Install docker

$sudo apt install docker.io -y

Create container

@TeaCode1122
Divya satpute

$sudo docker run -it -p 9000:9000 sonarqube:lts-community

Configuration on Jenkins
Installation Plugins
SonarQube Scanner

Config File Provider

Maven Integration

Pipeline Maven Integration

Kubernetes

Kubernetes Client API

Kubernetes Credentials

Kubernetes CLI

Kubernetes Credentials Provider

Docker Pipeline

Docker Commons

Docker

Eclipse Temurin installer

Pipeline: Stage View

@TeaCode1122
Divya satpute

Configuration System
Sonar Scanner

Configuration tools
Go to Manage jenkins ----> tools

add SonarQube Scanner

add Maven

Add Docker

@TeaCode1122
Divya satpute

@TeaCode1122
Divya satpute

@TeaCode1122
Divya satpute

Deployment
Create Service Account, Role & Assign that role, And create a secret for Service Account and
generate a Token

Create namespace

$kubectl create ns webapps

Creating Service Account

$vi svc.yml

apiVersion: v1

kind: ServiceAccount

metadata:

name: jenkins

namespace: webapps

kubectl apply -f svc.yml

Create Role

$vi role.yml

apiVersion: rbac.authorization.k8s.io/v1

kind: Role

@TeaCode1122
Divya satpute

metadata:

name: app-role

namespace: webapps

rules:

- apiGroups:

- ""

- apps

- autoscaling

- batch

- extensions

- policy

- rbac.authorization.k8s.io

resources:

- pods

- componentstatuses

- configmaps

- daemonsets

- deployments

- events

- endpoints

- horizontalpodautoscalers

- ingress

- jobs

- limitranges

- namespaces

- nodes

- secrets

- pods

- persistentvolumes

- persistentvolumeclaims

- resourcequotas

@TeaCode1122
Divya satpute

- replicasets

- replicationcontrollers

- serviceaccounts

- services

verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

$kubectl apply -f role.yml

Bind the role to service account

$vi bind.yml

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

name: app-rolebinding

namespace: webapps

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

name: app-role

subjects:

- namespace: webapps

kind: ServiceAccount

name: jenkins

kubectl apply -f bind.yml

for token

vi jen.secret.yml

apiVersion: v1

kind: Secret

type: kubernetes.io/service-account-token

metadata:

name: mysecretname

annotations:

kubernetes.io/service-account.name: jenkins

@TeaCode1122
Divya satpute

$kubectl apply -f jen.secret.yml -n webapps

for docker secret

kubectl create secret docker-registry regcred \

--docker-server=https://index.docker.io/v1/ \

--docker-username=divyasatpute \

--docker-password=123654 \

--namespace=webapps

$kubectl describe secrets mysecretname -n webapps

Pipeline
pipeline {

agent any

tools {

jdk 'jdk17'

maven 'maven3'

environment{

@TeaCode1122
Divya satpute

SCANNER_HOME= tool 'sonar-scanner'

stages {

stage('Git Checkout') {

steps {

git branch: 'main', credentialsId: 'git-cred', url: 'https://github.com/divyasatpute/full-stack-


app-project.git'

stage('Compile') {

steps {

sh 'mvn compile'

stage('Test') {

steps {

sh 'mvn test'

stage('Trivy fs scan') {

steps {

sh 'trivy fs --format table -o fs.html .'

stage('SonarQube Analysis') {

steps {

withSonarQubeEnv('sonar-server') {

sh '''$SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Blogging-app -
Dsonar.projectKey=Blogging-app \

-Dsonar.java.binaries=target'''

@TeaCode1122
Divya satpute

stage('Build') {

steps {

sh 'mvn clean package'

stage('Publish Artifacts') {

steps {

withMaven(globalMavenSettingsConfig: 'maven-settings', jdk: 'jdk17', maven: 'maven3',


mavenSettingsConfig: '', traceability: true) {

sh 'mvn deploy'

stage('Docker Build & Tag ') {

steps {

script{

withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {

sh 'docker build -t divyasatpute/bloggingapp:latest . --no-cache '

stage('Trivy image scan') {

steps {

sh 'trivy image --format table -o image.html divyasatpute/bloggingapp:latest'

stage('Docker Push') {

@TeaCode1122
Divya satpute

steps {

script{

withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {

sh 'docker push divyasatpute/bloggingapp:latest'

stage('k8-Deploy') {

steps {

withKubeConfig(caCertificate: '', clusterName: 'devopsshack-cluster', contextName: '',


credentialsId: 'k8-cred', namespace: 'webapps', restrictKubeConfigAccess: false, serverUrl:
'https://0D7DFCF662ECC24043497267C6A5BDEB.gr7.ap-south-1.eks.amazonaws.com') {

sh 'kubectl apply -f deployment-service.yml'

sleep 20

stage('verify the Deployment') {

steps {

withKubeConfig(caCertificate: '', clusterName: 'devopsshack-cluster', contextName: '',


credentialsId: 'k8-cred', namespace: 'webapps', restrictKubeConfigAccess: false, serverUrl:
'https://0D7DFCF662ECC24043497267C6A5BDEB.gr7.ap-south-1.eks.amazonaws.com') {

sh 'kubectl get pods'

sh 'kubectl get svc'

@TeaCode1122
Divya satpute

Installation Monitaring tool


$sudo apt update -y

$wget https://github.com/prometheus/prometheus/releases/download/v3.0.0-
beta.0/prometheus-3.0.0-beta.0.linux-amd64.tar.gz

$tar -xvf prometheus-3.0.0-beta.0.linux-amd64.tar.gz

$wget
https://github.com/prometheus/blackbox_exporter/releases/download/v0.25.0/blackbox_export
er-0.25.0.linux-amd64.tar.gz

$tar -xvf blackbox_exporter-0.25.0.linux-amd64.tar.gz

$cd prometheus-3.0.0-beta.0.linux-amd64

$./prometheus &

$cd prometheus-3.0.0-beta.0.linux-amd64

$vi prometheus.yml

access prometheus http://13.232.13.30:9090

for blackbox exporter

$cd blackbox_exporter-0.25.0.linux-amd64

$./blackbox_exporter &

access blackbox http://13.232.13.30:9090

@TeaCode1122
Divya satpute

For Grafana
$sudo apt-get install -y adduser libfontconfig1 musl

$wget https://dl.grafana.com/enterprise/release/grafana-enterprise_11.2.0_amd64.deb

$sudo dpkg -i grafana-enterprise_11.2.0_amd64.deb

$sudo /bin/systemctl start grafana-server

@TeaCode1122
Divya satpute

Test Results

@TeaCode1122
Divya satpute

@TeaCode1122
Divya satpute

Thanks youuu did it hurrayyyyy

@TeaCode1122

You might also like