DevSecOps Project with EC2, Docker,

Jenkins, Prometheus, Grafana, and

Kubernetes
This project involves deploying a Net�ix application using AWS
EC2, Docker, Jenkins, SonarQube, Trivy, Prometheus, Grafana, and
Kubernetes. It covers phases of setup, security scanning, CI/CD
automation, monitoring, and more.

Phase 1: Launching EC2 Instance

Setting Up EC2
1. EC2 Instance Launch:

• Launched an EC2 instance with Ubuntu OS for the project.

2. Instance Type Selection:

• Choose t2.large instance (2 vCPUs, 8 GB RAM) to e�ciently

handle the workload.

3. Elastic IP Association:

• Associated an Elastic IP to ensure a static public IP address for

consistent access.
 Ec� instance Launching

This ports should be open in this server

Cloning the Application Code

Update and Clone: First, update the instance and clone the
application code from GitHub.
 git clone <URL>

Connecting to the EC� Server

Phase 2: Security Setup

Install Docker: Set up Docker on the EC2 instance to containerize
the application. By using the following commands.

sudo apt-get update

sudo apt-get install docker.io -y
 sudo usermod -aG docker $USER
newgrp docker

The command sudo usermod -aG docker $USER adds the current
user to the docker group. It allows the user to run Docker
commands without needing sudo privileges every time.

Run Docker Container:

Built and ran the Docker container to deploy the application
securely and e�ciently.

docker build -t netflix .

docker run -d --name netflix -p 8081:80 netflix:latest

Docker container
 Accessing the app without TMDB API Key

Rebuild Docker Image with TMDB API Key

1. TMDB?
TMDB (The Movie Database) is an online database that
provides movie and TV show data through an API. We can use
it to fetch information like movie titles, ratings, cast, etc.

2. How to Get TMDB API Key:

• Go to TMDB.

• Create an account or log in.

• Navigate to Account Settings > API.

• Generate a new API key.

 TMDB

3. Why Use TMDB API Key?

• The API key is required to authenticate and get access to

TMDB data.

• Without it, our requests will be rejected.

4. Di�erence With and Without API Key:

• With API Key: Full access to detailed movie information (e.g.,

ratings, cast, genres).

• Without API Key: Limited or no access to data, and the API

will return an error.
5. Rebuild Docker Image with API Key:

Once we have the API key, include it in Docker container to

enable access to TMDB data when the app runs.

Rebuild the Docker image a�er con�guring the API key in

application.

docker build --build-arg TMDB_V3_API_KEY=<your-api-key>

Accessing the app with TMDB API Key

Phase 3: CI/CD Pipeline with Jenkins
In this phase, we will install and con�gure Jenkins on an EC2
instance, set up essential plugins, and de�ne a CI/CD pipeline. The
pipeline will incorporate steps for building, analyzing code quality
(SonarQube), and security scanning (Trivy). This will help us to
automate the development process, ensuring secure and high-
quality applications.

Step 1: Install Jenkins on EC2

Before starting, ensure that we have a Java Development Kit (JDK)
installed, as Jenkins is built on Java and requires it to run.

Install OpenJDK :
Verify Java Installation & Install Jenkins

sudo apt update

sudo apt install fontconfig openjdk-17-jre
java -version
# openjdk version "17.0.8" 2023-07-18
# OpenJDK Runtime Environment (build 17.0.8+7-Debian-1d
# OpenJDK 64-Bit Server VM (build 17.0.8+7-Debian-1deb1

# Jenkins
sudo wget -O /usr/share/keyrings/jenkins-keyring.asc ht
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring
sudo apt-get update
sudo apt-get install jenkins
 sudo systemctl start jenkins
sudo systemctl enable jenkins

Access Jenkins Web Interface: Open browser and navigate

to http://<EC2-public-IP>:8080

Jenkins UI
To unlock Jenkins for the �rst time, get the initial password:

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Use this password to complete the setup. Once done, we will be

able
to install the suggested plugins and set up an admin user.

Step 2: Con�gure Jenkins Plugins

To integrate SonarQube, Docker, and NodeJS into Jenkins, we need
to install the necessary plugins.

Install Necessary Jenkins Plugins

Go to Manage Jenkins > Manage Plugins.
In the Available tab, search for and install the following plugins:

• SonarQube Scanner (for SonarQube integration)

• Docker (to integrate Docker builds)

• NodeJS (if needed for Node.js builds)

• Eclipse Temurin Installer (Install)

* Congu�re Java and Nodejs in Global Tool

Con�guration
Goto Manage Jenkins → Tools → Install JDK(17) and NodeJs(16)→
Click
on Apply and Save.

* OWASP Dependency-Check Con�guration

in Jenkins
OWASP Dependency-Check is a tool that identi�es project
dependencies and checks them for known, publicly disclosed
vulnerabilities. It scans project’s dependencies, such as libraries,
frameworks, and tools, to identify if any have known security
vulnerabilities.

In a DevSecOps pipeline, integrating OWASP Dependency-Check

helps automate the security scanning of project’s dependencies
during the CI/CD process.

Steps to Install and Con�gure OWASP Dependency-

Check in Jenkins

1. Install the OWASP Dependency-Check Plugin

Go to “Dashboard” in Jenkins web interface.

Navigate to “Manage Jenkins” → “Manage Plugins.”

Click on the “Available” tab and search for “OWASP

Dependency-Check Plugin.” Click on Install.
 This plugin will allow Jenkins to scan the dependencies of the
project and report vulnerabilities.

2. Con�gure the OWASP Dependency-Check Tool

in Jenkins
Once the plugin is installed, we need to con�gure the OWASP
Dependency-Check tool in Jenkins:

Go to Jenkins Dashboard → Manage Jenkins → Global Tool

Con�guration.

Scroll down to the OWASP Dependency-Check section.

Click on Add Dependency-Check and provide the following

details:

Name: Give a name to the tool, e.g., DP-Check (this name will
be referenced in the pipeline).

Install automatically: Check this option to allow Jenkins to

download and install the tool automatically.

Directory: Optionally, we can specify a custom directory to

install the tool if needed.

Save con�guration.

This con�guration ensures that Jenkins has access to the

Dependency-Check tool for security scans.
3. Con�gure OWASP Dependency-Check in the
Jenkins Pipeline
To use the Dependency-Check tool within Jenkins pipeline, we will
integrate it into the stages of our pipeline con�guration.
Here’s an example pipeline where OWASP Dependency-Check is
used to scan project dependencies for vulnerabilities:

pipeline {
agent any

tools {
jdk 'jdk17'
nodejs 'node16'
}

environment {
SCANNER_HOME = tool 'sonar-scanner'
}

stages {
stage('Clean Workspace') {
steps {
cleanWs() // Cleans the workspace befor
}
}
stage('Checkout from Git') {
steps {
git branch: 'main', url: '<URL>'
}
 }
stage('Install Dependencies') {
steps {
sh "npm install" // Install Node.js dep
}
}
stage('OWASP Dependency-Check Scan') {
steps {
// Run Dependency-Check scan on the pro
dependencyCheck additionalArguments

// Publish the Dependency-Check report

dependencyCheckPublisher pattern
}
}
}
}

* Install Docker Tools and Docker Plugins:

Go to “Dashboard” in Jenkins web interface.

Navigate to “Manage Jenkins” → “Manage Plugins.”

Click on the “Available” tab and search for “Docker.”

Check the following Docker-related plugins:

Docker

Docker Commons
 Docker Pipeline

Docker API

docker-build-step

Click on the “Install without restart” button to install these

plugins.

Add DockerHub Credentials:

Go to “Dashboard” → “Manage Jenkins” → “Manage
Credentials.”

Click on “System” and then “Global credentials

(unrestricted).”

Click on “Add Credentials” on the le� side.

Choose “Secret text” as the kind of credentials.

Enter DockerHub credentials (Username and Password) and

give the credentials an ID (e.g., “docker”).

Click “OK” to save DockerHub credentials.

Now, we have installed the Dependency-Check plugin, con�gured

the tool, and added Docker-related plugins along with DockerHub
credentials in Jenkins. We can now proceed with con�guring
Jenkins pipeline to include these tools and credentials in the CI/CD
process.
 Pipeline

Security Scanning with SonarQube & Trivy

In this phase, we’ll be con�guring SonarQube and Trivy for
security scanning in the DevSecOps pipeline. This involves
integrating SonarQube with Jenkins for continuous code analysis
and using Trivy to scan Docker images for vulnerabilities.

Install and Con�gure SonarQube with Jenkins

SonarQube is a tool used for static code analysis to �nd bugs, code
smells, and security vulnerabilities. Integrating SonarQube with
Jenkins allows us to run security and quality scans automatically as
part of our CI/CD pipeline.

Here’s how to install and con�gure SonarQube with Jenkins:

Install and Run SonarQube in a Docker Container

First, run SonarQube in a Docker container on our EC2 instance:
 docker run -d --name sonar -p 9000:9000 sonarqube:lts-c

This command will pull the o�cial SonarQube Docker image and
run it in detached mode ( -d ), mapping the container's port 9000
to the EC2 instance's port 9000.

We can access SonarQube at http://<EC2-public-IP>:9000

(default credentials are admin/admin ).

Install SonarQube Plugin in Jenkins:

Open Jenkins in a web browser at http://<EC2-public-

IP>:8080 .

Go to Manage Jenkins > Manage Plugins.

In the Available tab, search for SonarQube Scanner.

Check the box next to SonarQube Scanner and click Install

without restart or with restart.

Con�gure SonarQube Server in Jenkins:

Once the plugin is installed, navigate to Manage Jenkins >

Con�gure System.

Scroll down to SonarQube Servers and click Add SonarQube.

Fill in the following details:
Name: Enter a name for the SonarQube instance (e.g.,
SonarQube).

SonarQube Server URL: http://<EC2-public-IP>:9000 .

Authentication Token: Generate an authentication

token from SonarQube:
Log in as admin and navigate to My Account > Security >
Generate Tokens.

Copy the token and paste it into Jenkins under Authentication

Token.

Click Save.

Con�gure SonarQube Scanner in Jenkins

Now, con�gure the SonarQube Scanner in Jenkins to analyze code
during the CI/CD pipeline.

Go to Global Tool Con�guration:

Navigate to Manage Jenkins > Global Tool Con�guration.

Scroll down to SonarQube Scanner and click Add SonarQube

Scanner.

Give it a name (e.g., SonarQube Scanner).

Select Install automatically to have Jenkins download and

 install the scanner.

We can also choose Install from speci�c location if we have a

custom setup.

Click Save.

Con�gure Jenkins Pipeline for SonarQube Analysis

We can now con�gure a Jenkins pipeline to integrate SonarQube
scanning. Depending on whether we use a Freestyle Project or
Pipeline.

For Pipeline Job (Jenkins�le): If we use a Jenkins�le for pipeline as

code, here’s a basic pipeline setup:

pipeline {
agent any
environment {
SONARQUBE = 'SonarQube' // Name of SonarQube se
}
stages {
stage('Build') {
steps {
script {
// Your build steps here
}
}
}
stage('SonarQube Analysis') {
 steps {
script {
// Run SonarQube Scanner for analys
withSonarQubeEnv('SonarQube'
sh 'mvn clean install sonar:son
}
}
}
}
}
}

SonarQube Analysis

Install and Run Trivy for Docker Image Scanning

Trivy is a simple yet powerful security scanner for Docker images
that detects vulnerabilities and miscon�gurations.

1. Install Trivy on EC2

Run the following command to install Trivy on EC2 instance:

sudo apt-get install trivy

2. Scan Docker Image with Trivy

To scan Docker image for vulnerabilities, run the following
command:

trivy image <imageid>

Replace <image_id> with the ID or name of the Docker image you

want to scan (e.g., netflix:latest ).

The output will show the vulnerabilities detected in the image,

with details like severity and a�ected packages.
 Img scanning through trivy

Integrating SonarQube and Trivy into

Jenkins Pipeline
A�er setting up SonarQube and Trivy, we can integrate both tools
into Jenkins pipeline to scan the code and Docker images
automatically during the CI/CD process.

• SonarQube: Scans the code for quality issues, bugs, code

smells, and security vulnerabilities.

• Trivy: Scans Docker images for known vulnerabilities.

pipeline {
agent any
tools {
jdk 'jdk17'
nodejs 'node16'
}
environment {
SCANNER_HOME = tool 'sonar-scanner'
}
stages {
stage('clean workspace') {
steps {
cleanWs()
}
}
stage('Checkout from Git') {
steps {
git branch: 'main', url: '<URL>'
}
}
stage('SonarQube Analysis') {
steps {
withSonarQubeEnv('sonar-server'
sh '''
$SCANNER_HOME/bin/sonar-scanner -Ds
'''
}
}
}
stage('Quality Gate') {
steps {
script {
waitForQualityGate abortPipeline
}
}
}
stage('Install Dependencies') {
steps {
sh "npm install"
}
}
 stage('OWASP FS Scan') {
steps {
dependencyCheck additionalArguments
dependencyCheckPublisher pattern
}
}
stage('TRIVY FS Scan') {
steps {
sh "trivy fs . > trivyfs.txt"
}
}
stage('Docker Build & Push') {
steps {
script {
withDockerRegistry(credentialsId:
sh "docker build --build-arg TM
sh "docker tag netflix sirishas
sh "docker push sirishassss/net
}
}
}
}
stage('TRIVY Image Scan') {
steps {
sh "trivy image sirishassss/netflix:lat
}
}
stage('Deploy to container') {
steps {
sh 'docker run -d -p 8081:80 sirishasss
}
}
}
 }

Pipeline

Img pushed to DockerHub

Phase 4: Monitoring
We can set up Prometheus and Grafana on the same EC2 instance
as Jenkins server. However, if the instance starts running slowly
because it’s handling both Jenkins and the monitoring tools, it’s
better to separate them.

Instance to setup Monitoring tools

 This ports should be open in this server

• By moving Prometheus and Grafana to a di�erent EC2 instance,

we
can make sure that monitoring doesn’t slow down Jenkins pipeline.
This way, we can keep both Jenkins and the monitoring tools
running smoothly without a�ecting each other.

Install Prometheus and Grafana:

• Set up Prometheus and Grafana to monitor application.

Prometheus is an open-source monitoring tool that collects and

stores metrics as time-series data. It helps monitor applications,
infrastructure, and services, providing powerful querying and
alerting capabilities.

Installing Prometheus:
First, create a dedicated Linux user for Prometheus and
download Prometheus:

sudo useradd --system --no-create-home --shell /bin/

wget https://github.com/prometheus/prometheus/releases

Extract Prometheus �les, move them, and create directories:

tar -xvf prometheus-2.47.1.linux-amd64.tar.gz

cd prometheus-2.47.1.linux-amd64/
sudo mkdir -p /data /etc/prometheus
sudo mv prometheus promtool /usr/local/bin/
sudo mv consoles/ console_libraries/ /etc/prometheus/
sudo mv prometheus.yml /etc/prometheus/prometheus.yml

Set ownership for directories:

sudo chown -R prometheus:prometheus /etc/prometheus/ /d

Create a systemd unit con�guration �le for Prometheus:

sudo nano /etc/systemd/system/prometheus.service

Add the following content to the prometheus.service �le:

[Unit]
Description=Prometheus
Wants=network-online.target
After=network-online.target

StartLimitIntervalSec=500
StartLimitBurst=5

[Service]
User=prometheus
Group=prometheus
Type=simple
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/bin/prometheus \
--config.file=/etc/prometheus/prometheus.yml \
--storage.tsdb.path=/data \
--web.console.templates=/etc/prometheus/consoles \
--web.console.libraries=/etc/prometheus/console_libra
 --web.listen-address=0.0.0.0:9090 \
--web.enable-lifecycle

[Install]
WantedBy=multi-user.target

Brief explanation of the key parts in this prometheus.service �le:

User and Group specify the Linux user and group under
which Prometheus will run.

ExecStart is where we specify the Prometheus binary path,

the location of the con�guration �le ( prometheus.yml ), the
storage directory, and other settings.

web.listen-address con�gures Prometheus to listen on all

network interfaces on port 9090.

web.enable-lifecycle allows for management of Prometheus

through API calls.

Enable and start Prometheus:

sudo systemctl enable prometheus

sudo systemctl start prometheus
 Verify Prometheus’s status:

sudo systemctl status prometheus

We can access Prometheus in a web browser using server’s IP

and port 9090: http://<your-server-ip>:9090

I have added the Targets in the prometheus

Installing Node Exporter:

Node Exporter is an open-source Prometheus exporter that

exposes hardware and OS-level metrics from Linux and Unix-based
systems. It collects data like CPU usage, memory, disk, and
network statistics, allowing Prometheus to monitor system
performance.

Create a system user for Node Exporter and download Node

Exporter:

sudo useradd --system --no-create-home --shell /bin/

wget https://github.com/prometheus/node_exporter/releas

Extract Node Exporter �les, move the binary, and clean up:

tar -xvf node_exporter-1.6.1.linux-amd64.tar.gz

sudo mv node_exporter-1.6.1.linux-amd64/node_exporter /
rm -rf node_exporter*

Create a systemd unit con�guration �le for Node Exporter:

sudo nano /etc/systemd/system/node_exporter.service

Add the following content to the node_exporter.service �le:

[Unit]
Description=Node Exporter
Wants=network-online.target
After=network-online.target

StartLimitIntervalSec=500
StartLimitBurst=5
[Service]
User=node_exporter
Group=node_exporter
Type=simple
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/bin/node_exporter --collector.logi
[Install]
WantedBy=multi-user.target

Enable and start Node Exporter:

 sudo systemctl enable node_exporter
sudo systemctl start node_exporter

Verify the Node Exporter’s status:

sudo systemctl status node_exporter

We can access Node Exporter metrics in Prometheus.

Con�gure Prometheus Plugin Integration:

Integrate Jenkins with Prometheus to monitor the CI/CD

pipeline.

Prometheus Con�guration:

To con�gure Prometheus to scrape metrics from Node

Exporter and Jenkins, you need to modify the prometheus.yml

�le. Here is an example prometheus.yml con�guration for

setup:
 global:
scrape_interval: 15s

scrape_configs:
- job_name: 'node_exporter'
static_configs:
- targets: ['localhost:9100']

- job_name: 'jenkins'
metrics_path: '/prometheus'
static_configs:
- targets: ['<your-jenkins-ip>:<your-jenkins-port

replace <your-jenkins-ip> and <your-jenkins-port> with the

appropriate values for your Jenkins setup.

Check the validity of the con�guration �le:

promtool check config /etc/prometheus/prometheus.yml

Reload the Prometheus con�guration without restarting:

 curl -X POST http://localhost:9090/-/reload

We can access Prometheus targets at: http://<your-

prometheus-ip>:9090/targets

Install Grafana
Grafana is an open-source data visualization and monitoring
platform that allows users to create interactive dashboards. It
integrates with various data sources, including Prometheus, to
visualize time-series data, metrics, and logs for monitoring
applications, infrastructure, and services.

Install Grafana on Ubuntu and Set it up to Work with Prometheus

Step 1: Install Dependencies:

First, ensure that all necessary dependencies are installed:

sudo apt-get update

sudo apt-get install -y apt-transport-https software

Step 2: Add the GPG Key:

Add the GPG key for Grafana:

wget -q -O - https://packages.grafana.com/gpg.key | sud

Step 3: Add Grafana Repository:

Add the repository for Grafana stable releases:

echo "deb https://packages.grafana.com/oss/deb stable m

Step 4:Update the package list and install Grafana:

sudo apt-get update

sudo apt-get -y install grafana

Step 5: Enable and Start Grafana Service:

To automatically start Grafana a�er a reboot, enable the service:

 sudo systemctl enable grafana-server

Then, start Grafana:

sudo systemctl start grafana-server

Step 6: Check Grafana Status:

Verify the status of the Grafana service to ensure it’s running

correctly:

sudo systemctl status grafana-server

Step 7: Access Grafana Web Interface:

Open a web browser and navigate to Grafana using server’s IP

address. The default port for Grafana is 3000. http://<your-server-

ip>:3000
We’ll be prompted to log in to Grafana. The default username is
“admin,” and the default password is also “admin.”

Step 8: Change the Default Password:

When we log in for the �rst time, Grafana will prompt us to change
the default password for security reasons. Follow the prompts to
set a new password.

Step 9: Add Prometheus Data Source:

To visualize metrics, we need to add a data source. Follow these

steps:

Click on the gear icon ( ) in the le� sidebar to open the

“Con�guration” menu.

Select “Data Sources.”

Click on the “Add data source” button.

Choose “Prometheus” as the data source type.

In the “HTTP” section:

Set the “URL” to http://localhost:9090 (assuming

Prometheus is running on the same server).

Click the “Save & Test” button to ensure the data source is
working.
Step 10: Import a Dashboard:

To make it easier to view metrics, we can import a pre-con�gured

dashboard. Follow these steps:

Click on the “+” (plus) icon in the le� sidebar to open the
“Create” menu.

Select “Dashboard.”

Click on the “Import” dashboard option.

Enter the dashboard code we want to import (e.g., code 1860).

Click the “Load” button.

Select the data source we added (Prometheus) from the

dropdown.

Click on the “Import” button.

We should now have a Grafana dashboard set up to visualize

metrics from Prometheus.

Grafana is a powerful tool for creating visualizations and

dashboards,

Con�gure Prometheus Plugin Integration:

Integrate Jenkins with Prometheus to monitor the CI/CD

pipeline.
Grafana dashboard after con�guring Prometheus.

Jenkins Performance and overview

 Node Exporter(Metrics Overview)

Phase 6: Kubernetes Cluster and

Monitoring
EKS Cluster Setup
In this phase, we’ll set up a Kubernetes cluster with node groups in
console. This will provide a scalable environment to deploy and
manage applications.
 EKS Cluster

Cluster

c�alarge instances are nodes for the cluster

 Ports

Setting Up AWS CLI and Con�guring Credentials

Before accessing the EKS cluster, we need to install and con�gure
the AWS CLI. Follow these steps:

Install AWS CLI:

First, we’ll need to install the AWS CLI on our machine. We can do
this by running the following commands:

sudo apt-get update

sudo apt-get install awscli
aws --version
Con�gure AWS CLI with Credentials:

Next, we need to con�gure AWS credentials (which will allow us to

access our AWS account). Run the following command:

aws configure

It will prompt us to enter the following information:

AWS Access Key ID: We can �nd this in our AWS account
(under IAM > Users > [your user] > Security Credentials >
Access keys).

AWS Secret Access Key: This is also available under IAM user’s
security credentials.

Default region name: Enter the region where EKS cluster is

located, such as ap-south-1 or us-east-1 .

Default output format: We can choose between json , text ,

or table (typically json is �ne).

Access the EKS Cluster:

Now the AWS CLI is set up, we can use it to access EKS cluster by
updating kubecon�g �le. Run the following command:
 aws eks update-kubeconfig --name "Cluster-Name"

This will con�gure kubectl to interact with our EKS cluster.

Accessing EKS cluster by updating kubecon�g �le

Monitor Kubernetes with Prometheus

Prometheus is a powerful monitoring and alerting toolkit, and
we’ll use it to monitor Kubernetes cluster. Additionally, we’ll install
the node exporter using Helm to collect metrics from cluster
nodes.

Installing Helm
Helm is a package manager for Kubernetes that simpli�es the
deployment and management of applications and services. It
allows us to easily install and con�gure applications using “charts”
(pre-con�gured Kubernetes resources). To install Prometheus
Node Exporter (and other services) on Kubernetes cluster, we’ll
need to have Helm install

Install Helm on Local Machine or Server:

 sudo apt-get update
sudo apt-get install -y apt-transport-https
curl https://baltocdn.com/helm/signing.asc | sudo apt-k
sudo apt-get install -y helm

Install Node Exporter using Helm

To begin monitoring Kubernetes cluster, we’ll install the
Prometheus Node Exporter. This component allows us to collect
system-level metrics from cluster nodes. Here are the steps to
install the Node Exporter using Helm:

Add the Prometheus Community Helm repository:

helm repo add prometheus-community https://prometheus-c

2. Create a Kubernetes namespace for the Node Exporter:

kubectl create namespace prometheus-node-exporter

3. Install the Node Exporter using Helm:

helm install prometheus-node-exporter prometheus-commun

prometheus-node-exporter installation throuh helm

Add a Job to Scrape Metrics on nodeip:9001/metrics in

prometheus.yml:

Update Prometheus con�guration (prometheus.yml) to add a new

job for scraping metrics from nodeip:9001/metrics. We can do this
by adding the following con�guration to your prometheus.yml �le:

- job_name: 'Netflix(job name)'

metrics_path: '/metrics'
static_configs:
- targets: ['node1Ip:9100']
Reload or restart Prometheus to apply these changes to
con�guration.

To deploy an application with ArgoCD, we can follow these steps:

Deploy Application with ArgoCD

Install ArgoCD:

We can install ArgoCD on Kubernetes cluster by following the

instructions provided in the EKS Workshop documentation.

Argocd installation
 LB

1. Set the GitHub Repository as a Source:

2. A�er installing ArgoCD, we need to set up the GitHub

repository as a source for our application deployment. This
typically involves con�guring the connection to our repository
and de�ning the source for our ArgoCD application. The
speci�c steps will depend on our setup and requirements.

3. Create an ArgoCD Application:

• • name : Set the name for application.

• destination : De�ne the destination where application should

be deployed.

• project : Specify the project the application belongs to.

source : Set the source of application, including the GitHub
repository URL, revision, and the path to the application
within the repository.

syncPolicy : Con�gure the sync policy, including automatic

syncing, pruning, and self-healing.

Argocd
4. Access the Application

• To Access the app make sure port 30007 is open in our security
group and then open a new tab paste NodeIP:30007, our app
should be running.

To access metrics pubi-p of node inst along with port

 Accessing application

Cleanup
Cleanup AWS EC2 Instances:

• Terminate AWS EC2 instances that are no longer needed.