This repository contains the CI/CD pipeline for a 10-tier microservice application. The pipeline is designed to work with Amazon EKS and includes the following steps:

An IAM user was created with specific policies tailored for working with Amazon EKS.

A Virtual Machine (EC2 instance) was set up on AWS. The following essential CLIs were installed:

• awscli
• kubectl
• eksctl

Additionally, SonarQube was installed for static code analysis and Docker for containerizing the microservices.

The VM was connected to AWS using AWSCLI, utilizing the IAM user security credentials.

An EKS cluster was created using the EKSCTL CLI. The process started with the Master Node and then added Worker Nodes with Autoscaling enabled.

A Service Account was established within EKS and a ROLE with specific access permissions for CRUD operations in EKS. The role was properly bound to the service account.

A Jenkins server was configured to streamline the deployment process. SonarQube, Docker, and Kubernetes were configured inside Jenkins.

A pipeline was developed to perform the following tasks:

• Perform static code analysis using SonarQube.
• Containerize the microservices using Docker.
• Push the images to DockerHub.
• Deploy the 10-tier application to the EKS cluster.

Add above permissions to the IAM user so that it can interact with the EKS cluster

Create a t2.large EC2 instance with 30GB of EBS volume. Use the below set of commands to setup the required tools

• Install AWS CLI

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo apt install unzip
unzip awscliv2.zip
sudo ./aws/install

• Install Kubectl for EKS

curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.28.3/2023-11-14/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin

• Install EKS

curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin

• Install JDK 17 and Jenkins

sudo apt install fontconfig openjdk-17-jre -y
sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
  https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
  /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins -y

• Install Docker and add jenkins user to docker group

sudo apt install docker.io -y
sudo usermod -aG docker jenkins
sudo systemctl restart docker

• Install SonarQube using a Docker image

docker run -d -p 9000:9000 sonarqube:lts-community

Verifying the installations of the required tools

The EC2 instance was connected to the AWS using AWS CLI and then using the command aws configure to enter the access key ID and secret access key details

Create the EKS cluster using the below command:

eksctl create cluster --name=cluster-name \
		      --region=ap-south-1 \
		      --zones=ap-south-1a,ap-south-1b \
		      --without-nodegroup

eksctl utils associate-iam-oidc-provider \
    --region ap-south-1 \
    --cluster cluster-name \
    --approve

eksctl create nodegroup --cluster=cluster-name \
			--region=ap-south-1 \
			--name=node2 \
			--node-type=t3.medium \
			--nodes=2 \
			--nodes-min=2 \
			--nodes-max=3 \
			--node-volume-size=20 \
			--ssh-access \
			--ssh-public-key=pem-file-name \
			--managed \
			--asg-access \
			--external-dns-access \
			--full-ecr-access \
			--appmesh-access \
			--alb-ingress-access

It will create the master and the worker nodes seperately with auto scaling and load balancing enabled

• Login into the Jenkins
• Install the plugins related to SonarQube, Docker and Kubernetes

• Go to Dashboard > Manage Jenkins > Tools and add SonarQube Scanner and Docker installations

• Go to Dashboard > Manage Jenkins > System and setup the SonarQube server with the server URL and the authentication token generated from SonarQube

Go to the addtional security group inside the EKS cluster and allow All Traffic under inbound rules

In order to allow jenkins user to be able to communicate with the EKS cluster and perform deployments, create a service account and a role with specific access permissions and then bind that service account to the role. The service account, role and bind manifest files are located inside k8s folder. Apply those files using the kubectl apply -f <filename> command.

Create a secret.yaml file for jenkins so that it can authenticate with the cluster. The file can be accessed from the k8s folder. Generate the secret by using the following command:

kubectl describe secret mysecretname -n webapps

In order to communicate with the DockerHub repository, store the credentials inside jenkins. Similarily, store the secret token for the service account. The Jenkinsfile for the pipeline is present inside the repository. Once the pipeline is passed successfully use kubectl get pods and kubectl get svc to get the list of running pods and the load balancer IP. Hit the IP in the browser to view the application deployed.