This repository contains the CI/CD pipeline for a 10-tier microservice application. The pipeline is designed to work with Amazon EKS and includes the following steps:
An IAM user was created with specific policies tailored for working with Amazon EKS.
A Virtual Machine (EC2 instance) was set up on AWS. The following essential CLIs were installed:
- awscli
- kubectl
- eksctl
Additionally, SonarQube was installed for static code analysis and Docker for containerizing the microservices.
The VM was connected to AWS using AWSCLI, utilizing the IAM user security credentials.
An EKS cluster was created using the EKSCTL CLI. The process started with the Master Node and then added Worker Nodes with Autoscaling enabled.
A Service Account was established within EKS and a ROLE with specific access permissions for CRUD operations in EKS. The role was properly bound to the service account.
A Jenkins server was configured to streamline the deployment process. SonarQube, Docker, and Kubernetes were configured inside Jenkins.
A pipeline was developed to perform the following tasks:
- Perform static code analysis using SonarQube.
- Containerize the microservices using Docker.
- Push the images to DockerHub.
- Deploy the 10-tier application to the EKS cluster.
Add above permissions to the IAM user so that it can interact with the EKS cluster
Create a t2.large
EC2 instance with 30GB of EBS volume. Use the below set of commands to setup the required tools
- Install AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo apt install unzip
unzip awscliv2.zip
sudo ./aws/install
- Install Kubectl for EKS
curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.28.3/2023-11-14/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin
- Install EKS
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
- Install JDK 17 and Jenkins
sudo apt install fontconfig openjdk-17-jre -y
sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins -y
- Install Docker and add jenkins user to docker group
sudo apt install docker.io -y
sudo usermod -aG docker jenkins
sudo systemctl restart docker
- Install SonarQube using a Docker image
docker run -d -p 9000:9000 sonarqube:lts-community
Verifying the installations of the required tools
The EC2 instance was connected to the AWS using AWS CLI and then using the command aws configure
to enter the access key ID and secret access key details
Create the EKS cluster using the below command:
eksctl create cluster --name=cluster-name \
--region=ap-south-1 \
--zones=ap-south-1a,ap-south-1b \
--without-nodegroup
eksctl utils associate-iam-oidc-provider \
--region ap-south-1 \
--cluster cluster-name \
--approve
eksctl create nodegroup --cluster=cluster-name \
--region=ap-south-1 \
--name=node2 \
--node-type=t3.medium \
--nodes=2 \
--nodes-min=2 \
--nodes-max=3 \
--node-volume-size=20 \
--ssh-access \
--ssh-public-key=pem-file-name \
--managed \
--asg-access \
--external-dns-access \
--full-ecr-access \
--appmesh-access \
--alb-ingress-access
It will create the master and the worker nodes seperately with auto scaling and load balancing enabled
- Login into the Jenkins
- Install the plugins related to SonarQube, Docker and Kubernetes
- Go to Dashboard > Manage Jenkins > Tools and add SonarQube Scanner and Docker installations
- Go to Dashboard > Manage Jenkins > System and setup the SonarQube server with the server URL and the authentication token generated from SonarQube
Go to the addtional security group inside the EKS cluster and allow All Traffic
under inbound rules
In order to allow jenkins user to be able to communicate with the EKS cluster and perform deployments, create a service account and a role with specific access permissions and then bind that service account to the role.
The service account, role and bind manifest files are located inside k8s
folder. Apply those files using the kubectl apply -f <filename>
command.
Create a secret.yaml file for jenkins so that it can authenticate with the cluster. The file can be accessed from the k8s
folder. Generate the secret by using the following command:
kubectl describe secret mysecretname -n webapps
In order to communicate with the DockerHub repository, store the credentials inside jenkins. Similarily, store the secret token for the service account. The Jenkinsfile for the pipeline is present inside the repository. Once the pipeline is passed successfully use kubectl get pods
and kubectl get svc
to get the list of running pods and the load balancer IP. Hit the IP in the browser to view the application deployed.