Pre-requisites:
- AWS user with root priviledges
- github repo code access
1. Code access links:
Github code:
https://github.com/jaiswaladi246/10-MicroService-Appliction
Polices attached to IAM User:
https://github.com/jaiswaladi246/EKS-Complete
Original source code:
https://github.com/GoogleCloudPlatform/microservices-demo
2. Create EKS Cluster on AWS EKS:
https://github.com/jaiswaladi246/EKS-Complete/blob/main/Steps-eks.md
- create eks cluster:
eksctl create cluster --name=my-eks22 \
--region=ap-south-1 \
--zones=ap-south-1a,ap-south-1b \
--without-nodegroup2. Associate IAM OIDC Provider:
eksctl utils associate-iam-oidc-provider \
--region ap-south-1 \
--cluster my-eks22 \
--approve3. Create Nodegroup for eks cluster
eksctl create nodegroup --cluster=my-eks22 \
--region=ap-south-1 \
--name=node2 \
--node-type=t3.medium \
--nodes=3 \
--nodes-min=2 \
--nodes-max=4 \
--node-volume-size=20 \
--ssh-access \
--ssh-public-key=Key \
--managed \
--asg-access \
--external-dns-access \
--full-ecr-access \
--appmesh-access \
--alb-ingress-access4. Open INBOUND TRAFFIC IN ADDITIONAL Security Group
3. Create Service account/ROLE/BIND-ROLE/Token
A: Create Service account:
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: webappsB:Create role:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: app-role
namespace: webapps
rules:
- apiGroups:
- ""
- apps
- autoscaling
- batch
- extensions
- policy
- rbac.authorization.k8s.io
resources:
- pods
- componentstatuses
- configmaps
- daemonsets
- deployments
- events
- endpoints
- horizontalpodautoscalers
- ingress
- jobs
- limitranges
- namespaces
- nodes
- pods
- persistentvolumes
- persistentvolumeclaims
- resourcequotas
- replicasets
- replicationcontrollers
- serviceaccounts
- services
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]C: Create Cluster Role binding and Bind Role to the Service account:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: app-rolebinding
namespace: webapps
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: app-role
subjects:
- namespace: webapps
kind: ServiceAccount
name: jenkins D: Create token for service account:
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: mysecretname
annotations:
kubernetes.io/service-account.name: jenkinsCreate the secret by using following command:
below command create the secret for the webapps namespace:
kubectl apply -f sec.yaml -n webappsGet the token for mysecretname secrets that you have created in the above step:
kubectl describe secret mysecretname -n webappsAdd this token in the jenkins as a type of secret
4. Configure jenkins for standalone EC2 instance:
- Plugins to install:
- SonarQube Scanner
- Docker
- Docker Pipeline
- Docker Build Step
- Cloudbees docker build and publish
- Kubernetes
- Kuernetes client API
2. Configure tools in jenkins with the following names:
manage jenkins -> tools:
- Docker installation: docker
- SonarQube Scanner: sonar-scanner
3. Generate token for Sonarqube server:
Used to connect sonarqube server from jenkins
Manage jenkins -> system:
go to administration -> security -> users -> generate token:
4. Add token to jenkins:
manage jenkins -> credentials -> system -> secret text
credential name: sonar-token
5. Adding SonarQube Server in jenkins:
go to manage jenkins -> configure -> sonarqube installation:
- sonar url
- credentials: sonar-token
5. Configure kubnernetes with jenkins:
kubernetes server endpoint: go to eks cluster -> API server endpoint
cluster name: my-eks
namespace: webapps
Complete Jenkinsfile:
pipeline {
agent any
environment {
SCANNER_HOME = tool 'sonar-scanner'
}
stages {
stage('Git Checkout') {
steps {
git branch: 'latest', url: 'https://github.com/jaiswaladi246/10-Tier-MicroService-Appliction.git'
}
}
stage('SonarQube') {
steps {
withSonarQubeEnv('sonar') {
sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectKey=10-Tier -Dsonar.projectName=10-Tier -Dsonar.java.binaries=. '''
}
}
}
stage('adservice') {
steps {
script{
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
dir('/var/lib/jenkins/workspace/10-Tier/src/adservice/') {
sh "docker build -t adijaiswal/adservice:latest ."
sh "docker push adijaiswal/adservice:latest"
sh " docker rmi adijaiswal/adservice:latest"
}
}
}
}
}
stage('cartservice') {
steps {
script{
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
dir('/var/lib/jenkins/workspace/10-Tier/src/cartservice/src/') {
sh "docker build -t adijaiswal/cartservice:latest ."
sh "docker push adijaiswal/cartservice:latest"
sh " docker rmi adijaiswal/cartservice:latest"
}
}
}
}
}
stage('checkoutservice') {
steps {
script{
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
dir('/var/lib/jenkins/workspace/10-Tier/src/checkoutservice/') {
sh "docker build -t adijaiswal/checkoutservice:latest ."
sh "docker push adijaiswal/checkoutservice:latest"
sh " docker rmi adijaiswal/checkoutservice:latest"
}
}
}
}
}
stage('currencyservice') {
steps {
script{
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
dir('/var/lib/jenkins/workspace/10-Tier/src/currencyservice/') {
sh "docker build -t adijaiswal/currencyservice:latest ."
sh "docker push adijaiswal/currencyservice:latest"
sh " docker rmi adijaiswal/currencyservice:latest"
}
}
}
}
}
stage('emailservice') {
steps {
script{
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
dir('/var/lib/jenkins/workspace/10-Tier/src/emailservice/') {
sh "docker build -t adijaiswal/emailservice:latest ."
sh "docker push adijaiswal/emailservice:latest"
sh " docker rmi adijaiswal/emailservice:latest"
}
}
}
}
}
stage('frontend') {
steps {
script{
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
dir('/var/lib/jenkins/workspace/10-Tier/src/frontend/') {
sh "docker build -t adijaiswal/frontend:latest ."
sh "docker push adijaiswal/frontend:latest"
sh " docker rmi adijaiswal/frontend:latest"
}
}
}
}
}
stage('loadgenerator') {
steps {
script{
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
dir('/var/lib/jenkins/workspace/10-Tier/src/loadgenerator/') {
sh "docker build -t adijaiswal/loadgenerator:latest ."
sh "docker push adijaiswal/loadgenerator:latest"
sh " docker rmi adijaiswal/loadgenerator:latest"
}
}
}
}
}
stage('paymentservice') {
steps {
script{
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
dir('/var/lib/jenkins/workspace/10-Tier/src/paymentservice/') {
sh "docker build -t adijaiswal/paymentservice:latest ."
sh "docker push adijaiswal/paymentservice:latest"
sh " docker rmi adijaiswal/paymentservice:latest"
}
}
}
}
}
stage('productcatalogservice') {
steps {
script{
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
dir('/var/lib/jenkins/workspace/10-Tier/src/productcatalogservice/') {
sh "docker build -t adijaiswal/productcatalogservice:latest ."
sh "docker push adijaiswal/productcatalogservice:latest"
sh " docker rmi adijaiswal/productcatalogservice:latest"
}
}
}
}
}
stage('recommendationservice') {
steps {
script{
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
dir('/var/lib/jenkins/workspace/10-Tier/src/recommendationservice/') {
sh "docker build -t adijaiswal/recommendationservice:latest ."
sh "docker push adijaiswal/recommendationservice:latest"
sh " docker rmi adijaiswal/recommendationservice:latest"
}
}
}
}
}
stage('shippingservice') {
steps {
script{
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
dir('/var/lib/jenkins/workspace/10-Tier/src/shippingservice/') {
sh "docker build -t adijaiswal/shippingservice:latest ."
sh "docker push adijaiswal/shippingservice:latest"
sh " docker rmi adijaiswal/shippingservice:latest"
}
}
}
}
}
stage('K8-Deploy') {
steps {
withKubeConfig(caCertificate: '', clusterName: 'my-eks8', contextName: '', credentialsId: 'k8-token', namespace: 'webapps', restrictKubeConfigAccess: false, serverUrl: 'https://2BCD568E04EC6456125F85067AFE81B9.gr7.ap-south-1.eks.amazonaws.com') {
sh 'kubectl apply -f deployment-service.yml'
sh 'kubectl get pods '
sh 'kubectl get svc'
}
}
}
}
}