Hello,
In this blog, We are going to deploy the Reddit clone app on AWS EKS Cluster.
Click here to download the app code
1. Create an EC2 Instance
EC2 is an Compute platform which gives use the ability to create the virtual computer on a cloud.
If you dont have ec2 instance already created then click on the below link to create the EC2 instance step by step.
2. Install Jenkins on EC2 instance
sudo vim jenkins-install.sh#!/bin/bash
sudo su
sudo apt update -y
wget -O - https://packages.adoptium.net/artifactory/api/gpg/key/public | tee /etc/apt/keyrings/adoptium.asc
echo "deb [signed-by=/etc/apt/keyrings/adoptium.asc] https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | tee /etc/apt/sources.list.d/adoptium.list
sudo apt update -y
sudo apt install temurin-17-jdk -y
/usr/bin/java --version
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
/usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update -y
sudo apt-get install jenkins -y
sudo systemctl start jenkins
sudo systemctl enable jenkinssudo chmod 777 jenkins-install.sh
sudo bash jenkins-install.sh3. Install Docker latest version on EC2 instance
sudo apt-get update
sudo apt-get install docker.io -y
sudo usermod -aG docker $USER #my case is ubuntu
newgrp docker
sudo chmod 777 /var/run/docker.sock4. Install and Configure SonarQube on EC2 instance
docker run -d --name sonar -p 9000:9000 sonarqube:lts-community5. Install Latest version of trivy on EC2 instance
sudo apt-get install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y6. Install Latest version of kubectl on EC2 instance
# Install kubectl
sudo apt update
sudo apt install curl -y
curl -LO https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
kubectl version --client7. Install Latest version of Terraform on EC2 instance
# Install Terraform
sudo apt install wget -y
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform8. Install Latest version of aws-cli on EC2 instance
# Install AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo apt-get install unzip -y
unzip awscliv2.zip
sudo ./aws/install9. Install Below Jenkins Plugins
Goto Manage Jenkins →Plugins → Available Plugins →
Install below plugins
- Eclipse Temurin Installer
- SonarQube Scanner
- NodeJs Plugin
- Docker
- Docker Compose
- Docker Pipeline
- Docker API
- Owasp Dependency Check
- Terraform
- Kubernetes
- Kubernetes CLI
- Kubernetes Client API
- OWASP Dependency-Check.
10. Install and configure tools in Global tool configuration
A. Go to Manage Jenkins → Tools → Install JDK(17) → Click on Apply and Save
JDK tool name: jdk17
B. Go to Manage Jenkins → Tools → Install NodeJs(16)→ Click on Apply and Save
Nodejs tool name: node16
C. Manage Jenkins –> Tools –> SonarQube Scanner→ Click on Apply and Save
sonar tool name: sonar-scaner
D. Go to Dashboard → Manage Jenkins → Tools →DP-Check -> Click on Apply and Save
Dependancy check tool name: DP-Check
E. Go to Dashboard → Manage Jenkins → Tools → terraform
tool name: terraform
11. Generate token in SonarQube
Click on Administration → Security → Users → Click on Tokens and Update Token → Give it a name → and click on Generate Token
12. Configure Token in Jenkins
Go to Jenkins Dashboard → Manage Jenkins → Credentials → Add Secret Text. It should look like this
Token Name -> Sonar-token
13. Configure Quality gate in the SonarQube
Administration–> Configuration–>Webhooks -> Click on Create -> Add below details
in url section of quality gate
<http://jenkins-public-ip:8080>/sonarqube-webhookTo see the report, you can go to Sonarqube Server and go to Projects.
14. Add credentials
Add DockerHub Username and Password under Global Credentials
kind: username with password
id: docker
Add Kubernetes credentials
Go to manage Jenkins –> manage credentials –> Click on Jenkins global –> add credentials
kind: secretfile
id: k8s
15. Go to the server by using you have created EKS cluster
aws eks update-kubeconfig --name <clustername> --region <region>It will Generate an Kubernetes configuration file
cd .kube
cat configCopy file that generates and Save it in your local file explorer, at your desired location with any name as text file.
Final jenkins cicd file are as follows:
pipeline{
agent any #Not Configured any agent
tools{
jdk 'jdk17' #configured in gobal tool configuration
nodejs 'node16' #configured in gobal tool configuration
}
environment {
SCANNER_HOME=tool 'sonar-scanner' #configured in Global tool config
}
stages {
stage('clean workspace'){
steps{
cleanWs()
}
}
stage('Checkout from Git'){
steps{
git branch: 'main', url: 'https://github.com/sejal1011/reddit-clone-k8s-ingress.git'
}
}
stage('Install Dependencies') {
steps {
sh "npm install"
}
}
stage("Sonarqube Analysis "){
steps{
withSonarQubeEnv('sonar-server') {
sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Reddit -Dsonar.projectKey=Reddit '''
}
}
}
stage("quality gate"){
steps {
script {
waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-token'
}
}
}
stage('OWASP FS SCAN') {
steps {
dependencyCheck additionalArguments: '--scan ./ --disableYarnAudit --disableNodeAudit', odcInstallation: 'DP-Check'
dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
}
}
stage('TRIVY FS SCAN') {
steps {
sh "trivy fs . > trivyfs.txt"
}
}
stage("Docker Build & Push"){
steps{
script{
withDockerRegistry(credentialsId: 'docker', toolName: 'docker'){
sh "docker build -t reddit ."
sh "docker tag reddit dbkube/reddit:latest "
sh "docker push dbkube/reddit:latest "
}
}
}
}
stage("TRIVY"){
steps{
sh "trivy image dbkube/reddit:latest > trivy.txt"
}
}
stage('Deploy to container'){
steps{
sh 'docker run -d --name reddit -p 3000:3000 sevenajay/reddit:latest'
}
}
stage('Deploy to kubernets'){
steps{
script{
withKubeConfig(caCertificate: '', clusterName: '', contextName: '', credentialsId: 'k8s', namespace: '', restrictKubeConfigAccess: false, serverUrl: '') {
sh 'kubectl apply -f deployment.yml'
sh 'kubectl apply -f service.yml'
sh 'kubectl apply -f ingress.yml'
}
}
}
}
}
}
