This repository contains a full-stack application deployment using modern DevOps practices and cloud-native technologies. The project demonstrates the implementation of Infrastructure as Code (IaC), containerization, orchestration, and continuous integration/deployment (CI/CD) pipelines.
This project implements a complete DevOps lifecycle for a cloud-native application with:
- Infrastructure automation using Terraform
- Container orchestration with Kubernetes (EKS)
- CI/CD implementation using Jenkins
- Artifact management with Nexus
- Code quality with SonarQube
- Security scanning with CodeQL and Veracode
- Monitoring and observability
The infrastructure is completely automated using Terraform with state management and locking enabled through AWS S3.
- VPC Architecture
- Public Subnet: Hosts Bastion Host, VPN, and ALB (Ingress Controller)
- Private Subnet: Houses EKS Cluster
- DB Subnet: Contains RDS (MySQL)
- CIDR blocks properly segmented for each subnet
- NAT Gateway for private subnet internet access
- Internet Gateway for public subnet
- Additional AWS Services
- Route53 for DNS management and service discovery
- CloudFront CDN for static content delivery
- EFS for persistent storage with proper mount targets
- Amazon ECR for secure container registry
- S3 buckets for artifact storage and Terraform state
- KMS for encryption key management
terraform/
βββ 00-vpc/ # VPC and networking
βββ 10-sg/ # Security Groups
βββ 20-bastion/ # Bastion Host
βββ 30-db/ # RDS Database
βββ 40-eks/ # EKS Cluster
βββ 50-acm/ # SSL Certificates
βββ 60-ingress-alb/ # ALB Ingress
βββ 70-ecr/ # Container Registry
Note
For detailed infrastructure setup instructions, please refer to the Infrastructure Setup Guide.
Our application runs on Amazon EKS (Elastic Kubernetes Service) with the following setup:
- EKS version: 1.24+
- Node Groups: Mix of on-demand and spot instances
- Auto-scaling enabled (2-10 nodes)
- Multi-AZ deployment for high availability
- Traffic Flow
- AWS Application Load Balancer (ALB) as entry point
- Ingress Controller for traffic routing
- URL path-based routing
- SSL termination
- Rate limiting
- Kubernetes Services
- ClusterIP for internal communication
- NodePort for debugging
- LoadBalancer for external services
- Application Management
- Deployments
- Rolling updates strategy
- Resource limits and requests
- Health checks and readiness probes
- ConfigMaps
- Environment-specific configurations
- Feature flags
- Application settings
- Secrets
- Credentials management
- Sensitive configuration
- Helm Charts
- Application packaging
- Version management
- Dependency handling
- Storage
- EFS StorageClass
- PersistentVolumeClaims
- Dynamic provisioning
- Deployments
helm/
βββ Chart.yaml
βββ values.yaml
βββ templates/
βββ deployment.yaml
βββ service.yaml
βββ ingress.yaml
βββ configmap.yaml
βββ secret.yaml
βββ hpa.yaml
The continuous integration and deployment pipeline is implemented using Jenkins, triggered by GitHub webhooks.
- Multi-branch pipeline
- Shared libraries for common functions
- Parallel execution where possible
- Timeout and retry mechanisms
- Slack/Email notifications
- Build Initialization
- Dependency installation
- Code checkout
- Environment validation
- Cache restoration
- Code Quality
- SonarQube analysis
- Code coverage requirements
- Security hotspots
- Code smells
- Code coverage reports
- Unit tests
- Integration tests
- SonarQube analysis
- Infrastructure
- Terraform plan and apply
- Infrastructure validation
- Security group verification
- Network connectivity tests
- Containerization
- Multi-stage Dockerfile builds
- Docker image build
- Layer optimization
- Security scanning
- Push to Amazon ECR
- Image scanning
- Deployment
- Helm chart validation
- Kubernetes manifest generation
- Rolling deployment
- Smoke tests
- Rollback procedures
pipeline {
agent {
label 'AGENT-1'
}
environment {
// Environment variables
}
stages {
stage('Build') {
// Build stage
}
stage('Test') {
// Test stage
}
// Additional stages
}
post {
// Post-build actions
}
}- AWS Account with appropriate permissions
- Domain name for application
- GitHub repository
- Docker installed locally
- kubectl and helm installed
- Terraform installed
- Create EC2 instance for Jenkins
- Instance type: t3.large (minimum)
- Storage: 30GB+ EBS
- Security Group: Ports 22, 8080
- Execute the setup script:
sh jenkins.sh
- Access Jenkins UI at
http://<jenkins-ip>:8080 - Follow initial setup wizard using the password from:
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
- Install required plugins:
- Pipeline
- Git
- Docker
- Kubernetes
- SonarQube Scanner
- Nexus Artifact Uploader
- Create EC2 instance for Jenkins agent
- Instance type: t3.medium (minimum)
- Storage: 50GB+ EBS
- Configure AWS credentials:
aws configure
- Run the agent setup script:
sh jenkins-agent.sh
- Install required tools:
- Docker
- kubectl
- helm
- terraform
- aws-cli
- Access Nexus UI at
http://<nexus-ip>:8081 - Create Maven repositories:
- Create hosted repository named "backend"
- Set version policy to "mixed"
- Set layout policy to "permissive"
- Allow redeployment
- Configure Jenkins-Nexus integration:
- Install "Nexus Artifact Uploader" plugin in Jenkins
- Add Nexus credentials in Jenkins
- Configure repository URLs
- Create Docker repository:
- Type: hosted
- HTTP port: 8083
- Enable Docker V1 API
- Launch SonarQube instance (t3.medium recommended)
- Instance type: t3.medium
- Storage: 30GB EBS
- Security Group: Ports 22, 9000
- Access SonarQube UI at
http://<sonarqube-ip>:9000 - Jenkins Integration:
- Install SonarQube Scanner plugin
- Configure SonarQube server in Jenkins
- Add authentication token
- Setup webhooks for analysis feedback
- Configure Quality Gates:
- Code Coverage: 80%
- Duplicated Lines: 3%
- Maintainability Rating: A
- Security Rating: A
- Reliability Rating: A
- Metrics
- Prometheus for metrics collection
- Grafana for visualization
- Custom dashboards for:
- Application metrics
- Infrastructure metrics
- Business metrics
- Logging
- ELK Stack
- Log rotation
- Log aggregation
- Alerting
- PagerDuty integration
- Slack notifications
- Email alerts
- Quality Gates:
- Configured in SonarQube for code quality metrics
- Branch protection rules
- Required reviews
- Security Scanning:
- CodeQL analysis enabled
- DAST scanning using Veracode
- Container scanning
- Dependency scanning
- Monitoring:
- Kubernetes metrics
- Application performance monitoring
- Infrastructure health checks
- Custom metrics
- Bastion host for secure access
- Private subnets for sensitive resources
- IAM roles and policies
- Network security groups
- Regular security scanning
- Encrypted communication
- HTTPS everywhere
- WAF rules
- Rate limiting
- Input validation
- Output encoding
- CSRF protection
- XSS prevention
- Secrets management
- Pipeline security
- Image scanning
- Dependency checking
- Compliance validation
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
If you find this repository helpful, consider:
β
Starring β the repository to support the project!
β
Forking π΄ and contributing improvements or new installation guides
β
Reporting π₯ issues or suggestions via GitHub Issues
Important
We encourage you to be an active part of our community:
- Join Our Telegram Community: Connect with fellow DevOps enthusiasts, ask questions, and share your progress in our Telegram group.
- Follow Me on GitHub: Stay updated with new content by following me on GitHub.
π¨βπ» Created & Maintained by: H A R S H H A A
π Connect with Me:
π© Need help or suggestions? Feel free to reach out! π
If you're using this repo for learning or reference, please give it a β. It motivates me to create more awesome content! π
