The latest articles on DEV Community by bhaktraj (@bhaktraj). https://dev.to/bhaktraj https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F745268%2Fb27c5c47-6bac-4877-84a4-6472557b2849.jpg https://dev.to/bhaktraj en bhaktraj Sat, 03 Jan 2026 02:41:25 +0000 https://dev.to/bhaktraj/how-to-compile-and-install-python-312-on-amazon-linux-2-lcg https://dev.to/bhaktraj/how-to-compile-and-install-python-312-on-amazon-linux-2-lcg <p><strong>🧠 Introduction</strong></p> <p>Amazon Linux 2 does not provide Python 3.12 via default repositories.<br> To use the latest Python features, better performance, and modern TLS security, we must compile Python from source.</p> <p>This script:</p> <ol> <li>Builds OpenSSL 1.1.1 manually</li> <li>Compiles Python 3.12 against it</li> <li>Installs Python without breaking system Python</li> <li>Creates a virtual environment safely</li> </ol> <p><strong>🔹 Script Overview – What This Script Does</strong></p> <p>✔ Updates the system<br> ✔ Installs development tools<br> ✔ Builds OpenSSL from source<br> ✔ Sets environment variables for secure compilation<br> ✔ Builds Python 3.12 from source<br> ✔ Installs Python safely using altinstall<br> ✔ Creates a Python virtual environment<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">sudo </span>yum update <span class="nb">sudo </span>yum groupinstall <span class="nt">-y</span> <span class="s2">"Development Tools"</span> <span class="c"># sudo yum install -y openssl-devel bzip2-devel libffi-devel zlib-devel readline-devel sqlite-devel ncurses-devel gdbm-devel db4-devel expat-devel</span> <span class="nb">sudo </span>yum <span class="nb">install</span> <span class="nt">-y</span> openssl-devel bzip2-devel libffi-devel zlib-devel <span class="se">\</span> readline-devel sqlite-devel ncurses-devel gdbm-devel <span class="se">\</span> db4-devel expat-devel <span class="nb">sudo </span>yum <span class="nb">install</span> <span class="nt">-y</span> gcc gcc-c++ make perl-core zlib-devel <span class="nb">cd</span> /tmp/ wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz <span class="nb">tar </span>xzf openssl-1.1.1w.tar.gz <span class="nb">cd </span>openssl-1.1.1w ./config <span class="nt">--prefix</span><span class="o">=</span>/usr/local/openssl <span class="nt">--openssldir</span><span class="o">=</span>/usr/local/openssl shared zlib make <span class="nt">-j</span> <span class="si">$(</span><span class="nb">nproc</span><span class="si">)</span> <span class="nb">sudo </span>make <span class="nb">install echo</span> <span class="s1">'/usr/local/openssl/lib'</span> | <span class="nb">sudo tee</span> /etc/ld.so.conf.d/openssl.conf <span class="nb">sudo </span>ldconfig <span class="nb">export </span><span class="nv">PATH</span><span class="o">=</span><span class="s2">"/usr/local/openssl/bin:</span><span class="nv">$PATH</span><span class="s2">"</span> <span class="nb">export </span><span class="nv">LD_LIBRARY_PATH</span><span class="o">=</span><span class="s2">"/usr/local/openssl/lib:</span><span class="nv">$LD_LIBRARY_PATH</span><span class="s2">"</span> <span class="nb">export </span><span class="nv">PKG_CONFIG_PATH</span><span class="o">=</span><span class="s2">"/usr/local/openssl/lib/pkgconfig:</span><span class="nv">$PKG_CONFIG_PATH</span><span class="s2">"</span> <span class="nb">export </span><span class="nv">CPPFLAGS</span><span class="o">=</span><span class="s2">"-I/usr/local/openssl/include"</span> <span class="nb">export </span><span class="nv">LDFLAGS</span><span class="o">=</span><span class="s2">"-L/usr/local/openssl/lib"</span> <span class="nb">sudo </span>yum <span class="nb">install</span> <span class="nt">-y</span> xz-devel libuuid-devel tk-devel tcl-devel openssl version <span class="nb">cd</span> /tmp/ wget https://www.python.org/ftp/python/3.12.0/Python-3.12.0.tgz <span class="nb">tar </span>xzf Python-3.12.0.tgz <span class="nb">cd </span>Python-3.12.0 <span class="c"># Configure the Python build.</span> <span class="c"># --enable-optimizations: improves performance by running multiple tests during build (optional but recommended)</span> <span class="c"># --with-openssl=/usr/include/openssl: ensures Python is compiled with the system's OpenSSL library for secure connections</span> ./configure <span class="nt">--prefix</span><span class="o">=</span>/usr/local <span class="nt">--enable-optimizations</span> <span class="nt">--with-ensurepip</span><span class="o">=</span><span class="nb">install </span>make <span class="nt">-j</span> <span class="si">$(</span><span class="nb">nproc</span><span class="si">)</span> <span class="nb">sudo </span>make altinstall <span class="c"># Compile and install Python using 'make altinstall'.</span> <span class="nb">sudo </span>make altinstall /usr/local/bin/python3.12 <span class="nt">--version</span> /usr/local/bin/pip3.12 <span class="nt">--version</span> <span class="c">#sudo update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.12 2</span> <span class="c">#sudo update-alternatives --config python3</span> /usr/local/bin/python3.12 <span class="nt">-m</span> venv venv <span class="nb">source </span>venv/bin/activate </code></pre> </div> <p><strong>✅ Recommended &amp; SAFE Symlink (Best Practice)</strong><br> <em>🔹 Create symlink for python3.12</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo ln</span> <span class="nt">-s</span> /usr/local/bin/python3.12 /usr/bin/python3.12 </code></pre> </div> <p><em>🔹 Create symlink for pip3.12</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo ln</span> <span class="nt">-s</span> /usr/local/bin/pip3.12 /usr/bin/pip3.12 </code></pre> </div> <p><em>🔹 Verify</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python3.12 <span class="nt">--version</span> pip3.12 <span class="nt">--version</span> </code></pre> </div> aws amazonlinux python openssl bhaktraj Tue, 15 Apr 2025 09:45:45 +0000 https://dev.to/bhaktraj/zero-downtime-application-deployment-using-blue-green-architecture-django-app-deploy-3928 https://dev.to/bhaktraj/zero-downtime-application-deployment-using-blue-green-architecture-django-app-deploy-3928 <p>Continuous Integration and Continuous Deployment (CI/CD) have become the backbone of DevOps, allowing faster delivery of applications. However, deployment failures can introduce downtime and affect user experience. To combat this, Blue-Green Deployment offers a mechanism to deploy new versions with zero downtime by running two environments simultaneously — one active (Green) and one standby (Blue). This project implements an automated CI/CD pipeline with integrated security and quality tools, along with containerization and Kubernetes-based orchestration to achieve safe and efficient deployments.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn7mub8ehim0qf8ir82f6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn7mub8ehim0qf8ir82f6.png" alt="Image description" width="800" height="587"></a></p> <p><strong>Literature Review</strong><br> CI/CD Pipelines: CI/CD automates the process of software delivery and deployment. Jenkins is a widely adopted open-source automation tool for CI/CD.</p> <p>Code Quality Tools: Tools like SonarQube evaluate code quality by checking for bugs, vulnerabilities, and code smells.</p> <p>Security Scanning: OWASP Dependency Check and Trivy help identify security flaws in dependencies and container images respectively.</p> <p>Blue-Green Deployment: This deployment technique provides a safe way to roll out changes without affecting live traffic.</p> <p>Amazon EKS: A managed Kubernetes service that simplifies deploying, managing, and scaling containerized applications.</p> <p><strong>Methodology</strong></p> <p>The project methodology is based on an agile and iterative approach where each phase of the CI/CD pipeline is independently developed, tested, and integrated. Key tools and technologies used include:</p> <p>Jenkins for pipeline orchestration.</p> <p>SonarQube for static code analysis.</p> <p>OWASP Dependency Check for third-party vulnerability scanning.</p> <p>Trivy for Docker image vulnerability scanning.</p> <p>Docker Hub for image storage.</p> <p>Amazon EKS for orchestrating Blue-Green deployments.</p> <p><strong>Setting Up the Foundation</strong></p> <p>Spinning up EC2 instances (t2.large for Jenkins, t2.small for EKS management).</p> <p>Download Following tools in Jenkins Server (t2.large)</p> <ul> <li><p><strong>Jenkins</strong> : Install Jenkins <a href="https://dev.to/bhaktraj/how-to-install-jenkins-in-ubuntu-2735">https://dev.to/bhaktraj/how-to-install-jenkins-in-ubuntu-2735</a></p></li> <li><p><strong>Docker</strong> : Install Docker <a href="https://dev.to/bhaktraj/docker-install-in-ubuntu-or-on-cloud-aws-provisioning-mfi">https://dev.to/bhaktraj/docker-install-in-ubuntu-or-on-cloud-aws-provisioning-mfi</a></p></li> <li><p><strong>SonarQube</strong> : After the docker installation, we create a sonarqube container (Remember to add 9000 ports in the security group).<br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker run -d --name sonarqube \ --restart always \ -p 9000:9000 \ -v sonarqube_conf:/opt/sonarqube/conf \ -v sonarqube_data:/opt/sonarqube/data \ -v sonarqube_extensions:/opt/sonarqube/extensions \ -v sonarqube_logs:/opt/sonarqube/logs \ sonarqube:lts-community </code></pre> </div> <p>Now our sonarqube is up and running on 9000 port<br> Enter username and password, click on login and change password<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>username admin password admin </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fycmd4s8q6aujfmsxy2om.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fycmd4s8q6aujfmsxy2om.png" alt="Image description" width="800" height="241"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftio07dhr38muai0hlqhj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftio07dhr38muai0hlqhj.png" alt="Image description" width="800" height="357"></a></p> <p>Update New password, This is Sonar Dashboard.</p> <ul> <li> <strong>Trivy</strong> : Install Trivy </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>vim trivy.sh </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt-get install wget apt-transport-https gnupg lsb-release -y wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg &gt; /dev/null echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list sudo apt-get update sudo apt-get install trivy -y </code></pre> </div> <ul> <li> <strong>AWS CLI</strong> : Configure AWS With the help of IAM user Create a IAM User and and access with the command line </li> </ul> <p>IAM<br> _Create a user “eks-admin” with AdministratorAccess<br> Create Security Credentials Access Key and Secret access key _</p> <p>Install AWS CLI v2<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" sudo apt install unzip unzip awscliv2.zip sudo ./aws/install -i /usr/local/aws-cli -b /usr/local/bin --update </code></pre> </div> <p>Setup your access by<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>aws configure </code></pre> </div> <ul> <li> <strong>kubectl</strong> : Install </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin kubectl version --short --client </code></pre> </div> <p>Next, we will log in to Jenkins and start to configure our Pipeline in Jenkins its running on 8080 ports</p> <p><em><a href="http://ip_address:8080" rel="noopener noreferrer">http://ip_address:8080</a></em></p> <p>Password is available on<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo cat sudo cat /var/lib/jenkins/secrets/initialAdminPassword </code></pre> </div> <p>copy it and paste to jenkins login</p> <p>and then configure it <br> First some basic configure you have to configue</p> <p>and then after<br> Install Plugins like </p> <p>Goto Manage Jenkins →Plugins → Available Plugins<br> search these plugin and install it </p> <ul> <li>Sonarqube Scanner, </li> <li>OWASP Dependency Check, </li> <li>Docker, Docker Commons, Docker Pipeline, Docker API, docker-build-step </li> <li>Slack Notification</li> <li>Kubernetes CLI Plugin, Kubernetes Client API Plugin, Kubernetes Credentials Plugin, Kubernetes plugin</li> </ul> <p>Configure Sonar Server in Manage Jenkins:</p> <p>Grab the Public IP Address of your EC2 Instance, Sonarqube works on Port 9000, <br> so :9000. <br> Goto your Sonarqube Server. Click on Administration → Security → Users → Click on Tokens and Update Token → Give it a name → and click on Generate Token<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxfz5dziwi4vwyyrtq1ct.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxfz5dziwi4vwyyrtq1ct.png" alt="Token Generate in Sonarqube" width="800" height="356"></a></p> <p>copy Token</p> <p>Goto Jenkins Dashboard → Manage Jenkins → Credentials → Add Secret Text. It should look like this</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgz5xhb5y66a3ghx1hpjs.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgz5xhb5y66a3ghx1hpjs.png" alt="Upload Credentials" width="800" height="339"></a></p> <p>You will this page once you click on create</p> <p>Now, go to Dashboard → Manage Jenkins → System and Add like the below image.</p> <p>you can leave the server url because sonarqube is running in local host or you can paste the public ip<br> like <br> <a href="http://ip_address:9000" rel="noopener noreferrer">http://ip_address:9000</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F44vkhabf210dtymfd8d3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F44vkhabf210dtymfd8d3.png" alt="Sonarqube system setting" width="800" height="406"></a></p> <p>Click on Apply and Save</p> <p>The Configure System option is used in Jenkins to configure different server</p> <p>Global Tool Configuration is used to configure different tools that we install using Plugins</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1f6y4f6r7nmn7fbz7sc7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1f6y4f6r7nmn7fbz7sc7.png" alt="Sonar Tool" width="800" height="405"></a></p> <p>We will install a sonar scanner in the tools.</p> <p>Configure OWASP Dependency Check Tool:</p> <p>Plugin is install now we had to configure the Tool<br> Goto Dashboard → Manage Jenkins → Tools →</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9cw1h9ks9rz7mob1s16f.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9cw1h9ks9rz7mob1s16f.png" alt="Owasp Tools" width="800" height="592"></a></p> <p>Click on Apply and Save here.</p> <p>Configure Docker Tools:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcpkdnywxlp4slqz2yelr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcpkdnywxlp4slqz2yelr.png" alt="Docker Tools" width="800" height="404"></a></p> <p>Add DockerHub Username and Password under Global Credentials</p> <p>Goto Jenkins Dashboard → Manage Jenkins → Credentials → set username and password It should look like this</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7dkl9j9499amqi2zkrj9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7dkl9j9499amqi2zkrj9.png" alt="Docker password" width="800" height="426"></a></p> <p>For more Security<br> Create a token on docker hub and paste it on password</p> <p>Goto DockerHub Dashboard → Account Setting → Personal access tokens → It should look like this</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwpgfgkl0hmxvv0cw7hpq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwpgfgkl0hmxvv0cw7hpq.png" alt="Docker Hub " width="800" height="560"></a></p> <p>Password Prompt paste it to password section of jenkins credential</p> <p>Now configure Slack For notification</p> <p>goto <a href="https://slack.com/marketplace/A0F7VRFKN-jenkins-ci" rel="noopener noreferrer">https://slack.com/marketplace/A0F7VRFKN-jenkins-ci</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqertbaf9anqph1vb3c5i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqertbaf9anqph1vb3c5i.png" alt="Slack Marketplace" width="800" height="346"></a></p> <p>Click on add to slack</p> <p>Select the channel and add jenkins ci integration<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd8xdu6shqcm8rz15kmgu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd8xdu6shqcm8rz15kmgu.png" alt="jenkins ci integration" width="800" height="357"></a><br> Follow the steps that are mention or simply copy the token and paste to jenkins Credential</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxbztrs3bljlr8ret17dy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxbztrs3bljlr8ret17dy.png" alt="jenkins Slack Credential" width="800" height="341"></a></p> <p>and update the slack setting in jenkins<br> by <br> go to Dashboard → Manage Jenkins → System and Add like the below image.</p> <p>and details are taken by slack dashboard of that channel check it is it wokking properly or not if success message show that means slack is connected</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnjjfdn8zt0w9mk94mb8o.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnjjfdn8zt0w9mk94mb8o.png" alt="Slacknotification setting" width="800" height="400"></a></p> <p><strong>Now Setting a EKS Management server</strong></p> <p>Launch a EC2 Instance with t2small instance type</p> <p>Configure the following things</p> <p>IAM<br> _Create a user “eks-admin” with AdministratorAccess<br> Create Security Credentials Access Key and Secret access key _</p> <p>Install AWS CLI v2<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" sudo apt install unzip unzip awscliv2.zip sudo ./aws/install -i /usr/local/aws-cli -b /usr/local/bin --update </code></pre> </div> <p>Setup your access by<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>aws configure </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin kubectl version --short --client </code></pre> </div> <p>Install eksctl<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp sudo mv /tmp/eksctl /usr/local/bin eksctl version </code></pre> </div> <p>Setup EKS Cluster<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>eksctl create cluster --name blue-green-deployment --region us-east-1 --node-type t2.medium --nodes-min 2 --nodes-max 2 --node-volume-size 10 aws eks update-kubeconfig --region us-east-1 --name blue-green-deployment kubectl get nodes </code></pre> </div> <p>Kubernetes Configuration for Jenkins Deployment Access</p> <p>Run Kubernetes manifest files to:</p> <ul> <li>Create a Service Account for Jenkins. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>vi serviceaccount.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ServiceAccount</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">jenkins</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">webapps</span> </code></pre> </div> <p>note: edit the intent</p> <ul> <li>Create a Role. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>vi role.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Role</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app-role</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">webapps</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">apiGroups</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">"</span> <span class="pi">-</span> <span class="s">apps</span> <span class="pi">-</span> <span class="s">autoscaling</span> <span class="pi">-</span> <span class="s">batch</span> <span class="pi">-</span> <span class="s">extensions</span> <span class="pi">-</span> <span class="s">policy</span> <span class="pi">-</span> <span class="s">rbac.authorization.k8s.io</span> <span class="na">resources</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">pods</span> <span class="pi">-</span> <span class="s">componentstatuses</span> <span class="pi">-</span> <span class="s">configmaps</span> <span class="pi">-</span> <span class="s">daemonsets</span> <span class="pi">-</span> <span class="s">deployments</span> <span class="pi">-</span> <span class="s">events</span> <span class="pi">-</span> <span class="s">endpoints</span> <span class="pi">-</span> <span class="s">horizontalpodautoscalers</span> <span class="pi">-</span> <span class="s">ingress</span> <span class="pi">-</span> <span class="s">jobs</span> <span class="pi">-</span> <span class="s">limitranges</span> <span class="pi">-</span> <span class="s">namespaces</span> <span class="pi">-</span> <span class="s">nodes</span> <span class="pi">-</span> <span class="s">secrets</span> <span class="pi">-</span> <span class="s">pods</span> <span class="pi">-</span> <span class="s">persistentvolumes</span> <span class="pi">-</span> <span class="s">persistentvolumeclaims</span> <span class="pi">-</span> <span class="s">resourcequotas</span> <span class="pi">-</span> <span class="s">replicasets</span> <span class="pi">-</span> <span class="s">replicationcontrollers</span> <span class="pi">-</span> <span class="s">serviceaccounts</span> <span class="pi">-</span> <span class="s">services</span> <span class="na">verbs</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">get"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">list"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">watch"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">create"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">update"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">patch"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">delete"</span><span class="pi">]</span> </code></pre> </div> <ul> <li>Create a Role and bind it to the service account. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>vi rolebindservice.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">RoleBinding</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app-rolebinding</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">webapps</span> <span class="na">roleRef</span><span class="pi">:</span> <span class="na">apiGroup</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Role</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app-role</span> <span class="na">subjects</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">webapps</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ServiceAccount</span> <span class="na">name</span><span class="pi">:</span> <span class="s">jenkins</span> </code></pre> </div> <ul> <li>Create a ClusterRole and bind it as well. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ClusterRole</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">jenkins-cluster-role</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">apiGroups</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">"</span><span class="pi">]</span> <span class="na">resources</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">persistentvolumes"</span><span class="pi">]</span> <span class="na">verbs</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">get"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">list"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">watch"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">create"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">update"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">patch"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">delete"</span><span class="pi">]</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ClusterRoleBinding</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">jenkins-cluster-role-binding</span> <span class="na">subjects</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ServiceAccount</span> <span class="na">name</span><span class="pi">:</span> <span class="s">jenkins</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">webapps</span> <span class="na">roleRef</span><span class="pi">:</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ClusterRole</span> <span class="na">name</span><span class="pi">:</span> <span class="s">jenkins-cluster-role</span> <span class="na">apiGroup</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io</span> </code></pre> </div> <ul> <li>Generate token using service account in the namespace</li> </ul> <p>create token<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>vi token.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Secret</span> <span class="na">type</span><span class="pi">:</span> <span class="s">kubernetes.io/service-account-token</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">mysecretname</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">kubernetes.io/service-account.name</span><span class="pi">:</span> <span class="s">jenkins</span> </code></pre> </div> <p>Run Manifests<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kubectl create namespace webapps kubectl apply -f . -n webapps </code></pre> </div> <p>Copy the token and add it to Jenkins credentials to allow Jenkins to deploy applications onto EKS securely.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kubectl describe secret mysecretname -n webapps </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9njab7sbw8uuzbxude8r.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9njab7sbw8uuzbxude8r.png" alt="kube token" width="800" height="399"></a></p> <p>Paste this token to jenkns credential </p> <p>Goto Jenkins Dashboard → Manage Jenkins → Credentials → set Secret key<br> It should look like this</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fumcqs9qqhunyxpc31ksf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fumcqs9qqhunyxpc31ksf.png" alt="kube credential" width="800" height="403"></a></p> <p>Create a Job on Jenkins<br> Dashboard and then New Item name the job "Blue-green-Deployment"(What every you want) and then click on ok</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhsailm49cve503s3whna.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhsailm49cve503s3whna.png" alt="Jenkin job" width="800" height="376"></a></p> <p>Upload the Script And Click on OK<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="kt">def</span> <span class="n">COLOR_MAP</span> <span class="o">=</span> <span class="o">[</span> <span class="s1">'success'</span><span class="o">:</span> <span class="s1">'good'</span><span class="o">,</span> <span class="s1">'FAILURE'</span><span class="o">:</span> <span class="s1">'danger'</span><span class="o">,</span> <span class="o">]</span> <span class="n">pipeline</span> <span class="o">{</span> <span class="n">agent</span> <span class="n">any</span> <span class="n">parameters</span> <span class="o">{</span> <span class="n">choice</span><span class="o">(</span><span class="nl">name:</span> <span class="s1">'DEPLOY_ENV'</span><span class="o">,</span> <span class="nl">choices:</span> <span class="o">[</span><span class="s1">'blue'</span><span class="o">,</span> <span class="s1">'green'</span><span class="o">],</span> <span class="nl">description:</span> <span class="s1">'Choose which environment to deploy: Blue or Green'</span><span class="o">)</span> <span class="n">booleanParam</span><span class="o">(</span><span class="nl">name:</span> <span class="s1">'SWITCH_TRAFFIC'</span><span class="o">,</span> <span class="nl">defaultValue:</span> <span class="kc">false</span><span class="o">,</span> <span class="nl">description:</span> <span class="s1">'Switch traffic between Blue and Green'</span><span class="o">)</span> <span class="o">}</span> <span class="n">stages</span><span class="o">{</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'clean workspace'</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">cleanWs</span><span class="o">()</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Fetch the code'</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">git</span> <span class="nl">url:</span> <span class="s1">'https://github.com/bhaktraj/vkonsec.git'</span><span class="o">,</span> <span class="nl">branch:</span> <span class="s1">'kubernetes'</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'TRIVY FS SCAN'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">sh</span> <span class="s2">"trivy fs . &gt; trivyfs.txt"</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'sonarqube scan'</span><span class="o">){</span> <span class="n">environment</span> <span class="o">{</span> <span class="n">scannerHome</span> <span class="o">=</span> <span class="n">tool</span> <span class="s1">'Sonarscanner'</span> <span class="o">}</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">withSonarQubeEnv</span><span class="o">(</span><span class="s1">'Sonarscanner'</span><span class="o">)</span> <span class="o">{</span> <span class="n">sh</span> <span class="s1">'''${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=vkonsec \ -Dsonar.projectName=vkonsec \ -Dsonar.projectVersion=1.0 \ -Dsonar.sources=. \ '''</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'OWASP Dependency Check'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">dependencyCheck</span> <span class="nl">additionalArguments:</span> <span class="s1">'--scan ./ --format XML --out dependency-check-report --project vkonsec-django --enableExperimental'</span><span class="o">,</span> <span class="nl">odcInstallation:</span> <span class="s1">'Owasp'</span> <span class="n">dependencyCheckPublisher</span> <span class="nl">pattern:</span> <span class="s1">'**/dependency-check-report.xml'</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Build docker images'</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">script</span><span class="o">{</span> <span class="n">dockerimage</span> <span class="o">=</span> <span class="n">docker</span><span class="o">.</span><span class="na">build</span><span class="o">(</span><span class="s1">'vkonsec'</span> <span class="o">+</span> <span class="s2">":$BUILD_NUMBER"</span><span class="o">,</span> <span class="s2">"."</span><span class="o">)</span> <span class="n">dockerimage</span> <span class="o">=</span> <span class="n">docker</span><span class="o">.</span><span class="na">build</span><span class="o">(</span><span class="s1">'nginx'</span> <span class="o">+</span> <span class="s2">":$BUILD_NUMBER"</span><span class="o">,</span> <span class="s2">"./nginx"</span><span class="o">)</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s2">"TRIVY"</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">sh</span> <span class="s2">"trivy image vkonsec:$BUILD_NUMBER &gt; trivy.txt"</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s2">"Docker Push"</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">script</span><span class="o">{</span> <span class="n">withDockerRegistry</span><span class="o">(</span><span class="nl">credentialsId:</span> <span class="s1">'dockercred'</span><span class="o">,</span> <span class="nl">toolName:</span> <span class="s1">'docker'</span><span class="o">){</span> <span class="n">sh</span> <span class="s2">"docker tag vkonsec:$BUILD_NUMBER bhaktraj/vkonsec:$BUILD_NUMBER "</span> <span class="n">sh</span> <span class="s2">"docker tag nginx:$BUILD_NUMBER bhaktraj/nginx:$BUILD_NUMBER "</span> <span class="n">sh</span> <span class="s2">"docker push bhaktraj/vkonsec:$BUILD_NUMBER "</span> <span class="n">sh</span> <span class="s2">"docker push bhaktraj/nginx:$BUILD_NUMBER "</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Persistent Volume Claim for MySQL'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">script</span> <span class="o">{</span> <span class="n">withKubeConfig</span><span class="o">(</span><span class="nl">caCertificate:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">clusterName:</span> <span class="s1">'blue-green-deployment'</span><span class="o">,</span> <span class="nl">contextName:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">credentialsId:</span> <span class="s1">'kubecred'</span><span class="o">,</span> <span class="nl">namespace:</span> <span class="s1">'webapps'</span><span class="o">,</span> <span class="nl">restrictKubeConfigAccess:</span> <span class="kc">false</span><span class="o">,</span> <span class="nl">serverUrl:</span> <span class="s1">'https://3CA6E485D43C0E5E4EB7B7108ECACEA2.gr7.us-east-1.eks.amazonaws.com'</span><span class="o">)</span> <span class="o">{</span> <span class="n">sh</span> <span class="s2">""" if ! kubectl get pvc mysql-pvc -n webapps; then kubectl apply -f k8/mysql-pvc.yaml -n webapps fi """</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Deploying MySQL'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">script</span> <span class="o">{</span> <span class="n">withKubeConfig</span><span class="o">(</span><span class="nl">caCertificate:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">clusterName:</span> <span class="s1">'blue-green-deployment'</span><span class="o">,</span> <span class="nl">contextName:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">credentialsId:</span> <span class="s1">'kubecred'</span><span class="o">,</span> <span class="nl">namespace:</span> <span class="s1">'webapps'</span><span class="o">,</span> <span class="nl">restrictKubeConfigAccess:</span> <span class="kc">false</span><span class="o">,</span> <span class="nl">serverUrl:</span> <span class="s1">'https://3CA6E485D43C0E5E4EB7B7108ECACEA2.gr7.us-east-1.eks.amazonaws.com'</span><span class="o">)</span> <span class="o">{</span> <span class="n">sh</span> <span class="s2">""" kubectl apply -f k8/mysql-deployment.yaml -n webapps kubectl apply -f k8/mysql-service.yaml -n webapps """</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Update K8s Manifest'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">sh</span> <span class="s2">" sed -i 's/buildid/$BUILD_NUMBER/g' k8/django-blue-deployment.yaml "</span> <span class="n">sh</span> <span class="s2">" sed -i 's/buildid/$BUILD_NUMBER/g' k8/django-green-deployment.yaml "</span> <span class="n">sh</span> <span class="s2">" sed -i 's/buildid/$BUILD_NUMBER/g' k8/nginx-deployment.yaml "</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Application deployment'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">script</span> <span class="o">{</span> <span class="kt">def</span> <span class="n">deploymentFile</span> <span class="o">=</span> <span class="s2">""</span> <span class="k">if</span> <span class="o">(</span><span class="n">params</span><span class="o">.</span><span class="na">DEPLOY_ENV</span> <span class="o">==</span> <span class="s1">'blue'</span><span class="o">)</span> <span class="o">{</span> <span class="n">deploymentFile</span> <span class="o">=</span> <span class="s1">'k8/django-blue-deployment.yaml'</span> <span class="o">}</span> <span class="k">else</span> <span class="o">{</span> <span class="n">deploymentFile</span> <span class="o">=</span> <span class="s1">'k8/django-green-deployment.yaml'</span> <span class="o">}</span> <span class="n">withKubeConfig</span><span class="o">(</span><span class="nl">caCertificate:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">clusterName:</span> <span class="s1">'blue-green-deployment'</span><span class="o">,</span> <span class="nl">contextName:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">credentialsId:</span> <span class="s1">'kubecred'</span><span class="o">,</span> <span class="nl">namespace:</span> <span class="s1">'webapps'</span><span class="o">,</span> <span class="nl">restrictKubeConfigAccess:</span> <span class="kc">false</span><span class="o">,</span> <span class="nl">serverUrl:</span> <span class="s1">'https://3CA6E485D43C0E5E4EB7B7108ECACEA2.gr7.us-east-1.eks.amazonaws.com'</span><span class="o">)</span> <span class="o">{</span> <span class="n">sh</span> <span class="s2">"kubectl apply -f ${deploymentFile} -n webapps"</span> <span class="n">sh</span> <span class="s2">"kubectl apply -f k8/django-service.yaml -n webapps"</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Switch Traffic Between Blue &amp; Green Environment'</span><span class="o">)</span> <span class="o">{</span> <span class="n">when</span> <span class="o">{</span> <span class="n">expression</span> <span class="o">{</span> <span class="k">return</span> <span class="n">params</span><span class="o">.</span><span class="na">SWITCH_TRAFFIC</span> <span class="o">}</span> <span class="o">}</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">script</span> <span class="o">{</span> <span class="kt">def</span> <span class="n">newEnv</span> <span class="o">=</span> <span class="n">params</span><span class="o">.</span><span class="na">DEPLOY_ENV</span> <span class="c1">// Always switch traffic based on DEPLOY_ENV</span> <span class="n">withKubeConfig</span><span class="o">(</span><span class="nl">caCertificate:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">clusterName:</span> <span class="s1">'blue-green-deployment'</span><span class="o">,</span> <span class="nl">contextName:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">credentialsId:</span> <span class="s1">'kubecred'</span><span class="o">,</span> <span class="nl">namespace:</span> <span class="s1">'webapps'</span><span class="o">,</span> <span class="nl">restrictKubeConfigAccess:</span> <span class="kc">false</span><span class="o">,</span> <span class="nl">serverUrl:</span> <span class="s1">'https://3CA6E485D43C0E5E4EB7B7108ECACEA2.gr7.us-east-1.eks.amazonaws.com'</span><span class="o">)</span> <span class="o">{</span> <span class="n">sh</span> <span class="s1">''' kubectl patch service djangoapp -p "{\\"spec\\": {\\"selector\\": {\\"app\\": \\"djangoapp\\", \\"version\\": \\"'''</span> <span class="o">+</span> <span class="n">newEnv</span> <span class="o">+</span> <span class="s1">'''\\"}}}" -n webapps '''</span> <span class="o">}</span> <span class="n">echo</span> <span class="s2">"Traffic has been switched to the ${newEnv} environment."</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Deploy Nginx'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">script</span> <span class="o">{</span> <span class="n">withKubeConfig</span><span class="o">(</span><span class="nl">caCertificate:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">clusterName:</span> <span class="s1">'blue-green-deployment'</span><span class="o">,</span> <span class="nl">contextName:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">credentialsId:</span> <span class="s1">'kubecred'</span><span class="o">,</span> <span class="nl">namespace:</span> <span class="s1">'webapps'</span><span class="o">,</span> <span class="nl">restrictKubeConfigAccess:</span> <span class="kc">false</span><span class="o">,</span> <span class="nl">serverUrl:</span> <span class="s1">'https://3CA6E485D43C0E5E4EB7B7108ECACEA2.gr7.us-east-1.eks.amazonaws.com'</span><span class="o">)</span> <span class="o">{</span> <span class="n">sh</span> <span class="s2">""" kubectl apply -f k8/nginx-deployment.yaml -n webapps kubectl apply -f k8/nginx-service.yaml -n webapps """</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Verify Deployment'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">script</span> <span class="o">{</span> <span class="kt">def</span> <span class="n">verifyEnv</span> <span class="o">=</span> <span class="n">params</span><span class="o">.</span><span class="na">DEPLOY_ENV</span> <span class="n">withKubeConfig</span><span class="o">(</span><span class="nl">caCertificate:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">clusterName:</span> <span class="s1">'blue-green-deployment'</span><span class="o">,</span> <span class="nl">contextName:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">credentialsId:</span> <span class="s1">'kubecred'</span><span class="o">,</span> <span class="nl">namespace:</span> <span class="s1">'webapps'</span><span class="o">,</span> <span class="nl">restrictKubeConfigAccess:</span> <span class="kc">false</span><span class="o">,</span> <span class="nl">serverUrl:</span> <span class="s1">'https://3CA6E485D43C0E5E4EB7B7108ECACEA2.gr7.us-east-1.eks.amazonaws.com'</span><span class="o">)</span> <span class="o">{</span> <span class="n">sh</span> <span class="s2">""" kubectl get pods -l version=${verifyEnv} -n webapps kubectl get svc nginx -n webapps """</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">post</span> <span class="o">{</span> <span class="n">always</span> <span class="o">{</span> <span class="n">echo</span> <span class="s1">'slack Notification'</span> <span class="n">slackSend</span> <span class="nl">channel:</span> <span class="s1">'#jenkins'</span><span class="o">,</span> <span class="nl">color:</span> <span class="n">COLOR_MAP</span><span class="o">[</span><span class="n">currentBuild</span><span class="o">.</span><span class="na">currentResult</span><span class="o">],</span> <span class="nl">message:</span><span class="s2">"*${currentBuild.currentResult}:* Job ${env.JOB_NAME} build ${env.BUILD_NUMBER} \n more info at : ${env.BUILD_URL}"</span> <span class="n">slackUploadFile</span> <span class="nl">channel:</span> <span class="s1">'#jenkins'</span><span class="o">,</span> <span class="nl">filePath:</span> <span class="s1">'/var/lib/jenkins/workspace/pipeline/trivy.txt'</span><span class="o">,</span> <span class="nl">initialComment:</span> <span class="s2">"🛡️ Trivy image scan report for build #${env.BUILD_NUMBER}"</span> <span class="n">slackUploadFile</span> <span class="nl">channel:</span> <span class="s1">'#jenkins'</span><span class="o">,</span> <span class="nl">filePath:</span> <span class="s1">'/var/lib/jenkins/workspace/pipeline/trivyfs.txt'</span><span class="o">,</span> <span class="nl">initialComment:</span> <span class="s2">"🛡️ Trivy file scan report for build #${env.BUILD_NUMBER}"</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F97jn5u381h43zhs4oe59.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F97jn5u381h43zhs4oe59.png" alt="Image description" width="800" height="386"></a></p> <p>And Build this <br> First time it doesn't look like that because its default blue but from second time its show that</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiin2vtelpsxme1ko7coo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiin2vtelpsxme1ko7coo.png" alt="Build job" width="800" height="354"></a></p> <p>Success full build</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F28s1mps43ehmg5qihm7c.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F28s1mps43ehmg5qihm7c.png" alt="Build this" width="800" height="268"></a></p> <p>SonarQube report<br> on <br> <a href="http://public_ip:9000" rel="noopener noreferrer">http://public_ip:9000</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq57ue33b67bgcp46lcmb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq57ue33b67bgcp46lcmb.png" alt="Image description" width="800" height="407"></a></p> <p>Dependency Report:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7559skjhhbxnp1d2my63.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7559skjhhbxnp1d2my63.png" alt="Dependency Report" width="800" height="390"></a></p> <p>Slack Notification :</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb6ut1b4h0g5utncd0arc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb6ut1b4h0g5utncd0arc.png" alt="Slack" width="800" height="400"></a></p> <p><strong>For Monitoring</strong></p> <p>We Use Grafana And Prometheus</p> <p>Configuration <br> Login into <br> EKS management Server that we are Created previous:</p> <p>Now Install Grafana And Prometheus on cluster<br> With the Help of Helm Chart</p> <p>To install Prometheus + Grafana stack on Amazon EKS, you should slightly modify your command to align with EKS best practices (like using LoadBalancer instead of NodePort, and ensuring correct IAM roles and security groups are in place).</p> <h1> Add Helm repositories </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update </code></pre> </div> <h1> Create monitoring namespace </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kubectl create namespace monitoring </code></pre> </div> <h1> Install kube-prometheus-stack with LoadBalancer services (recommended for EKS) </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>helm install eks-prometheus prometheus-community/kube-prometheus-stack \ --namespace monitoring \ --set prometheus.service.type=LoadBalancer \ --set grafana.service.type=LoadBalancer \ --set alertmanager.service.type=LoadBalancer \ --set prometheus-node-exporter.service.type=ClusterIP </code></pre> </div> <h1> Check services to get LoadBalancer DNS/External IPs </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kubectl get svc -n monitoring </code></pre> </div> <p>You get the External IP in the name of elb url copy it and use it for monitoring</p> <p>i have import a grafana dashboard for monitoring cluster</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9u8qrahi2w4jx1ggxbcw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9u8qrahi2w4jx1ggxbcw.png" alt="Grafana Dashboard" width="800" height="385"></a></p> <p>For Any Question Comment it Down</p> kubernetes devops docker cicd bhaktraj Wed, 26 Feb 2025 07:36:58 +0000 https://dev.to/bhaktraj/cicd-pipeline-for-nodejs-app-deployment-on-aws-ecs-3d65 https://dev.to/bhaktraj/cicd-pipeline-for-nodejs-app-deployment-on-aws-ecs-3d65 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpiqo4izgz1b0rpcvkh2i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpiqo4izgz1b0rpcvkh2i.png" alt="Architecture" width="800" height="509"></a><br> <strong>Overview:</strong><br> This project implements a fully automated CI/CD pipeline using Jenkins to streamline the deployment of a Node.js application on AWS ECS. The pipeline ensures code quality, security, and high availability by integrating SonarQube, OWASP Dependency-Check, Docker, AWS ECR, and ECS. Additionally, Elastic Load Balancer (ELB) is used to distribute traffic efficiently.</p> <p><strong>Key Features &amp; Workflow:</strong><br> ✅ Code Fetching: Jenkins pulls the latest source code from GitHub.<br> ✅ Code Quality Analysis: SonarQube scans the code for vulnerabilities &amp; maintainability issues.<br> ✅ Security Scan: OWASP Dependency-Check detects security vulnerabilities in dependencies.<br> ✅ Build &amp; Packaging: Dependencies are installed using npm.<br> Docker image is built and tagged with a unique build number.<br> ✅ Docker Image Push: The image is securely pushed to AWS Elastic Container Registry (ECR).<br> ✅ AWS ECS Deployment: The application is deployed as a container on AWS ECS (Fargate/EC2).The service is restarted using force-new-deployment to fetch the latest image.<br> ✅ Traffic Management: The ECS service is connected to an Elastic Load Balancer (ELB) for high availability &amp; traffic distribution.<br> ✅ Automated Rollouts: If a deployment fails at any stage, Jenkins stops the pipeline to prevent bad code from reaching production.</p> <p><strong>Steps:</strong><br> Step 1 : Launch 2 instance on AWS EC2 of t2medium type</p> <ul> <li>one for Jenkins</li> <li>another for SonarQube</li> </ul> <p>Step 2 : install docker in both of them<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#!/bin/bash # Add Docker's official GPG key: sudo apt-get update sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release &amp;&amp; echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list &gt; /dev/null sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y sudo usermod -aG docker $USER &amp;&amp; newgrp docker </code></pre> </div> <p>or<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt update sudo apt install docker.io -y sudo usermod -aG docker $USER &amp;&amp; newgrp docker </code></pre> </div> <p>Step 3 : Install Jenkins in one Inststance<br> for installing Jenkins <br> <a href="https://dev.to/bhaktraj/how-to-install-jenkins-in-ubuntu-2735">https://dev.to/bhaktraj/how-to-install-jenkins-in-ubuntu-2735</a> </p> <p>or<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#!/bin/bash sudo apt update sudo apt install openjdk-21-jre-headless -y sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \ https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \ https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ /etc/apt/sources.list.d/jenkins.list &gt; /dev/null sudo apt-get update sudo apt-get install jenkins -y sudo systemctl enable jenkins sudo systemctl start jenkins </code></pre> </div> <p>Once Jenkins is installed, you will need to go to your AWS EC2 Security Group and open Inbound Port 8080, since Jenkins works on Port 8080.</p> <p>Now, grab your Public IP Address<br> url = <a href="http://ec2_public_IPaddress:8080" rel="noopener noreferrer">http://ec2_public_IPaddress:8080</a></p> <p>for password<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo cat /var/lib/jenkins/secrets/initialAdminPassword </code></pre> </div> <p>after that set the jenkins</p> <p>Step 4 : Run SonarQube container on another Instance<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker run -d --name sonar -p 9000:9000 --restart always sonarqube:lts-community </code></pre> </div> <p>once SonarQube is running you will need to allow inbound rule for port 9000 in EC2 security group, since SonarQube running on 9000 port</p> <p>url = <a href="http://ec2_public_IPaddress:9000" rel="noopener noreferrer">http://ec2_public_IPaddress:9000</a></p> <p>username = admin<br> password = admin</p> <p>Step 5 : Install Plugins like JDK, Sonarqube Scanner, NodeJs, OWASP Dependency Check, docker AWS on Jenkins<br> Goto Manage Jenkins →Plugins → Available Plugins →</p> <p>Install Plugin</p> <ul> <li>SonarQube Scanner</li> <li>NodeJs Plugin </li> <li>Install OWASP Dependency Check </li> <li>Docker</li> <li>Docker Commons</li> <li>Docker Pipeline</li> <li>Docker API</li> <li>docker-build-step</li> <li>AWS Steps</li> <li>AWS Credentials</li> <li>Amazon Web Services SDK :: All</li> </ul> <p>5.1 Configure Java and Nodejs in Global Tool Configuration</p> <ul> <li>Goto Manage Jenkins → Tools → Install JDK(17) and NodeJs(16)→ Click on Apply and Save</li> </ul> <p>Step 6 : Configure Sonar Server in Manage Jenkins</p> <p>Grab the Public IP Address of your EC2 Instance, Sonarqube works on Port 9000, so :9000. Goto your Sonarqube Server. Click on Administration → Security → Users → Click on Tokens and Update Token → Give it a name → and click on Generate Token</p> <p>click on update Token</p> <p>Create a token with a name and generate</p> <p>copy Token</p> <p>Goto Jenkins Dashboard → Manage Jenkins → Credentials → Add Secret Text. </p> <p>Now, go to Dashboard → Manage Jenkins → System and Add Server url , name and and authentication credation</p> <p>The Configure System option is used in Jenkins to configure different server</p> <p>Global Tool Configuration is used to configure different tools that we install using Plugins</p> <p>We will install a sonar scanner in the tools.</p> <p>Step 7 : we had to configure the Tool OWASP Dependency Check</p> <p>Goto Dashboard → Manage Jenkins → Tools →</p> <p>Step 8 : Now go configure → Pipeline and add this stage to your pipeline and build.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">pipeline</span> <span class="o">{</span> <span class="n">agent</span> <span class="n">any</span> <span class="n">tools</span> <span class="o">{</span> <span class="n">jdk</span> <span class="s1">'jdk17'</span> <span class="n">nodejs</span> <span class="s1">'node16'</span> <span class="o">}</span> <span class="n">environment</span> <span class="o">{</span> <span class="n">scannerhome</span> <span class="o">=</span> <span class="n">tool</span> <span class="s1">'sonarserver'</span> <span class="n">imagename</span> <span class="o">=</span> <span class="s1">'058264453864.dkr.ecr.us-east-1.amazonaws.com/nodejsapp'</span> <span class="n">awscred</span> <span class="o">=</span> <span class="s1">'ecr:us-east-1:awscred'</span> <span class="n">registeryurl</span><span class="o">=</span><span class="s1">'https://058264453864.dkr.ecr.us-east-1.amazonaws.com/nodejsapp'</span> <span class="n">cluster</span><span class="o">=</span><span class="s1">'nojejsproject'</span> <span class="n">service</span><span class="o">=</span><span class="s1">'nodejsprojectservice'</span> <span class="o">}</span> <span class="n">stages</span><span class="o">{</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'clean workspace'</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">cleanWs</span><span class="o">()</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s2">"Fetch Code"</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">git</span> <span class="nl">url:</span> <span class="s1">'https://github.com/bhaktraj/zomatocicd.git'</span><span class="o">,</span> <span class="nl">branch:</span><span class="s1">'main'</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s2">"Sonarqube analyse "</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">withSonarQubeEnv</span><span class="o">(</span><span class="s1">'sonarserver'</span><span class="o">)</span> <span class="o">{</span> <span class="n">sh</span> <span class="s1">'''$scannerhome/bin/sonar-scanner -Dsonar.projectName=zomato \ -Dsonar.projectKey=zomato '''</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s2">"Quality Gate"</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">timeout</span><span class="o">(</span><span class="nl">time:</span> <span class="mi">1</span><span class="o">,</span> <span class="nl">unit:</span> <span class="s1">'MINUTES'</span><span class="o">)</span> <span class="o">{</span> <span class="c1">// Parameter indicates whether to set pipeline to UNSTABLE if Quality Gate fails</span> <span class="c1">// true = set pipeline to UNSTABLE, false = don't</span> <span class="n">waitForQualityGate</span> <span class="nl">abortPipeline:</span> <span class="kc">true</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s2">"install Dependences"</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">sh</span> <span class="s1">'npm install'</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'OWASP Dependency-Check'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">dependencyCheck</span> <span class="nl">additionalArguments:</span> <span class="s1">''' -o './' -s './' -f 'ALL' --prettyPrint'''</span><span class="o">,</span> <span class="nl">odcInstallation:</span> <span class="s1">'owasp'</span> <span class="n">dependencyCheckPublisher</span> <span class="nl">pattern:</span> <span class="s1">'dependency-check-report.xml'</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>Step 9 : Create IAM User on aws cloud and provide permission of awsECSFullaccess<br> and create access key </p> <p>Step 10 : Configure AWS Credential </p> <p>Goto Jenkins Dashboard → Manage Jenkins → Credentials</p> <p>select aws Credential and then and fill out access key and access id </p> <p>also install aws cli in server by cmd<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt update sudo snap install aws-cli --classic </code></pre> </div> <p>Step 11 : Configure ECR On AWS cloud</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8g97a9il39tm25cxr09q.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8g97a9il39tm25cxr09q.png" alt="AWS ECR" width="800" height="362"></a></p> <p>Step 12 : Configure ECS On AWS Cloud </p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5vtok3aiknt267cx6yit.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5vtok3aiknt267cx6yit.png" alt="AWS ECS" width="800" height="387"></a></p> <p>Step 13 : now set Pipeline or update it<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">pipeline</span> <span class="o">{</span> <span class="n">agent</span> <span class="n">any</span> <span class="n">tools</span> <span class="o">{</span> <span class="n">jdk</span> <span class="s1">'jdk17'</span> <span class="n">nodejs</span> <span class="s1">'node16'</span> <span class="o">}</span> <span class="n">environment</span> <span class="o">{</span> <span class="n">scannerhome</span> <span class="o">=</span> <span class="n">tool</span> <span class="s1">'sonarserver'</span> <span class="n">imagename</span> <span class="o">=</span> <span class="s1">'058264453864.dkr.ecr.us-east-1.amazonaws.com/nodejsapp'</span> <span class="n">awscred</span> <span class="o">=</span> <span class="s1">'ecr:us-east-1:awscred'</span> <span class="n">registeryurl</span><span class="o">=</span><span class="s1">'https://058264453864.dkr.ecr.us-east-1.amazonaws.com/nodejsapp'</span> <span class="n">cluster</span><span class="o">=</span><span class="s1">'nojejsproject'</span> <span class="n">service</span><span class="o">=</span><span class="s1">'nodejsprojectservice'</span> <span class="o">}</span> <span class="n">stages</span><span class="o">{</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'clean workspace'</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">cleanWs</span><span class="o">()</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s2">"Fetch Code"</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">git</span> <span class="nl">url:</span> <span class="s1">'https://github.com/bhaktraj/zomatocicd.git'</span><span class="o">,</span> <span class="nl">branch:</span><span class="s1">'main'</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s2">"Sonarqube analyse "</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">withSonarQubeEnv</span><span class="o">(</span><span class="s1">'sonarserver'</span><span class="o">)</span> <span class="o">{</span> <span class="n">sh</span> <span class="s1">'''$scannerhome/bin/sonar-scanner -Dsonar.projectName=zomato \ -Dsonar.projectKey=zomato '''</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s2">"Quality Gate"</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">timeout</span><span class="o">(</span><span class="nl">time:</span> <span class="mi">1</span><span class="o">,</span> <span class="nl">unit:</span> <span class="s1">'MINUTES'</span><span class="o">)</span> <span class="o">{</span> <span class="c1">// Parameter indicates whether to set pipeline to UNSTABLE if Quality Gate fails</span> <span class="c1">// true = set pipeline to UNSTABLE, false = don't</span> <span class="n">waitForQualityGate</span> <span class="nl">abortPipeline:</span> <span class="kc">true</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s2">"install Dependences"</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">sh</span> <span class="s1">'npm install'</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'OWASP Dependency-Check'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">dependencyCheck</span> <span class="nl">additionalArguments:</span> <span class="s1">''' -o './' -s './' -f 'ALL' --prettyPrint'''</span><span class="o">,</span> <span class="nl">odcInstallation:</span> <span class="s1">'owasp'</span> <span class="n">dependencyCheckPublisher</span> <span class="nl">pattern:</span> <span class="s1">'dependency-check-report.xml'</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Build docker images'</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">script</span><span class="o">{</span> <span class="n">dockerimage</span> <span class="o">=</span> <span class="n">docker</span><span class="o">.</span><span class="na">build</span><span class="o">(</span><span class="n">imagename</span> <span class="o">+</span> <span class="s2">":$BUILD_NUMBER"</span><span class="o">,</span> <span class="s2">"."</span><span class="o">)</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Upload to ECR'</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">script</span><span class="o">{</span> <span class="n">docker</span><span class="o">.</span><span class="na">withRegistry</span><span class="o">(</span><span class="n">registeryurl</span><span class="o">,</span> <span class="n">awscred</span><span class="o">){</span> <span class="n">dockerimage</span><span class="o">.</span><span class="na">push</span><span class="o">(</span><span class="s2">"$BUILD_NUMBER"</span><span class="o">)</span> <span class="n">dockerimage</span><span class="o">.</span><span class="na">push</span><span class="o">(</span><span class="s2">"latest"</span><span class="o">)</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'deploy to ecs'</span><span class="o">){</span> <span class="n">steps</span><span class="o">{</span> <span class="n">withAWS</span><span class="o">(</span><span class="nl">credentials:</span><span class="s1">'awscred'</span><span class="o">,</span> <span class="nl">region:</span><span class="s1">'us-east-1'</span><span class="o">){</span> <span class="n">sh</span> <span class="s1">'aws ecs update-service --cluster ${cluster} --service ${service} --force-new-deployment'</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>OWASP report<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmhqfbw4fw4tiq55ru06g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmhqfbw4fw4tiq55ru06g.png" alt="OWASP report" width="800" height="449"></a></p> <p>Stage View<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvocy64uydtm50ubv8jf9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvocy64uydtm50ubv8jf9.png" alt="Stage View" width="800" height="449"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Funcgbuppk555izkci0lh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Funcgbuppk555izkci0lh.png" alt="Server" width="800" height="362"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd1skwdabhmx9g9bn14zm.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd1skwdabhmx9g9bn14zm.png" alt="SonarQube Server" width="800" height="449"></a></p> jenkins cicd node aws bhaktraj Sat, 25 Jan 2025 08:58:39 +0000 https://dev.to/bhaktraj/deploying-java-applications-on-aws-ecs-and-ecr-with-a-jenkins-cicd-pipeline-1ji5 https://dev.to/bhaktraj/deploying-java-applications-on-aws-ecs-and-ecr-with-a-jenkins-cicd-pipeline-1ji5 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz6065aic0k2m4hqjigxi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz6065aic0k2m4hqjigxi.png" alt="Project Arch" width="800" height="362"></a></p> <p>Modern software development demands speed, reliability, and scalability. To meet these challenges, I recently built a CI/CD pipeline that seamlessly deploys a Java application on <strong>AWS ECS (Elastic Container Service)</strong> and <strong>ECR (Elastic Container Registry)</strong> using <strong>Jenkins</strong>. Here’s a detailed walkthrough of the project and the technologies that made it possible.</p> <h3> <strong>Project Overview</strong> </h3> <p>The goal was to automate the entire software delivery process—from code integration to deployment—ensuring fast, reliable, and scalable application delivery.</p> <h4> <strong>Key Objectives:</strong> </h4> <ol> <li>Automate builds and testing for the Java application.</li> <li>Perform static code analysis and quality checks.</li> <li>Dockerize the application for consistent deployments.</li> <li>Push container images to <strong>AWS ECR</strong> for versioning and storage.</li> <li>Deploy the application on <strong>AWS ECS</strong> with zero downtime.</li> <li>Notify the team about build and deployment statuses via Slack.</li> </ol> <h3> <strong>Technologies Used</strong> </h3> <ul> <li> <strong>Jenkins</strong>: CI/CD pipeline automation.</li> <li> <strong>Maven</strong>: Build and dependency management.</li> <li> <strong>SonarQube</strong>: Code quality analysis.</li> <li> <strong>Docker</strong>: Containerization of the Java application.</li> <li> <strong>AWS ECS/ECR</strong>: Container orchestration and storage.</li> <li> <strong>Slack</strong>: Real-time team communication.</li> </ul> <h3> <strong>Pipeline Workflow</strong> </h3> <p>The Jenkins pipeline was structured into several stages:</p> <h4> <strong>1. Fetch the Code</strong> </h4> <p>The pipeline fetches the latest code from the Git repository.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">stage</span><span class="o">(</span><span class="s2">"Fetch the code"</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">git</span> <span class="nl">url:</span> <span class="s1">'https://github.com/bhaktraj/deploy_javaapp_on_aws_ecs.git'</span><span class="o">,</span> <span class="nl">branch:</span> <span class="s1">'main'</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h4> <strong>2. Build Stage</strong> </h4> <p>The application is built using Maven, ensuring that all dependencies are resolved.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">stage</span><span class="o">(</span><span class="s1">'Build'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">sh</span> <span class="s1">'mvn clean install -DskipTests'</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h4> <strong>3. Testing Stage</strong> </h4> <p>Automated tests are executed to validate the application.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">stage</span><span class="o">(</span><span class="s1">'Test'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">sh</span> <span class="s1">'mvn test'</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h4> <strong>4. Code Quality Analysis</strong> </h4> <p>SonarQube is integrated to perform static code analysis and ensure adherence to quality standards.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">stage</span><span class="o">(</span><span class="s1">'Code analysis with checkstyle'</span><span class="o">)</span> <span class="o">{</span> <span class="n">environment</span> <span class="o">{</span> <span class="n">scannerHome</span> <span class="o">=</span> <span class="n">tool</span> <span class="s1">'sonarserver'</span> <span class="o">}</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">withSonarQubeEnv</span><span class="o">(</span><span class="s1">'sonarserver'</span><span class="o">)</span> <span class="o">{</span> <span class="n">sh</span> <span class="s1">'''${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=vprofile \ -Dsonar.projectName=vprofile-repo \ -Dsonar.projectVersion=1.0 \ -Dsonar.sources=src/ \ -Dsonar.java.binaries=target/test-classes/com/visualpathit/account/controllerTest/ \ -Dsonar.junit.reportsPath=target/surefire-reports/ \ -Dsonar.jacoco.reportsPath=target/jacoco.exec \ -Dsonar.java.checkstyle.reportPaths=target/checkstyle-result.xml'''</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h4> <strong>5. Docker Image Build</strong> </h4> <p>The Java application is packaged into a Docker image using a multi-stage Dockerfile.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">stage</span><span class="o">(</span><span class="s1">'image_build'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">script</span> <span class="o">{</span> <span class="n">dockerimage</span> <span class="o">=</span> <span class="n">docker</span><span class="o">.</span><span class="na">build</span><span class="o">(</span><span class="n">imagename</span> <span class="o">+</span> <span class="s2">":$BUILD_NUMBER"</span><span class="o">,</span> <span class="s2">"./Docker-files/app/multistage/"</span><span class="o">)</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h4> <strong>6. Push to AWS ECR</strong> </h4> <p>The Docker image is pushed to <strong>AWS ECR</strong>, enabling version control and easy access for deployment.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">stage</span><span class="o">(</span><span class="s1">'upload image to ecr'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">script</span> <span class="o">{</span> <span class="n">docker</span><span class="o">.</span><span class="na">withRegistry</span><span class="o">(</span><span class="n">registeryurl</span><span class="o">,</span> <span class="n">awscred</span><span class="o">)</span> <span class="o">{</span> <span class="n">dockerimage</span><span class="o">.</span><span class="na">push</span><span class="o">(</span><span class="s2">"$BUILD_NUMBER"</span><span class="o">)</span> <span class="n">dockerimage</span><span class="o">.</span><span class="na">push</span><span class="o">(</span><span class="s2">"latest"</span><span class="o">)</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h4> <strong>7. Deployment to AWS ECS</strong> </h4> <p>The application is deployed on <strong>AWS ECS</strong> using the <code>update-service</code> command, ensuring zero downtime.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">stage</span><span class="o">(</span><span class="s1">'deploy to ecs'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">withAWS</span><span class="o">(</span><span class="nl">credentials:</span> <span class="s1">'awscred'</span><span class="o">,</span> <span class="nl">region:</span> <span class="s1">'us-east-1'</span><span class="o">)</span> <span class="o">{</span> <span class="n">sh</span> <span class="s1">'aws ecs update-service --cluster ${cluster} --service ${service} --force-new-deployment'</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h3> <strong>Post-Build Notifications</strong> </h3> <p>To keep the team informed, Slack notifications are sent at each build stage—success, failure, or completion.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">post</span> <span class="o">{</span> <span class="n">success</span> <span class="o">{</span> <span class="n">slackSend</span><span class="o">(</span><span class="nl">channel:</span> <span class="s1">'#all-javacicdproject'</span><span class="o">,</span> <span class="nl">color:</span> <span class="s1">'good'</span><span class="o">,</span> <span class="nl">message:</span> <span class="s2">"Build #${env.BUILD_NUMBER} succeeded!"</span><span class="o">)</span> <span class="o">}</span> <span class="n">failure</span> <span class="o">{</span> <span class="n">slackSend</span><span class="o">(</span><span class="nl">channel:</span> <span class="s1">'#all-javacicdproject'</span><span class="o">,</span> <span class="nl">color:</span> <span class="s1">'danger'</span><span class="o">,</span> <span class="nl">message:</span> <span class="s2">"Build #${env.BUILD_NUMBER} failed."</span><span class="o">)</span> <span class="o">}</span> <span class="n">always</span> <span class="o">{</span> <span class="n">slackSend</span><span class="o">(</span><span class="nl">channel:</span> <span class="s1">'#all-javacicdproject'</span><span class="o">,</span> <span class="nl">color:</span> <span class="s1">'warning'</span><span class="o">,</span> <span class="nl">message:</span> <span class="s2">"Build #${env.BUILD_NUMBER} completed."</span><span class="o">)</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhm1vkxpwspcwqswj65jy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhm1vkxpwspcwqswj65jy.png" alt="ecs" width="800" height="380"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa8qh7yqxe3dcjrk8d7bs.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa8qh7yqxe3dcjrk8d7bs.png" alt="service" width="800" height="384"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh9aik33vt7xdqds4lpzu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh9aik33vt7xdqds4lpzu.png" alt="ecr" width="800" height="367"></a></p> <h3> <strong>Key Benefits</strong> </h3> <ol> <li> <strong>Automation Saves Time</strong>: Eliminates manual intervention, speeding up the delivery process.</li> <li> <strong>Enhanced Code Quality</strong>: SonarQube ensures adherence to coding standards.</li> <li> <strong>Scalable Deployments</strong>: AWS ECS allows for easy scaling as application traffic grows.</li> <li> <strong>Consistent Environments</strong>: Docker ensures the same runtime environment across all stages.</li> <li> <strong>Real-Time Feedback</strong>: Slack notifications provide instant updates to the team.</li> </ol> <h3> <strong>Conclusion</strong> </h3> <p>This project highlights the power of combining Jenkins, Docker, and AWS to create a seamless CI/CD pipeline for modern Java applications. The result is a reliable, scalable, and automated deployment process that aligns with DevOps best practices.</p> <p>Have you worked on a similar project or have questions about setting up a CI/CD pipeline? Let’s discuss in the comments!</p> <h1> DevOps #JenkinsPipeline #AWS #Java #Docker #CICD #CloudComputing #SonarQube #Automation #SoftwareEngineering </h1> jenkins docker ecs ecr bhaktraj Tue, 21 Jan 2025 20:10:44 +0000 https://dev.to/bhaktraj/automating-cicd-for-a-java-application-with-jenkins-a-complete-pipeline-guide-d70 https://dev.to/bhaktraj/automating-cicd-for-a-java-application-with-jenkins-a-complete-pipeline-guide-d70 <p><strong>Introduction</strong></p> <p>in modern software development, Continuous Integration and Continuous Deployment (CI/CD) pipelines play a critical role in automating code integration, testing, artifact generation, and deployment. In this blog, we’ll walk through building a CI/CD pipeline for a Java-based web application using Jenkins, SonarQube, and Nexus.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdzeq4zpapxbxcov8slt2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdzeq4zpapxbxcov8slt2.png" alt="Automating CI/CD for a Java Application with Jenkins" width="800" height="215"></a></p> <p><strong>Pipeline Overview</strong><br> The Java application, vProfile, is a web-based project developed using Maven. The pipeline automates the following tasks:</p> <ul> <li>Fetching code from a Git repository.</li> <li>Building the project with Maven.</li> <li>Running automated tests.</li> <li>Performing code quality analysis with SonarQube.</li> <li>Uploading the generated artifact to Nexus.</li> <li>Sending Slack notifications about the build status.</li> </ul> <p>Prerequisites</p> <p>Before setting up the pipeline, ensure the following tools and configurations are in place:</p> <ul> <li>Jenkins: Installed and running with appropriate plugins:</li> <li>Git Plugin</li> <li>Maven Integration Plugin</li> <li>SonarQube Scanner Plugin</li> <li>Nexus Artifact Uploader Plugin</li> <li>Slack Notification Plugin</li> <li>SonarQube: Configured with a project</li> <li>Nexus: Running and hosting a repository for the artifacts.</li> <li>Slack: A workspace with an incoming webhook URL for notifications.</li> <li>Source Code: Hosted in a Git repository.</li> </ul> <p>Pipeline Script<br> Below is the complete Jenkins pipeline script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>pipeline { agent { label 'agent47' } tools { maven 'maven3' jdk 'jdk17' } stages{ stage("Fetch the code"){ steps{ git url: 'https://github.com/hkhcoder/vprofile-project.git', branch: 'atom' } } stage('Build'){ steps{ sh 'mvn clean install -DskipTests' } } stage('Test'){ steps{ sh 'mvn test' } } stage('Code analysis with checkstyle'){ environment { scannerHome = tool 'sonarserver' } steps { withSonarQubeEnv('sonarserver') { sh '''${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=vprofile \ -Dsonar.projectName=vprofile-repo \ -Dsonar.projectVersion=1.0 \ -Dsonar.sources=src/ \ -Dsonar.java.binaries=target/test-classes/com/visualpathit/account/controllerTest/ \ -Dsonar.junit.reportsPath=target/surefire-reports/ \ -Dsonar.jacoco.reportsPath=target/jacoco.exec \ -Dsonar.java.checkstyle.reportPaths=target/checkstyle-result.xml''' } } } stage('upload artifact'){ steps { nexusArtifactUploader( nexusVersion: 'nexus3', protocol: 'http', nexusUrl: '172.31.18.61:8081', groupId: 'QA', version: '${env.BUILD_ID}.${env.BUILD_TIMESTAMP}', repository: 'projectrepo', credentialsId: 'nexuscred', artifacts: [ [artifactId: 'vproapp', classifier: '', file: 'target/vprofile-v2.war', type: 'war'] ] ) } } } post { success { slackSend(channel: '#all-javacicdproject', color: 'good', message: "Build #${env.BUILD_NUMBER} succeeded!") } failure { slackSend(channel: '#all-javacicdproject', color: 'danger', message: "Build #${env.BUILD_NUMBER} failed.") } always { slackSend(channel: '#all-javacicdproject', color: 'warning', message: "Build #${env.BUILD_NUMBER} completed.") } } } </code></pre> </div> <ol> <li>Agent Section The agent block determines where the pipeline will run. It could be a specific machine, a Docker container, or any available node in the Jenkins environment.</li> </ol> <p>In our pipeline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>agent { label 'agent47' } </code></pre> </div> <ul> <li>Label (agent47): Refers to a specific Jenkins node (agent) where the pipeline tasks will execute. This label helps Jenkins assign the job to a machine with the required configurations and tools installed.</li> </ul> <p><strong>Why Use Agents?</strong></p> <ul> <li>Distributed Builds: Agents allow Jenkins to run jobs on multiple machines, distributing the workload.</li> <li>Resource Optimization: Specific agents can be optimized for tasks like builds, testing, or deployments.</li> <li>Environment Isolation: Different agents can have unique environments for different project requirements.</li> </ul> <p><em>If no specific label is mentioned, Jenkins uses the default agent available.</em></p> <ol> <li>Tools Section The tools block in the pipeline script specifies the required software versions that Jenkins needs to run the build and analysis processes. This ensures that the right versions of tools are available on the agent where the pipeline executes.</li> </ol> <p>In our pipeline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>tools { maven 'maven3' jdk 'jdk17' } </code></pre> </div> <p>By declaring tools, Jenkins ensures that the appropriate versions are installed and configured on the agent before executing the pipeline stages.</p> <p>Key Pipeline Stages</p> <ol> <li>Fetch the Code</li> </ol> <p>The pipeline begins by pulling the source code from the Git repository.</p> <ol> <li>Build</li> </ol> <p>Using Maven, the project is built with the mvn clean install command. Tests are skipped in this stage to save time.</p> <ol> <li>Test</li> </ol> <p>Automated unit tests are executed to validate the codebase.</p> <ol> <li>Code Analysis</li> </ol> <p>SonarQube analyzes the code for potential issues and technical debt. Metrics include code smells, security vulnerabilities, and maintainability.</p> <ol> <li>Upload Artifact</li> </ol> <p>The generated .war file is uploaded to a Nexus repository for future deployment.</p> <ol> <li>Post-Build Notifications</li> </ol> <p>Slack notifications are sent to a designated channel to inform the team about the build status.</p> jenkins cicd sonarqube nexus bhaktraj Mon, 20 Jan 2025 18:33:04 +0000 https://dev.to/bhaktraj/step-by-step-guide-to-building-a-containerized-microservices-project-3ndf https://dev.to/bhaktraj/step-by-step-guide-to-building-a-containerized-microservices-project-3ndf <p>This blog will walk you through the steps to create a containerized microservices project involving Angular, Node.js, and Java applications. We'll use Docker to containerize each application and NGINX to manage traffic routing.</p> <ol> <li>Project Overview</li> </ol> <ul> <li>Frontend: Angular application for the user interface.</li> <li>Backend 1: Node.js application connected to a MongoDB database for NoSQL operations.</li> <li>Backend 2: Java application built with Maven and connected to a MySQL database.</li> <li>Traffic Management: NGINX reverse proxy routes requests to the appropriate service.</li> <li>Containerization: Docker is used to containerize all components.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq3c2aw11gdbr2e3yo8js.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq3c2aw11gdbr2e3yo8js.jpg" alt="Microservices diagram" width="800" height="601"></a></p> <ol> <li>Prerequisites</li> </ol> <ul> <li>Docker and Docker Compose installed.</li> <li>Basic knowledge of Angular, Node.js, Java (with Maven), and databases (MySQL, MongoDB).</li> <li>NGINX configuration knowledge.</li> </ul> <p>now I have a demo microservice project so i use this</p> <p>Demo Project link <a href="https://github.com/bhaktraj/microservice_containerize.git" rel="noopener noreferrer">https://github.com/bhaktraj/microservice_containerize.git</a></p> <ol> <li>Create Dockerfile Now you have to create Dockerfile of each and ever services</li> </ol> <p>So for Angular</p> <p>Dockerfile is<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>FROM node:14 AS first_image WORKDIR /app COPY ./ /app/client/ RUN cd client &amp;&amp; npm install &amp;&amp; npm run build --prod #second image FROM nginx:latest COPY --from=first_image /app/client/dist/client /usr/share/nginx/html COPY nginx.conf /etc/nginx/conf.d/default.config EXPOSE 4200 </code></pre> </div> <p>For Java Web application</p> <p>Dockerfile<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>FROM openjdk:8 AS first_image WORKDIR /app RUN apt update &amp;&amp; apt install maven -y COPY ./ /app/ RUN mvn install -DskipTests FROM openjdk:8 WORKDIR /app COPY --from=first_image /app/target/book-work-0.0.1-SNAPSHOT.jar /app/book-work.jar EXPOSE 9000 ENTRYPOINT [ "java","-jar","book-work.jar" ] </code></pre> </div> <p>For Node js <br> Dockerfile<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>FROM node:14 AS FIRST_IMAGE WORKDIR /app COPY ./ ./nodeapi/ RUN cd nodeapi &amp;&amp; npm install FROM node:14 WORKDIR /app COPY --from=FIRST_IMAGE /app/nodeapi/ /app/ EXPOSE 5000 CMD [ "/bin/sh", "-c", "cd /app/ &amp;&amp; npm start" ] </code></pre> </div> <ol> <li>Configure NGINX as a Reverse Proxy </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>upstream client { server client:4200; } server { listen 80; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://client/; } location /api { proxy_pass http://api:5000; } location /webapi { proxy_pass http://webapi:9000; } } </code></pre> </div> <p>Nginx DockerFile<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>FROM nginx COPY default.conf /etc/nginx/conf.d/default.conf </code></pre> </div> <ol> <li>Docker Compose Setup Create a docker-compose.yml file to orchestrate the containers: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>version: '3.8' services: mysql: image: mysql container_name: emartdb ports: - "3306:3306" environment: MYSQL_ROOT_PASSWORD: emartdbpass MYSQL_DATABASE: books volumes: - msqldat:/var/lib/mysql mongodb: image: mongo container_name: emongo environment: MONGO_INITDB_DATABASE: epoc volumes: - mogoda:/data/db ports: - "27017:27017" nginx: build: context: ./nginx container_name: nginx ports: - "80:80" restart: always clientapp: build: context: ./client container_name: client ports: - "4200:4200" depends_on: - javaapi - nodeapi javaapi: build: context: ./javaapi container_name: webapi ports: - "9000:9000" restart: always depends_on: - mysql nodeapi: build: context: ./nodeapi container_name: api ports: - "5000:5000" restart: always depends_on: - mongodb volumes: msqldat: mogoda: </code></pre> </div> <ol> <li>Build and Run the Project</li> </ol> <ul> <li>Navigate to the root directory of the project.</li> <li>Run </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker-compose up --build. </code></pre> </div> <p>Refrence:<br> TechWorld with Nana <br> Youtube channel :<a href="https://www.youtube.com/@TechWorldwithNana" rel="noopener noreferrer">https://www.youtube.com/@TechWorldwithNana</a><br> Imran Teli<br> A Udemy Course <a href="https://www.udemy.com/share/104Tz63@VxTegKgnIJACN30HBKGjPCEVnfF_0bPs_LpTow0FKaCoI8D6yhr4i5MK4ggS1-R6Dw==/" rel="noopener noreferrer">https://www.udemy.com/share/104Tz63@VxTegKgnIJACN30HBKGjPCEVnfF_0bPs_LpTow0FKaCoI8D6yhr4i5MK4ggS1-R6Dw==/</a></p> docker nginx microservices springboot bhaktraj Fri, 10 Jan 2025 05:59:20 +0000 https://dev.to/bhaktraj/how-to-install-jenkins-in-ubuntu-2735 https://dev.to/bhaktraj/how-to-install-jenkins-in-ubuntu-2735 <p>What is Jenkins ?<br> Jenkins is an open source automation server which is used for continuous integration and continuous delivery in software development its help to automate the parts of software development related like building , testing, deploying and delivery the software </p> <p><strong>how you can install Jenkins on Ubuntu:</strong><br> Step 1:<br> You need to read documentation of Jenkins that what are the minimum requirement for installing Jenkins<br> documentation link : <a href="https://www.jenkins.io/doc/book/installing/linux/" rel="noopener noreferrer">https://www.jenkins.io/doc/book/installing/linux/</a></p> <p>The point that are being in the knowledge.</p> <ol> <li>Which java version is required for which jenkins version first install that version of java</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcskmbg33n2xrlb4qe50u.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcskmbg33n2xrlb4qe50u.png" alt="Jenkins java version as per jenkins version" width="800" height="600"></a><em>(source: Jenkins Documentation)</em></p> <p>Step 2:<br> First Update your System:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt update </code></pre> </div> <p>Step 3;<br> install Java as per the requirement of Jenkins version<br> observe the picture</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyezn3hs5onvbmb9q6i1x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyezn3hs5onvbmb9q6i1x.png" alt="java version" width="758" height="183"></a><em>(source: Jenkins Documentation)</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt install openjdk-21-jre-headless </code></pre> </div> <p>Step 4:<br> Now follow the documentation command</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6hnt9bpr1u4cxgaiufa0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6hnt9bpr1u4cxgaiufa0.png" alt="Jenkins documentation command " width="800" height="311"></a><em>(source: Jenkins Documentation)</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \ https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \ https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ /etc/apt/sources.list.d/jenkins.list &gt; /dev/null </code></pre> </div> <p>Step 5:<br> update it again<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt-get update </code></pre> </div> <p>Step 6:<br> Install Jenkins<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt-get install jenkins </code></pre> </div> <p>Step 7:<br> enable means start the service when machine is rebooted<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo systemctl enable jenkins </code></pre> </div> <p>Step 8:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo systemctl start jenkins </code></pre> </div> <p>Now<br> Jenkins is install so open it with port 8080</p> <p>and the password is at <br> /var/lib/jenkins/secrets/initialAdminPassword<br> it's mention in the browser</p> <p>So use Cmd<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo cat /var/lib/jenkins/secrets/initialAdminPassword </code></pre> </div> <p>copy the password and paste it there in browser <br> and configure the setting that you need.</p> <p>Script For Provisioning in cloud<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#!/bin/bash sudo apt update sudo apt install openjdk-21-jre-headless -y sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \ https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \ https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ /etc/apt/sources.list.d/jenkins.list &gt; /dev/null sudo apt-get update sudo apt-get install jenkins -y sudo systemctl enable jenkins sudo systemctl start jenkins </code></pre> </div> <p>Thanks</p> jenkins cicd ubuntu cicdpipeline bhaktraj Tue, 07 Jan 2025 07:12:34 +0000 https://dev.to/bhaktraj/docker-install-in-ubuntu-or-on-cloud-aws-provisioning-mfi https://dev.to/bhaktraj/docker-install-in-ubuntu-or-on-cloud-aws-provisioning-mfi <p><strong>Here’s a guide for installing Docker on Ubuntu or provisioning it on AWS:</strong></p> <p><strong>Install Docker on Ubuntu</strong></p> <ol> <li>Update Package: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt update </code></pre> </div> <ol> <li>Install Required Packages: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt-get install ca-certificates curl </code></pre> </div> <ol> <li>Add Docker's official GPG key: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc </code></pre> </div> <ol> <li>Add Docker Repository: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release &amp;&amp; echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list &gt; /dev/null </code></pre> </div> <ol> <li>Update Package: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt update </code></pre> </div> <ol> <li>To install the latest version, run: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y </code></pre> </div> <ol> <li>Verify that the installation is successful or not </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker --version </code></pre> </div> <ol> <li>Or try By run Some Docker Cmd </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo docker run hello-world </code></pre> </div> <p><strong>Another Way for installing Docker <br> only two command need to install docker</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt update sudo apt install docker.io -y </code></pre> </div> <p><strong>Script For Install docker in ubuntu</strong><br> also copy from <a href="https://github.com/bhaktraj/dockerinstall/tree/main" rel="noopener noreferrer">https://github.com/bhaktraj/dockerinstall/tree/main</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#!/bin/bash # Add Docker's official GPG key: sudo apt-get update sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release &amp;&amp; echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list &gt; /dev/null sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y </code></pre> </div> <p>after that verify docker is install or not by run following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker --version </code></pre> </div> <p>or<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo docker run hello-world </code></pre> </div> <p><strong>Docker Install on AWS Cloud By Provisioning</strong></p> <ol> <li>Provision EC2 Instance:</li> </ol> <p>Launch an EC2 instance with the following:<br> OS: <br> Ubuntu (latest LTS version recommended)<br> Instance Type: t2.micro (for learning) or more for production<br> Configure security group to allow port 22 (SSH) for remote login</p> <p>Paste the following Script in user data in advance details block:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fawlhvrcxn6qolvj86y1g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fawlhvrcxn6qolvj86y1g.png" alt="pasting script in userdata of advance details block" width="800" height="371"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#!/bin/bash # Add Docker's official GPG key: sudo apt-get update sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release &amp;&amp; echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list &gt; /dev/null sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y </code></pre> </div> <p>And Launch the instance wait for 2 to 5 min after launching then login into instance and verify the docker is install properly or not by command<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker --version </code></pre> </div> <p>or<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo docker run hello-world </code></pre> </div> <p>Comment for any query</p> docker devops aws linux bhaktraj Fri, 03 Jan 2025 09:52:40 +0000 https://dev.to/bhaktraj/auto-scaling-multi-tier-web-application-deployment-architecture-on-cloudaws-4j7f https://dev.to/bhaktraj/auto-scaling-multi-tier-web-application-deployment-architecture-on-cloudaws-4j7f <h2> Introduction </h2> <p>The primary goal of this project is to design, deploy, and manage a robust multi-service application on Amazon Web Services (AWS). The application architecture leverages various AWS resources to ensure scalability, availability, and optimal performance. The solution is built around four EC2 instances, each hosting a dedicated service critical to the functionality of the overall system. Additionally, it incorporates an Elastic Load Balancer (ELB) to manage incoming traffic efficiently and an Auto Scaling group to handle dynamic demand.</p> <p>This architecture provides a well-structured foundation for a cloud-based application, allowing seamless communication between services and offering flexibility to scale up or down as needed.</p> <p><strong>System Design/Architecture:</strong><br> The architecture of this project is built on the AWS cloud infrastructure to deploy a multi-service application with high availability, scalability, and security. The system design includes various components that are integrated to ensure efficient resource usage, fault tolerance, and secure communication between services.<br> High-Level Architecture Overview:</p> <p><strong>1.Virtual Private Cloud (VPC):</strong></p> <p>The system is deployed within a Virtual Private Cloud (VPC) to provide a secure, isolated network environment. The VPC is divided into public and private subnets:<br> o Public Subnets: These host the Elastic Load Balancer (ELB), which is responsible for handling incoming traffic and distributing it across the application servers.<br> o Private Subnets: These contain the EC2 instances that host various services like Memcached, MariaDB, and RabbitMQ, which need to be isolated for security reasons.<br> <strong>2.Elastic Load Balancer (ELB):</strong></p> <p>The ELB sits in the public subnet and distributes incoming traffic across the EC2 instances in the private subnets. It helps ensure that the application remains highly available and fault-tolerant, routing traffic to healthy instances automatically.<br> <strong>3.EC2 Instances:</strong></p> <ul> <li><p>app01:<br> Hosts the core application logic that handles user requests and serves the application. It is part of an Auto Scaling group to automatically scale based on demand.</p></li> <li><p>mc01:<br> Hosts Memcached, a caching layer that helps reduce database load by caching frequently accessed data.</p></li> <li><p>db01:<br> Hosts MariaDB, which provides relational database management for storing application data securely.</p></li> <li><p>rmq01:<br> Hosts RabbitMQ, a messaging broker that facilitates communication between services asynchronously.</p></li> </ul> <p><strong>4.Auto Scaling Group:</strong></p> <p>The Auto Scaling group ensures that the number of EC2 instances in the app01 tier automatically adjusts based on defined metrics such as CPU utilization or incoming traffic. This allows the application to scale in or out to handle varying load efficiently.<br> <strong>5.Security Groups and Network ACLs:</strong></p> <p>Security groups are configured to allow traffic only from trusted sources, such as the ELB to the application instances, and other necessary communication between services. Network ACLs add an additional layer of security by controlling inbound and outbound traffic at the subnet level.<br> <strong>6.CloudWatch for Monitoring:</strong></p> <p>AWS CloudWatch is used to monitor the health of EC2 instances, Auto Scaling events, and ELB metrics. Alarms are set to automatically scale resources and notify administrators in case of any issues or performance bottlenecks.</p> <p><strong>Diagram</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqoo2vdmfibvtyle7ahjl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqoo2vdmfibvtyle7ahjl.png" alt="Diagram of Auto scaling Multi-tier Web Application deployment architecture on Cloud" width="500" height="720"></a></p> <p><strong>Implementation: Methods, Algorithms, and Processes</strong></p> <ol> <li>Security Group Configuration Security Groups are configured to act as virtual firewalls for EC2 instances. Each service (app01, mc01, db01, rmq01) has its own security group with specific inbound and outbound rules to control network traffic</li> </ol> <ul> <li> <strong>ELBSG (Security Group):</strong> The Elastic Load Balancer is set up in the public subnet to distribute traffic to the app01 instances in private subnets. The ELB is configured to automatically route traffic to healthy instances.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6rp44rtmj14na57nttr5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6rp44rtmj14na57nttr5.png" alt="Elastic Load Balancer Security Group" width="800" height="355"></a></p> <p>allow inbouund rule in which https allow for public IP means traffic is allowed</p> <ul> <li> <strong>appSG (Application server):</strong> Only allows incoming traffic from the ELB (to handle HTTP/HTTPS requests) and from other trusted services (e.g., RabbitMQ, Memcached, MariaDB).</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp9mw78xmdq67w73b95zo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp9mw78xmdq67w73b95zo.png" alt="Application server Security Group" width="800" height="364"></a></p> <p>Allow HTTPS traffic comes from ELB to application server<br> and allow ssh to your Ip only to enter in the server for installing application or monitoring etc.</p> <ul> <li> <strong>BackendSG :</strong> Accepts inbound traffic only from app01 and other trusted services in the private subnet like rabbitmq , database,and memecached server, ensuring that database connections are not exposed to the internet.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F69jd7e33xs2erpcxdwoh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F69jd7e33xs2erpcxdwoh.png" alt="BackendSG" width="800" height="379"></a></p> <p>Allow port 3306,11211,5672 for the traffic that comes from application server<br> allow all traffic for all rabbitMQ, Memcache, Database server to each other means allow traffic from same security group</p> <p><strong>2.Key Pair Management:</strong></p> <p>During EC2 instance creation, a Key Pair is generated (or an existing one can be used) for secure SSH access to instances. This ensures that only authorized personnel or systems with the corresponding private key can connect to the EC2 instances, maintaining the security of the instances from unauthorized access.</p> <p><strong>3.Provisioning EC2 Instances:</strong></p> <p>EC2 instances are provisioned using Amazon Machine Images (AMIs) based on the service requirements:</p> <ol> <li><p>app01:<br> EC2 instance is configured with a Tomcat server to host the application. Tomcat is installed on the EC2 instance, and the necessary Java Runtime Environment (JRE) is configured to run the application. <br> The Tomcat web server is configured to handle HTTP requests (typically on port 8080 by default) and route them through to the appropriate application components. If required, Apache HTTPD can be used as a reverse proxy in front of Tomcat to handle requests on port 80 or 443 and forward them to Tomcat on port 8080.</p></li> <li><p>mc01:<br> Configured with Memcached to provide an in-memory caching layer, improving application performance.</p></li> <li><p>db01:<br> Set up with MariaDB as the database service for storing application data securely.</p></li> <li><p>rmq01:<br> Configured with RabbitMQ for handling messaging between different services in an asynchronous manner.</p></li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3bxbm4f6yu9hz157szt7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3bxbm4f6yu9hz157szt7.png" alt="EC2 instances" width="800" height="405"></a><br> <strong>4.Configuring ELB:</strong></p> <p>The Elastic Load Balancer is set up in the public subnet to distribute traffic to the app01 instances in private subnets. The ELB is configured to automatically route traffic to healthy instances.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffuvchesiovnquy7ipjpz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffuvchesiovnquy7ipjpz.png" alt="Target Group" width="800" height="391"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq2dcfidzwkoox5cckbk2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq2dcfidzwkoox5cckbk2.png" alt="load balancer" width="800" height="386"></a></p> <p><strong>5.Auto Scaling Configuration:</strong></p> <p>An Auto Scaling group is created for the app01 EC2 instances, with scaling policies based on CPU utilization (e.g., scale out when CPU utilization exceeds 80%). This ensures that the application automatically scales based on user traffic</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fapi3gr5yvt6lk51h6ok1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fapi3gr5yvt6lk51h6ok1.png" alt="Auto Scaling Configuration" width="800" height="387"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbgb9i10dexhnjg3jhggl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbgb9i10dexhnjg3jhggl.png" alt="Auto Scaling Configuration" width="800" height="388"></a></p> aws devops cloudskills