From 2d3a2d32acb42774b8f8e0e594279c35d5e928ba Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 10:06:28 +0000 Subject: [PATCH 1/2] Migrate from Java 17 to Java 21 Co-Authored-By: Joao Esteves --- Dockerfile | 4 ++-- README.md | 2 +- pom.xml | 13 ++----------- 3 files changed, 5 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 079acabe..3641a71d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ #---------------------------------- # Import docker image with maven installed -FROM maven:3.8.3-openjdk-17 as builder +FROM maven:3.9.6-eclipse-temurin-21 as builder # Add maintainer, so that new user will understand who had written this Dockerfile MAINTAINER Madhup Pandey @@ -25,7 +25,7 @@ RUN mvn clean install -DskipTests=true #-------------------------------------- # Import small size java image -FROM openjdk:17-alpine as deployer +FROM eclipse-temurin:21-jre-alpine as deployer # Copy build from stage 1 (builder) COPY --from=builder /src/target/*.jar /src/target/bankapp.jar diff --git a/README.md b/README.md index 2f49958e..c76964d5 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ sudo su - Install Jenkins ```bash sudo apt update -y -sudo apt install fontconfig openjdk-17-jre -y +sudo apt install fontconfig openjdk-21-jre -y sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \ https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key diff --git a/pom.xml b/pom.xml index fc5bfeac..72664362 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 3.3.3 + 3.3.3 com.example @@ -27,7 +27,7 @@ - 17 + 21 @@ -75,15 +75,6 @@ org.springframework.boot spring-boot-maven-plugin - - org.apache.maven.plugins - maven-compiler-plugin - 3.8.0 - - 1.8 - 1.8 - - From 8b85b8a2751fdd87190684cb01f3b1a4a6a0d15c Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 10:13:00 +0000 Subject: [PATCH 2/2] docs: rewrite README for improved readability Co-Authored-By: Joao Esteves --- README.md | 730 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 430 insertions(+), 300 deletions(-) diff --git a/README.md b/README.md index c76964d5..93dbe0fa 100644 --- a/README.md +++ b/README.md @@ -1,133 +1,189 @@ -## End-to-End Bank Application Deployment using DevSecOps on AWS EKS -- This is a multi-tier bank an application written in Java (Springboot). +# End-to-End Bank Application Deployment using DevSecOps on AWS EKS + +A multi-tier banking web application written in Java (Spring Boot). ![Login diagram](images/login.png) ![Transactions diagram](images/transactions.png) -## Tech stack used in this project: -- GitHub (Code) -- Docker (Containerization) -- Jenkins (CI) -- OWASP (Dependency check) -- SonarQube (Quality) -- Trivy (Filesystem Scan) -- ArgoCD (CD) -- AWS EKS (Kubernetes) -- Helm (Monitoring using grafana and prometheus) - -### Steps to deploy: - -### Pre-requisites: -- root user access -```bash -sudo su -``` -# +--- + +## Tech Stack + +| Category | Tool | +|--------------------|-----------------------------------| +| Source Control | GitHub | +| Containerization | Docker | +| CI | Jenkins | +| Dependency Check | OWASP | +| Code Quality | SonarQube | +| Filesystem Scan | Trivy | +| CD | ArgoCD | +| Orchestration | AWS EKS (Kubernetes) | +| Monitoring | Helm (Grafana & Prometheus) | + +--- + +## Table of Contents + +1. [Prerequisites](#prerequisites) +2. [EKS Cluster Setup](#eks-cluster-setup) +3. [Jenkins Installation](#jenkins-installation) +4. [Docker Installation](#docker-installation) +5. [SonarQube Setup](#sonarqube-setup) +6. [Trivy Installation](#trivy-installation) +7. [ArgoCD Installation & Configuration](#argocd-installation--configuration) +8. [Email Notifications](#email-notifications) +9. [Jenkins Plugin & Tool Configuration](#jenkins-plugin--tool-configuration) +10. [Application Deployment](#application-deployment) +11. [Monitoring with Prometheus & Grafana](#monitoring-with-prometheus--grafana) +12. [Clean Up](#clean-up) + +--- + +## Prerequisites + +- Root user access: + ```bash + sudo su + ``` + > [!Note] -> This project will be implemented on North California region (us-west-1). +> This project will be implemented on the North California region (`us-west-1`). + +- **AWS EC2 instance:** 1 Master machine (`t2.medium`) with 29 GB of storage. +- **Security group ports:** Open the ports shown below. -- Create 1 Master machine on AWS (t2.medium) and 29 GB of storage. -# -- Open the below ports in security group ![image](https://github.com/user-attachments/assets/4e5ecd37-fe2e-4e4b-a6ba-14c7b62715a3) -- Create EKS Cluster on AWS +--- + +## EKS Cluster Setup + +### Install AWS CLI + - IAM user with **access keys and secret access keys** -- AWSCLI should be configured (Setup AWSCLI) - ```bash - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - sudo apt install unzip - unzip awscliv2.zip - sudo ./aws/install - aws configure - ``` +- [AWSCLI setup reference](https://github.com/DevMadhup/DevOps-Tools-Installations/blob/main/AWSCLI/AWSCLI.sh) -- Install **kubectl**(Setup kubectl ) - ```bash - curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl - chmod +x ./kubectl - sudo mv ./kubectl /usr/local/bin - kubectl version --short --client - ``` +```bash +curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" +sudo apt install unzip +unzip awscliv2.zip +sudo ./aws/install +aws configure +``` + +### Install kubectl + +[kubectl setup reference](https://github.com/DevMadhup/DevOps-Tools-Installations/blob/main/Kubectl/Kubectl.sh) + +```bash +curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl +chmod +x ./kubectl +sudo mv ./kubectl /usr/local/bin +kubectl version --short --client +``` + +### Install eksctl + +[eksctl setup reference](https://github.com/DevMadhup/DevOps-Tools-Installations/blob/main/eksctl%20/eksctl.sh) + +```bash +curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp +sudo mv /tmp/eksctl /usr/local/bin +eksctl version +``` + +### Create the EKS Cluster + +```bash +eksctl create cluster --name=bankapp \ + --region=us-west-1 \ + --version=1.30 \ + --without-nodegroup +``` + +### Associate IAM OIDC Provider + +```bash +eksctl utils associate-iam-oidc-provider \ + --region us-west-1 \ + --cluster bankapp \ + --approve +``` + +### Create Node Group + +```bash +eksctl create nodegroup --cluster=bankapp \ + --region=us-west-1 \ + --name=bankapp \ + --node-type=t2.medium \ + --nodes=2 \ + --nodes-min=2 \ + --nodes-max=2 \ + --node-volume-size=29 \ + --ssh-access \ + --ssh-public-key=eks-nodegroup-key +``` -- Install **eksctl**(Setup eksctl) - ```bash - curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp - sudo mv /tmp/eksctl /usr/local/bin - eksctl version - ``` - -- Create EKS Cluster - ```bash - eksctl create cluster --name=bankapp \ - --region=us-west-1 \ - --version=1.30 \ - --without-nodegroup - ``` -- Associate IAM OIDC Provider - ```bash - eksctl utils associate-iam-oidc-provider \ - --region us-west-1 \ - --cluster bankapp \ - --approve - ``` -- Create Nodegroup - ```bash - eksctl create nodegroup --cluster=bankapp \ - --region=us-west-1 \ - --name=bankapp \ - --node-type=t2.medium \ - --nodes=2 \ - --nodes-min=2 \ - --nodes-max=2 \ - --node-volume-size=29 \ - --ssh-access \ - --ssh-public-key=eks-nodegroup-key - ``` > [!Note] -> Make sure the ssh-public-key "eks-nodegroup-key is available in your aws account" -- Install Jenkins +> Make sure the SSH public key `eks-nodegroup-key` is available in your AWS account. + +--- + +## Jenkins Installation + ```bash sudo apt update -y sudo apt install fontconfig openjdk-21-jre -y sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \ https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key - + echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \ https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ /etc/apt/sources.list.d/jenkins.list > /dev/null - + sudo apt-get update -y sudo apt-get install jenkins -y ``` -- After installing Jenkins, change the default port of jenkins from 8080 to 8081. Because our bankapp application will be running on 8080. - - Open /usr/lib/systemd/system/jenkins.service file and change JENKINS_PORT environment variable -![image](https://github.com/user-attachments/assets/6320ae49-82d4-4ae3-9811-bd6f06778483) - - Reload daemon - ```bash - sudo systemctl daemon-reload - ``` - - Restart Jenkins - ```bash - sudo systemctl restart jenkins - ``` -# +### Change Jenkins Default Port + +The bank application runs on port 8080, so Jenkins must be moved to port 8081: + +1. Open `/usr/lib/systemd/system/jenkins.service` and change the `JENKINS_PORT` environment variable: + + ![image](https://github.com/user-attachments/assets/6320ae49-82d4-4ae3-9811-bd6f06778483) + +2. Reload the daemon and restart Jenkins: + + ```bash + sudo systemctl daemon-reload + sudo systemctl restart jenkins + ``` + +--- -- Install docker +## Docker Installation ```bash sudo apt install docker.io -y sudo usermod -aG docker ubuntu && newgrp docker ``` -# -- Install and configure SonarQube + +--- + +## SonarQube Setup + ```bash docker run -itd --name SonarQube-Server -p 9000:9000 sonarqube:lts-community ``` -# -- Install Trivy + +--- + +## Trivy Installation + ```bash sudo apt-get install wget apt-transport-https gnupg lsb-release -y wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - @@ -135,311 +191,385 @@ echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo apt-get update -y sudo apt-get install trivy -y ``` -# -- Install and Configure ArgoCD - - Create argocd namespace - ```bash - kubectl create namespace argocd - ``` - - Apply argocd manifest - ```bash - kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml - ``` - - Make sure all pods are running in argocd namespace - ```bash - watch kubectl get pods -n argocd - ``` - - Install argocd CLI - ```bash - curl --silent --location -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v2.4.7/argocd-linux-amd64 - ``` - - Provide executable permission - ```bash - chmod +x /usr/local/bin/argocd - ``` - - Check argocd services - ```bash - kubectl get svc -n argocd - ``` - - Change argocd server's service from ClusterIP to NodePort - ```bash - kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}' - ``` - - Confirm service is patched or not - ```bash - kubectl get svc -n argocd - ``` - - Check the port where ArgoCD server is running and expose it on security groups of a k8s worker node - ![image](https://github.com/user-attachments/assets/a2932e03-ebc7-42a6-9132-82638152197f) - - Access it on browser, click on advance and proceed with - ```bash - : - ``` - ![image](https://github.com/user-attachments/assets/29d9cdbd-5b7c-44b3-bb9b-1d091d042ce3) - ![image](https://github.com/user-attachments/assets/08f4e047-e21c-4241-ba68-f9b719a4a39a) - ![image](https://github.com/user-attachments/assets/1ffa85c3-9055-49b4-aab0-0947b95f0dd2) - - Fetch the initial password of argocd server + +--- + +## ArgoCD Installation & Configuration + +### Create Namespace and Install ArgoCD + +```bash +kubectl create namespace argocd +kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml +``` + +Wait for all pods to be running: + +```bash +watch kubectl get pods -n argocd +``` + +### Install ArgoCD CLI + +```bash +curl --silent --location -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v2.4.7/argocd-linux-amd64 +chmod +x /usr/local/bin/argocd +``` + +### Expose ArgoCD Server + +1. Check services: + + ```bash + kubectl get svc -n argocd + ``` + +2. Change from ClusterIP to NodePort: + + ```bash + kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}' + ``` + +3. Confirm the change: + + ```bash + kubectl get svc -n argocd + ``` + +4. Note the assigned NodePort and open it in the worker node's security group. + + ![image](https://github.com/user-attachments/assets/a2932e03-ebc7-42a6-9132-82638152197f) + +5. Access ArgoCD in your browser: + + ``` + : + ``` + + Click **Advanced** and proceed. + + ![image](https://github.com/user-attachments/assets/29d9cdbd-5b7c-44b3-bb9b-1d091d042ce3) + ![image](https://github.com/user-attachments/assets/08f4e047-e21c-4241-ba68-f9b719a4a39a) + ![image](https://github.com/user-attachments/assets/1ffa85c3-9055-49b4-aab0-0947b95f0dd2) + +### Log In to ArgoCD + +- Fetch the initial admin password: + ```bash kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo ``` - - Username: admin - - Now, go to User Info and update your argocd password -# -## Steps to add email notification -- Go to your Jenkins Master EC2 instance and allow 465 port number for SMTPS -# -- Now, we need to generate an application password from our gmail account to authenticate with jenkins - - Open gmail and go to Manage your Google Account --> Security + +- **Username:** `admin` +- Go to **User Info** and update your password. + +--- + +## Email Notifications + +### Gmail App Password Setup + +1. Allow port **465** (SMTPS) in the Jenkins Master EC2 security group. +2. Open Gmail and go to **Manage your Google Account > Security**. + > [!Important] -> Make sure 2 step verification must be on - - ![image](https://github.com/user-attachments/assets/5ab9dc9d-dcce-4f9d-9908-01095f1253cb) - - - Search for App password and create a app password for jenkins - ![image](https://github.com/user-attachments/assets/701752da-7703-4685-8f06-fe1f65dd1b9c) - ![image](https://github.com/user-attachments/assets/adc8d8c0-8be4-4319-9042-4115abb5c6fc) - -# -- Once, app password is create and go back to jenkins Manage Jenkins --> Credentials to add username and password for email notification -![image](https://github.com/user-attachments/assets/2a42ec62-87c8-43c8-a034-7be0beb8824e) - -# -- Go back to Manage Jenkins --> System and search for Extended E-mail Notification -![image](https://github.com/user-attachments/assets/bac81e24-bb07-4659-a251-955966feded8) -# -- Scroll down and search for E-mail Notification and setup email notification +> 2-step verification must be enabled. + +![image](https://github.com/user-attachments/assets/5ab9dc9d-dcce-4f9d-9908-01095f1253cb) + +3. Search for **App password** and create one for Jenkins. + + ![image](https://github.com/user-attachments/assets/701752da-7703-4685-8f06-fe1f65dd1b9c) + ![image](https://github.com/user-attachments/assets/adc8d8c0-8be4-4319-9042-4115abb5c6fc) + +### Configure Email in Jenkins + +1. Go to **Manage Jenkins > Credentials** and add the email username/password. + + ![image](https://github.com/user-attachments/assets/2a42ec62-87c8-43c8-a034-7be0beb8824e) + +2. Go to **Manage Jenkins > System**, find **Extended E-mail Notification**, and configure it. + + ![image](https://github.com/user-attachments/assets/bac81e24-bb07-4659-a251-955966feded8) + +3. Scroll to **E-mail Notification** and complete the setup. + > [!Important] -> Enter your gmail password which we copied recently in password field E-mail Notification --> Advance +> Enter your recently copied Gmail password in the **E-mail Notification > Advanced** password field. ![image](https://github.com/user-attachments/assets/14e254fc-1400-457e-b3f4-046404b66950) ![image](https://github.com/user-attachments/assets/7be70b3a-b0dc-415c-838a-b1c6fd87c182) ![image](https://github.com/user-attachments/assets/cffb6e1d-4838-483e-97e0-6851c204ab21) -# -- Go to Jenkins and click on Manage Jenkins --> Plugins --> Available plugins install the below plugins: - - OWASP - - SonarQube Scanner - - Docker - - Pipeline: Stage View -# -- Configure OWASP, move to Manage Jenkins --> Plugins --> Available pluginsb> +--- + +## Jenkins Plugin & Tool Configuration + +### Install Required Plugins + +Go to **Manage Jenkins > Plugins > Available plugins** and install: + +- OWASP +- SonarQube Scanner +- Docker +- Pipeline: Stage View + +### Configure OWASP + +Go to **Manage Jenkins > Plugins > Available plugins**. + ![image](https://github.com/user-attachments/assets/da6a26d3-f742-4ea8-86b7-107b1650a7c2) -- After OWASP plugin is installed, Now move to Manage jenkins --> Tools +After installation, go to **Manage Jenkins > Tools** to configure. + ![image](https://github.com/user-attachments/assets/3b8c3f20-202e-4864-b3b6-b48d7a604ee8) -# -- Login to SonarQube server and create the credentials for jenkins to integrate with SonarQube - - Navigate to Administration --> Security --> Users --> Token - ![image](https://github.com/user-attachments/assets/86ad8284-5da6-4048-91fe-ac20c8e4514a) - ![image](https://github.com/user-attachments/assets/6bc671a5-c122-45c0-b1f0-f29999bbf751) - ![image](https://github.com/user-attachments/assets/e748643a-e037-4d4c-a9be-944995979c60) - -# -- Now, go to Manage Jenkins --> credentials and add Sonarqube credentials: -![image](https://github.com/user-attachments/assets/0688e105-2170-4c3f-87a3-128c1a05a0b8) -# -- Go to Manage Jenkins --> Tools and search for SonarQube Scanner installations: -![image](https://github.com/user-attachments/assets/2fdc1e56-f78c-43d2-914a-104ec2c8ea86) -# -- Go to Manage Jenkins --> credentials and add Docker credentials to push updated the updated docker image to dockerhub. + +### Configure SonarQube + +1. Log in to SonarQube, navigate to **Administration > Security > Users > Token** and generate a token. + + ![image](https://github.com/user-attachments/assets/86ad8284-5da6-4048-91fe-ac20c8e4514a) + ![image](https://github.com/user-attachments/assets/6bc671a5-c122-45c0-b1f0-f29999bbf751) + ![image](https://github.com/user-attachments/assets/e748643a-e037-4d4c-a9be-944995979c60) + +2. In Jenkins, go to **Manage Jenkins > Credentials** and add the SonarQube token. + + ![image](https://github.com/user-attachments/assets/0688e105-2170-4c3f-87a3-128c1a05a0b8) + +3. Go to **Manage Jenkins > Tools**, find **SonarQube Scanner installations**, and configure. + + ![image](https://github.com/user-attachments/assets/2fdc1e56-f78c-43d2-914a-104ec2c8ea86) + +4. Go to **Manage Jenkins > System**, find **SonarQube installations**, and configure. + + ![image](https://github.com/user-attachments/assets/ae866185-cb2b-4e83-825b-a125ec97243a) + +### Add Docker Hub Credentials + +Go to **Manage Jenkins > Credentials** and add your Docker Hub credentials. + ![image](https://github.com/user-attachments/assets/77402c9c-fc2f-4df7-9a06-09f3f4c38751) -# -- Again, add Github credentials to push updated code from the pipeline: +### Add GitHub Credentials + +Go to **Manage Jenkins > Credentials** and add GitHub credentials. + ![image](https://github.com/user-attachments/assets/4d0c1a47-621e-4aa2-a0b1-71927fcdaef4) + > [!Note] -> While adding github credentials add Personal Access Token in the password field. -# -- Go to Manage Jenkins --> System and search for SonarQube installations: -![image](https://github.com/user-attachments/assets/ae866185-cb2b-4e83-825b-a125ec97243a) -# -- Now again, Go to Manage Jenkins --> System and search for Global Trusted Pipeline Libraries: Use a Personal Access Token in the password field. + +### Configure Global Trusted Pipeline Libraries + +Go to **Manage Jenkins > System** and search for **Global Trusted Pipeline Libraries**. + ![image](https://github.com/user-attachments/assets/874b2e03-49b9-4c26-9b0f-bd07ce70c0f1) ![image](https://github.com/user-attachments/assets/1ca83b43-ce85-4970-941d-9a819ce4ecfd) -# -- Login to SonarQube server, go to Administration --> Webhook and click on create + +### Configure SonarQube Webhook + +Log in to SonarQube, go to **Administration > Webhook**, and create a webhook. + ![image](https://github.com/user-attachments/assets/16527e72-6691-4fdf-a8d2-83dd27a085cb) ![image](https://github.com/user-attachments/assets/a8b45948-766a-49a4-b779-91ac3ce0443c) -# -# -- Go to Master Machine and add our own eks cluster to argocd for application deployment using cli - - Login to argoCD from CLI - ```bash +--- + +## Application Deployment + +### Add EKS Cluster to ArgoCD + +On the Master machine, use the ArgoCD CLI to register the cluster. + +1. Log in to ArgoCD: + + ```bash argocd login 52.53.156.187:32738 --username admin - ``` -> [!Tip] -> 52.53.156.187:32738 --> This should be your argocd url + ``` - ![image](https://github.com/user-attachments/assets/7d05e5ca-1a16-4054-a321-b99270ca0bf9) + > [!Tip] + > Replace `52.53.156.187:32738` with your ArgoCD URL. - - Check how many clusters are available in argocd - ```bash - argocd cluster list - ``` - ![image](https://github.com/user-attachments/assets/76fe7a45-e05c-422d-9652-bdaee02d630f) - - Get your cluster name - ```bash - kubectl config get-contexts - ``` - ![image](https://github.com/user-attachments/assets/c9afca1f-b5a3-4685-ae24-cc206a3e3ef1) + ![image](https://github.com/user-attachments/assets/7d05e5ca-1a16-4054-a321-b99270ca0bf9) - - Add your cluster to argocd - ```bash - argocd cluster add Madhup@bankapp.us-west-1.eksctl.io --name bankapp-eks-cluster - ``` - > [!Tip] - > Madhup@bankapp.us-west-1.eksctl.io --> This should be your EKS Cluster Name. +2. List available clusters: - ![image](https://github.com/user-attachments/assets/1061fe66-17ec-47b7-9d2e-371f58d3fd90) + ```bash + argocd cluster list + ``` - - Once your cluster is added to argocd, go to argocd console Settings --> Clusters and verify it - ![image](https://github.com/user-attachments/assets/6aebb871-4dea-4e09-955a-a4aa43b8f4ef) + ![image](https://github.com/user-attachments/assets/76fe7a45-e05c-422d-9652-bdaee02d630f) +3. Get your cluster name: + + ```bash + kubectl config get-contexts + ``` + + ![image](https://github.com/user-attachments/assets/c9afca1f-b5a3-4685-ae24-cc206a3e3ef1) + +4. Add your cluster to ArgoCD: + + ```bash + argocd cluster add Madhup@bankapp.us-west-1.eksctl.io --name bankapp-eks-cluster + ``` + + > [!Tip] + > Replace `Madhup@bankapp.us-west-1.eksctl.io` with your EKS cluster name. + + ![image](https://github.com/user-attachments/assets/1061fe66-17ec-47b7-9d2e-371f58d3fd90) + +5. Verify in ArgoCD console under **Settings > Clusters**. + + ![image](https://github.com/user-attachments/assets/6aebb871-4dea-4e09-955a-a4aa43b8f4ef) + +### Connect Repository in ArgoCD + +Go to **Settings > Repositories** and click **Connect Repo**. -# -- Go to Settings --> Repositories and click on Connect repo ![image](https://github.com/user-attachments/assets/cc8728e5-546b-4c46-bd4c-538f4cd6a63d) ![image](https://github.com/user-attachments/assets/e665203d-0ebe-4839-af9e-f5866dce5e1b) ![image](https://github.com/user-attachments/assets/b9b869c3-698b-4303-83cc-9ccec66542a3) > [!Note] -> Connection should be successful +> Connection should be successful. -- Create BankApp-CI job -![image](https://github.com/user-attachments/assets/17467b79-3110-470a-87a2-2bbfe197551b) -![image](https://github.com/user-attachments/assets/51d79ab0-e1f4-4c4d-a778-0c28119f5da9) +### Create Jenkins Jobs -- Create BankApp-CD job, same as CI job. -# -- Provide permission to docker socket so that docker build and push command do not fail -```bash -chmod 777 /var/run/docker.sock -``` -![image](https://github.com/user-attachments/assets/e231c62a-7adb-4335-b67e-480758713dbf) +1. Create **BankApp-CI** job: + + ![image](https://github.com/user-attachments/assets/17467b79-3110-470a-87a2-2bbfe197551b) + ![image](https://github.com/user-attachments/assets/51d79ab0-e1f4-4c4d-a778-0c28119f5da9) + +2. Create **BankApp-CD** job (same configuration as CI). + +3. Grant Docker socket permissions: -- Now, go to Applications and click on New App + ```bash + chmod 777 /var/run/docker.sock + ``` -![image](https://github.com/user-attachments/assets/d5b08e06-6256-4f46-afdc-fc43a9e44562) + ![image](https://github.com/user-attachments/assets/e231c62a-7adb-4335-b67e-480758713dbf) + +### Deploy via ArgoCD + +1. Go to **Applications** and click **New App**. + + ![image](https://github.com/user-attachments/assets/d5b08e06-6256-4f46-afdc-fc43a9e44562) > [!Important] -> Make sure to click on the Auto-Create Namespace option while creating argocd application +> Make sure to enable the **Auto-Create Namespace** option. ![image](https://github.com/user-attachments/assets/6a828910-41ba-4f0c-af05-19297321a41b) ![image](https://github.com/user-attachments/assets/a3aa1d22-50ef-4eb1-97fe-9c3ffb504fc3) -- Congratulations, your application is deployed on AWS EKS Cluster -![image](https://github.com/user-attachments/assets/03f3b69a-d6e0-42ad-992e-11124e7d0898) +2. Your application is now deployed on AWS EKS! -- Open port 30080 on worker node and Access it on browser -```bash -:30080 -``` -- Email Notification -![image](https://github.com/user-attachments/assets/407f94ed-bf67-441a-bd28-881b6b8739b2) + ![image](https://github.com/user-attachments/assets/03f3b69a-d6e0-42ad-992e-11124e7d0898) + +3. Open port **30080** on the worker node and access the app: + + ``` + :30080 + ``` + +4. Email notification confirmation: + + ![image](https://github.com/user-attachments/assets/407f94ed-bf67-441a-bd28-881b6b8739b2) + +--- + +## Monitoring with Prometheus & Grafana + +All monitoring commands should be run on the **Master machine**. + +### Install Helm -# -## How to monitor EKS cluster, kubernetes components and workloads using prometheus and grafana via HELM (On Master machine) --

Install Helm Chart

```bash curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 -``` -```bash chmod 700 get_helm.sh -``` -```bash ./get_helm.sh ``` -# -- Add Helm Stable Charts for Your Local Client -```bash -helm repo add stable https://charts.helm.sh/stable -``` +### Add Helm Repositories -# -- Add Prometheus Helm Repository ```bash +helm repo add stable https://charts.helm.sh/stable helm repo add prometheus-community https://prometheus-community.github.io/helm-charts ``` -# -- Create Prometheus Namespace +### Install Prometheus + ```bash kubectl create namespace prometheus -``` -```bash kubectl get ns -``` - -# -- Install Prometheus using Helm -```bash helm install stable prometheus-community/kube-prometheus-stack -n prometheus ``` -# -- Verify prometheus installation -```bash -kubectl get pods -n prometheus -``` +### Verify Installation -# -- Check the services file (svc) of the Prometheus ```bash +kubectl get pods -n prometheus kubectl get svc -n prometheus ``` -# -- Expose Prometheus and Grafana to the external world through Node Port +### Expose Prometheus and Grafana + > [!Important] -> change it from Cluster IP to NodePort after changing make sure you save the file and open the assigned nodeport to the service. +> Change services from ClusterIP to NodePort. After changing, save the file and open the assigned NodePort in the security group. + +**Prometheus:** ```bash kubectl edit svc stable-kube-prometheus-sta-prometheus -n prometheus ``` + ![image](https://github.com/user-attachments/assets/90f5dc11-23de-457d-bbcb-944da350152e) ![image](https://github.com/user-attachments/assets/ed94f40f-c1f9-4f50-a340-a68594856cc7) -# -- Verify service +Verify: + ```bash kubectl get svc -n prometheus ``` -# -- Now,let’s change the SVC file of the Grafana and expose it to the outer world +**Grafana:** + ```bash kubectl edit svc stable-grafana -n prometheus ``` + ![image](https://github.com/user-attachments/assets/4a2afc1f-deba-48da-831e-49a63e1a8fb6) -# -- Check grafana service +Verify: + ```bash kubectl get svc -n prometheus ``` -# -- Get a password for grafana +### Access Grafana + +Get the admin password: + ```bash kubectl get secret --namespace prometheus stable-grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo ``` + > [!Note] -> Username: admin +> **Username:** `admin` + +### Grafana Dashboards -# -- Now, view the Dashboard in Grafana ![image](https://github.com/user-attachments/assets/d2e7ff2f-059d-48c4-92bb-9711943819c4) ![image](https://github.com/user-attachments/assets/647b2b22-cd83-41c3-855d-7c60ae32195f) ![image](https://github.com/user-attachments/assets/cb98a281-a4f5-46af-98eb-afdb7da6b35a) +--- -# ## Clean Up -- Delete eks cluster + +Delete the EKS cluster: + ```bash eksctl delete cluster --name=bankapp --region=us-west-1 ``` - -#