added terraform and docker

.gitignore

@@ -1,4 +1,4 @@
-HELP.md
+dockeHELP.md
 target/
 !.mvn/wrapper/maven-wrapper.jar
 !**/src/main/**/target/
@@ -31,3 +31,8 @@ build/
 
 ### VS Code ###
 .vscode/
+terraform/.terraform.lock.hcl
+terraform/bankapp-automate-key
+terraform/.terraform/providers/registry.terraform.io/hashicorp/aws/6.13.0/windows_amd64/terraform-provider-aws_v6.13.0_x5.exe
+terraform/terraform.tfstate
+terraform/.terraform/providers/registry.terraform.io/hashicorp/aws/6.13.0/windows_amd64/LICENSE.txt

Dockerfile

@@ -0,0 +1,18 @@
+# Stage 1
+FROM maven:3.8.3-openjdk-17 AS builder
+
+WORKDIR /src
+
+COPY . /src/
+
+RUN mvn clean install -DskipTests=true
+
+# Stage 2
+
+FROM openjdk:17-alpine
+
+COPY --from=builder /src/target/*.jar /src/target/bankapp.jar
+
+EXPOSE 8080
+
+CMD ["java","-jar","/src/target/bankapp.jar"]

Jenkinsfile

@@ -0,0 +1,39 @@
+pipeline{
+    agent any;
+
+    parameters {
+        string(name: 'IMAGE_VERSION', defaultValue: 'latest', description: 'Image tag')
+    }
+    stages{
+        stage("Code Clone"){
+            steps{
+                git url: "https://github.com/himanshi1107/BankApp_DevSecOps_EKS.git", branch: "main"
+            }
+        }
+        stage("Trivy Scan"){
+            steps{
+                sh "trivy fs ."
+            }
+        }
+        stage("Build"){
+            steps{
+                sh "docker build -t bankapp-eks:${params.IMAGE_VERSION} ."
+            }
+        }
+        stage("Push"){
+            steps{
+               withCredentials([usernamePassword(
+                credentialsId: "dockerHub",
+                usernameVariable: "dockerHubUser",
+                passwordVariable: "dockerHubPass")]) {
+                    sh '''
+                        docker login -u $dockerHubUser -p $dockerHubPass
+                        docker image tag bankapp-eks:${IMAGE_VERSION} $dockerHubUser/bankapp-eks:${IMAGE_VERSION}
+                        docker push $dockerHubUser/bankapp-eks:${IMAGE_VERSION}
+                    '''
+                }
+
+            }
+        }
+    }
+}

README.md

@@ -0,0 +1,87 @@
+# 🏦 BankApp DevSecOps on AWS EKS using ArgoCD
+
+🚀 A **production-ready Bank Application** featuring **CI/CD, security, and observability** — deployed on **AWS EKS** using modern **DevSecOps practices**.  
+
+---
+
+## 🛠️ Tech Stack  
+
+- 📂 **GitHub** → Code hosting & version control  
+- 📦 **Docker** → Containerization  
+- 🔄 **Jenkins** → Continuous Integration (CI)  
+- 🛡️ **OWASP** → Dependency vulnerability checks  
+- 🧹 **SonarQube** → Code quality & static analysis  
+- 🔍 **Trivy** → Filesystem & container image scanning  
+- 🚀 **ArgoCD** → Continuous Delivery (CD)  
+- ☸️ **AWS EKS** → Kubernetes orchestration  
+- 📜 **Helm** → Manifest templating & deployment  
+- 📊 **Grafana & Prometheus** → Monitoring & visualization  
+
+---
+
+## 📖 Application Overview  
+
+This project demonstrates **end-to-end automation** for deploying a **secure, scalable, and highly available Spring Boot–based banking application** on **AWS EKS**.  
+
+✔️ Integrated quality checks  
+✔️ Vulnerability scanning  
+✔️ Monitored production environments  
+✔️ Security & compliance at every stage  
+
+🔗 The architecture ensures **speed, reliability, and security** throughout the deployment lifecycle.  
+
+---
+
+## 🏗️ Architecture  
+
+Below is the high-level architecture of the project:  
+
+   <img width="1200" height="674" alt="Screenshot 2025-09-18 213408" src="https://github.com/user-attachments/assets/5e82a75f-10df-428d-b4da-33f3c81bd1a4" /><br>
+
+- **CI/CD**: Jenkins automates build, test, scan, and image push.  
+- **Security**: OWASP, SonarQube, and Trivy ensure code and container security.  
+- **CD**: ArgoCD automates deployment into AWS EKS.  
+- **Observability**: Prometheus collects metrics, Grafana provides dashboards.  
+
+---
+
+## ⚡ Requirements & Notes  
+
+- 🌍 **Deployment Region** → `us-east-1` (North Virginia)  
+- 👤 **AWS Access** → Root account / IAM user with sufficient permissions  
+- 🔑 **System Access** → Requires `sudo` privileges  
+- 🔒 **Security Groups** → Ensure ports are open as per reference screenshot  
+- 🖥️ **Master Node** → `t2.medium` (29GB storage)  
+- ⚙️ **Pre-setup** → AWS CLI, `kubectl`, and `eksctl` configured before cluster creation  
+
+---
+
+## 📸 Key Screenshots  
+
+- 💻 **Application UI** <br><br>
+      <img width="1901" height="1134" alt="Screenshot 2025-09-17 143700" src="https://github.com/user-attachments/assets/7c7869fe-28ff-4b2d-8b0c-fa89717b845d" />
+
+- ☸️ **AWS EKS Console** <br><br> 
+      <img width="1915" height="994" alt="Screenshot 2025-09-18 174939" src="https://github.com/user-attachments/assets/4d6cf6d4-d6ed-4728-9849-186449a157c8" />
+      <img width="1909" height="987" alt="Screenshot 2025-09-18 174857" src="https://github.com/user-attachments/assets/cbad7647-a9c8-4eaf-af39-3fc7f2954bd2" />
+
+- 🚀 **ArgoCD Dashboard** <br><br>
+      <img width="1919" height="1052" alt="Screenshot 2025-09-17 142928" src="https://github.com/user-attachments/assets/c9d13bf9-afa7-4f01-b17f-411c542e7f81" />
+      <img width="1864" height="995" alt="Screenshot 2025-09-18 174243" src="https://github.com/user-attachments/assets/9576349c-0d58-4201-947e-25418b499b50" />
+      <img width="1611" height="867" alt="Screenshot 2025-09-18 173731" src="https://github.com/user-attachments/assets/ef581ef4-7284-4ec0-8232-ae106f3dc7c0" />
+
+- 🐳 **DockerHub Repository** <br><br>
+      <img width="1919" height="870" alt="Screenshot 2025-09-18 174225" src="https://github.com/user-attachments/assets/1e142899-1512-4371-8d9b-4ed4aa02f162" />
+
+- ⚙️ **Jenkins CI Pipeline** <br><br>
+      <img width="1915" height="1094" alt="Screenshot 2025-09-18 174058" src="https://github.com/user-attachments/assets/9ec98510-d988-4c27-8f4f-73b0b853d8fe" />
+
+- 📊 **Grafana Monitoring** <br><br>
+      <img width="1916" height="1085" alt="Screenshot 2025-09-18 173310" src="https://github.com/user-attachments/assets/9c9595dd-2df5-439a-af0e-e9fb73b77a72" />
+      <img width="1913" height="994" alt="Screenshot 2025-09-18 173936" src="https://github.com/user-attachments/assets/c47c3f7e-d1d8-4439-a559-96c51072f1be" />
+      <img width="1903" height="992" alt="Screenshot 2025-09-18 174022" src="https://github.com/user-attachments/assets/099b613f-007c-4438-9615-58fc516bd305" />
+
+---
+
+✨ With this setup, you get a **bank-grade application** deployed with **modern DevSecOps practices** — combining **automation, security, and observability** on the cloud.  
+

kubernetes/bankapp-deployment.yml

@@ -0,0 +1,62 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: bankapp-deploy
+  name: bankapp-deploy
+  namespace: bankapp-namespace
+spec:
+  replicas: 2  # Keep replicas >= 2 for high availability
+  selector:
+    matchLabels:
+      app: bankapp-deploy
+  template:
+    metadata:
+      labels:
+        app: bankapp-deploy
+    spec:
+      containers:
+      - name: bankapp
+        image: himanshi1107/bankapp-eks:v1
+        ports:
+        - containerPort: 8080
+        env:
+        - name: SPRING_DATASOURCE_URL
+          valueFrom:
+            configMapKeyRef:
+              name: bankapp-config
+              key: SPRING_DATASOURCE_URL
+        - name: SPRING_DATASOURCE_USERNAME
+          valueFrom:
+            configMapKeyRef:
+              name: bankapp-config
+              key: SPRING_DATASOURCE_USERNAME
+        - name: MYSQL_DATABASE
+          valueFrom:
+            configMapKeyRef:
+              name: bankapp-config
+              key: MYSQL_DATABASE
+        - name: SPRING_DATASOURCE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mysql-secret
+              key: SPRING_DATASOURCE_PASSWORD
+        # readinessProbe:
+        #   httpGet:
+        #     path: /actuator/health  # Update this based on your app's health endpoint
+        #     port: 8080
+        #   initialDelaySeconds: 10
+        #   periodSeconds: 5
+        # livenessProbe:
+        #   httpGet:
+        #     path: /actuator/health  # Update this based on your app's health endpoint
+        #     port: 8080
+        #   initialDelaySeconds: 30
+        #   periodSeconds: 10
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "250m"
+          limits:
+            memory: "1Gi"
+            cpu: "500m"

kubernetes/bankapp-hpa.yml

@@ -0,0 +1,19 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: bankapp-hpa
+  namespace: bankapp-namespace
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: bankapp-deploy
+  minReplicas: 1
+  maxReplicas: 5
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 40

kubernetes/bankapp-ingress.yml

@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+
+metadata:
+  name: bankapp-ingress
+  namespace: bankapp-namespace
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"  # Force HTTPS
+    cert-manager.io/cluster-issuer: letsencrypt-prod  # Use Let's Encrypt
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - himanshibankapp.duckdns.org
+    secretName: bankapp-tls-secret
+  rules:
+  - host: himanshibankapp.duckdns.org
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: bankapp-service
+            port:
+              number: 8080

kubernetes/bankapp-namespace.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: bankapp-namespace
+  labels:
+    name: bankapp-namespace

kubernetes/bankapp-service.yml

@@ -0,0 +1,16 @@
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: bankapp-service
+  namespace: bankapp-namespace
+  labels:
+    app: bankapp
+spec:
+  selector:
+    app: bankapp-deploy
+  ports:
+  - protocol: TCP
+    port: 8080
+    targetPort: 8080
+

kubernetes/cert-issuer.yml

@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+
+metadata:
+  name: letsencrypt-prod
+
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: himanshibobde@gmail.com
+    privateKeySecretRef:
+      name: letsencrypt-prod-key
+    solvers:
+    - http01:
+        ingress:
+          class: nginx

kubernetes/configmap.yml

@@ -0,0 +1,10 @@
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bankapp-config
+  namespace: bankapp-namespace
+data:
+  MYSQL_DATABASE: BankDB
+  SPRING_DATASOURCE_URL: jdbc:mysql://mysql-svc.bankapp-namespace.svc.cluster.local:3306/BankDB?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=UTC
+  SPRING_DATASOURCE_USERNAME: root

kubernetes/mysql-deployment.yml

@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mysql
+  namespace: bankapp-namespace
+  labels:
+    app: mysql
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mysql
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      containers:
+      - name: mysql
+        image: mysql:8.0  # Use a specific, stable version for production
+        ports:
+        - containerPort: 3306
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mysql-secret
+              key: MYSQL_ROOT_PASSWORD
+        - name: MYSQL_DATABASE
+          valueFrom:
+            configMapKeyRef:
+              name: bankapp-config
+              key: MYSQL_DATABASE
+        volumeMounts:
+        - name: mysql-pv-storage
+          mountPath: /var/lib/mysql
+          subPath: mysql-data  # Optional: Ensure a subdirectory is used for better volume organization
+      volumes:
+      - name: mysql-pv-storage
+        persistentVolumeClaim:
+          claimName: mysql-pvc

kubernetes/mysql-service.yml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql-svc
+  namespace: bankapp-namespace
+  labels:
+    app: mysql
+spec:
+  selector:
+    app: mysql
+  ports:
+  - protocol: TCP
+    port: 3306
+    targetPort: 3306