-
Here are some Installation steps for MacOS, Windows, Linux & Chocolatey package manager.
- Clone this Git Repo on the locale machine.
https://github.com/darjidhruv26/DevSecOps-Pipeline.git- Open this repository in the code editor.
- Open the terminal and change the directory to
jenkins_terraform.
cd jenkins_terraform- The
terraform initcommand initializes a working directory for Terraform configuration files.
terraform init- The
Terraform plancommand compares the current state of resources with the desired state and generates a plan of action.
terraform plan- The
Terraform applycommand executes the actions proposed in a Terraform plan. It is used to deploy infrastructure.
terrafrom apply
- There is one file
install_jenkins.shputs all commands for installingjdk,Jenkins,Docker,SonarQube,trivy,aws cli,kubectlandeksctlin this directory. - So that, when Terraform provisions all resources at that time all the tools will install automatically on EC2.
- Go to EC2 Instance details and connect with ssh or Putty.
- run all commands --
jenkins --version
docker --version
trivy --version
aws --version
kubectl version --client
eksctl version-
Also
SonarQubeis running in a Docker container. -
To check this run
docker psand see sonarqube docker container is running. -
After that, access SonarQube in a web browser using public IP of your EC2 instance.
<EC2-Public-IP:9000> -
After, Popup one massage for
UsernameandPassword. -
Username:
admin -
password:
admin
-
Access Jenkins in a web browser using EC2 public IP.
<EC2-Public-IP:8080> -
Unlock Jenkins
-
Run this below command.
sudo cat /var/lib/jenkins/secrets/initialAdminPassword- Run this command, After that you will see the Administrator password
- Copy and paste pop message and local in a notepad.
- Now, Install the suggested plugins.
- Jenkins will now get installed and install all the libraries.
- After, Create an admin user (Optional step)
- Goto Manage Jenkins -> Plugins -> Available Plugins -> Install the below plugins
Eclipse Temurin InstallerSonarQube ScannerSonar Quality GatesQuality GatesNodeJSDockerDocker CommonsDocker PipelineDocker APIdocker-build-stepAnd then clickInstall
- Goto Manage Jenkins -> Tools -> Install JDK(17), NodeJs(16), SonarQube Scanner and Docker.
-> Click on Apply and Save
- Goto SonarQube Dashboard home page
- Click on Administration -> Security -> Users -> Click on Tokens and Update Token -> Give it a name -> Generate Token.
- Click on Generate Token
- Copy Token
- Goto Jenkins Dashboard -> Manage Jenkins -> Credentials -> Add Secret Text
- Now, go to Dashboard -> Manage Jenkins -> System and Add SoanarQube server credentials
- Name:
SonarQube-Server, - Server URL:
http://<EC2-Public-IP:9000> - Server authentication token:
SonarQube-Token
Click on Apply and Save
- Goto SonarQube dashboard and Click on Quality Gates
- Click on Create -> name
SonarQube-Quality-Gate-> Save
- Goto SonarQube dashboard -> Administration -> Configuration -> Webhooks -> Click on
create - Name:
jenkins - URL:
http://<ec2-public-ip:8080>/sonarqube-webhook/ - And click on
Create
- Goto SonarQube dashboard -> click on
Manually - Create a project
- Project display name:
Youtube-CICD - Project key name:
Youtube-CICD - Main branch name:
main - Click on Set-up
- Now you can see Analyze your project page
- Click on
Generate-> Continue -> Other (for JS, TS, Go, Python, PHP,...) -> OSLinux-> Copy commands for the script.
- Goto Jenkins dashboard -> click on +New Item
- Job Name:
Youtube-CICD - Click on Pipeline -> OK
- Click on Discard old builds -> Max# build to keep
2 - Now apply & save this script
- Click on Build Now
pipeline{
agent any
tools{
jdk 'jdk17'
nodejs 'node16'
}
environment {
SCANNER_HOME=tool 'sonar-scanner'
}
stages {
stage('clean workspace'){
steps{
cleanWs()
}
}
stage('Checkout from Git'){
steps{
git branch: 'main', url: 'https://github.com/darjidhruv26/YouTube-DevSecOps.git'
}
}
stage("Sonarqube Analysis "){
steps{
withSonarQubeEnv('SonarQube-Server') {
sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Youtube-CICD \
-Dsonar.projectKey=Youtube-CICD '''
}
}
}
stage("quality gate"){
steps {
script {
waitForQualityGate abortPipeline: false, credentialsId: 'SonarQube-Token'
}
}
}
stage('Install Dependencies') {
steps {
sh "npm install"
}
}
stage('TRIVY FS SCAN') {
steps {
sh "trivy fs . > trivyfs.txt"
}
}
}
}
}
Got to Jenkins
- Pipeline -> Configuration
- Click on
GitHub Project-> SelectGitHub project URL - And Build Triggers -> select
GitHub hook trigger for GITScm polling - Now go to the Repository settings -> Webhooks -> Add webhook -> add Payload URL
http://<jenkins-ec2-public-ip:8080>/github-webhook/->Add webhook.
- Goto DockerHub -> My Account -> Security -> Create a New access token and save it.
- Goto Jenkins Dashboard -> Manage Jenkins -> Manage Credentials
- Click on
Systemand thenGlobal Credentials. - Click on
Add Credentials->Secret text-> Enter your DockerHub credentials (Username&Password) - And Save it.
- Create an account
- Now in the search bar search for YouTube and select YouTube v3
- Copy API and use it in the file.
docker build --build-arg REACT_APP_RAPID_API_KEY=<API-KEY> -t ${imageName} .
- Now add Docker Build and Push commands in the pipeline script.
pipeline{
agent any
tools{
jdk 'jdk17'
nodejs 'node16'
}
environment {
SCANNER_HOME=tool 'sonar-scanner'
}
stages {
stage('clean workspace'){
steps{
cleanWs()
}
}
stage('Checkout from Git'){
steps{
git branch: 'main', url: 'https://github.com/darjidhruv26/YouTube-DevSecOps.git'
}
}
stage("Sonarqube Analysis "){
steps{
withSonarQubeEnv('SonarQube-Server') {
sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Youtube-CICD \
-Dsonar.projectKey=Youtube-CICD '''
}
}
}
stage("quality gate"){
steps {
script {
waitForQualityGate abortPipeline: false, credentialsId: 'SonarQube-Token'
}
}
}
stage('Install Dependencies') {
steps {
sh "npm install"
}
}
stage('TRIVY FS SCAN') {
steps {
sh "trivy fs . > trivyfs.txt"
}
}
stage("Docker Build & Push"){
steps{
script{
withDockerRegistry(credentialsId: 'dockerhub', toolName: 'docker'){
sh "docker build --build-arg REACT_APP_RAPID_API_KEY=a578815c0fmsh92bed2dp1b322c4b3260 -t youtube ."
sh "docker tag youtube dhruvdarji123/youtube:latest "
sh "docker push dhruvdarji123/youtube:latest "
}
}
}
}
stage("TRIVY Image Scan"){
steps{
sh "trivy image dhruvdarji123/youtube:latest > trivyimage.txt"
}
}
}
}
}
- Click Apply and Save
- Click Build Now
- For installing Prometheus and Grafana go to the
monitoring-serverdirectory
cd monitoring-server- The
terraform initcommand initializes a working directory for Terraform configuration files.
terraform init- The
Terraform plancommand compares the current state of resources with the desired state and generates a plan of action.
terraform plan- The
Terraform applycommand executes the actions proposed in a Terraform plan. It is used to deploy infrastructure.
terraform apply
- Now copy the EC2 instance public IP and connect via putty.
- After connection run
sudo apt updatecommand.
- For that, Run this command
sudo systemctl status prometheus
- Check
<EC2-public-ip:9090>
sudo systemctl status grafana-server
- Access Grafana web Interface on
<EC2-Public-IP:3000>
sudo systemctl status node_exporter
- Now go to the terminal and run this command
cd /etc/prometheus/- list of all files
ls- Prometheus Configuration:
To configure Prometheus to scrape metrics from Node Exporte, You need to modify the
prometheus.ymlfile. - run this command to open
prometheus.ymlinnanoeditor.
sudo nano prometheus.yml- modify like this.
- job_name: 'node_exporter'
static_configs:
- targets: ['IP-Address:9100']
- Check the validity of the configuration file:
promtool check config /etc/prometheus/prometheus.yml
- Reload the Prometheus configuration without restarting
curl -X POST http://localhost:9090/-/reload- Now you can access Prometheus targets at:
To visualize metrics, You need to add a data source.
- Click on the gear icon (⚙️) in the left sidebar to open the "Configuration" menu.
- Select "Data Sources."
- Click on the "Add data source" button.
- Choose "Prometheus" as the data source type.
- In the "HTTP" section:
- Set the "URL" to (
http://<Ec2-public-ip:9090) (assuming Prometheus is running on the same server). - Click the
Save & Testbutton to ensure the data source is working.
- Set the "URL" to (
To make it easier to view metrics, you can import a pre-configured dashboard. Follow these steps:
- Click on the
+(plus) icon in the left sidebar to open theCreatemenu. - Select
Dashboard. - Click on the
Importdashboard option. - Enter the dashboard code you want to import (e.g., code
1860). - Click the
Loadbutton. - Select the data source you added (Prometheus) from the dropdown.
- Click on the
Importbutton.
You should now have a Grafana dashboard set up to visualize metrics from Prometheus.
Grafana is a powerful tool for creating visualizations and dashboards, and you can further customize it to suit your specific monitoring needs.
That's it! You've successfully installed and set up Grafana to work with Prometheus for monitoring and visualization.
Integrate Jenkins with Prometheus to monitor the CI/CD pipeline.
- Goto Manage Jenkins -> Plugins -> Available Plugins ->
Prometheus metrics-> Install - Restart Jenkins
- After that, go to Manage Jenkins -> System -> Prometheus
- Configuration
Path: Prometheus - Default Namespace:
default - Collecting metrics period in seconds
120 - Job attribute name:
jenkins_job - Click on apply and save
To configure Prometheus to scrape metrics from Jenkins, You need to modify the prometheus.yml file.
- run this command to open
prometheus.ymlinnanoeditor.
cd /etc/prometheus/ & $ sudo nano prometheus.yml- job_name: 'jenkins'
metrics_path: '/prometheus'
static_configs:
- targets: ['IP-Address:8080']
Make sure to replace and with the appropriate values for your Jenkins setup.
Check the validity of the configuration file:
promtool check config /etc/prometheus/prometheus.ymlReload the Prometheus configuration without restarting:
curl -X POST http://localhost:9090/-/reload
To make it easier to view metrics, you can import a pre-configured dashboard. Follow these steps:
- Click on the
+(plus) icon in the left sidebar to open theCreatemenu. - Select
Dashboard. - Click on the
Importdashboard option. - Enter the dashboard code you want to import (e.g., code
9964). - Click the
Loadbutton. - Select the data source you added (Prometheus) from the dropdown.
- Click on the
Importbutton.
- Install
Email Extension Pluginin Jenkins - Go to your Gmail and Click on Profile
- Then click on Manage Your Google Account -> click on the security tab on the left side panel you will get this page(provide mail password).
- 2-step verification should be enabled.
- Search for the app in the search bar you will get app passwords like the below image
-
Click on Generate and copy the password.
-
Once the plugin is installed in Jenkins,
-
click on manage Jenkins --> configure system there under the E-mail Notification section configure the details.
-
E-mail Notification
-
SMTP server:
smtp.gmail.com -
Check
Use SMTP Authenticationand give yourEmail and password. -
Check
Use SSL -
SMTP port:
465 -
Then, Click on Apply and Save
-
After that, Click on Manage Jenkins -> credentials and add your
mail usernameand generatedpassword-> ID:mail-> Description:mail. Now under theExtended E-mail Notificationsection configure the details. -
SMTP server:
smtp.gmail.com -
SMTP Port:
465 -
Advanced ^
- Credentials
- Use SSL
-
Default Content-Type:
HTML -
Triggers:
Always&Failure-Any&Success -
Now click Apply and Save
-
Go to pipeline and add this script
post {
always {
emailext attachLog: true,
subject: "'${currentBuild.result}'",
body: "Project: ${env.JOB_NAME}<br/>" +
"Build Number: ${env.BUILD_NUMBER}<br/>" +
"URL: ${env.BUILD_URL}<br/>",
to: 'dhruvdarji145@gmail.com',
attachmentsPattern: 'trivyfs.txt,trivyimage.txt'
}
}
- Update packages in the Ubuntu instance
sudo apt update- Check
kubectlversion
kubectl version --client- Check
eksctlversion
eksctl version
- After that, Go to AWS IAM (Identity and Access Management)
- Roles -> Create role ->
AWS service-> selectEC2-> Next - Select
AdministratorAccess-> Next - Role Name
eksctlEC2Role-> Create Role.
Now go to eksctl's installed EC2 -> Actions -> Security -> Modify IAM role -> select eksctlEC2Role -> Update IAM role
cd ..eksctl create cluster --name youtube-cluster \
--region ap-south-1 \
--node-type t2.small \
--nodes 3 \
- Run this command to check running nodes
kubectl get nodes
- Check the
helm versionby using this command
helm version
- Add Helm stable chart for a local client by using this command
helm repo add stable https://charts.helm.sh/stable
- Install Prometheus using helm chart by using this command
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
- Create a separate namespace for Prometheus using this command
kubectl create namespace prometheus
- Install Prometheus by using this command
helm install stable prometheus-community/kube-prometheus-stack -n prometheus
- Check Pods for Prometheus
kubectl get pods -n prometheus
- Check services for prometheus
kubectl get svc -n prometheus
- These pods are not connected with the external world.
- So that, edit Prometheus service file.
kubectl edit svc stable-kube-prometheus-sta-prometheus -n prometheus 
- Edit the Prometheus service file
- In type
Cluster IP->LoadBalancer - And Port expose to
9090
kubectl get svc -n prometheus
- Copy the Load Balancer URL and type in Browser.
- Goto Prometheus dashboard -> Status -> Targets
- Goto Grafana Dashboard
- Grafana Dashboard -> Connections -> Data sources
+ Add new data source-> NamePrometheus-EKS-> URLhttp://<LoadBalancer:9090-> Save
- Create a Dashboard for Kubernetes pods
- Goto Grafana -> Dashboards -> Add ID
15760ClickLoad-> Data SourcePrometheus-EKS-> Click Import
- Create a Dashboard for the Kubernetes EKS Cluster
- Goto Grafana -> Dashboards -> Add ID
17119ClickLoad-> Data SourcePrometheus-EKS-> Click Import
- View all Grafana Dashboards
- Go to Jenkins Dashboard -> Manage Jenkins -> Plugins
KubernetesKubernetes Client APIKubernetes Credentialskubernetes CLI- Click on Install
- Go to Terminal and run
ls -a
- Go to
.kubedirectory and after runningcat config
-
Copy and Paste all content save in the local
secret.txtfile -
Now add this
secret.txtfile in Jenkins -
Go to Manage Jenkins -> credentials -> System -> Global credentials
-
New credentials
-
kind
Secret file -
upload a
secret.txtfile -
ID
KubernetesAdd Kubernetes steps in the pipeline.
pipeline{
agent any
tools{
jdk 'jdk17'
nodejs 'node16'
}
environment {
SCANNER_HOME=tool 'sonar-scanner'
}
stages {
stage('clean workspace'){
steps{
cleanWs()
}
}
stage('Checkout from Git'){
steps{
git branch: 'main', url: 'https://github.com/darjidhruv26/YouTube-DevSecOps.git'
}
}
stage("Sonarqube Analysis "){
steps{
withSonarQubeEnv('SonarQube-Server') {
sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Youtube-CICD \
-Dsonar.projectKey=Youtube-CICD '''
}
}
}
stage("quality gate"){
steps {
script {
waitForQualityGate abortPipeline: false, credentialsId: 'SonarQube-Token'
}
}
}
stage('Install Dependencies') {
steps {
sh "npm install"
}
}
stage('TRIVY FS SCAN') {
steps {
sh "trivy fs . > trivyfs.txt"
}
}
stage("Docker Build & Push"){
steps{
script{
withDockerRegistry(credentialsId: 'dockerhub', toolName: 'docker'){
sh "docker build --build-arg REACT_APP_RAPID_API_KEY=a578815c0fmsh92bedc0fa0c572dp1b3ea3jsnd22c4b326093 -t youtube ."
sh "docker tag youtube dhruvdarji123/youtube:latest "
sh "docker push dhruvdarji123/youtube:latest "
}
}
}
}
stage("TRIVY Image Scan"){
steps{
sh "trivy image dhruvdarji123/youtube:latest > trivyimage.txt"
}
}
stage('Deploy to Kubernets'){
steps{
script{
dir('Kubernetes') {
withKubeConfig(caCertificate: '', clusterName: '', contextName: '', credentialsId: 'kubernetes', namespace: '', restrictKubeConfigAccess: false, serverUrl: '') {
sh 'kubectl delete --all pods'
sh 'kubectl apply -f deployment.yml'
sh 'kubectl apply -f service.yml'
}
}
}
}
}
}
post {
always {
emailext attachLog: true,
subject: "'${currentBuild.result}'",
body: "Project: ${env.JOB_NAME}<br/>" +
"Build Number: ${env.BUILD_NUMBER}<br/>" +
"URL: ${env.BUILD_URL}<br/>",
to: 'dhruvdarji145@gmail.com',
attachmentsPattern: 'trivyfs.txt,trivyimage.txt'
}
}
}
- Add this pipeline script
- Apply and Save
- Click on
Build Now
- Run this command
kubectl get svc- Now copy the
LoadBalancerURL and paste in a Web browser
- This command will delete all the pods in the Prometheus namespace
kubectl delete --all pods -n prometheus- This Command will delete Prometheus
namespace.
kubectl delete namespace prometheus- This command will show all the deployments, pods & services in the default namespace
kubectl get all- Delete deployment in your Kubernetes cluster
kubectl delete deployment.apps/youtube-cluster- Delete service for your deployment of Kubernetes cluster
kubectl delete service/youtube-service- This command will delete your EKS cluster
eksctl delete cluster youtube-cluster --region ap-south-1OR
eksctl delete cluster --region=ap-south-1 --name=youtube-cluster Go to AWS CloudFormation
- Select
Stacksand Delete that
- Goto
jenkins_terraformdirectory and run this terraform destroy command.
terraform destroy or terraform destroy -auto-approve
- Goto
monitoring-serverdirectory and run this terraform destroy command.
terraform destroy or terraform destroy -auto-approve