This is the first portion of a 7-part project series to launch the following stateless and stateful application below in an EKS cluster with Fargate and Managed Nodes using a CI/CD pipeline setup in Jenkins named DB:
- A Login SpringBoot Java Application
- A MongoDB database
In addition, you will provision an EC2 instance using terraform that will have Docker installed then connected to Jenkins as a Worker Node and deploy SonarQube in the DB cluster to perform code quality testing on the Springboot application. Finally, you will launch monitoring tools Prometheus and Grafana to track the performance of all active applications in the DB cluster
For this project, perform the following tasks:
- Setup an EKS Cluster named “DB”
- Deploy a Jenkins application into the cluster
- Configure the Jenkins application with persistent storage
- Create a custom url for your Jenkins application that’ll be registered to AWS via External DNS connected to Route 53
- Encrypt your site using Cert-Manager and Let’s Encrypt
- Expose your application securely to the internet with SSL encryption using a NGINX ingress behind an Application LoadBalancer.
- Login to Jenkins from a browser and install necessary plugins such as SSH server, Publish Over SSH, Pipeline Stage View, Docker, etc…
- Edit the Jenkins system to be monitored by Prometheus and add tools such as Maven for your project.
- Add credentials for your Worker Node Server
- Add your host server, with Terraform, Kubernetes, and Java, installed to your Jenkins server as a worker node to remotely run tasks on it.
- Visual Studio Code
- Knowledge on Kubernetes, Terraform, Helm Charts, AWS, CI/CD pipelines and Visual Studio Code/IDEs
Step 1: Create a Non-root user with Sudo privileges and install: AWS CLI v2, Terraform, Kubectl, and Java by running the shell script.
sh db.sh
Afterwards switch into the new user and clone this repository
Step 2: Deploy DB EKS Cluster and VPC with necessary permissions via IAM Service accounts to configure pods with access to EBS storage, VPC networking, and Application LoadBalancer Network Trafficking to expose deployed applications to the internet. Note:- It will take 10 – 20 mins for your cluster to be deployed.
-
Enter the eks/ directory
-
Execute the following commands:
terraform init
terraform validate
terraform plan
terraform apply --auto-approve
aws eks update-kubeconfig --name <name-of-cluster> --region <region-of-cluster-deployment
Check that your cluster is created by checking your EC2 managed nodes
kubectl get nodes
-
Enter the namespace/ directory
-
Execute the following commands:
terraform init
terraform apply --auto-approve
- Enter the Kamehouse / directory
- Edit the var.tf file with your AWS credentials, which will be used for issuing certificates to SSL encrypt your websites, and Jenkins admin login details.
-
Execute the following commands:
terraform init
terraform plan
terraform apply --auto-approve
Step 6: Deploy the External DNS helm chart for the application to handle setting up apps within the DB Cluster with domain names/url for easy access on the internet and the Cert-Manager Helm Chart to use the cert-manager application to issue and manage Lets Encrypt certificates.
- Enter the cert-dns/ directory
- Edit the dns-values.yml file by entering the arn for the IAM Service Account role you created for the External DNS to be launched in your cluster to register domains created in the cluster with your AWS Route 53 hosted zone.
-
Execute the following commands:
terraform init
terraform plan
terraform apply --auto-approve
Step 7: Issue Let’s Encrypt Certificates using Cert-Manager to securely expose our apps to the internet as websites with SSL encryption.
- Enter the cert-issuer/ directory
- Edit the pipeline-issuer.yml file with the custom url for your jenkins application to be accessed over the internet, email, private secret key name (this will be autogenerated), and registered hosted zone ID for your AWS registered domain name. This will ensure your custom Jenkins website is SSL encrypted.
-
Execute the following commands:
Kubectl apply -f pipeline-issuer.yml
Step 8: Deploy the Application LoadBalancer Helm Chart to handle the traffic in and out to applications running within the DB Cluster:
- Enter the alb/ directory
- Edit the alb-values.yml file with the arn for the IAM Service Account you created to be able to launch an AWS ALB Loadbalancer.
-
Execute the following commands:
terraform init
terraform plan
terraform apply --auto-approve
Step 9: Deploy the Nginx-Ingress Helm Chart to expose your jenkins application to the internet at your custom website url:
- Enter the nginx-ingress/ directory
- Edit the pipeline-ingress.tf file with the custom url you entered in step 7.
-
Execute the following commands:
terraform init terraform validate terraform plan
terraform apply --auto-approve
- Enter the pipeline/ directory
- If you change the name for the secret that holds you Jenkins authentication info, you must also edit the admin section of the jenkins-values.yml file.
-
Execute the following commands:
terraform init
terraform plan
terraform apply --auto-approve
Step 2: Go to “Manage Jenkins” and select “Plugins”, Update existing plugins, and install necessary plugins such as SSH server, SSH Build Agents, Publish Over SSH, Prometheus, AWS credentials, Maven, SonarQube Scanner, etc…
Step 3: Go to “Manage Jenkins”, select “System”, Edit the Jenkins URL, and adjust the Prometheus settings as needed.
Step 4: Go to “Manage Jenkins”, Select “Add Credentials”, and setup the SSH login details for your Host server to be set up as a Worker Node, Docker server, DockerHub, and GitHub.
Step 5: Go to “Manage Jenkins”, Select “Nodes”, and connect your Jenkins controller to your host server.
