This project automates the deployment of a three-tier application using the following tools:
- Terraform: Infrastructure provisioning for VPC, Subnets, and EKS clusters.
- Jenkins: CI/CD pipelines for frontend and backend services.
- ArgoCD: GitOps-based deployment for application services.
- Monitoring: Prometheus and Grafana for monitoring the deployed environment.
- Create an EC2 instance with the following specifications:
- Instance type: t2.2xlarge
- AMI: Ubuntu Image
- Volume: 30 GB
- In the Key Pair section, choose to proceed without a key pair (SSM will be used for access).
- Provide the below following configurations in the user data
# Install Java
sudo apt update -y
sudo apt install openjdk-17-jre -y
sudo apt install openjdk-17-jdk -y
java --version
# Install Jenkins
curl -fsSL https://pkg.jenkins.io/debian/jenkins.io-2023.key | sudo tee \
/usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update -y
sudo apt-get install jenkins -y
# Install Docker
sudo apt update
sudo apt install docker.io -y
sudo usermod -aG docker jenkins
sudo usermod -aG docker ubuntu
sudo systemctl restart docker
sudo chmod 777 /var/run/docker.sock
# Install AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo apt install unzip -y
unzip awscliv2.zip
sudo ./aws/install
# Install Kubectl
sudo apt update
sudo apt install curl -y
sudo curl -LO "https://dl.k8s.io/release/v1.28.4/bin/linux/amd64/kubectl"
sudo chmod +x kubectl
sudo mv kubectl /usr/local/bin/
kubectl version --client
# Install eksctl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version
# Install Terraform
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update
sudo apt install terraform -y
# Install Trivy
sudo apt-get install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt update
sudo apt install trivy -y
# Run Docker Container of Sonarqube
docker run -d --name sonar -p 9000:9000 sonarqube:lts-community
# Intall Helm
sudo snap install helm --classic
- Log in to the Jenkins server. Go to Manage Jenkins and install the required plugins. Store sensitive information in credentials.
- Create a declarative pipeline and add the Jenkinsfile code to provision AWS infrastructure using Terraform.
- Terraform scripts create the following,
- A VPC with public and private subnets.
- An EKS cluster deployed in private subnets.
- Create a jump server (EC2 instance) in the public subnet to securely access the EKS cluster in the private subnet.
# set the kube config,using this we can connect to the aws eks cluster.
aws eks update-kubeconfig --region us-east-1 --name dev-medium-eks-cluster
# Download the IAM policy for the LoadBalancer.
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.json
# create the IAM Policy
aws iam create-policy --policy-name AWSLoadBalancerControllerIAMPolicy --policy-document file://iam_policy.json
# Create a Service Account
eksctl create iamserviceaccount \
--cluster=dev-medium-eks-cluster \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--role-name AmazonEKSLoadBalancerControllerRole \
--attach-policy-arn=arn:aws:iam::<your_account_id>:policy/AWSLoadBalancerControllerIAMPolicy \
--approve \
--region=us-east-1
# Deploy the AWS Load Balancer Controller
helm repo add eks https://aws.github.io/eks-charts
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=my-cluster \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller
- Clean Up the workspace
- Clone the repository from github
- Perform SonarQube analysis for code quality.
- Go to SonarQube Server.
- Generate a token
- create and configure the webhook
- create a project in sonar-qube for frontend for code quality check
- under Execute the Scanner section you will get commands to run the sonarqube analysis for frontend.
- Conduct OWASP Dependency Check for vulnerabilities.
- Scan the filesystem using Trivy.
- Build the Docker image for the Frontend Service.
- Push the image to the AWS ECR Registry.
- Scan the Docker image using Trivy.
- Update the
frontend/deployment.ymlin GitHub with the new image.
- Clean Up the workspace.
- Clone the repository from github
- Perform SonarQube analysis for code quality.
- Go to SonarQube Server
- create a project in sonar-qube for backend to do a code quality check
- under Execute the Scanner section you will get commands to run the sonarqube analysis for backend.
- Conduct OWASP Dependency Check for vulnerabilities.
- Scan the filesystem with Trivy.
- Build the Docker image for the Backend Service.
- Push the image to the AWS ECR Registry.
- Scan the Docker image using Trivy.
- Update the
backend/deployment.ymlin GitHub with the new image.
- Install the necessary tools in the Jump Server.
# Install ArgoCD
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.4.7/manifests/install.yaml
# By default, argocd-server is not publically exposed. In this scenario, we will use a Load Balancer to make it usable, to get the DNS.
kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'
# Get the Load balancer DNS
export ARGOCD_SERVER=`kubectl get svc argocd-server -n argocd -o json | jq --raw-output '.status.loadBalancer.ingress[0].hostname'`
echo $ARGOCD_SERVER
export ARGO_PWD=`kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d`
echo $ARGO_PWD
#Name space Argocd application
kubectl create namespace three-tier- Take the Load Balancer URL and paste it in the browser and login into the ArgoCD and configure and deploy the Application in this order one by one ,repo url and all others details will be same but path will different.
- Name: three-tier-database and Path: Kubernetnes-Manifests-File/Database,
- Name: three-tier-backend and Path: Kubernetnes-Manifests-File/Backend,
- Name: three-tier-frontend and Path: Kubernetnes-Manifests-File/Frontend.
- In this Path we have respective yml files to create service and deployments.And once it is done check all the application is healthy or Not.
- Create Ingress Application in the ArgoCD and give path as Kubernetnes-Manifests-File/ other details are common.Once your Ingress application is deployed. It will create an Application Load Balancer You can check out the load balancer named with k8s-three.
- Now, Copy the ALB-DNS and go to your Route53 and register domain and go to DNS and add a CNAME type with hostname backend then add your ALB in the Answer and click on Save
- I have created a subdomain kaviarasu.study
- Now, hit your subdomain after 2 to 3 minutes in your browser to see the magic.
- Tools Used:
- Prometheus for metrics collection.
- Grafana for visualization and dashboarding.
- Observability:
- Dashboards to monitor EKS cluster health and application performance.
