Firstly create ec2 ubuntu machine for jenkins master (15Gb HDD) :
- sudo apt update
- sudo apt updgrade
- sudo nano /etc/hostname (to change the hostname)
- sudo init 6
- Add inbound rule port 8080
- sudo apt install openjdk-17-jre
sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \ binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins
- sudo systemctl enable jenkins
- sudo systemctl start jenkins
- sudo systemctl status jenkins
sudo apt update
sudo apt updgrade
sudo nano /etc/hostname (to change the hostname)
sudo init 6
sudo apt install openjdk-17-jre
sudo apt-get install
sudo usermod -aG docker $USER ( to give access to current user of group docker)
sudo init 6
sudo nano /etc/ssh/sshd_config
uncomment publickeauthenticatio and authorizekeyfile
Do same on the jenkins master as well
Also (sudo service sshd reload) on both
cd .ssh
copy pub key file content
and paste it on jenkins agent inside .ssh/authorizedkeys
copy public ip of jenkins master and open it with port 8080 ( install suggested plugins)
go to manage jenkins > nodes > built-in nodes > configure > number of executor =0 , save
go to managee jenkins > nodes > new node give name jenkins-agent and tick permanent > number of executors=2 , /home/ubuntu, label=jenkins-agent, launch agent via ssh , in host paste private IP of agent
add credential > ssh username with private key , id=jenkins-agent , username=ubuntu , enter directly paste the private key from master node , credential take ubuntu, host key verfication - non verifying
Connectivity bwtween master and agent is success
- Go to available plugins - maven,pipeline maven, eclipse temurin
- Manage jenkins > tools > Add maven give maven3, install automatically > save
- Manage jenkins > tools > Add java give java17, install automatically,install from jdk-17.05+8 > save
- manage jenkins > credentials > add your github credentials with id of github
pipeline { agent { label 'Jenkins-Agent' } tools { jdk 'Java17' maven 'Maven3' } environment { APP_NAME = "simple-app-pipeline" RELEASE = "1.0.0" DOCKER_USER = "ritish134" DOCKER_PASS = 'dockerhub' IMAGE_NAME = "${DOCKER_USER}" + "/" + "${APP_NAME}" IMAGE_TAG = "${RELEASE}-${BUILD_NUMBER}" JENKINS_API_TOKEN = credentials("JENKINS_API_TOKEN") } stages{ stage("Cleanup Workspace"){ steps { cleanWs() } } stage("Checkout from SCM"){ steps { git branch: 'main', credentialsId: 'github', url: '' } } stage("Build Application"){ steps { sh "mvn clean package" } } stage("Test Application"){ steps { sh "mvn test" } }
} }
Go to jenkins dashboard > new item > simple-app-ci choose pipeline
tick discard old build , builds to keep=2 , pipleine script from scm , scm = git choose github credentials , build now
- create a new ec2 ubuntu machine of t3.medium 15GB hdd
- sudo apt update
- sudo apt upgrade
sudo sh -c 'echo "deb $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget -qO- | sudo tee /etc/apt/trusted.gpg.d/pgdg.asc &>/dev/null
sudo apt update
sudo apt-get -y install postgresql postgresql-contrib
sudo systemctl enable postgresql
sudo passwd postgres
su - postgres
createuser sonar
ALTER USER sonar WITH ENCRYPTED password 'sonar';
CREATE DATABASE sonarqube OWNER sonar;
grant all privileges on DATABASE sonarqube to sonar;
sudo bash
wget -O - | tee /etc/apt/keyrings/adoptium.asc
echo "deb [signed-by=/etc/apt/keyrings/adoptium.asc] $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | tee /etc/apt/sources.list.d/adoptium.list
apt update
apt install temurin-17-jdk
update-alternatives --config java
/usr/bin/java --version
sudo vim /etc/security/limits.conf
//Paste the below values at the bottom of the file
sonarqube - nofile 65536
sonarqube - nproc 4096
# Increase Mapped Memory Regions
sudo vim /etc/sysctl.conf
//Paste the below values at the bottom of the file
vm.max_map_count = 262144
- sudo init 6
- allow port 9000
$ sudo wget
$ sudo apt install unzip
$ sudo unzip -d /opt
$ sudo mv /opt/sonarqube- /opt/sonarqube
$ sudo groupadd sonar
$ sudo useradd -c "user to run SonarQube" -d /opt/sonarqube -g sonar sonar
$ sudo chown sonar:sonar /opt/sonarqube -R
$ sudo vim /opt/sonarqube/conf/
//Find and replace the below values, you might need to add the sonar.jdbc.url
$ sudo vim /etc/systemd/system/sonar.service //Paste the below into the file [Unit] Description=SonarQube service
ExecStart=/opt/sonarqube/bin/linux-x86-64/ start
ExecStop=/opt/sonarqube/bin/linux-x86-64/ stop
$ sudo systemctl start sonar
$ sudo systemctl enable sonar
$ sudo systemctl status sonar
$ sudo tail -f /opt/sonarqube/logs/sonar.log
Now copy public ip of sonarqube ec2 and open it at port 9000
- In sonarqube dashboard under security , generate new token
- go to jenkins add credential , kind secret text
- install sonarqube scanner,sonar quality gates,quality gates
- manage jenkins > system , under add sonarqube
- name - sonarqube server , url = private ip of sonarqube server with 9000 port
- manage jenkins > tools > undersonarqube installations , name sonarqube-scanner> install automatically 5.01.3006
stage("SonarQube Analysis"){
steps {
script {
withSonarQubeEnv(credentialsId: 'jenkins-sonarqube-token') {
sh "mvn sonar:sonar"
Then build now in jenkins to check stage is added
Create webhook in sonarqube gui
paste https:///sonarqube-webhook
Add one more stage in jenkinsfile
stage("Quality Gate"){ steps { script { waitForQualityGate abortPipeline: false, credentialsId: 'jenkins-sonarqube-token' } } }
Go to manage jenkins > plugins > docker , docker commons,docker pipeline,docker API,docker build step,cloud bees
Add credential for docker hub with id dockerhub
Add one more stage to jenkins
stage("Build & Push Docker Image") { steps { script { docker.withRegistry('',DOCKER_PASS) { docker_image = "${IMAGE_NAME}" } docker.withRegistry('',DOCKER_PASS) { docker_image.push("${IMAGE_TAG}") docker_image.push('latest') } } } }
To scan the docker image use trivy in jenkins file
stage("Trivy Scan") { steps { script { sh ('docker run -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image ritish134/simple-app-pipeline:latest --no-progress --scanners vuln --exit-code 0 --severity HIGH,CRITICAL --format table') } } } stage ('Cleanup Artifacts') { steps { script { sh "docker rmi ${IMAGE_NAME}:${IMAGE_TAG}" sh "docker rmi ${IMAGE_NAME}:latest" } } }
create new ec2 eks-bootstrap server ubuntu
sudo apt update
sudo apt upgrade
sudo nano /etc/hostname
sudo init 6
install aws cli
curl "" -o ""
apt install unzip
sudo ./aws/install
Download kubectl
curl -O
chmod +x ./kubectl
mv kubectl /bin
Refer--- curl --silent --location "$(uname -s)_amd64.tar.gz" | tar xz -C /tmp cd /tmp ll sudo mv /tmp/eksctl /bin eksctl version
Refer--aws-samples/eks-workshop#734 eksctl create cluster --name virtualtechbox-cluster
--region ap-south-1
--node-type t2.small
--nodes 3 \kubectl get nodes
kubectl create namespace argocd
Next, let's apply the yaml configuration files for ArgoCd kubectl apply -n argocd -f
Now we can view the pods created in the ArgoCD namespace. kubectl get pods -n argocd
To interact with the API Server we need to deploy the CLI: curl --silent --location -o /usr/local/bin/argocd chmod +x /usr/local/bin/argocd
Expose argocd-server $ kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'
Wait about 2 minutes for the LoadBalancer creation $ kubectl get svc -n argocd
Get pasword and decode it. $ kubectl get secret argocd-initial-admin-secret -n argocd -o yaml $ echo WXVpLUg2LWxoWjRkSHFmSA== | base64 --decode
login to ArgoCD from CLI $ argocd login --username admin
$ argocd cluster list
Below command will show the EKS cluster $ kubectl config get-contexts
Add above EKS cluster to ArgoCD with below command $ argocd cluster add [email protected] --name virtualtechbox-eks-cluster
$ kubectl get svc
Add github repo using argocd GUI
- use project type pipeline > check discard old builds , max build=2,this project is parameterized > string parameter , name=IMAGE_TAG, trigger builds remotely = gitops-token,pipeline script from scm and git
- Add more stage to jenkins file
stage("Trigger CD Pipeline") { steps { script { sh "curl -v -k --user clouduser:${JENKINS_API_TOKEN} -X POST -H 'cache-control: no-cache' -H 'content-type: application/x-www-form-urlencoded' --data 'IMAGE_TAG=${IMAGE_TAG}' ''" } } } } post { failure { emailext body: '''${SCRIPT, template="groovy-html.template"}''', subject: "${env.JOB_NAME} - Build # ${env.BUILD_NUMBER} - Failed", mimeType: 'text/html',to: "[email protected]" } success { emailext body: '''${SCRIPT, template="groovy-html.template"}''', subject: "${env.JOB_NAME} - Build # ${env.BUILD_NUMBER} - Successful", mimeType: 'text/html',to: "[email protected]" } }
- generate new api token on jenkins
- then add credentials in jenkins , kind secret text
============================================================= Cleanup ============================================================= $ kubectl get all $ kubectl delete deployment.apps/virtualtechbox-regapp //it will delete the deployment $ kubectl delete service/virtualtechbox-service //it will delete the service $ eksctl delete cluster virtualtechbox --region ap-south-1 OR eksctl delete cluster --region=ap-south-1 --name=virtualtechbox-cluster //it will delete the EKS cluster