Sajal Mishra's Blog
Deploying a Java Application with Jenkins, AWS, and Kubernetes: A Complete CICD Pipeline Guide

Photo by Aaron McLean on Unsplash

Deploying a Java Application with Jenkins, AWS, and Kubernetes: A Complete CICD Pipeline Guide

Sajal Mishra's photo
Sajal Mishra
·

5 min read

Table of contents

No heading

No headings in the article.

Creating a Continuous Integration/Continuous Deployment (CICD) pipeline from scratch is a significant achievement for any software developer or DevOps engineer. In this blog, I’ll walk you through the process I followed to deploy a Java application using Jenkins for the pipeline, AWS for cloud services, and Kubernetes for container orchestration. This step-by-step guide will also highlight the tools and configurations used to ensure secure and efficient deployment.

Key Steps in Building the CICD Pipeline

1. Creating the CICD Pipeline from Scratch

The journey began with setting up Jenkins as the pipeline orchestrator. Jenkins fetched the application code from a GitHub repository, compiled it, and executed the deployment.

2. Testing and Security Checkpoints

To maintain the integrity of the deployment, I implemented automated testing and security checkpoints using tools like SonarQube for static code analysis and Trivy for vulnerability scanning.

3. Setting Up Secure Infrastructure for Deployment

I utilized AWS services to create a secure environment:

  • VPC (Virtual Private Cloud): Ensured isolated networking for the application.

  • EC2 instances: hosted various components of the pipeline.

Configurations and Implementations

4. Implementing Security Measures and Email Notifications

Configuring security measures, such as security groups in AWS, ensured that only required ports were open for Kubernetes and Jenkins. Email notifications were set up in Jenkins for real-time alerts on pipeline status.

5. Configuring Required Ports

Ports like 6443 for the Kubernetes API server and others for virtual machine access were opened securely to facilitate communication between components.

6. Setting Up Master and Slave Nodes

Using MobaXterm, I configured Kubernetes master and slave nodes for distributed workload management. Proper SSH access was ensured for seamless interaction.

Kubernetes Cluster Setup

7. Changing File Permissions for Execution

To ensure smooth execution of setup commands, file permissions were modified appropriately.

8. Configuring Kubernetes with kubeadm, kubelet, and kubectl

The cluster was set up using:

  • kubeadm: To initialize the cluster.

  • Kubelet: For node management.

  • kubectl: To manage cluster resources.

9. Deploying on Kubernetes Cluster

Deployment files hosted on my GitHub repository were used to deploy the Java application on the Kubernetes cluster.

Docker and Supporting Tools

10. Setting Up Virtual Machines

EC2 instances were prepared as virtual machines to host Docker and other tools.

11. Installing Docker and Granting Permissions

Docker was installed, and permissions were configured to execute commands without requiring root access.

12. Setting Up SonarQube and Nexus Containers

Containers for SonarQube and Nexus were created and run on separate EC2 instances. These tools ensured code quality and artifact management.

Jenkins Pipeline Configuration

13. Setting Up Jenkins

Jenkins was configured with the necessary plugins to streamline the pipeline:

  • Pipeline plugin for orchestration.

  • Docker plugin for building and pushing images.

14. Configuring Tools and Creating the Pipeline

The pipeline was configured to:

  • Compile the Java application.

  • Run tests.

  • Perform security scans.

  • Publish artifacts to Nexus.

  • Deploy to the Kubernetes cluster.

Security and Role-Based Access Control (RBAC)

15. Implementing RBAC and Permissions

RBAC policies were enforced to restrict access and permissions across Kubernetes resources. Jenkins was granted authentication to interact with Kubernetes using kubeconfig.

16. Generating a Jenkins Pipeline Skeleton

A reusable pipeline skeleton was created for future configurations, reducing manual effort.

Notifications and Reporting

17. Configuring Email Notifications

Jenkins was set up with extended email notifications to alert on build status, failures, and successes. Detailed reports, including Trivy vulnerability scans, were attached to these notifications.

18. Monitoring and Observations

AWS’s monitoring page was utilized to oversee running instances and ensure resource optimization.

Visual Insights

Key Screenshots from the Project

  1. VPC Dashboard: Highlighting isolated networking.

  2. Security Group Rules in AWS: Showing port configurations for Kubernetes and virtual machines.

  3. Instance Creation Dashboard: Demonstrating the setup process of EC2 instances.

  4. Running Instances Dashboard: Showcasing active EC2 instances used in the pipeline.

  5. MobaXterm Dashboard: Configuring master and slave nodes via SSH.

  6. Master and Slave Nodes SSH on MobaXterm: Securely connecting to and managing nodes.

  7. Kubeaudit GitHub Repository: Repository details for security auditing in Kubernetes.

  8. Kubeaudit Analysis Results on MobaXterm: Observing security analysis output.

  9. Running SonarQube Container on EC2: Verifying the SonarQube container's execution.

  10. SonarQube Dashboard: Code quality and analysis results.

  11. Nexus Repository Dashboard: Artifact management and storage interface.

  12. Jenkins Getting Started Page: Initial setup interface for Jenkins.

  13. Installing Plugins on Jenkins: Adding essential plugins for CICD functionality.

  14. Creating the First Admin User on Jenkins: Ensuring secure access control.

  15. Successful Plugin Installation in Jenkins: Verifying readiness of Jenkins environment.

  16. Creating “Secret” in Kubernetes on Master Node: Secure setup for sensitive configurations.

  17. Generating Pipeline Script for Kubeconfig: Automating Kubernetes access in Jenkins.

  18. Kubernetes Deployment File on GitHub: Source of deployment manifests for Kubernetes.

  19. Console Output on Jenkins After Starting Pipeline: Real-time pipeline execution logs.

  20. Successful Artifact Build on Jenkins: Confirmation of compiled application.

  21. AWS Monitoring Page of All Instances: Overview of Active Resources in AWS.

  22. Successful Email Notification with Trivy Report: Verification of pipeline completion and vulnerability scanning.

Conclusion

This project demonstrated the integration of robust tools and platforms to establish a secure, efficient CICD pipeline for a Java application. By combining Jenkins, AWS, Docker, Kubernetes, and supporting tools like SonarQube and Trivy, I achieved seamless deployment and ensured the application’s reliability and security.

FAQs

Q1: Why use Jenkins for the CICD pipeline?

Jenkins offers flexibility and integrates well with various tools, making it ideal for orchestrating complex pipelines.

Q2: How does Kubernetes enhance deployment?

Kubernetes automates deployment, scaling, and management of containerized applications, ensuring reliability and efficiency.

Q3: What security measures were implemented?

Measures included AWS security groups, vulnerability scanning with Trivy, and RBAC policies in Kubernetes.

Q4: Why were SonarQube and Nexus used?

SonarQube ensured code quality, while Nexus managed artifacts, streamlining the build and deployment process.

Q5: Can this pipeline be reused for other projects?

Yes, the pipeline skeleton and configurations can be adapted for various applications with minimal adjustments

DevopscicdJenkinstrivy#DevSecOps #CICD #Pipeline #SonarQube #Trivy #OWASP #Jenkins #Security #ContinuousIntegration #ContinuousDeployment #Automation #CodeQuality #ContainerSecurity #VulnerabilityScanning #SecureCoding #SoftwareDevelopment #DevOps #CyberSecurity #ApplicationSecurity #SoftwareSecurity #TechBlog #ITSecurity #CodeAnalysis #SecurityTools#NexusJavaGitHubPipelineAWSec2vpc