This project showcases a DevSecOps approach to deploying a Netflix Clone using Jenkins for Continuous Integration (CI) and Argo CD for Continuous Deployment (CD). The pipeline ensures security at every stage, from code analysis to container image scanning.
- CI Pipeline (Jenkins):
- Git checkout
- SonarQube analysis for static code analysis
- Dependency installation
- OWASP Dependency Check for vulnerability scanning
- Docker image build and push to Docker Hub
- Trivy scans for filesystem and Docker image
- CD Deployment (Argo CD):
- EKS cluster deployment
- Argo CD installation using Helm
- Netflix Clone application deployment
- Monitoring:
- Prometheus and Grafana setup for monitoring infrastructure health and performance.
-
Static Code Analysis:
- Leveraging SonarQube for identifying and addressing code quality issues.
-
Dependency Scanning:
- Utilizing OWASP Dependency Check to identify vulnerabilities in project dependencies.
-
Container Security:
- Trivy scans for both the filesystem and Docker images to ensure container security.
-
EKS Cluster:
- Kubernetes-based deployment on Amazon EKS for scalability and reliability.
-
Argo CD:
- Handling Continuous Deployment with Argo CD, managing the application deployment on the EKS cluster.
This project includes monitoring capabilities using Prometheus and Grafana:
Prometheus, an integral part of our monitoring setup, collects and stores various metrics from the EKS cluster nodes and Jenkins server. These metrics provide insights into the health and performance of the infrastructure.
-
EKS Node Exporter:
- Collects metrics from EKS cluster nodes.
- Target:
<eks-node-ip>:9100
-
Server Node Exporter:
- Gathers metrics from the Jenkins server.
- Target:
<jenkins-server-ip>:9100
-
Jenkins Prometheus Exporter:
- Captures Jenkins-specific metrics.
- Target:
<jenkins-server-ip>:8080/prometheus
Grafana visually presents Prometheus data, allowing you to monitor and analyze system performance with ease.
- Set up Jenkins with necessary plugins.
- Configure pipeline stages and secrets.
- Provision an EKS cluster on AWS.
- Install Argo CD on the cluster using Helm.
- Trigger the Jenkins pipeline to build, test, and push the Docker image.
- Use Argo CD to deploy the Netflix Clone application on the EKS cluster.
-
Clean Workspace:
- Deletes the workspace to start with a clean environment.
-
Git Checkout:
- Checks out the code from the main branch of the GitHub repository.
-
Scanning via SonarQube:
- Analyzes the code using SonarQube for static code analysis.
-
Quality Gates:
- Waits for the SonarQube Quality Gate to pass.
-
Installing Dependency:
- Installs project dependencies using npm.
-
DependencyCheck:
- Scans dependencies for known vulnerabilities using DependencyCheck.
-
Trivy File System Scan:
- Performs a Trivy scan on the file system to identify vulnerabilities.
-
Build Docker Image and Push:
- Builds the Docker image with necessary configurations and pushes it to Docker Hub.
- Note: The Docker stage has a commented line related to API key. Uncomment and replace
<yourapikey>with your actual API key when needed.Ensure to follow best practices for handling sensitive information and credentials.
-
Image Scan Using Trivy:
- Performs a Trivy scan on the Docker image to identify vulnerabilities.
- Automated email notifications are configured to provide success/failure feedback.
- Email attachments include Trivy outputs for image and filesystem scans and build logs.
- Note: The notification stage has a commented line for the recipient's email address. Uncomment and replace
<email-id>with a valid email ID where you want to receive notifications.
