Skip to content

Stage1 #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gitpratikshelke wants to merge 11 commits into
base: DevOps
Choose a base branch
from
Open

Stage1 #33

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
9c8cebb
skeleton project
Goldencat98 Aug 26, 2024
1960b4c
updated transactions view to show correct color in start
Goldencat98 Aug 26, 2024
90505d6
added tf and docker
Sep 27, 2025
6b07592
Add files via upload
gitpratikshelke Sep 27, 2025
b5eb915
added k8s file
Sep 27, 2025
284e0c6
deleted wrong commit
Sep 27, 2025
dd4af32
m
Sep 27, 2025
c74d743
rm duplicate
Sep 27, 2025
f84d3dc
deleted some k8s files
Sep 28, 2025
c65de4e
hpa added
Sep 28, 2025
d39f314
Add files via upload
gitpratikshelke Sep 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,9 @@ build/

### VS Code ###
.vscode/
terraform/.terraform.lock.hcl
terraform/bankapp-automate-key
terraform/terraform.tfstate
terraform/terraform.tfstate.backup
terraform/.terraform/providers/registry.terraform.io/hashicorp/aws/5.65.0/windows_amd64/terraform-provider-aws_v5.65.0_x5.exe
terraform/variables.tf
18 changes: 18 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# ----- Stage 1 -----------
FROM maven:3.8.3-openjdk-17 as builder

WORKDIR /src

COPY . /src

RUN mvn clean install -DskipTests=true

# ----- Stage 2 -----------

FROM openjdk:17-alpine

COPY --from=builder /src/target/*.jar /src/target/bankapp.jar

EXPOSE 8080

CMD ["java","-jar","/src/target/bankapp.jar"]
87 changes: 87 additions & 0 deletions Jenkinsfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
@Library('Shared') _
pipeline {
agent any

environment{
SONAR_HOME = tool "Sonar"
}

parameters {
string(name: 'DOCKER_TAG', defaultValue: '', description: 'Setting docker image for latest push')
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Sep 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Empty default value for DOCKER_TAG may cause issues.

The DOCKER_TAG parameter has an empty default value. If a build is triggered without explicitly setting this parameter, it will result in invalid Docker image tags like bankapp: (missing the tag portion).

Consider providing a sensible default value or making it required:

     parameters {
-        string(name: 'DOCKER_TAG', defaultValue: '', description: 'Setting docker image for latest push')
+        string(name: 'DOCKER_TAG', defaultValue: 'latest', description: 'Setting docker image for latest push')
     }

Alternatively, use a dynamic default based on build metadata:

     parameters {
-        string(name: 'DOCKER_TAG', defaultValue: '', description: 'Setting docker image for latest push')
+        string(name: 'DOCKER_TAG', defaultValue: "${env.BUILD_NUMBER}", description: 'Setting docker image for latest push')
     }
🤖 Prompt for AI Agents 
In Jenkinsfile around line 10, the DOCKER_TAG parameter is defined with an empty
default which can produce invalid image names (e.g. bankapp:); change the
parameter to provide a sensible default (for example defaultValue: 'latest' or a
dynamic default like "build-${env.BUILD_NUMBER}" or a short git SHA) or make the
parameter required/validated so that builds always produce a valid Docker tag;
update the string(...) declaration accordingly and/or add validation logic
before tagging/pushing images.

}

stages {

stage("Workspace cleanup"){
steps{
script{
cleanWs()
}
}
}

stage('Git: Code Checkout') {
steps {
script{
code_checkout("https://github.com/LondheShubham153/Springboot-BankApp.git","DevOps")
}
}
}

stage("Trivy: Filesystem scan"){
steps{
script{
trivy_scan()
}
}
}

stage("OWASP: Dependency check"){
steps{
script{
owasp_dependency()
}
}
}

stage("SonarQube: Code Analysis"){
steps{
script{
sonarqube_analysis("Sonar","bankapp","bankapp")
}
}
}

stage("SonarQube: Code Quality Gates"){
steps{
script{
sonarqube_code_quality()
}
}
}

stage("Docker: Build Images"){
steps{
script{
docker_build("bankapp","${params.DOCKER_TAG}","madhupdevops")
}
}
}

stage("Docker: Push to DockerHub"){
steps{
script{
docker_push("bankapp","${params.DOCKER_TAG}","madhupdevops")
}
}
}
}
post{
success{
archiveArtifacts artifacts: '*.xml', followSymlinks: false
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Sep 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Wildcard artifact pattern may capture unintended files.

The pattern *.xml will archive all XML files in the workspace root, which might include unexpected files from dependencies, build tools, or security scans.

Verify which XML files are actually generated by your build process. Consider being more specific about which artifacts to archive (e.g., target/surefire-reports/*.xml for test reports, dependency-check-report.xml for OWASP reports).

🏁 Script executed:

#!/bin/bash
# Description: Search for XML file generation in the repository

# Look for common locations where XML reports might be generated
fd -e xml -t f . | head -20

Length of output: 7

In Jenkinsfile line 81, use explicit artifact paths instead of *.xml
*.xml matches only XML files in the workspace root (currently just pom.xml), so you’ll end up archiving your POM unintentionally. Update to specific patterns, for example:

  • archiveArtifacts artifacts: 'target/surefire-reports/*.xml', followSymlinks: false
  • archiveArtifacts artifacts: 'dependency-check-report.xml', followSymlinks: false
🤖 Prompt for AI Agents 
In Jenkinsfile around line 81, the artifact archiving uses a broad '*.xml' which
only matches root XMLs (like pom.xml) and archives the wrong files; replace this
with explicit artifact paths (e.g. target/surefire-reports/*.xml for test
reports and dependency-check-report.xml or the correct report path) or a
comma-separated list of exact patterns so only intended reports are archived,
and keep followSymlinks: false.

build job: "BankApp-CD", parameters: [
string(name: 'DOCKER_TAG', value: "${params.DOCKER_TAG}")
]
}
}
}
245 changes: 245 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,245 @@
# End-to-End Setup for Deploying Applications with ArgoCD and EKS

This README provides a complete step-by-step guide with all the commands required to set up ArgoCD on an AWS EKS cluster, deploy your applications, and configure GitOps.

---

## **1. Create an EKS Cluster**

### **Create the Cluster Without a Node Group**
```bash
eksctl create cluster --name=bankapp \
--region=ap-south-1 \
--version=1.31 \
--without-nodegroup
```

### **Associate IAM OIDC Provider**
```bash
eksctl utils associate-iam-oidc-provider \
--region ap-south-1 \
--cluster bankapp \
--approve
```

### **Create a Node Group**
```bash
eksctl create nodegroup --cluster=bankapp \
--region=ap-south-1 \
--name=bankapp \
--node-type=t2.medium \
--nodes=2 \
--nodes-min=2 \
--nodes-max=2 \
--node-volume-size=29 \
--ssh-access \
--ssh-public-key=k8s-in-one-shot
```

---

## **2. Deploy ArgoCD**

### **Create the ArgoCD Namespace**
```bash
kubectl create namespace argocd
```

### **Install ArgoCD Using Official Manifests**
```bash
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
```

### **Verify ArgoCD Pods**
```bash
watch kubectl get pods -n argocd
```

### **Install ArgoCD CLI**
```bash
curl --silent --location -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v2.4.7/argocd-linux-amd64
chmod +x /usr/local/bin/argocd
argocd version
```

### **Change ArgoCD Server Service Type to NodePort**
```bash
kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}'
```

### **Verify the NodePort Service**
```bash
kubectl get svc -n argocd
```

### **Expose the Port on Security Groups**
- In the AWS Console, update the security group for your EKS worker nodes to allow inbound traffic on the NodePort assigned to the `argocd-server` service.

### **Access the ArgoCD Web UI**
- Open your browser and navigate to:
```
http://<public-ip-of-worker-node>:<NodePort>
```

---

## **3. Configure ArgoCD for EKS**

### **Login to ArgoCD Using CLI**
```bash
argocd login <public-ip-of-worker-node>:<NodePort> --username admin
```

### **Retrieve the Default Admin Password**
```bash
kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d
```

### **Check Available Clusters in ArgoCD**
```bash
argocd cluster list
```

### **Get the EKS Cluster Context**
```bash
kubectl config get-contexts
```

### **Add EKS Cluster to ArgoCD**
```bash
argocd cluster add <cluster-context-name> --name bankapp-eks-cluster
```
- Replace `<cluster-context-name>` with your EKS cluster context name (e.g., `Madhup@bankapp.us-west-1.eksctl.io`).

---

## **4. Deploy Applications Using ArgoCD**

### **Prepare Kubernetes Manifests in a Git Repository**
- Organize your manifests (e.g., `namespace.yaml`, `deployment.yaml`, `service.yaml`) in a Git repository.

### **Create an Application in ArgoCD**
```bash
argocd app create bankapp \
--repo <your-git-repo-url> \
--path <path-to-manifests> \
--dest-server https://kubernetes.default.svc \
--dest-namespace bankapp-namespace
```

### **Sync the Application**
```bash
argocd app sync bankapp
```

### **Monitor Application Status**
```bash
argocd app list
```

---

## **5. Deploy NGINX Ingress Controller**

### **Install NGINX Ingress Controller Using Helm**
```bash
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx --create-namespace
```

### **Verify Installation**
Check if the NGINX Ingress Controller pods are running:
```bash
kubectl get pods -n ingress-nginx
```

### **Retrieve the Load Balancer IP**
Get the external IP assigned to the NGINX Ingress Controller:
```bash
kubectl get svc -n ingress-nginx
```

### **Update DNS**
Point your domain (`junoon.trainwithshubham.com`) to the external IP of the NGINX Load Balancer.

---

## **6. Enable HTTPS for the Application**

### **Install Cert-Manager**
```bash
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.yaml
```

### **Create Let's Encrypt ClusterIssuer**
Save the following as `letsencrypt-clusterissuer.yaml`:
```yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: your-email@example.com
privateKeySecretRef:
name: letsencrypt-prod-key
solvers:
- http01:
ingress:
class: nginx
```
Apply the ClusterIssuer:
```bash
kubectl apply -f letsencrypt-clusterissuer.yaml
```

### **Update Ingress with TLS Configuration**
- Modify your Ingress to include TLS and reference the `letsencrypt-prod` ClusterIssuer.
- Apply the updated Ingress:
```bash
kubectl apply -f <your-ingress-file>
```

### **Verify Certificate Issuance**
```bash
kubectl get certificate -n bankapp-namespace
```

---

## **7. Verify Deployment**

### **Check Deployed Resources**
```bash
kubectl get all -n bankapp-namespace
```

### **Access the Application**
- Open your browser and navigate to:
```
https://junoon.trainwithshubham.com
```

---

## **8. Add Autoscaling**

### **Install the Metrics Server**
```bash
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
```

### **Get the Top Nodes and Pods**
```bash
kubectl top nodes
kubectl top pods -n bankapp-namespace
```
### **Apply HPA**
```bash
kubectl apply -f bankapp-hpa.yml
```
---

Loading