Day 1 and 2 DevSecOps CI/CD

Day 1 and 2 DevSecOps CI/CD

Saurabh Rajput Saurabh Rajput

Saurabh Rajput

"DevOps Engineer | Streamlining Development and Operations for Efficient Software Delivery"

发布日期: 2024年1月17日
+ 关注

Step 1: Launch an EC2 Instance

  1. Sign in to AWS Console: Log in to the AWS Management Console at https://aws.amazon.com/.
  2. Navigate to EC2: Go to the EC2 service by clicking on "Services" in the top left corner and selecting "EC2" under the "Compute" section.
  3. Launch Instance: Click on the "Instances" in the left sidebar and then click the "Launch Instance" button.
  4. Choose AMI:Choose an Ubuntu AMI from the list. For example, you can select the latest Ubuntu Server LTS version.
  5. Choose Instance Type:Select the "t2.large" instance type.
  6. Configure Instance:In the "Configure Instance" step, you can leave the default settings unless you have specific requirements.
  7. Add Storage:In the "Add Storage" step, set the size to 30 GB or your preferred size.
  8. Add Tags:Optionally, you can add tags to your instance for better organization.
  9. Configure Security Group:Create a new security group or use an existing one. Make sure to allow SSH (port 22) access.
  10. Review and Launch:Review your settings and click "Launch."
  11. Select Key Pair:Choose an existing key pair or create a new one. This is essential for SSH access.
  12. Launch Instances:Click "Launch Instances."

Step 2: Assign IAM Role

  1. Navigate to IAM:In the AWS Management Console, go to the IAM service.
  2. Create a New Role:Click on "Roles" in the left sidebar, then click "Create role."Select "AWS service" as the type of trusted entity and choose EC2 as the use case.
  3. Attach Permissions:In the permissions screen, attach the "AdministratorAccess" policy. This grants full administrative access for learning purposes.
  4. Review and Create Role:Give your role a meaningful name and description, then click "Create role."
  5. Attach Role to EC2 Instance:Back in the EC2 dashboard, select your instance.In the "Actions" dropdown, navigate to "Security," and then click "Modify IAM Role."Select the IAM role you created and click "Update IAM Role."

Step 3: Connect to the EC2 Instance

  1. Get the Public IP Address:In the EC2 dashboard, select your instance, and note the public IP address.
  2. SSH into the Instance:Open a terminal on your local Ubuntu machine.Use the following command to SSH into your EC2 instance, replacing <YourKey.pem> and <YourPublicIP> with your actual key pair file and the EC2 instance's public IP address:

ssh -i "[email protected]" [email protected]

Step 2: Installation of Required Tools on the Instance

  • Writing a script to automate the installation of:
  • Docker
  • Jenkins
  • Java
  • SonarQube container
  • AWS CLI
  • Kubectl
  • TerraformStep 3: Jenkins Job Configuration

  • Creating Jenkins jobs for:
  • Creating an EKS cluster
  • Deploying the Hotstar clone application
  • Configuring the Jenkins job stages:
  • Sending files to SonarQube for static code analysis
  • Running npm install
  • Implementing OWASP for security checks
  • Installing and running Docker Scout for container security
  • Scanning files and Docker images with Docker Scout
  • Building and pushing Docker images
  • Deploying the application to the EKS clusterStep 4: Clean-Up Process

  1. Removing the EKS cluster
  2. Deleting the IAM role

Terminating the Ubuntu instance

Setting up AWS EC2 Instance and IAM Role

  1. Sign in to the AWS Management Console: Access the AWS Management Console using your credentials
  2. Navigate to the EC2 Dashboard: Click on the “Services” menu at the top of the page and select “EC2” under the “Compute” section. This will take you to the EC2 Dashboard.
  3. Launch Instance: Click on the “Instances” link on the left sidebar and then click the “Launch Instance” button.
  4. Choose an Amazon Machine Image (AMI): In the “Step 1: Choose an Amazon Machine Image (AMI)” section:Select “AWS Marketplace” from the left-hand sidebar.Search for “Ubuntu” in the search bar and choose the desired Ubuntu AMI (e.g., Ubuntu Server 22.04 LTS).Click on “Select” to proceed.
  5. Choose an Instance Type: In the “Step 2: Choose an Instance Type” section:Scroll through the instance types and select “t2.large” from the list.Click on “Next: Configure Instance Details” at the bottom.
  6. Configure Instance Details: In the “Step 3: Configure Instance Details” section, you can leave most settings as default for now. However, you can configure settings like the network, subnet, IAM role, etc., according to your requirements.Once done, click on “Next: Add Storage.”
  7. Add Storage: In the “Step 4: Add Storage” section:You can set the size of the root volume (usually /dev/sda1) to 30 GB by specifying the desired size in the “Size (GiB)” field.Customize other storage settings if needed.Click on “Next: Add Tags” when finished.
  8. Add Tags (Optional): In the “Step 5: Add Tags” section, you can add tags to your instance for better identification and management. This step is optional but recommended for organizational purposes.Click on “Next: Configure Security Group” when done.
  9. Configure Security Group: In the “Step 6: Configure Security Group” section:Create a new security group or select an existing one.Ensure that at least SSH (port 22) is open for inbound traffic to allow remote access.You might also want to open other ports as needed for your application’s requirements.Click on “Review and Launch” when finished.
  10. Review and Launch: Review the configuration details of your instance. If everything looks good:Click on “Launch” to proceed.A pop-up will prompt you to select or create a key pair. Choose an existing key pair or create a new one.Finally, click on “Launch Instances.”
  11. Accessing the Instance: Once the instance is launched, you can connect to it using SSH. Use the private key associated with the selected key pair to connect to the instance’s public IP or DNS address.

STEP 1: IAM ROLE

Create Role
Create user


add policies

Now Attach this role to Ec2 instance that we created earlier, so we can provision cluster from that instance.

Go to EC2 Dashboard and select the instance.

Click on Actions –> Security –> Modify IAM role.

Select the Role that created earlier and click on Update IAM role.
Connect the instance

Step 2: Installation of Required Tools on the Instance

Scripts to install Required tools 

sudo su    #Into root
vi script1.sh

Script1 for Java,Jenkins,Docker 

#!/bin/bash
sudo apt update -y
wget -O - https://packages.adoptium.net/artifactory/api/gpg/key/public | tee /etc/apt/keyrings/adoptium.asc
echo "deb [signed-by=/etc/apt/keyrings/adoptium.asc] https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | tee /etc/apt/sources.list.d/adoptium.list
sudo apt update -y
sudo apt install temurin-17-jdk -y
/usr/bin/java --version
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee /usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian-stable binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update -y
sudo apt-get install jenkins -y
sudo systemctl start jenkins
#install docker
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl gnupg -y
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
sudo usermod -aG docker ubuntu
newgrp docker        
sudo chmod 777 script1.sh
sh script1.sh

Script 2 for Terraform,kubectl,Aws cli 

viM script2.sh
chmod 777 script2.sh
sh script2.sh        
#!/bin/bash
#install terraform
sudo apt install wget -y
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform
#install Kubectl on Jenkins
sudo apt update
sudo apt install curl -y
curl -LO https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
kubectl version --client
#install Aws cli
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo apt-get install unzip -y
unzip awscliv2.zip
sudo ./aws/install

Now Run sonarqube container 

sudo chmod 777 /var/run/docker.sock
docker run -d --name sonar -p 9000:9000 sonarqube:lts-community

8080 you will Jenkins login page 

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Jenkins Dashboard

领英推荐

public IP again and paste it into a new tab in the browser with 9000

Enter username and password, click on login and change password 



docker --version 
aws --version
terraform --version
kubectl version

Step 3: Jenkins Job Configuration Step 3A: EKS Provision job That is done now go to Jenkins and add a terraform plugin to provision the AWS EKS using the Pipeline Job. Go to Jenkins dashboard –> Manage Jenkins –> Plugins Available Plugins, Search for Terraform and install it.

chick plugins
install Terrafrom
open tools
add terrafrom 


which terraform
/usr/bin/
copy /usr/bin/ and paste
Apply and save


I want to do this with build parameters to apply and destroy while building only. you have to add this inside job like the below image


This project is parameterised
Choice Parameter


apply and destroy 



pipeline{
    agent any
    stages {
        stage('Checkout from Git'){
            steps{
                git branch: 'main', url: 'https://github.com/rajputsaurabh        
/Hotstar-Clone.git'
            }
        }
        stage('Terraform version'){
             steps{
                 sh 'terraform --version'
             }
        }
        stage('Terraform init'){
             steps{
                 dir('EKS_TERRAFORM') {
                      sh 'terraform init'
                   }
             }
        }
        stage('Terraform validate'){
             steps{
                 dir('EKS_TERRAFORM') {
                      sh 'terraform validate'
                   }
             }
        }
        stage('Terraform plan'){
             steps{
                 dir('EKS_TERRAFORM') {
                      sh 'terraform plan'
                   }
             }
        }
        stage('Terraform apply/destroy'){
             steps{
                 dir('EKS_TERRAFORM') {
                      sh 'terraform ${action} --auto-approve'
                   }
             }
        }
    }
}
s3 bucket error 1 day

Step 3B: Hotstar job

Plugins installation & setup (Java, Sonar, Nodejs, owasp, Docker)

Go to Jenkins dashboard

Manage Jenkins –> Plugins –> Available Plugins

Search for the Below Plugins

Eclipse Temurin installer

Sonarqube Scanner

NodeJs

Owasp Dependency-Check

Docker

Docker Commons

Docker Pipeline

Docker API

Docker-build-step

Bhushan Thakur

DevOps Engineer | Linux | Git | Docker | Jenkins | Kubernetes | Terraform | Ansible .

1 年

??
回复
1 次回应

要查看或添加评论,请登录

Saurabh Rajput的更多文章

社区洞察

其他会员也浏览了