Deploy Netflix Clone on Cloud using Jenkins — DevSecOps Project!

Project Introduction:

The project involves deploying a Netflix clone on the cloud using a DevSecOps approach, combining development, security, and operations practices. The primary goal is to automate the entire software development life cycle (SDLC) while integrating security measures seamlessly. This helps in achieving faster development cycles, improved code quality, and enhanced security.

Project Rationale:

1. Automation: Automation is a key aspect of DevOps, providing efficiency and repeatability in the deployment process. Jenkins and Docker play pivotal roles in automating the build, test, and deployment phases.
2. Security: Integrating security from the beginning (DevSecOps) is crucial to identify and remediate vulnerabilities early in the development cycle. Tools like SonarQube, Trivy, and Prometheus contribute to security by analyzing code, scanning for vulnerabilities, and monitoring applications.
3. Cloud Deployment: Leveraging cloud infrastructure, in this case, AWS EC2, provides scalability, reliability, and ease of management.
4. Monitoring: Monitoring tools like Prometheus and Grafana help in real-time visibility into the application’s health and performance, ensuring proactive issue detection.

Tools Used and Their Importance:

Development (Dev):

• Git: Version control for source code management, enabling collaboration and tracking changes.
• Jenkins: Automation server for continuous integration and delivery, streamlining the development pipeline.

Security (Sec):

• SonarQube: Code quality and security scanning tool, identifying and addressing code issues.
• Trivy: Container security scanner, identifying vulnerabilities in Docker images.
• Prometheus: Monitoring tool for collecting and visualizing metrics, including security-related metrics.

Operations (Ops):

• Docker: Containerization for consistent deployment across various environments.
• Grafana: Dashboard and visualization platform for monitoring and analysis.

Project Phases:

Development (Dev-focused):

Phase 1: Initial Setup and Deployment:

This phase primarily focuses on setting up the development environment, including infrastructure provisioning (EC2 instances), code retrieval, and Docker installation for containerized development.

Step 1: Launch EC2 (Ubuntu 22.04):

• Provision an EC2 instance on AWS with Ubuntu 22.04.

• Connect to the instance using SSH.
• Objective: Set up an EC2 instance, clone the Netflix clone code, and automate the build and deployment process using Docker and Jenkins.
• Tools: Git, Jenkins, Docker.
• Challenges: Initial setup and configuration of Jenkins for pipeline automation.

Step 2: Clone the Code:

· Update all the packages and then clone the code.https://github.com/shabinazamn/DevSecOps-Project.git: The URL of the GitHub repository containing the source code.

Sudo apt update -y        

·Clone your application’s code repository onto the EC2 instance:

git clone https://github.com/shabinazamn/DevSecOps-Project.git

Once clone is done we will check the code and the code is present in the directory name DevSecOps-Project

Step 3: Install Docker and Run the App Using a Container:

Set up Docker on the EC2 instance:

 sudo apt-get update
sudo apt-get install docker.io -y
 sudo usermod -aG docker $ubuntu  # Replace with your system's username, e.g., 'ubuntu'·       Build and run your application using Docker contain        

·       newgrp docker        

sudo chmod 777 /var/run/docker.sock        

· Build and run your application using Docker containers:

·       docker build -t netflix .        

Create an account on tmbd        

docker run -d --name netflix -p 8081:80 netflix:latest        

We added the security group port for app port,Jenkins and sonarqube When we got to our browser https://3.134.163.215:8081/browse we will get this blank page means we have not added the api key. We get the api key from Tmbd.

Now we will check whether any server is on or not if it is on then we will shut it down.

docker ps        

Here one server is on we are going to shut down

to delete

·       docker stop <containerid>        

Now no server is running

It will show an error cause you need API key.

Now we need to put an api key here which we will get it from tmbd website.

docker build — build-arg TMDB_V3_API_KEY=<api key> -t netflix .

Now we will check the docker image is created or not by using the command

docker image

If you don’t have an API key follow the below step:

Step 4: Get the API Key:

• Open a web browser and navigate to TMDB (The Movie Database) website.
• Click on “Login” and create an account.
• Once logged in, go to your profile and select “Settings.”
• Click on “API” from the left-side panel.
• Create a new API key by clicking “Create” and accepting the terms and conditions.
• Provide the required basic details and click “Submit.”
• You will receive your TMDB API key.

Now recreate the Docker image with your api key:

docker build --build-arg TMDB_V3_API_KEY=<your-api-key> -t netflix .        

Now we will run the command “docker run -d -p 8081:80 netflix

docker run: This is the command to run a Docker container.

• d: This option stands for "detached" mode. It means the container will run in the background, and you'll get the command prompt back in your terminal.
• -p 8081:80: This option maps port 8081 on the host to port 80 on the container. It allows you to access the application inside the container using the specified port on your host machine. In this case, if the application inside the container is running on port 80, you can access it on your host machine using https://localhost:8081.
• netflix: This is the name of the Docker image from which the container will be created. Note that in your previous command, you specified a tag (1a0696b0eb13), which is commonly used to identify a specific version or configuration of an image.

When you run this command, Docker will check if the specified image (netflix) exists locally. If it doesn't, Docker will attempt to pull the image from a Docker registry. Once the image is available, a new container will be created from that image, and it will run in the background.

This specific command assumes that there is a Docker image named "netflix" available, and it will run a container based on that image, making the application inside the container accessible on the host machine's port 8081. Note that the success of this command depends on the existence of the specified image and any potential network or port conflicts.

After running the command we get an SHA output means container is running.

Now we will refresh the page and see

“https://3.134.163.215:8081/browse”        

Phase 2: Security (Sec-focused)

This phase is dedicated to enhancing security. It involves setting up tools for code quality analysis and vulnerability scanning to ensure secure coding practices.

• Objective: Integrate security measures by installing SonarQube for code analysis, Trivy for container security, and setting up Prometheus for monitoring.
• Tools: SonarQube, Trivy, Prometheus.
• Challenges: Configuring security tools and obtaining API keys for proper functioning.

1. Install SonarQube and Trivy:

Install SonarQube and Trivy on the EC2 instance to scan for vulnerabilities.

sonarqube

docker run -d --name sonar -p 9000:9000 sonarqube:lts-community        

This is used to fetching the images from the sonarqube

To access:

publicIP:9000 (by default username & password is admin)

Now we can see two containers are running

docker ps

Now here we will access the sonar by using publicip:9000

To install Trivy:

sudo apt-get install wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy        

Now we will check whether trivy have been install or not. Trivy is installed in our system and also the latest version.

Now we will scan the file system “trivy fs “.

If we want to check the images

To scan image using trivy

trivy image <imageid>        

1. Integrate SonarQube and Configure:

• Integrate SonarQube with your CI/CD pipeline.
• Configure SonarQube to analyze code for quality and security issues.

Phase 3: CI/CD Setup(Dev-focused)

The emphasis here is on establishing a robust CI/CD pipeline for automated testing, building, and deploying code changes efficiently.

1. Install Jenkins for Automation:

Install Jenkins on the EC2 instance to automate deployment: Install Java

1.sudo apt update
sudo apt install fontconfig openjdk-17-jre
java -version
openjdk version "17.0.8" 2023-07-18
OpenJDK Runtime Environment (build 17.0.8+7-Debian-1deb12u1)
OpenJDK 64-Bit Server VM (build 17.0.8+7-Debian-1deb12u1, mixed mode, sharing)
2.  #jenkins
3.  sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
4.  https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
5.  echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
6.  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
7.  /etc/apt/sources.list.d/jenkins.list > /dev/null
8.  sudo apt-get update
9.  sudo apt-get install jenkins
10. sudo systemctl start jenkins
11.sudo systemctl enable Jenkins

Now Jenkins is  Install        

Sudo service Jenkins status
Now Jenkins is in active stage        

Access Jenkins in a web browser using the public IP of your EC2 instance.

publicIp:8080

To get the password we copy the path and put it in on my server

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

After putting the password we landed to next page

1. Install Necessary Plugins in Jenkins:

Goto Manage Jenkins →Plugins → Available Plugins →

Install below plugins

1. Eclipse Temurin Installer (Install without restart)

2 .SonarQube Scanner (Install without restart)

3. NodeJs Plugin (Install Without restart)

4 .Email Extension Plugin

Configure Java and Nodejs in Global Tool Configuration

Goto Manage Jenkins → Tools → Install JDK(17) and NodeJs(16)→ Click on Apply and Save

SonarQube

Create the token

Goto Jenkins Dashboard → Manage Jenkins → Credentials → Add Secret Text. It should look like this

After adding sonar token

Click on Apply and Save

The Configure System option is used in Jenkins to configure different server

Global Tool Configuration is used to configure different tools that we install using Plugins

We will install a sonar scanner in the tools.

Create a Jenkins webhook

1. Configure CI/CD Pipeline in Jenkins:

• Create a CI/CD pipeline in Jenkins to automate your application deployment.

pipeline {
agent any
tools {
jdk 'jdk17'
nodejs 'node16'
}
environment {
SCANNER_HOME = tool 'sonar-scanner'
}
stages {
stage('clean workspace') {
steps {
cleanWs()
}
}
stage('Checkout from Git') 
{
steps {
git branch: 'main', url: 'https://github.com/shabinazamn/DevSecOps-Project.git'
}
}
stage("Sonarqube Analysis") {
steps {
withSonarQubeEnv('sonar-server')
 {
sh '''$SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Netflix \
-Dsonar.projectKey=Netflix'''
}
}
}
stage("quality gate") {
steps {
script {
waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-token'
}
}
}
stage('Install Dependencies') {
steps {
sh "npm install"
}
}
}
}        

Install Dependency-Check and Docker Tools in Jenkins

Install Dependency-Check Plugin:

• Go to “Dashboard” in your Jenkins web interface.
• Navigate to “Manage Jenkins” → “Manage Plugins.”
• Click on the “Available” tab and search for “OWASP Dependency-Check.”
• Check the checkbox for “OWASP Dependency-Check” and click on the “Install without restart” button.

Configure Dependency-Check Tool:

• After installing the Dependency-Check plugin, you need to configure the tool.
• Go to “Dashboard” → “Manage Jenkins” → “Global Tool Configuration.”
• Find the section for “OWASP Dependency-Check.”
• Add the tool’s name, e.g., “DP-Check.”
• Save your settings.

Install Docker Tools and Docker Plugins:

• Go to “Dashboard” in your Jenkins web interface.
• Navigate to “Manage Jenkins” → “Manage Plugins.”
• Click on the “Available” tab and search for “Docker.”
• Check the following Docker-related plugins:
• Docker
• Docker Commons
• Docker Pipeline
• Docker API
• docker-build-step
• Click on the “Install without restart” button to install these plugins.

Add DockerHub Credentials:

• To securely handle DockerHub credentials in your Jenkins pipeline, follow these steps:
• Go to “Dashboard” → “Manage Jenkins” → “Manage Credentials.”
• Click on “System” and then “Global credentials (unrestricted).”
• Click on “Add Credentials” on the left side.
• Choose “Secret text” as the kind of credentials.
• Enter your DockerHub credentials (Username and Password) and give the credentials an ID (e.g., “docker”).
• Click “OK” to save your DockerHub credentials.

Now, you have installed the Dependency-Check plugin, configured the tool, and added Docker-related plugins along with your DockerHub credentials in Jenkins. You can now proceed with configuring your Jenkins pipeline to include these tools and credentials in your CI/CD process.

pipeline{
agent any
    tools{
        jdk 'jdk17'
        nodejs 'node16'
    }
    environment {
        SCANNER_HOME=tool 'sonar-scanner'
    }
    stages {
        stage('clean workspace'){
            steps{
                cleanWs()
            }
        }
        stage('Checkout from Git'){
            steps{
                git branch: 'main', url: https://github.com/shabinazamn/DevSecOps-Project.git'
            }
        }
        stage("Sonarqube Analysis "){
            steps{
                withSonarQubeEnv('sonar-server') {
                    sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Netflix \
                    -Dsonar.projectKey=Netflix '''
                }
            }
        }
        stage("quality gate"){
           steps {
                script {
                    waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-token' 
                }
            } 
        }
        stage('Install Dependencies') {
            steps {
                sh "npm install"
            }
        }
        stage('OWASP FS SCAN') {
            steps {
                dependencyCheck additionalArguments: '--scan ./ --disableYarnAudit --disableNodeAudit', odcInstallation: 'DP-Check'
                dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
            }
        }
        stage('TRIVY FS SCAN') {
            steps {
                sh "trivy fs . > trivyfs.txt"
            }
        }
        stage("Docker Build & Push"){
            steps{
                script{
                   withDockerRegistry(credentialsId: 'docker', toolName: 'docker'){   
                       sh "docker build --build-arg TMDB_V3_API_KEY=<yourapikey> -t netflix ."
                       sh "docker tag netflix shabinazamn/netflix:latest "
                       sh "docker push shabinazamn/netflix:latest "
                    }
                }
            }
        }
        stage("TRIVY"){
            steps{
                sh "trivy image shabinazamn/netflix:latest > trivyimage.txt" 
            }
        }
        stage('Deploy to container'){
            steps{
                sh 'docker run -d --name netflix -p 8081:80 shabinazamn/netflix:latest'
            }
        }
    }
}


If you get docker login failed errorr

sudo su
sudo usermod -aG docker jenkins
sudo systemctl restart jenkins        

Phase 4: Monitoring(Sec and Ops-focused)

This phase addresses both security and operational concerns. It introduces monitoring tools to ensure visibility into application health and security metrics.

1. Install Prometheus and Grafana:

1a. Installing Prometheus:

First, create a dedicated Linux user for Prometheus and download Prometheus:

Set up Prometheus and Grafana to monitor your application.

sudo useradd --system --no-create-home --shell /bin/false prometheus
wget https://github.com/prometheus/prometheus/releases/download/v2.47.1/prometheus-2.47.1.linux-amd64.tar.gz        

Now we can see Prometheus is installed        

Extract Prometheus files, move them, and create directories:

tar -xvf prometheus-2.47.1.linux-amd64.tar.gz
cd prometheus-2.47.1.linux-amd64/
sudo mkdir -p /data /etc/prometheus
sudo mv prometheus promtool /usr/local/bin/
sudo mv consoles/ console_libraries/ /etc/prometheus/
sudo mv prometheus.yml /etc/prometheus/prometheus.yml        

Here we will check the file        

Set ownership for directories:

sudo chown -R prometheus:prometheus /etc/prometheus/ /data/        

Here the owner is prometheus

Create a systemd unit configuration file for Prometheus:

sudo nano /etc/systemd/system/prometheus.service        

Add the following content to the prometheus.service file:

[Unit]
Description=Prometheus
Wants=network-online.target
After=network-online.target

StartLimitIntervalSec=500
StartLimitBurst=5

[Service]
User=prometheus
Group=prometheus
Type=simple
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/bin/prometheus \
  --config.file=/etc/prometheus/prometheus.yml \
  --storage.tsdb.path=/data \
  --web.console.templates=/etc/prometheus/consoles \
  --web.console.libraries=/etc/prometheus/console_libraries \
  --web.listen-address=0.0.0.0:9090 \
  --web.enable-lifecycle

[Install]
WantedBy=multi-user.target        

Here’s a brief explanation of the key parts in this prometheus.service file:

o User and Group specify the Linux user and group under which Prometheus will run.

o ExecStart is where you specify the Prometheus binary path, the location of the configuration file (prometheus.yml), the storage directory, and other settings.

o web.listen-address configures Prometheus to listen on all network interfaces on port 9090.

o web.enable-lifecycle allows for management of Prometheus through API calls.

Enable and start Prometheus:

sudo systemctl enable prometheus
sudo systemctl start Prometheus        

Verify Prometheus’s status:

sudo systemctl status Prometheus

You can access Prometheus in a web browser using your server’s IP and port 9090:

https://<your-server-ip>:9090

Installing Node Exporter:

Create a system user for Node Exporter and download Node Exporter:

sudo useradd --system --no-create-home --shell /bin/false node_exporter
wget https://github.com/prometheus/node_exporter/releases/download/v1.6.1/node_exporter-1.6.1.linux-amd64.tar.gz        

Extract Node Exporter files, move the binary, and clean up:

tar -xvf node_exporter-1.6.1.linux-amd64.tar.gz
sudo mv node_exporter-1.6.1.linux-amd64/node_exporter /usr/local/bin/
rm -rf node_exporter*        

Create a systemd unit configuration file for Node Exporter:

sudo nano /etc/systemd/system/node_exporter.service
Add the following content to the node_exporter.service file:
[Unit]
Description=Node Exporter
Wants=network-online.target
After=network-online.target

StartLimitIntervalSec=500
StartLimitBurst=5

[Service]
User=node_exporter
Group=node_exporter
Type=simple
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/bin/node_exporter --collector.logind

[Install]
WantedBy=multi-user.target
Replace --collector.logind with any additional flags as needed.        

Enable and start Node Exporter:

sudo systemctl enable node_exporter
sudo systemctl start node_exporter        

Verify the Node Exporter’s status:

sudo systemctl status node_exporter

You can access Node Exporter metrics in Prometheus.

1. Configure Prometheus Plugin Integration:

Integrate Jenkins with Prometheus to monitor the CI/CD pipeline.

Prometheus Configuration:

To configure Prometheus to scrape metrics from Node Exporter and Jenkins, you need to modify the prometheus.yml file. Here is an example prometheus.yml configuration for your setup:

global:
scrape_interval: 15s

scrape_configs:
  - job_name: 'node_exporter'
    static_configs:
      - targets: ['localhost:9100']

  - job_name: 'jenkins'
    metrics_path: '/prometheus'
    static_configs:
      - targets: ['<your-jenkins-ip>:<your-jenkins-port>']        

Make sure to replace <your-jenkins-ip> and <your-jenkins-port> with the appropriate values for your Jenkins setup.

Check the validity of the configuration file:

promtool check config /etc/prometheus/prometheus.yml        

Reload the Prometheus configuration without restarting:

curl -X POST https://localhost:9090/-/reload        

You can access Prometheus targets at:

https://<your-prometheus-ip>:9090/targets

1b. Grafana

Install Grafana on Ubuntu 22.04 and Set it up to Work with Prometheus

Step 1: Install Dependencies:

First, ensure that all necessary dependencies are installed:

sudo apt-get update
sudo apt-get install -y apt-transport-https software-properties-common        

Step 2: Add the GPG Key:

Add the GPG key for Grafana:

wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add –        

Step 3: Add Grafana Repository:

Add the repository for Grafana stable releases:

echo "deb https://packages.grafana.com/oss/deb stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list        

Step 4: Update and Install Grafana:

Update the package list and install Grafana:

sudo apt-get update
sudo apt-get -y install Grafana        

Step 5: Enable and Start Grafana Service:

To automatically start Grafana after a reboot, enable the service:

sudo systemctl enable grafana-server        

Then, start Grafana:

sudo systemctl start grafana-server

Step 6: Check Grafana Status:

Verify the status of the Grafana service to ensure it’s running correctly:

sudo systemctl status grafana-server        

Step 7: Access Grafana Web Interface:

Open a web browser and navigate to Grafana using your server’s IP address. The default port for Grafana is 3000. For example:

https://<your-server-ip>:3000

You’ll be prompted to log in to Grafana. The default username is “admin,” and the default password is also “admin.”

Step 8: Change the Default Password:

When you log in for the first time, Grafana will prompt you to change the default password for security reasons. Follow the prompts to set a new password.

Step 9: Add Prometheus Data Source:

To visualize metrics, you need to add a data source. Follow these steps:

· Click on the gear icon (??) in the left sidebar to open the “Configuration” menu.

· Select “Data Sources.”

· Click on the “Add data source” button.

· Choose “Prometheus” as the data source type.

· In the “HTTP” section:

• Set the “URL” to https://localhost:9090 (assuming Prometheus is running on the same server).
• Click the “Save & Test” button to ensure the data source is working.

Step 10: Import a Dashboard:

To make it easier to view metrics, you can import a pre-configured dashboard. Follow these steps:

· Click on the “+” (plus) icon in the left sidebar to open the “Create” menu.

· Select “Dashboard.”

· Click on the “Import” dashboard option.

· Enter the dashboard code you want to import (e.g., code 1860).

· Click the “Load” button.

· Select the data source you added (Prometheus) from the dropdown.

· Click on the “Import” button.

You should now have a Grafana dashboard set up to visualize metrics from Prometheus.

Grafana is a powerful tool for creating visualizations and dashboards, and you can further customize it to suit your specific monitoring needs.

That’s it! You’ve successfully installed and set up Grafana to work with Prometheus for monitoring and visualization.

1. Configure Prometheus Plugin Integration:

• Integrate Jenkins with Prometheus to monitor the CI/CD pipeline.

Phase 5: Notification(Ops-focused)

This phase concentrates on operational aspects, ensuring that relevant stakeholders receive timely notifications regarding system events and status.

1. Implement Notification Services:

• Set up email notifications in Jenkins or other notification mechanisms.

3. Operations (Ops):

• Objective: Implement CI/CD with Jenkins, perform OWASP dependency scanning, and deploy the application on a Docker container.
• Tools: Jenkins, Docker, Grafana.
• Challenges: Setting up Jenkins plugins and ensuring smooth container deployment.

Phase 6: Kubernetes(Ops-focused)

The focus here is on Kubernetes orchestration and operations, including cluster creation, monitoring, and GitOps-based application deployment.

Create Kubernetes Cluster with Nodegroups

In this phase, you’ll set up a Kubernetes cluster with node groups. This will provide a scalable environment to deploy and manage your applications.

Monitor Kubernetes with Prometheus

Prometheus is a powerful monitoring and alerting toolkit, and you’ll use it to monitor your Kubernetes cluster. Additionally, you’ll install the node exporter using Helm to collect metrics from your cluster nodes.

Install Node Exporter using Helm

To begin monitoring your Kubernetes cluster, you’ll install the Prometheus Node Exporter. This component allows you to collect system-level metrics from your cluster nodes. Here are the steps to install the Node Exporter using Helm:

1. Add the Prometheus Community Helm repository:

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts        

2. Create a Kubernetes namespace for the Node Exporter:

kubectl create namespace prometheus-node-exporter        

3. Install the Node Exporter using Helm:

helm install prometheus-node-exporter prometheus-community/prometheus-node-exporter --namespace prometheus-node-exporter        

Add a Job to Scrape Metrics on nodeip:9001/metrics in prometheus.yml:

Update your Prometheus configuration (prometheus.yml) to add a new job for scraping metrics from nodeip:9001/metrics. You can do this by adding the following configuration to your prometheus.yml file:

- job_name: 'Netflix'
metrics_path: '/metrics'
static_configs:
- targets: ['node1Ip:9100']        

Replace ‘your-job-name’ with a descriptive name for your job. The static_configs section specifies the targets to scrape metrics from, and in this case, it’s set to nodeip:9001.

Don’t forget to reload or restart Prometheus to apply these changes to your configuration.

To deploy an application with ArgoCD, you can follow these steps, which I’ll outline in Markdown format:

Deploy Application with ArgoCD

1. Install ArgoCD:

You can install ArgoCD on your Kubernetes cluster by following the instructions provided in the EKS Workshop documentation.

2. Set Your GitHub Repository as a Source:

After installing ArgoCD, you need to set up your GitHub repository as a source for your application deployment. This typically involves configuring the connection to your repository and defining the source for your ArgoCD application. The specific steps will depend on your setup and requirements.

3. Create an ArgoCD Application:

• name: Set the name for your application.
• destination: Define the destination where your application should be deployed.
• project: Specify the project the application belongs to.
• source: Set the source of your application, including the GitHub repository URL, revision, and the path to the application within the repository.
• syncPolicy: Configure the sync policy, including automatic syncing, pruning, and self-healing.

4. Access your Application

• To Access the app make sure port 30007 is open in your security group and then open a new tab paste your NodeIP:30007, your app should be running.

Phase 7: Cleanup(Ops-focused)

This final phase concentrates on cleaning up and decommissioning resources, ensuring that unnecessary infrastructure (e.g., EC2 instances) is properly terminated.

1. Cleanup AWS EC2 Instances:

• Terminate AWS EC2 instances that are no longer needed.

Challenges Faced and Solutions:

• Jenkins Setup: Overcame initial challenges by referring to Jenkins documentation, community forums, and seeking help online.
• Email Notification Configuration: Troubleshooting configuration issues and consulting Jenkins documentation helped in resolving email notification challenges.

Project Experience:

Completing this project provided a holistic understanding of DevSecOps practices, integrating development, security, and operations seamlessly. Overcoming challenges enhanced troubleshooting skills, and hands-on experience with a variety of tools deepened practical knowledge.

Suggestions:

1. Continuous Learning: Stay updated with the latest tools and practices in the DevSecOps landscape for ongoing improvement.
2. Collaboration: Encourage collaboration among team members to share insights and collectively solve challenges.
3. Documentation: Maintain comprehensive documentation for future reference and to assist others in understanding the project.

Conclusion:

The Netflix clone deployment project exemplifies the power of DevSecOps, combining development, security, and operations practices to create a streamlined and secure software development pipeline. The use of industry-standard tools ensures efficiency, reliability, and security throughout the SDLC, reflecting the principles of modern software development practices.