Mastering CI/CD Automation for Java Applications with Jenkins, AWS, Docker, Kubernetes, SonarQube, and Nexus: A Step-by-Step Guide

Introduction

In this guide, we’ll explore how to set up a Jenkins pipeline to automate your CI/CD process for a Java application. This pipeline integrates key DevOps tools, including AWS, Docker, Kubernetes (K8s), SonarQube, and Nexus, to streamline the software development lifecycle.

We’ll cover:

• A detailed explanation of the Jenkins pipeline code.
• How to install necessary plugins for managing Docker and AWS credentials in Jenkins.
• How to create and manage secrets for AWS and Docker in Jenkins.

Whether you’re a beginner or an experienced DevOps practitioner, this guide will help you set up a reliable, automated CI/CD pipeline.

In a future post, I’ll also explain how to automate the installation and configuration of Jenkins, SonarQube, Docker, Kubernetes, and Nexus using an Ansible Playbook, making it even easier to establish your DevOps infrastructure.

Let’s dive in!

1. The Jenkins Pipeline

Here’s a sample Jenkins pipeline script that automates the following steps:

• Code checkout from GitHub.
• Static code analysis using SonarQube.
• Building and packaging the application using Maven.
• Uploading artifacts to a Nexus repository.
• Building Docker images and pushing them to AWS Elastic Container Registry (ECR).
• Deploying the application to a Kubernetes cluster.

Pipeline Code

pipeline {
    agent any
    options {
        buildDiscarder logRotator(artifactDaysToKeepStr: '', artifactNumToKeepStr: '', daysToKeepStr: '30', numToKeepStr: '2')
    }
    tools {
        maven 'Maven'
    }
    environment {
        AWS_CREDENTIALS = credentials('aws-key')
    }
    stages {
        stage('Checkout Code') {
            steps {
                checkout scmGit(branches: [[name: '*/main']], extensions: [], userRemoteConfigs: [[url: 'https://github.com/example-org/example-repo']])
            }
        }
        stage('SonarQube Analysis') {
            steps {
                script {
                    def mvn = tool 'Maven'
                    withSonarQubeEnv(installationName: 'sonarqube-server') {
                        sh "${mvn}/bin/mvn clean verify sonar:sonar -Dsonar.projectKey=example-project -Dsonar.projectName='Example Project'"
                    }
                }
            }
        }
        stage('Build and Package') {
            steps {
                sh 'mvn package'
            }
        }
        stage('Publish to Nexus') {
            steps {
                nexusArtifactUploader(
                    nexusVersion: 'nexus3',
                    protocol: 'http',
                    nexusUrl: 'https://nexus.example.com:8081',
                    groupId: 'com.example',
                    version: '1.0-SNAPSHOT',
                    repository: 'maven-snapshots',
                    credentialsId: 'nexus-credentials',
                    artifacts: [
                        [artifactId: 'ExampleApp',
                        classifier: '',
                        file: 'target/example-app-1.0.war',
                        type: 'war']
                     ]
                )
            }
        }
        stage('Build Docker Image') {
            steps {
                sh 'docker build -t example-app .'
            }
        }
        stage('Push Docker Image to ECR') {
            steps {
                sh """
                aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.us-east-1.amazonaws.com
                docker tag example-app:latest 123456789012.dkr.ecr.us-east-1.amazonaws.com/example-app:latest
                docker push 123456789012.dkr.ecr.us-east-1.amazonaws.com/example-app:latest
                """
            }
        }
        stage('Deploy to Kubernetes') {
            steps {
                sh """
                aws eks update-kubeconfig --region us-east-1 --name example-cluster
                kubectl apply -f deployment.yaml
                """
            }
        }
    }
    post {
        always {
            echo "Pipeline execution completed."
        }
        success {
            echo "Pipeline executed successfully!"
        }
        failure {
            echo "Pipeline execution failed."
        }
    }
}

        

2. Jenkins Pipeline Code: Line-by-Line Explanation

Pipeline Declaration

pipeline {
        

• What It Does: Marks the beginning of a Jenkins declarative pipeline.

Agent Declaration

    agent any        

What It Does: Specifies that the pipeline can run on any available Jenkins agent. If there are multiple agents in your Jenkins setup, Jenkins will assign one dynamically.

Pipeline Options

    options {
        buildDiscarder logRotator(artifactDaysToKeepStr: '', artifactNumToKeepStr: '', daysToKeepStr: '30', numToKeepStr: '2')
    }
        

• What It Does: Configures options for the pipeline:buildDiscarder:daysToKeepStr: '30': Retains logs for 30 days.numToKeepStr: '2': Keeps only the last 2 builds.Purpose: Prevents Jenkins from consuming unnecessary disk space.

Tools Configuration

    tools {
        maven 'Maven'
    }
        

• What It Does: Specifies the Maven version to be used in the pipeline.
• Where to Configure: Maven must be pre-configured in Manage Jenkins > Global Tool Configuration.

Environment Variables

    environment {
        AWS_CREDENTIALS = credentials('aws-key')
    }
        

• What It Does: AWS_CREDENTIALS: References AWS credentials stored securely in Jenkins Credentials.

• Purpose: Avoids hardcoding sensitive information in the pipeline script.

Stages Section

    stages {
        

• What It Does: Defines the sequence of steps or tasks that the pipeline will execute. Each task is encapsulated in a stage.

Stage: Checkout Code

        stage('Checkout Code') {
            steps {
                checkout scmGit(branches: [[name: '*/main']], extensions: [], userRemoteConfigs: [[url: 'https://github.com/example-org/example-repo']])
            }
        }
        

• What It Does:Pulls the latest code from the main branch of the specified GitHub repository.
• Key Parameters:branches: Specifies the branch to pull (*/main).url: The repository URL.
• Purpose: Ensures the pipeline works with the most recent codebase.

Stage: SonarQube Analysis

        stage('SonarQube Analysis') {
            steps {
                script {
                    def mvn = tool 'Maven'
                    withSonarQubeEnv(installationName: 'sonarqube-server') {
                        sh "${mvn}/bin/mvn clean verify sonar:sonar -Dsonar.projectKey=example-project -Dsonar.projectName='Example Project'"
                    }
                }
            }
        }
        

• What It Does:Runs static code analysis with SonarQube to check for bugs, vulnerabilities, and code quality.
• Command Breakdown:
• mvn clean verify:clean: Deletes previous build artifacts.
• verify: Runs all tests and validates dependencies.
• sonar:sonar: Sends analysis results to the SonarQube server.
• -Dsonar.projectKey: A unique identifier for the project in SonarQube.
• -Dsonar.projectName: A human-readable name for the project.
• Purpose: Ensures code quality before proceeding to the next stages.

Stage: Build and Package

        stage('Build and Package') {
            steps {
                sh 'mvn package'
            }
        }
        

• What It Does:Compiles the Java code.Packages it into a .war file (web application archive).
• Command:mvn package: Builds the application and generates the deployable artifact.

Stage: Publish to Nexus

        stage('Publish to Nexus') {
            steps {
                nexusArtifactUploader(
                    nexusVersion: 'nexus3',
                    protocol: 'http',
                    nexusUrl: 'https://nexus.example.com:8081',
                    groupId: 'com.example',
                    version: '1.0-SNAPSHOT',
                    repository: 'maven-snapshots',
                    credentialsId: 'nexus-credentials',
                    artifacts: [
                        [artifactId: 'ExampleApp',
                        classifier: '',
                        file: 'target/example-app-1.0.war',
                        type: 'war']
                     ]
                )
            }
        }
        

• What It Does:Uploads the .war file to a Nexus repository for centralized storage and version control.
• Key Parameters:nexusUrl: URL of the Nexus repository.groupId: Logical grouping for artifacts.version: Artifact version.credentialsId: Jenkins credential ID for authenticating with Nexus.

Stage: Build Docker Image

        stage('Build Docker Image') {
            steps {
                sh 'docker build -t example-app .'
            }
        }
        

• What It Does:Builds a Docker image named example-app using the Dockerfile in the project directory.
• Command:docker build: Creates the container image.

Stage: Push Docker Image to ECR

        stage('Push Docker Image to ECR') {
            steps {
                sh """
                aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.us-east-1.amazonaws.com
                docker tag example-app:latest 123456789012.dkr.ecr.us-east-1.amazonaws.com/example-app:latest
                docker push 123456789012.dkr.ecr.us-east-1.amazonaws.com/example-app:latest
                """
            }
        }
        

• What It Does:Logs into AWS ECR using credentials.Tags and pushes the Docker image to ECR.
• Commands:aws ecr get-login-password: Retrieves an authentication token for ECR.docker login: Authenticates with ECR.docker tag: Tags the image for ECR.docker push: Uploads the image to the specified ECR repository.

Stage: Deploy to Kubernetes

        stage('Deploy to Kubernetes') {
            steps {
                sh """
                aws eks update-kubeconfig --region us-east-1 --name example-cluster
                kubectl apply -f deployment.yaml
                """
            }
        }
        

• What It Does:Configures Kubernetes to use the correct EKS cluster.Deploys the application using Kubernetes manifests (deployment.yaml).
• Commands:aws eks update-kubeconfig: Updates the Kubernetes configuration file to point to the EKS cluster.kubectl apply -f deployment.yaml: Deploys the application defined in deployment.yaml.

Post Actions

    post {
        always {
            echo "Pipeline execution completed."
        }
        success {
            echo "Pipeline executed successfully!"
        }
        failure {
            echo "Pipeline execution failed."
        }
    }
}
        

• What It Does:Executes post-build actions:always: Runs regardless of the build’s outcome.success: Executes when the pipeline succeeds.failure: Executes when the pipeline fails.

3. Installing Plugins for AWS and Docker in Jenkins

Step 1: Installing the AWS Plugin

1. Go to Manage Jenkins > Plugin Manager.
2. Navigate to the Available Plugins tab.
3. Search for AWS Plugin.
4. Select the plugin and click Install without Restart.
5. Once installed, restart Jenkins if required.

Step 2: Installing the Docker Pipeline Plugin

1. Go to Manage Jenkins > Plugin Manager.
2. Search for Docker Pipeline Plugin under the Available Plugins tab.
3. Select the plugin and click Install without Restart

4. Creating Secrets for AWS

For AWS Credentials

1. Navigate to Manage Jenkins > Manage Credentials.
2. Click Global or the desired scope.
3. Add credentials of type AWS Credentials.
4. Provide your Access Key ID, Secret Access Key, and a unique ID (e.g., aws-key).

Why Use Jenkins?

Jenkins is a powerful, flexible, and open-source CI/CD tool that serves as the backbone for modern DevOps pipelines. Here’s why Jenkins stands out:

• Automation: Jenkins automates repetitive tasks like building, testing, and deploying code.
• Extensibility: With over 1,800 plugins, Jenkins integrates seamlessly with tools like Docker, AWS, Kubernetes, SonarQube, and Nexus.
• Scalability: Jenkins supports distributed builds using multiple agents, making it suitable for projects of any size.
• Community Support: Jenkins has a robust community that ensures consistent updates, security patches, and plugin availability.

By using Jenkins, teams can ensure faster deployments, improved code quality, and enhanced collaboration.

Conclusion

This guide demonstrates how to:

1. Automate your CI/CD workflows using a Jenkins pipeline.
2. Manage secrets securely in Jenkins for AWS and Docker.
3. Install plugins to enhance Jenkins’ capabilities.
4. Push your DevOps skills further by integrating tools like Kubernetes, Nexus, and SonarQube.

Stay tuned to learn how to simplify DevOps infrastructure setup with automation tools!