.png){kind=link}
The aim is to set up a Full Pipeline:
- Set up a terraform code to launch the various machines for the full devOps pipeline.
- The machines to be configured contain the following main tools:
- Jenkins
- Jfrog
- Sonarqube
- a Kubernetes cluster
The steps of our configuration are :
- Creation and integration of a private github repository in Jenkins
- Integration of maven in Jenkins
- Integration of SonarQube in Jenkins
- Source code analysis with Trivy
- Integration of JFrog into Jenkins, then upload of the compiled Jar file
- Docker integration in Jenkins
- Docker image creation and analysis with Trivy
- Send images to DockerHub
- Integration of Helm in Jenkins then generation of helm charts for the project
- Sending helm packages to Jfrog
- Configure Kubernetes for deployment
-
Eclipse Temurin Installer:
- This plugin enables Jenkins to automatically install and configure the Eclipse Temurin JDK (formerly known as AdoptOpenJDK).
- To install, go to Jenkins dashboard -> Manage Jenkins -> Manage Plugins -> Available tab.
- Search for "Eclipse Temurin Installer" and select it.
- Click on the "Install without restart" button.
-
Pipeline Maven Integration:
- This plugin provides Maven support for Jenkins Pipeline.
- It allows you to use Maven commands directly within your Jenkins Pipeline scripts.
- To install, follow the same steps as above, but search for "Pipeline Maven Integration" instead.
-
Config File Provider:
- This plugin allows you to define configuration files (e.g., properties, XML, JSON) centrally in Jenkins.
- These configurations can then be referenced and used by your Jenkins jobs.
- Install it using the same procedure as mentioned earlier.
-
SonarQube Scanner:
- SonarQube is a code quality and security analysis tool.
- This plugin integrates Jenkins with SonarQube by providing a scanner that analyzes code during builds.
- You can install it from the Jenkins plugin manager as described above.
-
Kubernetes CLI:
- This plugin allows Jenkins to interact with Kubernetes clusters using the Kubernetes command-line tool (
kubectl). - It's useful for tasks like deploying applications to Kubernetes from Jenkins jobs.
- Install it through the plugin manager.
- This plugin allows Jenkins to interact with Kubernetes clusters using the Kubernetes command-line tool (
-
Kubernetes:
- This plugin integrates Jenkins with Kubernetes by allowing Jenkins agents to run as pods within a Kubernetes cluster.
- It provides dynamic scaling and resource optimization capabilities for Jenkins builds.
- Install it from the Jenkins plugin manager.
-
Docker:
- This plugin allows Jenkins to interact with Docker, enabling Docker builds and integration with Docker registries.
- You can use it to build Docker images, run Docker containers, and push/pull images from Docker registries.
- Install it from the plugin manager.
-
Docker Pipeline Step:
- This plugin extends Jenkins Pipeline with steps to build, publish, and run Docker containers as part of your Pipeline scripts.
- It provides a convenient way to manage Docker containers directly from Jenkins Pipelines.
- Install it through the plugin manager like the others.
-
pipeline-utility-steps
- plugin that allow you to read pom file so that you can get the version of the application defined in the pom.xml file.
After installing these plugins, you may need to configure them according to your specific environment and requirements. This typically involves setting up credentials, configuring paths, and specifying options in Jenkins global configuration or individual job configurations. Each plugin usually comes with its own set of documentation to guide you through the configuration process.
- Generate the Sonar Token from the sonar server : Administration -> security -> user -> token
- create the sonar token in jenkins
- Jenkins -> MAnage Jenkins -> System
- then configure the sonar server section
- configure the webhook in sonar : Administration -> Configuration -> Webhook -> then click on create :
- name : type the name
- url : http://34.212.42.72:8080/sonarqube-webhook/
- create the Jfrog authentication in Jenkins :
- jenkins -> manage jenkins -> credentials
- add your Jfrog username and password
- change the ARTIFACT_URL variable with your own repo
* Create the personal access token in Dockerhub
* login -> Account Setting -> personal-access-tokens -> Generate
* Create credential in jenkins with this personal access token value and use it
-
Install helm in the jenkins server if is not :
sudo apt update sudo snap install helm --classic- Instal yq that can allow to modifry the content of yml file
sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/local/bin/yq &&sudo chmod +x /usr/local/bin/yq# yq -i '.image.repository = "172.16.00.00"' values.yaml- Generate the chart using heml command
helm create app_deploy
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
pipeline {
agent any
tools {
jdk 'jdk17'
maven 'maven3'
}
enviornment {
SCANNER_HOME= tool 'sonar-scanner'
}
stages {
stage('Git Checkout') {
steps {
git branch: 'main', credentialsId: 'git-cred', url: 'https://github.com/jaiswaladi246/Boardgame.git'
}
}
stage('Compile') {
steps {
sh "mvn compile"
}
}
stage('Test') {
steps {
sh "mvn test"
}
}
stage('File System Scan') {
steps {
sh "trivy fs --format table -o trivy-fs-report.html ."
}
}
stage('SonarQube Analsyis') {
steps {
withSonarQubeEnv('sonar') {
sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=BoardGame -Dsonar.projectKey=BoardGame \
-Dsonar.java.binaries=. '''
}
}
}
stage('Quality Gate') {
steps {
script {
waitForQualityGate abortPipeline: false, credentialsId: 'sonar-token'
}
}
}
stage('Build') {
steps {
sh "mvn package"
}
}
stage('Publish To Nexus') {
steps {
withMaven(globalMavenSettingsConfig: 'global-settings', jdk: 'jdk17', maven: 'maven3', mavenSettingsConfig: '', traceability: true) {
sh "mvn deploy"
}
}
}
stage('Build & Tag Docker Image') {
steps {
script {
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
sh "docker build -t adijaiswal/boardshack:latest ."
}
}
}
}
stage('Docker Image Scan') {
steps {
sh "trivy image --format table -o trivy-image-report.html adijaiswal/boardshack:latest "
}
}
stage('Push Docker Image') {
steps {
script {
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
sh "docker push adijaiswal/boardshack:latest"
}
}
}
}
stage('Deploy To Kubernetes') {
steps {
withKubeConfig(caCertificate: '', clusterName: 'kubernetes', contextName: '', credentialsId: 'k8-cred', namespace: 'webapps', restrictKubeConfigAccess: false, serverUrl: 'https://172.31.8.146:6443') {
sh "kubectl apply -f deployment-service.yaml"
}
}
}
stage('Verify the Deployment') {
steps {
withKubeConfig(caCertificate: '', clusterName: 'kubernetes', contextName: '', credentialsId: 'k8-cred', namespace: 'webapps', restrictKubeConfigAccess: false, serverUrl: 'https://172.31.8.146:6443') {
sh "kubectl get pods -n webapps"
sh "kubectl get svc -n webapps"
}
}
}
}
post {
always {
script {
def jobName = env.JOB_NAME
def buildNumber = env.BUILD_NUMBER
def pipelineStatus = currentBuild.result ?: 'UNKNOWN'
def bannerColor = pipelineStatus.toUpperCase() == 'SUCCESS' ? 'green' : 'red'
def body = """
<html>
<body>
<div style="border: 4px solid ${bannerColor}; padding: 10px;">
<h2>${jobName} - Build ${buildNumber}</h2>
<div style="background-color: ${bannerColor}; padding: 10px;">
<h3 style="color: white;">Pipeline Status: ${pipelineStatus.toUpperCase()}</h3>
</div>
<p>Check the <a href="${BUILD_URL}">console output</a>.</p>
</div>
</body>
</html>
"""
emailext (
subject: "${jobName} - Build ${buildNumber} - ${pipelineStatus.toUpperCase()}",
body: body,
to: '[email protected]',
from: '[email protected]',
replyTo: '[email protected]',
mimeType: 'text/html',
attachmentsPattern: 'trivy-image-report.html'
)
}
}
}
}