medium_com__@21harsh12_devsecops-devops-project-deploying-a-petshop-java-based-application-with-ci-cd-docker-and-e737d3a5501b

Sign up
Search
DevSecOps (DevOps) Project:

Deploying a Petshop Java-Based
Application with CI/CD, Docker, and
Kubernetes
Harshit Gupta · Follow
17 min read · Jun 15, 2024
19
Sign up to discover human stories that deepen your understanding of the world.
Membership
Free
Access the best member-only stories.
Distraction-free reading. No ads. Support independent authors.
Organize your knowledge with lists and

Listen to audio narrations. Read
highlights.
offline.
Tell your story. Find your audience.
Join the Partner Program and earn for your
writing.
Sign up for free
Try for $5/month

Dwight The Legend !!!
Introduction
In this blog, I will walk you through the process of deploying a Petshop
Membership
Java- Based Application using Jenkins as a CI/CD tool. This deployment
utilizes
Free Docker for containerization, Kubernetes for container
orchestration, and incorporates various security measures and
automation tools like Terraform, SonarQube, Trivy, and Ansible. This
project showcases a comprehensive approach Listen
highlights. to modern application
to audio narrations. Read
deployment, emphasizing automation, security,

and scalability.
offline.

writing.
Throughout this project, I faced and solved numerous challenges
independently, which significantly enhanced my problem-solving skills and
deepened my understanding of the technologies involved.🔍🛠
Special thanks to Ajay Kumar Yegireddi for providing the project and his
detailed blog, which was instrumental in helping me complete this project
successfully.
This project was an incredible learning experience, providing hands-on

practice with a variety of tools and technologies critical for modern DevOps
practices. I’m excited to share my work and look forward to any feedback or
questions you might have! 💬
Warning⚠
Before proceeding, ensure you read and understand the code properly. Make
necessary changes to variables such as GitHub repository URLs,
credentials, DockerHub usernames etc. Failure to update these variables
can affect the deployment process. Always double-check configurations and
ensure they align with your environment.
Membership
Project
Free
Overview
The goal of this project is to deploy a Java-based Petshop application in a
secure, scalable, and automated manner. Here are the key components and
tools used: Listen to audio narrations. Read
highlights.
offline.
Jenkins for Continuous Integration and Continuous
Join the Partner Deployment
Program and earn for your
(CI/CD) writing.
Docker for containerizing the application
Kubernetes for orchestrating the containers
Terraform for Infrastructure as Code (IaC)
SonarQube for static code analysis and quality assurance

Trivy for container security scanning
Ansible for configuration management
CI/CD Pipeline for Petshop Java-Based Application Deployment

The Continuous Integration/Continuous Deployment (CI/CD) pipeline is
a crucial component in modern software development, enabling teams to
deliver high-quality software efficiently and reliably. Below is an
explanation of the CI/CD pipeline for the Petshop Java-Based Application,
illustrated in the provided image.
Membership
Free

highlights.
offline.
Pipeline Overview
1. Dev Team: The development team writes and commits code to a
writing.
shared repository.
2. GitHub: The code repository where the project is hosted. Developers

commit their code changes to GitHub.
3. Jenkins: The CI/CD tool that automates the build, test, and deployment
processes. Jenkins listens for code commits and triggers the pipeline.
4. Maven: Used for building and compiling the Java application.
5. Dependency-Check: A tool that scans for vulnerable dependencies

during the build process.
6. Ansible: Manages configurations and deployment using playbooks,

integrating with Docker.
7. Docker: Containerizes the application for consistent environments

across development, testing, and production.
8. SonarQube: Performs static code analysis to ensure code quality and

security.
9. Trivy: Scans Docker images for vulnerabilities to maintain secure

deployments.
10. Kubernetes: Orchestrates the deployment of containerized applications,

Sign upmanaging
to discoverscaling
humanand operations.
stories that deepen your understanding of the world.
Detailed Pipeline Explanation

Membership
1. Commit to GitHub:
Free
• Action: Developers write code and commit their
Access changes
the best member-onlyto the GitHub
stories.
repository.
• Importance: Centralized
Organize your knowledge with lists and code management ensures version control and
highlights.
collaboration.
offline.
2. Jenkins Build Trigger: Join the Partner Program and earn for your
• Action: Jenkins monitors the GitHub repository
writing. for new commits.
When a new commit is detected, Jenkins triggers the pipeline.

• Importance: Automates the integration process, reducing manual
intervention and speeding up development cycles.
3. Maven Build:
•Action: Jenkins uses Maven to build the project. Maven compiles the
code and packages it into a deployable format (e.g., a JAR file).
•Importance: Ensures that the application can be consistently built
from source code.
4. Dependency-Check:
•Action: Maven integrates with Dependency-Check to scan
for vulnerabilities in the project’s dependencies.
•Importance: Identifies and mitigates potential security risks in third-
party libraries early in the development process.
5. Ansible Docker Playbook:

• Action: Ansible playbooks automate the setup of Docker containers.
Jenkins uses Ansible to ensure that the Docker environment is correctly
configured.
• Importance: Simplifies environment setup and configuration
management, ensuring consistency across different environments.
Sign up to discover
6. Docker human stories that deepen your understanding of the world.
Containerization:
• Action: The application is containerized using Docker, which
packages the application and its dependencies into a container.
Membership
• Importance: Containers provide a consistent runtime environment,
reducing
Free issues related to “works on my machine” syndrome.
7. Maven Compile
Distraction-free reading.and
No ads.Test: Support independent authors.
• Action: Maven compiles the code and runs tests to verify that the
application
highlights. works as expected.
offline.
• Importance:
Tell your story. FindAutomated
your audience. testing ensures that code changes do not
introduce new bugs.
writing.
8. SonarQube Analysis:
• Action: Jenkins integrates with SonarQube to perform static code
analysis, checking for code quality and security issues.
•Importance: Maintains high code quality and security standards,
ensuring that the application is reliable and maintainable.
9. Trivy Security Scan:

•Action: Trivy scans Docker images for known vulnerabilities
before deployment.
•Importance: Ensures that the deployed containers are secure and free
from critical vulnerabilities.
10. Kubernetes Deployment:

•Action: Jenkins deploys the containerized application to a Kubernetes
cluster.
•Importance: Kubernetes manages the deployment, scaling, and
operations of the application, ensuring high availability and reliability.
The Main Question: Why This CI/CD Pipeline is Necessary???

Automation: Automates the entire build, test, and deployment process,
reducing manual effort and increasing efficiency.
Consistency: Ensures that the application behaves the same way in
development, testing, and production environments.
Membership
Quality Assurance: Integrates tools like SonarQube and Dependency-
Free
Check to maintain code quality and security.
Security: Uses
Distraction-free Trivy
reading. No ads.to scan for vulnerabilities,
Supportensuring that only secure
independent authors.
images
Organize are deployed.
your knowledge with lists and
highlights.
Scalability: Deploys the application on Kubernetes,
offline. enabling it to scale
seamlessly based on demand. Join the Partner Program and earn for your
writing.
Reliability: Automated testing and analysis ensure that new code
changes do not break the application, maintaining its reliability.
In conclusion, this CI/CD pipeline is essential for delivering a robust,

secure, and scalable Petshop Java-Based Application. By automating the
entire process, it ensures that the application is always in a deployable
state, with high code quality and security standards maintained
throughout the development lifecycle.
Why Docker and Kubernetes(K8s) both?

Using both Docker and Kubernetes together in a CI/CD pipeline brings a
combination of benefits that leverage the strengths of each technology.
Here’s an explanation of why both are used in the context of deploying a
Petshop Java-Based Application:
Docker: Containerization
1. Consistent Environment: Docker packages applications with all their
dependencies into containers. This ensures that the application runs the
same way regardless of where it is deployed, eliminating the “works on
my machine” problem.
2. Isolation: Containers provide process isolation, which means that each

Sign upapplication
to discover runs
humanin stories
its ownthat
environment without
deepen your interfering
understanding with
of the others.
world.
This isolation improves security and reliability.
3. Lightweight: Docker containers are lightweight and start quickly

Membership
compared to virtual machines, making them ideal for microservices and
modern
Free application architectures.
4. Portability:
Distraction-free Containers
reading. No ads. can run on any system that
Support supports
independent authors. Docker,
providing portability across different environments (development,

testing,
highlights.production).
offline.
Kubernetes: Orchestration Join the Partner Program and earn for your
writing.
1. Scalability: Kubernetes automates the scaling of applications based on
demand. It can automatically increase or decrease the number of
running containers to handle varying loads.
2. Load Balancing: Kubernetes provides built-in load balancing to
distribute traffic across multiple containers, ensuring high availability
and performance.
3. Self-Healing: Kubernetes can automatically restart failed containers,

replace containers, and reschedule containers when nodes fail, ensuring
the application remains available.
4. Automated Deployment: Kubernetes manages the deployment of

containers, making rolling updates and rollbacks easier. This ensures
smooth and uninterrupted application updates.
5. Resource Management: Kubernetes efficiently manages resources like

CPU and memory across the cluster, optimizing utilization and
performance.
Combined Benefits
1. Development to Production: Docker is ideal for packaging and running
individual applications during development. Kubernetes takes these
Docker containers and provides the infrastructure to run them reliably
at scale in production.
2. Microservices Architecture: Using Docker for individual microservices

Membership
and Kubernetes to manage these microservices allows for a flexible,
Free
scalable, and resilient architecture.
3. Complex Applications: For applications with multiple components (like
the Petshop Java-Based Application), Kubernetes
highlights.
Listen to audiocan orchestrate
narrations. Read the
deployment of each component, manage offline.
their interdependencies,
and ensure they work together seamlessly.
writing.
4. CI/CD Integration: In a CI/CD pipeline, Docker ensures that the same
containerized application is tested and deployed across different stages.
Kubernetes ensures that the deployment to production is managed,
scalable, and resilient.
Example Workflow
Containerization with Docker:

•Developers write code and build a Docker image for the application.
•This Docker image includes the application and all its dependencies, ensuring
it runs consistently across different environments.
Orchestration with Kubernetes:

•The Docker image is pushed to a container registry.
•Kubernetes pulls the Docker image from the registry and deploys it to a cluster.
•Kubernetes manages the scaling, load balancing, and self-healing of
the application.
:::Detailed Step-by-Step Guide:::
Step 1: Create an Ubuntu (22.04) T2 Large Instance using Terraform

I am using Terraform IaC to launch an EC2 instance on AWS rather than
doing traditionally, so I assume you know how to set up AWS CLI and use
a Terraform. Create a main.tf file with the following Terraform
configuration to provision an AWS EC2 instance:
Membership
Free
# Distraction-free
Provider configuration
reading. No ads. Support independent authors.
provider "aws" {
Organize
region your knowledge with lists# and
= "ap-south-1" Specify the region Listen to audio narrations. Read
} highlights.
offline.
# Create a new security group that allows all inbound and outbound traffic
resource "aws_security_group" "allow_all" { Join the Partner Program and earn for your
name = "allow_all_traffic" writing.
description = "Security group that allows all inbound and outbound traffic"
ingress {
from_port =
0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port =
0
to_port = 0
protocol = "-1"
cidr_blocks =
["0.0.0.0/0"]
}
}
# Launch an EC2 instance

resource "aws_instance" "my_ec2_instance"
{ ami = "ami-0f58b397bc5c1f2e8"
instance_type = "t2.large"
key_name = "MyNewKeyPair"
security_groups = [aws_security_group.allow_all.name]
# Configure root block

device root_block_device {
volume_size = 30
}
tags = {
Name = "MyUbuntuInstance"
}
}
Initialize and apply the Terraform configuration:

Membership
Free
terraform
Distraction-free
init terraform reading. No ads. Support independent authors.
apply
highlights.
offline.
Step 2: Install Jenkins, Docker, and Trivy writing.
SSH into the EC2 instance with your key pair and run the
following commands:
# Install Jenkins
wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add -
sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ >
/etc/apt/sources. sudo apt update -y
sudo apt install jenkins -
y sudo systemctl start
jenkins sudo systemctl
enable jenkins
# Install Docker
sudo apt install apt-transport-https ca-certificates curl software-properties-
common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add
-
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $
sudo apt update -y
sudo apt install docker-ce -
y sudo usermod -aG docker $
{USER} newgrp docker
sudo chmod 777 /var/run/docker.sock
# Install Trivy
sudo apt install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key a
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main |
sud sudo apt update -y
sudo apt install trivy -y
since Apache Maven’s default proxy is 8080, we need to change the port of
Jenkins from 8080 to let’s say 8090, for that:
Membership
Free
sudo systemctl stop jenkins
sudo systemctl
Distraction-free status
reading. jenkins
No ads. Support independent authors.
cd /etc/default
sudo vi your
Organize jenkins
knowledge#chnage port HTTP_PORT=8090 and save and
with lists and
exit cd /lib/systemd/system
highlights.
sudo vi jenkins.service #change Environments="Jenkins_port=8090"
offline. save and exit
Tell your
sudo story. Finddaemon-reload
systemctl your audience.
sudo systemctl restart jenkins Join the Partner Program and earn for your
sudo systemctl status jenkins writing.
Now, grab your Public IP Address

<EC2 Public IP Address:8090> # for jenkins password
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
# change the password once you set up jenkins server
After the docker installation, we create a SonarQube container:

Membership
Free
docker run -d --name sonar -p 9000:9000 sonarqube:lts-community

highlights.
Now our SonarQube is up and running. offline.
Enter username and password, click on login and
Join thechange password
Partner Program and earn for your
writing.
username
admin password
admin
Step 3: Install Plugins in Jenkins
In Jenkins, navigate to Manage Jenkins -> Available Plugins and install the
following plugins:
Sign upJDK (Eclipse Temurin Installer)

to discover human stories that deepen your understanding of the world.
SonarQube Scanner
Maven
Membership
OWASP
Free Dependency Check

Configure Java and Maven in Global Tool Configuration
Go toOrganize
Manage Jenkins
your knowledge listsTools
with→ and → Install JDK(17) and
Listen Maven3(3.6.0)
to audio narrations. Read → Click
highlights.
on Apply and Save offline.
writing.
Membership
Free

highlights.
offline.
writing.
Create a New Job with a Pipeline option: Membership
Free

highlights.
offline.
writing.
Pipeline script:
pipeline{
agent
any
tools {
jdk 'jdk17'
maven
'maven3'
}
stages{
stage ('clean Workspace'){
steps{
cleanWs()
}
}
stage ('checkout scm') {
steps {
git 'https://github.com/<your-java-project-repo-or-fork-one>' #https
}
}
stage ('maven compile') {
steps {
sh 'mvn clean compile'
}
}
stage ('maven Test') {
steps {
sh 'mvn test'
}
}
}
Membership
Free

highlights.
offline.
writing.
Step 4: Configure SonarQube Server in Jenkins
Retrieve the Public IP Address of your EC2 instance. Since SonarQube
operates on Port 9000, you can access it via <Public IP>:9000 .
To proceed, navigate to your SonarQube server, then follow these steps:
Click on Administration → Security → Users → Tokens. Next, update and
copy the token by providing a name and clicking on Generate Token.
Go to the Jenkins Dashboard, then navigate to Manage Jenkins →

Credentials
→ Add Secret Text. The screen should look like this:
Membership
Free

highlights.
offline.
writing.
Next, go to the Jenkins Dashboard, then navigate to Manage Jenkins →

System, and add the necessary configuration as shown in the image below.
Click on apply and save
Now, we will install a sonar scanner in the tools.
Membership
Free

highlights.
offline.
writing.
Click on apply and save
In the SonarQube Dashboard, add a quality gate by navigating to

Administration → Configuration → Webhooks.
Add details
#Name- jenkins
#in url section of quality gate
<http://jenkins-public-ip:8090>/sonarqube-webhook/
#leave the secret box blank
Now add this script in pipeline (Dashboard→ petstore→

Membership
configuration) and
test the steps of SonarQube which we did:
Free
Organizetools
#under your knowledge
section withadd
lists and
this environment Listen to audio narrations. Read
highlights.
environment {
SCANNER_HOME=tool 'sonar-scanner' offline.
}
# in stages add this Join the Partner Program and earn for your
stage("Sonarqube Analysis "){ writing.
steps{
withSonarQubeEnv('sonar-server') {
sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Petsh
-Dsonar.java.binaries=. \
-Dsonar.projectKey=Petshop '''
}
}
}
stage("quality gate"){ steps {
script {
waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-tok
}
}
}
Apply, save and build. Now, go to your SonarQube Server and go to project:
you can see the result
Step 5: Install OWASP Dependency Check Plugins

Go to the Jenkins Dashboard, then click on Manage Jenkins → Plugins. Find
the OWASP Dependency-Check plugin, click on it, and install it without
requiring a restart.
Membership
Free
After installing the plugin, proceed to configure thethetool
Access by navigating
best member-only stories. to
Dashboard → Manage
Distraction-free Jenkins → Tools →.
reading. No ads. Support independent authors.

highlights.
offline.
writing.
apply and save
SignAdd
up tothe script of OWASP in pipeline now:
discover human stories that deepen your understanding of the world.
stage ('Build war file'){ Membership

steps{
Free sh 'mvn clean install -DskipTests=true'
} Access the best member-only stories.
}
stage("OWASP Dependency Check")
{ steps{
highlights. dependencyCheck additionalArguments: '--scan ./ --format XML ',
odcI dependencyCheckPublisher pattern: '**/dependency-check-
offline.
Tell your story. Findreport.xml'
your audience.
} Join the Partner Program and earn for your
} writing.
Apply, save and build.

You can see the report,
Membership
Free

highlights.
offline.
writing.
tired???
Step 6: Docker Set-up
In Jenkins, navigate to Manage Jenkins -> Available Plugins and install
these:
- Docker
- Docker Commons
- Docker Pipeline
- Docker API
- docker-build-step
Now, go to Dashboard → Manage Jenkins → Tools →
apply and save

Membership
Free
Add DockerHub Username and Password (Access Token) in stories.
Access the best member-only
Global Credentials:

highlights.
offline.
writing.
Step 7: Adding Ansible Repository and Install Ansible
Connect to your instance via SSH and run this commands, to install Ansible
on your server:
sudo apt update -y
sudo apt install software-properties-common -y
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible -y
sudo apt install ansible-core -y Membership
ansible --version #to check if it installed properly or not
Free
To add inventory
Organize you
your knowledge withcan create a new directory
lists and or add in the default
highlights.
Ansible hosts file
offline.
writing.
cd
/etc/ansible
sudo vi hosts
[local]
<Ip-of-Jenkins>
save and exit.
Install Ansible Plugins by navigating to Manage Jenkins -> Available

Plugins.
Now add Credentials to invoke Ansible with Jenkins.
Membership
In the
FreePrivate key section, paste your .pem key file content directly.
CheckDistraction-free
your Ansible reading. No ads.
path on the server by, Support independent authors.

highlights.
offline.
which ansible Join the Partner Program and earn for your
writing.
copy the path and paste it here:

Now, create an Ansible playbook that builds a Docker image, tags it, pushes
it to Docker Hub, and then deploys it in a container using Ansible.
It is already in github repo but you need to modify with your

DockerHub
credentials:
Membership
Free

highlights.
offline.
writing.
Include this stage in the pipeline to build the Docker image, push it to
Docker Hub, and run the container:
stage('Install Docker') {
steps {
dir('Ansible'){ script {
ansiblePlaybook credentialsId: 'ssh', disableHostKeyCheckin
}
}
}
}
Now after build process of the pipeline you would be able to see the result
of web application by visiting the below url:
<jenkins-ip:8081>/jpetstore
Membership
Free

highlights.
offline.
writing.
Step 8: Kubernetes Setup

Create two instance for Kubernetes Master-Slave set up, you can use the
below terraform code or create traditionally by using AWS Console:
# Provider configuration
provider "aws" {
region = "ap-south-1" # Specify the region
}
# Create a new security group that allows all inbound and outbound traffic
resource "aws_security_group" "allow_all" {
name = "allow_all_traffic"
description = "Security group that allows all inbound and outbound traffic"
ingress {
from_port =
0
to_port = 0
protocol = "-1"
cidr_blocks =
["0.0.0.0/0"]
}
egress {
from_port =
0
to_port = 0
protocol = "-1"
cidr_blocks =
["0.0.0.0/0"]
}
}
Sign up #resource
toLaunch
discover human stories that deepen your understanding of the world.
the first EC2 instance
"aws_instance" "my_ec2_instance1" {
ami = "ami-0f58b397bc5c1f2e8" # Ensure this AMI ID is valid for
your r instance_type = "t2.medium"
Membership
Free
# Root block device with default size (8 GB for most Linux AMIs)
root_block_device { Access the best member-only stories.
volume_size = 8
}
tags = { Listen to audio narrations. Read
highlights.
Name = "k8s-master"
offline.
Tell
} your story. Find your audience.
} Join the Partner Program and earn for your
writing.
# Launch the second EC2 instance
resource "aws_instance" "my_ec2_instance2" {
ami = "ami-0f58b397bc5c1f2e8" # Ensure this AMI ID is valid for
your r instance_type = "t2.medium"
}
tags = {
Name = "k8s-slave"
}
Install Kubectl and Minikube on Jenkins machine,
# Install kubectl
sudo apt-get update
sudo apt-get install -y apt-transport-https gnupg2 curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add
- echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee
/etc/apt/sou sudo apt-get update
sudo apt-get install -y kubectl
kubectl version --client
# Install Minikube
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd6
sudo install minikube-linux-amd64 /usr/local/bin/minikube
minikube start
for simplicity, connect both newly created instance via SSH in side-by-side
Membership
terminal and change their hostname to master and worker, we can do by
Free
using this command: Access the best member-only stories.

highlights.
sudo su
offline.
Tell your story.
hostname masterFind #and
your audience.
worker in second one
bash Join the Partner Program and earn for your
clear writing.
Now run this commands in both master and worker node:

sudo apt-get update
sudo apt-get install -y docker.io

sudo usermod –aG docker Ubuntu
newgrp docker
sudo chmod 777 /var/run/docker.sock
sudo curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key

ad sudo tee /etc/apt/sources.list.d/kubernetes.list <<EOF
deb https://apt.kubernetes.io/ kubernetes-xenial
main EOF
sudo apt-get update
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --
dear sudo apt update
sudo apt install -y kubelet kubeadm
kubectl sudo snap install kube-apiserver
Membership
Free

highlights.
In master instance, offline.
writing.
sudo kubeadm init --pod-network-cidr=10.244.0.0/16

# in case your in root exit from it and run below
commands mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentati
In worker instance,
sudo kubeadm join <master-node-ip>:<master-node-port> --token <token> --discovery-to
Copy the config file to Jenkins master or the local file manager and save it,
you can find it in master node by,
cd /.kube
cat
config
copy it and save it in documents or another folder save it as secret-file.txt.
Install k8s plugins in jenkin, Membership
Free

highlights.
offline.
writing.
Now, go to Manage Jenkins –> Credentials –>System–> Global Credential–
> Add Credentials
Step 9: Master-Slave Setup for Ansible and Kubernetes

To enable communication with the Kubernetes clients, we need to create an
SignSSH
up tokey on the human
discover Ansiblestories
node that
and deepen
share ityour
withunderstanding
the Kubernetes
ofmaster
the world.
system.
On main (on which we are running jenkin, notMembership

the master-worker) instance,
Free

ssh-keygen
highlights.
offline.
writing.
Change the directory to .ssh and copy the public key (id_rsa.pub)
cd .ssh
cat id_rsa.pub #copy this public key
Membership
Freecopying the public key from the Ansible Main, navigate to the
After .ssh
directory on the Kubernetes master machine and
Distraction-free reading. No ads.
paste the copied public
Support independent authors.
key into the authorized_keys file.
highlights.
offline.
cd .ssh #on k8s master
writing.
sudo vi authorized_keys
Note: Add the copied public key as a new line in the authorized_keys file
without deleting any existing keys, then save and exit.
By adding the public key from the main to the Kubernetes machine, keyless
access is now configured. To verify, try accessing the Kubernetes master
using the following command format.
ssh ubuntu@<public-ip-k8s-master>
Now, open the hosts file on the Ansible server and add the public IP of the
Kubernetes master.
SignPlease
up to discover
note that human stories that deepen
here Ansible-master your
referring to understanding of the we
Main instance which world.
created first in this project and the other ones are k8s-master and k8s-slave.
Membership
Free
[k8s]
public ip of k8s-master

highlights.
Test Ansible Master Slave Connection
offline.
writing.
ansible -m ping all #on main instance
Add the stage in pipeline and build the job:

stage('k8s using ansible'){
steps{
dir('Ansible') { script{
ansiblePlaybook credentialsId: 'ssh', disableHostKeyChecking
}
}
}
}
In the Kubernetes cluster give this command
kubectl get all

kubectl get svc
<slave-ip:serviceport(30699)>/jpetstore
# port may vary, you can check it from the above cmd (kubectl get
all)
Membership
Free

highlights.
offline.
writing.
Complete Pipeline:
pipeline{
agent any
tools {
jdk 'jdk17'
maven
'maven3'
}
environment {
SCANNER_HOME=tool 'sonar-scanner'
}
stages{
stage ('clean Workspace'){
steps{
cleanWs()
}
}
stage ('checkout scm') {
steps {
git 'https://github.com/your-github-repo'
}
}
stage ('maven compile') {
steps {
sh 'mvn clean compile'
}
stage ('maven Test')
{ steps {
sh 'mvn test'
}
}
stage("Sonarqube Analysis "){
steps{
withSonarQubeEnv('sonar-server') {
sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Petst
-Dsonar.java.binaries=. \
-Dsonar.projectKey=Petstore '''
} Membership
}
Free
} Access the best member-only stories.
stage("quality gate")
Distraction-free{reading.
stepsNo{ads. Support independent authors.
script {
Organize your knowledgewaitForQualityGate
with lists and abortPipeline: false,
Listen to audiocredentialsId:
narrations. Read 'Sonar-tok
highlights. }
} offline.
}
stage ('Build war file'){ Join the Partner Program and earn for your
steps{ writing.
sh 'mvn clean install -DskipTests=true'
}
}
stage("OWASP Dependency Check")
{ steps{
dependencyCheck additionalArguments: '--scan ./ --format XML ',
odcI dependencyCheckPublisher pattern: '**/dependency-check-
report.xml'
}
stage('Ansible docker Docker') {
steps {
dir('Ansible')
{ script {
}
}
}
}
stage('k8s using ansible'){
steps{
dir('Ansible') {
script{
}
}
}
}
}
}
Conclusion
By following these steps, we successfully deployed a Java-based Petshop
application using Jenkins, Docker, Kubernetes, Terraform, SonarQube,
Trivy, and Ansible. This project not only demonstrates a comprehensive
approach to modern application deployment but also highlights the
Membership
importance of automation and security in the DevOps pipeline.
Free
This journey has

Distraction-free been
reading. a valuable learning experience,
No ads. fromauthors.
Support independent infrastructure
provisioning
Organize yourto continuous
knowledge with lists andintegration and deployment, containerization,
highlights.
orchestration, and ensuring robust security measures. I hope this detailed
offline.
guideTell
helps youFind
your story. inyour
your own deployment projects and inspires you to
audience.
explore the powerful tools and techniques in the DevSecOps realm.
writing.
Connect to me, if you have any query, want to share or suggest me anything,
here’s my Portfolio or dm me on LinkedIn.
Stay tuned and follow me for more chapters of my odyssey, my projects,
cybersec stories, and write-ups and also thank you for being part of my
story! 🚀
Let’s continue to strengthen our skills and build secure, scalable
applications together!
#DevOps #DevSecOps #CI #CD #AWS #Terraform #Jenkins #Docker
Membership
#Kubernetes
Free #SecurityAutomation #SonarQube #Trivy #Ansible

DevOps
highlights. Devsecops Docker Kubernetes Jenkins
offline.
19
writing.
Follow
Written by Harshit Gupta
33 Followers
Just a cybersec guy !!!
More from Harshit Gupta
Harshit Gupta Harshit Gupta
Deploy a Docker Container with An Introduction to DevSecOps:

AWS ECS and Terraform Enhancing AWS Cloud Security
Membership
Hello everyone, Hello, and welcome back to my blog! After a brief
Free
hiatus forAccess
college
theexams, I’m excitedstories.
best member-only to…
Feb 19 Distraction-free
10 reading. No ads. May 22 Support
16 independent authors.

highlights.
offline.
writing.
Harshit Gupta Harshit Gupta

Host Your Website on AWS for Free: Securing the Skies: A Journey in
S3 Bucket and CloudFront AWS Cloud Security and Beyond Hey
Hello, tech enthusiasts!!! I want to share a part of my there!!👋
experience to hosting website on AWS…
Jan 23 4 Mar 6 8 1
Recommended from Medium
Membership
Free
Yasin Emir Akbaş Szilárd Mátis in The Quantified World
Terraform Modules and import
Setup Grafana and Prometheus
Listen to Compose
with Docker audio narrations. Read
The purpose of this hands-on training is to
highlights.
provide you with knowledge of Terraform… How to run Grafana and Prometheus in
offline.
Docker
writing.
Jun 13 9 Mar 15 157 3
Lists
Coding & Development General Coding Knowledge
11 stories · 675 saves 20 stories · 1332 saves
Natural Language Processing Productivity

1546 stories · 1083 saves
241 stories · 481 saves
Treesakul Tongsaree (Prym) Rob Golder in Lydtech Consulting
Sealed Secrets: Prevent Exposure Monitoring & Alerting: Prometheus, of

Kubernetes Secret Manifests o… Grafana & Alertmanager—Part 2:…
Imagine you’re managing a Kubernetes In this second part of the series on monitoring
cluster and need to store sensitive informati… and alerting with Prometheus, Grafana and…
Sign up Jun
to13discover
4 human stories that deepen your
May 5understanding
74 1 of the world.
Membership
Free

highlights.
offline.
writing.
Golaneduard ByteCook
Configure CI/CD pipeline: GitlabCI, 10 Troubleshooting Commands for Linux

ArgoCD, HelmCharts & SOPS Systems
We are in a period where we already have a diverse 1. How to view processes consuming the most CPU?
range of solutions and options for…
May 6 16
May 11 414 1
See more recommendations
Membership
Free

highlights.
offline.
writing.

medium_com__@21harsh12_devsecops-devops-project-deploying-a-petshop-java-based-application-with-ci-cd-docker-and-e737d3a5501b

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

medium_com__@21harsh12_devsecops-devops-project-deploying-a-petshop-java-based-application-with-ci-cd-docker-and-e737d3a5501b

Uploaded by

Copyright:

Available Formats

Sign up

DevSecOps (DevOps) Project:

Distraction-free reading. No ads. Support independent authors.

Organize your knowledge with lists and

Try for $5/month

deployment, emphasizing automation, security,

Join the Partner Program and earn for your

This project was an incredible learning experience, providing hands-on

Docker for containerizing the application

Kubernetes for orchestrating the containers

Terraform for Infrastructure as Code (IaC)

SonarQube for static code analysis and quality assurance

Ansible for configuration management

CI/CD Pipeline for Petshop Java-Based Application Deployment

Distraction-free reading. No ads. Support independent authors.

Organize your knowledge with lists and

2. GitHub: The code repository where the project is hosted. Developers

4. Maven: Used for building and compiling the Java application.

5. Dependency-Check: A tool that scans for vulnerable dependencies

6. Ansible: Manages configurations and deployment using playbooks,

7. Docker: Containerizes the application for consistent environments

8. SonarQube: Performs static code analysis to ensure code quality and

9. Trivy: Scans Docker images for vulnerabilities to maintain secure

10. Kubernetes: Orchestrates the deployment of containerized applications,

Detailed Pipeline Explanation

When a new commit is detected, Jenkins triggers the pipeline.

5. Ansible Docker Playbook:

9. Trivy Security Scan:

10. Kubernetes Deployment:

The Main Question: Why This CI/CD Pipeline is Necessary???

In conclusion, this CI/CD pipeline is essential for delivering a robust,

Why Docker and Kubernetes(K8s) both?

2. Isolation: Containers provide process isolation, which means that each

3. Lightweight: Docker containers are lightweight and start quickly

providing portability across different environments (development,

3. Self-Healing: Kubernetes can automatically restart failed containers,

4. Automated Deployment: Kubernetes manages the deployment of

5. Resource Management: Kubernetes efficiently manages resources like

2. Microservices Architecture: Using Docker for individual microservices

Containerization with Docker:

Orchestration with Kubernetes:

:::Detailed Step-by-Step Guide:::

Step 1: Create an Ubuntu (22.04) T2 Large Instance using Terraform

# Launch an EC2 instance

# Configure root block

Initialize and apply the Terraform configuration:

Now, grab your Public IP Address

After the docker installation, we create a SonarQube container:

Organize your knowledge with lists and

Sign upJDK (Eclipse Temurin Installer)

Distraction-free reading. No ads. Support independent authors.

Distraction-free reading. No ads. Support independent authors.

Organize your knowledge with lists and

Create a New Job with a Pipeline option: Membership

Distraction-free reading. No ads. Support independent authors.

Organize your knowledge with lists and

Distraction-free reading. No ads. Support independent authors.

Organize your knowledge with lists and

Go to the Jenkins Dashboard, then navigate to Manage Jenkins →

Distraction-free reading. No ads. Support independent authors.

Organize your knowledge with lists and

Next, go to the Jenkins Dashboard, then navigate to Manage Jenkins →

Now, we will install a sonar scanner in the tools.

Distraction-free reading. No ads. Support independent authors.