{"id":26104274,"url":"https://github.com/imsalmanmalik/devsecops-project-netflix-deployment","last_synced_at":"2026-04-09T17:04:56.484Z","repository":{"id":281398145,"uuid":"945149896","full_name":"imsalmanmalik/DevSecOps-Project-Netflix-Deployment","owner":"imsalmanmalik","description":"Deploy a Netflix clone application using a secure CI/CD pipeline built with Jenkins, Docker 🐳 , and Kubernetes ☸️. This project includes implementing code quality and security tools (SonarQube, Trivy), as well as monitoring solutions (Prometheus, Grafana) to ensure reliability and visibility","archived":false,"fork":false,"pushed_at":"2025-03-08T19:52:20.000Z","size":0,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-08T20:27:24.827Z","etag":null,"topics":["aws","devops","devsecops","devsecops-pipeline","docker","eks-cluster","grafana","jenkins","kubernetes","monitoring","networking","node-exporter","owasp-dependencycheck","prometheus","security","sonarqube","static-code-analysis","trivy-scan"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/imsalmanmalik.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-08T19:15:33.000Z","updated_at":"2025-03-08T20:03:13.000Z","dependencies_parsed_at":"2025-03-08T20:39:05.169Z","dependency_job_id":null,"html_url":"https://github.com/imsalmanmalik/DevSecOps-Project-Netflix-Deployment","commit_stats":null,"previous_names":["imsalmanmalik/devsecops-project-netflix-deployment"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imsalmanmalik%2FDevSecOps-Project-Netflix-Deployment","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imsalmanmalik%2FDevSecOps-Project-Netflix-Deployment/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imsalmanmalik%2FDevSecOps-Project-Netflix-Deployment/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imsalmanmalik%2FDevSecOps-Project-Netflix-Deployment/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/imsalmanmalik","download_url":"https://codeload.github.com/imsalmanmalik/DevSecOps-Project-Netflix-Deployment/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242750785,"owners_count":20179257,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","devops","devsecops","devsecops-pipeline","docker","eks-cluster","grafana","jenkins","kubernetes","monitoring","networking","node-exporter","owasp-dependencycheck","prometheus","security","sonarqube","static-code-analysis","trivy-scan"],"created_at":"2025-03-09T21:01:17.924Z","updated_at":"2025-12-30T20:05:10.775Z","avatar_url":"https://github.com/imsalmanmalik.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"./public/assets/DevSecOps.png\" alt=\"Logo\" width=\"100%\" height=\"100%\"\u003e\n\n  \u003cbr\u003e\n  \u003ca href=\"http://netflix-clone-with-tmdb-using-react-mui.vercel.app/\"\u003e\n    \u003cimg src=\"./public/assets/netflix-logo.png\" alt=\"Logo\" width=\"100\" height=\"32\"\u003e\n  \u003c/a\u003e\n\u003c/div\u003e\n\n\u003cbr /\u003e\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"./public/assets/home-page.png\" alt=\"Logo\" width=\"100%\" height=\"100%\"\u003e\n  \u003cp align=\"center\"\u003eHome Page\u003c/p\u003e\n\u003c/div\u003e\n\n\n# Deploy Netflix Clone on Cloud using Jenkins - DevSecOps Project!\n\nIn this project we deploy a Netflix clone application using a secure CI/CD pipeline built with Jenkins, Docker, and Kubernetes. This project includes implementing code quality and security tools (SonarQube, Trivy), as well as monitoring solutions (Prometheus, Grafana) to ensure reliability and visibility. Key components you'll explore include:\n\n### Dockerized Local Testing\n- Deploy the application in a Docker container for local testing.\n\n### Code Quality and Security Analysis\n- Set up SonarQube and Trivy for code quality analysis and security scanning.\n\n### CI/CD Pipeline with Jenkins\n- Install and configure Jenkins on Ubuntu for CI/CD automation.\n- Build Docker images within Jenkins and push them to Docker Hub.\n\n### Security Scanning\n- Use Trivy to scan Docker images for vulnerabilities.\n\n### Automated Application Deployment\n- Deploy the application to a Docker container.\n\n### Monitoring Setup\n- Install and configure Prometheus and Grafana for monitoring the application’s health and performance.\n\n### Kubernetes Cluster Deployment\n- Create a Kubernetes cluster with Amazon EKS.\n- Use ArgoCD to deploy the Netflix clone on Kubernetes for streamlined app management.\n\n### **Phase 1: Initial Setup and Deployment**\n\n**Step 1: Launch EC2 (Ubuntu 22.04):**\n\n- Provision an EC2 instance on AWS with Ubuntu 22.04.\n- Connect to the instance using SSH.\n\n**Step 2: Clone the Code:**\n\n- Update all the packages and then clone the code.\n- Clone your application's code repository onto the EC2 instance:\n    \n    ```bash\n    git clone https://github.com/imsalmanmalik/DevSecOps-Project-Netflix-Deployment.git\n    ```\n\n**Step 3: Install Docker and Run the App Using a Container:**\n\n- Set up Docker on the EC2 instance:\n    \n    ```bash\n    \n    sudo apt-get update\n    sudo apt-get install docker.io -y\n    sudo usermod -aG docker $USER  # Replace with your system's username, e.g., 'ubuntu'\n    newgrp docker\n    sudo chmod 777 /var/run/docker.sock\n    ```\n    \n- Build and run your application using Docker containers:\n    \n    ```bash\n    docker build -t netflix .\n    docker run -d --name netflix -p 8081:80 netflix:latest\n    \n    #to delete\n    docker stop \u003ccontainerid\u003e\n    docker rmi -f netflix\n    ```\n\nIt will show an error cause you need API key\n\n**Step 4: Get the API Key:**\n\n- Open a web browser and navigate to TMDB (The Movie Database) website.\n- Click on \"Login\" and create an account.\n- Once logged in, go to your profile and select \"Settings.\"\n- Click on \"API\" from the left-side panel.\n- Create a new API key by clicking \"Create\" and accepting the terms and conditions.\n- Provide the required basic details and click \"Submit.\"\n- You will receive your TMDB API key.\n\nNow recreate the Docker image with your api key:\n```\ndocker build --build-arg TMDB_V3_API_KEY=\u003cyour-api-key\u003e -t netflix .\n```\n\n**Phase 2: Security**\n\n1. **Install SonarQube and Trivy:**\n    - Install SonarQube and Trivy on the EC2 instance to scan for vulnerabilities.\n        \n        sonarqube\n        ```\n        docker run -d --name sonar -p 9000:9000 sonarqube:lts-community\n        ```\n        \n        \n        To access: \n        \n        publicIP:9000 (by default username \u0026 password is admin)\n        \n        To install Trivy:\n        ```\n        sudo apt-get install wget apt-transport-https gnupg lsb-release\n        wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -\n        echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list\n        sudo apt-get update\n        sudo apt-get install trivy        \n        ```\n        \n        to scan image using trivy\n        ```\n        trivy image \u003cimageid\u003e\n        ```\n        \n        \n2. **Integrate SonarQube and Configure:**\n    - Integrate SonarQube with your CI/CD pipeline.\n    - Configure SonarQube to analyze code for quality and security issues.\n\n**Phase 3: CI/CD Setup**\n\n1. **Install Jenkins for Automation:**\n    - Install Jenkins on the EC2 instance to automate deployment:\n    Install Java\n    \n    ```bash\n    sudo apt update\n    sudo apt install fontconfig openjdk-17-jre\n    java -version\n    openjdk version \"17.0.8\" 2023-07-18\n    OpenJDK Runtime Environment (build 17.0.8+7-Debian-1deb12u1)\n    OpenJDK 64-Bit Server VM (build 17.0.8+7-Debian-1deb12u1, mixed mode, sharing)\n    \n    #jenkins\n    sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \\\n    https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key\n    echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \\\n    https://pkg.jenkins.io/debian-stable binary/ | sudo tee \\\n    /etc/apt/sources.list.d/jenkins.list \u003e /dev/null\n    sudo apt-get update\n    sudo apt-get install jenkins\n    sudo systemctl start jenkins\n    sudo systemctl enable jenkins\n    ```\n    \n    - Access Jenkins in a web browser using the public IP of your EC2 instance.\n        \n        publicIp:8080\n        \n2. **Install Necessary Plugins in Jenkins:**\n\nGoto Manage Jenkins →Plugins → Available Plugins →\n\nInstall below plugins\n\n1 Eclipse Temurin Installer (Install without restart)\n\n2 SonarQube Scanner (Install without restart)\n\n3 NodeJs Plugin (Install Without restart)\n\n4 Email Extension Plugin\n\n### **Configure Java and Nodejs in Global Tool Configuration**\n\nGoto Manage Jenkins → Tools → Install JDK(17) and NodeJs(16)→ Click on Apply and Save\n\n\n### SonarQube\n\nCreate the token\n\nGoto Jenkins Dashboard → Manage Jenkins → Credentials → Add Secret Text. It should look like this\n\nAfter adding sonar token\n\nClick on Apply and Save\n\n**The Configure System option** is used in Jenkins to configure different server\n\n**Global Tool Configuration** is used to configure different tools that we install using Plugins\n\nWe will install a sonar scanner in the tools.\n\nCreate a Jenkins webhook\n\n1. **Configure CI/CD Pipeline in Jenkins:**\n- Create a CI/CD pipeline in Jenkins to automate your application deployment.\n\n```groovy\npipeline {\n    agent any\n    tools {\n        jdk 'jdk17'\n        nodejs 'node16'\n    }\n    environment {\n        SCANNER_HOME = tool 'sonar-scanner'\n    }\n    stages {\n        stage('clean workspace') {\n            steps {\n                cleanWs()\n            }\n        }\n        stage('Checkout from Git') {\n            steps {\n                git branch: 'main', url: 'https://github.com/imsalmanmalik/DevSecOps-Project-Netflix-Deployment.git'\n            }\n        }\n        stage(\"Sonarqube Analysis\") {\n            steps {\n                withSonarQubeEnv('sonar-server') {\n                    sh '''$SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Netflix \\\n                    -Dsonar.projectKey=Netflix'''\n                }\n            }\n        }\n        stage(\"quality gate\") {\n            steps {\n                script {\n                    waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-token'\n                }\n            }\n        }\n        stage('Install Dependencies') {\n            steps {\n                sh \"npm install\"\n            }\n        }\n    }\n}\n```\n\nCertainly, here are the instructions without step numbers:\n\n**Install Dependency-Check and Docker Tools in Jenkins**\n\n**Install Dependency-Check Plugin:**\n\n- Go to \"Dashboard\" in your Jenkins web interface.\n- Navigate to \"Manage Jenkins\" → \"Manage Plugins.\"\n- Click on the \"Available\" tab and search for \"OWASP Dependency-Check.\"\n- Check the checkbox for \"OWASP Dependency-Check\" and click on the \"Install without restart\" button.\n\n**Configure Dependency-Check Tool:**\n\n- After installing the Dependency-Check plugin, you need to configure the tool.\n- Go to \"Dashboard\" → \"Manage Jenkins\" → \"Global Tool Configuration.\"\n- Find the section for \"OWASP Dependency-Check.\"\n- Add the tool's name, e.g., \"DP-Check.\"\n- Save your settings.\n\n**Install Docker Tools and Docker Plugins:**\n\n- Go to \"Dashboard\" in your Jenkins web interface.\n- Navigate to \"Manage Jenkins\" → \"Manage Plugins.\"\n- Click on the \"Available\" tab and search for \"Docker.\"\n- Check the following Docker-related plugins:\n  - Docker\n  - Docker Commons\n  - Docker Pipeline\n  - Docker API\n  - docker-build-step\n- Click on the \"Install without restart\" button to install these plugins.\n\n**Add DockerHub Credentials:**\n\n- To securely handle DockerHub credentials in your Jenkins pipeline, follow these steps:\n  - Go to \"Dashboard\" → \"Manage Jenkins\" → \"Manage Credentials.\"\n  - Click on \"System\" and then \"Global credentials (unrestricted).\"\n  - Click on \"Add Credentials\" on the left side.\n  - Choose \"Secret text\" as the kind of credentials.\n  - Enter your DockerHub credentials (Username and Password) and give the credentials an ID (e.g., \"docker\").\n  - Click \"OK\" to save your DockerHub credentials.\n\nNow, you have installed the Dependency-Check plugin, configured the tool, and added Docker-related plugins along with your DockerHub credentials in Jenkins. You can now proceed with configuring your Jenkins pipeline to include these tools and credentials in your CI/CD process.\n\n```groovy\n\npipeline {\n    agent any\n    tools {\n        jdk 'jdk17'\n        nodejs 'node16'\n    }\n    environment {\n        SCANNER_HOME = tool 'sonar-scanner'\n    }\n    stages {\n        stage('Clean Workspace') {\n            steps {\n                cleanWs()\n            }\n        }\n        stage('Checkout from Git') {\n            steps {\n                git branch: 'main', url: 'https://github.com/imsalmanmalik/DevSecOps-Project-Netflix-Deployment.git'\n            }\n        }\n        stage('Sonarqube Analysis') {\n            steps {\n                withSonarQubeEnv('sonar-server') {\n                    sh '''\n                        $SCANNER_HOME/bin/sonar-scanner \\\n                          -Dsonar.projectName=Netflix \\\n                          -Dsonar.projectKey=Netflix\n                    '''\n                }\n            }\n        }\n        stage('Quality Gate') {\n            steps {\n                script {\n                    waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-token'\n                }\n            }\n        }\n        stage('Install Dependencies') {\n            steps {\n                sh \"npm install\"\n            }\n        }\n        stage('OWASP FS SCAN') {\n            steps {\n                dependencyCheck additionalArguments: '--scan ./ --disableYarnAudit --disableNodeAudit', odcInstallation: 'DP-Check'\n                dependencyCheckPublisher pattern: '**/dependency-check-report.xml'\n            }\n        }\n        stage('TRIVY FS SCAN') {\n            steps {\n                sh \"trivy fs . \u003e trivyfs.txt\"\n            }\n        }\n        stage('Docker Build \u0026 Push') {\n            steps {\n                script {\n                    withDockerRegistry(credentialsId: 'docker', toolName: 'docker') {\n                        sh \"docker build --build-arg TMDB_V3_API_KEY=cbfbe595d41eaa652d904e6c34e9a157 -t netflix .\" //replace with your TMDB API key\n                        sh \"docker tag netflix salmanmalik98/netflix:latest\" //replace with your dockerhub registry\n                        sh \"docker push salmanmalik98/netflix:latest\" //replace with your dockerhub registry\n                    }\n                }\n            }\n        }\n        stage('TRIVY Image Scan') {\n            steps {\n                sh \"trivy image salmanmalik98/netflix:latest \u003e trivyimage.txt\"\n            }\n        }\n        stage('Deploy to container') {\n            steps {\n                script {\n                    // Stop and remove any existing container named \"netflix\"\n                    sh '''\n                        docker ps -a -q --filter name=netflix | xargs -r docker stop\n                        docker ps -a -q --filter name=netflix | xargs -r docker rm\n                    '''\n                    // Start a fresh container\n                    sh 'docker run -d --name netflix -p 8081:80 salmanmalik98/netflix:latest'\n                }\n            }\n        }\n    }\n}\n\n```\n\nIf you get docker login failed error:\n\n- sudo su\n- sudo usermod -aG docker jenkins\n- sudo systemctl restart jenkins\n- Incase you forget your jenkins password the username would remain '**admin**' and the password you can fetch again from your server by running:\n\n```bash\nsudo cat /var/lib/jenkins/secrets/initialAdminPassword \n```\n\n**Phase 4: Monitoring**\n\n1. **Install Prometheus and Grafana:**\n\n   Set up Prometheus and Grafana to monitor your application.\n\n   **Installing Prometheus:**\n\n   First, create a dedicated Linux user for Prometheus and download Prometheus:\n\n   ```bash\n   sudo useradd --system --no-create-home --shell /bin/false prometheus\n   wget https://github.com/prometheus/prometheus/releases/download/v2.47.1/prometheus-2.47.1.linux-amd64.tar.gz\n   ```\n\n   Extract Prometheus files, move them, and create directories:\n\n   ```bash\n   tar -xvf prometheus-2.47.1.linux-amd64.tar.gz\n   cd prometheus-2.47.1.linux-amd64/\n   sudo mkdir -p /data /etc/prometheus\n   sudo mv prometheus promtool /usr/local/bin/\n   sudo mv consoles/ console_libraries/ /etc/prometheus/\n   sudo mv prometheus.yml /etc/prometheus/prometheus.yml\n   ```\n\n   Set ownership for directories:\n\n   ```bash\n   sudo chown -R prometheus:prometheus /etc/prometheus/ /data/\n   ```\n\n   Create a systemd unit configuration file for Prometheus:\n\n   ```bash\n   sudo nano /etc/systemd/system/prometheus.service\n   ```\n\n   Add the following content to the `prometheus.service` file:\n\n   ```plaintext\n   [Unit]\n   Description=Prometheus\n   Wants=network-online.target\n   After=network-online.target\n\n   StartLimitIntervalSec=500\n   StartLimitBurst=5\n\n   [Service]\n   User=prometheus\n   Group=prometheus\n   Type=simple\n   Restart=on-failure\n   RestartSec=5s\n   ExecStart=/usr/local/bin/prometheus \\\n     --config.file=/etc/prometheus/prometheus.yml \\\n     --storage.tsdb.path=/data \\\n     --web.console.templates=/etc/prometheus/consoles \\\n     --web.console.libraries=/etc/prometheus/console_libraries \\\n     --web.listen-address=0.0.0.0:9090 \\\n     --web.enable-lifecycle\n\n   [Install]\n   WantedBy=multi-user.target\n   ```\n\n   Here's a brief explanation of the key parts in this `prometheus.service` file:\n\n   - `User` and `Group` specify the Linux user and group under which Prometheus will run.\n\n   - `ExecStart` is where you specify the Prometheus binary path, the location of the configuration file (`prometheus.yml`), the storage directory, and other settings.\n\n   - `web.listen-address` configures Prometheus to listen on all network interfaces on port 9090.\n\n   - `web.enable-lifecycle` allows for management of Prometheus through API calls.\n\n   Enable and start Prometheus:\n\n   ```bash\n   sudo systemctl enable prometheus\n   sudo systemctl start prometheus\n   ```\n\n   Verify Prometheus's status:\n\n   ```bash\n   sudo systemctl status prometheus\n   ```\n\n   You can access Prometheus in a web browser using your server's IP and port 9090:\n\n   `http://\u003cyour-server-ip\u003e:9090`\n\n   **Installing Node Exporter:**\n\n   Create a system user for Node Exporter and download Node Exporter:\n\n   ```bash\n   sudo useradd --system --no-create-home --shell /bin/false node_exporter\n   wget https://github.com/prometheus/node_exporter/releases/download/v1.6.1/node_exporter-1.6.1.linux-amd64.tar.gz\n   ```\n\n   Extract Node Exporter files, move the binary, and clean up:\n\n   ```bash\n   tar -xvf node_exporter-1.6.1.linux-amd64.tar.gz\n   sudo mv node_exporter-1.6.1.linux-amd64/node_exporter /usr/local/bin/\n   rm -rf node_exporter*\n   ```\n\n   Create a systemd unit configuration file for Node Exporter:\n\n   ```bash\n   sudo nano /etc/systemd/system/node_exporter.service\n   ```\n\n   Add the following content to the `node_exporter.service` file:\n\n   ```plaintext\n   [Unit]\n   Description=Node Exporter\n   Wants=network-online.target\n   After=network-online.target\n\n   StartLimitIntervalSec=500\n   StartLimitBurst=5\n\n   [Service]\n   User=node_exporter\n   Group=node_exporter\n   Type=simple\n   Restart=on-failure\n   RestartSec=5s\n   ExecStart=/usr/local/bin/node_exporter --collector.logind\n\n   [Install]\n   WantedBy=multi-user.target\n   ```\n\n   Replace `--collector.logind` with any additional flags as needed.\n\n   Enable and start Node Exporter:\n\n   ```bash\n   sudo systemctl enable node_exporter\n   sudo systemctl start node_exporter\n   ```\n\n   Verify the Node Exporter's status:\n\n   ```bash\n   sudo systemctl status node_exporter\n   ```\n\n   You can access Node Exporter metrics in Prometheus.\n\n2. **Configure Prometheus Plugin Integration:**\n\n   Integrate Jenkins with Prometheus to monitor the CI/CD pipeline.\n\n   **Prometheus Configuration:**\n\n   To configure Prometheus to scrape metrics from Node Exporter and Jenkins, you need to modify the `prometheus.yml` file. Here is an example `prometheus.yml` configuration for your setup:\n\n   ```yaml\n   global:\n     scrape_interval: 15s\n\n   scrape_configs:\n     - job_name: 'node_exporter'\n       static_configs:\n         - targets: ['localhost:9100']\n\n     - job_name: 'jenkins'\n       metrics_path: '/prometheus'\n       static_configs:\n         - targets: ['\u003cyour-jenkins-ip\u003e:\u003cyour-jenkins-port\u003e']\n   ```\n\n   Make sure to replace `\u003cyour-jenkins-ip\u003e` and `\u003cyour-jenkins-port\u003e` with the appropriate values for your Jenkins setup.\n\n   Check the validity of the configuration file:\n\n   ```bash\n   promtool check config /etc/prometheus/prometheus.yml\n   ```\n\n   Reload the Prometheus configuration without restarting:\n\n   ```bash\n   curl -X POST http://localhost:9090/-/reload\n   ```\n\n   You can access Prometheus targets at:\n\n   `http://\u003cyour-prometheus-ip\u003e:9090/targets`\n\n\n####Grafana\n\n**Install Grafana on Ubuntu 22.04 and Set it up to Work with Prometheus**\n\n**Step 1: Install Dependencies:**\n\nFirst, ensure that all necessary dependencies are installed:\n\n```bash\nsudo apt-get update\nsudo apt-get install -y apt-transport-https software-properties-common\n```\n\n**Step 2: Add the GPG Key:**\n\nAdd the GPG key for Grafana:\n\n```bash\nwget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -\n```\n\n**Step 3: Add Grafana Repository:**\n\nAdd the repository for Grafana stable releases:\n\n```bash\necho \"deb https://packages.grafana.com/oss/deb stable main\" | sudo tee -a /etc/apt/sources.list.d/grafana.list\n```\n\n**Step 4: Update and Install Grafana:**\n\nUpdate the package list and install Grafana:\n\n```bash\nsudo apt-get update\nsudo apt-get -y install grafana\n```\n\n**Step 5: Enable and Start Grafana Service:**\n\nTo automatically start Grafana after a reboot, enable the service:\n\n```bash\nsudo systemctl enable grafana-server\n```\n\nThen, start Grafana:\n\n```bash\nsudo systemctl start grafana-server\n```\n\n**Step 6: Check Grafana Status:**\n\nVerify the status of the Grafana service to ensure it's running correctly:\n\n```bash\nsudo systemctl status grafana-server\n```\n\n**Step 7: Access Grafana Web Interface:**\n\nOpen a web browser and navigate to Grafana using your server's IP address. The default port for Grafana is 3000. For example:\n\n`http://\u003cyour-server-ip\u003e:3000`\n\nYou'll be prompted to log in to Grafana. The default username is \"admin,\" and the default password is also \"admin.\"\n\n**Step 8: Change the Default Password:**\n\nWhen you log in for the first time, Grafana will prompt you to change the default password for security reasons. Follow the prompts to set a new password.\n\n**Step 9: Add Prometheus Data Source:**\n\nTo visualize metrics, you need to add a data source. Follow these steps:\n\n- Click on the gear icon (⚙️) in the left sidebar to open the \"Configuration\" menu.\n\n- Select \"Data Sources.\"\n\n- Click on the \"Add data source\" button.\n\n- Choose \"Prometheus\" as the data source type.\n\n- In the \"HTTP\" section:\n  - Set the \"URL\" to `http://localhost:9090` (assuming Prometheus is running on the same server).\n  - Click the \"Save \u0026 Test\" button to ensure the data source is working.\n\n**Step 10: Import a Dashboard:**\n\nTo make it easier to view metrics, you can import a pre-configured dashboard. Follow these steps:\n\n- Click on the \"+\" (plus) icon in the left sidebar to open the \"Create\" menu.\n\n- Select \"Dashboard.\"\n\n- Click on the \"Import\" dashboard option.\n\n- Enter the dashboard code you want to import (e.g., code 1860).\n\n- Click the \"Load\" button.\n\n- Select the data source you added (Prometheus) from the dropdown.\n\n- Click on the \"Import\" button.\n\nYou should now have a Grafana dashboard set up to visualize metrics from Prometheus.\n\nGrafana is a powerful tool for creating visualizations and dashboards, and you can further customize it to suit your specific monitoring needs.\n\nThat's it! You've successfully installed and set up Grafana to work with Prometheus for monitoring and visualization.\n\n2. **Configure Prometheus Plugin Integration:**\n    - Integrate Jenkins with Prometheus to monitor the CI/CD pipeline.\n\n# Phase 5: Kubernetes\n\n## Create Kubernetes Cluster with Nodegroups\n\nIn this phase, you'll set up a Kubernetes cluster with node groups using EKS Auto Mode which sets up everything for you including the IAM Cluster and Node Roles. This will provide a scalable environment to deploy and manage your applications.\n\nYou may open CloudShell on AWS and run the following command to set the context for your EKS cluster:\n\n ```bash\naws eks update-kubeconfig --name \u003ccluster-name\u003e --region \u003cyour-region\u003e\n```\n\nTo deploy an application with ArgoCD, you can follow these steps, which I'll outline in Markdown format:\n\n### Deploy Application with ArgoCD\n\n1. **Install ArgoCD:**\n\n   You can install ArgoCD on your Kubernetes cluster by following the instructions provided in the [EKS Workshop](https://archive.eksworkshop.com/intermediate/290_argocd/install/) documentation.\n\n2. **Set Your GitHub Repository as a Source:**\n\n   After installing ArgoCD, you need to set up your GitHub repository as a source for your application deployment. This typically involves configuring the connection to your repository and defining the source for your ArgoCD application. The specific steps will depend on your setup and requirements.\n\n3. **Create an ArgoCD Application:**\n   - `name`: Set the name for your application.\n   - `destination`: Define the destination where your application should be deployed.\n   - `project`: Specify the project the application belongs to.\n   - `source`: Set the source of your application, including the GitHub repository URL, revision, and the path to the application within the repository.\n   - `syncPolicy`: Configure the sync policy, including automatic syncing, pruning, and self-healing.\n\n4. **Access your Application**\n   - To Access the app make sure port 30007 is open in your security group and then open a new tab paste your NodeIP:30007, your app should be running.\n\n# Phase 7: Cleanup\n\n1. **Cleanup AWS EC2 Instances:**\n    - Terminate AWS EC2 instances that are no longer needed.\n    - Delete the EKS cluster\n    - Delete the load balancer created during Argo installation. ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimsalmanmalik%2Fdevsecops-project-netflix-deployment","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fimsalmanmalik%2Fdevsecops-project-netflix-deployment","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimsalmanmalik%2Fdevsecops-project-netflix-deployment/lists"}