{"id":31913028,"url":"https://github.com/rohandeb2/production-level-cicd-project","last_synced_at":"2026-02-16T20:34:22.898Z","repository":{"id":318095997,"uuid":"1069960123","full_name":"rohandeb2/Production-level-CICD-project","owner":"rohandeb2","description":"A full DevOps workflow: IaC with Terraform, CI/CD with Jenkins, containerization with Docker, and deployment to a monitored EKS cluster","archived":false,"fork":false,"pushed_at":"2025-10-13T07:30:47.000Z","size":632,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-22T02:58:03.030Z","etag":null,"topics":["docker","eks","eks-cluster","grafana","java","jenkins","k8s","maven","prometheus","sonarqube","terraform","trivy"],"latest_commit_sha":null,"homepage":"https://www.rohandevops.co.in","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rohandeb2.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-05T00:59:53.000Z","updated_at":"2025-10-13T07:30:51.000Z","dependencies_parsed_at":"2025-10-05T04:26:05.807Z","dependency_job_id":"a8e67a9a-e78f-4415-8a68-168150eab3eb","html_url":"https://github.com/rohandeb2/Production-level-CICD-project","commit_stats":null,"previous_names":["rohandeb2/production-level-cicd-project"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/rohandeb2/Production-level-CICD-project","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rohandeb2%2FProduction-level-CICD-project","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rohandeb2%2FProduction-level-CICD-project/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rohandeb2%2FProduction-level-CICD-project/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rohandeb2%2FProduction-level-CICD-project/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rohandeb2","download_url":"https://codeload.github.com/rohandeb2/Production-level-CICD-project/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rohandeb2%2FProduction-level-CICD-project/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29517613,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-16T18:37:19.720Z","status":"ssl_error","status_checked_at":"2026-02-16T18:36:46.920Z","response_time":115,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","eks","eks-cluster","grafana","java","jenkins","k8s","maven","prometheus","sonarqube","terraform","trivy"],"created_at":"2025-10-13T18:26:37.254Z","updated_at":"2026-02-16T20:34:22.877Z","avatar_url":"https://github.com/rohandeb2.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# πŸš€ Complete DevOps CI/CD Pipeline\n\nA comprehensive end-to-end DevOps pipeline featuring Jenkins, SonarQube, Nexus, Docker, Kubernetes (EKS), Terraform, Prometheus, Grafana, and automated monitoring.\n\n## πŸ“‹ Table of Contents\n\n- [Architecture Overview](#architecture-overview)\n- [Prerequisites](#prerequisites)\n- [Installation Guide](#installation-guide)\n- [Configuration](#configuration)\n- [Pipeline Workflow](#pipeline-workflow)\n- [Monitoring Setup](#monitoring-setup)\n- [Domain Configuration](#domain-configuration)\n- [Troubleshooting](#troubleshooting)\n- [Contributing](#contributing)\n\n## πŸ—οΈ Architecture Overview\n\n\u003cdiv align=\"center\"\u003e\n \u003cimg src=\"images/1.png\" \u003e\n\u003c/div\u003e\n\nThis pipeline implements a complete CI/CD workflow with:\n\n- **CI/CD**: Jenkins for automation\n- **Code Quality**: SonarQube for static code analysis\n- **Artifact Management**: Nexus Repository\n- **Security Scanning**: Trivy for container vulnerability scanning\n- **Container Orchestration**: Amazon EKS (Kubernetes)\n- **Infrastructure as Code**: Terraform\n- **Monitoring**: Prometheus + Grafana + Blackbox Exporter\n- **Notifications**: Email alerts via Gmail\n\n## Application\n\n\u003cdiv align=\"center\"\u003e\n \u003cimg src=\"images/2.png\" \u003e\n\u003c/div\u003e\n\n## Pipeline\n\n\u003cdiv align=\"center\"\u003e\n \u003cimg src=\"images/3.png\" \u003e\n\u003c/div\u003e\n\n\n\n## πŸ“¦ Prerequisites\n\nBefore starting, generate the following credentials:\n\n### 1. GitHub Personal Access Token\n- Go to GitHub β†’ Settings β†’ Developer Settings β†’ Personal Access Tokens β†’ Tokens (classic)\n- Click \"Generate new token (classic)\"\n- Select scopes: `repo`, `workflow`, `admin:repo_hook`\n- Generate and save the token securely\n\n### 2. SonarQube Token\n- Access SonarQube at `localhost:9000`\n- Login with default credentials (`admin:admin`), then change password\n- Navigate to Administration β†’ Security β†’ Users\n- Click on the tokens icon next to your user\n- Generate and save the token\n\n### 3. Docker Personal Access Token\n- Go to Docker Hub β†’ Account Settings β†’ Security\n- Click \"New Access Token\"\n- Provide a description and generate\n- Save the token securely\n\n### 4. Google App Password\n- Go to Google Account β†’ Security β†’ 2-Step Verification\n- Scroll down to \"App passwords\"\n- Select app: \"Mail\", device: \"Other\"\n- Generate and save the 16-character password\n\n### 5. AWS Access Keys\n- Go to AWS Console β†’ IAM β†’ Users\n- Create user with AdministratorAccess policy\n- Generate Access Key and Secret Key\n- Save both credentials securely\n\n## πŸ› οΈ Installation Guide\n\n### System Requirements\n- Ubuntu 20.04 LTS or higher\n- Minimum 4GB RAM, 2 CPU cores\n- 50GB free disk space\n\n### Step 1: Update System\n```bash\nsudo apt update\n```\n\n### Step 2: Install Java 17\n```bash\nsudo apt install openjdk-17-jre-headless -y\n```\n\u003e **Why Java 17?** Jenkins requires Java 17 for optimal performance and LTS support.\n\n### Step 3: Install Jenkins\n```bash\nsudo wget -O /etc/apt/keyrings/jenkins-keyring.asc \\\n https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key\necho \"deb [signed-by=/etc/apt/keyrings/jenkins-keyring.asc]\" \\\n https://pkg.jenkins.io/debian-stable binary/ | sudo tee \\\n /etc/apt/sources.list.d/jenkins.list \u003e /dev/null\nsudo apt update\nsudo apt install jenkins -y\n```\n\n### Step 4: Install Docker\n```bash\nsudo apt install docker.io -y\nsudo chmod 666 /var/run/docker.sock\n```\n\n### Step 5: Install Trivy (Security Scanner)\n```bash\nsudo apt-get install wget apt-transport-https gnupg lsb-release -y\nwget -qO - https://get.trivy.dev/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg \u003e /dev/null\necho \"deb [signed-by=/usr/share/keyrings/trivy.gpg] https://get.trivy.dev/deb generic main\" | sudo tee -a /etc/apt/sources.list.d/trivy.list\nsudo apt-get update\nsudo apt-get install trivy -y\n```\n\n### Step 6: Install AWS CLI\n```bash\ncurl \"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip\" -o \"awscliv2.zip\"\nunzip awscliv2.zip\nsudo ./aws/install\nrm -rf awscliv2.zip\nmv aws ~\n```\n\n### Step 7: Install Terraform\n```bash\ncurl -fsSL https://releases.hashicorp.com/terraform/1.5.7/terraform_1.5.7_linux_amd64.zip -o terraform.zip\nsudo apt install -y unzip\nunzip terraform.zip\nsudo mv terraform /usr/local/bin/\nterraform --version\n```\n\n### Step 8: Install kubectl\n```bash\ncurl -LO \"https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl\"\nchmod +x kubectl\nsudo mv kubectl /usr/local/bin/\nkubectl version --client\n```\n\n### Step 9: Install Prometheus\n```bash\nwget https://github.com/prometheus/prometheus/releases/download/v3.6.0/prometheus-3.6.0.linux-amd64.tar.gz\ntar -xvf prometheus-3.6.0.linux-amd64.tar.gz\nrm prometheus-3.6.0.linux-amd64.tar.gz\nmv prometheus-3.6.0.linux-amd64 prometheus\nmv prometheus ~\n```\n\n### Step 10: Install Blackbox Exporter\n```bash\nwget https://github.com/prometheus/blackbox_exporter/releases/download/v0.27.0/blackbox_exporter-0.27.0.linux-amd64.tar.gz\ntar -xvf blackbox_exporter-0.27.0.linux-amd64.tar.gz\nrm blackbox_exporter-0.27.0.linux-amd64.tar.gz\nmv blackbox_exporter-0.27.0.linux-amd64 blackbox_exporter\nmv blackbox_exporter ~\n```\n\n### Step 11: Install Grafana\n```bash\nsudo apt-get install -y adduser libfontconfig1 musl\nwget https://dl.grafana.com/grafana-enterprise/release/12.2.0/grafana-enterprise_12.2.0_17949786146_linux_amd64.deb\nsudo dpkg -i grafana-enterprise_12.2.0_17949786146_linux_amd64.deb\nsudo /bin/systemctl start grafana-server\n```\nDefault credentials: `admin:admin`\n\n## βš™οΈ Configuration\n\n### 1. Start Required Services\n\n#### Jenkins\n```bash\n# Access Jenkins\nhttp://localhost:8080\n\n# Get initial admin password\nsudo cat /var/lib/jenkins/secrets/initialAdminPassword\n```\n\n#### Nexus Repository\n```bash\nsudo docker run -d -p 8200:8081 sonatype/nexus3\n# Access at: http://localhost:8200\n```\n\n#### SonarQube\n```bash\nsudo docker run -d -p 9000:9000 sonarqube:lts-community\n# Access at: http://localhost:9000\n# Default: admin:admin\n```\n\n### 2. Jenkins Plugin Installation\n\nNavigate to: **Jenkins β†’ Manage Jenkins β†’ Plugins β†’ Available**\n\nInstall the following plugins:\n- SonarQube Scanner\n- Config File Provider\n- Maven Integration\n- Pipeline Maven Integration\n- Kubernetes\n- Kubernetes Credentials\n- Kubernetes CLI\n- Kubernetes Client API\n- Docker\n- Docker Pipeline\n- Eclipse Temurin Installer\n- Pipeline Stage View\n- Email Extension Template\n\n### 3. Configure Jenkins Tools\n\n**Jenkins β†’ Manage Jenkins β†’ Tools**\n\n- **Docker**: Install automatically from docker.com (latest)\n- **Maven**: Keep default version\n- **SonarQube Scanner**: Latest version\n- **JDK**: Install JDK 17 automatically\n\n### 4. Configure Credentials\n\n**Jenkins Dashboard β†’ Manage Jenkins β†’ Credentials β†’ Global β†’ Add Credentials**\n\nAdd the following credentials:\n\n| Type | Description | ID | Fields |\n|------|-------------|-----|--------|\n| Username/Password | GitHub | `github-cred` | Username + Personal Access Token |\n| Username/Password | Gmail | `mail-cred` | Email + Google App Password |\n| Secret Text | SonarQube | `sonar-token` | SonarQube Token |\n| Secret Text | Kubernetes | `k8s-cred` | EKS Service Account Token |\n| Username/Password | Docker | `docker-cred` | Docker Username + PAT |\n\n### 5. Configure SonarQube Integration\n\n**Jenkins β†’ Manage Jenkins β†’ System β†’ SonarQube Servers**\n\n- Name: `sonar-server`\n- Server URL: `http://localhost:9000`\n- Authentication Token: Select `sonar-token` credential\n\n### 6. Configure Maven Settings for Nexus\n\n#### Update pom.xml\nAdd this before the closing `\u003c/project\u003e` tag:\n\n```xml\n\u003cdistributionManagement\u003e\n \u003crepository\u003e\n \u003cid\u003emaven-releases\u003c/id\u003e\n \u003curl\u003ehttp://localhost:8200/repository/maven-releases/\u003c/url\u003e\n \u003c/repository\u003e\n \u003csnapshotRepository\u003e\n \u003cid\u003emaven-snapshots\u003c/id\u003e\n \u003curl\u003ehttp://localhost:8200/repository/maven-snapshots/\u003c/url\u003e\n \u003c/snapshotRepository\u003e\n\u003c/distributionManagement\u003e\n```\n\n#### Configure Maven Settings in Jenkins\n\n**Jenkins β†’ Manage Jenkins β†’ Managed Files β†’ Add β†’ Global Maven settings.xml**\n\n- ID: `maven-settings`\n- Content: Add server credentials\n\n```xml\n\u003cservers\u003e\n \u003cserver\u003e\n \u003cid\u003emaven-snapshots\u003c/id\u003e\n \u003cusername\u003eadmin\u003c/username\u003e\n \u003cpassword\u003eadmin\u003c/password\u003e\n \u003c/server\u003e\n \u003cserver\u003e\n \u003cid\u003emaven-releases\u003c/id\u003e\n \u003cusername\u003eadmin\u003c/username\u003e\n \u003cpassword\u003eadmin\u003c/password\u003e\n \u003c/server\u003e\n\u003c/servers\u003e\n```\n\n### 7. Configure Email Notifications\n\n**Jenkins β†’ Manage Jenkins β†’ System**\n\n#### Extended E-mail Notification\n- SMTP Server: `smtp.gmail.com`\n- SMTP Port: `465`\n- Use SSL: βœ“\n- Credentials: Select `mail-cred`\n\n#### E-mail Notification\n- SMTP Server: `smtp.gmail.com`\n- Advanced β†’ Use SMTP Authentication\n- Username: Your Gmail\n- Password: Google App Password\n- Test configuration by sending test email\n\n## ☸️ Kubernetes (EKS) Setup\n\n### 1. Configure AWS CLI\n```bash\naws configure\n# Enter AWS Access Key ID\n# Enter AWS Secret Access Key\n# Default region: ap-south-1\n# Default output format: json\n```\n\n### 2. Initialize Terraform\n```bash\nterraform init\nterraform plan\nterraform apply -auto-approve\n```\n\n### 3. Configure kubectl for EKS\n```bash\naws eks --region ap-south-1 update-kubeconfig --name rohandevops-cluster\n```\n\n### 4. Create Kubernetes Resources\n```bash\n# Create namespace\nkubectl create ns webapps\n\n# Navigate to k8s directory\ncd k8s/\n\n# Apply configurations\nkubectl apply -f svc.yml\nkubectl apply -f role.yml\nkubectl apply -f bind.yml\nkubectl apply -f jen-sec.yml -n webapps\n```\n\n### 5. Create Docker Registry Secret\n```bash\nkubectl create secret docker-registry regcred \\\n --docker-server=https://index.docker.io/v1/ \\\n --docker-username=\u003cyour-docker-username\u003e \\\n --docker-password=\u003cyour-docker-pat\u003e \\\n -n webapps\n```\n\n### 6. Get Service Account Token\n```bash\n# List secrets\nkubectl get secrets -n webapps\n\n# Describe secret to get token\nkubectl describe secret mysecretname -n webapps\n\n# Copy the token and add to Jenkins credentials as 'k8s-cred'\n```\n\n## πŸ“Š Monitoring Setup\n\n### 1. Configure Prometheus\n\nNavigate to Prometheus directory and edit `prometheus.yml`:\n\n```yaml\nscrape_configs:\n - job_name: 'blackbox'\n metrics_path: /probe\n params:\n module: [http_2xx]\n static_configs:\n - targets:\n - http://prometheus.io\n - http://www.rohandevops.co.in/\n relabel_configs:\n - source_labels: [__address__]\n target_label: __param_target\n - source_labels: [__param_target]\n target_label: instance\n - target_label: __address__\n replacement: 127.0.0.1:9115\n```\n\n### 2. Start Monitoring Services\n\n```bash\n# Start Prometheus\ncd ~/prometheus\n./prometheus \u0026\n\n# Start Blackbox Exporter\ncd ~/blackbox_exporter\n./blackbox_exporter \u0026\n```\n\n### 3. Restart Prometheus (if config changed)\n```bash\npgrep prometheus\nkill \u003cprocess-id\u003e\ncd ~/prometheus\n./prometheus \u0026\n```\n\n### 4. Configure Grafana\n\nAccess Grafana at `http://localhost:3000` (admin:admin)\n\n#### Add Prometheus Data Source\n1. Go to Connections β†’ Data Sources\n2. Add data source β†’ Prometheus\n3. URL: `http://localhost:9090`\n4. Click \"Save \u0026 Test\"\n\n#### Import Dashboard\n1. Go to Dashboards β†’ Import\n2. Search for \"Blackbox Exporter\" dashboard ID (e.g., 7587)\n3. Select Prometheus as data source\n4. Click Import\n\n## 🌐 Domain Configuration\n\n### Configure Custom Domain (GoDaddy Example)\n\n1. Go to your domain provider (e.g., GoDaddy)\n2. Navigate to DNS Management\n3. Edit CNAME record:\n - Type: CNAME\n - Name: www\n - Value: `\u003cyour-elb-url\u003e.elb.amazonaws.com` (without http://)\n - TTL: 600 seconds\n4. Save changes\n\n### Verify DNS Configuration\n```bash\n# Wait 1-2 minutes, then verify\nnslookup www.rohandevops.co.in\n```\n\n## πŸ”§ Pipeline Configuration\n\n### Create Jenkins Pipeline\n\n1. **Jenkins β†’ New Item β†’ Pipeline**\n2. Configure:\n - Discard old builds: Max # of builds to keep: `2`\n - Pipeline script from SCM\n - SCM: Git\n - Repository URL: Your GitHub repo\n - Credentials: `github-cred`\n - Branch: `*/main`\n - Script Path: `Jenkinsfile`\n\n\n## πŸ› Troubleshooting\n\n### Common Issues\n\n#### Jenkins Won't Start\n```bash\n# Check Jenkins status\nsudo systemctl status jenkins\n\n# Check logs\nsudo journalctl -u jenkins -f\n```\n\n#### Docker Permission Denied\n```bash\nsudo chmod 666 /var/run/docker.sock\n```\n\n#### EKS Connection Issues\n```bash\n# Update kubeconfig\naws eks update-kubeconfig --region ap-south-1 --name rohandevops-cluster\n\n# Verify connection\nkubectl cluster-info\n```\n\n#### Prometheus Not Scraping\n```bash\n# Check Prometheus targets\nhttp://localhost:9090/targets\n\n# Verify Blackbox Exporter is running\ncurl http://localhost:9115/metrics\n```\n\n## πŸ“ Best Practices\n\n1. **Security**\n - Rotate credentials regularly\n - Use secrets management for sensitive data\n - Enable RBAC in Kubernetes\n - Run Trivy scans on all images\n\n2. **Monitoring**\n - Set up alerting rules in Prometheus\n - Create custom Grafana dashboards\n - Monitor resource usage\n\n3. **CI/CD**\n - Implement proper branching strategy\n - Use semantic versioning for releases\n - Maintain comprehensive test coverage\n - Keep build times under 10 minutes\n\n4. **Infrastructure**\n - Use Terraform workspaces for environments\n - Implement auto-scaling policies\n - Regular backup of Jenkins configuration\n - Document infrastructure changes\n\n---\n\n⭐ **If you find this project helpful, please give it a star!** ⭐\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frohandeb2%2Fproduction-level-cicd-project","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frohandeb2%2Fproduction-level-cicd-project","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frohandeb2%2Fproduction-level-cicd-project/lists"}