An open API service indexing awesome lists of open source software.

https://github.com/harshitsahu2311/wanderlust-gitops-project

This is a ulimate deployment of wanderlust project using devsecops and gitops methodology
https://github.com/harshitsahu2311/wanderlust-gitops-project

argocd aws cicd devops devsecops docker docker-compose dockerhub eks finops github gitops gmail grafana jenkins kubernetes owasp prometheus sonarqube trivy

Last synced: about 5 hours ago
JSON representation

This is a ulimate deployment of wanderlust project using devsecops and gitops methodology

Awesome Lists containing this project

README

          

# Ulimate Wanderlust DevSecOps Project🌍✈️

WanderLust is a simple MERN travel blog website ✈ This project is aimed to help people to contribute in open source, upskill in react and also master git.

![Preview Image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/ulimate-devsecops-project.png)
#

# Wanderlust Mega Project End to End Implementation

### In this demo, we will see how to deploy an end to end three tier MERN stack application on EKS cluster.
#
### Project Deployment Flow:

#

## Tech stack used in this project:
- GitHub (Code)
- Docker (Containerization)
- Jenkins (CI)
- OWASP (Dependency check)
- SonarQube (Quality)
- Trivy (Filesystem Scan)
- ArgoCD (CD)
- Redis (Caching)
- AWS EKS (Kubernetes)
- Helm (Monitoring using grafana and prometheus)

### How pipeline will look after deployment:
- CI pipeline to build and push
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/Screenshot%202025-01-18%20133419.png)

- CD pipeline to update application version
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/Screenshot%202025-01-18%20133807.png)

- ArgoCD application for deployment on EKS
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/argocd.gif)

#
> [!Important]
> Below table helps you to navigate to the particular tool installation section fast.

| Tech stack | Installation |
| -------- | ------- |
| Jenkins Master | Install and configure Jenkins |
| eksctl | Install eksctl |
| Argocd | Install and configure ArgoCD |
| Jenkins-Worker Setup | Install and configure Jenkins Worker Node |
| OWASP setup | Install and configure OWASP |
| SonarQube | Install and configure SonarQube |
| Email Notification Setup | Email notification setup |
| Monitoring | Prometheus and grafana setup using helm charts
| Clean Up | Clean up |
#

### Pre-requisites to implement this project:
#

> [!Note]
> This project will be implemented on Mumbai region (ap-south-1).

- Create 1 Master machine on AWS with 2CPU, 8GB of RAM (t2.large) and 29 GB of storage and install Docker on it.
#
- Open the below ports in security group of master machine and also attach same security group to Jenkins worker node (We will create worker node shortly)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/Screenshot%202025-01-18%20135759.png)

> [!Note]
> We are creating this master machine because we will configure Jenkins master, eksctl, EKS cluster creation from here.

Install & Configure Docker by using below command, "NewGrp docker" will refresh the group config hence no need to restart the EC2 machine.

```bash
sudo apt-get update
```
```bash
sudo apt-get install docker.io -y
sudo usermod -aG docker ubuntu && newgrp docker
```
#
- Install and configure Jenkins (Master machine)
```bash
sudo apt update -y
sudo apt install fontconfig openjdk-17-jre -y

sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key

echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null

sudo apt-get update -y
sudo apt-get install jenkins -y
```
- Now, access Jenkins Master on the browser on port 8080 and configure it.
#
- Create EKS Cluster on AWS (Master machine)
- IAM user with **access keys and secret access keys**
- AWSCLI should be configured (Setup AWSCLI)
```bash
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo apt install unzip
unzip awscliv2.zip
sudo ./aws/install
aws configure
```

- Install **kubectl** (Master machine)(Setup kubectl )
```bash
curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin
kubectl version --short --client
```

- Install **eksctl** (Master machine) (Setup eksctl)
```bash
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version
```

- Create EKS Cluster (Master machine)
```bash
eksctl create cluster --name=wanderlust \
--region=ap-south-1 \
--version=1.30 \
--without-nodegroup
```
- Associate IAM OIDC Provider (Master machine)
```bash
eksctl utils associate-iam-oidc-provider \
--region ap-south-1 \
--cluster wanderlust \
--approve
```
- Create Nodegroup (Master machine)
```bash
eksctl create nodegroup --cluster=wanderlust \
--region=ap-south-1 \
--name=wanderlust \
--node-type=t2.large \
--nodes=2 \
--nodes-min=2 \
--nodes-max=2 \
--node-volume-size=29 \
--ssh-access \
--ssh-public-key=mumbai-key
```
> [!Note]
> Make sure the ssh-public-key "mumbai-key is available in your aws account"
#
- Setting up jenkins worker node
- Create a new EC2 instance (Jenkins Worker) with 2CPU, 8GB of RAM (t2.large) and 29 GB of storage and install java on it
```bash
sudo apt update -y
sudo apt install fontconfig openjdk-17-jre -y
```
- Create an IAM role with administrator access attach it to the jenkins worker node Select Jenkins worker node EC2 instance --> Actions --> Security --> Modify IAM role
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/iamrole.png)

- Configure AWSCLI (Setup AWSCLI)
```bash
sudo su
```
```bash
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo apt install unzip
unzip awscliv2.zip
sudo ./aws/install
aws configure
```
#
- generate ssh keys (Master machine) to setup jenkins master-slave
```bash
ssh-keygen
```
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/ssh.png)
#
- Now move to directory where your ssh keys are generated and copy the content of public key and paste to authorized_keys file of the Jenkins worker node.
#
- Now, go to the jenkins master and navigate to Manage jenkins --> Nodes, and click on Add node
- Name: Node
- type: permanent agent
- Number of executors: 2
- Remote root directory: /home/ubuntu
- Labels: Node
- Usage: Only build jobs with label expressions matching this node
- Launch method: Via ssh
- Host: \
- Credentials: Add --> Kind: ssh username with private key --> ID: Worker --> Description: Worker --> Username: ubuntu --> Private key: Enter directly --> Add Private key
- Host Key Verification Strategy: Non verifying Verification Strategy
- Availability: Keep this agent online as much as possible
#
- And your jenkins worker node is added
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/node.png)

#
- Install docker (Jenkins Worker)

```bash
sudo apt install docker.io -y
sudo usermod -aG docker ubuntu && newgrp docker
```
#
- Install and configure SonarQube (Master machine)
```bash
docker run -itd --name SonarQube-Server -p 9000:9000 sonarqube:lts-community
```
#
- Install Trivy (Jenkins Worker)
```bash
sudo apt-get install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update -y
sudo apt-get install trivy -y
```
#
- Install and Configure ArgoCD (Master Machine)
- Create argocd namespace
```bash
kubectl create namespace argocd
```
- Apply argocd manifest
```bash
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
```
- Make sure all pods are running in argocd namespace
```bash
watch kubectl get pods -n argocd
```
- Install argocd CLI
```bash
sudo curl --silent --location -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v2.4.7/argocd-linux-amd64
```
- Provide executable permission
```bash
sudo chmod +x /usr/local/bin/argocd
```
- Check argocd services
```bash
kubectl get svc -n argocd
```
- Change argocd server's service from ClusterIP to NodePort
```bash
kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}'
```
- Confirm service is patched or not
```bash
kubectl get svc -n argocd
```
- Check the port where ArgoCD server is running and expose it on security groups of a worker node
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/argocdport.png)
- Access it on browser, click on advance and proceed with
```bash
:
```
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/errorargo.png)

- If you find error like this in the above image, then run the below the command:
```bash
kubectl port-forward svc/argocd-server -n argocd 31797:80 --address 0.0.0.0 &
```

![image](https://github.com/user-attachments/assets/1ffa85c3-9055-49b4-aab0-0947b95f0dd2)
- Fetch the initial password of argocd server
```bash
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
```
- Username: admin
- Now, go to User Info and update your argocd password
#
## Steps to add email notification
- Go to your Jenkins Master EC2 instance and allow 465 port number for SMTPS
#
- Now, we need to generate an application password from our gmail account to authenticate with jenkins
- Open gmail and go to Manage your Google Account --> Security
> [!Important]
> Make sure 2 step verification must be on

![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/2-step.png)

- Search for App password and create a app password for jenkins
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/app-pas.png)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/app-pas2.png)

#
- Once, app password is create and go back to jenkins Manage Jenkins --> Credentials to add username and password for email notification
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/gmailpas.png)

#
- Go back to Manage Jenkins --> System and search for Extended E-mail Notification
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/smtp%20tool.png)
#
- Scroll down and search for E-mail Notification and setup email notification
> [!Important]
> Enter your gmail password which we copied recently in password field E-mail Notification --> Advance

![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/email_notify.png)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/test_conf.png)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/testemail.png)

#
## Steps to implement the project:
- Go to Jenkins Master and click on Manage Jenkins --> Plugins --> Available plugins install the below plugins:
- OWASP
- SonarQube Scanner
- Docker
- Pipeline: Stage View
#
- Configure OWASP, move to Manage Jenkins --> Plugins --> Available plugins (Jenkins Worker)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/owasp_plugin.png)

- After OWASP plugin is installed, Now move to Manage jenkins --> Tools (Jenkins Worker)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/owasp_tool.png)
#
- Login to SonarQube server and create the credentials for jenkins to integrate with SonarQube
- Navigate to Administration --> Security --> Users --> Token
![image](https://github.com/user-attachments/assets/86ad8284-5da6-4048-91fe-ac20c8e4514a)
![image](https://github.com/user-attachments/assets/6bc671a5-c122-45c0-b1f0-f29999bbf751)
![image](https://github.com/user-attachments/assets/e748643a-e037-4d4c-a9be-944995979c60)

#
- Now, go to Manage Jenkins --> credentials and add Sonarqube credentials:
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/sonar-cred.png)
#
- Go to Manage Jenkins --> Tools and search for SonarQube Scanner installations:
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/sonar-tool.png)
#
- Go to Manage Jenkins --> credentials and add Github credentials to push updated code from the pipeline:
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/github-cred.png)
> [!Note]
> While adding github credentials add Personal Access Token in the password field.
#
- Go to Manage Jenkins --> System and search for SonarQube installations:
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/sonar-system.png)
#
- Now again, Go to Manage Jenkins --> System and search for Global Trusted Pipeline Libraries:Login to SonarQube server, go to Administration --> Webhook and click on create

![image](https://github.com/user-attachments/assets/16527e72-6691-4fdf-a8d2-83dd27a085cb)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/sonar-webhook.png)
#
- Now, go to github repository and under Automations directory update the instance-id field on both the updatefrontendnew.sh updatebackendnew.sh with the k8s worker's instance id
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/instance-id.png)
#
- Navigate to Manage Jenkins --> credentials and add credentials for docker login to push docker image:
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/dockerhuub.png)
#
- Create a Wanderlust-CI pipeline
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/ci-job.png)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/ci-pipeline.png)

#
- Create one more pipeline Wanderlust-CD
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/cd-job.png)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/cd-pipeline.png)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/all-job.png)
#
- Provide permission to docker socket so that docker build and push command do not fail (Jenkins Worker)
```bash
chmod 777 /var/run/docker.sock
```
![image](https://github.com/user-attachments/assets/e231c62a-7adb-4335-b67e-480758713dbf)
#
- Go to Master Machine and add our own eks cluster to argocd for application deployment using cli
- Login to argoCD from CLI
```bash
argocd login 65.2.186.181:31797 --username admin
```
> [!Tip]
> 65.2.186.181:31797 --> This should be your argocd url

![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/argo-login.png)

- Check how many clusters are available in argocd
```bash
argocd cluster list
```
![image](https://github.com/user-attachments/assets/76fe7a45-e05c-422d-9652-bdaee02d630f)
- Get your cluster name
```bash
kubectl config get-contexts
```
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/get-context.png)
- Add your cluster to argocd
```bash
argocd cluster add iam-root-account@wanderlust.ap-south-1.eksctl.io --name wanderlust-eks-cluster
```
> [!Tip]
> iam-root-account@wanderlust.ap-south-1.eksctl.io --> This should be your EKS Cluster Name.

![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/iam-cluster.png)
- Once your cluster is added to argocd, go to argocd console Settings --> Clusters and verify it
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/argo-setting.png)
#
- Go to Settings --> Repositories and click on Connect repo
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/argo-repo.png)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/argo-repo-add.png)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/argo-repo-check.png)
> [!Note]
> Connection should be successful

- Now, go to Applications and click on New App

![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/argo-general.png)

> [!Important]
> Make sure to click on the Auto-Create Namespace option while creating argocd application

![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/argo-source.png)

- Congratulations, your application is deployed on AWS EKS Cluster
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/argo-ash.png)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/argo-work.png)
- Open port 31000 and 31100 on worker node and Access it on browser
```bash
:31000
```
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/aws.png)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/wander.png)
![image](https://github.com/user-attachments/assets/64394f90-8610-44c0-9f63-c3a21eb78f55)

#
## How to monitor EKS cluster, kubernetes components and workloads using prometheus and grafana via HELM (On Master machine)
-

Install Helm Chart


```bash
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
```
```bash
chmod 700 get_helm.sh
```
```bash
./get_helm.sh
```

#
- Add Helm Stable Charts for Your Local Client
```bash
helm repo add stable https://charts.helm.sh/stable
```

#
- Add Prometheus Helm Repository
```bash
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
```

#
- Create Prometheus Namespace
```bash
kubectl create namespace prometheus
```
```bash
kubectl get ns
```

#
- Install Prometheus using Helm
```bash
helm install stable prometheus-community/kube-prometheus-stack -n prometheus
```

#
- Verify prometheus installation
```bash
kubectl get pods -n prometheus
```

#
- Check the services file (svc) of the Prometheus
```bash
kubectl get svc -n prometheus
```

#
- Expose Prometheus and Grafana to the external world through Node Port
> [!Important]
> change it from Cluster IP to NodePort after changing make sure you save the file and open the assigned nodeport to the service.

```bash
kubectl edit svc stable-kube-prometheus-sta-prometheus -n prometheus
```
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/prom-node.png)
![image](https://github.com/user-attachments/assets/ed94f40f-c1f9-4f50-a340-a68594856cc7)

#
- Verify service
```bash
kubectl get svc -n prometheus
```

#
- Now,let’s change the SVC file of the Grafana and expose it to the outer world
```bash
kubectl edit svc stable-grafana -n prometheus
```
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/grafana-node.png)

#
- Check grafana service
```bash
kubectl get svc -n prometheus
```

#
- Get a password for grafana
```bash
kubectl get secret --namespace prometheus stable-grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
```
> [!Note]
> Username: admin

#
- Now, view the Dashboard in Grafana
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/dash1.png)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/dash2.png)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/dash3.png)
![image](https://github.com/harshitsahu2311/Wanderlust-GitOps-Project/blob/main/Assets/Images/dash4.png)

#
## Clean Up
- Delete eks cluster
```bash
eksctl delete cluster --name=wanderlust --region=us-west-1
```

#