CI/CD Pipeline for 11 Microservices – A DevOps Project

STEP 1: CREATE A EC2 INSTANCE.

STEP 2: CREATE A USER AND ATTACH THE BELOW POLICES

Generate Access Key and Secret acess key

STEP 3: CONNECT TO EC2 INSTANCE

• Install AWS CLI

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

unzip awscliv2.zip

sudo ./aws/install

The aws configure command sets up AWS CLI by saving your access key, secret key, default region,
and output format. It helps the CLI authenticate and interact with AWS services.

aws configure
 • Install Kubectl
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

chmod +x kubectl

sudo mv kubectl /usr/local/bin/

kubectl version

• Install EKSCTL
https://eksctl.io/installation/
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -
s)_amd64.tar.gz" | tar xz -C /tmp

sudo mv /tmp/eksctl /usr/local/bin

eksctl version

• Create EKS Cluster

eksctl create cluster --name=praveen-EKS-1 \

--region=ap-south-1 \
--zones=ap-south-1a,ap-south-1b \

--without-nodegroup

Create a OIDC:

eksctl utils associate-iam-oidc-provider \

--region ap-south-1 \

--cluster praveen-EKS-1 \
--approve
OIDC (OpenID Connect) is an authentication protocol that allows secure identity
verification between applications and identity providers.

In AWS EKS, OIDC is used to link Kubernetes service accounts with AWS IAM roles,
enabling fine-grained access control for AWS resources without using long-lived credentials.

Create a Node Group:

eksctl create nodegroup --cluster=praveen-EKS-1 \

--region=ap-south-1 \

--name=node2 \

--node-type=t3.medium \

--nodes=3 \

--nodes-min=2 \

--nodes-max=4 \

--node-volume-size=20 \

--ssh-access \

--ssh-public-key=NEWKEYPAIR \

--managed \

--asg-access \

--external-dns-access \

--full-ecr-access \

--appmesh-access \

--alb-ingress-access

This command adds a new group of worker nodes (node2) to your EKS cluster (praveen-
EKS-1) in the ap-south-1 (Mumbai) region.

Key points:

• Creates 3 EC2 instances (t3.medium) for running workloads.

• Allows auto-scaling between 2 and 4 nodes based on demand.

• Each node gets 20 GB storage.

• Enables SSH access using the NEWKEYPAIR key.

• Grants permissions for Auto Scaling, ALB Ingress, ECR, External DNS, and App
Mesh.
• Uses AWS-managed nodes for easy maintenance.

Purpose:
This ensures your EKS cluster has enough worker nodes to run your applications efficiently,
with scalability and necessary AWS service access.

SET-UP JENKINS:

https://www.jenkins.io/doc/book/installing/linux/#debianubuntu

Access the Jenkins :

Public_IP: 8080

Install Docker:

apt install docker.io -y

give permission of docker to other users:

chmod 666 /var/run/docker.sock

SET-UP ARGOCD:

Install Argocd:
kubectl create namespace argocd

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Change the argocd-server Service type to LoadBalancer.

Access the argocd using LB:

Username: admin

Password:

To log in, use the default admin credentials. Get the password with:

kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d

Configure Docker Cred in Jenkins:

Install Below plugin:

Configure Multi-Branch pipeline:

Add Jenkinsfile to Each Branch
• Each microservice branch should have a Jenkinsfile.

• Replace credentialsid of The docker “docker-cred”

Get Webhook URL from Jenkins

1. Go to Jenkins Dashboard → Open your Multibranch Pipeline Job.

2. Click Scan Repository Now (optional).

3. Copy the webhook URL (usually in http://your-jenkins-server:8080/github-

webhook/).
 • Click on Trigger Token: Name the Token:

http://13.127.148.184:8080/multibranch-webhook-trigger/invoke?token=praveen

3. Configure Webhook in GitHub/GitLab

1. Go to your GitHub repository.

2. Navigate to Settings → Webhooks.

3. Click Add Webhook.

4. Paste the above url .

5. Select the event "Push" or "Push & Pull Requests".

6. Click Save.

4. Test the Webhook

1. Push a commit to any branch.

2. Check Jenkins Dashboard → Multibranch Pipeline Job to see if the pipeline runs
automatically.
Now, Jenkins automatically triggers builds when code is pushed!

All 11 services have been successfully built.

CI Part is done.

Continuous Deployment (CD) with ArgoCD

Step 1: Go argocd DashBoard:

Create an ArgoCD Application

• Open ArgoCD UI → Click New Application.
Set:
 • Git Repository URL: Your repo with Kubernetes manifests (deployment.yaml).
• Path: Folder containing the manifests.
• Cluster: Select Kubernetes cluster.
• Namespace: default or your custom namespace.

• Name the Application

• Sync Policy: Automatic.

• Provide the Github url Where Deployment and Service file available.
• Branch Name: main

. (dot) refers to the root directory of the Git repository where your Kubernetes manifests
are stored.
• App Deployed on EKS Cluster Using argocd.
• Access the App using LoadBalancer.
The previous deployment was ArgoCD-based.

Now, let's explore Kubernetes Service Account-based Deployment.

Setup – a service account:

To Use a Service account for Deployment we need to create a token for authentication:

Create a service account ,role ,role binding and Secret add secret to the Jenkins credintails
that secret helps to communicate with jenkins

1. Create a Service Account

apiVersion: v1

kind: ServiceAccount
metadata:

name: jenkins-sa

namespace: webapps
2. Create a Role with Required Permissions

apiVersion: rbac.authorization.k8s.io/v1

kind: Role

metadata:

name: app-role

namespace: webapps
rules:
- apiGroups:

- ""

- apps

- autoscaling
- batch

- extensions

- policy

- rbac.authorization.k8s.io

resources:

- pods

- componentstatuses
- configmaps
- daemonsets

- deployments

- events

- endpoints

- horizontalpodautoscalers

- ingress

- jobs
- limitranges

- namespaces

- nodes

- pods

- persistentvolumes

- persistentvolumeclaims

- resourcequotas
- replicasets

- replicationcontrollers
- serviceaccounts
 - services

verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

3.Create a RoleBinding
apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

name: app-rolebinding

namespace: webapps

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

name: app-role

subjects:

- namespace: webapps

kind: ServiceAccount

name: jenkins

4. Create a Secret for the Service Account

apiVersion: v1

kind: Secret

metadata:
name: jenkins-sa-token

namespace: webapps

annotations:

kubernetes.io/service-account.name: "jenkins"

type: kubernetes.io/service-account-token

5. Retrieve the Token and Add it to Jenkins Credentials

Run the following command to get the token:

kubectl get secret jenkins-sa-token -n webapps -o jsonpath='{.data.token}' | base64 --decode

Copy the output token.

6. Add Secret to Jenkins Credentials

1. Navigate to Jenkins Dashboard → Manage Jenkins → Manage Credentials.
 2. Select the appropriate scope (e.g., Global or a specific domain).

3. Click Add Credentials.

4. Choose Secret Text as the credential type.

5. Paste the copied token.

6. Set an ID (e.g., k8s-token).

7. Save.

Now, Jenkins can authenticate with the Kubernetes cluster using this secret.

• Now Add the Below Jenkins file in Github.

Access the app using LoadBalancer.

Deletion Of resources:

Node group Deletion:

eksctl delete nodegroup --cluster=praveen-EKS-1 --name=node2 --region=ap-south-1

Delete the EKS Cluster

eksctl delete cluster --name=praveen-EKS-1 --region=ap-south-1

github url: https://github.com/Praveenchoudary/Microservice-project.git

************************************************************************