DevSecOps with Kubernetes: Deploying a Secure Tetris Game on AWS EKS

Welcome to the End-to-End DevSecOps Kubernetes Project! This comprehensive guide is designed to set up a robust DevSecOps pipeline on Amazon Web Services (AWS) using Kubernetes. The project focuses on deploying a Tetris game application on an Amazon Elastic Kubernetes Service (EKS) cluster, all while incorporating best practices for security and automation.

Step 1: Set Up Terraform

Please follow the Step 1 from the below article:

https://devopsvoyager.hashnode.dev/streamlining-ai-deployment-launching-chatgpt-clone-app-with-kubernetes-terraform-and-jenkins-cicd#heading-step-1-set-up-terraform

Step 2: Configure AWS

https://devopsvoyager.hashnode.dev/streamlining-ai-deployment-launching-chatgpt-clone-app-with-kubernetes-terraform-and-jenkins-cicd#heading-step-2-configure-aws

Step 3: Clone the GitHub Repository

Clone the repository containing the Tetris deployment scripts:

git clone https://github.com/Saurabh-DevOpsVoyager77/Tetris-v1.git

Step 4: Setup IAM User

• Go to the AWS Console, Search for IAM, Click on Users, and Give name to it

• Check into the permission and Policies.

• Go to the Security Credentials

• Click on Create access key. Follow the below process

Step 5: Building a Jenkins Server using Terraform

We’ll build a simple infrastructure using Terraform. The infrastructure includes a user data script that installs Jenkins, Docker, and Trivy and starts a SonarQube container on port 9000. We’ll run the Terraform commands to initialize, validate, plan, and apply the infrastructure configuration.

Run Terraform Commands:

cd Jenkins-terraform
terraform init
terraform validate
terraform plan
terraform apply --auto-approve

Step 6: Set Up Jenkins

A. Jenkins

• Log into Jenkins server

• Now, we have to configure Jenkins. So, copy the public IP of your Jenkins Server and paste it on your favorite browser with an 8080 port.

• Now, run the below command to get the administrator password and paste it on your Jenkins.

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

• Click on Install suggested plugins

• Give username and all details as per your requirement

• Click on Save and Finish.

• Click on Start using Jenkins

B. SonarQube

• When the SonarQube window opens, log in with the initial credentials:

Username: admin

Password: admin

Step 7: CI/CD Pipeline

A. Installation of Plugins

Go to the Jenkins Dashboard -> Manage Jenkins -> Plugins and Install the Following Plugins:

• Eclipse Temurin Installer: Install without restart

• SonarQube Scanner: Install without restart

• NodeJs Plugin: Install without restart

• OWASP Dependency-Check Plugin

• Prometheus metrics: To monitor Jenkins on the Grafana dashboard

• Download Docker-related Plugins: Docker, Docker Commons, Docker Pipeline, Docker API

• Kubernetes

• Kubernetes CLI

• Kubernetes Client API

• Kubernetes Pipeline DevOps Steps

• AWS Credentials

• Pipeline: AWS Steps

• terraform

Now setup terraform plugin in Jenkins:

B. Create a Pipeline

• Go to Dashboard → All → New Item, Select on Plugins and Give a name to your pipeline

• Go to the Pipeline section and paste the script which is in the Repo, the file name is Jenkins-Pipeline/Jenkinsfile-EKS

• Save and Apply. Then below screen will appear then click on Build.

• You can see below the console output.

• We will setup the tools till our job is built. It will take 15-20 mins to create a cluster.

C. Tools Installation

• Go to Dashboard → Manage Jenkins → Tools

• In jdk give name jdk17 , Click on Install automatically, Select Install from adoptium.net and version 17.0.8.1+1

• Add SonarQube Scanner, Give all the details as you can see below

• For Node installation enter the below details

• For Dependency Check installation, enter the below details

D . Add Credentials for SonarQube

a. SonarQube Credentials Setup:

• Go to publicip:9000.

• Log in with your username and password.

• Click on Administration → Security → Users → Token → Generate Token.

• Set token_name as Jenkins.

• Copy the Token.

b. Configure Jenkins:

• Copy the generated token.

• Go to your Jenkins dashboard.

• Navigate to Manage Jenkins → Credentials → System.

• Click on Global → Add Credentials.

• Select Secret text from the dropdown.

• Set the Secret as your token.

• Set the ID as jenkins.

• Click on Create.

• Go to Dashboard →Manage Jenkins → System, and enter the details below

c. Setup Webhook in SonarQube

• Go to Administration → Configuration → Webhooks, And Fill details like below

Check whether your job is successful or not navigating to the pipeline.

d. Setup projects in SonarQube for Jenkins

• Enter the details like below.

e. Setup Docker Credentials

• Go to your Jenkins dashboard.

• Navigate to Manage Jenkins → Manage Credentials.

• Click on Global → Add Credentials.

• Provide your DockerHub username and password.

• Set the ID as docker.

• Click on Create.

E. Create Pipeline for TetrisV1

• Go to your Jenkins, create a new pipeline, and give the pipeline name in Pipeline section enter the pipeline which is at Jenkins-Pipeline/Jenkinsfile-tetris-v1 in the repo.

• And Click on Build.

• Go to the SonarQube then you can see below like this.

In Jenkins, you can see after the build.

• Access the server then run the following command:

aws eks update-kubconfig --name EKS_CLOUD --region 
kubectl get nodes

• If you can see the nodes then your Setup is wonderful.

Step 8: ArgoCD Setup

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.4.7/manifests/install.yaml
kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'
export ARGOCD_SERVER=`kubectl get svc argocd-server -n argocd -o json | jq --raw-output '.status.loadBalancer.ingress[0].hostname'`
export ARGO_PWD=`kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d`
echo $ARGOCD_SERVER
echo $ARGO_PWD

• You will get the server and password.

• Enter the server whatever you got in the browser, then you can see ArgoCD login page.

• Then you can see tetris-service , click on three dots, then you can see like this

• In Port range give a port number that you can see in your terminal, run kubectl get all and copy the port that is in External IP in LoadBalancer. (your Port number could be different)

• So this is the TetrisV1 we have deployed successfully.

G. Create Pipeline for TetrisV2

• Update the Image in the Tetris Deployment repo. and follow the Argo Setup steps, you don’t need to set it again ArgoCD, just create new apps and follow the same process then paste your Hostnames in browser which is in service.

• Tadaa !!!… Your TetrisV2 is also deployed.

Congratulations on completing the DevSecOps Kubernetes Project! You’ve set up a DevSecOps pipeline on AWS using Kubernetes, deploying a Tetris game on Amazon EKS.

You’ve configured Terraform, built and configured Jenkins, integrated SonarQube for code quality, and used ArgoCD for continuous deployment. These steps have equipped you with essential skills in modern DevSecOps practices.

Feel free to apply these techniques to other projects. Happy deploying!

References:

https://archive.eksworkshop.com/intermediate/290_argocd/install/

https://developer.hashicorp.com/terraform/docs

https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

https://www.jenkins.io/doc/