This project provides a streamlined approach to deploy your SpringBoot boardgame application on a Kubernetes cluster hosted on AWS while ensuring comprehensive monitoring and security. The deployment process is automated using a GitHub Actions CICD pipeline.
- Backend: SpringBoot application for your boardgame.
- Cloud Provider: Amazon Web Services.
- Containerization: Docker for building container images.
- Code Quality Check: SonarQube for code quality check.
- Orchestration: Kubernetes for managing container deployments and scaling.
- Self-Hosted Runner: Dedicated EC2 instance for running GitHub Actions workflows
- Prometheus: Collects and stores application and system metrics.
- Grafana: Visualizes collected metrics for insights.
- Node Exporter: Exposes system stats as Prometheus metrics.
- Blackbox Exporter: Monitors external services.
- Trivy: Scans container images for vulnerabilities.
- CI/CD: GitHub Actions workflow automates build, image push, and deployment.
- Automated build and deployment process through GitHub Actions
- Containerized application for portability and scalability
- Real-time monitoring of application and system health
- Customizable dashboards for visualizing key metrics
- vulnerability scanning of container images with Trivy
- Java 11+
- AWS Account with IAM user access
- kubectl configured to interact with your Kubernetes cluster
- Git installed
- Docker installed
git clone https://github.com/ARUP-G/CICD-Pipeline-Using-GitHub-Actions.git
We are creating 2 Ec2 instances for kubernetes Master and Kubernetes Worker and another Ec2 instance for Github Actions Self-Hosted Runner. To create an Ubuntu EC2 instance in AWS, follow these steps:
-
Sign in to the AWS Management Console:
- Go to the AWS Management Console at https://aws.amazon.com/console/.
- Sign in with your AWS account credentials.
-
Navigate to EC2:
- Once logged in, navigate to the EC2 dashboard by typing "EC2" in the search bar at the top or by selecting "Services" and then "EC2" under the "Compute" section.
-
Launch Instance:
- Click on the "Instances" link in the EC2 dashboard sidebar.
- Click the "Launch Instance" button.
-
Choose an Amazon Machine Image (AMI):
- In the "Step 1: Choose an Amazon Machine Image (AMI)" section, select "Ubuntu" from the list of available AMIs.
- Choose the Ubuntu version you want to use. For example, "Ubuntu Server 20.04 LTS".
- Click "Select".
-
Choose an Instance Type:
- In the "Step 2: Choose an Instance Type" section, select the instance type that fits your requirements. The default option (usually a t2.micro instance) is suitable for testing and small workloads.
- Click "Next: Configure Instance Details".
Note: Try to select instance type which has 2 or more Cpu to omit any error on K8s side.
-
Configure Instance Details:
- Optionally, configure instance details such as network settings, subnets, IAM role, etc. You can leave these settings as default for now.
- Click "Next: Add Storage".
-
Add Storage:
- Specify the size of the root volume (default is usually fine for testing purposes).
- Click "Next: Add Tags".
-
Add Tags:
- Optionally, add tags to your instance for better organization and management.
- Click "Next: Configure Security Group".
-
Configure Security Group:
-
Review and Launch:
- Review the configuration of your instance.
- Click "Launch".
-
Select Key Pair:
- In the pop-up window, select an existing key pair or create a new one.
- Check the acknowledgment box.
- Click "Launch Instances".
-
Access Your Instance:
- Use Mobaxterm
-
Update System Packages [On Master & Worker Node]
sudo apt-get update
-
Install Docker [On Master & Worker Node]
sudo apt install docker.io -y sudo chmod 666 /var/run/docker.sock
-
Install Required Dependencies for Kubernetes [On Master & Worker Node]
sudo apt-get install -y apt-transport-https ca-certificates curl gnupg sudo mkdir -p -m 755 /etc/apt/keyrings
-
Add Kubernetes Repository and GPG Key [On Master & Worker Node]
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
-
Update Package List [On Master & Worker Node]
sudo apt update
-
Install Kubernetes Components [On Master & Worker Node]
sudo apt install -y kubeadm=1.28.1-1.1 kubelet=1.28.1-1.1 kubectl=1.28.1-1.1
-
Initialize Kubernetes Master Node [On MasterNode]
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
-
Configure Kubernetes Cluster [On MasterNode]
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
-
Deploy Networking Solution (Calico) [On MasterNode]
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
-
Deploy Ingress Controller (NGINX) [On MasterNode]
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/baremetal/deploy.yaml
-
Connect Master Node with Worker Node [On Worker]
Run Join Command on Worker Node:
sudo kubeadm join <master-node-ip>:<master-node-port> --token <token> --discovery-token-ca-cert-hash <hash>
-
Ckeck Kubernetes nodes [On Master]
kubectl get nodes
-
Create a namespace on Kubernetes
kubectl create namespace production
-
Create Role Based Service Account
Create a
svc.yml
file in ec2, copy the file content from K8s-setup directory from the repository and executekubectl apply -f scv.yml
-
Create Role for Service Account
Create a
role.yml
file in ec2, copy the file content from K8s-setup directory from the repository and executekubectl apply -f role.yml
-
Create Role Bind for Service Account
Create a
bind.yml
file in ec2, copy the file content from K8s-setup directory from the repository and executekubectl apply -f bind.yml
-
Create Secret for authentication of K8s Cluster
Create a
secret.yml
file in ec2, copy the file content from K8s-setup directory from the repository and executekubectl apply -f secret.yml -n production
-
Add Secret to access K8s Cluster Go to
./kube
directory and convertconfig
file to base64 formatcd ./kube base64 ./kube/config
copy the output and set it in Step-6 of
Repository Secrets
and save asKube_config
-
Update System Packages
sudo apt-get update
-
Install Docker
sudo apt install docker.io -y sudo chmod 666 /var/run/docker.sock
-
Run the following command [SonarQube]:
docker run -d --name sonar -p 9000:9000 sonarqube:lts-community
This command will download the
sonarqube:lts-community
Docker image from Docker Hub if it's not already available locally. Then, it will create a container named "sonar" from this image, running it in detached mode (-d
flag) and mapping port 9000 on the host machine to port 9000 in the container (-p 9000:9000
flag). -
Access SonarQube by opening a web browser.
Navigating to
http://runner-ec2-public-ip:9000
This will start the SonarQube server, and you should be able to access it using the provided URL. -
Setup Trivy for vulnerablity scan
sudo apt-get install wget apt-transport-https gnupg lsb-release wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list sudo apt-get update sudo apt-get install trivy
-
Go to setting page of the repo
-
Click action -> Runners -> Create New-Self-Hosted-Runner
-
Execute
run.sh
file inactions-runner
directory -
Create Repository Secrets for CI/CD Pipeline.
Go to repo settings -> Secrets and Variables -> Actions -> New Repository Secret make sure to keep the same secret names as below
-
Port on which application is deployed
Go to Build summary and find the Kubernetes stage and find the svc port.
-
Access the application
access the application on
http://runner-ec2-public-ip:k8ssvc-portnumber
-
Download Prometheus
Go to
https://prometheus.io/download/
and get prometheus linux version.wget https://github.com/prometheus/prometheus/releases/download/v2.45.5/prometheus-2.45.5.linux-amd64.tar.gz
-
Unzip Prometheus
tar -xvf prometheus-2.45.5.linux-amd64.tar.gz
-
Run Prometheus
cd prometheus-2.45.5.linux-amd64 # Run on background ./prometheus &
-
Access prometheus
Visit
http://runner-ec2-public-ip:9090
and go toStatus
thenTargets
-
Add BlackBox For External Service monitoting
Go to
https://prometheus.io/download/
and get Blackbox_exporter linux version.wget https://github.com/prometheus/blackbox_exporter/releases/download/v0.25.0/blackbox_exporter-0.25.0.linux-amd64.tar.gz
-
Unzip BalckBox
tar -xvf blackbox_exporter-0.25.0.linux-amd64.tar.gz
-
Add Node-Exporter For system stats monitoting
Go to
https://prometheus.io/download/
and get node_exporter linux version.wget https://github.com/prometheus/node_exporter/releases/download/v1.8.0/node_exporter-1.8.0.linux-amd64.tar.gz
-
Unzip Node-exporter
tar -xvf node_exporter-1.8.0.linux-amd64.tar.gz
-
Confirure Bloackbox and Node_Exporter to work with prometheus
cd prometheus-2.45.5.linux-amd64 # edit the prometheus.yml file # Copy the contents from file in k8s-setup under same name vi prometheus.yml
-
Run BlackBOx Exporter
cd blackbox_exporter-0.25.0.linux-amd64 ./blackbox
-
Access BlackBox
-
Run Node Exporter
cd node_exporter-1.8.0.linux-amd64 # Run in background ./node_exporter &
-
Access Node_Exporter
-
Access prometheus
Re-run Prometheus
Visit
http://runner-ec2-public-ip:9090
-
Download Graphana
Go to
https://grafana.com/grafana/download
and get Graphana linux version.# Run commands one by one sudo apt-get install -y adduser libfontconfig1 musl wget https://dl.grafana.com/enterprise/release/grafana-enterprise_10.4.2_amd64.deb sudo dpkg -i grafana-enterprise_10.4.2_amd64.deb
-
Run Graphana
sudo /bin/systemctl/ start graphana-server
-
Access Graphana
Visit
http://runner-ec2-public-ip:3000
-
Add Connection to Prometheus
Home -> Connections -> Add new connnection -> Search Prometheus -> Add -> Prometheua Serever URL ->
http://runner-ec2-public-ip:9090
-> Save and Test -
Create Dashboard
-
visit https://grafana.com/grafana/dashboards/7587-prometheus-blackbox-exporter/ and import the dashboard by copying dashboard ID.
-
visit https://grafana.com/grafana/dashboards/1860-node-exporter-full/ and import the dashboard by copying dashboard ID.
-
Refresh dashboard.
-
This project is licensed under the MIT License.
Contributions to the Spring Boot BoardGame application and deployment guide are welcome! If you have any suggestions, bug fixes, or improvements, feel free to open an issue or submit a pull request.
Special thanks to the Spring Boot community, Kubernetes community, GitHub Actions, Prometheus, Grafana, Blackbox, Node Exporter, and Trivy and Aditya Jaisawal for their contributions to the ecosystem.