Automating Deployment of the Java Petclinic Application on AWS EKS with Jenkins: A Step-by-Step Guide
Project Requirements
This project aims to automatically deploy a Java-based Petclinic application to an AWS EKS cluster using Jenkins. To ensure smooth execution of the processes, the following requirements are crucial:
- AWS CLI and eksctl: Required for managing Kubernetes (EKS) clusters on AWS.
- Docker: Necessary for building Docker images and pushing them to Docker Hub.
- Jenkins (minimum 4GB RAM): Jenkins will manage CI/CD operations. If running on the same server as SonarQube, a machine with at least 4 GB of RAM is recommended.
- SonarQube: A tool for analyzing code quality, which will be integrated with Jenkins.
- kubectl: Used for performing operations on the Kubernetes cluster.
- Git: Required for retrieving the source code.
- Trivy: Essential for scanning Docker images for security vulnerabilities.
- AWS Account: AWS credentials (Access Key and Secret Key) must be created for using EKS (Elastic Kubernetes Service).
You can find all the steps and the project in the following GitHub repository: https://github.com/hakanbayraktar/petclinic-java.git
Installation of Requirements
Installation of AWS CLI and kubectl
You can manage AWS resources with AWS CLI and direct your Kubernetes cluster with kubectl:
sudo apt install curl unzip -y
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
kubectl Installation
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
Creating AWS IAM User and Access Keys
To give Jenkins access to AWS resources, you need to create an IAM user and related access keys:
Creating IAM User
- Log in to AWS Management Console.
- Follow the path: IAM > Users > Add User.
- Grant programmatic access and define the necessary policy permissions (e.g., for EKS, EC2, S3 services).
- Save the user’s Access Key ID and Secret Access Key information.
Defining AWS Credentials in Jenkins
In Manage Jenkins > Manage Credentials, create a new AWS credential and enter the AWS Access Key ID and Secret Access Key.
Creating AWS EKS Cluster
You can create an EKS cluster using AWS CLI or eksctl from your computer or Jenkins server. Below are the steps to create a cluster using eksctl:
Run the following command to configure access key, secret key, and region information:
aws configure
Then create the cluster:
eksctl create cluster \
--name my-eks-cluster \
--region us-east-1 \
--nodegroup-name standard-workers \
--node-type t3.medium \
--nodes 2
Updating Kubeconfig
aws eks --region us-east-1 update-kubeconfig --name my-eks-cluster
Creating IAM OIDC Provider:
eksctl utils associate-iam-oidc-provider \
--region us-east-1 \
--cluster my-eks-cluster \
--approve
Creating IAM Policy for Load Balancer Controller
curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.1/docs/install/iam_policy.json
aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam-policy.json
Note the returned policy ARN.
Then create the IAM service account:
eksctl create iamserviceaccount \
--cluster=my-eks-cluster \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--attach-policy-arn=arn:aws:iam::339712939374:policy/AWSLoadBalancerControllerIAMPolicy \
--override-existing-serviceaccounts \
--approve
Jenkins Installation(on Jenkins Server)
To install Jenkins, follow these steps:
curl -s https://raw.githubusercontent.com/hakanbayraktar/ibb-tech/refs/heads/main/devops/jenkins/install/jenkins-install.sh | sudo bash
Access the Jenkins interface by opening http://34.69.36.89:8080 in your web browser. During the initial setup, you will be asked for an admin password or you can find in this file (/var/lib/jenkins/secrets/initialAdminPassword) on jenkins ser Copy the password displayed on the screen to complete the installation.
You should select install suggested plugins.
Create first admin user and click the save and continue button.
Approve Jenkins URL address and click on Save and Finish button.
Now Jenkins is ready.
After the installation is completed, you can add Jenkins plugins.
Install Required Plugins
Install the following plugins:
- Pipeline: Necessary for creating the CI/CD pipeline.
- AWS Credentials: Manages the credentials needed to connect to AWS.
- Docker Pipeline: Required for using Docker operations within Jenkins pipeline.
- SonarQube: Integrates SonarQube for code quality analysis.
To install Jenkins plugins:
Go to Manage Jenkins > Manage Plugins, select Available Plugins, and search for the relevant plugins to install them.
Trivy Installation:
sudo apt-get install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y
SonarQube Installation
We will analyze code quality with SonarQube. Ensure that your system has at least 4 GB of RAM if running SonarQube on the same machine as Jenkins.
Installing SonarQube with Docker
docker run -d --name sonarqube -p 9000:9000 sonarqube
Creating SonarQube Token
Access the SonarQube interface via http://server-IP:9000
.
- Username: admin
- Password: admin
Change the default password.
Go to your profile, click on Security > Tokens.
Create a new token and use this token in the Jenkins pipeline.
Defining Credentials
In the Jenkins dashboard, navigate to Manage Jenkins > Credentials > System > Global Credentials and click Add Credentials to add the credentials defined in the Jenkinsfile.
For AWS Credentials:
- Select Kind as AWS Credentials.
- Enter the Access Key and Secret Key information. Set the ID as
aws-key
.
For Docker Credentials:
- Select Kind as Username with Password.
- Enter the Username and Password, then set the ID as
docker-cred
.
Docker Installation
Docker is required to run Jenkins, build images, and push them:
curl -s https://raw.githubusercontent.com/hakanbayraktar/ibb-tech/refs/heads/main/docker/ubuntu-24-docker-install.sh | sudo bash
sudo chmod 666 /var/run/docker.sock
sudo usermod -aG docker jenkins
sudo usermod -aG docker ubuntu
Pipeline Definition (Jenkinsfile)
Below is the Jenkins pipeline definition:
pipeline {
agent any
environment {
cred = credentials('aws-key')
dockerhub_cred = credentials('docker-cred')
DOCKER_IMAGE = "hbayraktar/petclinic"
DOCKER_TAG = "$BUILD_NUMBER"
SONARQUBE_URL = 'http://localhost:9000'
SONAR_TOKEN = credentials('SONAR_TOKEN')
}
stages {
stage("Git Checkout") {
steps {
git branch: 'main', changelog: false, poll: false, url: 'https://github.com/hakanbayraktar/petclinic-java.git'
}
}
stage('SonarQube Analysis') {
steps {
sh """
mvn sonar:sonar \
-Dsonar.projectKey=petclinic-java \
-Dsonar.host.url=${SONARQUBE_URL} \
-Dsonar.login=${SONAR_TOKEN}
"""
}
}
stage("MVN Build") {
steps {
sh "mvn clean install -Dmaven.test.skip=true"
}
}
stage("Docker Build & Push") {
steps {
script {
withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') {
sh "docker build -t ${DOCKER_IMAGE}:${DOCKER_TAG} ."
sh "docker push ${DOCKER_IMAGE}:${DOCKER_TAG}"
}
}
}
}
stage("Update Kubernetes Manifest") {
steps {
sh "sed -i 's|hbayraktar/petclinic:latest|${DOCKER_IMAGE}:${DOCKER_TAG}|' manifest/deployment.yaml"
}
}
stage("TRIVY") {
steps {
sh "trivy image ${DOCKER_IMAGE}:${DOCKER_TAG}"
}
}
stage("Deploy To EKS") {
steps {
sh 'aws eks update-kubeconfig --region us-east-1 --name my-eks-cluster'
sh 'kubectl apply -f manifest/deployment.yaml'
sh 'kubectl apply -f manifest/service.yaml'
}
}
}
}
Important Points
- Make sure the IAM role associated with your EKS nodes has permissions to pull images from Docker Hub.
- The
kubectl
commands need to point to the right cluster; ensure that theaws eks update-kubeconfig
command is set correctly. - The pipeline stages are organized sequentially; modify them according to your project needs.
From the New Item section, create a job named petclinic with the Pipeline type.
In the General section, select GitHub project and copy our GitHub URL address.
In the Pipeline section under Definition, select Pipeline script from SCM. After choosing Git in the SCM section, paste our GitHub URL address into the Repository URL field.
Replace master with main in the Branch Specifier (blank for ‘any’) field and then specify Jenkinsfile. After that, click Save to create the job.
While in the petclinic job, click Build Now to run the petclinic job.
After selecting Build Number #1, you can check the logs related to the job by selecting Console Output from the left menu, allowing you to gather information about the job and troubleshoot any errors by reading the logs if there are any.
After the process runs successfully, you can obtain detailed information from the logs. You can also check the SonarQube server dashboard for SonarQube analysis.
Conclusion
In this article, we have walked through the steps to automate the deployment of a Java-based Petclinic application on AWS EKS using Jenkins. This CI/CD pipeline can serve as a solid foundation for any Java application deployment project. Don’t forget to monitor your applications and continuously improve your pipeline for efficiency!