NotHarshhaa
Cloud-Native-DevOps-Project
HCL

Build & deploy a Cloud-Native Full-Stack Application using Terraform, Jenkins, Docker & Kubernetes โ€“ all on AWS! ๐Ÿ’ฅ

Last updated Jun 23, 2026
25
Stars
38
Forks
0
Issues
0
Stars/day
Attention Score
17
Language breakdown
No language data available.
โ–ธ Files click to expand
README

Cloud-Native DevOps Project ๐Ÿš€

Project Banner

This repository contains a full-stack application deployment using modern DevOps practices and cloud-native technologies. The project demonstrates the implementation of Infrastructure as Code (IaC), containerization, orchestration, and continuous integration/deployment (CI/CD) pipelines.

๐Ÿ“‹ Project Overview

This project implements a complete DevOps lifecycle for a cloud-native application with:

  • Infrastructure automation using Terraform
  • Container orchestration with Kubernetes (EKS)
  • CI/CD implementation using Jenkins
  • Artifact management with Nexus
  • Code quality with SonarQube
  • Security scanning with CodeQL and Veracode
  • Monitoring and observability

๐Ÿ—๏ธ Infrastructure as Code - Terraform

The infrastructure is completely automated using Terraform with state management and locking enabled through AWS S3.

Resources Created:

  • VPC Architecture
- Public Subnet: Hosts Bastion Host, VPN, and ALB (Ingress Controller) - Private Subnet: Houses EKS Cluster - DB Subnet: Contains RDS (MySQL) - CIDR blocks properly segmented for each subnet - NAT Gateway for private subnet internet access - Internet Gateway for public subnet
  • Additional AWS Services
- Route53 for DNS management and service discovery - CloudFront CDN for static content delivery - EFS for persistent storage with proper mount targets - Amazon ECR for secure container registry - S3 buckets for artifact storage and Terraform state - KMS for encryption key management

Terraform Structure

terraform/
โ”œโ”€โ”€ 00-vpc/          # VPC and networking
โ”œโ”€โ”€ 10-sg/           # Security Groups
โ”œโ”€โ”€ 20-bastion/      # Bastion Host
โ”œโ”€โ”€ 30-db/           # RDS Database
โ”œโ”€โ”€ 40-eks/          # EKS Cluster
โ”œโ”€โ”€ 50-acm/          # SSL Certificates
โ”œโ”€โ”€ 60-ingress-alb/  # ALB Ingress
โ””โ”€โ”€ 70-ecr/          # Container Registry
[!NOTE]
For detailed infrastructure setup instructions, please refer to the Infrastructure Setup Guide.

โ˜ธ๏ธ Kubernetes Architecture - EKS

Our application runs on Amazon EKS (Elastic Kubernetes Service) with the following setup:

Cluster Configuration

  • EKS version: 1.24+
  • Node Groups: Mix of on-demand and spot instances
  • Auto-scaling enabled (2-10 nodes)
  • Multi-AZ deployment for high availability

Components

  • Traffic Flow
- AWS Application Load Balancer (ALB) as entry point - Ingress Controller for traffic routing - URL path-based routing - SSL termination - Rate limiting - Kubernetes Services - ClusterIP for internal communication - NodePort for debugging - LoadBalancer for external services
  • Application Management
- Deployments - Rolling updates strategy - Resource limits and requests - Health checks and readiness probes - ConfigMaps - Environment-specific configurations - Feature flags - Application settings - Secrets - Credentials management - Sensitive configuration - Helm Charts - Application packaging - Version management - Dependency handling - Storage - EFS StorageClass - PersistentVolumeClaims - Dynamic provisioning

Helm Chart Structure

helm/
โ”œโ”€โ”€ Chart.yaml
โ”œโ”€โ”€ values.yaml
โ””โ”€โ”€ templates/
    โ”œโ”€โ”€ deployment.yaml
    โ”œโ”€โ”€ service.yaml
    โ”œโ”€โ”€ ingress.yaml
    โ”œโ”€โ”€ configmap.yaml
    โ”œโ”€โ”€ secret.yaml
    โ””โ”€โ”€ hpa.yaml

๐Ÿš€ CI/CD Pipeline - Jenkins

The continuous integration and deployment pipeline is implemented using Jenkins, triggered by GitHub webhooks.

Pipeline Architecture

  • Multi-branch pipeline
  • Shared libraries for common functions
  • Parallel execution where possible
  • Timeout and retry mechanisms
  • Slack/Email notifications

Pipeline Stages:

  • Build Initialization
- Dependency installation - Code checkout - Environment validation - Cache restoration
  • Code Quality
- SonarQube analysis - Code coverage requirements - Security hotspots - Code smells - Code coverage reports - Unit tests - Integration tests
  • Infrastructure
- Terraform plan and apply - Infrastructure validation - Security group verification - Network connectivity tests
  • Containerization
- Multi-stage Dockerfile builds - Docker image build - Layer optimization - Security scanning - Push to Amazon ECR - Image scanning
  • Deployment
- Helm chart validation - Kubernetes manifest generation - Rolling deployment - Smoke tests - Rollback procedures

Jenkinsfile Structure

pipeline {
    agent {
        label 'AGENT-1'
    }
    environment {
        // Environment variables
    }
    stages {
        stage('Build') {
            // Build stage
        }
        stage('Test') {
            // Test stage
        }
        // Additional stages
    }
    post {
        // Post-build actions
    }
}

๐Ÿ› ๏ธ Setup Instructions

Prerequisites

  • AWS Account with appropriate permissions
  • Domain name for application
  • GitHub repository
  • Docker installed locally
  • kubectl and helm installed
  • Terraform installed

1. Jenkins Setup

  • Create EC2 instance for Jenkins
- Instance type: t3.large (minimum) - Storage: 30GB+ EBS - Security Group: Ports 22, 8080
  • Execute the setup script:
sh jenkins.sh
  • Access Jenkins UI at http://<jenkins-ip>:8080
  • Follow initial setup wizard using the password from:
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
  • Install required plugins:
- Pipeline - Git - Docker - Kubernetes - SonarQube Scanner - Nexus Artifact Uploader

2. Jenkins Agent Setup

  • Create EC2 instance for Jenkins agent
- Instance type: t3.medium (minimum) - Storage: 50GB+ EBS
  • Configure AWS credentials:
aws configure
  • Run the agent setup script:
sh jenkins-agent.sh
  • Install required tools:
- Docker - kubectl - helm - terraform - aws-cli

3. Nexus Repository Setup

  • Access Nexus UI at http://<nexus-ip>:8081
  • Create Maven repositories:
- Create hosted repository named "backend" - Set version policy to "mixed" - Set layout policy to "permissive" - Allow redeployment
  • Configure Jenkins-Nexus integration:
- Install "Nexus Artifact Uploader" plugin in Jenkins - Add Nexus credentials in Jenkins - Configure repository URLs
  • Create Docker repository:
- Type: hosted - HTTP port: 8083 - Enable Docker V1 API

4. SonarQube Setup

  • Launch SonarQube instance (t3.medium recommended)
- Instance type: t3.medium - Storage: 30GB EBS - Security Group: Ports 22, 9000
  • Access SonarQube UI at http://<sonarqube-ip>:9000
  • Jenkins Integration:
- Install SonarQube Scanner plugin - Configure SonarQube server in Jenkins - Add authentication token - Setup webhooks for analysis feedback
  • Configure Quality Gates:
- Code Coverage: 80% - Duplicated Lines: 3% - Maintainability Rating: A - Security Rating: A - Reliability Rating: A

๐Ÿ“Š Monitoring and Security

Monitoring Stack

  • Metrics
- Prometheus for metrics collection - Grafana for visualization - Custom dashboards for: - Application metrics - Infrastructure metrics - Business metrics
  • Logging
- ELK Stack - Log rotation - Log aggregation
  • Alerting
- PagerDuty integration - Slack notifications - Email alerts

Security Measures

  • Quality Gates:
- Configured in SonarQube for code quality metrics - Branch protection rules - Required reviews
  • Security Scanning:
- CodeQL analysis enabled - DAST scanning using Veracode - Container scanning - Dependency scanning
  • Monitoring:
- Kubernetes metrics - Application performance monitoring - Infrastructure health checks - Custom metrics

๐Ÿ” Security Best Practices

Infrastructure Security

  • Bastion host for secure access
  • Private subnets for sensitive resources
  • IAM roles and policies
  • Network security groups
  • Regular security scanning
  • Encrypted communication

Application Security

  • HTTPS everywhere
  • WAF rules
  • Rate limiting
  • Input validation
  • Output encoding
  • CSRF protection
  • XSS prevention

CI/CD Security

  • Secrets management
  • Pipeline security
  • Image scanning
  • Dependency checking
  • Compliance validation

๐Ÿ“ Contributing

  • Fork the repository
  • Create your feature branch (git checkout -b feature/AmazingFeature)
  • Commit your changes (git commit -m 'Add some AmazingFeature')
  • Push to the branch (git push origin feature/AmazingFeature)
  • Open a Pull Request

๐Ÿ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.


โญ Support & Contribution

If you find this repository helpful, consider: โœ… Starring โญ the repository to support the project! โœ… Forking ๐Ÿด and contributing improvements or new installation guides โœ… Reporting ๐Ÿ”ฅ issues or suggestions via GitHub Issues


Join the Community

[!IMPORTANT]
We encourage you to be an active part of our community:
>
- Join Our Telegram Community: Connect with fellow DevOps enthusiasts, ask questions, and share your progress in our Telegram group.
- Follow Me on GitHub: Stay updated with new content by following me on GitHub.

๐Ÿ“ข Author & Contact

๐Ÿ‘จโ€๐Ÿ’ป Created & Maintained by: H A R S H H A A

๐Ÿ”— Connect with Me: LinkedIn GitHub Telegram Dev.to Hashnode

๐Ÿ“ฉ Need help or suggestions? Feel free to reach out! ๐Ÿš€


๐Ÿ”ฅ Hit the Star! โญ

If you're using this repo for learning or reference, please give it a โญ. It motivates me to create more awesome content! ๐Ÿš€


๐Ÿ“ข Stay Connected

Follow Me

๐Ÿ”— More in this category

ยฉ 2026 GitRepoTrend ยท NotHarshhaa/Cloud-Native-DevOps-Project ยท Updated daily from GitHub