Skip to content

Deploy Jenkins on an EKS cluster using Terraform and Helm.

License

Notifications You must be signed in to change notification settings

SM4527/EKS-Jenkins

Repository files navigation

Kubernetes AWS Terraform Docker Nginx Jenkins Shell Script

Stars Forks Issues License

Project Title

EKS-Jenkins-CICD Tweet

Description

Automate CICD by deploying Jenkins on an AWS EKS Kubernetes cluster using Terraform and Helm.Leverage Jenkins Configuration as Code (JCasC) to configure Jenkins.Authentication and Authorization are using the GitHub OAuth plugin and the Matrix-Auth plugin.Automate CICD by setting up GitHub App and periodically scanning the GitHub Repos for the presence of a Jenkinsfile using the GitHub Branch Source plugin. Finally, Configure Kubernetes Agent to create Pods on the EKS Cluster to execute the various Pipeline stages.

image

image

Getting Started

Dependencies

  • Docker
  • AWS user with programmatic access and high privileges
  • Linux terminal
  • Deploy an EKS K8 Cluster with Self managed Worker nodes on AWS using Terraform.
  • Deploy a NGINX Ingress on the above EKS cluster (Pod->service->Ingress->ELB+ACM->Route 53->Domain URL).
  • GitHub OAuth Setup: Follow the steps outlined below.

https://plugins.jenkins.io/github-oauth/

Visit https://github.com/settings/applications/new to create a GitHub application registration.

The values for application name, homepage URL, or application description don't matter. They can be customized however desired.

However, the authorization callback URL takes a specific value. It must be https://jenkins.example.com/securityRealm/finishLogin where jenkins.example.com is the location of the Jenkins server.

The important part of the callback URL is /securityRealm/finishLogin

Finish by clicking Register application.
  • GitHub App Setup: Follow the steps outlined below.

https://docs.cloudbees.com/docs/cloudbees-ci/latest/traditional-admin-guide/github-app-auth#_adding_the_jenkins_credential

Installing

  • Clone the repository
  • Set environment variable TF_VAR_AWS_PROFILE
  • Review terraform variable values in variables.tf, locals.tf
  • Override values in the Helm chart through the "chart_values.yaml" file
  • Update GitHub oAuth ClientID & ClientSecret, GithubApp AppID, ID & Private Key attribue values.
  • Update kubernetes.tf with the AWS S3 bucket name and key name from the output of the EKS K8 Cluster

Executing program

  • Configure AWS user with AWS CLI.
docker-compose run --rm aws configure --profile $TF_VAR_AWS_PROFILE

docker-compose run --rm aws sts get-caller-identity
  • Specify appropriate Terraform workspace.
docker-compose run --rm terraform workspace show

docker-compose run --rm terraform workspace select default
  • Run Terraform apply to create the EKS cluster, k8 worker nodes and related AWS resources.
./run-docker-compose.sh terraform init

./run-docker-compose.sh terraform validate

./run-docker-compose.sh terraform plan

./run-docker-compose.sh terraform apply
  • Verify jenkins pod is running and the Ingress is set correctly.
./run-docker-compose.sh kubectl get all -A | grep -i jenkins

./run-docker-compose.sh kubectl get ingress -n cicd

./run-docker-compose.sh kubectl get cm -n cicd
  • Login to Jenkins using your Domain Https URL, prefixed by "jenkins." and enter your GitHub username and password to proceed with further steps below.

  • Start a new item, select Github Organization, select "Github App" Credential, and your Github username or Organization as owner and apply. Check out the exact steps below for the Github-Branch-Source plugin.

https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/github-branch-source-plugin

  • Scan organization Now and GitHub will check the GitHub Repositories for the presence of a Jenkinsfile and if present, will run the various stages.

  • The Kubernetes Agent in our Pipeline will create Pods on the EKS cluster to execute the various stages.

  • The Stages can be visualized using the Blueocean Jenkins plugin that we have installed in our project.

  • Automate CICD by scheduling the subsequent GitHub Repository scans at desired intervals.

Help

Authors

Sivanandam Manickavasagam

Version History

  • 0.1
    • Initial Release

License

This project is licensed under the MIT License - see the LICENSE file for details

Repo rosters

Stargazers

Stargazers repo roster for @SM4527/EKS-Jenkins