A complete CI/CD pipeline solution for building, testing, and deploying Java applications to Kubernetes environments.
This project provides a full-featured Continuous Integration and Continuous Deployment (CI/CD) pipeline specifically designed for Java applications that run on Kubernetes. It automates the entire software delivery process from code commit to production deployment, with appropriate safeguards and controls at each stage.
- End-to-end Automation: Automate building, testing, and deployment processes
- Multiple Environment Support: Development, staging, and production environments
- Quality Gates: Code quality checks, unit testing, integration testing
- Security Scanning: Vulnerability scanning for code and containers
- Kubernetes-native: Designed specifically for K8s deployments with best practices
- Observability: Built-in monitoring, logging, and alerting
- Customizable Workflows: Adaptable to various Java application types (Spring Boot, Quarkus, etc.)
The pipeline consists of the following key components:
- Source Code Management: Git-based version control
- CI Server: Jenkins/GitLab CI/GitHub Actions orchestration
- Build System: Maven/Gradle build automation
- Testing Framework: JUnit, Mockito, integration test suites
- Container Registry: Docker image storage
- Kubernetes Deployment: Helm charts for application deployment
- Configuration Management: Externalized configuration
- Monitoring Stack: Prometheus, Grafana, logging solutions
- Kubernetes cluster (v1.20+)
- Docker (20.10+)
- Git
- Java Development Kit (JDK 11 or 17)
- Maven (3.8+) or Gradle (7+)
- CI/CD platform access (Jenkins, GitLab CI, GitHub Actions, etc.)
- Container registry access (DockerHub, ECR, GCR, etc.)
git clone https://github.com/yourusername/java-k8s-cicd.git
cd java-k8s-cicd-
Install required plugins:
- Kubernetes plugin
- Docker plugin
- JUnit plugin
- SonarQube plugin
- Pipeline plugin
-
Create Jenkins pipeline configuration:
- Add
Jenkinsfilefrom the templates directory - Configure credentials for Docker registry and Kubernetes
- Set up webhook triggers from your Git repository
- Add
- Copy the workflow templates from
.github/workflowsto your repository - Configure secrets in your GitHub repository:
DOCKER_USERNAMEandDOCKER_PASSWORDKUBE_CONFIG- base64 encoded kubeconfig fileSONAR_TOKEN- for code quality checks
- Create namespace for your application:
kubectl create namespace my-java-app- Apply RBAC configurations:
kubectl apply -f k8s/rbac.yaml- Configure secrets:
kubectl apply -f k8s/secrets.yamlEdit the pipeline-config.yaml file to specify:
- Application name and version pattern
- Docker registry path
- Testing requirements
- Environment-specific deployment targets
- Resource requirements
- Develop: Write code and tests locally
- Commit: Push changes to feature branch
- CI Trigger: Automated tests and builds run
- Review: Code review and QA processes
- Merge: Changes merged to main branch
- Release: Automated deployment to staging
- Promote: Manual approval for production deployment
Trigger specific pipeline actions:
# Run the full pipeline
./pipeline.sh run-full
# Run only build and test phases
./pipeline.sh build-test
# Deploy to specific environment
./pipeline.sh deploy --env=staging- Check deployment status:
kubectl get deployments -n my-java-app- View pod status:
kubectl get pods -n my-java-app- Check application logs:
kubectl logs -l app=my-java-app -n my-java-appjava-k8s-cicd/
├── .github/ # GitHub Actions workflow definitions
├── ci/ # CI configuration
│ ├── Jenkinsfile # Jenkins pipeline script
│ └── scripts/ # Helper scripts for CI processes
├── helm/ # Helm charts for K8s deployment
│ ├── app/ # Application chart
│ └── dependencies/ # Dependency charts
├── k8s/ # Kubernetes manifest files
│ ├── base/ # Common K8s resources
│ └── environments/ # Environment-specific overlays
├── src/ # Sample application source
│ ├── main/ # Application code
│ └── test/ # Test code
├── pipeline-config.yaml # Pipeline configuration
├── pipeline.sh # Pipeline control script
└── README.md # This file
The pipeline uses the following environment variables:
| Variable | Description | Default |
|---|---|---|
JAVA_VERSION |
JDK version | 17 |
BUILD_TOOL |
Maven or Gradle | maven |
DOCKER_REGISTRY |
Container registry URL | docker.io |
NAMESPACE |
Kubernetes namespace | default |
DEPLOY_STRATEGY |
Deployment strategy | RollingUpdate |
Modify helm/app/values.yaml to customize:
- Number of replicas
- Resource requests/limits
- Health check configurations
- Service ports and protocols
- Autoscaling parameters
The pipeline implements several security measures:
- Container Scanning: Uses Trivy to scan for vulnerabilities in Docker images
- Secret Management: Kubernetes secrets for sensitive information
- RBAC: Principle of least privilege for service accounts
- Network Policies: Restricted communication between components
- Image Signing: Optional container image signing capability
-
Pipeline Fails at Build Stage
- Check Java/Maven/Gradle versions
- Verify build dependencies availability
-
Deployment Fails
- Check kubectl context
- Verify namespace existence
- Check for sufficient cluster resources
-
Container Crashes
- Review application logs
- Check resource limits and requests
- File issues on the GitHub repository
- Check the FAQ in the docs directory
- Consult the detailed documentation at
docs/troubleshooting.md