- Open VS Code.
- Open the terminal in VS Code.
- Clone the project:
git clone https://github.com/arumullayaswanth/Fullstack-python-aws-eks-project.gitMake sure you have your AWS credentials configured. Run:
aws configureEnter your:
- Access Key ID
- Secret Access Key
- Region (like
us-east-1) - Output format (leave it as
json)
ls
cd Fullstack-python-aws-eks-project
lsThese buckets will store terraform.tfstate files.
cd s3-buckets/
ls
terraform init
terraform plan
terraform apply -auto-approve- Navigate to Terraform EC2 folder:
cd ../terraform- Run Terraform:
terraform init
terraform plan
terraform apply -auto-approve- example output :
Apply complete! Resources: 24 added, 0 changed, 0 destroyed.
Outputs:
jumphost_public_ip = "18.208.229.108"
region = "us-east-1"- The command terraform state list is used to list all resources tracked in your current Terraform state file.
terraform state listoutput :
$ terraform state list
aws_iam_instance_profile.instance-profile
aws_iam_policy.eks_policy
aws_iam_role.iam-role
aws_iam_role_policy_attachment.cloudformation_full_access
aws_iam_role_policy_attachment.ec2_full_access
aws_iam_role_policy_attachment.eks_cluster_policy
aws_iam_role_policy_attachment.eks_policy_attachment
aws_iam_role_policy_attachment.eks_worker_node_policy
aws_iam_role_policy_attachment.iam-policy
aws_iam_role_policy_attachment.iam_full_access
aws_instance.ec2
aws_internet_gateway.igw
aws_route_table.private_rt
aws_route_table.rt
aws_route_table_association.private_rt_association1
aws_route_table_association.private_rt_association2
aws_route_table_association.rt-association
aws_route_table_association.rt-association2
aws_security_group.security-group
aws_subnet.private-subnet1
aws_subnet.private-subnet2
aws_subnet.public-subnet1
aws_subnet.public-subnet2
aws_vpc.vpc- Go to AWS Console β EC2
- Click your instance β Connect
- Once connected, switch to root:
sudo -i- DevOps Tool Installation Check & Version Report
[Git]="git --version"
[Java]="java -version"
[Jenkins]="jenkins --version"
[Terraform]="terraform -version"
[Maven]="mvn -v"
[kubectl]="kubectl version --client --short"
[eksctl]="eksctl version"
[Helm]="helm version --short"
[Docker]="docker --version"
[Trivy]="trivy --version"
[SonarQube]="docker ps | grep sonar"
[Grafana]="kubectl get pods -A | grep grafana"
[Prometheus]="kubectl get pods -A | grep prometheus"
[AWS_CLI]="aws --version"
[MariaDB]="mysql --version"- Get the initial Jenkins admin password:
cat /var/lib/jenkins/secrets/initialAdminPassword- example output :
0c39f23132004d508132ae3e0a7c70e4Copy that password!
- Open browser and go to:
http://<EC2 Public IP>:8080- Paste the password from last step.
- Click Install suggested plugins
- Create first user:
| Field | Value |
|---|---|
| Username | yaswanth |
| Password | yaswanth |
| Full Name | yaswanth |
| yash@example.com |
Click through: Save and Continue β Save and Finish β Start using Jenkins
- In Jenkins Dashboard β Manage Jenkins
- Go to: Credentials β System β Global Credentials (unrestricted)
- Click Add Credentials
- Kind: Secret Text
- Secret: your AWS Access Key
- ID:
accesskey - Description: AWS Access Key
- Kind: Secret Text
- Secret: your AWS Secret Key
- ID:
secretkey - Description: AWS Secret Key
Click Save for both.
- Go to Jenkins Dashboard β Manage Jenkins β Plugins.
- Click the Available tab.
- Search and install the following:
- β Pipeline: stage view
- β Eclipse Temurin installer
- β SonarQube Scanner
- β Maven Integration
- β NodeJS
- β Docker
- β Docker Commons
- β Docker pipeline
- β Docker API
- β Docker-build-step
- β Amazon ECR
- β Kubernetes Client API
- β Kubernetes
- β Kubernetes Cerdentials
- β Kubernetes CLI
- β Kubernetes Cerdentials Provider
- β Config File Provider
- β OWASP Dependency-check
- β Email Extension Template
- β Prometheus metrics
- when installation is compete:
- β Restart jenkins when installation is complete and no job are running
- Open browser and go to:
http://<EC2 Public IP>:9000Log in with:
- Username: admin
- Password: admin (change after first login)
2. Update your password
- Old Password:
admin - New Password:
yaswanth - Confirm Password:
yaswanth - update
This guide will walk you through integrating SonarQube with Jenkins for static code analysis, from setting up the project in SonarQube to configuring Jenkins plugins and credentials.
-
Open the SonarQube Dashboard in your browser
- Example:
http://localhost:9000or your server's URL.
- Example:
-
Navigate to: Administration β Under Security β click Users
-
click the Tokens down Icon button.
-
Click Generate Token and fill in:
- Token name:
token - Expires in:
No expiration
- Token name:
-
Click Generate and copy the token.
β οΈ Important: You will not be able to view this token again, so copy and save it securely. -
Done β this token will be used in Jenkins for authentication with SonarQube.
- Go to Jenkins Dashboard β Manage Jenkins β Credentials.
- Click System β Global credentials (unrestricted).
- Click Add Credentials.
- Fill in:
- Kind:
Secret text - Secret: (paste your SonarQube token)
- ID:
sonarqube-token - Description:
sonarqube-token
- Kind:
- Click Create.
- Go to Jenkins Dashboard β Manage Jenkins β System.
- Scroll down to the SonarQube servers section.
- Click Add SonarQube and fill:
- Name:
sonar-server - Server URL:
http://localhost:9000(or your actual Sonar IP) - Server Authentication Token: Select
sonarqube-token(from credentials)
- Name:
- β Check Environment variables injection.
- Click Save.
- Go to SonarQube Dashboard β Administration
- Under Configuration, click Webhooks
- Click Create
- Fill:
- Name:
jenkins - Server URL:
http://localhost:8080/sonarqube-webhook/(or your actual jenkins IP)
- Name:
- Click Create
This allows SonarQube to notify Jenkins after analysis is complete.
-
Go to Jenkins Dashboard β Manage Jenkins β Tool.
-
Scroll to JDK installations section:
- Click Add JDK
- Name:
jdk - β
Check Install automatically
- Add Installer
- select
install from adoptium.net- version : `jdk-17.0.8.1+1
- select
- Add Installer
-
Scroll to SonarQube Scanner installations section:
- Click Add SonarQube Scanner
- Name:
sonar-scanner - β
Check Install automatically
- version :
SonarQube Scanner 7.0.1.4817 - it is least version
- version :
-
Scroll to NodeJS installations section:
- Click Add NodeJs
- Name:
nodejs - β
Check Install automatically
- version :
Nodejs 23.7.0- it is least version
- version :
-
Scroll to Dependency-check installation section:
- Click Add Dependency-check
- Name:
DP-check - β
Check Install automatically
- Add Installer
- select
install from github.com- version :
dependency-check-12.0.2- it is least version
- version :
- select
- Add Installer
-
Click Save.
Follow these steps to set up email notifications in Jenkins using your Gmail account.
- Go to Gmail.
- In the top-right, click Manage your Google Account.
- In the left sidebar, click Security.
- Under Signing in to Google, check if 2-Step Verification is enabled.
- If not, turn it ON and complete the setup.
- In the top Google search bar, type:
App Passwords - Generate an app password:
- App Name:
jenkins - Click Generate
- π Copy the generated password
- App Name:
- Go to Jenkins Dashboard β Manage Jenkins β Credentials
- Click System β Global credentials (unrestricted)
- Click Add Credentials
- Fill the form:
- Kind:
Username with password - Username:
yaswanth.arumulla@gmail.com - Password: (paste the app password)
- ID:
email - Description:
email
- Kind:
- Click Create
-
Go to Jenkins Dashboard β Manage Jenkins β System
-
Scroll down to Extended E-mail Notification
- SMTP Server:
smtp.gmail.com - SMTP Port:
465 - Click Advanced
- Credentials: Select the
emailcredential - β Use SSL
- Default Content Type:
html (text/html)
- SMTP Server:
-
Scroll down to E-mail Notification
- SMTP Server:
smtp.gmail.com - Click Advanced
- β Use SMTP Authentication
- User Name:
yaswanth.arumulla@gmail.com - Password: (paste app password)
- β Use SSL
- SMTP Port:
465 - Reply-to Address:
yaswanth.arumulla@gmail.com - Charset:
UTF-8 - Test configuration:
- Test E-mail recipient:
yaswanth.arumulla@gmail.com - Click Test Configuration to verify
- Test E-mail recipient:
- SMTP Server:
-
Scroll down to Default Triggers
-
Click the dropdown and select:
- β
Always - β
Failure - β
Success
- β
-
Click Apply then Save.
-
Go to your Gmail inbox and confirm that a test email has arrived from Jenkins.
-
You're now ready to receive Jenkins pipeline notifications via Gmail!
- Go to Jenkins Dashboard
- Click New Item
- Name it:
eks-terraform - Select: Pipeline
- Click OK
- Pipeline:
- Definition :
Pipeline script from SCM - SCM :
Git - Repositories :
https://github.com/arumullayaswanth/Fullstack-python-aws-eks-project.git - Branches to build :
*/master - Script Path :
eks-terraform/eks-jenkinsfile - Apply
- Save
- Definition :
- click Build with Parameters
- ACTION :
- Select Terraform action :
apply - Build
- To verify your EKS cluster, connect to your EC2 jumphost server and run:
aws eks --region us-east-1 update-kubeconfig --name project-eks
kubectl get nodes- Go to Jenkins Dashboard
- Click New Item
- Name it:
ecr-terraform - Select: Pipeline
- Click OK
- Pipeline:
- Definition :
Pipeline script from SCM - SCM :
Git - Repositories :
https://github.com/arumullayaswanth/Fullstack-python-aws-eks-project.git - Branches to build :
*/master - Script Path :
ecr-terraform/ecr-jenkinfine - Apply
- Save
- Definition :
-
click Build with Parameters
- ACTION :
- Select Terraform action :
apply - Build
-
To verify your EKS cluster, connect to your EC2 jumphost server and run:
aws ecr describe-repositories --region us-east-1- β Verify Amazon ECR Repositories in AWS Console (us-east-1) This guide shows how to verify if your ECR repositories exist using the AWS Console UI.
Amazon ECR β Private registry β Repositories
- AWS Console access
- IAM permissions to view Amazon ECR
- Repositories to verify:
hotstar
π https://us-east-1.console.aws.amazon.com/
- In the top search bar, type:
ECR - Click on Elastic Container Registry
- In the left sidebar, click:
Private registry β Repositories - Or go directly here:
π https://us-east-1.console.aws.amazon.com/ecr/repositories
- Use the search bar to search each repository name:
- Navigate to Jenkins Dashboard β Manage Jenkins β Credentials β (global) β Global credentials (unrestricted).
- Click βAdd Credentialsβ.
- In the form:
- Kind:
Secret text - Secret:
ghp_HKMTPOmxnnl5d1f73zh - ID:
my-git-pattoken - Description:
git credentials
- Kind:
- Click βOKβ to save.
π Step 12.2: βοΈ Jenkins Pipeline Setup: Build frontend images and Push and update Docker Images to ECR
- Go to Jenkins Dashboard
- Click New Item
- Name it:
frontend - Select: Pipeline
- Click OK
- Pipeline:
- Definition :
Pipeline script from SCM - SCM :
Git - Repositories :
https://github.com/arumullayaswanth/Fullstack-python-aws-eks-project.git - Branches to build :
*/master - Script Path :
jenkinsfiles/frontend - Apply
- Save
- Definition :
- click Build
π Step 12.3: βοΈ Jenkins Pipeline Setup: Build backend images and Push and update Docker Images to ECR
- Go to Jenkins Dashboard
- Click New Item
- Name it:
backend - Select: Pipeline
- Click OK
- Pipeline:
- Definition :
Pipeline script from SCM - SCM :
Git - Repositories :
https://github.com/arumullayaswanth/Fullstack-python-aws-eks-project.git - Branches to build :
*/master - Script Path :
jenkinsfiles/backend - Apply
- Save
- Definition :
- click Build
kubectl create namespace argocdkubectl apply -n argocd \
-f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yamlkubectl get pods -n argocdEnsure all pods are in Running state.
Check your nodes and create a test pod if necessary:
kubectl get nodeskubectl get all -n argocdSample output:
NAME READY STATUS RESTARTS AGE
pod/argocd-application-controller-0 1/1 Running 0 106m
pod/argocd-applicationset-controller-787bfd9669-4mxq6 1/1 Running 0 106m
pod/argocd-dex-server-bb76f899c-slg7k 1/1 Running 0 106m
pod/argocd-notifications-controller-5557f7bb5b-84cjr 1/1 Running 0 106m
pod/argocd-redis-b5d6bf5f5-482qq 1/1 Running 0 106m
pod/argocd-repo-server-56998dcf9c-c75wk 1/1 Running 0 106m
pod/argocd-server-5985b6cf6f-zzgx8 1/1 Running 0 106m
kubectl edit svc argocd-server -n argocdFind this line:
type: ClusterIPChange it to:
type: LoadBalancerSave and exit (:wq for vi).
kubectl get svc argocd-server -n argocdSample output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
argocd-server LoadBalancer 172.20.1.100 a1b2c3d4e5f6.elb.amazonaws.com 80:31234/TCP,443:31356/TCP 2mUse the DNS:
https://<EXTERNAL-IP>.amazonaws.comkubectl get secret argocd-initial-admin-secret -n argocd \
-o jsonpath="{.data.password}" | base64 -d && echo- Username:
admin - Password: (The output of the above command)
Run these commands on your jumphost EC2 server:
kubectl create namespace dev
kubectl get namespaces- Open the ArgoCD UI in your browser.
- Click + NEW APP.
- Fill in the following:
- Application Name:
project - Project Name:
default - Sync Policy:
Automatic - Repository URL:
https://github.com/arumullayaswanth/Fullstack-python-aws-eks-project.git - Revision:
HEAD - Path:
kubernetes-files - Cluster URL:
https://kubernetes.default.svc - Namespace:
dev
- Application Name:
- Click Create.
- β
1. Login to SonarQube
Go to:
-
http://<your-ec2-ip>:9000
- Username:
admin - Password:
admin(change after first login)
-
- Go to Projects
- Click on the "Projects" tab in the top menu.
- Youβll see a list of analyzed projects.
-
Select the Project βSwiggyβ
- Find and click on the project named Swiggy.
-
View Bugs & Vulnerabilities
- Navigate to the βIssuesβ tab.
- Filter issues by:
- Type: Bug
- Type: Vulnerability You can further filter by severity, status, etc.
- View Overall Code Summary
- Click on the βCodeβ tab to explore source files with inline issue annotations.
- Alternatively, click the Main Branch tab to view:
- π Bugs
- π Vulnerabilities
- π§Ή Code Smells
- π Duplications
- π Coverage