The purpose of this tutorial is to guide you through the various steps involved in deploying sonarqube and a java application in an AWS EKS environment using AWS Cloud Development Kit (AWS CDK and AWS SDK) for Golang. The java application will be stored in AWS CodeCommit and will use CodeBuild integrated with sonarqube (for code analysis) for production release .
But you can adapt it and deploy your own application. You can, for example, create your VPC (if you don't have one), deploy your EKS cluster (same thing if you don't have one) and deploy the AWS CI/CD
The AWS CDK lets you build reliable, scalable, cost-effective applications in the cloud with the considerable expressive power of a programming language. A CloudFormation template is generated for each deployment.
My regret is not to have been able to do everything with the CDK and have a complete CloudFormation stack due to the lack of knowledge and the documentation of the AWS CDK which is really very poor, but I do not lose hope of getting there.😀
The foundation of our tutorial's architecture is built upon Amazon Elastic Kubernetes Service (EKS), a managed Kubernetes service. The EKS cluster provides a scalable and reliable platform for deploying containerized applications.
Environments (Namespaces)
-
SonarQube Deployment Environment: This namespace is dedicated to the deployment of the SonarQube instance. SonarQube is a code quality and security analysis tool.
-
Database Deployment Environment: The second namespace is designated for the deployment of the database required by the SonarQube instance. This separation allows for independent management and scaling of the database resources, enhancing modularity and ease of maintenance.
-
Java Application Deployment Environment: The third namespace serves as the deployment environment for our Java application. Here, we deploy and manage the components of our Java application independently from SonarQube and its associated database. This segregation promotes a microservices-oriented architecture, facilitating scalability and maintainability.
Interaction and Integration
The SonarQube instance, database, and Java application environments within the EKS cluster interact seamlessly. The namespaces are interconnected to establish the necessary dependencies, ensuring proper communication and data flow between the SonarQube instance, its associated database, and the Java application.
By adopting this architecture, we achieve a modular and scalable infrastructure that simplifies management, promotes isolation of concerns, and enhances the overall reliability of the deployed components.
- Existing Java application: Your team has an existing Java application, which it is currently deploying and which has code quality problems.They use a Git repository (AWS CodeCommit) for version control.
- AWS EventBridge: it automatically creates an event bus to which events are routed.It detects whether it's a commit event or a Pull Request and sends the event to CodePipline.
- AWS CodePipeline: it models the entire publishing process for creating your code, deploying it to pre-production environments, testing your application and launching it into production by triggering a CodeBuild event.
- AWS CodeBuild: With CodeBuild, you don't need to commission, manage or scale your generation servers. This service provides pre-packaged generation environments for commonly used programming languages and generation tools. In our case, we'll be using a JAVA environment with Maven.
- Clean Code: We trigger a SonarQube analysis if the Quality Gates applied to our project passed, we go on to the production stage if the build fails and we generate an event in AWS CloudWatch and we can see the analysis of our code in SonarQube.
- Quality Gate passed: build a Docker image of our application.
- Quality Gate passed: upload our application Docker image to AWS ECR.
- Deploying our application in our EKS cluster
Before you get started, you’ll need to have these things:
- AWS account
- SSO Login
- AWS CLI V2
- AWS Cloud Development Kit (AWS CDK) v2
- Go language installed
- Node.js installed
- Kubectl installed is a command line tool that you use to communicate with the Kubernetes API server.
- A Git Client
- AWS git-remote-codecommit Git extension. This will be used to authenticate requests to the repo
- eksctl installed
- bash version 4+
To test ability to connect to AWS with newly created Access Key ID and Secret Access Key you need to use the following command:
:> aws sts get-caller-identity
{
"UserId": "XXXXXXXXXX",
"Account": "XXXXXXXXXX",
"Arn": "arn:aws:iam::XXXXX:user/XXXX"
}
You may need to provide additional parameters like --profile my_new_profile, if you created AWS security key pair for additional account.
When setting up a new AWS environment for our project, one of the first things you'll need to do is create a VPC. When setting up the VPC, it is essential to configure security groups to control inbound and outbound traffic to and from the VPC. Security groups act as virtual firewalls, allowing only authorized traffic to pass through. The ports to be authorized (defined in the Security Groups) for input/output are : 9000 (sonarqube default port)
The config_crd.json Contains the parameters to be initialized to AWS Profil
config_crd.json :
Region: Deployment region
Account: AWS account number
SSOProfile: AWS SSO Profile using
Index: Number to generate a name for the VPC, EKS Cluster,AWS Secret, Stacks .... :
<NAME+INDEX>
AWSsecret: AWS Secret name for sonarqube
❗️ You must initialize these variables with your informations.
If you already have VPC to create you can skip this step.
❗️ Before deploying your EKS cluster you must check that your
Private subnet has the tag:
- ✨ kubernetes.io/role/internal-elb=1
and you Public subnet the tag:
- ✨ kubernetes.io/role/elb=1
Please see subnet requirements and considerations
go to directory VPC (please read the README.md)
go to directory EKS (please read the README.md)
go to directory sonarqube (please read the README.md)
go to directory devops (please read the README.md)
go to directory eventbridge (please read the README.md)
In conclusion, this tutorial has walked you through the comprehensive process of deploying SonarQube and a Java application in an AWS EKS environment, utilizing the powerful combination of AWS Cloud Development Kit (AWS CDK) and AWS SDK for Golang. By following the step-by-step guide, you have gained insights into setting up a robust development and deployment pipeline that includes AWS CodeCommit for version control, CodeBuild for building your Java application, and seamlessly integrating SonarQube for thorough code analysis to ensure the highest code quality.
Deploying applications on AWS EKS provides scalability, reliability, and the flexibility to manage containerized workloads efficiently. Leveraging AWS CDK and AWS SDK for Golang streamlines the infrastructure as code (IaC) process, making it easier to define and provision resources in the AWS environment.
By integrating SonarQube into your CI/CD pipeline, you have added a critical layer of code quality assurance. This allows you to identify and address potential issues early in the development process, leading to more robust and secure applications in production.
For clean up platform please run this command :
aws-cicd:>./resetws.sh
This script clean up all deployed components except the VPC. If you want to destroy the vpc, execute the following commands :
aws-cicd:>cd vpc
aws-cicd:/vpc> cdk destroy --force
If you want to uninstall one particular component, you have in each step the instruction .
At this stage, the sonarqube deployment provides a public ip address in http and a non ssl communication between the database, in a next step I will do the integration in a dns domain and a https access with certificate and a SSL communication between the database.And integration of the eventbridge stage into the devops stack