Module 11 - Kubernetes on AWS - EKS

This repository contains a demo project created as part of my DevOps studies in the TechWorld with Nana – DevOps Bootcamp.

Demo Project: Complete CI/CD Pipeline with EKS and private DockerHub registry

Technologies used: Kubernetes, Jenkins, AWS EKS, Docker Hub, Java, Maven, Linux, Docker, Git

Project Description:

• Write K8s manifest files for Deployment and Service configuration
• Integrate deploy step in the CI/CD pipeline to deploy newly built application image from DockerHub private registry to the EKS cluster
• So the complete CI/CD project we build has the following configuration:
  • a. CI step: Increment version
  • b. CI step: Build artifact for Java Maven application
  • c. CI step: Build and push Docker image to DockerHub
  • d. CD step: Deploy new application version to EKS cluster
  • e. CD step: Commit the version update

---

Prerequisites

Before starting, complete the following module:

• CD - Deploy to EKS cluster from Jenkins Pipeline: https://github.com/explicit-logic/eks-module-11.4

Overview

---

Step 1: Write K8s Manifest Files for Deployment and Service

The Kubernetes manifest files define how the application is deployed and exposed:

• Deployment config
• Service config

Note: The variables $APP_NAME and $APP_IMAGE are substituted with actual values using envsubst during the pipeline deploy stage.

---

Step 2: Install gettext-base on Jenkins

The gettext-base package provides the envsubst command used for variable substitution in manifest templates.

1. Connect to the Jenkins server and enter the Jenkins container:

ssh root@<DROPLET_IP>
docker ps
docker exec -it -u 0 <container_id> bash

2. Install gettext-base and verify the installation:

apt-get update && apt-get install -y gettext-base
envsubst -V

3. Exit the container.

---

Step 3: Create a Secret for DockerHub Credentials

Secrets are scoped per namespace. In this setup, one secret is used per namespace.

1. Configure your local connection to the EKS cluster:

aws configure list
aws eks update-kubeconfig --name demo-cluster --region <your-region>

2. Create the Docker registry secret:

kubectl create secret docker-registry dockerhub \
  --docker-server=docker.io \
  --docker-username=<your-username> \
  --docker-password=<your-password>

3. Verify the secret was created:

kubectl get secret

---

Step 4: Configure a Multibranch Pipeline in Jenkins

4.1 Install the Required Plugin

1. Navigate to Manage Jenkins → Plugins → Available Plugins
2. Search for and install: Ignore Committer Strategy

This plugin prevents multibranch pipelines from triggering new builds when commits are made by specified email addresses — used here to break the CI commit loop caused by Jenkins version-bump commits.

4.2 Create GitHub Credentials

Jenkins needs a GitHub Personal Access Token to clone the repository and update commit statuses.

Create the token:

1. Go to github.com/settings/tokens/new
2. Set Note to jenkins
3. Select the following scopes:

Scope	Reason
admin:repo_hook	Create, read, and delete webhooks
public_repo	Access public repositories
repo:status	Update commit statuses

4. Click Generate token and copy it immediately

Add the token to Jenkins:

1. Navigate to Manage Jenkins → Credentials
2. Click Add Credentials and fill in:

Field	Value
Kind	Username with password
ID	github
Username	Your GitHub username (not your email)
Password	Your personal access token (starts with ghp_)

4.3 Create the Multibranch Pipeline

1. Go to Dashboard → New Item
2. Name it cicd-dockerhub, select Multibranch Pipeline, click OK

Branch Sources:

Click Add source → GitHub and configure:

Field	Value
Credentials	github
Repository HTTPS URL	https://github.com/explicit-logic/eks-module-11.6

Click Validate to confirm access.

Behaviors — click Add and enable:

• Discover branches

Build Configuration:

• Script Path: Jenkinsfile

Build Strategies:

1. Add Ignore Committer Strategy
   • List of author emails to ignore: jenkins@example.com
2. Check Allow builds when a changeset contains non-ignored author(s)

This combination ensures that version-bump commits made by Jenkins do not re-trigger the pipeline, preventing an infinite build loop.

3. Click Save — Jenkins will scan the repository and create a job for each branch.

---

Step 5: Add AWS Credentials to Jenkins

5.1 Create an IAM User for Jenkins

1. Go to IAM → Users → Create user
   • Name: jenkins
2. Select Attach policies directly and attach the following managed policies:
   • AmazonEKSClusterPolicy
   • AmazonEKSWorkerNodePolicy
   • AmazonEC2ContainerRegistryFullAccess
3. Complete user creation.

5.2 Grant the IAM User Access to the EKS Cluster

1. Find the user's ARN in the IAM console:

2. Map the IAM user to the cluster:

eksctl create iamidentitymapping \
  --cluster demo-cluster \
  --region <REGION> \
  --arn arn:aws:iam::<ACCOUNT_ID>:user/jenkins \
  --group system:masters \
  --username jenkins

5.3 Create an Access Key

1. In IAM, open the jenkins user → Security credentials → Create access key
2. Use case: Application running outside AWS
3. Copy the Access key and Secret access key

5.4 Store Credentials in Jenkins

1. Go to cicd-dockerhub → Credentials → Global → Add Credentials
2. Add two Secret text credentials:

ID	Secret
AWS_ACCESS_KEY_ID	<Access key>
AWS_SECRET_ACCESS_KEY	<Secret access key>

---

Step 6: Run the Pipeline

Trigger the pipeline and verify the deployment.

Demo