Advanced CI/CD Pipeline with DevOps Tools

Costmedium

Deployability ci cd ready

Status devsecops lab

Validation mvn -q -DskipTests=false test

Java Maven Docker Kubernetes SonarQube aws jenkins

Use the guide first.

The full learning guide is on this page. Open the repository files only when a step asks you to inspect code, fork the project, or download raw assets.

Read safety guide Project files on GitHub

Project Guide

These are the steps I followed in the implementation of the entire CI/CD Pipeline.

🛡️ 2026 DevSecOps Enhancements (What You Will Learn)

This repository has been upgraded from a standard CI/CD deployment into a modern DevSecOps pipeline. When reviewing the Dockerfile and Jenkinsfile integrations, note the following 2026 security practices:

1. Unprivileged Container Execution: We explicitly block the Java microservice from running as a highly-privileged root user. Instead, the Dockerfile builds an isolated appuser group on a minimal Alpine Linux distribution to run the JAR file.
2. Container Immutable Deployments: We avoid overwriting the latest tag in our JFrog repository. Each successfully built artifact receives a unique semantic tag, ensuring Kubernetes deployments are rolling and easily rollback-able.

---

1. Provisioned the required infrastructure like VPC, Security Group, Ansible Controller Instance, Jenkins Master and Agent Instances using Terraform.

2. Configured SSH keys for password less authentication between Ansible Controller and Agent nodes.

3. Configured the Jenkins Master and Agent nodes using Ansible. Configured Jenkins Agent as the Maven Build server.

4. Added Jenkins Agent node’s credentials in Jenkins Master to establish a connection between Jenkins Master and Agent nodes.

5. Added GitHub credentials to the Jenkins Master and created Multibranch Pipeline job.

6. Configured the Multibranch Pipeline job with GitHub Webhook Trigger with the help of Multibranch Scan Webhook Trigger Plugin.

7. SonarQube:

   1. Generated an access token in SonarCloud and added SonarQube server credentials in Jenkins Master.
   2. Installed Sonarqube scanner plugin.
   3. Added Sonarqube server to the Jenkins Master in System section.
   4. Added Sonarqube scanner to the Jenkins Master in Tools section.
   5. Configured an organization and project in SonarCloud and wrote a sonar-project. properties file.
   6. Added sonarqube, unit tests and build stages in the Jenkinsfile.

8. Added JFrog credentials in the Jenkins Master and integrated JFrog artifactory with Jenkins by installing Artifactory plugin in Jenkins Master.

9. Created a Docker Image out of the jar file and committed that Docker Image into the Docker repository of the JFrog artifactory with the help of Docker Pipeline plugin. Added the Docker Build and Publish stage in Jenkinsfile.

10. EKS:

    1. Provisioned the EKS cluster with Terraform.
    2. Installed kubectl in Jenkins Slave.
    3. Installed AWS CLI v2 in Jenkins Slave to connect with AWS account.
    4. Downloaded Kubernetes credentials and cluster configuration from the cluster using the command
    5. aws eks update-kubeconfig --region <region_name> --name <cluster_name>

11. Pulled the Docker Image from the JFrog artifactory using Kubernetes secret and deployed it in our EKS cluster using deployment resource and exposed it to access from outside using service resource under a particular namespace. Added the deployment stage in Jenkinsfile.

12. Added the Prometheus helm chart repository and implemented the cluster monitoring using Prometheus and Grafana.

    • Note: Changed the default service type of Prometheus and Grafana services from ClusterIP to LoadBalancer to access them from the browser.

---

Hit the Star! ⭐

If you are planning to use this repo for learning, please hit the star. Thanks!

Author by DevCloud Ninjas