Automated CI/CD Pipeline for a Web App

by Harikrishnan Karuppiah

Welcome to my SwiftSend CICD pipeline implementation project, where I showcase my expertise in designing and implementing cutting-edge DevOps solutions. With a focus on continuous integration and continuous delivery (CI/CD), I have successfully developed and deployed scalable, automated infrastructures that enhance software development workflows. My work exemplifies the integration of modern DevOps practices with cloud technologies, enabling businesses to achieve greater efficiency, security, and scalability.

One of the flagship projects in my portfolio is the design and implementation of a comprehensive CI/CD pipeline for SwiftSend, a 3-tier web application utilized by major logistics providers like DHL, Purolator, Canada Post, and UPS. This project involved automating the entire deployment process, from code integration and testing to security scanning and deployment, using state-of-the-art DevOps tools and AWS cloud services.

Key services and technologies used in this project include:

  • AWS Services: EC2,RDS, EKS, EFS, S3, DynamoDB, ECR
  • DevOps Tools: Git, GitHub,Terraform, Ansible, Jenkins, SonarQube, Trivy, Docker, Kubernetes, Argo CD
  • Monitoring and Visualization: Prometheus, Grafana

    • About SwiftSend App

    SwiftSend is a web application built on a 3-tier architecture, comprising a ReactJS frontend, a Java-based backend, and a MySQL database.

    Challenges Addressed

    SwiftSend was facing significant operational challenges, including manual, error-prone deployment processes, scalability issues, limited monitoring capabilities, and security vulnerabilities. These problems led to frequent downtime, delayed releases, and an overall inefficiency in the development lifecycle.

    Our Solution

    To overcome the challenges faced by SwiftSend, my team and I implemented a robust CI/CD pipeline that automated and streamlined the deployment processes. By incorporating open-source DevOps tools like Jenkins, Terraform, Ansible, SonarQube, Trivy, Docker, and Kubernetes, alongside AWS cloud services, we developed a comprehensive solution. This combination allowed us to automate code integration, testing, security scanning, and deployment, ensuring a more efficient, secure, and scalable infrastructure.

    Our Architecture

  • Automated Deployment: Jenkins for continuous integration and ArgoCD for continuous deployment, minimizing manual tasks.
  • Infrastructure as Code: Terraform for consistent, scalable AWS infrastructure provisioning.
  • Configuration Management: Ansible for automating service configurations across deployments.
  • Code Quality & Security: SonarQube and Trivy for ongoing code quality checks and security analysis.
  • Containerization & Orchestration: Docker and Kubernetes for efficient application deployment and scaling.
  • Monitoring & Visualization: Prometheus for monitoring and Grafana for performance visualization.

    • AWS Services Used

  • EC2 Instance: Hosted the Ansible server and managed essential infrastructure components.
  • Amazon RDS: Provided a managed relational database in the cloud for scalable data management.
  • AWS EKS: Managed and scaled containerized applications using Kubernetes.
  • Amazon EFS: Offered scalable, elastic file storage for persistent data.
  • AWS S3 and DynamoDB: Used for storing Terraform state files and ensuring consistent state locking.
  • Amazon ECR: Managed and deployed Docker container images efficiently.

    • AWS Architecture

    Our AWS architecture is designed to support the SwiftSend CI/CD pipeline with a focus on scalability and security. We used an EC2 instance to host the Ansible server and another for Jenkins, with both running on Ubuntu 20.04 LTS. The EKS cluster, utilizing t3-medium instances, manages containerized applications and integrates with Amazon EFS for persistent storage. The setup operates within a VPC with public and private subnets, secured by specific security groups, and includes an Ingress Controller with an ALB for efficient traffic management. Essential tools like Docker, Terraform, and Prometheus ensure a streamlined and automated deployment environment.

    Achievements with Best Practices

    Production-Ready Approach

  • Provisioned complete AWS infrastructure (VPC, subnets, NAT gateway, EC2 for Ansible, security groups, roles, private EKS cluster, private RDS) using Terraform, adhering to the least privilege principle.
  • Configured Jenkins to interact with the EKS cluster via AWS access policies defined in Terraform.
  • Automated Jenkins installation on EKS by triggering the Ansible server through AWS SSM.
  • Deployed Jenkins master as a StatefulSet on EKS using Ansible, with persistent storage on EFS. Managed Terraform state globally with S3 and implemented state locking with DynamoDB.
  • Configured EKS RBAC using the new AWS auth config and map for access management, replacing traditional policy bindings.
  • Developed Jenkins jobs using a master-slave architecture with pod templates for build, test, and deploy stages.

    • Challenges Faced

    And Overcoming Those

    • Terraform State Management: Overcame state file challenges by implementing DynamoDB for state locking and S3 for storage.
    • EKS Cluster Creation: Faced difficulties with EKS provisioning using Terraform scripts.
    • AWS EKS Auth Config: Configured the new AWS EKS auth config and map, a complex process recently introduced.
    • Ansible on Private Subnet: Ran Ansible scripts on a private subnet without open ports or SG rules, resolved using AWS SSM.
    • Policy Identification: Ensured each resource followed the least privilege principle, identifying appropriate policies.
    • ArgoCD Pod Access: Gave ArgoCD pods the necessary permission to communicate with EKS API.
    • Jenkins Job Development: Faced challenges writing Jenkins jobs using agents and pod templates.
    • Kubectl Installation: Encountered permission issues while installing kubectl in ArgoCD pods.
    • Terraform Management: Managed all infrastructure through AWS Terraform scripts, ensuring consistency and best practices.
    • Database Migration: Initially set up the database on VMware and migrated it to AWS RDS.

    SwiftSend Application

    User Interface

    GitHub Repositories

  • SwiftSend Terraform Scripts
  • SwiftSend Jenkins Jobs
  • SwiftSend Manifest - for ArgoCD

    • Contributors:

    • Harikrishnan Karuppiah
    • Rohan Mogarala
    Site made by Harikrishnan Karuppiah