How Automate Kubernetes/docker with jenkins (Installation)

 Step 1: Install Jenkins on Ubuntu 18.04 instance

apt updateapt install openjdk-11-jre-headless -yjava -version

curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo tee \
  /usr/share/keyrings/jenkins-keyring.asc > /dev/null

echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
  /etc/apt/sources.list.d/jenkins.list > /dev/null

Once the Jenkins repository is enabled, update the apt package list and install the latest version of Jenkins by typing:

sudo apt-get updatesudo apt-get install jenkins

systemctl status jenkins

See link for complete configuration guide of jenkins : https://www.devopstreams.com/2020/08/pleasefollow-steps-to-install-java.html

Step 2: Add Jenkins User to Sudoers List

Now configured Jenkins user as administrator to do all operation and connect eks cluster.

$ vi /etc/sudoers

Add at end of file

jenkins ALL=(ALL) NOPASSWD: ALL

Save and exit

:wq!

Now we can use Jenkins as a sudo user

sudo su - jenkins

Step 3:

Docker installation

sudo apt install docker.io -y

Once done you can check the version also.

docker --version

Now add Jenkins user in the docker group

sudo usermod -aG docker jenkins

Now we are installing aws CLI, kubectl, and eksctl command-line utility on the Jenkins server.

Follow the below commands,

Step 4:

sudo apt  install awscli

To configure the AWS the first command we are going to run is

aws configure

Then enter your Access/Secret key, Format: json and region:us-east-2

Step 5:

Install eksctl

 curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp

sudo mv /tmp/eksctl /usr/local/bin

  eksctl version

If you get something like "no command found" enter the below command

cp /usr/local/bin/eksctl /usr/bin -rf

Step 6:

Install kubectl

 curl -o kubectl https://amazon-eks.s3-us-west-2.amazonaws.com/1.14.6/2019-08-22/bin/linux/amd64/kubectl

 chmod +x ./kubectl

mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$HOME/bin:$PATH

sudo mv ./kubectl /usr/local/bin

 kubectl version --short --client

Step 7:

Install aws-iam-authenticator

   curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.14.6/2019-08-22/bin/linux/amd64/aws-iam-authenticator

    chmod +x ./aws-iam-authenticator

   mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin

   echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc

sudo mv ./aws-iam-authenticator /usr/local/bin

   aws-iam-authenticator help

Step 8: Make sure you Create a role with Administrator Access and attach your role to the instance

 Step 9: Create your jenkins job --->Build Enviroment---->Execute Shell---->enter your kubernetes commands

Or

Create Pipeline and run your commands in stages

Thanks you

Security in Terraform- How to manage your Credentials( Secret Key and Access Key)

 There are 5 rules that can help you secure your Terraform Infrastructure:

#1: Don’t Store Secrets in Plain Text(Encrypt them)

#2: Keep Your Terraform State Secure

#3: Environment Variables

#4: Encrypted Files (e.g., KMS, PGP, SOPS)

#5: Secret Stores (e.g., Vault, AWS Secrets manager)

We will Focus on #1

Store and Encrypt Credentials in Jenkins (Access and Secret Key) 

In this step, we will be storing and encrypting the access and secret key in Jenkins to maximize security and minimize the chances of exposing our credentials.

• Go to Manage Jenkins > Manage Credentials > Click on Jenkins the highlighted link as shown below

• Select Add Credentials
• Choose Secret text in the Kind field

•  Enter the following below:

Note: Modify the yellow highlighted text with the right value.

• Secret = EnterYourSecretKeyHere
• ID = AWS_SECRET_ACCESS_KEY
• Description = AWS_SECRET_ACCESS_KEY

Click OK

Add another credential and enter the following:

• Secret = EnterYourAccessIDHere
• ID = AWS_ACCESS_KEY_ID
• Description = AWS_ACCESS_KEY_ID

Click OK

Configure Terraform

How to Install and configure Terraform on your Jenkins Server

Install Terraform on Jenkins Server

Use the following commands to install Terraform on Jenkins server and move the binaries to the correct path as shown below.

• wget https://releases.hashicorp.com/terraform/0.12.24/terraform_0.12.24_linux_amd64.zip
• unzip terraform_0.12.24_linux_amd64.zip
• sudo mv terraform /usr/bin/

Install Terraform plugin on Jenkins

Go to Manage Jenkins > Manage Plugins >Available > search Terraform as shown below:

As you can see, Terraform Plugin is already installed on my Jenkins hence why it's displayed in the Installed section.

Configure Terraform

Go to Manage Jenkins > Global Tool Configuration > It will display Terraform on the list.

• Enter terraform in the Name field
• Provide the path /usr/bin/ as shown below

How to Connect to a running container- Unlock Jenkins Password in Docker

 Prerequisite:

Make sure you complete this lab: https:/www.devopstreams.com/2022/02/how-to-pull-images-from-docker.html before attempting this

You can connect to a running container just like you can connect to a server and then run commands in that container. To do that you have to make use of the docker exec command

Step 1: Create a Container from a Jenkins image. see https:/www.devopstreams.com/2022/02/how-to-pull-images-from-docker.html

Step 2: Lunch another terminal on your docker host( Separate from the one you used on step1)

Step 3. Connect to your running container 

docker exec -it container_id sh--------->replace ur container id in red

docker exec -it 65357f31b2bc sh

This will connect you to the shell of the container.

Step 3: Unlock Jenkins : Now you are connected to the container shell, you can access the path of the Jenkin initial password

Step 4: Unlock Jenkins in the UI

Terraform CD Pipeline Setup to Deploy App Servers

Overview

The goal is to implement Devops best practices to run Terraform in Jenkins Pipelines. We will go over the main concepts that need to be considered and a Jenkinsfile that runs Terraform. The Jenkinsfile will consists of parameters that allows us to pass data as variables in our pipeline job. 

• Install Terraform on Jenkins Server
• Install Terraform Plugin on Jenkins
• Configure Terraform
• Store and Encrypt Credentials in Jenkins
• Setting up CD Pipeline with Terraform to Deploy App Servers
• Bash Script to Deploy Artifactory
• Run Pipeline Job

Install Terraform on Jenkins Server

Use the following commands to install Terraform on Jenkins server and move the binaries to the correct path as shown below.

• wget https://releases.hashicorp.com/terraform/0.12.24/terraform_0.12.24_linux_amd64.zip
• unzip terraform_0.12.24_linux_amd64.zip
• sudo mv terraform /usr/bin/

Install Terraform plugin on Jenkins

Go to Manage Jenkins > Manage Plugins >Available > search Terraform as shown below:

As you can see, Terraform Plugin is already installed on my Jenkins hence why it's displayed in the Installed section.

Store and Encrypt Credentials in Jenkins (Access and Secret Key) 

In this step, we will be storing and encrypting the access and secret key in Jenkins to maximize security and minimize the chances of exposing our credentials.

• Go to Manage Jenkins > Manage Credentials > Click on Jenkins the highlighted link as shown below

• Select Add Credentials
• Choose Secret text in the Kind field

•  Enter the following below:

Note: Modify the yellow highlighted text with the right value.

• Secret = EnterYourSecretKeyHere
• ID = AWS_SECRET_ACCESS_KEY
• Description = AWS_SECRET_ACCESS_KEY

Click OK

Add another credential and enter the following:

• Secret = EnterYourAccessIDHere
• ID = AWS_ACCESS_KEY_ID
• Description = AWS_ACCESS_KEY_ID

Click OK

Configure Terraform

Go to Manage Jenkins > Global Tool Configuration > It will display Terraform on the list.

• Enter terraform in the Name field
• Provide the path /usr/bin/ as shown below

Setting up CD Pipeline for Terraform

• Go to Jenkins > New Items. Enter terraform-pipeline in name field > Choose Pipeline > Click OK

• Select Configure after creation.
• Go to Build Triggers and enable Trigger builds remotely.
• Enter tf_token as Authentication Token

 

Bitbucket Changes

• Create a new Bitbucket Repo and call it terraform-pipeline
• Go to Repository Settings after creation and select Webhooks
• Click Add Webhooks
• Enter tf_token as the Title
• Copy and paste the url as shown below

              http://JENKINS_URL:8080/job/terraform-pipeline/buildWithParameters?token=tf_token

• Status should be active
• Click on skip certificate verification
• triggers --> repository push

• Go back to Jenkins and select Configure
• Scroll down to Pipeline and click on the drop down to select Pipeline Script From SCM
• Enter credentials for Bitbucket, Leave the Branch master as the default, Make sure script path is Jenkinsfile
• Right click on Pipeline Syntax and open in a new tab. 
• Choose Checkout from Version Control in the Sample Step field

• Enter Bitbucket Repository URL and Credentials, leave the branches blank
• Click GENERATE PIPELINE SCRIPT, copy credentialsId and url (This is required for Jenkinsfile script)

Create Workspace for Terraform Pipeline

• Open File Explorer, navigate to Desktop and create a folder cd_pipeline

• Once folder has been created, open Visual Code Studio and add folder to workspace

• Open a New Terminal
• Run the command before cloning repo: git init
• Navigate to terraform-pipeline repo in Bitbucket
• Clone the repo with SSH or HTTPS

• Create a new file main.tf and copy the below code in yellow color

  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  

provider "aws" {
region = var.region
version = "~> 2.0"
}
resource "aws_instance" "ec2" {
user_data   = base64encode(file("deploy.sh"))
ami = "ami-0782e9ee97725263d"   ##Change AMI to meet OS requirement as needed.
root_block_device {
    volume_type           = "gp2"
    volume_size           = 200
    delete_on_termination = true
    encrypted             = true
  }
tags = {
Name = "u2-${var.environment}-${var.application}"
CreatedBy = var.launched_by
Application = var.application
OS = var.os
Environment = var.environment
}
instance_type = var.instance_type
key_name = "Enter_KEYPAIR_Name_Here"
vpc_security_group_ids = [aws_security_group.ec2_SecurityGroups.id]
}
output "ec2_ip" {
value = [aws_instance.ec2.*.private_ip]
}
output "ec2_ip_public" {
value = [aws_instance.ec2.*.public_ip]
}
output "ec2_name" {
value = [aws_instance.ec2.*.tags.Name]
}
output "ec2_instance_id" {
value = aws_instance.ec2.*.id
} 

• Create a new file security.tf and copy the below code in yellow color

resource "aws_security_group" "ec2_SecurityGroups" {
name = "u2-${var.environment}-sg-${var.application}"
description = "EC2 SG"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
    from_port   = 8081
to_port     = 8081
protocol    = "tcp"
cidr_blocks = ["0.0.0.0/0"]
  }

ingress {
     from_port   = 8082
to_port     = 8082
protocol    = "tcp"
cidr_blocks = ["0.0.0.0/0"]
   }
  ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
#Allow all outbound
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}

• Create a new file variable.tf and copy the below code in yellow color. 

variable region {
  type        = string
  default = "us-east-2"
}
variable "instance_type" {}
variable "application" {}
variable "environment" {}
############## tags
variable os {
  type        = string
  default = "Ubuntu"
}
variable launched_by {
  type        = string
  default = "USER"
}
############## end tags

Bash Script to Deploy Artifactory

• Create a new file deploy.sh and copy the below code in yellow color. 

#!/bin/bash

set -x

exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 

echo ""

echo "........................................"

echo "Installation of application"

echo "........................................"

echo "Today's date: `date`"

echo "........................................"

echo ""

sudo pip install awscli

sudo apt-get install -y unzip

sudo apt update

sudo apt dist-upgrade

sudo apt autoremove

sudo apt update

sudo apt-get install openjdk-8-jdk openjdk-8-doc

java -version

sudo apt install wget software-properties-common

sudo wget -qO - https://api.bintray.com/orgs/jfrog/keys/gpg/public.key | sudo apt-key add - 

sudo add-apt-repository "deb [arch=amd64] https://jfrog.bintray.com/artifactory-debs $(lsb_release -cs) main"

sudo apt update

sudo apt install jfrog-artifactory-oss

sudo systemctl stop artifactory.service

sudo systemctl start artifactory.service

sudo systemctl enable artifactory.service

sudo systemctl status artifactory.service

echo ""

echo "........................................"

echo "Installation of application"

echo "........................................"

echo "Today's date: `date`"

echo "........................................"

echo ""

• Create a new file Jenkinsfile and copy the below code in yellow color. 

pipeline {

    agent{ label '!master' }

    parameters {

        string(name: 'AppName', defaultValue: 'Enter App Name', description: 'Name of application', )

        choice(choices: ['master', 'dev', 'qa', 'prod'], description: 'Select lifecycle to Deploy', name: 'Branch')

        choice(choices: ['t2.micro', 't2.small', 't2.medium'], description: 'Select Instance Size', name: 'InstanceSize')

        booleanParam(name: 'autoApprove', defaultValue: false, description: 'Automatically run apply after generating plan?')

    }

     environment {

        AWS_ACCESS_KEY_ID     = credentials('AWS_ACCESS_KEY_ID')

        AWS_SECRET_ACCESS_KEY = credentials('AWS_SECRET_ACCESS_KEY')

        TF_VAR_instance_type = "${params.InstanceSize}"

        TF_VAR_environment = "${params.Branch}"

        TF_VAR_application = "${params.AppName}"

    }

// 

    stages {

      stage('checkout') {

        steps {

            echo "Pulling changes from the branch ${params.Branch}"

            git credentialsId: 'paste-credentialsId-here', url: 'paste-url-here' , branch: "${params.Branch}"

        }

      }

        stage('terraform plan') {

            steps {

                sh "pwd ; terraform init -input=true"

                sh "terraform plan -input=true -out tfplan"

                sh 'terraform show -no-color tfplan > tfplan.txt'

}

            }

        

        stage('terraform apply approval') {

           when {

               not {

                   equals expected: true, actual: params.autoApprove

               }

           }

           steps {

               script {

                    def plan = readFile 'tfplan.txt'

                    input message: "Do you want to apply the plan?",

                    parameters: [text(name: 'Plan', description: 'Please review the plan', defaultValue: plan)]

               }

           }

       }

        stage('terraform apply') {

            steps {

                sh "terraform apply -input=true tfplan"

            }

        }

        

        stage('terraform destroy approval') {

            steps {

                input 'Run terraform destroy?'

            }

        }

        stage('terraform destroy') {

            steps {

                sh 'terraform destroy -force'

            }

        }

    }

  }

• Commit and push code changes to Repo with the following:
• In Vscode, navigate to Source Code Icon on the right tabs on the side
• Enter commit message
• Click the + icon to stage changes 

• Push changes by clicking on the 🔄0 ⬇️ 1 ⬆️ as shown below

Run Pipeline Job

• Go to terraform-pipeline on Jenkins and run build 

Note: The pipeline job will fail the first time to capture the parameters in Jenkinsfile

• The next time you run a build you should see as shown below

• Enter Artifactory in the AppName field
• Select a Branch/Lifecycle to deploy server
• Choose t2.small or t2.medium for Artifactory server.
• Go to Console Output to track progress

Note: You can abort the destroy step and rerun the step by installing Blue Ocean Plugin on Jenkins to delete the resources created.