Netflix Application Using DevSecOps Practices

Overview

• Objective: Create a Netflix-like application hosted on AWS using DevSecOps practices including CI/CD with Jenkins, monitoring with Prometheus and Grafana, security with SonarQube, Trivy, and more.
• Key Components:
  • Application deployment on AWS EC2 using Docker containers
  • Integration of security tools (SonarQube, Trivy)
  • CI/CD automation using Jenkins
  • Monitoring setup with Prometheus and Grafana
  • Application deployment on Kubernetes using Argo CD and Helm

Architecture

1. Setup EC2 Instance: Create an EC2 instance, deploy application locally using Docker containers.
2. Security Integration: Manually integrate security using SonarQube and Trivy.
3. CI/CD Automation: Use Jenkins to automate Docker image creation and upload on DockerHub.
4. Monitoring: Set up monitoring with Prometheus and Grafana.
5. Kubernetes Deployment: Deploy the application on Kubernetes using Argo CD.
6. Continuous Monitoring: Monitoring of EC2 instance, Jenkins, Kubernetes cluster using Prometheus and Grafana.

Detailed Steps

Deploying Netflix Application Locally

• Create EC2 Instance: Choose T2 large instance for Jenkins, SonarQube, and Trivy.
• Install Docker:

  sudo apt update -y
  sudo apt install docker.io -y
  sudo usermod -aG docker $USER
  sudo chmod 777 /var/run/docker.sock
  

• Clone GitHub Repo: git clone <repo_url>
• Build Docker Image: docker build -t netflix . (Include TMDb API Key)
• Run Docker Container: docker run -d -p 8081:80 netflix

Security Integration

• Install SonarQube:

  docker run -d --name sonar -p 9000:9000 sonarqube
  

• Install Trivy: Follow commands from GitHub repo
• Configure SonarQube:
  • Access SonarQube on port 9000
  • Use default credentials (admin/admin)
• Use Trivy: Scan Docker image and file system

  trivy image <image_id>
  trivy fs .
  

CI/CD Automation with Jenkins

• Install Jenkins: Follow commands from GitHub repo
• Configure Jenkins:
  • Install necessary plugins (NodeJS, JDK, SonarQube Scanner)
  • Set up tools in Jenkins (NodeJS, JDK)
  • Configure SonarQube in Jenkins
• Create Jenkins Pipeline: Define stages for checkout, SonarQube analysis, quality gate check, dependency check, Docker build, push to DockerHub, and run container.

Monitoring with Prometheus and Grafana

• Create another EC2 Instance: For monitoring (T2 medium)
• Install Prometheus: Follow commands from GitHub repo
• Install Node Exporter: for gathering system metrics
• Configure Prometheus:
  • Edit prometheus.yml to add node exporter job
  • Check and reload configuration
• Install Grafana: Follow commands from GitHub repo
• Configure Grafana:
  • Add Prometheus as a data source
  • Import Node Exporter dashboard

Kubernetes Deployment with Argo CD

• Create EKS Cluster: Follow steps to create EKS cluster
• Install Argo CD: Run commands from GitHub repo
• Deploy Application:
  • Expose Argo CD service
  • Create application in Argo CD using GitHub repo
• Monitor EKS Cluster: Using Helm charts to set up Prometheus and Grafana for Kubernetes cluster monitoring

Email Notifications with Jenkins

• Set up SMTP:
  • Enable 2FA for Gmail
  • Generate app password and configure in Jenkins
• Configure Extended Email Notification plugin: Set SMTP server and credentials
• Add Post Build Action in Jenkins Pipeline: Email notifications for build success/failure

Important Notes

• The project requires spending on AWS resources (EC2, EKS, etc.)
• Troubleshooting might be needed; search for solutions online or contact instructor for help
• The project covers multiple tools and practices, making it a valuable addition to resume

Conclusion

• Successfully deployed Netflix-like application using DevSecOps practices
• Configured security, CI/CD, and monitoring tools
• Application is monitored and deployed on Kubernetes with continuous delivery and operational insights