We are creating a series of blogs for DevOps Project – This is the first part of the Project. In this article, you will get a 10k view of the Project Architecture.
Why DevOps ?
DevOps is a set of practices that combines software development and IT operations to shorten the development life cycle and provide continuous delivery with high software quality. It aims to automate and improve the collaboration, communication, and integration between these two teams, allowing for faster delivery of new features and bug fixes to customers, increased reliability and stability of the software, and better use of resources. It also encourages an culture of experimentation, learning and improvement.
10k view of Architecture
We are first checking in the spring boot application code to GitHub Repository.Whenever code is getting pushed into main branch it is triggering the Github Actions. Then the first workflow which is the Terraform Security Checks workflow will run which will do Terraform security checks using the tools like Tflint and Tfsec. If the workflow of Terraform checks passes then the Terraform code is executed which will be first creating an EC2 Instance, Security Group, IAM role and policy, ECR and then will be installing Docker, SonarQube, Kubectl and Minikube using Bash Scripts and storing our docker containers in ECR using Dockerfile.
After the Terraform code creates all the resources in AWS cloud, it will run the second workflow and run Gradle clean command which will delete a build directory if already present, then will run Gradle build command which is used to build the project by reading the build script and executes the tasks defined in it, such as compiling the code, running tests, and creating a package for distribution. Then the third step in the pipeline will be do Code Quality checks using SonarQube and in the fourth step we will be building the Docker image using Dockerfile and after that we will be scanning our docker images using trivy tool. This trivy tool is an open-source security and misconfiguration scanner. It works at every level: it can check the code in a Git repository, examine container images, advise regarding configuration files, look into Kubernetes deployments, and verify Infrastructure as Code (IaC).
After the scanning the docker images, the trivy scan reports will be uploaded to s3 Bucket and the docker image is uploaded to ECR and before deploying out application to Minikube, we will be scanning the k8s yaml files using terrascan and if passed then we will be deploying our spring boot application service in minikube cluster. We will be creating a deployment and service file for application and the service will be running in 8080 port.