In this project, we’ll build and deploy a Java application on Amazon Elastic Kubernetes Service (EKS) with a continuous integration and continuous deployment (CI/CD) pipeline using AWS services. Each AWS component contributes to a reliable DevOps workflow, making this guide useful for DevOps engineers looking to build scalable solutions on AWS.
Table of Contents
- Project Overview
- Prerequisites
- Architecture Diagram
- Setting Up the GitHub Repository
- Creating the Amazon ECR Repository
- Setting Up the Amazon EKS Cluster
- Building and Configuring the CI/CD Pipeline
- Integrating Security and Notification Services
- Conclusion
Project Overview
This project aims to automate the build, test, and deployment pipeline for a Java-based microservices application. Leveraging AWS services, we’ll ensure a reliable and secure pipeline from code commit to production deployment. Here’s a summary of the AWS services we’ll be using:
- GitHub: Source code repository
- AWS CodeBuild: For building and testing the application
- AWS CodePipeline: To orchestrate CI/CD
- Amazon Elastic Container Registry (ECR): For container image storage
- Amazon Elastic Kubernetes Service (EKS): For deployment of the application
- Amazon CodeGuru: For code quality analysis
- AWS Security Hub: To monitor security vulnerabilities
- Amazon SNS: For notifications
Prerequisites
To start, you need the following:
- AWS Account with permissions for ECR, EKS, CodePipeline, CodeBuild, Security Hub, and SNS.
- GitHub Repository for the source code.
- Java Application (preferably a microservices app) with a Dockerfile for containerization.
- Docker Installed for local containerization tasks.
Architecture Diagram
Below is an example architecture diagram that represents the CI/CD pipeline and deployment environment on AWS:
Setting Up the GitHub Repository
Step 1: Create Your GitHub Repository
-
Create a Repository:
- Sign in to GitHub, create a new repository, and upload your Java application source code.
-
Add a Dockerfile:
- Include a Dockerfile in the root directory of your project to define the container environment for your Java application.
Sample Dockerfile:
FROM openjdk:11-jdk
WORKDIR /app
COPY . /app
RUN ./gradlew build
CMD ["java", "-jar", "build/libs/your-app.jar"]
-
Integrate GitHub with AWS CodePipeline:
- Navigate to AWS CodePipeline and create a new pipeline.
- For the source provider, select GitHub and authorize AWS to access your repository.
- Choose the branch to monitor for changes (e.g., main).
-
Create a GitHub Webhook:
- In GitHub, go to Settings > Webhooks and set up a webhook for the repository. This allows CodePipeline to trigger automatically on any push to the repository.
Creating the Amazon ECR Repository
Amazon Elastic Container Registry (ECR) is a fully managed container registry. We will store Docker images of the Java application here.
- Create an Amazon ECR Repository:
aws ecr create-repository --repository-name my-java-app --region <your-region>
-
Authenticate Docker with ECR:
- Use the following command to log in to your ECR registry:
aws ecr get-login-password --region <your-region> | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region>.amazonaws.com
-
Build, Tag, and Push Docker Image:
- Build the Docker Image:
docker build -t my-java-app .
-
Tag the Image:
docker tag my-java-app:latest <account-id>.dkr.ecr.<region>.amazonaws.com/my-java-app:latest
-
Push the Image to ECR:
docker push <account-id>.dkr.ecr.<region>.amazonaws.com/my-java-app:latest
Setting Up the Amazon EKS Cluster
Amazon Elastic Kubernetes Service (EKS) provides a managed Kubernetes cluster on AWS, which we will use to deploy and manage our application containers.
Step 1: Create an EKS Cluster
- Create an EKS Cluster:
aws eks create-cluster --name my-eks-cluster --region <your-region> --kubernetes-version 1.21 --role-arn <eks-role-arn>
-
Set Up Worker Nodes:
- Use EKS Console or CLI to set up worker nodes (node groups) for your cluster to run the application pods.
-
Update kubeconfig:
- Update your local Kubernetes configuration to interact with the EKS cluster.
aws eks update-kubeconfig --region <your-region> --name my-eks-cluster
Step 2: Deploy the Java Application on EKS
-
Create Kubernetes Deployment YAML:
- Define a
deployment.yaml
file to specify the number of replicas, Docker image, and other configurations for the Java application.
- Define a
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-java-app
spec:
replicas: 3
selector:
matchLabels:
app: my-java-app
template:
metadata:
labels:
app: my-java-app
spec:
containers:
- name: my-java-app
image: <account-id>.dkr.ecr.<region>.amazonaws.com/my-java-app:latest
ports:
- containerPort: 8080
- Deploy to EKS:
kubectl apply -f deployment.yaml
-
Create a LoadBalancer Service:
- Expose the application with a load balancer for external access.
apiVersion: v1
kind: Service
metadata:
name: my-java-app-service
spec:
type: LoadBalancer
selector:
app: my-java-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
- Deploy Service:
kubectl apply -f service.yaml
Building and Configuring the CI/CD Pipeline
Step 1: Set Up CodePipeline
-
Create CodePipeline Pipeline:
- Go to AWS CodePipeline and set up the stages:
- Source (GitHub)
- Build (CodeBuild)
- Deploy (EKS)
- Go to AWS CodePipeline and set up the stages:
-
Configure AWS CodeBuild:
- Define a
buildspec.yml
for CodeBuild to build the Docker image and push it to ECR.
- Define a
version: 0.2
phases:
install:
runtime-versions:
java: corretto11
build:
commands:
- echo Building the Docker image...
- docker build -t my-java-app .
- docker tag my-java-app:latest <account-id>.dkr.ecr.<region>.amazonaws.com/my-java-app:latest
- docker push <account-id>.dkr.ecr.<region>.amazonaws.com/my-java-app:latest
-
Set Up Deploy Stage in CodePipeline:
- Integrate EKS with CodePipeline to automate deployments.
Step 2: Automate Quality and Security Checks
-
Amazon CodeGuru:
- Integrate CodeGuru Reviewer with GitHub to perform code quality checks on every commit.
-
AWS Security Hub:
- Enable Security Hub to monitor security vulnerabilities across AWS resources.
-
Amazon SNS Notifications:
- Set up SNS for notifications on build or deployment failures, or security alerts:
aws sns create-topic --name my-devops-notifications
aws sns subscribe --topic-arn arn:aws:sns:<region>:<account-id>:my-devops-notifications --protocol email --notification-endpoint <your-email>
-
EventBridge Rules for Automation:
- Create EventBridge rules to trigger specific actions (like SNS notifications) based on CodePipeline or Security Hub events.
Conclusion
This end-to-end project provides a complete DevOps solution for building and deploying Java applications on AWS. By using Code
Pipeline for CI/CD, ECR for container storage, and EKS for deployment, we ensure scalable and reliable operations. Additionally, CodeGuru, Security Hub, and SNS help maintain code quality, security, and real-time alerts, making this setup robust and enterprise-ready.
👤 Author
Join Our Telegram Community || Follow me on GitHub for more DevOps content!
Top comments (7)
AWS Code Commit is not available to new users. How about a revision to this article showing an alternative source code repo?
Use other version control, kindly check below references
Ref:
about.gitlab.com/blog/2024/08/26/u...
github.blog/enterprise-software/co...
aws.amazon.com/blogs/devops/how-to...
Hi, Like Dan pointed out, AWS discontinued the CodeCommit service for new users.
I am not sure if one can create new repositories in existing accounts or if you can only use already existing repositories.
We maintain only two repositories in CodeCommit and it's not a very good experience.
CodeBuild can be hooked up with GitHub, to trigger runs on changes.
Please update this guide for new users. Otherwise they could fail already in the first step.
Thank you @comradin for bringing this to my attention. As of July 25, 2024, AWS has closed new customer access to AWS CodeCommit. Existing customers can continue to use the service, but no new features will be introduced.
For new users, I recommend using GitHub as an alternative source code repository. GitHub integrates seamlessly with AWS CodeBuild and CodePipeline, allowing you to trigger builds and deployments based on repository changes.
To set up GitHub with AWS CodeBuild:
Create a GitHub Repository: If you don't have one, create a new repository on GitHub to host your code.
Connect GitHub to AWS CodeBuild: In the AWS Management Console, navigate to CodeBuild and create a new project. Under "Source," select "GitHub" and authorize AWS to access your GitHub account.
Configure Build Settings: Define your build environment, commands, and artifacts as needed.
Set Up Webhooks: In your GitHub repository settings, add a webhook to notify AWS CodeBuild of code changes, triggering builds automatically.
For detailed instructions, refer to the AWS documentation on integrating GitHub with CodeBuild.
I will update the guide to reflect these changes and ensure it aligns with the current AWS services. Thank you for your valuable feedback.
Thank you for this.
I will like to learn and develop myself in devops. I've been taking some lessons on YouTube, but need more interactive lessons.
Is there anyway I can learn faster or better.
😊
Nice one
Thanks 👍@aadarsh-nagrath