Cloud Native DevOps Architecture

System Working

• Frontend deployed on vercel (Independent)
• Database hosted on cloud servers (Auto manage)
• Backend connects with jenkins webhook
• On each code push webhook triggers, test happens, builds image, pushed on docker hub
• Image updates and deployed on kubernetes cluster

Tech Stack : ReactJS, NodeJS, ExpressJS, MongoDB, Redis, Docker, Kubernetes, Jenkins, AWS ELB, Prometheus, Grafana

Architecture :

1. Decoupled Frontend
2. CI/CD with jenkins
• Docker base image optimization with layered caching
• Secure env with jenkins credential manager
• Conditional dependency installation (storage cache)
• Image scan for vulnerabilities and issues
• EKS image update rollout confirmation
• Auto rollback in case image updation fails
• Email alert post pipeline execution
3. Kubernetes container orchestration with AWS EKS
4. Load balancing using AWS ELB
5. Application and cluster monitoring with prometheus and grafana

Production setup

Requirements : AWS account, Docker Hub account

---

STEP 1 : Jenkins nodes configure

1. Create two EC2 instances (master, agent)
2. On master :
• Install jdk latest
• Install jenkins
• Attach elastic IP (optional but recommended)
• Add inbound rule for port : 8080
• Copy IPv4 and open in new tab with :8080 -> http://ipv4-address:8080
• Create jenkins account
• Connect EC2 with local machine or use AWS terminal :
• navigate to .ssh folder
• run command : ssh-keygen
• Store private key on safe place
• Copy public key (will use later)
3. On agent :
• Install jdk latest
• Install docker, nodejs, npm, kubectl, aws cli
• Create a role for EC2 to communicate with EKS and attach the policy with agent EC2
• Navigate to .ssh folder > authorized_keys
• Paste master public key on authorized_keys
• Save and exit

STEP 2 : Connect agent node with jenkins master

1. Copy agent node username (ubuntu)
2. Copy private IP (if master and agent are within same VPC) otherwise allocate elastic IP for agent and copy IPv4
3. In jenkins dashboard :
• Settings > credentials > add global credentials > type : ssh with username & private key
• Add username : ubuntu
• Add host : private IP
• Add secret/private key : master private key
• Save and exit
4. Again on settings :
• Manage nodes
• Add a new agent/node
• Enter basic details
• Add authentication method and select from global credentials
• Save and exit
5. Ready for jobs and pipeline 🎉

STEP 3 : Connect github webhook trigger

1. Open github > repo you want to connect > repo settings
2. Webhooks > add webhook
3. url : http://ipv4-address:8080/github-webhook/ (IPv4 should not change that's why elastic IP is recommended)
4. Content type : application/json
5. SSL verification : disable
6. Check event type
7. Save and exit
8. Done 🎉

STEP 4 : Webhook trigger jenkins pipeline

1. dashboard > new item > pipeline
2. Select git scm polling
3. Add repo url, branch, pipeline file script path (Jenkinsfile)
4. Add authentication method : username with password or (personal access tokens)
5. Save and exit
6. Pipeline connected 🎉

STEP 5 : AWS EKS Setup with nodegroups

1. Create cluster in aws console with VPC settings and subnets (recommended : 3 subnets)
2. Attach a role for EKS with EKSClusterPolicy
3. Create one nodegroup with all the selected subnets
4. Specs : atleast t3.small / t3.medium with 20GB storage and 1 node max. (for small deployments)
5. Attach roles and policy to nodegroup :
• IAM > roles > select EC2
• Attach policy EC2WorkerNode, ContainerRegistry, CNI
• Save and exit
6. Attach this role to the nodegroup

STEP 6 : Authenticate EC2 jenkins agent with EKS

1. On jenkins agent EC2 :
• Select IAM role and find ARN
• Copy ARN > navigate to EKS > cluster > select cluster > access
• Create a new principle access role and add the ARN
• Add policy of EKSClusterAdminPolicy
• Save and exit
2. Now jenkins EC2 can make access to EKS cluster and run commands
3. Create auto image update rollout in jenkins pipeline
4. Done 🎉