Skip to content

explicit-logic/eks-module-11.7

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
images
images
 
 
kubernetes
kubernetes
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Jenkinsfile
Jenkinsfile
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Module 11 - Kubernetes on AWS - EKS

This repository contains a demo project created as part of my DevOps studies in the TechWorld with Nana – DevOps Bootcamp.

Demo Project: Complete CI/CD Pipeline with EKS and AWS ECR

Technologies used: Kubernetes, Jenkins, AWS EKS, AWS ECR, Java, Maven, Linux, Docker, Git

Project Description:

  • Create private AWS ECR Docker repository
  • Adjust Jenkinsfile to build and push Docker Image to AWS ECR
  • Integrate deploying to K8s cluster in the CI/CD pipeline from AWS ECR private registry
  • So the complete CI/CD project we build has the following configuration:
    • a.CI step:Increment version
    • b.CI step: Build artifact for Java Maven application
    • c.CI step: Build and push Docker image to AWS ECR
    • d.CD step: Deploy new application version to EKS cluster
    • e.CD step: Commit the version update

Prerequisites

Before starting, complete the following module:

Overview

Pipeline overview

1. Create a Private AWS ECR Docker Repository

About ECR:

  • You can create an unlimited number of private repositories
  • Each application gets its own repository
  • Each repository holds multiple image versions via tags
  1. Navigate to Elastic Container RegistryCreate repository
  2. Set the repository name to java-maven-app
  3. Click Create

ECR repository creation

2. Create ECR Credentials in Jenkins

  1. Navigate to Elastic Container Registryjava-maven-app

  2. Click View push commands

  3. Run the following command to retrieve your ECR password:

aws ecr get-login-password --region <REGION>

ECR push commands

  1. In Jenkins, navigate to Manage JenkinsCredentialsSystemGlobal
  2. Click Add Credentials and fill in:
Field Value
Kind Username with password
Username AWS
Password The output from aws ecr get-login-password
ID ecr

ECR credentials in Jenkins

  1. Click Create

Note: ECR login tokens expire after 12 hours. If builds fail with authentication errors, regenerate the password and update this credential.

3. Create a Kubernetes Secret for AWS ECR

The EKS cluster needs a docker-registry secret to pull images from the private ECR repository.

  1. Configure your local connection to the EKS cluster:
aws configure list
aws eks update-kubeconfig --name demo-cluster --region <REGION>
  1. Get the Docker server URL from the ECR push commands:

Docker server URL

  1. Create the Docker registry secret:
kubectl create secret docker-registry ecr \
  --docker-server=<ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com \
  --docker-username=AWS \
  --docker-password=$(aws ecr get-login-password --region <REGION>)
  1. Verify the secret was created:
kubectl get secret ecr

Note: Like the Jenkins credential, this secret uses a 12-hour ECR token. For production setups, consider automating token refresh with a CronJob or an ECR credential helper.

4. Install gettext-base on Jenkins

The gettext-base package provides the envsubst command, which is used to substitute environment variables in Kubernetes manifest templates during deployment.

  1. Connect to the Jenkins server and enter the Jenkins container:
ssh root@<DROPLET_IP>
docker ps
docker exec -it -u 0 <CONTAINER_ID> bash
  1. Install gettext-base and verify the installation:
apt-get update && apt-get install -y gettext-base
envsubst -V

5. Write Kubernetes Manifest Templates

The Kubernetes manifest files define how the application is deployed and exposed:

Note: The variables $APP_NAME and $APP_IMAGE in these files are not Kubernetes-native variables. They are placeholders that envsubst replaces with actual values during the pipeline's deploy stage.

6. Update the Jenkinsfile

See the full pipeline definition: Jenkinsfile

Key configuration to update:

Parameter Description Example
DOCKER_SERVER Your ECR registry URL 123456789012.dkr.ecr.eu-central-1.amazonaws.com
DOCKER_REPO The ECR repository name java-maven-app
GITHUB_REPO Your GitHub repository (owner/repo) explicit-logic/eks-module-11.7

Docker server URL in push commands

7. Configure a Multibranch Pipeline in Jenkins

Install the Required Plugin

  1. Navigate to Manage JenkinsPluginsAvailable Plugins
  2. Search for and install: Ignore Committer Strategy

This plugin prevents multibranch pipelines from triggering new builds when commits are made by specified email addresses — used here to break the CI commit loop caused by Jenkins version-bump commits.

Create GitHub Credentials

Jenkins needs a GitHub Personal Access Token to clone the repository and update commit statuses.

Create the token:

  1. Go to github.com/settings/tokens/new
  2. Set Note to jenkins
  3. Select the following scopes:
Scope Reason
admin:repo_hook Create, read, and delete webhooks
public_repo Access public repositories
repo:status Update commit statuses
  1. Click Generate token and copy it immediately

Add the token to Jenkins:

  1. Navigate to Manage JenkinsCredentials
  2. Click Add Credentials and fill in:
Field Value
Kind Username with password
ID github
Username Your GitHub username (not your email)
Password Your personal access token (starts with ghp_)

Create the Multibranch Pipeline

  1. Go to DashboardNew Item
  2. Name it cicd-ecr, select Multibranch Pipeline, click OK

Branch Sources:

Click Add sourceGitHub and configure:

Field Value
Credentials github
Repository HTTPS URL https://github.com/<YOUR_USER>/eks-module-11.7

Click Validate to confirm access.

Behaviors — click Add and enable:

  • Discover branches

Build Configuration:

  • Script Path: Jenkinsfile

Build Strategies:

  1. Add Ignore Committer Strategy
    • List of author emails to ignore: jenkins@example.com
  2. Check Allow builds when a changeset contains non-ignored author(s)

This combination ensures that version-bump commits made by Jenkins do not re-trigger the pipeline, preventing an infinite build loop.

Ignore Committer Strategy configuration

  1. Click Save — Jenkins will scan the repository and create a job for each branch.

8. Add AWS Credentials to Jenkins

Create an IAM User for Jenkins

  1. Go to IAMUsersCreate user
    • Name: jenkins
  2. Select Attach policies directly and attach the following managed policies:
    • AmazonEKSClusterPolicy
    • AmazonEKSWorkerNodePolicy
    • AmazonEC2ContainerRegistryFullAccess
  3. Complete user creation.

AWS Jenkins IAM user

Grant the IAM User Access to the EKS Cluster

  1. Find the user's ARN in the IAM console:

Jenkins user ARN

  1. Map the IAM user to the cluster:
eksctl create iamidentitymapping \
  --cluster demo-cluster \
  --region <REGION> \
  --arn arn:aws:iam::<ACCOUNT_ID>:user/jenkins \
  --group system:masters \
  --username jenkins

Create an Access Key

  1. In IAM, open the jenkins user → Security credentialsCreate access key
  2. Use case: Application running outside AWS
  3. Copy the Access key and Secret access key

Access key

Store Credentials in Jenkins

  1. Navigate to the cicd-ecr pipeline → CredentialsGlobalAdd Credentials
  2. Add two Secret text credentials:
ID Secret
AWS_ACCESS_KEY_ID Your access key
AWS_SECRET_ACCESS_KEY Your secret access key

Jenkins AWS credentials

9. Run the Pipeline

Once all credentials and configurations are in place, trigger the pipeline:

  1. Navigate to the cicd-ecr pipeline in Jenkins
  2. Select the main branch and click Build Now
  3. Monitor the build stages: version increment → build → Docker image push → deploy → version commit

After a successful run, verify the deployment:

kubectl get pods
kubectl get svc

Demo:

Pipeline demo

About

Complete CI/CD Pipeline with EKS and AWS ECR

Topics

git java docker kubernetes jenkins aws maven aws-ecr ecr aws-eks devops-bootcamp eks-cluster

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages