Goal: To have hands-on experience in creating from scratch enterprise level, CI/CD pipelines, from code commit to building package, to security scans to infra provisioning to mail notification of completion, while enable monitoring.
Current workflow:
- Using Terraform to provision an EC2 instance and loadbalancer.
- Relevant secrets are stored in Vault (dev server).
- After provision, use Ansible to install jdk17 on the instance.
- With Jenkins, manually build and package the Springboot project, and copy the jar onto the instance, and run the jar file.
Current Issues:
- The CICD workflow is somewhat reversed, provisioning first then building and deploying code.
- Setting up a vault server in local is time-consuming, will make a startup script to reduce dev server startup time.
- Ansible is set up locally and has to manually enter the ip address to inventory for playbook to work.
- Configured Jenkins to poll github, every 5 mins, which is not good, should be using triggers for this.
Solutions:
For 1. At the start, the focus was on learning Terraform and Ansible, so thus used it to provision EC2 instance, then using Jenkins running in local Docker container, deploying the code to the provisioned resource.
For 2. and 3. I have created a startup.sh script to run the vault dev server, store AWS credentials as secrets, then use terraform and ansible to provision resources and install dependencies.
For 4. As Jenkins is running locally, it is tough to configure a trigger build, so left the configuration to poll the repo. (might have to do port forwarding and what not)
Future Plans:
Hopefully have a EC2 instances with Jenkins, SonarCube, JFrog, etc, instead of Docker containers for each.
Instead of provisioning EC2 instances first,
Try to check for code commit -> build and package jar -> upload artifact -> provision resources -> config resources -> download and run artifact.
Top comments (1)
Suggestions are welcome!!