Links
Comment on page

Lab 1 Pipeline

Jenkins-SAST-SCA-Kubernetes-DAST Pipeline

1: Get the Jenkins admin password

Connect via the console ad run this command to retrieve password
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
Or remotely connect to this instance like this:
chmod 400 <keypair>
ssh -i <keypair> ec2-user@<public_dns>
sudo cat /var/lib/jenkins/secrets/initialAdminPassword

2: Jenkins Configuration

Step 2a: Initial Setup

Step 2a1: Enter the requested password into the Jenkins given by AWS
The Jenkins instance is at the Public DNS URL created for this instance and click Continue
Step 2a2: Click Install Suggested Plugins
Step 3a2: Create Admin User information or click Skip and continue as admin
Step 4a2: Document Jenkins URL and click Save and Finish
Step 5a2: Click Start Using Jenkins

Step 2b: Configure Maven in Jenkins

Step 2b1: Click Manage Jenkins
Step 2b2: Click Global Tool Configuration
Step 2b3: Scroll to Maven section and click Add Maven
Step 2b4: Name Installation - Example from lab Maven_3_5_2
Step 2b5: Deselect Install Automatically to provide MAVEN_HOME path manually
Step 2b6: Get the Maven installation path by going to the ec2 instance command line and typing mvn -version
Step 2b7: Apply and Save Changes

Step 2c: Install Needed Plugins

Step 2c1: Go to the search bar to search and select the following plugins:
  • CloudBees AWS Credentials
  • Kubernetes CLI
  • Amazon ECR
  • Docker Pipeline
Step 2c2: Click Install without Restart

2: Create Kubernetes Cluster

Step 1: Connect to EC2 instance via command line by using the AWS Connect or SSH
Step 2: Run the eksctl command to create a cluster with 2 nodes
  • Example command from training lab creating 2 medium nodes
eksctl create cluster --name kubernetes-cluster --version 1.23 --region us-east-1 --nodegroup-name linux-nodes --node-type t2.medium --nodes 2
Step 3: wait 15-20 minutes for cluster to be created successfully
Login to a Github account and fork the pipeline1 repo

Adding Credentials for other tools

4: SAST Tool SonarCloud Integration

Step 1: Login to SonarCloud account
Step 2: Click Create new organizationand Create an organization manually
Step 3: Type in a organization key for this lab and click continue
Step 5: Select Plan and Click create organization
Step 6: Click Analyze new Project
Step 7: Select Organization and create project key and display name (using all the same as the example did with bwa is okay as well)
Step 8: Click the setup button
Step 9: Take the project and organization key and paste into Line #9 of of your repo's Jenkinsfile
Step 10: Go to SonarCloud myAccount section
Step 11: Go to Security tab and generate a Sonar token
IMPORTANT!: This token only shows up once. Copy it and save it in a secure location for later use.
Step 12: Paste Sonar token into Line #9 of your repo's Jenkinsfile

5: SCA Tool Snyk Integration

Step 1: Login to Snyk Account
Step 2: Go to Account setting and copy Auth token
Step 3: Go to Dashboard>Manage Jenkins>Credentials>System Global credentials (unrestricted) and click Add Credentials
Step 4: Open the Kind Dropdown menu and select Secret Text
Step 5: Paste the AUTH Token from Snyk in the Secret field
Step 6: Ensure that the ID field here matches the corresponding field in line 5 of your repo's Jenkins file

7: Create Amazon ECR and AWS Credentials

Step 1: Got AWS Elastic Conatiner Registry (ECR) Dashboard
Step 2: Click Create repository
Step 3: Name repository
Step 4: Copy the supplied URL
Step 4: Paste the URL into line 34 the Jenkins file of your forked repo
Step 5:

8: Kubernetes Integration

Step 1: Connect to EC2 via AWS or SSH
Step 2: Display the contents of the config file with the below command:
cat /home/ec2-user/.kube/config
Step 3: Copy the contents of the config file and paste them into a blank file without file extension
Step 4: Name it kubelogin, save the file to your local machine and note the location
Step 5: Go to the Jenkins credential manager
Step 6: in the Kind dropdown menu select secret file
Step 7: Upload the Kubernetes config file and use for kubelogin credential

9: ZAP Integration

10: Run the pipeline

Useful EC2 Commands for Training Pipeline1

#To get context information of kubernetes cluster
cat /home/ec2-user/.kube/config
#To create namespace in kubernetes cluster
kubectl create namespace test
#To get deployments in a namespace in kubernetes cluster
kubectl get deployments --namespace=test
#To get services in a namespace in kubernetes cluster
kubectl get svc --namespace=test
#To delete everything in a namespace in kubernetes cluster
kubectl delete all --all -n test
#To delete unused docker images to cleanup memeory on system
docker system prune
#To delete a docker image
docker image rm imagename
#To Create EKS cluster
eksctl create cluster --name kubernetes-cluster --version 1.23 --region us-east-1 --nodegroup-name linux-nodes --node-type t2.medium --nodes 2
#To Delete EKS cluster
eksctl delete cluster --region=us-west-2 --name=kubernetes-cluster #delete eks cluster

Useful Windows Commands

Delete AWS Role

aws iam delete-role --role-name test_role

Delete AWS profile

aws --region=us-east-1 iam delete-instance-profile --instance-profile-name test_profile

Delete Security Group

aws ec2 delete-security-group --group-name jenkins_sg

Cleanup Terraform Resources(VSCode)

terraform destroy -var-file="vars/dev-east-1.tfvars"