Lab 1 Pipeline

Jenkins-SAST-SCA-Kubernetes-DAST Pipeline

1: Get the Jenkins admin password

Connect via the console ad run this command to retrieve password

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Or remotely connect to this instance like this:

chmod 400 <keypair>
ssh -i <keypair> ec2-user@<public_dns>
sudo cat /var/lib/jenkins/secrets/initialAdminPassword

2: Jenkins Configuration

Step 2a: Initial Setup

Step 2a1: Enter the requested password into the Jenkins given by AWS

The Jenkins instance is at the Public DNS URL created for this instance and click Continue

Step 2a2: Click Install Suggested Plugins

Step 3a2: Create Admin User information or click Skip and continue as admin

Step 4a2: Document Jenkins URL and click Save and Finish

Step 5a2: Click Start Using Jenkins

Step 2b: Configure Maven in Jenkins

Step 2b1: Click Manage Jenkins

Step 2b2: Click Global Tool Configuration

Step 2b3: Scroll to Maven section and click Add Maven

Step 2b4: Name Installation - Example from lab Maven_3_5_2

Step 2b5: Deselect Install Automatically to provide MAVEN_HOME path manually

Step 2b6: Get the Maven installation path by going to the ec2 instance command line and typing mvn -version

Step 2b7: Apply and Save Changes

Step 2c: Install Needed Plugins

Step 2c1: Go to the search bar to search and select the following plugins:

  • CloudBees AWS Credentials

  • Kubernetes CLI

  • Amazon ECR

  • Docker Pipeline

Step 2c2: Click Install without Restart

2: Create Kubernetes Cluster

Step 1: Connect to EC2 instance via command line by using the AWS Connect or SSH

Step 2: Run the eksctl command to create a cluster with 2 nodes

  • Example command from training lab creating 2 medium nodes

eksctl create cluster --name kubernetes-cluster --version 1.23 --region us-east-1 --nodegroup-name linux-nodes --node-type t2.medium --nodes 2

Step 3: wait 15-20 minutes for cluster to be created successfully

Login to a Github account and fork the pipeline1 repo

Adding Credentials for other tools

4: SAST Tool SonarCloud Integration

Step 1: Login to SonarCloud account

Step 2: Click Create new organizationand Create an organization manually

Step 3: Type in a organization key for this lab and click continue

Step 5: Select Plan and Click create organization

Step 6: Click Analyze new Project

Step 7: Select Organization and create project key and display name (using all the same as the example did with bwa is okay as well)

Step 8: Click the setup button

Step 9: Take the project and organization key and paste into Line #9 of of your repo's Jenkinsfile

Step 10: Go to SonarCloud myAccount section

Step 11: Go to Security tab and generate a Sonar token

IMPORTANT!: This token only shows up once. Copy it and save it in a secure location for later use.

Step 12: Paste Sonar token into Line #9 of your repo's Jenkinsfile

5: SCA Tool Snyk Integration

Step 1: Login to Snyk Account

Step 2: Go to Account setting and copy Auth token

Step 3: Go to Dashboard>Manage Jenkins>Credentials>System Global credentials (unrestricted) and click Add Credentials

Step 4: Open the Kind Dropdown menu and select Secret Text

Step 5: Paste the AUTH Token from Snyk in the Secret field

Step 6: Ensure that the ID field here matches the corresponding field in line 5 of your repo's Jenkins file

7: Create Amazon ECR and AWS Credentials

Step 1: Got AWS Elastic Conatiner Registry (ECR) Dashboard

Step 2: Click Create repository

Step 3: Name repository

Step 4: Copy the supplied URL

Step 4: Paste the URL into line 34 the Jenkins file of your forked repo

Step 5:

8: Kubernetes Integration

Step 1: Connect to EC2 via AWS or SSH

Step 2: Display the contents of the config file with the below command:

cat /home/ec2-user/.kube/config

Step 3: Copy the contents of the config file and paste them into a blank file without file extension

Step 4: Name it kubelogin, save the file to your local machine and note the location

Step 5: Go to the Jenkins credential manager

Step 6: in the Kind dropdown menu select secret file

Step 7: Upload the Kubernetes config file and use for kubelogin credential

9: ZAP Integration

10: Run the pipeline

Useful EC2 Commands for Training Pipeline1

#To get context information of kubernetes cluster
cat /home/ec2-user/.kube/config 

#To create namespace in kubernetes cluster
kubectl create namespace test

#To get deployments in a namespace in kubernetes cluster
kubectl get deployments --namespace=test 

#To get services in a namespace in kubernetes cluster
kubectl get svc --namespace=test 

#To delete everything in a namespace in kubernetes cluster
kubectl delete all --all -n test 

#To delete unused docker images to cleanup memeory on system 
docker system prune  

#To delete a docker image
docker image rm imagename  

#To Create EKS cluster
eksctl create cluster --name kubernetes-cluster --version 1.23 --region us-east-1 --nodegroup-name linux-nodes --node-type t2.medium --nodes 2 

#To Delete EKS cluster
eksctl delete cluster --region=us-west-2 --name=kubernetes-cluster #delete eks cluster

Useful Windows Commands

Delete AWS Role

aws iam delete-role --role-name test_role

Delete AWS profile

aws --region=us-east-1 iam delete-instance-profile --instance-profile-name test_profile

Delete Security Group

aws ec2 delete-security-group --group-name jenkins_sg

Cleanup Terraform Resources(VSCode)

terraform destroy -var-file="vars/dev-east-1.tfvars"

Last updated