This project demonstrates the deployment of a Netflix Clone application as a Docker container on a Kubernetes cluster (EKS) through a secure CI/CD pipeline using Jenkins. It integrates tools like Docker, SonarQube, Trivy, Prometheus, Grafana, ArgoCD, and Helm to ensure secure and efficient deployment processes.
- Overview
- Features
- Tech Stack
- Prerequisites
- Setup & Installation
- Usage
- Screenshots
- Best Practices
- Future Scope
The DevSecOps Netflix Clone Application combines secure development, containerization, orchestration, and monitoring to demonstrate the principles of DevSecOps. The project leverages AWS services, Kubernetes, and CI/CD pipelines to create a scalable and secure streaming platform.
- Containerized Deployment: Use Docker for efficient containerization.
- CI/CD Pipelines: Jenkins automates builds, tests, and deployments.
- Static Code Analysis: SonarQube ensures code quality and security.
- Security Scans: Trivy identifies vulnerabilities in containers.
- Monitoring and Logging: Prometheus and Grafana provide real-time metrics and insights.
- GitOps Integration: ArgoCD streamlines Kubernetes deployment.
- Cloud-Native Deployment: Elastic Load Balancer (ELB) and EKS on AWS for seamless scaling.
- Containerization: Docker
- Orchestration: Kubernetes (AWS EKS)
- CI/CD: Jenkins
- Security Tools: SonarQube, Trivy
- Monitoring: Prometheus, Grafana
- GitOps: ArgoCD
- Cloud: AWS (EKS, ELB)
-
TMDB API Key:
- Visit TMDB.org.
- Create an account.
- Generate your API key from the developer section.
- Use this key while running the Docker container.
-
Tools Required:
- Docker
- Kubernetes (kubectl, AWS EKS)
- AWS Cli
- Helm
- Jenkins
- clouddeveloper45/netflix:latest
git clone https://github.com/your-repo-link
cd your-repo-nameBefore running the container, set your TMDB API key as an environment variable:
export TMDB_API_KEY=<your-tmdb-api-key>docker build -t netflix-clone .
docker run -e TMDB_API_KEY=$TMDB_API_KEY -p 3000:3000 netflix-cloneUsing Helm charts, deploy the application:
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
kubectl create namespace prometheus-node-exporter
helm install prometheus-node-exporter prometheus-community/prometheus-node-exporter --namespace prometheus-node-exporter- Configure the provided
Jenkinsfilein Jenkins. - Add Trivy and SonarQube steps for static and container security analysis.
- Trigger the pipeline to deploy the app on EKS.
- Access Grafana dashboards using the provided endpoint.
- Visualize metrics like CPU usage, memory utilization, and network traffic.
-
Access the application via the Node-IP URL:
http://<node-ip>:30007 -
Features:
- Browse Movies: View a catalog of movies and TV shows.
- Search by Genre: Filter content by genre.
- Watch Content: Stream trailers or movie previews.
- Use IAM Roles to restrict access to AWS services.
- Implement Role-Based Access Control (RBAC) in Kubernetes.
- Regularly update dependencies to patch vulnerabilities.
- Run periodic Trivy and SonarQube scans for ongoing security checks.
- Use GitOps principles for easier rollback and version control.
- Integrate OAuth Authentication for secure user logins.
- Implement multi-region deployment for high availability.
- Add recommendation systems using machine learning.
- Enhance logging with ELK Stack (Elasticsearch, Logstash, Kibana).