DevOps Project Series 6 - An Automation Approach to Deploying Docker, Minikube, KubectI, SonarQube, Trivy and Terrascan using Bash scripts and Github Actions

Sun Apr 2, 2023

In this article, you will be able to learn that how to create scripts to install docker, minikube and sonarqube in EC2 Instance where we will be deploying our SpringBoot Application and deploy to Minikube and docker to build our images for our application and SonarQube to do our code quality checks and Trivy and Terrascan to scan Docker images and K8s yaml files.

Docker is a containerization platform that allows developers to package their applications and dependencies into lightweight, portable containers. This makes it easy to deploy and run applications on any system that supports Docker.

Minikube is a tool that allows you to run a single-node Kubernetes cluster locally on your development machine. This is useful for testing and developing Kubernetes-based applications without the need for a full-fledged cluster.

Kubectl is a command-line tool for controlling Kubernetes clusters. It allows you to deploy, inspect, and manage your applications on a Kubernetes cluster. You can use kubectl to create, update, and delete resources, such as pods, services, and deployments.

SonarQube is an open-source platform for continuous inspection of code quality. It provides a wide range of code analysis tools, including static code analysis, unit testing, and code coverage.

Trivy can scan for vulnerabilities in a wide range of package formats, including Alpine, Debian, Ubuntu, and Red Hat Enterprise Linux (RHEL) packages, as well as container images in the Docker, OCI, and JFrog formats. It supports multiple languages, such as Go, Java, Node.js, Ruby, and Python, and it can scan for vulnerabilities in both the operating system and application level.

Terrascan can scan for vulnerabilities in Terraform and CloudFormation files, and it uses a rule-based engine to detect and report on security risks and compliance issues, such as misconfigurations, insecure settings, and exposed secrets. The rule-base is continuously updated by the community and the Accurics team. It can be run as a command-line tool, and it can also be integrated with various CI/CD tools and container orchestration platforms, such as Jenkins, GitHub Actions, and Kubernetes.

Using Github Actions, you can automate the deployment of these three technologies by writing scripts that perform the necessary steps to set up each technology on a target machine. These scripts can be integrated into Github Actions workflows, which can be triggered by events such as a push to a specific branch.

Step by Step Process

In the DevOps Mini Project Series 5 , we have seen that EC2 Instance is been created by Terraform and in that EC2 Instance we will be deploying SpringBoot Application , for that we need to install Docker so that we can create an image from Dockerfile and Minikube and Kubectl to deploy SpringBoot Application and SonarQube to do code Quality checks and Trivy to do scanning of Docker Images and Terrascan to scan K8s yaml files.

This is the script for Installing Docker in EC2 Instance :

This script is checking if Docker is already installed on the system by running the command systemctl status docker.service and checking the output for the string “active (running)”. If Docker is already installed and running, the script will print a message “Docker is installed successfully” and will display the version of Docker using the command docker –version.

If Docker is not already installed, the script will run a series of commands to install it on the system. First, it updates the package list and installs the necessary dependencies using the sudo apt update and sudo apt install commands.

Then, it adds the Docker repository to the system using the commands curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg –dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg and echo “deb [arch=$(dpkg –print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable” | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null.

After that, it updates the package list again and installs Docker using the commands sudo apt update and sudo apt install -y docker-ce. It then checks the status of the Docker service using sudo systemctl status docker and adds the current user to the Docker group using sudo usermod -aG docker $USER. This allows the user to run Docker commands without the need for sudo.

See, Docker is installed in EC2 Instance.

This is the script to run SonarQube Image in EC2 Instance :

  • The first line specifies that this script is a Bash script.
  • The second line creates a variable called ‘container_name’ and assigns the value ‘sonarqube’ to it. This variable will be used later in the script to refer to the SonarQube container.
  • The third line uses the docker inspect command to check the running status of the container with the name specified in the ‘container_name’ variable. If the container is not running, the docker inspect command returns “false” which is checked in the if statement.
  • The fourth line uses the docker ps -a command to list all containers and their status.
  • The fifth line uses the docker start command to start all containers that are in the “exited” status. This is done to ensure that if the SonarQube container was previously stopped, it is restarted.
  • The sixth line prints a message to the console indicating that SonarQube is running successfully.
  • If the container is not running, the script will execute the commands in the else block which starts with sudo docker run -d –name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latest
  • The docker run command starts a new container using the latest version of the official SonarQube image from Docker Hub. The -d option runs the container in detached mode, which runs the container in the background and prints the container ID. The –name option assigns the specified name to the container.

Login into SonarQube : http://<PublicIP>:9000 . Use password and username as “admin” and change the password.

To create a project  Click Project and click Manually and add Project Key and name and create the token

This is the script for Installing Kubectl in EC2 Instance :

This script is used to check if the Kubernetes command line tool, kubectl, is installed and at the correct version on the system.

The script starts by running the command “kubectl version –client” and redirecting the output to /dev/null. The exit code of this command is stored in the variable $?. If the command returns an exit code of 0, it means that kubectl is installed and the script will print “kubectl is installed” followed by the version of kubectl.

If kubectl is not installed, the script proceeds to download the latest stable version of kubectl for Linux and the sha256 checksum for that version of kubectl. The script then uses the command “sha256sum –check” to verify that the downloaded kubectl binary matches the sha256 checksum. If the checksum is valid, the script uses the “install” command to install kubectl in the /usr/local/bin directory with the appropriate permissions. Finally, the script prints the version of kubectl after installation.

See, Kubectl is installed in EC2 Instance.

This is the script for Installing Minikube in EC2 Instance :

  • The script starts with “#!/bin/bash” which is called a shebang, it tells the system that this script should be executed by the command interpreter at the path “/bin/bash”.
  • The command “minikube version &> /dev/null” is used to check the version of minikube installed on the system. The output of the command is redirected to /dev/null, this is done to suppress the output of the command as we only need the exit status of the command.
  • The next line “if [ $? -eq 0 ]; then” checks the exit status of the previous command, if it is equal to 0, it means minikube is installed and the script will execute the commands inside the if block.
  • The command “echo “minikube is installed”” prints the message “minikube is installed” on the screen.
  • The command “minikube version” prints the version of minikube installed on the system.
  • The next line “else” is executed if the exit status of the previous command is not 0, which means minikube is not installed.
  • The command “curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64” is used to download the latest version of minikube binary for linux and the -L option is used to follow redirects and -O option is used to save the file with the same name as the remote file.
  • The command “sudo install minikube-linux-amd64 /usr/local/bin/minikube” is used to install minikube binary to the /usr/local/bin directory.
  • The command “sudo minikube start” is used to start minikube on the system.

See, Minikube is running on EC2 Instance

This is the script for Installing Trivy in EC2 Instance :

The script checks if the Trivy vulnerability scanner is installed on the system and, if not, it will download the Trivy package and install it using the dpkg command.

The script uses the command command -v to check if the Trivy executable is in the system’s PATH. If the command returns a non-zero exit status, it means that Trivy is not installed. The script then proceeds to download the package by using wget and installs it using dpkg.

See, Trivy is running on EC2 Instance

This is the script for Installing Terrascan in EC2 Instance :

The script checks if the Terrascan security scanner is installed on the system and, if not, it will download the Terrascan package and install it by extracting it and moving the binary to a directory in the system’s PATH and make it executable.

The script uses the command command -v to check if the Terrascan executable is in the system’s PATH. If the command returns a non-zero exit status, it means that Terrascan is not installed. The script then proceeds to download the package by using curl, extract the binary file and move it to a directory in the PATH and make it executable, then runs Terrascan.

See, Terrascan is running on EC2 Instance

Nandita Sahu

LinkedIn
Launch your GraphyLaunch your Graphy
100K+ creators trust Graphy to teach online
𝕏
DevOpsHub 2024 Privacy policy Terms of use Contact us Refund policy