Secure Kubernetes Deployment, Automation, and Monitoring on On-Premises vSphere
This project sets up a complete DevSecOps pipeline using:
- Rancher for Kubernetes management
- Jenkins for CI/CD
- Trivy for container scanning
- SonarQube for code analysis
- Nexus for artifact storage
- Prometheus and Grafana for monitoring
- All hosted on VMware vSphere
- 5 VMs for core tools: SonarQube, Nexus, Jenkins, Prometheus, Grafana
- Kubernetes Cluster: 1 master and 2 worker nodes via Rancher RKE
- Secure CI/CD namespace using Kubernetes Network Policies
-
CI/CD Pipeline
- Jenkinsfile with Maven, SonarQube, Nexus, and Trivy integration
- GitHub integration
- Email notifications via SMTP
-
Security
- Kubernetes network policies
- Trivy for image vulnerability scanning
-
Monitoring
- Prometheus for metrics collection
- Grafana for dashboards and visualization
- Create 5 Ubuntu VMs (minimum 4GB RAM, 20GB disk)
- Install Docker on SonarQube and Nexus VMs
- Deploy SonarQube and Nexus using Docker
- Install Rancher and provision the Kubernetes cluster
- Apply Kubernetes network policies
- Install Jenkins, Trivy, and Maven
- Configure Jenkins CI/CD pipeline
- Set up Prometheus and Grafana for monitoring
- Jenkinsfile
- pom.xml
- Kubernetes YAMLs for all deployments
Monitor and visualize:
- CI/CD pipeline performance
- System and VM metrics
- Kubernetes cluster health
The pipeline integrates static analysis, image scanning, and network policies to ensure secure and compliant software delivery.