Developer Experience Test

Presentation assessment 2023

DevOps and Platform Engineering | Presentation Assessment

Design of CI/CD Pipeline for Deploying

Applications
Overview: This is a practical assessment designed for evaluation of candidates in Tide’s infrastructure teams. Should you become a Tidean at the
end of this preselection process, this assessment would also serve us as a framework for setting some of your goals and learning paths.

Objective: Create a presentation following the below business objectives and guidelines.

Topic: Design a CI/CD pipeline that illustrates all the steps needed to build, test and deploy a Java or Python application. Make sure it is safe and
secure for production operation, to the extent that you are comfortable.

Guidance & Info:

- You can pick specific tools and technologies, but the key requirement is for you to display an understanding of why these tools are used.
- It’s up to you to decide how detailed your solution will be, based on your experience and understanding.
- The source code will be provided to you on GitHub, and the application will run in a container on an AWS-hosted container service.
- Cover all aspects starting from the design, provisioning and the automation of the infrastructure.

What happens next?:

You now have 3 days to complete the assignment. You are expected to send your presentation to the Talent Acquisition Partner at least 1 day
before the selected slot for presenting. Following our invitation, you should select a time to present your solution in front of our Infrastructure team.
The presentation would have a Q&A, so be prepared to further elaborate on the decisions you’ve made.

2
CI/CD pipeline that illustrates all the steps needed to build, test and deploy a Java application .

Requirements to do this task.

 We need source code (i.e java code) in any of the SCM tools such as GitHub or GitLab etc

 We need Jenkins server to setup CICD pipeline

 We need SonarQube server for code coverage analysis (optional)

 We need Docker Hub account or ECR to push the docker image

 We need Kubernetes or EKS so that we can deploy container into EKS

3
 We need to install required Jenkins plugins such as GitHub Integration, Maven Integration , Docker
Commons, SonarQube Scanner for Jenkins, Kubernetes, Kubernetes CLI

 We need to create pipeline in Jenkins so click on new item on Jenkins dashboard

 We will get multiple items types (i.e. free style,pipeline,multi branch pipeline etc)

 Select pipeline option then we need to provide details like GitHub repository url and credentials
As mentioned in slide5

 We will write Jenkins file which will have the all stages to build , test and deploy the java
application . Example in slides 6 to 9.

 We will create a IAM role and will give required permissions and will attach this role to Jenkins
server (or you can use access and secret key to authenticate AWS but this is not secure)

 We will write docker file which is used to create a docker image as shown in slide 10

 We will write deployment and service files to deploy docker image into k8s (slides 11 and 12)
4
5
pipeline {
agent any

triggers {
pollSCM '* * * * *'
}
tools {
maven "mvn"
jdk "java11"
}
environment{
scannerHome = tool 'SonarQube'
registry = "9402536.dkr.ecr.us-east-2.amazonaws.com/tide"
tag = "${BUILD_NUMBER}“
}
stages {
stage ('Run entire Build'){

stages{
stage('MVN package Build') {
steps {
sh 'mvn clean install'
}
}
stage('jacoco report coverage'){
steps{
jacoco()
}
}
6
stage('Junit Test execution and report generation') {
steps{
sh 'mvn test'
}
post{
always{
junit '**/target/surefire-reports/TEST-*.xml'
}
}
}
stage('build & SonarQube analysis') {
steps {
withSonarQubeEnv('SonarQube') {
sh "${scannerHome}/bin/sonar-scanner \
-Dsonar.projectKey=clp-service-staging \
-Dsonar.projectName=tide-service-staging \
-Dsonar.projectVersion=1.0.0 \
-Dsonar.sources=src \
-Dsonar.java.binaries=target/classes \
-Dsonar.sourceEncoding=UTF-8 \
-Dsonar.language=java \
-Dsonar.junit.reportPaths=target/surefire-reports \
-Dsonar.surefire.reportsPath=target/surefire-reports \
-Dsonar.coverage.jacoco.xmlReportPaths=target/jacoco-ut/jacoco.xml \
-Dsonar.java.coveragePlugin=jacoco \
-Dsonar.exclusions=**src/test"
}
}
}
7
 stage('Build Docker Image') {
steps {
sh 'docker build -t $registry:latest_${BUILD_NUMBER} .'
}
}
stage('Push to Amazon ECR'){
steps {
sh 'aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin
9402536.dkr.ecr.us-east-2.amazonaws.com'
sh 'docker push $registry:latest_${BUILD_NUMBER}'
}
}
stage('Deployment Approval') {
agent none
steps {
emailext mimeType: 'text/html',
subject: "[Jenkins]${currentBuild.fullDisplayName}",
to: “[email protected]",
body: '''Please go to console output of ${BUILD_URL}input to approve or Reject.<br>'''
script {
def userinput = input id: 'Deploy', message: 'Deploy to staging?', submitter: ‘gopig'
}
}
}

8
 stage('Apply Kubernetes files') {
steps {
withKubeConfig([credentialsId: 'Bridge-Token', serverUrl:
'https://A1010D6DDB72BC506A25531AA5E69022.gr7.us-east-2.eks.amazonaws.com']) {
sh 'curl -LO "https://storage.googleapis.com/kubernetes-release/release/v1.25.5/bin/linux/
amd64/kubectl"'
sh 'chmod u+x ./kubectl'
sh 'sed -i "s/BUILD_NUMBER/$tag/g" deployment.yaml'
sh './kubectl apply -f deployment.yaml'

}
}
}
}
post{
always{
emailext attachLog: 'true', body: '', subject: '$PROJECT_NAME - Build #
$BUILD_NUMBER - $BUILD_STATUS!', to: ‘[email protected]'
}
}
}
}
}

9
Dockerfile

FROM openjdk:11

EXPOSE 8084

RUN sh -c 'mkdir -p /opt/tideplan'

COPY ./target/tide-0.0.1-snapshot.jar /opt/tideplan/tide-0.0.1-snapshot.jar

COPY ./rds-truststore.jks /opt/tideplan/rds-truststore.jks

WORKDIR /opt/tideplan

RUN sh -c 'touch tide-0.0.1-snapshot.jar'

ENTRYPOINT ["java","-jar"," tide-0.0.1-snapshot.jar "]

10
apiVersion: apps/v1
kind: Deployment
metadata:
name: tide-dev
namespace: development
labels:
app: tide-dev
tier: backend
spec:
selector:
matchLabels:
app: tide-dev
service: tide-svc-dev
replicas: 2
template:
metadata:
labels:
app: tide-dev
service: tide-svc-dev
spec:

containers:
- name: tide-dev
image: 9402536.dkr.ecr.us-east-2.amazonaws.com/tide:latest_BUILD_NUMBER
imagePullPolicy: Always
ports:
- name: http
containerPort: 8084
protocol: TCP
nodeSelector: 11
Environment: tide-dev
---
apiVersion: v1
kind: Service
metadata:
name: tide-svc-dev
namespace: development
labels:
service: tide-svc-dev
spec:
type: NodePort
selector:
app: tide-dev
service: tide-svc-dev
ports:
# By default and for convenience, the `targetPort` is set to the same value as the `port` field.
- port: 8084
targetPort: 8084
protocol: TCP
name: http

12