Jenkins Integration
Enterprise CI/CD with Jenkins pipelines and Git workflow automation
Jenkins, Docker & Cloud
You are entering advanced enterprise automation training where you'll orchestrate complex multi-tool workflows that integrate Jenkins, Docker, cloud platforms, and monitoring systems for production-grade DevOps environments.
Commander, the most advanced space missions require sophisticated integration of multiple autonomous systems working in perfect harmony. Just as the International Space Station coordinates life support, navigation, communication, and scientific instruments through integrated control systems, your enterprise development environments need seamless integration of CI/CD tools, containerization platforms, cloud infrastructure, and monitoring solutions.
You'll master Enterprise Tool Integration and Multi-Cloud Automation - the advanced orchestration skills that transform individual tools into comprehensive automation ecosystems. From Jenkins pipeline orchestration to Docker containerization, from multi-cloud deployments to comprehensive observability, you'll build enterprise-grade automation that operates with military precision across complex infrastructure landscapes.
Configure enterprise CI/CD pipelines with Jenkins, integrate Git workflows, and implement advanced deployment strategies.
Master Docker containerization, registry management, and container-based deployment workflows.
Deploy applications across AWS, Azure, and GCP with infrastructure as code and automated scaling.
Implement comprehensive monitoring, logging, and alerting for enterprise automation workflows.
Understanding how enterprise tools integrate to create comprehensive automation ecosystems.
Infrastructure and application deployment driven by Git repositories.
Independent deployment pipelines for distributed services.
Risk-mitigated deployments with automated rollback capabilities.
Security scanning and compliance embedded throughout the pipeline.
Jenkins is the backbone of enterprise CI/CD, providing robust pipeline automation, extensive plugin ecosystem, and enterprise-grade features for complex deployment workflows.
Central control node managing jobs, scheduling builds, and coordinating agents.
Distributed build nodes executing jobs across different environments.
Structured, opinionated syntax with built-in error handling and restart capabilities.
pipeline {
agent {
docker {
image 'node:16-alpine'
args '-v /var/run/docker.sock:/var/run/docker.sock'
}
}
environment {
DOCKER_REGISTRY = 'your-registry.com'
IMAGE_NAME = 'your-app'
KUBECONFIG = credentials('kubeconfig')
}
stages {
stage('Checkout') {
steps {
checkout scm
script {
env.GIT_COMMIT_SHORT = sh(
script: 'git rev-parse --short HEAD',
returnStdout: true
).trim()
}
}
}
stage('Install Dependencies') {
steps {
sh 'npm ci --only=production'
sh 'npm audit --audit-level moderate'
}
}
stage('Code Quality') {
parallel {
stage('Lint') {
steps {
sh 'npm run lint'
}
}
stage('Security Scan') {
steps {
sh 'npm audit --audit-level high'
sh 'npx snyk test --severity-threshold=high'
}
}
stage('Unit Tests') {
steps {
sh 'npm run test:unit -- --coverage'
}
post {
always {
publishTestResults testResultsPattern: 'test-results.xml'
publishCoverageResults coveragePattern: 'coverage/lcov.info'
}
}
}
}
}
stage('Build Application') {
steps {
sh 'npm run build'
archiveArtifacts artifacts: 'dist/**', fingerprint: true
}
}
stage('Docker Build') {
steps {
script {
def image = docker.build("${DOCKER_REGISTRY}/${IMAGE_NAME}:${env.GIT_COMMIT_SHORT}")
docker.withRegistry("https://${DOCKER_REGISTRY}", 'docker-registry-credentials') {
image.push()
image.push('latest')
}
}
}
}
stage('Integration Tests') {
steps {
sh '''
docker-compose -f docker-compose.test.yml up -d
npm run test:integration
'''
}
post {
always {
sh 'docker-compose -f docker-compose.test.yml down -v'
}
}
}
stage('Deploy to Staging') {
when {
branch 'develop'
}
steps {
script {
sh '''
kubectl set image deployment/app-staging \\
app=${DOCKER_REGISTRY}/${IMAGE_NAME}:${GIT_COMMIT_SHORT} \\
--namespace=staging
kubectl rollout status deployment/app-staging --namespace=staging
'''
}
}
}
stage('Deploy to Production') {
when {
branch 'main'
}
steps {
input message: 'Deploy to Production?', ok: 'Deploy'
script {
sh '''
kubectl set image deployment/app-production \\
app=${DOCKER_REGISTRY}/${IMAGE_NAME}:${GIT_COMMIT_SHORT} \\
--namespace=production
kubectl rollout status deployment/app-production --namespace=production
'''
}
}
}
}
post {
always {
cleanWs()
}
success {
slackSend channel: '#deployments',
color: 'good',
message: "✅ Deployment successful: ${env.JOB_NAME} - ${env.BUILD_NUMBER}"
}
failure {
slackSend channel: '#deployments',
color: 'danger',
message: "❌ Deployment failed: ${env.JOB_NAME} - ${env.BUILD_NUMBER}"
}
}
}Automatic build triggers based on Git events.
# Jenkins webhook URL format
https://your-jenkins.com/github-webhook/
# GitHub repository settings:
# Settings → Webhooks → Add webhook
# Payload URL: https://your-jenkins.com/github-webhook/
# Content type: application/json
# Events: Push, Pull request// In Jenkins job configuration
properties([
pipelineTriggers([
githubPush(),
pollSCM('H/15 * * * *'), // Fallback polling
upstream(threshold: 'SUCCESS', upstreamProjects: 'dependency-project')
])
])
// Branch-specific triggers
when {
anyOf {
branch 'main'
branch 'develop'
changeRequest target: 'main'
}
}Automatic pipeline creation for branches and pull requests.
// Jenkinsfile in repository root
// Automatically detected by multibranch pipeline
pipeline {
agent any
stages {
stage('Branch Strategy') {
steps {
script {
if (env.BRANCH_NAME == 'main') {
echo 'Production deployment pipeline'
// Production-specific steps
} else if (env.BRANCH_NAME == 'develop') {
echo 'Staging deployment pipeline'
// Staging-specific steps
} else if (env.CHANGE_ID) {
echo 'Pull request validation pipeline'
// PR validation steps
} else {
echo 'Feature branch pipeline'
// Feature development steps
}
}
}
}
}
}withCredentials([
string(credentialsId: 'api-key', variable: 'API_KEY'),
usernamePassword(credentialsId: 'db-creds',
usernameVariable: 'DB_USER',
passwordVariable: 'DB_PASS')
]) {
sh 'deploy-script.sh'
}pipeline {
agent any
options {
buildDiscarder(logRotator(
numToKeepStr: '10',
artifactNumToKeepStr: '5'
))
}
stages {
stage('Cache Dependencies') {
steps {
cache(maxCacheSize: 250, caches: [
arbitraryFileCache(
path: 'node_modules',
fingerprint: 'package-lock.json'
)
]) {
sh 'npm ci'
}
}
}
}
}post {
always {
script {
def buildDuration = currentBuild.duration
def buildResult = currentBuild.result ?: 'SUCCESS'
// Send metrics to monitoring system
httpRequest(
httpMode: 'POST',
url: 'https://metrics-api.com/jenkins-builds',
requestBody: """
{
"job": "${env.JOB_NAME}",
"build": ${env.BUILD_NUMBER},
"duration": ${buildDuration},
"result": "${buildResult}",
"timestamp": "${System.currentTimeMillis()}"
}
"""
)
}
}
}Docker containerization enables consistent, portable, and scalable deployment workflows. Master container-based Git workflows, registry management, and enterprise deployment strategies.
Git repository with Dockerfile and application code
Docker build triggered by Git events
Tagged images pushed to container registry
Automated deployment to target environments
Optimize image size and security with multi-stage builds
# Build stage
FROM node:16-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production && npm cache clean --force
# Copy source and build
COPY . .
RUN npm run build
# Production stage
FROM node:16-alpine AS production
WORKDIR /app
# Create non-root user
RUN addgroup -g 1001 -S nodejs && \
adduser -S nextjs -u 1001
# Copy built application
COPY --from=builder --chown=nextjs:nodejs /app/dist ./dist
COPY --from=builder --chown=nextjs:nodejs /app/node_modules ./node_modules
COPY --from=builder --chown=nextjs:nodejs /app/package.json ./package.json
# Security and optimization
RUN npm prune --production && \
npm cache clean --force
USER nextjs
EXPOSE 3000
# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD curl -f http://localhost:3000/health || exit 1
CMD ["npm", "start"]Security-hardened container with vulnerability scanning integration
# Use official base image with known security profile
FROM python:3.11-slim-bullseye AS base
# Install security updates
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y --no-install-recommends \
curl \
ca-certificates && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Create non-root user early
RUN groupadd -r appuser && useradd -r -g appuser appuser
# Set working directory
WORKDIR /app
# Install dependencies as root, then switch to non-root
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt && \
pip install --no-cache-dir gunicorn[gevent]
# Copy application code
COPY --chown=appuser:appuser . .
# Switch to non-root user
USER appuser
# Expose port (non-privileged)
EXPOSE 8080
# Add labels for metadata
LABEL maintainer="devops@company.com" \
version="1.0" \
description="Secure Python application container"
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8080/health || exit 1
# Use exec form for better signal handling
CMD ["gunicorn", "--bind", "0.0.0.0:8080", "--workers", "4", "app:application"]Complete development stack with hot reload and debugging capabilities
version: '3.8'
services:
app:
build:
context: .
dockerfile: Dockerfile.dev
ports:
- "3000:3000"
- "9229:9229" # Node.js debugger
volumes:
- .:/app
- /app/node_modules
environment:
- NODE_ENV=development
- DEBUG=app:*
depends_on:
- postgres
- redis
networks:
- app-network
postgres:
image: postgres:14-alpine
environment:
POSTGRES_DB: appdb
POSTGRES_USER: developer
POSTGRES_PASSWORD: devpass
volumes:
- postgres_data:/var/lib/postgresql/data
- ./scripts/init-db.sql:/docker-entrypoint-initdb.d/init.sql
ports:
- "5432:5432"
networks:
- app-network
redis:
image: redis:7-alpine
ports:
- "6379:6379"
volumes:
- redis_data:/data
networks:
- app-network
nginx:
image: nginx:alpine
ports:
- "80:80"
volumes:
- ./nginx.dev.conf:/etc/nginx/nginx.conf
depends_on:
- app
networks:
- app-network
volumes:
postgres_data:
redis_data:
networks:
app-network:
driver: bridgeIsolated testing environment with test databases and services
version: '3.8'
services:
test-app:
build:
context: .
dockerfile: Dockerfile.test
environment:
- NODE_ENV=test
- DATABASE_URL=postgresql://test:test@test-db:5432/testdb
- REDIS_URL=redis://test-redis:6379
depends_on:
test-db:
condition: service_healthy
test-redis:
condition: service_started
volumes:
- ./test-results:/app/test-results
- ./coverage:/app/coverage
command: npm run test:ci
networks:
- test-network
test-db:
image: postgres:14-alpine
environment:
POSTGRES_DB: testdb
POSTGRES_USER: test
POSTGRES_PASSWORD: test
healthcheck:
test: ["CMD-SHELL", "pg_isready -U test"]
interval: 5s
timeout: 5s
retries: 5
tmpfs:
- /var/lib/postgresql/data
networks:
- test-network
test-redis:
image: redis:7-alpine
tmpfs:
- /data
networks:
- test-network
networks:
test-network:
driver: bridgeImplement consistent tagging for version control and deployment tracking
# Automated tagging script in CI/CD
#!/bin/bash
# Get Git information
GIT_COMMIT=$(git rev-parse --short HEAD)
GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
GIT_TAG=$(git describe --tags --exact-match 2>/dev/null || echo "")
# Registry configuration
REGISTRY="your-registry.com"
IMAGE_NAME="your-app"
# Base image name
BASE_IMAGE="${REGISTRY}/${IMAGE_NAME}"
# Build and tag strategies
if [ "$GIT_BRANCH" = "main" ]; then
# Production tags
docker build -t "${BASE_IMAGE}:${GIT_COMMIT}" .
docker build -t "${BASE_IMAGE}:latest" .
# If tagged release
if [ ! -z "$GIT_TAG" ]; then
docker build -t "${BASE_IMAGE}:${GIT_TAG}" .
docker build -t "${BASE_IMAGE}:stable" .
fi
elif [ "$GIT_BRANCH" = "develop" ]; then
# Development tags
docker build -t "${BASE_IMAGE}:dev-${GIT_COMMIT}" .
docker build -t "${BASE_IMAGE}:develop" .
else
# Feature branch tags
BRANCH_CLEAN=$(echo $GIT_BRANCH | sed 's/[^a-zA-Z0-9]/-/g')
docker build -t "${BASE_IMAGE}:${BRANCH_CLEAN}-${GIT_COMMIT}" .
fi
# Push all built images
docker images "${BASE_IMAGE}" --format "{{.Repository}}:{{.Tag}}" | \
grep -v "<none>" | \
xargs -I {} docker push {}Automated cleanup policies to manage storage and maintain security
#!/usr/bin/env python3
"""
Container registry cleanup automation
Removes old images based on age and retention policies
"""
import requests
import json
from datetime import datetime, timedelta
import os
class RegistryCleanup:
def __init__(self, registry_url, username, token):
self.registry_url = registry_url
self.auth = (username, token)
self.retention_policies = {
'production': timedelta(days=90), # Keep prod images 90 days
'staging': timedelta(days=30), # Keep staging 30 days
'development': timedelta(days=7), # Keep dev 7 days
'feature': timedelta(days=3), # Keep feature 3 days
}
def get_image_tags(self, repository):
"""Get all tags for a repository"""
url = f"{self.registry_url}/v2/{repository}/tags/list"
response = requests.get(url, auth=self.auth)
return response.json().get('tags', [])
def get_tag_metadata(self, repository, tag):
"""Get metadata for a specific tag"""
url = f"{self.registry_url}/v2/{repository}/manifests/{tag}"
headers = {'Accept': 'application/vnd.docker.distribution.manifest.v2+json'}
response = requests.get(url, auth=self.auth, headers=headers)
return response.json()
def determine_tag_type(self, tag):
"""Classify tag based on naming convention"""
if tag in ['latest', 'stable']:
return 'production'
elif tag.startswith('dev-') or tag == 'develop':
return 'development'
elif tag.startswith('staging-'):
return 'staging'
elif '-' in tag and not any(x in tag for x in ['v', 'stable', 'latest']):
return 'feature'
else:
return 'production' # Default to production for safety
def cleanup_repository(self, repository):
"""Clean up old images in a repository"""
tags = self.get_image_tags(repository)
deleted_count = 0
for tag in tags:
tag_type = self.determine_tag_type(tag)
retention_period = self.retention_policies.get(tag_type, timedelta(days=90))
# Skip protected tags
if tag in ['latest', 'stable']:
continue
# Get tag creation date (simplified - would need manifest inspection)
# For demo purposes, using tag name pattern
cutoff_date = datetime.now() - retention_period
# In real implementation, would parse manifest creation date
# This is a simplified example
if self.should_delete_tag(repository, tag, cutoff_date):
if self.delete_tag(repository, tag):
deleted_count += 1
print(f"Deleted {repository}:{tag}")
return deleted_count
def should_delete_tag(self, repository, tag, cutoff_date):
"""Determine if tag should be deleted based on age and policies"""
# Implementation would check manifest creation date
# This is simplified for demonstration
return True # Placeholder
def delete_tag(self, repository, tag):
"""Delete a specific tag"""
try:
# Get manifest digest
url = f"{self.registry_url}/v2/{repository}/manifests/{tag}"
headers = {'Accept': 'application/vnd.docker.distribution.manifest.v2+json'}
response = requests.get(url, auth=self.auth, headers=headers)
digest = response.headers.get('Docker-Content-Digest')
if digest:
# Delete by digest
delete_url = f"{self.registry_url}/v2/{repository}/manifests/{digest}"
delete_response = requests.delete(delete_url, auth=self.auth)
return delete_response.status_code == 202
except Exception as e:
print(f"Error deleting {repository}:{tag}: {e}")
return False
if __name__ == "__main__":
cleanup = RegistryCleanup(
registry_url=os.getenv('REGISTRY_URL'),
username=os.getenv('REGISTRY_USER'),
token=os.getenv('REGISTRY_TOKEN')
)
repositories = ['app/frontend', 'app/backend', 'app/worker']
for repo in repositories:
print(f"Cleaning up {repo}...")
deleted = cleanup.cleanup_repository(repo)
print(f"Deleted {deleted} old images from {repo}")
Integrate security scanning into your container CI/CD pipeline
# .github/workflows/container-security.yml
name: Container Security Scan
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Build Docker image
run: |
docker build -t security-test:${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'security-test:${{ github.sha }}'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Run Snyk container scan
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: security-test:${{ github.sha }}
args: --severity-threshold=high --file=Dockerfile
- name: Run Docker Bench Security
run: |
docker run --rm --net host --pid host --userns host --cap-add audit_control \
-e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
-v /var/lib:/var/lib:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /etc:/etc:ro --label docker_bench_security \
docker/docker-bench-security
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: 'trivy-results.sarif'
- name: Fail on high severity vulnerabilities
run: |
HIGH_VULNS=$(docker run --rm -v "$(pwd):/workspace" \
aquasec/trivy image --quiet --format json security-test:${{ github.sha }} | \
jq '[.Results[]?.Vulnerabilities[]? | select(.Severity=="HIGH" or .Severity=="CRITICAL")] | length')
if [ "$HIGH_VULNS" -gt 0 ]; then
echo "Found $HIGH_VULNS high/critical vulnerabilities"
exit 1
fiMonitor container behavior and enforce security policies at runtime
# falco-rules.yaml - Container security monitoring
- rule: Unauthorized Process in Container
desc: Detect unauthorized processes running in containers
condition: >
spawned_process and
container and
not proc.name in (authorized_processes)
output: >
Unauthorized process in container
(user=%user.name command=%proc.cmdline container=%container.name)
priority: WARNING
- rule: Container Drift Detection
desc: Detect if container is running different binary than expected
condition: >
spawned_process and
container and
not proc.exe in (expected_binaries) and
not proc.name in (package_mgmt_binaries)
output: >
Container drift detected
(user=%user.name command=%proc.cmdline container=%container.name)
priority: ERROR
- rule: Sensitive File Access
desc: Monitor access to sensitive files in containers
condition: >
open_read and
container and
fd.name in (sensitive_files)
output: >
Sensitive file accessed in container
(user=%user.name file=%fd.name container=%container.name)
priority: WARNING
- list: authorized_processes
items: [node, npm, python, gunicorn, nginx]
- list: expected_binaries
items: [/usr/local/bin/node, /usr/bin/python3, /usr/sbin/nginx]
- list: sensitive_files
items: [/etc/passwd, /etc/shadow, /root/.ssh, /home/*/.ssh]Master multi-cloud deployment strategies with infrastructure as code, automated scaling, and Git-driven deployment workflows across AWS, Azure, and Google Cloud Platform.
Unified infrastructure provisioning across all cloud providers with Git-driven workflows.
# terraform/main.tf - Multi-cloud infrastructure
terraform {
required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0"
}
google = {
source = "hashicorp/google"
version = "~> 4.0"
}
}
}
# AWS EKS Cluster
module "aws_eks" {
source = "./modules/aws-eks"
cluster_name = "app-${var.environment}-aws"
cluster_version = "1.27"
tags = {
Environment = var.environment
GitCommit = var.git_commit
ManagedBy = "terraform"
}
}Declarative GitOps continuous delivery for Kubernetes across multiple clouds.
# argocd/applications/multi-cloud-app.yml
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: multi-cloud-app
namespace: argocd
spec:
generators:
- clusters:
selector:
matchLabels:
environment: production
template:
metadata:
name: '{{.path.basename}}-{{.name}}'
spec:
project: default
source:
repoURL: https://github.com/company/k8s-manifests
targetRevision: HEAD
path: '{{.path.path}}'
destination:
server: '{{.server}}'
namespace: '{{.path.basename}}'
syncPolicy:
automated:
prune: true
selfHeal: trueDeploy serverless functions across AWS Lambda, Azure Functions, and Google Cloud Functions.
# serverless.yml - Multi-cloud serverless deployment
service: multi-cloud-api
provider:
name: ${opt:provider, 'aws'}
runtime: nodejs18.x
stage: ${opt:stage, 'dev'}
environment:
GIT_COMMIT: ${env:GITHUB_SHA, 'local'}
GIT_BRANCH: ${env:GITHUB_REF_NAME, 'local'}
functions:
api:
handler: src/handler.api
events:
- http:
path: /{proxy+}
method: ANY
cors: trueImplement comprehensive monitoring, logging, and alerting systems to ensure reliable deployment pipelines and application performance across your enterprise automation workflows.
Time-series data providing quantitative insights into system performance and business metrics.
Structured logs and events providing detailed context about system behavior and user actions.
End-to-end request tracking showing the complete journey through distributed systems.
Complete open-source monitoring solution with custom metrics and alerting.
# prometheus/jenkins-monitoring.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus-jenkins-config
data:
prometheus.yml: |
global:
scrape_interval: 15s
evaluation_interval: 15s
rule_files:
- "jenkins_rules.yml"
scrape_configs:
- job_name: 'jenkins'
metrics_path: '/prometheus/'
static_configs:
- targets: ['jenkins:8080']
scrape_interval: 30s
- job_name: 'jenkins-nodes'
static_configs:
- targets: ['jenkins-agent-1:8080', 'jenkins-agent-2:8080']
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
---
apiVersion: v1
kind: ConfigMap
metadata:
name: jenkins-alerting-rules
data:
jenkins_rules.yml: |
groups:
- name: jenkins_pipeline_alerts
rules:
- alert: JenkinsPipelineFailure
expr: jenkins_builds_failed_build_count > 0
for: 0m
labels:
severity: warning
service: jenkins
annotations:
summary: "Jenkins pipeline failed"
description: "Pipeline {{ $labels.job }} failed with {{ $value }} failures"
- alert: JenkinsHighQueueTime
expr: jenkins_queue_size_value > 10
for: 5m
labels:
severity: warning
annotations:
summary: "Jenkins queue is growing"
description: "Jenkins has {{ $value }} jobs queued for over 5 minutes"
- alert: JenkinsNodeOffline
expr: jenkins_node_online_value == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Jenkins node offline"
description: "Jenkins node {{ $labels.node }} has been offline for over 1 minute"{
"dashboard": {
"title": "CI/CD Pipeline Monitoring",
"panels": [
{
"title": "Pipeline Success Rate",
"type": "stat",
"targets": [
{
"expr": "100 * (jenkins_builds_success_build_count / (jenkins_builds_success_build_count + jenkins_builds_failed_build_count))",
"legendFormat": "Success Rate %"
}
],
"fieldConfig": {
"defaults": {
"thresholds": {
"steps": [
{"color": "red", "value": 0},
{"color": "yellow", "value": 80},
{"color": "green", "value": 95}
]
}
}
}
},
{
"title": "Deployment Frequency",
"type": "graph",
"targets": [
{
"expr": "rate(jenkins_builds_success_build_count[1h])",
"legendFormat": "Deployments per hour"
}
]
},
{
"title": "Pipeline Duration",
"type": "heatmap",
"targets": [
{
"expr": "histogram_quantile(0.95, rate(jenkins_builds_duration_milliseconds_bucket[5m]))",
"legendFormat": "95th percentile"
}
]
},
{
"title": "Git Repository Activity",
"type": "table",
"targets": [
{
"expr": "jenkins_builds_last_build_number by (job)",
"format": "table"
}
]
}
]
}
}Centralized logging with Elasticsearch, Logstash, and Kibana for comprehensive log analysis.
# logstash/pipeline-logs.conf
input {
beats {
port => 5044
}
# Jenkins logs
file {
path => "/var/log/jenkins/jenkins.log"
type => "jenkins"
codec => multiline {
pattern => "^\d{4}-\d{2}-\d{2}"
negate => true
what => "previous"
}
}
# Docker container logs
docker {
type => "docker"
}
# Kubernetes logs
http {
port => 8080
type => "kubernetes"
}
}
filter {
if [type] == "jenkins" {
grok {
match => {
"message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{GREEDYDATA:message}"
}
}
if "BUILD" in [message] {
grok {
match => {
"message" => "BUILD (?SUCCESS|FAILURE|UNSTABLE) %{GREEDYDATA:build_info}"
}
add_tag => ["build_event"]
}
}
if "GIT" in [message] {
grok {
match => {
"message" => "GIT (?\w+) (?[\w\-\/]+) (?\w+)"
}
add_tag => ["git_event"]
}
}
}
if [type] == "docker" {
json {
source => "message"
}
mutate {
add_field => { "container_name" => "%{[attrs][name]}" }
add_field => { "image_name" => "%{[attrs][image]}" }
}
}
# Parse Git commit information
if [git_commit] {
mutate {
add_field => { "commit_short" => "%{[git_commit][0..6]}" }
}
}
# Add deployment stage classification
if [container_name] =~ /staging/ {
mutate { add_field => { "environment" => "staging" } }
} else if [container_name] =~ /production/ {
mutate { add_field => { "environment" => "production" } }
} else {
mutate { add_field => { "environment" => "development" } }
}
}
output {
elasticsearch {
hosts => ["elasticsearch:9200"]
index => "cicd-logs-%{+YYYY.MM.dd}"
template_name => "cicd-template"
template => "/etc/logstash/templates/cicd-template.json"
}
# Send alerts for critical events
if [level] == "ERROR" or [build_result] == "FAILURE" {
http {
url => "https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK"
http_method => "post"
format => "json"
mapping => {
"text" => "Pipeline Alert: %{message}"
"channel" => "#devops-alerts"
}
}
}
stdout { codec => rubydebug }
} Track requests across microservices and deployment pipelines.
// instrumentation.js - OpenTelemetry setup for Node.js
const { NodeSDK } = require('@opentelemetry/sdk-node');
const { getNodeAutoInstrumentations } = require('@opentelemetry/auto-instrumentations-node');
const { JaegerExporter } = require('@opentelemetry/exporter-jaeger');
const { Resource } = require('@opentelemetry/resources');
const { SemanticResourceAttributes } = require('@opentelemetry/semantic-conventions');
// Configure the SDK
const sdk = new NodeSDK({
resource: new Resource({
[SemanticResourceAttributes.SERVICE_NAME]: 'deployment-service',
[SemanticResourceAttributes.SERVICE_VERSION]: process.env.GIT_COMMIT || 'unknown',
[SemanticResourceAttributes.DEPLOYMENT_ENVIRONMENT]: process.env.ENVIRONMENT || 'development',
}),
traceExporter: new JaegerExporter({
endpoint: process.env.JAEGER_ENDPOINT || 'http://jaeger:14268/api/traces',
}),
instrumentations: [getNodeAutoInstrumentations({
'@opentelemetry/instrumentation-fs': {
enabled: false, // Disable file system tracing to reduce noise
},
})],
});
// Initialize the SDK
sdk.start();
// Pipeline tracing example
const opentelemetry = require('@opentelemetry/api');
class PipelineTracer {
constructor() {
this.tracer = opentelemetry.trace.getTracer('pipeline-tracer');
}
async executePipelineStage(stageName, stageFunction, context = {}) {
const span = this.tracer.startSpan(`pipeline.${stageName}`, {
attributes: {
'pipeline.stage': stageName,
'git.commit': process.env.GIT_COMMIT,
'git.branch': process.env.GIT_BRANCH,
'pipeline.id': context.pipelineId,
...context
}
});
try {
const result = await stageFunction();
span.setStatus({ code: opentelemetry.SpanStatusCode.OK });
span.setAttributes({
'pipeline.result': 'success',
'pipeline.duration_ms': Date.now() - span.startTime
});
return result;
} catch (error) {
span.recordException(error);
span.setStatus({
code: opentelemetry.SpanStatusCode.ERROR,
message: error.message
});
span.setAttributes({
'pipeline.result': 'failure',
'error.type': error.constructor.name,
'error.message': error.message
});
throw error;
} finally {
span.end();
}
}
async traceDeployment(deploymentConfig) {
const deploymentSpan = this.tracer.startSpan('deployment.execute', {
attributes: {
'deployment.target': deploymentConfig.target,
'deployment.strategy': deploymentConfig.strategy,
'service.name': deploymentConfig.serviceName,
'service.version': deploymentConfig.version
}
});
return opentelemetry.context.with(
opentelemetry.trace.setSpan(opentelemetry.context.active(), deploymentSpan),
async () => {
try {
// Trace each deployment step
await this.executePipelineStage('validate', () => validateDeployment(deploymentConfig));
await this.executePipelineStage('deploy', () => executeDeployment(deploymentConfig));
await this.executePipelineStage('verify', () => verifyDeployment(deploymentConfig));
deploymentSpan.setStatus({ code: opentelemetry.SpanStatusCode.OK });
} catch (error) {
deploymentSpan.recordException(error);
deploymentSpan.setStatus({
code: opentelemetry.SpanStatusCode.ERROR,
message: error.message
});
throw error;
} finally {
deploymentSpan.end();
}
}
);
}
}
module.exports = { PipelineTracer };# alertmanager/alertmanager.yml
global:
smtp_smarthost: 'smtp.gmail.com:587'
smtp_from: 'alerts@company.com'
route:
group_by: ['alertname', 'environment']
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
receiver: 'web.hook'
routes:
- match:
severity: critical
environment: production
receiver: 'critical-alerts'
group_wait: 10s
repeat_interval: 1m
- match:
severity: warning
receiver: 'warning-alerts'
- match:
service: jenkins
receiver: 'devops-team'
receivers:
- name: 'web.hook'
webhook_configs:
- url: 'http://webhook-service:5000/alerts'
- name: 'critical-alerts'
pagerduty_configs:
- service_key: 'YOUR_PAGERDUTY_SERVICE_KEY'
description: '{{ range .Alerts }}{{ .Annotations.summary }}{{ end }}'
slack_configs:
- api_url: 'YOUR_SLACK_WEBHOOK_URL'
channel: '#critical-alerts'
title: 'Critical Alert: {{ .GroupLabels.alertname }}'
text: '{{ range .Alerts }}{{ .Annotations.description }}{{ end }}'
- name: 'warning-alerts'
slack_configs:
- api_url: 'YOUR_SLACK_WEBHOOK_URL'
channel: '#devops-warnings'
title: 'Warning: {{ .GroupLabels.alertname }}'
- name: 'devops-team'
email_configs:
- to: 'devops-team@company.com'
subject: 'DevOps Alert: {{ .GroupLabels.alertname }}'
body: |
{{ range .Alerts }}
Alert: {{ .Annotations.summary }}
Description: {{ .Annotations.description }}
Pipeline: {{ .Labels.job }}
Environment: {{ .Labels.environment }}
{{ end }}
inhibit_rules:
- source_match:
severity: 'critical'
target_match:
severity: 'warning'
equal: ['alertname', 'environment']Build a complete enterprise automation workflow combining Jenkins, Docker, multi-cloud deployment, and comprehensive monitoring. This hands-on lab simulates a real-world enterprise environment with production-grade tools and practices.
You'll deploy a microservices-based e-commerce platform across multiple cloud environments with full automation, monitoring, and compliance requirements.
Multi-branch strategy with automated testing
Enterprise CI/CD with multi-stage deployment
Multi-stage Docker builds and registry management
AWS, Azure, and GCP deployment strategies
Full observability with metrics, logs, and tracing
Vulnerability scanning and compliance automation
Set up a multi-service repository with enterprise branch protection and workflow policies.
# Create enterprise e-commerce repository
git init enterprise-ecommerce
cd enterprise-ecommerce
# Create microservices structure
mkdir -p {services/{frontend,backend,payment,inventory},infrastructure/{terraform,kubernetes,jenkins},monitoring/{prometheus,grafana}}
# Initialize service directories
for service in frontend backend payment inventory; do
mkdir -p services/$service/{src,tests,docker}
echo "# $service Service" > services/$service/README.md
done
# Create branch protection strategy
git checkout -b main
git checkout -b develop
git checkout -b staging
# Set up Git hooks for enterprise compliance
curl -o .git/hooks/pre-commit https://raw.githubusercontent.com/company/git-hooks/main/pre-commit-enterprise
chmod +x .git/hooks/pre-commit
# Create .gitignore for enterprise projects
cat > .gitignore << 'EOF'
# Dependencies
node_modules/
vendor/
.env
.env.local
*.log
# Build artifacts
dist/
build/
target/
*.jar
*.war
# IDE files
.vscode/
.idea/
*.swp
*.swo
# OS files
.DS_Store
Thumbs.db
# Security
*.pem
*.key
credentials.json
secrets/
# Terraform
*.tfstate
*.tfstate.backup
.terraform/
EOF
# Initialize with enterprise standards
git add .
git commit -m "feat: initialize enterprise e-commerce platform
- Multi-service architecture setup
- Branch protection strategy
- Enterprise compliance hooks
- Security-focused .gitignore"Deploy Jenkins with enterprise plugins, security configuration, and multi-agent setup.
# infrastructure/jenkins/docker-compose.yml
version: '3.8'
services:
jenkins-master:
image: jenkins/jenkins:lts
ports:
- "8080:8080"
- "50000:50000"
volumes:
- jenkins_home:/var/jenkins_home
- /var/run/docker.sock:/var/run/docker.sock
- ./jenkins-config:/usr/share/jenkins/ref
environment:
- JAVA_OPTS=-Djenkins.install.runSetupWizard=false
- JENKINS_ADMIN_ID=admin
- JENKINS_ADMIN_PASSWORD=enterprise_password_123
networks:
- jenkins-network
jenkins-agent-docker:
image: jenkins/ssh-agent:latest
privileged: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- JENKINS_AGENT_SSH_PUBKEY=ssh-rsa AAAAB3NzaC1yc2E... # Your SSH public key
networks:
- jenkins-network
jenkins-agent-k8s:
image: jenkins/inbound-agent:latest
environment:
- JENKINS_URL=http://jenkins-master:8080
- JENKINS_SECRET=agent-secret-key
- JENKINS_AGENT_NAME=k8s-agent
- JENKINS_AGENT_WORKDIR=/home/jenkins/agent
networks:
- jenkins-network
volumes:
jenkins_home:
networks:
jenkins-network:
driver: bridge# infrastructure/jenkins/plugins.txt
workflow-aggregator:latest
pipeline-stage-view:latest
docker-workflow:latest
kubernetes:latest
github-branch-source:latest
blueocean:latest
prometheus:latest
slack:latest
sonarqube:latest
owasp-dependency-check:latest
ansible:latest
terraform:latest
aws-credentials:latest
azure-credentials:latest
google-kubernetes-engine:latest
# Install plugins automatically
docker exec jenkins-master jenkins-plugin-cli --plugins-from-file /usr/share/jenkins/ref/plugins.txtProvision Kubernetes clusters across AWS, Azure, and GCP using Terraform.
# infrastructure/terraform/main.tf
terraform {
required_version = ">= 1.0"
backend "s3" {
bucket = "enterprise-terraform-state"
key = "ecommerce/terraform.tfstate"
region = "us-west-2"
}
required_providers {
aws = { source = "hashicorp/aws", version = "~> 5.0" }
azurerm = { source = "hashicorp/azurerm", version = "~> 3.0" }
google = { source = "hashicorp/google", version = "~> 4.0" }
}
}
# Variables
variable "environment" { default = "production" }
variable "git_commit" { type = string }
# AWS EKS Cluster
module "aws_infrastructure" {
source = "./modules/aws"
environment = var.environment
git_commit = var.git_commit
cluster_config = {
name = "ecommerce-${var.environment}-aws"
version = "1.27"
node_groups = {
general = {
instance_types = ["t3.medium"]
desired_size = 2
max_size = 10
min_size = 1
}
memory_optimized = {
instance_types = ["r5.large"]
desired_size = 1
max_size = 5
min_size = 0
}
}
}
monitoring_enabled = true
backup_enabled = true
}
# Azure AKS Cluster
module "azure_infrastructure" {
source = "./modules/azure"
environment = var.environment
git_commit = var.git_commit
cluster_config = {
name = "ecommerce-${var.environment}-azure"
kubernetes_version = "1.27.3"
node_pools = [
{
name = "default"
vm_size = "Standard_DS2_v2"
node_count = 2
}
]
}
}
# GCP GKE Cluster
module "gcp_infrastructure" {
source = "./modules/gcp"
environment = var.environment
git_commit = var.git_commit
cluster_config = {
name = "ecommerce-${var.environment}-gcp"
location = "us-central1"
node_pools = [
{
name = "general-pool"
machine_type = "e2-medium"
node_count = 2
}
]
}
}
# Outputs for Jenkins integration
output "cluster_endpoints" {
value = {
aws = module.aws_infrastructure.cluster_endpoint
azure = module.azure_infrastructure.cluster_fqdn
gcp = module.gcp_infrastructure.cluster_endpoint
}
}Build a React-based frontend with enterprise-grade Dockerfile and CI/CD integration.
# services/frontend/Dockerfile
# Multi-stage build for production optimization
FROM node:18-alpine AS dependencies
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production && npm cache clean --force
FROM node:18-alpine AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
RUN npm run test -- --coverage --watchAll=false
FROM nginx:alpine AS production
WORKDIR /usr/share/nginx/html
# Copy built application
COPY --from=build /app/build .
COPY --from=build /app/nginx.conf /etc/nginx/nginx.conf
# Security hardening
RUN addgroup -g 1001 -S nodejs && adduser -S nextjs -u 1001
RUN chown -R nextjs:nodejs /usr/share/nginx/html
RUN chmod -R 755 /usr/share/nginx/html
# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD curl -f http://localhost:80/health || exit 1
# Labels for tracking
LABEL maintainer="devops@enterprise.com"
LABEL version="1.0"
LABEL git.commit="${GIT_COMMIT}"
LABEL build.date="${BUILD_DATE}"
USER nextjs
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]{
"name": "ecommerce-frontend",
"version": "1.0.0",
"description": "Enterprise E-Commerce Frontend Service",
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"test": "react-scripts test",
"test:coverage": "npm test -- --coverage --watchAll=false",
"lint": "eslint src/ --ext .js,.jsx,.ts,.tsx",
"lint:fix": "eslint src/ --ext .js,.jsx,.ts,.tsx --fix",
"security:audit": "npm audit --audit-level moderate",
"docker:build": "docker build -t ecommerce-frontend:${GIT_COMMIT:-latest} .",
"docker:scan": "docker scan ecommerce-frontend:${GIT_COMMIT:-latest}"
},
"dependencies": {
"react": "^18.2.0",
"react-dom": "^18.2.0",
"react-router-dom": "^6.8.0",
"axios": "^1.3.0",
"@opentelemetry/api": "^1.4.0",
"@opentelemetry/sdk-web": "^1.13.0"
},
"devDependencies": {
"react-scripts": "5.0.1",
"@testing-library/react": "^13.4.0",
"@testing-library/jest-dom": "^5.16.5",
"eslint": "^8.36.0",
"eslint-config-react-app": "^7.0.1"
},
"jest": {
"collectCoverageFrom": [
"src/**/*.{js,jsx,ts,tsx}",
"!src/index.js",
"!src/setupTests.js"
],
"coverageThreshold": {
"global": {
"branches": 80,
"functions": 80,
"lines": 80,
"statements": 80
}
}
},
"eslintConfig": {
"extends": ["react-app", "react-app/jest"]
}
}Implement a Node.js backend with comprehensive monitoring and security features.
// services/backend/src/server.js
const express = require('express');
const prometheus = require('prom-client');
const opentelemetry = require('@opentelemetry/api');
const { NodeSDK } = require('@opentelemetry/sdk-node');
const { getNodeAutoInstrumentations } = require('@opentelemetry/auto-instrumentations-node');
// Initialize OpenTelemetry
const sdk = new NodeSDK({
instrumentations: [getNodeAutoInstrumentations()],
});
sdk.start();
const app = express();
const PORT = process.env.PORT || 3001;
// Prometheus metrics
const httpRequestDuration = new prometheus.Histogram({
name: 'http_request_duration_seconds',
help: 'Duration of HTTP requests in seconds',
labelNames: ['method', 'route', 'status'],
buckets: [0.1, 0.5, 1, 2, 5]
});
const httpRequestsTotal = new prometheus.Counter({
name: 'http_requests_total',
help: 'Total number of HTTP requests',
labelNames: ['method', 'route', 'status']
});
const deploymentInfo = new prometheus.Gauge({
name: 'deployment_info',
help: 'Information about the deployment',
labelNames: ['version', 'git_commit', 'environment']
});
// Set deployment info
deploymentInfo.set(
{
version: process.env.npm_package_version || '1.0.0',
git_commit: process.env.GIT_COMMIT || 'unknown',
environment: process.env.NODE_ENV || 'development'
},
1
);
// Middleware
app.use(express.json());
app.use((req, res, next) => {
const start = Date.now();
res.on('finish', () => {
const duration = (Date.now() - start) / 1000;
const route = req.route ? req.route.path : req.path;
httpRequestDuration
.labels(req.method, route, res.statusCode)
.observe(duration);
httpRequestsTotal
.labels(req.method, route, res.statusCode)
.inc();
});
next();
});
// Routes
app.get('/health', (req, res) => {
res.json({
status: 'healthy',
timestamp: new Date().toISOString(),
version: process.env.npm_package_version || '1.0.0',
git_commit: process.env.GIT_COMMIT || 'unknown'
});
});
app.get('/metrics', (req, res) => {
res.set('Content-Type', prometheus.register.contentType);
res.end(prometheus.register.metrics());
});
app.get('/api/products', async (req, res) => {
const tracer = opentelemetry.trace.getActiveTracer();
const span = tracer.startSpan('get_products');
try {
// Simulate database query
const products = [
{ id: 1, name: 'Enterprise Widget', price: 99.99 },
{ id: 2, name: 'Professional Tool', price: 149.99 }
];
span.setAttributes({
'products.count': products.length,
'operation.type': 'database_query'
});
res.json(products);
} catch (error) {
span.recordException(error);
span.setStatus({ code: opentelemetry.SpanStatusCode.ERROR });
res.status(500).json({ error: 'Internal server error' });
} finally {
span.end();
}
});
// Error handling
app.use((err, req, res, next) => {
console.error(err.stack);
res.status(500).json({ error: 'Internal server error' });
});
app.listen(PORT, () => {
console.log(`Backend service running on port ${PORT}`);
console.log(`Health check: http://localhost:${PORT}/health`);
console.log(`Metrics: http://localhost:${PORT}/metrics`);
});Create a comprehensive pipeline that handles all microservices with parallel execution and advanced deployment strategies.
// Jenkinsfile
pipeline {
agent none
environment {
DOCKER_REGISTRY = 'enterprise-registry.company.com'
SONAR_TOKEN = credentials('sonar-token')
SLACK_WEBHOOK = credentials('slack-webhook')
GIT_COMMIT_SHORT = "${env.GIT_COMMIT.take(8)}"
}
stages {
stage('Checkout & Preparation') {
agent any
steps {
checkout scm
script {
env.BUILD_VERSION = "${env.BUILD_NUMBER}-${env.GIT_COMMIT_SHORT}"
env.SERVICES_CHANGED = sh(
script: '''
git diff --name-only HEAD~1 HEAD | grep -E "^services/" | \
cut -d'/' -f2 | sort -u | tr '\n' ',' | sed 's/,$//'
''',
returnStdout: true
).trim()
}
echo "Services changed: ${env.SERVICES_CHANGED}"
}
}
stage('Parallel Service Builds') {
parallel {
stage('Frontend Service') {
when {
anyOf {
changeset "services/frontend/**"
expression { env.SERVICES_CHANGED.contains('frontend') }
expression { params.FORCE_BUILD_ALL == true }
}
}
agent {
docker {
image 'node:18-alpine'
args '-v /var/run/docker.sock:/var/run/docker.sock'
}
}
stages {
stage('Frontend: Install & Test') {
steps {
dir('services/frontend') {
sh 'npm ci'
sh 'npm run lint'
sh 'npm run test:coverage'
sh 'npm run security:audit'
}
}
post {
always {
publishTestResults testResultsPattern: 'services/frontend/coverage/junit.xml'
publishCoverageResults coveragePattern: 'services/frontend/coverage/lcov.info'
}
}
}
stage('Frontend: Build & Scan') {
steps {
dir('services/frontend') {
script {
def image = docker.build(
"${DOCKER_REGISTRY}/ecommerce-frontend:${BUILD_VERSION}",
"--build-arg GIT_COMMIT=${GIT_COMMIT} --build-arg BUILD_DATE='${new Date().toISOString()}' ."
)
// Security scan
sh "trivy image --exit-code 0 --severity HIGH,CRITICAL ${DOCKER_REGISTRY}/ecommerce-frontend:${BUILD_VERSION}"
// Push to registry
docker.withRegistry("https://${DOCKER_REGISTRY}", 'docker-registry-creds') {
image.push()
image.push('latest')
}
}
}
}
}
}
}
stage('Backend Service') {
when {
anyOf {
changeset "services/backend/**"
expression { env.SERVICES_CHANGED.contains('backend') }
expression { params.FORCE_BUILD_ALL == true }
}
}
agent {
docker {
image 'node:18-alpine'
args '-v /var/run/docker.sock:/var/run/docker.sock'
}
}
stages {
stage('Backend: Install & Test') {
steps {
dir('services/backend') {
sh 'npm ci'
sh 'npm run lint'
sh 'npm run test:coverage'
sh 'npm run security:audit'
}
}
}
stage('Backend: SonarQube Analysis') {
steps {
dir('services/backend') {
withSonarQubeEnv('SonarQube') {
sh 'sonar-scanner -Dsonar.projectKey=ecommerce-backend -Dsonar.sources=src'
}
}
}
}
stage('Backend: Build & Scan') {
steps {
dir('services/backend') {
script {
def image = docker.build(
"${DOCKER_REGISTRY}/ecommerce-backend:${BUILD_VERSION}",
"--build-arg GIT_COMMIT=${GIT_COMMIT} ."
)
// Security scanning
sh "docker run --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy:latest image --exit-code 1 --severity CRITICAL ${DOCKER_REGISTRY}/ecommerce-backend:${BUILD_VERSION}"
docker.withRegistry("https://${DOCKER_REGISTRY}", 'docker-registry-creds') {
image.push()
image.push('latest')
}
}
}
}
}
}
}
}
}
stage('Integration Tests') {
agent any
steps {
script {
// Run integration tests with Docker Compose
sh '''
cd integration-tests
docker-compose up -d
sleep 30
npm run test:integration
'''
}
}
post {
always {
sh 'docker-compose -f integration-tests/docker-compose.yml down -v'
publishTestResults testResultsPattern: 'integration-tests/results/*.xml'
}
}
}
stage('Deploy to Staging') {
when {
branch 'develop'
}
agent any
steps {
script {
// Multi-cloud staging deployment
parallel(
'AWS Staging': {
deployToCluster(
cluster: 'aws-staging',
namespace: 'ecommerce-staging',
version: env.BUILD_VERSION
)
},
'Azure Staging': {
deployToCluster(
cluster: 'azure-staging',
namespace: 'ecommerce-staging',
version: env.BUILD_VERSION
)
}
)
}
}
}
stage('Production Deployment Approval') {
when {
branch 'main'
}
agent none
steps {
timeout(time: 30, unit: 'MINUTES') {
input message: 'Deploy to Production?', ok: 'Deploy',
submitterParameter: 'APPROVER',
parameters: [
choice(name: 'DEPLOYMENT_STRATEGY',
choices: ['blue-green', 'canary', 'rolling'],
description: 'Deployment Strategy'),
booleanParam(name: 'RUN_LOAD_TESTS',
defaultValue: true,
description: 'Run load tests after deployment')
]
}
}
}
stage('Production Deployment') {
when {
branch 'main'
}
agent any
steps {
script {
echo "Deploying to production with ${params.DEPLOYMENT_STRATEGY} strategy"
echo "Approved by: ${env.APPROVER}"
// Multi-cloud production deployment
parallel(
'AWS Production': {
deployToProduction(
cloud: 'aws',
strategy: params.DEPLOYMENT_STRATEGY,
version: env.BUILD_VERSION
)
},
'Azure Production': {
deployToProduction(
cloud: 'azure',
strategy: params.DEPLOYMENT_STRATEGY,
version: env.BUILD_VERSION
)
},
'GCP Production': {
deployToProduction(
cloud: 'gcp',
strategy: params.DEPLOYMENT_STRATEGY,
version: env.BUILD_VERSION
)
}
)
}
}
}
stage('Post-Deployment Validation') {
when {
branch 'main'
}
agent any
steps {
script {
if (params.RUN_LOAD_TESTS) {
// Run load tests
sh '''
cd load-tests
k6 run --out influxdb=http://influxdb:8086/k6 production-load-test.js
'''
}
// Health checks across all clouds
sh '''
# Wait for services to be ready
sleep 60
# Check health endpoints
for cloud in aws azure gcp; do
echo "Checking $cloud health..."
curl -f "https://ecommerce-$cloud.company.com/health" || exit 1
done
'''
}
}
}
}
post {
always {
cleanWs()
}
success {
script {
def message = """
✅ *Deployment Successful*
Branch: `${env.BRANCH_NAME}`
Commit: `${env.GIT_COMMIT_SHORT}`
Build: `${env.BUILD_NUMBER}`
Services: `${env.SERVICES_CHANGED ?: 'all'}`
Approver: `${env.APPROVER ?: 'automated'}`
"""
slackSend(channel: '#deployments', color: 'good', message: message)
}
}
failure {
script {
def message = """
❌ *Deployment Failed*
Branch: `${env.BRANCH_NAME}`
Build: `${env.BUILD_NUMBER}`
Stage: `${env.STAGE_NAME}`
"""
slackSend(channel: '#deployments', color: 'danger', message: message)
}
}
}
}
// Helper functions
def deployToCluster(Map config) {
sh """
kubectl config use-context ${config.cluster}
helm upgrade --install ecommerce ./kubernetes/helm-chart \
--namespace ${config.namespace} \
--create-namespace \
--set image.tag=${config.version} \
--set environment=staging \
--wait --timeout=10m
"""
}
def deployToProduction(Map config) {
sh """
kubectl config use-context ${config.cloud}-production
case "${config.strategy}" in
"blue-green")
helm upgrade --install ecommerce-green ./kubernetes/helm-chart \
--namespace ecommerce-production \
--set image.tag=${config.version} \
--set deployment.color=green \
--wait --timeout=15m
# Switch traffic after validation
kubectl patch service ecommerce-service \
-p '{"spec":{"selector":{"color":"green"}}}'
;;
"canary")
helm upgrade --install ecommerce ./kubernetes/helm-chart \
--namespace ecommerce-production \
--set image.tag=${config.version} \
--set deployment.canary.enabled=true \
--set deployment.canary.weight=10 \
--wait --timeout=15m
;;
*)
helm upgrade --install ecommerce ./kubernetes/helm-chart \
--namespace ecommerce-production \
--set image.tag=${config.version} \
--wait --timeout=15m
;;
esac
"""
}Successfully designed and implemented a multi-cloud enterprise architecture
Built comprehensive CI/CD pipelines with advanced deployment strategies
Integrated security scanning and compliance throughout the pipeline
Implemented comprehensive monitoring, logging, and alerting systems