Capstone Project: Video Streaming App “Netflix Clone” Deployment & Security with DevOps & DevSecOps tools
Objective: To implement a DevSecOps CI/CD pipeline for deploying a Netflix clone application. It involves incorporating tools like Jenkins, Docker, and Kubernetes and security tools such as Trivy and OWASP Dependency-Check. Additionally, monitoring with Prometheus and Grafana ensures application reliability and performance, while automating the entire deployment pipeline minimizes manual effort and errors. The successful completion of this project will provide hands-on experience in modern DevSecOps practices, focusing on secure, scalable, and automated deployments.
Real-time Scenario: A global video streaming service, StreamFlix, is expanding its user base and aims to provide a seamless viewing experience across different regions. As the company grows, it faces challenges in ensuring secure, scalable, and automated deployment pipelines for its web application. The company struggles with inefficient manual deployments, lack of integrated security tools, insufficient real-time monitoring, and inconsistent container management across environments, risking vulnerabilities, performance issues, and deployment delays. Implementing a DevSecOps CI/CD pipeline with Jenkins, Trivy, and OWASP ensures secure automation, while Prometheus and Grafana provide real-time monitoring. Docker and Kubernetes streamline deployments and enable seamless scaling, enhancing efficiency and reliability.
- Jenkins
- Docker
- Kubernetes
- Trivy
- Owasp
- SonalQube
- Prometheus
- Grafana
- Prepare or fork a GitHub Repository for project related files.
- Launch an Ubuntu EC2-Instance.
- Install Jenkins, Docker, Trivy and create a SonarQube container.
- Create a TMDB API Key.
- Install Prometheus and Grafana on a new Server (EC2-machine).
- Install the Prometheus Plugin and Integrate it with the Prometheus server.
- Email Integration with Jenkins and Plugin setup.
- Install Plugins like JDK, SonarQube Scanner, Nodejs and configure Sonar Server.
- Create a Pipeline Job in Jenkins using a Declarative Pipeline.
- Install OWASP Dependency Check Plugins and Setup.
- Docker setup under Jenkins, Image Build and Push.
- Deploy the Netflix-clone application in Docker using latest image.
- Kubernetes Setup on Ubuntu machine (Master and Worker Node).
- Deploy on Kubernetes and Access the Netflix-clone application on the browser.
Install and setup Jenkins server on Ubuntu EC2 Instance
Setup SonarQube- create a SonarQube container
Install Trivy
Create a TMDB API Key
Install Prometheus and Grafana on a new Server (EC2-machine)
Next, Install Node Exporter on Ubuntu EC2 machine
Next, Grafana
Jenkins Metrics are displayed on Grafana Dashboard as graphs/meters/panels
Email Integration with Jenkins and Plugin setup
Setup Email integrations settings under Jenkins
Install Plugins like JDK, SonarQube Scanner, Nodejs and configure Sonar Server
In the SonarQube Dashboard, need to add a quality gate (webhook)
Create a Pipeline Job in Jenkins using a Declarative Pipeline
Click on Build now to check if the current pipeline job is working
Install OWASP Dependency Check Plugins and Setup in Jenkins
Docker setup under Jenkins, Image Build and Push
After sometime, the job build got completed successfully.
The docker Image was build, tagged and pushed to docker hub properly.
The Trivy Image scan was also completed successfully. PFB the Screenshot:
Docker Hub Repository:
Deploy the Netflix-clone application in Docker using latest image
The “netflix” container is running successfully and is mapped with port 8081 of the ubuntu EC2 machine
Next, access the Netflix-clone application (running in container) on the browser using below URL: http://3.89.122.32:8081
The Netflix-clone Application is getting opened properly on the browser
Kubernetes Setup on Ubuntu machine (Master and Worker Node)
Under Jenkins- install Kubernetes Plugins
Deploy Netflix clone app in Kubernetes cluster and Access the Netflix-clone application on the browser.
Run the fully integrated Jenkins Pipeline Script to deploy app and run security scans.
the Job build was completed with SUCCESS message. The complete Pipeline with all the stages got Passed:
Email Notification sent with SUCCESS msg and Trivy Scan logs attached:
OWASP Dependency Check Results:
SonarQube – Quality Gate Status:
Trivy File System Scan:
Trivy Image Scan:
Monitor & Visualize System Metrics of Jenkins Machine on Grafana Dashboard via Prometheus Data source:
Monitor & Visualize System Metrics of Kubernetes-Master Node on Grafana Dashboard via Prometheus Data source:
Monitor & Visualize System Metrics of Kubernetes-Worker Node on Grafana Dashboard via Prometheus Data source:
Netflix-clone Application Deployed & Running on Kubernetes Cluster:
Hence, The Project implemented a DevSecOps CI/CD pipeline for deploying a Netflix clone application, by incorporating tools like Jenkins, Docker, and Kubernetes for automated deployment. Security tools like SonarQube, Trivy and Owasp dependency check were used for Source Code Analysis, File system scan & image scan and Dependencies check for any vulnerabilities. Additionally for Monitoring of system metrics – Prometheus was used and to visualize metrics on Dashboards/graphs/panels – Grafana was used. The Project has been completed successfully with modern DevSecOps practices to ensure secure, scalable, and automated deployments.