Netflix Clone – Full DevOps Deployment & Monitoring
This project demonstrates a complete end-to-end DevOps pipeline for deploying a Netflix Clone application, including CI/CD, security scanning, containerization, monitoring, and Kubernetes orchestration. Below are the detailed steps and tools used throughout the process.

Table of Contents
Project Overview
This repository contains a Netflix Clone application built with React and TypeScript. The project demonstrates a robust DevOps workflow, including CI/CD automation, code quality checks, security scanning, containerization, monitoring, and deployment to Kubernetes.
Step 1: Launch EC2 Instance
- Launch an AWS EC2 T2 Large instance with Ubuntu 22.04.
- Enable HTTP/HTTPS in the Security Group and open all ports (for learning/demo purposes).
Step 2: Install Jenkins, Docker, and Trivy
Jenkins Installation
- Install Jenkins using a shell script (
jenkins.sh).
- Open port 8080 for Jenkins access.
- Unlock Jenkins, install suggested plugins, and create an admin user.
Docker Installation
- Install Docker and add your user to the
docker group.
- Run SonarQube in a Docker container for code quality analysis.
Trivy Installation
- Install Trivy for vulnerability scanning of filesystems and Docker images.
Step 3: Create a TMDB API Key
- Register at TMDB and generate an API key for the application.
Step 4: Install Prometheus and Grafana
- Create system users for Prometheus and Node Exporter.
- Download and configure Prometheus for metrics collection.
- Install and configure Node Exporter for system metrics.
- Install Grafana for metrics visualization and connect it to Prometheus.

Step 5: Install the Prometheus Plugin and Integrate it with the Prometheus Server
- Install the Prometheus plugin in Jenkins.
- Add Jenkins as a target in Prometheus for monitoring.
- Import Grafana dashboards for Jenkins metrics visualization.

Step 6: Email Integration With Jenkins and Plugin Setup
- Install the Email Extension plugin in Jenkins.
- Configure Gmail with app passwords for Jenkins notifications.
- Set up email notifications in Jenkins pipeline for build results and reports.

Step 7: Install Plugins like JDK, SonarQube Scanner, NodeJs, OWASP Dependency Check
- Install required Jenkins plugins: Eclipse Temurin Installer, SonarQube Scanner, NodeJs, OWASP Dependency-Check.
- Configure Java and Node.js in Jenkins Global Tool Configuration.
- Create a Jenkins pipeline job for the Netflix Clone.
Step 8: Configure Sonar Server in Manage Jenkins
- Run SonarQube on port 9000 and generate a token for Jenkins integration.
- Add SonarQube server and token in Jenkins credentials and system configuration.
- Set up webhooks for quality gate status notifications.

Step 9: Install OWASP Dependency Check Plugins
- Install and configure the OWASP Dependency-Check plugin in Jenkins.
- Add pipeline stages for OWASP and Trivy filesystem scans.

Step 10: Docker Image Build and Push
- Install Docker-related plugins in Jenkins.
- Add DockerHub credentials in Jenkins.
- Add pipeline stages to build, tag, and push Docker images.
- Run Trivy image scan and store results.
- Deploy the container locally for validation.

Step 11: Kubernetes Setup
- Set up two Ubuntu instances (master and worker) for Kubernetes.
- Install Docker and Kubernetes tools on both.
- Initialize the cluster, set up networking (Flannel), and configure
kubectl.
- Install the Kubernetes plugin in Jenkins and add credentials.
- Install Node Exporter on both master and worker for monitoring.
- Add both nodes as targets in Prometheus.
- Add pipeline stages to deploy the app to Kubernetes using manifests.
Step 12: Monitoring & Access
- Access Prometheus and Grafana dashboards for system and Jenkins metrics.
- Access the deployed Netflix Clone via the public IP and service port.
Step 13: Terminate Instances
- Clean up by terminating AWS EC2 instances when done.
Complete Jenkins Pipeline
Below is the Jenkins pipeline script used for the entire process:
pipeline{
agent any
tools{
jdk 'jdk17'
nodejs 'node16'
}
environment {
SCANNER_HOME=tool 'sonar-scanner'
}
stages {
stage('clean workspace'){
steps{
cleanWs()
}
}
stage('Checkout from Git'){
steps{
git branch: 'main', url: 'https://github.com/jason-liu22/netflix-clone-react-typescript.git'
}
}
stage("Sonarqube Analysis "){
steps{
withSonarQubeEnv('sonar-server') {
sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Netflix \
-Dsonar.projectKey=Netflix '''
}
}
}
stage("quality gate"){
steps {
script {
waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-token'
}
}
}
stage('Install Dependencies') {
steps {
sh "npm install"
}
}
stage('OWASP FS SCAN') {
steps {
dependencyCheck additionalArguments: '--scan ./ --disableYarnAudit --disableNodeAudit', odcInstallation: 'DP-Check'
dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
}
}
stage('TRIVY FS SCAN') {
steps {
sh "trivy fs . > trivyfs.txt"
}
}
stage("Docker Build & Push"){
steps{
script{
withDockerRegistry(credentialsId: 'docker', toolName: 'docker'){
sh "docker build --build-arg TMDB_V3_API_KEY=YOUR_TMDB_API_KEY -t netflix ."
sh "docker tag netflix yourdockerhub/netflix:latest "
sh "docker push yourdockerhub/netflix:latest "
}
}
}
}
stage("TRIVY"){
steps{
sh "trivy image yourdockerhub/netflix:latest > trivyimage.txt"
}
}
stage('Deploy to container'){
steps{
sh 'docker run -d --name netflix -p 8081:80 yourdockerhub/netflix:latest'
}
}
stage('Deploy to kubernets'){
steps{
script{
dir('Kubernetes') {
withKubeConfig(caCertificate: '', clusterName: '', contextName: '', credentialsId: 'k8s', namespace: '', restrictKubeConfigAccess: false, serverUrl: '') {
sh 'kubectl apply -f deployment.yml'
sh 'kubectl apply -f service.yml'
}
}
}
}
}
}
post {
always {
emailext attachLog: true,
subject: "'${currentBuild.result}'",
body: "Project: ${env.JOB_NAME}<br/>" +
"Build Number: ${env.BUILD_NUMBER}<br/>" +
"URL: ${env.BUILD_URL}<br/>",
to: 'your-email@example.com',
attachmentsPattern: 'trivyfs.txt,trivyimage.txt'
}
}
}
License
This project is for educational and demonstration purposes.