The main objective of this project is to apply Continuous Integration (CI) and Continuous Delivery (CD) concepts in a real-world architectural scenario. We developed a complete automation pipeline for a FastAPI backend and a static frontend, performing automated deployments to a local Kubernetes cluster via Jenkins.

The Problem: Manual software deployments are slow, inconsistent, and highly prone to human error. In a modern development cycle, the manual transition from code to a production-ready cluster creates bottlenecks and security risks.

The Solution: A robust, "Commit-to-Cloud" automated pipeline. Using Jenkins as the central orchestrator, the system automatically detects code changes via Webhooks, builds immutable Docker images, performs security scans with Trivy, and deploys the application into a Kubernetes cluster.

Technical Challenges:

• Local K8s Connectivity: Configuring Jenkins (running as a service) to securely communicate with a local Kubernetes cluster (Rancher Desktop/WSL) using kubeconfig and specific RBAC permissions.
• Webhook Integration: Using ngrok to bridge a local Jenkins instance with GitHub, enabling inbound event triggers for a seamless automation flow.
• Security Gates: Implementing Trivy as a mandatory step to audit container images, allowing the pipeline to fail or notify based on vulnerability severity (HIGH/CRITICAL).

1. Technologies Used
2. Project Structure
3. Phase 1: Project Preparation
4. Phase 2: Containerization (Docker)
5. Phase 3: Kubernetes Manifests
6. Phase 4: Jenkins Automation (Build & Push)
7. Phase 5: Jenkins Deployment (K8s)
8. Phase 6: Extra Challenges (Security & Alerts)
9. Final Testing & Validation
10. Conclusion
11. Contact

• GitHub: Version control and Webhook triggers.
• FastAPI: Python framework for backend development.
• Docker & Docker Hub: Containerization and image registry.
• Jenkins: CI/CD Automation orchestrator.
• Kubernetes (K8s): Rancher Desktop for container orchestration.
• Trivy: Security scanner for vulnerability detection.
• Ngrok: Local tunnel for GitHub Webhook integration.

fullcycle-fastapi-jenkins-k8s/  
├── src/  
│   ├── backend/  
│   │   ├── main.py  
│   │   ├── requirements.txt  
│   │   └── Dockerfile  
│   └── frontend/ # Static assets served by backend  
│       └── index.html  
├── k8s/  
│   ├── backend-deployment.yaml 
│   └── backend-service.yaml    
└── Jenkinsfile  

• GitHub: Repository created with a dev branch for staging and main for production.
• Docker Hub: Account configured for image storage (manaramarcelo).
• Kubernetes: Cluster access verified via kubectl get nodes.

The backend and frontend are bundled into a single optimized Docker image.

• Build & Test: Verified locally at http://localhost:8000.
• 🔗 Full Content: Dockerfile

Standardized deployment files were created to manage replicas and services.

• 📁 View k8s manifests

Configured a Pipeline script from SCM pointing to the Jenkinsfile.

• Trigger: Configured GitHub hook trigger for GITScm polling via Ngrok.
• 🔗 Jenkinsfile

Extended the pipeline to include the deployment stage.

• Access: Jenkins was granted kubeconfig access via "Secret Text" credentials.
• Process: Automated kubectl apply with dynamic image tagging based on BUILD_ID.

• Trivy Scan: Automated stage to detect HIGH and CRITICAL vulnerabilities.
• Slack Notifications: Real-time feedback on pipeline success or security failures.

Access via http://localhost:30001 (NodePort).

• Backend: Verified endpoints /color and /cat.
• Frontend: Verified UI rendering and interaction.
• Alerts: Verified Slack messages for build status.

This project establishes a robust, automated CI/CD pipeline, minimizing manual intervention and maximizing security and delivery speed. It bridges the gap between development and production-grade orchestration.

Marcelo Manara LinkedIn | Portfolio