Problem
Manual deployments to a Kubernetes cluster on AWS were error-prone, slow, and missed security checks. Each new microservice required engineers to repeat ~80% of the same setup.
Approach
- Codified the entire AWS substrate (VPC, EKS, IAM, S3) in Terraform — one apply provisions a fresh environment.
- Used Ansible for post-provisioning config (Jenkins, Nexus, SonarQube on a control-plane VM).
- Built a 10+ stage Jenkins pipeline: checkout → unit test → SonarQube → Maven build → Docker build → Trivy scan → Nexus push → Helm deploy to EKS → Prometheus scrape config update.
- Pinned every tool version and wrote pipeline-as-code in Jenkinsfile so onboarding a new service is a copy-paste of ~30 lines.
- Wired Prometheus + Grafana for app and pipeline metrics; alerts for failed deploys and stuck pods.
Outcomes
- Setup time for a new microservice cut by ~80%.
- Deployment effort reduced ~90% via pipeline automation.
- Trivy gate blocks images with critical CVEs from reaching prod.
Learnings
The Terraform + Ansible split is worth it: Terraform owns infra state, Ansible owns config drift. Putting security scanning early (pre-Nexus) means you don't waste artifacts you can't deploy. Helm is great for templating but resist the urge to template everything — keep app-specific values minimal.