A fully automated, production-grade CI/CD pipeline that builds, containerizes, and deploys a Django application to AWS EKS using Helm β with zero-downtime releases, automated rollbacks, and environment-specific configurations.
This project demonstrates end-to-end DevOps engineering by designing and implementing a complete deployment pipeline for a Django web application. The pipeline follows industry best practices for scalability, security, and reliability β simulating a real-world production workflow.
Goal: Eliminate manual deployments. Every
git pushtomaintriggers a fully automated pipeline that tests, builds, publishes, and deploys the application to a managed Kubernetes cluster on AWS.
Developer Push (GitHub)
β
βΌ
βββββββββββββββββββββ
β GitHub Actions β βββ CI/CD Pipeline Trigger
β (CI/CD Workflow) β
ββββββββββ¬βββββββββββ
β
ββββββ΄ββββββ
β β
βΌ βΌ
Build & Run Tests
Lint (Django)
β
βΌ
ββββββββββββββββββββ
β Docker Build & β
β Push to ECR / β
β Docker Hub β
ββββββββββ¬ββββββββββ
β
βΌ
ββββββββββββββββββββ
β Helm Deploy β βββ Upgrade / Rollback
β (django-chart) β
ββββββββββ¬ββββββββββ
β
βΌ
ββββββββββββββββββββ
β AWS EKS β βββ Managed Kubernetes
β (Production) β
ββββββββββββββββββββ
| Layer | Technology | Purpose |
|---|---|---|
| Application | Python / Django | Web framework |
| Containerization | Docker | Build reproducible images |
| Orchestration | Kubernetes (AWS EKS) | Deploy, scale, self-heal |
| Package Management | Helm | Templated K8s manifests |
| CI/CD | GitHub Actions | Automated pipeline |
| Cloud | AWS (EKS, ECR, IAM) | Managed infrastructure |
| Scripting | Bash | Automation utilities |
-
Fully Automated CI/CD β Code merged to
maindeploys to production without manual intervention -
Containerized Workload β Multi-stage Dockerfile with optimized image layers and
.dockerignore -
Helm Chart Packaging β Reusable, configurable K8s deployment via
django-chart/ -
Zero-Downtime Deploys β Rolling update strategy configured in Helm values
-
Automated Rollbacks β Helm's revision history enables instant rollback on failure
-
Entrypoint Automation β
entrypoint.shhandles DB migrations and static file collection at startup -
Environment Separation β Config management for dev/prod via Helm values overrides
-
Security Best Practices β Secrets managed via GitHub Actions secrets, not hardcoded
sai-prj2/
βββ .github/
β βββ workflows/ # GitHub Actions CI/CD pipeline definitions
βββ blog/ # Django app β Blog module
βββ core/ # Django app β Core logic
βββ saikrupax/ # Django project settings & URL routing
βββ django-chart/ # Helm chart for Kubernetes deployment
β βββ templates/ # K8s manifests (Deployment, Service, Ingress, etc.)
β βββ values.yaml # Default Helm values (image, replicas, resources)
βββ scripts/ # Utility shell scripts (cluster setup, helpers)
βββ static/ # Static assets (CSS, JS)
βββ templates/ # Django HTML templates
βββ Dockerfile # Container image definition
βββ entrypoint.sh # Container startup script (migrations, collectstatic)
βββ requirements.txt # Python dependencies
βββ manage.py # Django management entry point
The GitHub Actions workflow is triggered on every push to the main branch:
Stage 1 β Build & Test
Checkout Code β Install Dependencies β Run Django Tests β Lint
Stage 2 β Containerize
Docker Build β Tag Image with Git SHA β Push to Container Registry
Stage 3 β Deploy to EKS
Configure AWS Credentials β Update kubeconfig β Helm Upgrade --install
If the Helm deploy fails, the pipeline exits non-zero and the previous Helm revision remains live β ensuring the application never goes down due to a broken deploy.
- AWS CLI configured with appropriate IAM permissions
kubectlinstalled and configuredhelmv3+- Docker
git clone https://github.com/ak-127/sai-prj2.git
cd sai-prj2# Build the image
docker build -t sai-prj2:local .
# Run the container
docker run -p 8000:8000 \
-e DJANGO_SECRET_KEY=your-secret-key \
-e DEBUG=True \
sai-prj2:localApp will be available at http://localhost:8000
# Authenticate with your EKS cluster
aws eks update-kubeconfig --name <your-cluster-name> --region <aws-region>
# Install / Upgrade the Helm release
helm upgrade --install django-app ./django-chart \
--set image.tag=<your-image-tag> \
--set image.repository=<your-ecr-or-dockerhub-repo> \
--namespace production \
--create-namespace# View release history
helm history django-app
# Rollback to previous version
helm rollback django-app <revision-number>Configure these secrets in your GitHub repository (Settings β Secrets and variables β Actions):
| Secret | Description |
|---|---|
AWS_ACCESS_KEY_ID |
IAM user access key |
AWS_SECRET_ACCESS_KEY |
IAM user secret key |
AWS_REGION |
Target AWS region |
EKS_CLUSTER_NAME |
EKS cluster name |
DOCKER_REGISTRY |
Container registry URL |
DJANGO_SECRET_KEY |
Django secret key for production |
- AWS EKS β Managed Kubernetes control plane; worker nodes auto-scaled via node groups
- Helm β All Kubernetes manifests (Deployment, Service, ConfigMap, HPA) are templated and version-controlled
- Rolling Updates β New pods are created before old ones are terminated, ensuring zero downtime
- Resource Limits β CPU and memory requests/limits defined in Helm values to prevent noisy-neighbor issues
- Health Checks β Liveness and readiness probes configured to ensure traffic only reaches healthy pods
| DevOps Skill | Implementation |
|---|---|
| CI/CD Pipeline Design | GitHub Actions multi-stage workflow |
| Containerization | Optimized Dockerfile with entrypoint scripting |
| Kubernetes | EKS cluster, Deployments, Services, Health Probes |
| Helm Packaging | Custom chart with parameterized values |
| Cloud (AWS) | EKS, ECR, IAM roles & permissions |
| Automation | Shell scripts for cluster operations |
| Release Management | Semantic versioning with 20+ tags |
| Security | Secrets management, no credentials in code |
π Full deployment setup: See DEPLOYMENT.md
Built with a focus on automation, reliability, and production-grade DevOps practices.