Professional DevOps CI/CD Architecture Diagram

Node.js application delivery pipeline with GitHub, Jenkins, SonarQube, Docker, Amazon ECR, Amazon EKS, and Helm.
Author : Ahmad Alabrash
1. Source Control & Trigger Layer GitHub Repository Repo: devops-jenkins-docker-sonarqube Branches / commits / Jenkinsfile / Helm chart Trigger: manual build or SCM polling 2. CI Orchestration Layer Jenkins Server on AWS EC2 Core tools: Git, Node.js, npm, Docker, AWS CLI, kubectl, Helm Credentials: AWS Credentials, SonarQube Token Stages: • Checkout SCM • Check Tools • Install Dependencies • Run Tests (Jest + jest-junit) • Build Docker Image • Push Image to Amazon ECR 3. Code Quality & Gate Layer SonarQube Server on AWS EC2 Components: SonarQube + PostgreSQL Scan target: src + tests Quality Gate: blocks pipeline if failed Webhook: SonarQube → Jenkins Response: waitForQualityGate() 4. Container Registry Layer Amazon ECR Repository: my-nodejs-app Tags pushed: build number + latest Image source of truth for Kubernetes deployments Authentication: aws ecr get-login-password 5. CD / Kubernetes Deployment Layer Amazon EKS Cluster Cluster: nodejs-lofi-walrus Deployment method: Helm release Command: helm upgrade --install my-nodejs-app ./helm/my-nodejs-app Values passed from pipeline: • image.repository = 612990353866.dkr.ecr.eu-central-1.amazonaws.com/my-nodejs-app • image.tag = BUILD_NUMBER Helm creates / manages: • Kubernetes Deployment • Kubernetes Service (LoadBalancer) Helm Chart Package Path: helm/my-nodejs-app Files: • Chart.yaml • values.yaml • templates/deployment.yaml • templates/service.yaml • templates/_helpers.tpl Benefits: • release tracking • easier upgrades / rollbacks Runtime Workload Kubernetes Nodes (EC2 worker nodes) Pod runs Node.js application container Service type: LoadBalancer Traffic flow: Internet → AWS Load Balancer → Service → Pod Image pull source: Amazon ECR 6. Security, Access & Operational Requirements IAM / Access: Jenkins AWS credentials, ECR push permissions, EKS access entry or cluster access policy, SonarQube token, GitHub repository access. Network / Infra: Jenkins EC2, SonarQube EC2, EKS control plane + worker nodes, security groups for 8080/9000/SSH, outbound internet access for package installs and registry access. Tooling requirements: Java for Jenkins/SonarQube, Node.js/npm, Docker daemon running, AWS CLI v2, kubectl, Helm 3, SonarQube webhook configured to Jenkins. Helm deploy after image push Webhook / quality gate response ECR image pulled by EKS workload
Source / Runtime / Kubernetes Context
CI/CD Orchestration & Deployment
Quality & Validation Controls
Registry / Artifact Storage

Pipeline Stages

  • Checkout SCM: Jenkins pulls source code, Jenkinsfile, Dockerfile, and Helm chart from GitHub.
  • Check Tools: Validates runtime dependencies on Jenkins agent: Node.js, npm, Docker, AWS CLI, kubectl, Helm.
  • Install Dependencies: Runs npm install inside Nodejs App.
  • Run Tests: Executes Jest test suite and JUnit-style reporting.
  • SonarQube Scan: Sends source code and test metadata to SonarQube for static analysis.
  • Quality Gate: Jenkins waits until SonarQube returns pass/fail status through webhook.
  • Build Docker Image: Builds application image and tags it with build number and latest.
  • Push to ECR: Authenticates to Amazon ECR and pushes versioned image artifacts.
  • Deploy to EKS with Helm: Updates kubeconfig, validates chart, installs or upgrades Helm release.

Professional Requirements & Best Practices

  • Use separate EC2 instances for Jenkins and SonarQube to isolate workloads.
  • Store AWS and SonarQube credentials in Jenkins Credentials, not in source code.
  • Use ECR as the only trusted image source for Kubernetes deployments.
  • Prefer Helm over raw kubectl create/set image/expose for packaging, upgrades, and rollback readiness.
  • Use SonarQube Quality Gate as a deployment blocker so only validated code reaches EKS.
  • Keep Helm chart version-controlled inside the repository.
  • Next-level enhancements: separate dev/stage/prod values files, ingress, TLS, monitoring, rollback strategy, and GitOps.
This diagram reflects your current working architecture after migrating Kubernetes deployment from raw kubectl commands to Helm-managed releases.