[CI/CD 구성도]
[GitHub Action workflow]
1.Github 리포지토리 생성
Public 으로 front-app-repo 라는 이름으로 Application repository 생성
2.프론트엔드 Github 연동 및 push
cd ~/environment/amazon-eks-frontend
rm -rf .git
export GITHUB_USERNAME=${your-github-username}
cd ~/environment/amazon-eks-frontend
git init
git add .
git commit -m "first commit"
git branch -M main
git remote add origin https://github.com/$GITHUB_USERNAME/front-app-repo.git
git push -u origin main.git push 확인 완료 !
3. IAM 생성 및 정책연동
aws iam create-user --user-name github-action
github-action이라는 이름으로 iam생성
cat <<EOF> ecr-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowPush",
"Effect": "Allow",
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload"
],
"Resource": "arn:aws:ecr:${AWS_REGION}:${ACCOUNT_ID}:repository/dhkim-frontend"
},
{
"Sid": "GetAuthorizationToken",
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken"
],
"Resource": "*"
}
]
}
EOF
ECR리포지토리(dhkim-frontend)에 접근할 수 있도록 IAM Policy작성
aws iam create-policy --policy-name ecr-policy --policy-document file://ecr-policy.json
aws iam attach-user-policy --user-name github-action --policy-arn arn:aws:iam::${ACCOUNT_ID}:policy/ecr-policy
IAM Policy(ecr-policy) 생성 및 IAM(github-action)에 생성한 정책 연결
aws iam create-access-key --user-name github-action
IAM USER Credential생성 (시크릿키,액세스키는 별도저장)
4.GitHub Personal token 설정
상기에 이미지 처럼 설정하고 토큰값 복사하기
5.GitHub Secret 설정
ACTION_TOKEN, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY 리포지토리 생성
각 리포지토리안에 내용을 리포지토리이름에 맞게 설정
6.GitHubAction을 위한 build 스크립트 생성 및 push
cd ~/environment/amazon-eks-frontend
mkdir -p ./.github/workflows
cd ~/environment/amazon-eks-frontend/.github/workflows
cat > build.yaml <<EOF
name: Build Front
on:
push:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v2
- name: Check Node v
run: node -v
- name: Build front
run: |
npm install
npm run build
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: \${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: \${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: $AWS_REGION
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Get image tag(verion)
id: image
run: |
VERSION=\$(echo \${{ github.sha }} | cut -c1-8)
echo VERSION=\$VERSION
echo "::set-output name=version::\$VERSION"
- name: Build, tag, and push image to Amazon ECR
id: image-info
env:
ECR_REGISTRY: \${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: demo-frontend
IMAGE_TAG: \${{ steps.image.outputs.version }}
run: |
echo "::set-output name=ecr_repository::\$ECR_REPOSITORY"
echo "::set-output name=image_tag::\$IMAGE_TAG"
docker build -t \$ECR_REGISTRY/\$ECR_REPOSITORY:\$IMAGE_TAG .
docker push \$ECR_REGISTRY/\$ECR_REPOSITORY:\$IMAGE_TAG
EOF
cd ~/environment/amazon-eks-frontend
git add .
git commit -m "Add github action build script"
git push origin main7.GitHubAction 확인
GitHubAction으로 인해서 생성된 이미지가 ECR에 PUSH됨
※GitHubAction 오류발생 시 참조!! 최신버전의 nodejs(v18.15.0)에서 npm install 시 오류가 발생함 ▶ 잘되는 버전으로 다운그레이드 필요 !
Build Front를 수정하여 nodejs버전을 16.20.0으로 설치하여 진행하여 해결 ~
[Kustomize]
0.Kustomize란?
쿠버네티스 리소스(yaml파일)를 변경하지 않고 필드를 재정의하여 새로운 쿠버네티스 리소스를 생성하는 도구 1.kustomize 디렉토리 생성 및 yaml파일 이동
cd ~/environment
mkdir -p ./k8s-manifest-repo/base
mkdir -p ./k8s-manifest-repo/overlays/dev
cd ~/environment/manifests
cp *.yaml ../k8s-manifest-repo/base
cd ../k8s-manifest-repo/base
ls -rlt실습하면서 작성했던 yaml파일 모두 이동완료 ! !
2.kustomize를 통해 관리/변경 할 kubernets manifest 대상 정의
cd ~/environment/k8s-manifest-repo/base
cat <<EOF> kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- frontend-deployment.yaml
- frontend-service.yaml
EOF3.frontend-deployment.yaml 정의
cd ~/environment/k8s-manifest-repo/overlays/dev
cat <<EOF> front-deployment-patch.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-frontend
namespace: default
labels:
env: dev
spec:
selector:
matchLabels:
app: demo-frontend
template:
metadata:
labels:
app: demo-frontend
EOF4.frontend-service.yaml 정의
cd ~/environment/k8s-manifest-repo/overlays/dev
cat <<EOF> front-service-patch.yaml
apiVersion: v1
kind: Service
metadata:
name: demo-frontend
annotations:
alb.ingress.kubernetes.io/healthcheck-path: "/"
labels:
env: dev
spec:
selector:
app: demo-frontend
EOF5.kustomization.yaml 정의
cd ~/environment/k8s-manifest-repo/overlays/dev
cat <<EOF> kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: ${ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/dhkim-frontend
newName: ${ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/dhkim-frontend
newTag: abcdefg
resources:
- ../../base
patchesStrategicMerge:
- front-deployment-patch.yaml
- front-service-patch.yaml
EOF6.kubernetes menifest 용 github repo 생성 및 커밋
cd ~/environment/k8s-manifest-repo/
git init
git add .
git commit -m "first commit"
git branch -M main
git remote add origin https://github.com/$GITHUB_USERNAME/k8s-manifest-repo.git
git push -u origin main
[ArgoCD]
1.ArgoCD 설치 및 설정
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# Argocd cli 설치(선택사항)
cd ~/environment
VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argo-cd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
sudo curl --silent --location -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/$VERSION/argocd-linux-amd64
sudo chmod +x /usr/local/bin/argocd
eks클러스터에 argocd 네임스페이스 생성 및 설치
2.ArgoCD와 ELB연동
kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'
export ARGOCD_SERVER=`kubectl get svc argocd-server -n argocd -o json | jq --raw-output .status.loadBalancer.ingress[0].hostname`
echo $ARGOCD_SERVER
ARGO_PWD=`kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d`
echo $ARGO_PWD
URL : $ARGOCD_SERVER
username: admin
password: $ARGO_PWD
3.ArgoCD설정
NEWAPP 클릭
이름은 하고싶은대로~
레파지토리 주소는 kustomize이 설정된 깃주소로 설정
4.Kustomize 빌드
cd ~/environment/amazon-eks-frontend/.github/workflows
cat <<EOF>> build.yaml
- name: Setup Kustomize
uses: imranismail/setup-kustomize@v1
- name: Checkout kustomize repository
uses: actions/checkout@v2
with:
repository: $GITHUB_USERNAME/k8s-manifest-repo
ref: main
token: \${{ secrets.ACTION_TOKEN }}
path: k8s-manifest-repo
- name: Update Kubernetes resources
run: |
echo \${{ steps.login-ecr.outputs.registry }}
echo \${{ steps.image-info.outputs.ecr_repository }}
echo \${{ steps.image-info.outputs.image_tag }}
cd k8s-manifest-repo/overlays/dev/
kustomize edit set image \${{ steps.login-ecr.outputs.registry}}/\${{ steps.image-info.outputs.ecr_repository }}=\${{ steps.login-ecr.outputs.registry}}/\${{ steps.image-info.outputs.ecr_repository }}:\${{ steps.image-info.outputs.image_tag }}
cat kustomization.yaml
- name: Commit files
run: |
cd k8s-manifest-repo
git config --global user.email "github-actions@github.com"
git config --global user.name "github-actions"
git commit -am "Update image tag"
git push -u origin main
EOFcd ~/environment/amazon-eks-frontend
git add .
git commit -m "Add kustomize image edit"
git push -u origin maingithubaction 정상 확인 ~
4.ArgoCD확인
Applications > dhkimeks-cd-pipeline 으로 이동 하여 확인 해보면 CURRENT SYNC STATUS의 값이 Out of Synced임
git repository 가 변경되면 자동으로 sync 작업이 수행 하도록 하려면 Auto-Sync 를 활성화 필요 이를 위해 APP DETAILS 로 이동 하여 ENABLE AUTO-SYNC 버튼을 눌러 활성화
pod 를 클릭하여 정상 배포 확인
k8s-manifest-repo 의 commit 이 발생할때 마다 ArgoCD가 이를 eks 클러스터에 자동 배포
[CI/CD 파이프라인 구성 확인]
1.프론트엔드 App.js 변경
title이름변경 완
amazon-eks-frontend/src/App.js 변경 후 커밋
cd ~/environment/amazon-eks-frontend
git add .
git commit -m "Add new blog version"
git push -u origin main2.파이프라인 동작확인
소스 commit/push -> githubAction -> AWS ECR -> ArgoCD 순서대로 동작 확인파이프라인 동작확인 완료
