배경
서비스가 복잡해지면서 CICD의 중요성을 느꼈다
로컬에서만 프로젝트를 할 때는 깃허브 하나 만으로 코드를 수정하고 테스트 해보면 끝이지만 k8s환경이나 EKS 환경에서는 CI/CD가 필수적이다
프로젝트를 하면서 CI를 점점 다양하게 적용해보았는데 백업을 위해 정리하기로 했다
- 서비스 흐름도
- k8s환경
- EKS 환경
각각의 Repository Secret에
DOCKERHUB_USERNAME
,DOCKERHUB_TOKEN
값을 등록해두기
name: webrtc-eyestalk-back
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
-
name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: roheejae/eyestalk-front
tag-semver: |
{{version}}
{{major}}.{{minor}}
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
platforms: linux/amd64
push: true
tags: roheejae/eyestalk-front:${{ steps.tag_version.outputs.new_tag }}
name: eyestalk-spring
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
-
name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: roheejae/eyestalk-spring
tag-semver: |
{{version}}
{{major}}.{{minor}}
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
platforms: linux/amd64
push: true
tags: roheejae/eyestalk-spring:${{ steps.tag_version.outputs.new_tag }}
name: webrtc-eyestalk-back
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
-
name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: roheejae/eyestalk-back
tag-semver: |
{{version}}
{{major}}.{{minor}}
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
platforms: linux/amd64
push: true
tags: roheejae/eyestalk-back:${{ steps.tag_version.outputs.new_tag }}
도커허브에 제대로 이미지가 push 된것을 알 수 있다
GithubAction을 처음 접해보면서 언어에 따른 Yaml설정이 달라졌었다. 하지만 어떤 언어든 보편적으로 사용할 수 있도록 시행착오 끝에 위의 코드로 정리됨!
가장 중요하게 여겼던 점은 이미지 태그의 숫자가 자동 증가 하는가였다
mathieudutour/github-tag-action@v5.5
가 크게 도움이 되었다
프로젝트 환경이 EKS로 바뀌면서 이미지 저장소를 ECR로 변경하게 되었다. 저번 Nexus실패로 ECR자체가 Private Repository인데 괜찮을까? 걱정이 되었지만 DockerHub와 같은 인증수단이 있기 때문에 가능했다
CI 코드를 수정하기 전에 ECR에서 이미지 저장소를 미리 만들어야 한다. 해당 저장소를 경로로 넣기 때문.
DockerHub때 했었던 secret 키를 변경한다.
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
를 등록하기
name: eyestalk-beta-test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: image-info
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: eyestalk-react
IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
name: eyestalk-beta-test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: image-info
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: eyestalk-python
IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
name: eyestalk-beta-test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: image-info
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: eyestalk-spring
IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
ECR에 제대로 push된것을 알 수 있다
ArgoCD를 만약 같이 한다면 위의 yaml코드가 달라진다
위의 코드는mathieudutour/github-tag-action@v5.5
에 의해 자동으로 태그가 증가하면서 GithubToken을 자동생성된다.
따로 GithubToken을 등록할 필요가 없었음.
하지만 CI/CD를 하기위해서는 manifest의 이미지 동기화가 필요하다 .
즉 Dev코드가 push되어 이미지가 버전 업데이트하면 manifest에 박혀있는 이미지도 똑같이 버전을 맞춰줘야 한다.
이때 사용되는게 Manifest이다
이미 정리한 내용이니 참고
https://velog.io/@jupiter-j/프로젝트-진행-EKS에-CICD-pipeline-ArgoCD적용하기
name: eyestalk-beta-test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: image-info
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: eyestalk-react
IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Checkout for Kustomize repository
uses: actions/checkout@v2
with:
# kubernetes yaml 파일 저장
repository: muji-StudyRoom/eyestalk-manifest # k8s yaml 파일이 있는 repo
ref: main # branch 이름
# 내 repository에 push 하기 위한 Personal Access Token이 필요
token: ${{ secrets.PAT }} # Github Action token을 발급받아서 repo secrect에 등록해줘야한다
path: eyestalk-manifest # 최상위 경로로 repository와 동일하게 설정
# 새 이미지 버전으로 파일의 태그값 수정
# cd path 수정
# kustomize로 image tag 값 변경
- name: Update Kubernetes resources
run: |
pwd
cd eyestalk-manifest/overlays/prd/
kustomize edit set image ${{ steps.login-ecr.outputs.registry }}/eyestalk-react=${{ steps.login-ecr.outputs.registry }}/eyestalk-react:${{ steps.tag_version.outputs.new_tag }}
cat kustomization.yaml
# 수정된 kustomization.yaml 파일 commit push
- name: Commit manifest files
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
run: |
cd eyestalk-manifest
git config --global user.email "namju2912@gmail.com"
git config --global user.name "Jupiter-J"
git config --global github.token ${{ secrets.PAT }}
git commit -am "Update image tag ${{ steps.tag_version.outputs.new_tag }}"
git push -u origin main
name: eyestalk-beta-test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: image-info
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: eyestalk-spring
IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Checkout for Kustomize repository
uses: actions/checkout@v2
with:
# kubernetes yaml 파일 저장
repository: muji-StudyRoom/eyestalk-manifest # k8s yaml 파일이 있는 repo
ref: main # branch 이름
# 내 repository에 push 하기 위한 Personal Access Token이 필요
token: ${{ secrets.PAT }} # Github Action token을 발급받아서 repo secrect에 등록해줘야한다
path: eyestalk-manifest # 최상위 경로로 repository와 동일하게 설정
# 새 이미지 버전으로 파일의 태그값 수정
# cd path 수정
# kustomize로 image tag 값 변경
- name: Update Kubernetes resources
run: |
pwd
cd eyestalk-manifest/overlays/prd/
kustomize edit set image ${{ steps.login-ecr.outputs.registry }}/eyestalk-spring=${{ steps.login-ecr.outputs.registry }}/eyestalk-spring:${{ steps.tag_version.outputs.new_tag }}
cat kustomization.yaml
# 수정된 kustomization.yaml 파일 commit push
- name: Commit manifest files
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
run: |
cd eyestalk-manifest
git config --global user.email "namju2912@gmail.com"
git config --global user.name "Jupiter-J"
git config --global github.token ${{ secrets.PAT }}
git commit -am "Update image tag ${{ steps.tag_version.outputs.new_tag }}"
git push -u origin main
name: eyestalk-beta-test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: image-info
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: eyestalk-python
IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Checkout for Kustomize repository
uses: actions/checkout@v2
with:
# kubernetes yaml 파일 저장
repository: muji-StudyRoom/eyestalk-manifest # k8s yaml 파일이 있는 repo
ref: main # branch 이름
# 내 repository에 push 하기 위한 Personal Access Token이 필요
token: ${{ secrets.PAT }} # Github Action token을 발급받아서 repo secrect에 등록해줘야한다
path: eyestalk-manifest # 최상위 경로로 repository와 동일하게 설정
# 새 이미지 버전으로 파일의 태그값 수정
# cd path 수정
# kustomize로 image tag 값 변경
- name: Update Kubernetes resources
run: |
pwd
cd eyestalk-manifest/overlays/prd/
kustomize edit set image ${{ steps.login-ecr.outputs.registry }}/eyestalk-python=${{ steps.login-ecr.outputs.registry }}/eyestalk-python:${{ steps.tag_version.outputs.new_tag }}
cat kustomization.yaml
# 수정된 kustomization.yaml 파일 commit push
- name: Commit manifest files
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
run: |
cd eyestalk-manifest
git config --global user.email "namju2912@gmail.com"
git config --global user.name "Jupiter-J"
git config --global github.token ${{ secrets.PAT }}
git commit -am "Update image tag ${{ steps.tag_version.outputs.new_tag }}"
git push -u origin main
토큰이 자동 생성되는 부분에 본인의 토큰을 넣으면 된다
성공하게되면 manifest의 레파지토리와 현재 레파지토리의 이미지 태그가 동기화 된것을 확인 할 수 있다