배경
서비스가 복잡해지면서 CICD의 중요성을 느꼈다
로컬에서만 프로젝트를 할 때는 깃허브 하나 만으로 코드를 수정하고 테스트 해보면 끝이지만 k8s환경이나 EKS 환경에서는 CI/CD가 필수적이다
프로젝트를 하면서 CI를 점점 다양하게 적용해보았는데 백업을 위해 정리하기로 했다
- 서비스 흐름도
- k8s환경
- EKS 환경
1. Github Action으로 DockerHub에 CI하기
각각의 Repository Secret에
DOCKERHUB_USERNAME,DOCKERHUB_TOKEN값을 등록해두기
react
name: webrtc-eyestalk-back
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
-
name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: roheejae/eyestalk-front
tag-semver: |
{{version}}
{{major}}.{{minor}}
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
platforms: linux/amd64
push: true
tags: roheejae/eyestalk-front:${{ steps.tag_version.outputs.new_tag }}spring
name: eyestalk-spring
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
-
name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: roheejae/eyestalk-spring
tag-semver: |
{{version}}
{{major}}.{{minor}}
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
platforms: linux/amd64
push: true
tags: roheejae/eyestalk-spring:${{ steps.tag_version.outputs.new_tag }}python
name: webrtc-eyestalk-back
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
-
name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: roheejae/eyestalk-back
tag-semver: |
{{version}}
{{major}}.{{minor}}
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
platforms: linux/amd64
push: true
tags: roheejae/eyestalk-back:${{ steps.tag_version.outputs.new_tag }}
확인
도커허브에 제대로 이미지가 push 된것을 알 수 있다
GithubAction을 처음 접해보면서 언어에 따른 Yaml설정이 달라졌었다. 하지만 어떤 언어든 보편적으로 사용할 수 있도록 시행착오 끝에 위의 코드로 정리됨!
가장 중요하게 여겼던 점은 이미지 태그의 숫자가 자동 증가 하는가였다
mathieudutour/github-tag-action@v5.5가 크게 도움이 되었다
2. Github Action으로 EKS-ECR에 CI하기
프로젝트 환경이 EKS로 바뀌면서 이미지 저장소를 ECR로 변경하게 되었다. 저번 Nexus실패로 ECR자체가 Private Repository인데 괜찮을까? 걱정이 되었지만 DockerHub와 같은 인증수단이 있기 때문에 가능했다
ECR- Private Repository 만들기
CI 코드를 수정하기 전에 ECR에서 이미지 저장소를 미리 만들어야 한다. 해당 저장소를 경로로 넣기 때문.
DockerHub때 했었던 secret 키를 변경한다.
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY를 등록하기
Eyestalk-react
name: eyestalk-beta-test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: image-info
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: eyestalk-react
IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAGEyestalk-python
name: eyestalk-beta-test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: image-info
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: eyestalk-python
IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAGEyestalk - Spring
name: eyestalk-beta-test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: image-info
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: eyestalk-spring
IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG확인
ECR에 제대로 push된것을 알 수 있다
2-2. Github Action으로 EKS-ECR에 CICD하기
ArgoCD를 만약 같이 한다면 위의 yaml코드가 달라진다
위의 코드는mathieudutour/github-tag-action@v5.5에 의해 자동으로 태그가 증가하면서 GithubToken을 자동생성된다.
따로 GithubToken을 등록할 필요가 없었음.
하지만 CI/CD를 하기위해서는 manifest의 이미지 동기화가 필요하다 .
즉 Dev코드가 push되어 이미지가 버전 업데이트하면 manifest에 박혀있는 이미지도 똑같이 버전을 맞춰줘야 한다.
이때 사용되는게 Manifest이다
선행조건
- manifest 코드가 완성이 되었다면 레파지토리를 생성하여 넣을것
- 해당 레파지토리와 GithubAction이 있는 레파지토리 둘다 GithubToken을 등록한다
이미 정리한 내용이니 참고
https://velog.io/@jupiter-j/프로젝트-진행-EKS에-CICD-pipeline-ArgoCD적용하기
React
name: eyestalk-beta-test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: image-info
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: eyestalk-react
IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Checkout for Kustomize repository
uses: actions/checkout@v2
with:
# kubernetes yaml 파일 저장
repository: muji-StudyRoom/eyestalk-manifest # k8s yaml 파일이 있는 repo
ref: main # branch 이름
# 내 repository에 push 하기 위한 Personal Access Token이 필요
token: ${{ secrets.PAT }} # Github Action token을 발급받아서 repo secrect에 등록해줘야한다
path: eyestalk-manifest # 최상위 경로로 repository와 동일하게 설정
# 새 이미지 버전으로 파일의 태그값 수정
# cd path 수정
# kustomize로 image tag 값 변경
- name: Update Kubernetes resources
run: |
pwd
cd eyestalk-manifest/overlays/prd/
kustomize edit set image ${{ steps.login-ecr.outputs.registry }}/eyestalk-react=${{ steps.login-ecr.outputs.registry }}/eyestalk-react:${{ steps.tag_version.outputs.new_tag }}
cat kustomization.yaml
# 수정된 kustomization.yaml 파일 commit push
- name: Commit manifest files
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
run: |
cd eyestalk-manifest
git config --global user.email "namju2912@gmail.com"
git config --global user.name "Jupiter-J"
git config --global github.token ${{ secrets.PAT }}
git commit -am "Update image tag ${{ steps.tag_version.outputs.new_tag }}"
git push -u origin mainSpring
name: eyestalk-beta-test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: image-info
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: eyestalk-spring
IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Checkout for Kustomize repository
uses: actions/checkout@v2
with:
# kubernetes yaml 파일 저장
repository: muji-StudyRoom/eyestalk-manifest # k8s yaml 파일이 있는 repo
ref: main # branch 이름
# 내 repository에 push 하기 위한 Personal Access Token이 필요
token: ${{ secrets.PAT }} # Github Action token을 발급받아서 repo secrect에 등록해줘야한다
path: eyestalk-manifest # 최상위 경로로 repository와 동일하게 설정
# 새 이미지 버전으로 파일의 태그값 수정
# cd path 수정
# kustomize로 image tag 값 변경
- name: Update Kubernetes resources
run: |
pwd
cd eyestalk-manifest/overlays/prd/
kustomize edit set image ${{ steps.login-ecr.outputs.registry }}/eyestalk-spring=${{ steps.login-ecr.outputs.registry }}/eyestalk-spring:${{ steps.tag_version.outputs.new_tag }}
cat kustomization.yaml
# 수정된 kustomization.yaml 파일 commit push
- name: Commit manifest files
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
run: |
cd eyestalk-manifest
git config --global user.email "namju2912@gmail.com"
git config --global user.name "Jupiter-J"
git config --global github.token ${{ secrets.PAT }}
git commit -am "Update image tag ${{ steps.tag_version.outputs.new_tag }}"
git push -u origin mainpython
name: eyestalk-beta-test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
with:
github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN는 자동생성됨
- name: Create a GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: image-info
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: eyestalk-python
IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Checkout for Kustomize repository
uses: actions/checkout@v2
with:
# kubernetes yaml 파일 저장
repository: muji-StudyRoom/eyestalk-manifest # k8s yaml 파일이 있는 repo
ref: main # branch 이름
# 내 repository에 push 하기 위한 Personal Access Token이 필요
token: ${{ secrets.PAT }} # Github Action token을 발급받아서 repo secrect에 등록해줘야한다
path: eyestalk-manifest # 최상위 경로로 repository와 동일하게 설정
# 새 이미지 버전으로 파일의 태그값 수정
# cd path 수정
# kustomize로 image tag 값 변경
- name: Update Kubernetes resources
run: |
pwd
cd eyestalk-manifest/overlays/prd/
kustomize edit set image ${{ steps.login-ecr.outputs.registry }}/eyestalk-python=${{ steps.login-ecr.outputs.registry }}/eyestalk-python:${{ steps.tag_version.outputs.new_tag }}
cat kustomization.yaml
# 수정된 kustomization.yaml 파일 commit push
- name: Commit manifest files
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
run: |
cd eyestalk-manifest
git config --global user.email "namju2912@gmail.com"
git config --global user.name "Jupiter-J"
git config --global github.token ${{ secrets.PAT }}
git commit -am "Update image tag ${{ steps.tag_version.outputs.new_tag }}"
git push -u origin main토큰이 자동 생성되는 부분에 본인의 토큰을 넣으면 된다
성공하게되면 manifest의 레파지토리와 현재 레파지토리의 이미지 태그가 동기화 된것을 확인 할 수 있다
개발기록