Kubernetes5_2024_03_08

클러스터 생성 후 노드(EC2) 생성 시 자동으로 Auto Scaling 그룹이 생성된다.

 

---

Ordering 서비스 배포(Pod 생성 X, 이미지 생성만 확인)

 

order-backend-deploy.yml

name: deploy order order-backend

on:
  push:
    branches:
      - main

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: checkout github
        uses: actions/checkout@v2

      - name: install kubectl
        uses: azure/setup-kubectl@v3
        with:
          version: "v1.25.9"
        id: install

      - name: configure aws #aws configure 팀 키값
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ap-northeast-2

      - name: update cluster information
        run: aws eks update-kubeconfig --name 6team-cluster --region ap-northeast-2
        
      - name: Login to ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - name: build and push docker image to ecr
        env:
          REGISTRY: 346903264902.dkr.ecr.ap-northeast-2.amazonaws.com
          REPOSITORY: team6-order
          IMAGE_TAG: latest
        run: |
          docker build \
          -t $REGISTRY/$REPOSITORY:$IMAGE_TAG \
          -f ./ordering/Dockerfile ./ordering
          docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG

      # - name: eks kubectl apply
      #   run: |
      #     kubectl apply -f ./ordering/k8s/order-backend-depl-serv.yml
      #     kubectl rollout restart deployment jang-order-backend

 

git add .

git commit -m " backend-dev-update "

git push origin main

 

 

---

kubenetes secret 적용

DB 데이터 암호화를 위해 kubectl create secret 진행

depl에 env 부분에서 kube secret을 불러서 사용.

 

order-backend-depl-serv.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: jang-order-backend
spec:
  replicas: 2
  selector:
    matchLabels:
      app: jang-order-backend
  template:
    metadata:
      labels:
        app: jang-order-backend
    spec:
      containers:
      - name: order-backend
        image: 346903264902.dkr.ecr.ap-northeast-2.amazonaws.com/team6-order # ecr 주소
        ports:
        - containerPort: 80
        resources:
        # 컨테이너(파드)가 사용할 수 있는 리소스의 최대치
          limits:
            cpu: "1"
            memory: "500Mi"
        # 컨테이너(파드)가 시작될 때 보장받아야 하는 최소 자원
          requests:
            cpu: "0.5"
            memory: "250Mi"
        ⭐env:
          DB_HOST:
          DB_USERNAME:
          DB_PASSWORD:
---
apiVersion: v1
kind: Service
metadata:
  name: jang-order-backend-service
spec:
# ClusterIP는 클러스터 내부에서만 접근가능한 Service를 생성
  type: ClusterIP
  ports:
  - name: http
    port: 80
    targetPort: 80
  selector:
    app: jang-order-backend

 

 

kubectl create secret

kubectl create secret generic db-infos --from-literal=DB_HOST= my-db.c56o88ycqdyj.us-east-1.rds.amazonaws.com --from-literal=DB_USERNAME=admin --from-literal=DB_PASSWORD=gksghk12!

 

secrets 상세조회

kubectl get secrets db-infos -o yaml

 

secret 정보 확인 가능

cluster - 리소스 - 구성 및 보안 암호 - 보안 정보

---

Ordering 서비스 Pod 생성 및 배포

order-backend-deploy.yml

eks kubectl apply 부분 주석해제

 

 

git add .

git commit -m " backend-make-pod  "

git push origin main

pods 생성확인

 

kubectl logs 확인

select member 확인

 

---

⭐배포 과정

순서

1. depl, service 정의

2. ingress-controller 생성

3. ingress 적용

4. 인증서 작업

5. route53에 로드밸런서 dns 주소 cname 등록

 

Spring 실행 port와 pod port가 맞아야함

 

kubectl logs

 

order-backend-depl-serv.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: jang-order-backend
spec:
  replicas: 2
  selector:
    matchLabels:
      app: jang-order-backend
  template:
    metadata:
      labels:
        app: jang-order-backend
    spec:
      containers:
      - name: order-backend
        image: 346903264902.dkr.ecr.ap-northeast-2.amazonaws.com/team6-order:latest # ecr 주소
        ports:
        - containerPort: 8080⭐
        resources:
        # container가 사용할 수 있는 리소스의 최대치
          limits:
            cpu: "1"
            memory: "500Mi"
        # container가 시작될때 보장받아야 하는 최소 자원
          requests:
            cpu: "0.5"
            memory: "250Mi"
        # 런타임이라 db주입, github에 sercrets key에서 넣어주는게 아니라
        # 비밀번호를 내장 저장해서 사용한다.
        env:
        - name: DB_HOST 
          valueFrom:
            secretKeyRef: 
              name: db-infos
              key: DB_HOST
        - name: DB_USERNAME
          valueFrom:
            secretKeyRef: 
              name: db-infos
              key: DB_USERNAME
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef: 
              name: db-infos
              key: DB_PASSWORD


---
apiVersion: v1
kind: Service
metadata:
  name: jang-order-backend-service
spec:
# ClusterIP는 클러스터 내부에서만 접근가능한 Service를 생성
  type: ClusterIP
  ports:
  - name: http
    port: 80
    ⭐targetPort: 8080
  selector:
    app: jang-order-backend

 

ingress 실행

 

ingress ADDRESS 확인

 

ingress ADDRESS로 로드밸런서 검색 및 로드밸런서 DNS 이름 확인

 

Route53에 로드밸런서 DNS 이름 설정

(해주어야 Certificate 인증완료)

 

ingress_cert.yml 인증

kubectl apply -f .\ingress_cert.yml

 

certificate READY-True 확인

kubectl get certificate

 

배포 검증 테스트

https://server.greatjang.shop/jang/items/

 

주의사항

ingress.yml - name 과

order-backend-depl-serv.yml - name이 똑같이 맞아야 한다.

아니면 503 error