docker, k8s, git actions

1. SpringBoot 프로젝트에 Docker 생성

FROM openjdk:17-jdk-slim
COPY ./build/libs/*-SNAPSHOT.jar app.jar

ENTRYPOINT ["java", "-jar", "app.jar"]

docker build -t seungjusuh/cash-service:latest .

docker push seungjusuh/cash-service

2. GitHub에 `.github/workflows/deploy.yml` 생성

name: deploy

on:
  push:
    branches: [ "dev" ]
  pull_request:
    branches: [ "dev" ]

jobs:
  build:

    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
    - uses: actions/checkout@v4
    - name: Set up JDK 17
      uses: actions/setup-java@v4
      with:
        java-version: '17'
        distribution: 'temurin'
        server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
        settings-path: ${{ github.workspace }} # location for the settings.xml file

    - name: Setup Gradle
      uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0

    - name: Build with Gradle
      run: ./gradlew bootJar

    - name: Build the Docker image
      run: docker build . --file Dockerfile --tag ${{secrets.DOCKER_USERNAME}}/${{secrets.DOCKER_REPO}}:latest
    
    - name: Docker Login
      uses: docker/[email protected]
      with:
        username: ${{secrets.DOCKER_USERNAME}}
        password: ${{secrets.DOCKER_PASSWORD}}

    - name: Docker Push
      run: docker push ${{secrets.DOCKER_USERNAME}}/${{secrets.DOCKER_REPO}}:latest

    # - name: SSH Remote Commands
    #   uses: appleboy/[email protected]
    #   with:
    #     host: ${{ secrets.HOST }}
    #     username: ${{ secrets.USERNAME }}
    #     key: ${{ secrets.PASSWORD }}
    #     script: ${{ secrets.SCRIPT }}

Secret Key 등록

스크린샷 2024-11-29 오후 2.43.47.png

3. Helm 레포지토리 생성 후 프로젝트 생성

helm create item → cd item/charts → helm create mysql + helm create item-service

스크린샷 2024-11-29 오후 2.46.24.png

# mysql-secret.yaml -> Base64로 인코딩
apiVersion: v1
kind: Secret
metadata:
  name: mysql-secret
type: Opaque
data:
  MYSQL_ROOT_PASSWORD: cGxhbnRpZnk=
  MYSQL_DATABASE: aXRlbS1kYg==
  SPRING_DATASOURCE_URL: amRiYzpteXNxbDovL2Nhc2gtbXlzcWw6MzMwNi9jYXNoLWRi
  SPRING_DATASOURCE_PASSWORD: cGxhbnRpZnk=
  JASYPT_PASSWORD: SEtUT1NTUExBTlRJRlk=

kubectl apply -f mysql-secret.yml

↓↓ 설정하는 yaml 파일은 다른 설정은 수정 X ↓↓

item-service

# deployment.yaml
env:
  {{- range .Values.env }}
  - name: {{ .name }}
    {{- if .valueFrom }}
    valueFrom:
      secretKeyRef:
        name: {{ .valueFrom.secretKeyRef.name }}
        key: {{ .valueFrom.secretKeyRef.key }}
    {{- else }}
    value: {{ .value }}
    {{- end }}
  {{- end }}

# values.yaml
image:
  repository: seungjusuh/item-service
  pullPolicy: Always
  tag: "latest"
  
service:
  type: NodePort
  port: 8080

volumes:
  - name: mysql-secret-volume
    secret:
      secretName: mysql-secret

volumeMounts:
  - name: mysql-secret-volume
    mountPath: /etc/secrets
    readOnly: true

env:
  - name: SPRING_DATASOURCE_URL
    valueFrom:
      secretKeyRef:
        name: mysql-secret
        key: SPRING_DATASOURCE_URL
  - name: SPRING_DATASOURCE_PASSWORD
    valueFrom:
      secretKeyRef:
        name: mysql-secret
        key: SPRING_DATASOURCE_PASSWORD
  - name: JASYPT_PASSWORD
    valueFrom:
      secretKeyRef:
        name: mysql-secret
        key: JASYPT_PASSWORD

Mysql