실습 4탄 = 3/17
0
순서?
소스 빌드
ECR 생성
소스를 ECR에 올리기
배치 컨테이너 job실행
컨테이너 환경변수에 대해 s3로부터 다운로드(정책 다운로드)
크론잡 5분마다 실행
싱가포르 리전에 구축
ec2에 로그인하여 작업
1
소스 빌드
cd $HOME/k8s-aws-book/batch-app/
./gradlew clean build
(10분)
2
컨테이너 이미지 생성 (참고)
Corretto는 Amazon의 장기적인 지원을 받는 OpenJDK(Open Java Development Kit) 바이너리 배포판
https://hub.docker.com/_/amazoncorretto
3
이미지 생성을 위해 도커 허브 ID가 있어야 한다.
도커 허브 id
MyID=masterseo11
echo $MyID
docker build -t $MyID/batch-app:1.0.0 --build-arg JAR_FILE=build/libs/batch-app-1.0.0.jar .
4
docker images
docker login
1
배치용 ECR 생성
aws ecr create-repository --repository-name k8sbook/batch-app --image-scanning-configuration scanOnPush=true --region $AWS_REGION
aws ecr describe-repositories
2
ACCOUNT_ID=`aws sts get-caller-identity --query 'Account' --output text`
echo $ACCOUNT_ID
3
태그 달기
docker tag $MyID/batch-app:1.0.0 $ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/k8sbook/batch-app:1.0.0
4
tag 확인
docker images
1
ecr로 push
docker push $ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/k8sbook/batch-app:1.0.0
2
확인
aws ecr list-images --repository-name k8sbook/batch-app --output text
aws ecr describe-images --repository-name k8sbook/batch-app
3
웹 콘솔로 ECR가서 확인한다.
1
버킷 생성?
S3suffix=masterseo-batch-s3
2
배포
싱가포르 리전 사용
sed -i 's/ap-northeast-2/ap-southeast-1/g' $HOME/k8s-aws-book/eks-env/40_s3_batch_cfn.yaml
aws cloudformation deploy --template-file $HOME/k8s-aws-book/eks-env/40_s3_batch_cfn.yaml --stack-name eks-work-batch --parameter-overrides BucketSuffix=$S3suffix --capabilities CAPABILITY_NAMED_IAM
(10분 소요)
3
확인
aws s3 ls
aws s3api list-buckets
aws s3api get-bucket-policy --bucket eks-work-batch-$S3suffix
4
aws iam list-users
5
파라미터 스토어 확인
aws ssm get-parameters --names "BatchUserAccessKey" "BatchUserSecretAccessKey" --query "Parameters[*].{Name:Name,Value:Value}"
1
배치 설정값을 컨피그 맵에 저장
- s3이름과 s3 디렉토리 이름 보관
싱가포르 사용
sed -i 's/ap-northeast-2/ap-southeast-1/g' $HOME/k8s-aws-book/eks-env/41_config_map_batch_k8s.yaml.template
BUCKET_SUFFIX=$S3suffix envsubst < $HOME/k8s-aws-book/eks-env/41_config_map_batch_k8s.yaml.template | kubectl apply -f -
2
kubectl get configmaps
NAME DATA AGE
batch-app-config 4 34h
kube-root-ca.crt 1 34h
3
kubectl describe configmaps batch-app-config
1
배치에서는 S3에서 파일을 가져옴.
s3에서 특정 iam 사용자만 접속가능하게 설정 필요로 인증 필요.
2
변수 등록
IAM_BU_ACCESSKEY=`aws ssm get-parameters --names "BatchUserAccessKey" "BatchUserSecretAccessKey" --query "Parameters[0].Value" --output text`
IAM_BU_SECRETKEY=`aws ssm get-parameters --names "BatchUserAccessKey" "BatchUserSecretAccessKey" --query "Parameters[1].Value" --output text`
echo $IAM_BU_ACCESSKEY
echo $IAM_BU_SECRETKEY
none
3
생성
AWS_ACCESSKEY=$IAM_BU_ACCESSKEY AWS_SECRETKEY=$IAM_BU_SECRETKEY envsubst < $HOME/k8s-aws-book/eks-env/42_batch_secrets_k8s.yaml.template | kubectl apply -f -
4
확인
kubectl get secret
NAME TYPE DATA AGE batch-secret-config
Opaque 2 34h db-config Opaque 3 34h
default-token-4jxpg kubernetes.io/service-account-token 3 35h
5
kubectl get secrets batch-secret-config -o json
1
aws s3 sync $HOME/k8s-aws-book/batch-app/sample_data/normal s3://eks-work-batch-$S3suffix/locationData --delete --include "*" --acl public-read
1
RDSEP=`aws cloudformation describe-stacks --stack-name eks-work-rds --query 'Stacks[*].Outputs[0].OutputValue' --output text`
echo $RDSEP
AppDbPw=`aws secretsmanager get-secret-value --secret-id RdsUserSecret | jq --raw-output .SecretString | jq -r ."password"`
echo $AppDbPw
2
db 확인
PGPASSWORD=$AppDbPw psql -U mywork -h $RDSEP myworkdb -c 'SELECT * FROM location;'
while true; do PGPASSWORD=$AppDbPw psql -U mywork -h $RDSEP myworkdb -c 'SELECT * FROM location;'; date "+%Y-%m-%d %H:%M:%S" ; sleep 1; done
3
s3 버킷 확인
aws s3 ls s3://eks-work-batch-$S3suffix/locationData/
2021-08-24 07:12:36 122 sample_location1.csv
2021-08-24 07:12:36 92 sample_location2.csv
while true; do aws s3 ls s3://eks-work-batch-$S3suffix/locationData/; date "+%Y-%m-%d %H:%M:%S" ; sleep 1; done
1
ECR_HOST=$ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com envsubst < $HOME/k8s-aws-book/eks-env/43_cronjob_k8s.yaml.template | kubectl apply -f -
2
확인
크론잡 실행 > pod 생성 > 데이터베이스에 행 추가
while true; do PGPASSWORD=$AppDbPw psql -U mywork -h $RDSEP myworkdb -c 'SELECT * FROM location;'; date "+%Y-%m-%d %H:%M:%S" ; sleep 1; done
while true; do aws s3 ls s3://eks-work-batch-$S3suffix/locationData/; date "+%Y-%m-%d %H:%M:%S" ; sleep 1; done
1
watch -d kubectl get pod,cronjob
2
mkdir /tmp/sample
3
cat <<EOT> /tmp/sample/sample_location3.csv
aaa , xxxx
bbb , xxxx
EOT
cat /tmp/sample/sample_location3.csv
4
s3 업로드
aws s3 sync /tmp/sample s3://eks-work-batch-$S3suffix/locationData --delete --include "*" --acl public-read
5
확인
db 확인
PGPASSWORD=$AppDbPw psql -U mywork -h $RDSEP myworkdb -c 'SELECT * FROM location;'
while true; do PGPASSWORD=$AppDbPw psql -U mywork -h $RDSEP myworkdb -c 'SELECT * FROM location;'; date "+%Y-%m-%d %H:%M:%S" ; sleep 1; done
2줄 추가됨!!!
https://brunch.co.kr/@topasvga/1866
감사합니다.