EKS/Jenkins & ArgoCD
EKS CICD Automation - 3. Jenkins Pipeline (Rolling)
Camouflage129
2020. 2. 6. 16:36
이제 모든 준비가 끝났습니다.
그저 젠킨스 파이프라인 코드만 잘 작성해주시면 됩니다.
저는 스크립트에서 아래와 같은 변수들을 젠킨스에서 선언하고 사용합니다.
스크립트는 아래와 같습니다.
pipeline {
agent any
stages {
stage('Git Clone') {
steps {
script {
try {
git url: "https://$GIT_URL", branch: "master", credentialsId: "$GIT_CREDENTIALS_ID"
sh "sudo rm -rf ./.git"
env.cloneResult=true
} catch (error) {
print(error)
env.cloneResult=false
currentBuild.result = 'FAILURE'
}
}
}
}
stage('Build JAR') {
when {
expression {
return env.cloneResult ==~ /(?i)(Y|YES|T|TRUE|ON|RUN)/
}
}
steps {
script{
try {
sh """
rm -rf deploy
mkdir deploy
"""
sh "sudo sed -i \"s/module_name=.*/module_name=${env.JOB_NAME}\\:${env.BUILD_NUMBER}/g\" /var/lib/jenkins/workspace/${env.JOB_NAME}/src/main/resources/application.properties"
sh "cat /var/lib/jenkins/workspace/${env.JOB_NAME}/src/main/resources/application.properties"
sh 'mvn -Dmaven.test.failure.ignore=true clean install'
sh """
cd deploy
cp /var/lib/jenkins/workspace/${env.JOB_NAME}/target/*.jar ./${env.JOB_NAME}.jar
"""
env.mavenBuildResult=true
} catch (error) {
print(error)
echo 'Remove Deploy Files'
sh "sudo rm -rf /var/lib/jenkins/workspace/${env.JOB_NAME}/*"
env.mavenBuildResult=false
currentBuild.result = 'FAILURE'
}
}
}
post {
success {
slackSend channel: '#pipeline-deploy', color: 'good', message: "The pipeline ${currentBuild.fullDisplayName} stage Build JAR successfully."
}
failure {
slackSend channel: '#pipeline-deploy', color: 'danger', message: "The pipeline ${currentBuild.fullDisplayName} stage Build JAR failed."
}
}
}
stage('Docker Build'){
when {
expression {
return env.mavenBuildResult ==~ /(?i)(Y|YES|T|TRUE|ON|RUN)/
}
}
steps {
script{
try {
sh"""
#!/bin/bash
cd ./deploy
cat>Dockerfile<<-EOF
FROM ${ECR_BASE_URL}:latest
ADD ${env.JOB_NAME}.jar /home/${env.JOB_NAME}.jar
CMD nohup java -jar /home/${env.JOB_NAME}.jar 1> /dev/null 2>&1
EXPOSE 9000
EOF"""
sh"""
cd ./deploy
\$(aws ecr get-login --no-include-email --region ap-northeast-2)
docker build -t ${env.JOB_NAME.toLowerCase()} .
docker tag ${env.JOB_NAME.toLowerCase()}:latest ${ECR_TASK_URL}:ver${env.BUILD_NUMBER}
docker push ${ECR_TASK_URL}:ver${env.BUILD_NUMBER}
"""
echo 'Remove Deploy Files'
sh "sudo rm -rf /var/lib/jenkins/workspace/${env.JOB_NAME}/*"
env.dockerBuildResult=true
} catch (error) {
print(error)
echo 'Remove Deploy Files'
sh "sudo rm -rf /var/lib/jenkins/workspace/${env.JOB_NAME}/*"
env.dockerBuildResult=false
currentBuild.result = 'FAILURE'
}
}
}
post {
success {
slackSend channel: '#jenkins', color: 'good', message: "The pipeline ${currentBuild.fullDisplayName} stage Docker Build successfully."
}
failure {
slackSend channel: '#jenkins', color: 'danger', message: "The pipeline ${currentBuild.fullDisplayName} stage Docker Build failed."
}
}
}
stage('Push Yaml'){
when {
expression {
return env.dockerBuildResult ==~ /(?i)(Y|YES|T|TRUE|ON|RUN)/
}
}
steps {
script{
try {
git url: "https://$GIT_URL-yaml", branch: "master", credentialsId: "$GIT_CREDENTIALS_ID"
sh "rm -rf /var/lib/jenkins/workspace/${env.JOB_NAME}/*"
sh """
mkdir yaml
cd yaml
#!/bin/bash
cat>deployment.yaml<<-EOF
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: cb-test-api
namespace: prd-api
spec:
replicas: 1
template:
metadata:
labels:
app: cb-test-api
spec:
containers:
- image: ${ECR_TASK_URL}:ver${env.BUILD_NUMBER}
imagePullPolicy: Always
name: cb-test-api
ports:
- containerPort: 9000
EOF"""
sh "cat /var/lib/jenkins/workspace/${env.JOB_NAME}/yaml/deployment.yaml"
withCredentials([[$class: "UsernamePasswordMultiBinding", credentialsId: "$GIT_CREDENTIALS_ID", usernameVariable: "GIT_AUTHOR_NAME", passwordVariable: "GIT_PASSWORD"]]) {
sh """
git add .
git commit -m "Deploy ${env.JOB_NAME} ${env.BUILD_NUMBER}"
git push https://${GIT_AUTHOR_NAME}:${GIT_PASSWORD}@${GIT_URL}-yaml
"""
}
sh "sudo rm -rf /var/lib/jenkins/workspace/${env.JOB_NAME}/*"
env.pushYamlResult=true
} catch (error) {
print(error)
echo 'Remove Deploy Files'
withCredentials([[$class: "UsernamePasswordMultiBinding", credentialsId: "$GIT_CREDENTIALS_ID", usernameVariable: "GIT_AUTHOR_NAME", passwordVariable: "GIT_PASSWORD"]]) {
sh """
git reset --hard HEAD^
git push --force https://${GIT_AUTHOR_NAME}:${GIT_PASSWORD}@${GIT_URL}-yaml
"""
}
sh "sudo rm -rf /var/lib/jenkins/workspace/${env.JOB_NAME}/*"
env.pushYamlResult=false
currentBuild.result = 'FAILURE'
}
}
}
post {
success {
slackSend channel: '#jenkins', color: 'good', message: "The pipeline ${currentBuild.fullDisplayName} stage Push Yaml successfully."
}
failure {
slackSend channel: '#jenkins', color: 'danger', message: "The pipeline ${currentBuild.fullDisplayName} stage Push Yaml failed."
}
}
}
stage('Argo Deploy'){
when {
expression {
return env.pushYamlResult ==~ /(?i)(Y|YES|T|TRUE|ON|RUN)/
}
}
steps {
script{
try {
withEnv(["PATH=/usr/local/bin:$PATH"]) {
sh"""
#!/bin/bash
expect << EOF
spawn argocd login --grpc-web $ARGOCD_DOMAIN
expect "Username:"
send "admin\r";
expect "Password:"
send "$ARGOCD_PW\r";
expect eof
EOF
argocd app get $ARGOCD_APP_NAME
argocd app sync $ARGOCD_APP_NAME
"""
}
} catch (error) {
print(error)
echo 'Remove Deploy Files'
sh "sudo rm -rf /var/lib/jenkins/workspace/${env.JOB_NAME}/*"
currentBuild.result = 'FAILURE'
}
}
}
post {
success {
slackSend channel: '#jenkins', color: 'good', message: "The pipeline ${currentBuild.fullDisplayName} successfully."
}
failure {
slackSend channel: '#jenkins', color: 'danger', message: "The pipeline ${currentBuild.fullDisplayName} failed."
}
}
}
}
}
보통 Push yaml까지 (모든 CI)가 끝나면 승인체계를 거치도록 작성하는데,
이는 DevOps 카테고리에서 추가적으로 게시하도록 하겠습니다.
ArgoCD CLI까지 모두 수행하게 되면,
ArgoCD에서 배포되는것을 실시간으로 UI를 통해 보실 수 있으며 이전 배포버전 내역도 볼 수 있습니다.
마지막으로 서버에 접속해보면 정상적으로 파이프라인의 잡 네임과 빌드넘버가 붙어서 배포가 잘 되었음을 확인할 수 있습니다.
이렇게, EKS에서의 GitOps 스타일의 기본 CICD 자동화를 알아봤습니다.
Canary배포나 블루그린 형태의 배포에 대한 부분을 좀 더 연구한 후 잘 수행되면 작성할 예정입니다.