<출처> https://docs.microsoft.com/en-us/windows/wsl/install
Azure SA 업무환경 설정
Azure VM 생성 - Windows 11
구독, 리소스 그룹을 선택 및 입력한다.
Image는 Windows 11 pro를 선택하고 Size는 Standard D4s v5 (4 vcpus, 16 GiB memory)를 선택하여 VM 생성을 시작한다.
업무 환경 구성
사전 작업
생성된 VM 서버 접속 후 Windows features 에서 Hyper-V와 Virtual Machine Platform을 선택한다.
Don't restart를 선택한다.
WSL 설치
Terminal 또는 Windows PowerShell을 관리자 권한으로 실행 하고 다음과 같이 명령을 입력한다.
# 온라인 스토어를 통해 다운로드할 수 있는 사용 가능한 Linux 배포판 목록을 확인 wsl -l -o # 지정 배포판 설치 : wsl --install -d <Distribution Name> wsl --install --distribution Ubuntu-22.04 |
설치 가능한 목록을 확인한다. 여기서는 Ubuntu-22.04를 기준으로 한다.
설치가 완료되면 시스템을 재부팅 한다.
재부팅 후 자동으로 터미널이 팝업되어 설치가 마무리 된다. username과 password 입력을 수행한다.
Windows PowerShell을 관리자 권한으로 실행 하고 다음과 같이 명령을 입력한다.
wsl -l -v |
Docker Desktop for Windows 설치
여기에서 Docker Desktop for Windows를 다운로드 및 기본으로 설치 후 Close and log out을 클릭하여 재부팅 한다.
재부팅이 완료되고 Docker Desktop이 시작되면 설정 아이콘을 클릭하고 들어가 Resoures > WSL Integration에서 Ubuntu-22.04를 활성화 하고 Apply & Restart를 클릭한다.
Terminal을 실행하고 다음과 같이 명령을 입력한다.
# Docker 상태 점검 (on Windows) docker ps # wsl 환경으로 전환 wsl # Docker 상태 점검 및 버전 확인 (on Linux) docker ps docker version |
PS C:\Users\zerobig> docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES PS C:\Users\zerobig> wsl To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details. zerobig@sa-winvm:/mnt/c/Users/zerobig$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES zerobig@sa-winvm:/mnt/c/Users/zerobig$ docker version Client: Docker Engine - Community Cloud integration: v1.0.35+desktop.5 Version: 24.0.6 API version: 1.43 Go version: go1.20.7 Git commit: ed223bc Built: Mon Sep 4 12:32:16 2023 OS/Arch: linux/amd64 Context: default Server: Docker Desktop Engine: Version: 24.0.6 API version: 1.43 (minimum version 1.12) Go version: go1.20.7 Git commit: 1a79695 Built: Mon Sep 4 12:32:16 2023 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.22 GitCommit: 8165feabfdfe38c65b599c4993d227328c231fca runc: Version: 1.1.8 GitCommit: v1.1.8-0-g82f18fe docker-init: Version: 0.19.0 GitCommit: de40ad0 zerobig@sa-winvm:/mnt/c/Users/zerobig$ |
Git Bash 설치
For Windows
여기로 이동하여 최신 버전을 기본값으로 설치한다. 2022년 7월 17일 현재 최신 버전은 2.37.1이다.
For Linux(WSL) → 불필요. 이미 설됨
Git은 대부분의 Linux용 Windows 하위 시스템 배포판과 함께 이미 설치되어 있지만 최신 버전으로 업데이트할 수 있다. 또한 git 구성 파일을 설정해야 한다.
git version sudo apt-get install git git version |
Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. 새로운 크로스 플랫폼 PowerShell 사용 https://aka.ms/pscore6 PS C:\Users\zerobig> wsl zerobig@ZEROBIG-NT800:/mnt/c/Users/zerobig$ git version git version 2.25.1 zerobig@ZEROBIG-NT800:/mnt/c/Users/zerobig$ sudo apt-get install git [sudo] password for zerobig: Reading package lists... Done Building dependency tree Reading state information... Done git is already the newest version (1:2.25.1-1ubuntu3). git set to manually installed. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. zerobig@ZEROBIG-NT800:/mnt/c/Users/zerobig$ git version git version 2.25.1 zerobig@ZEROBIG-NT800:/mnt/c/Users/zerobig$ |
Git 구성 파일 설정
bash (Ubuntu-20.04)터미널에서 다음 명령을 수행하여 사용자 이름을 설정한다.
git config --global user.name "Your Name" |
추가로 이메일 정보를 설정한다.
git config --global user.email "youremail@domain.com" |
Terraform 설치
For Windows
먼저 여기에서 최신 Terraform 버전을 다운로드 받는다.
다운로드 완료 후 C:\ 드라이브 밑에 Terraform이라는 디렉토리를 생성하고 다운로드한 Terrraform 압축파일을 해당 디렉토리 내에 압축해제하여 위치시킨다.
윈도우즈 키와 R키를 누르고 “sysdm.cpl ,3”를 입력하여 실행한다.
환경 변수를 선택하고 시스템 변수 에서 Path를 클릭한다.
새로 만들기(N)을 선택하고 다음과 같이 Terraform 디렉토리 패스 정보를 입력하고 확인을 선택한다.
새로 Windows Terminal 창을 띄우고 다음 명령을 수행하여 Terraform 버전을 확인한다.
# Terraform 버전 확인 terraform version |
For Linux(WSL)
다음 명령을 수행하여 설치를 진행하고 결과를 검증한다.
# Install HashiCorp's Debian package repository sudo apt-get update && sudo apt-get install -y gnupg software-properties-commo # Install the HashiCorp GPG key wget -O- https://apt.releases.hashicorp.com/gpg | \ gpg --dearmor | \ sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg # Verify the key's fingerprint. gpg --no-default-keyring \ --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \ --fingerprint # Add the official HashiCorp repository to your system echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \ sudo tee /etc/apt/sources.list.d/hashicorp.list # Download the package information and Install Terraform from the new repository. sudo apt update sudo apt-get install terraform # Verify the installation terraform -v # Enable tab completion terraform -install-autocomplete source ~/.bashrc |
AZ CLI 설치
For Windows
먼저 여기에서 최신 버전을 다운로드 받고 기본으로 설치를 진행한다.
For Linux(WSL)
다음 명령을 수행하여 설치를 진행하고 결과를 검증한다.
# Download installation script and Execute it curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash # Verify the installation az version |
Azure Az PowerShell 모듈 설치
여기를 참조하여 다운로드 및 설치한다.
이 모듈을 설치하면 일반적으로 사용 가능한 Az PowerShell 모듈이 다운로드되고, cmdlet을 사용할 수 있게 된다.
중요 Az PowerShell 모듈은 모든 플랫폼에서 Azure 리소스를 관리하는 데 권장되는 PowerShell 모듈입니다. |
# Check the PowerShell version $PSVersionTable.PSVersion # Set the PowerShell script execution policy to remote signed or less restrictive Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser # Install the Az module for the current user only Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force |
PS C:\Restore_20220903\2022-AzureHandsOn\mslearn-bicep> $PSVersionTable.PSVersion Major Minor Build Revision ----- ----- ----- -------- 5 1 19041 1682 PS C:\Restore_20220903\2022-AzureHandsOn\mslearn-bicep> Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser PS C:\Restore_20220903\2022-AzureHandsOn\mslearn-bicep> Install-ModuleName Az -Scope CurrentUser -Repository PSGallery -Force 계속하려면 NuGet 공급자가 필요합니다. NuGet 기반 리포지토리를 조작하려면 PowerShellGet에 NuGet 공급자 버전 '2.8.5.201' 이상이 필요합니다. 'C:\Program 'C:\Users\zerobig\AppData\Local\PackageManagement\ProviderAssemblies' 에 서 NuGet 공급자를 사용할 수 있어야 합니다. 또한 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'를 실행하여 NuGet 공급자를 설치할 수 있습니다. 지금 PowerShellGet에서 NuGet 공급자를 설치하고 가져오시겠습니까? [Y] 예(Y) [N] 아니요(N) [S] 일시 중단(S) [?] 도움말 (기본값은 "Y"): Y PS C:\Restore_20220903\2022-AzureHandsOn\mslearn-bicep> |
kuberctl 설치
For Windows
먼저 여기에서 최신 버전을 다운로드 받고 기본으로 설치를 진행한다.
kubectl 디렉토리에 다운로드 받은 실행 파일을 위치시키고 terraform과 같은 방식으로 환경변수 path에 등록한다.
For Linux(WSL)
다음 명령을 수행하여 설치를 진행하고 결과를 검증한다.
# Download the latest release curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" # Validate the binary curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256" echo "$(cat kubectl.sha256) kubectl" | sha256sum --check # Install kubectl sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl # Verify the installation kubectl version --client # Enable kubectl autocompletion kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl > /dev/null source ~/.bashrc |
VS Code 설치
다운로드 후 설치한다.
설치 과정에서 추가 작업 선택 화면에서 다음 두 개를 체크하고 진행한다.
Visual Studio 설치 (옵션)
여기를 클릭하여 다운로드 및 설치한다.
Terraform을 사용하여 Azure Kubernetes Service로 Kubernetes 클러스터 만들기
소스 준비
git clone https://github.com/zer0big/TDG-TerraformAKSDemo.git cd TerroformAksDeployDemo/ code . |
tdg-zerobig-wsls# git clone https://github.com/zer0big/TDG-TerraformAKSDemo.git Cloning into 'TDG-TerraformAKSDemo'... remote: Enumerating objects: 15, done. remote: Counting objects: 100% (15/15), done. remote: Compressing objects: 100% (14/14), done. remote: Total 15 (delta 0), reused 15 (delta 0), pack-reused 0 Receiving objects: 100% (15/15), 18.39 KiB | 570.00 KiB/s, done. tdg-zerobig-wsls# cd TDG-TerraformAKSDemo/ tdg-zerobig-wsls# code . |
Terraform 배포
az login terraform init terraform plan terraform apply -auto-approve |
tdg-zerobig-wsls# terraform plan azurerm_resource_group.rg: Refreshing state... [id=/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo] azurerm_container_registry.zerobigaks-demo: Refreshing state... [id=/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerRegistry/registries/tdgzeroacrdemo] azurerm_kubernetes_cluster.zerobigaks-demo: Refreshing state... [id=/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerService/managedClusters/tdgzeroaksdemo] azurerm_role_assignment.enablePulling: Refreshing state... [id=/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerRegistry/registries/tdgzeroacrdemo/providers/Microsoft.Authorization/roleAssignments/41ac72ed-cc01-d35e-a12c-23c90fbebfe6] Note: Objects have changed outside of Terraform Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan: # azurerm_container_registry.zerobigaks-demo has been deleted - resource "azurerm_container_registry" "zerobigaks-demo" { - id = "/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerRegistry/registries/tdgzeroacrdemo" -> null name = "tdgzeroacrdemo" # (16 unchanged attributes hidden) } # azurerm_kubernetes_cluster.zerobigaks-demo has been deleted - resource "azurerm_kubernetes_cluster" "zerobigaks-demo" { - fqdn = "zerobigaksdemo-9fctjqgz.hcp.koreacentral.azmk8s.io" -> null - id = "/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerService/managedClusters/tdgzeroaksdemo" -> null name = "tdgzeroaksdemo" - node_resource_group = "MC_RG-TDG-CMS-2023-AKSDemo_tdgzeroaksdemo_koreacentral" -> null tags = { "Environment" = "DEV" } # (21 unchanged attributes hidden) - kubelet_identity { - object_id = "02a2ad14-8c56-420c-ba60-e95b16680a98" -> null # (2 unchanged attributes hidden) } # (3 unchanged blocks hidden) } # azurerm_resource_group.rg has been deleted - resource "azurerm_resource_group" "rg" { id = "/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo" - location = "koreacentral" -> null - name = "RG-TDG-CMS-2023-AKSDemo" -> null } Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes. ───────────────────────────────────────────────────────────────────────────────────────────────────── Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # azurerm_container_registry.zerobigaks-demo will be created + resource "azurerm_container_registry" "zerobigaks-demo" { + admin_enabled = false + admin_password = (sensitive value) + admin_username = (known after apply) + encryption = (known after apply) + export_policy_enabled = true + id = (known after apply) + location = "koreacentral" + login_server = (known after apply) + name = "tdgzeroacrdemo" + network_rule_bypass_option = "AzureServices" + network_rule_set = (known after apply) + public_network_access_enabled = true + resource_group_name = "RG-TDG-CMS-2023-AKSDemo" + retention_policy = (known after apply) + sku = "Standard" + trust_policy = (known after apply) + zone_redundancy_enabled = false } # azurerm_kubernetes_cluster.zerobigaks-demo will be created + resource "azurerm_kubernetes_cluster" "zerobigaks-demo" { + api_server_authorized_ip_ranges = (known after apply) + dns_prefix = "zerobigaksdemo" + fqdn = (known after apply) + http_application_routing_zone_name = (known after apply) + id = (known after apply) + image_cleaner_enabled = false + image_cleaner_interval_hours = 48 + kube_admin_config = (sensitive value) + kube_admin_config_raw = (sensitive value) + kube_config = (sensitive value) + kube_config_raw = (sensitive value) + kubernetes_version = (known after apply) + location = "koreacentral" + name = "tdgzeroaksdemo" + node_resource_group = (known after apply) + oidc_issuer_url = (known after apply) + portal_fqdn = (known after apply) + private_cluster_enabled = false + private_cluster_public_fqdn_enabled = false + private_dns_zone_id = (known after apply) + private_fqdn = (known after apply) + public_network_access_enabled = true + resource_group_name = "RG-TDG-CMS-2023-AKSDemo" + role_based_access_control_enabled = true + run_command_enabled = true + sku_tier = "Free" + tags = { + "Environment" = "DEV" } + workload_identity_enabled = false + default_node_pool { + kubelet_disk_type = (known after apply) + max_pods = (known after apply) + name = "default" + node_count = 2 + node_labels = (known after apply) + orchestrator_version = (known after apply) + os_disk_size_gb = (known after apply) + os_disk_type = "Managed" + os_sku = (known after apply) + scale_down_mode = "Delete" + type = "VirtualMachineScaleSets" + ultra_ssd_enabled = false + vm_size = "Standard_D2_v2" + workload_runtime = (known after apply) } + identity { + principal_id = (known after apply) + tenant_id = (known after apply) + type = "SystemAssigned" } } # azurerm_resource_group.rg will be created + resource "azurerm_resource_group" "rg" { + id = (known after apply) + location = "koreacentral" + name = "RG-TDG-CMS-2023-AKSDemo" } # azurerm_role_assignment.enablePulling will be created + resource "azurerm_role_assignment" "enablePulling" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = "AcrPull" + scope = (known after apply) + skip_service_principal_aad_check = true } Plan: 4 to add, 0 to change, 0 to destroy. Changes to Outputs: ~ aks_fqdn = "zerobigaksdemo-9fctjqgz.hcp.koreacentral.azmk8s.io" -> (known after apply) ~ aks_id = "/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerService/managedClusters/tdgzeroaksdemo" -> (known after apply) ~ aks_node_rg = "MC_RG-TDG-CMS-2023-AKSDemo_tdgzeroaksdemo_koreacentral" -> (known after apply) ───────────────────────────────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. tdg-zerobig-wsls# tdg-zerobig-wsls# tdg-zerobig-wsls# terraform apply -auto-approve azurerm_resource_group.rg: Refreshing state... [id=/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo] azurerm_container_registry.zerobigaks-demo: Refreshing state... [id=/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerRegistry/registries/tdgzeroacrdemo] azurerm_kubernetes_cluster.zerobigaks-demo: Refreshing state... [id=/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerService/managedClusters/tdgzeroaksdemo] azurerm_role_assignment.enablePulling: Refreshing state... [id=/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerRegistry/registries/tdgzeroacrdemo/providers/Microsoft.Authorization/roleAssignments/41ac72ed-cc01-d35e-a12c-23c90fbebfe6] Note: Objects have changed outside of Terraform Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan: # azurerm_container_registry.zerobigaks-demo has been deleted - resource "azurerm_container_registry" "zerobigaks-demo" { - id = "/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerRegistry/registries/tdgzeroacrdemo" -> null name = "tdgzeroacrdemo" # (16 unchanged attributes hidden) } # azurerm_kubernetes_cluster.zerobigaks-demo has been deleted - resource "azurerm_kubernetes_cluster" "zerobigaks-demo" { - fqdn = "zerobigaksdemo-9fctjqgz.hcp.koreacentral.azmk8s.io" -> null - id = "/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerService/managedClusters/tdgzeroaksdemo" -> null name = "tdgzeroaksdemo" - node_resource_group = "MC_RG-TDG-CMS-2023-AKSDemo_tdgzeroaksdemo_koreacentral" -> null tags = { "Environment" = "DEV" } # (21 unchanged attributes hidden) - kubelet_identity { - object_id = "02a2ad14-8c56-420c-ba60-e95b16680a98" -> null # (2 unchanged attributes hidden) } # (3 unchanged blocks hidden) } # azurerm_resource_group.rg has been deleted - resource "azurerm_resource_group" "rg" { id = "/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo" - location = "koreacentral" -> null - name = "RG-TDG-CMS-2023-AKSDemo" -> null } Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes. ───────────────────────────────────────────────────────────────────────────────────────────────────── Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # azurerm_container_registry.zerobigaks-demo will be created + resource "azurerm_container_registry" "zerobigaks-demo" { + admin_enabled = false + admin_password = (sensitive value) + admin_username = (known after apply) + encryption = (known after apply) + export_policy_enabled = true + id = (known after apply) + location = "koreacentral" + login_server = (known after apply) + name = "tdgzeroacrdemo" + network_rule_bypass_option = "AzureServices" + network_rule_set = (known after apply) + public_network_access_enabled = true + resource_group_name = "RG-TDG-CMS-2023-AKSDemo" + retention_policy = (known after apply) + sku = "Standard" + trust_policy = (known after apply) + zone_redundancy_enabled = false } # azurerm_kubernetes_cluster.zerobigaks-demo will be created + resource "azurerm_kubernetes_cluster" "zerobigaks-demo" { + api_server_authorized_ip_ranges = (known after apply) + dns_prefix = "zerobigaksdemo" + fqdn = (known after apply) + http_application_routing_zone_name = (known after apply) + id = (known after apply) + image_cleaner_enabled = false + image_cleaner_interval_hours = 48 + kube_admin_config = (sensitive value) + kube_admin_config_raw = (sensitive value) + kube_config = (sensitive value) + kube_config_raw = (sensitive value) + kubernetes_version = (known after apply) + location = "koreacentral" + name = "tdgzeroaksdemo" + node_resource_group = (known after apply) + oidc_issuer_url = (known after apply) + portal_fqdn = (known after apply) + private_cluster_enabled = false + private_cluster_public_fqdn_enabled = false + private_dns_zone_id = (known after apply) + private_fqdn = (known after apply) + public_network_access_enabled = true + resource_group_name = "RG-TDG-CMS-2023-AKSDemo" + role_based_access_control_enabled = true + run_command_enabled = true + sku_tier = "Free" + tags = { + "Environment" = "DEV" } + workload_identity_enabled = false + default_node_pool { + kubelet_disk_type = (known after apply) + max_pods = (known after apply) + name = "default" + node_count = 2 + node_labels = (known after apply) + orchestrator_version = (known after apply) + os_disk_size_gb = (known after apply) + os_disk_type = "Managed" + os_sku = (known after apply) + scale_down_mode = "Delete" + type = "VirtualMachineScaleSets" + ultra_ssd_enabled = false + vm_size = "Standard_D2_v2" + workload_runtime = (known after apply) } + identity { + principal_id = (known after apply) + tenant_id = (known after apply) + type = "SystemAssigned" } } # azurerm_resource_group.rg will be created + resource "azurerm_resource_group" "rg" { + id = (known after apply) + location = "koreacentral" + name = "RG-TDG-CMS-2023-AKSDemo" } # azurerm_role_assignment.enablePulling will be created + resource "azurerm_role_assignment" "enablePulling" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = "AcrPull" + scope = (known after apply) + skip_service_principal_aad_check = true } Plan: 4 to add, 0 to change, 0 to destroy. Changes to Outputs: ~ aks_fqdn = "zerobigaksdemo-9fctjqgz.hcp.koreacentral.azmk8s.io" -> (known after apply) ~ aks_id = "/subscriptions/98483591-af84-4569-ba3d-0711ced77b32/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerService/managedClusters/tdgzeroaksdemo" -> (known after apply) ~ aks_node_rg = "MC_RG-TDG-CMS-2023-AKSDemo_tdgzeroaksdemo_koreacentral" -> (known after apply) azurerm_resource_group.rg: Creating... azurerm_resource_group.rg: Creation complete after 2s [id=/subscriptions/1199b626-a317-4559-9289-caba7859ee88/resourceGroups/RG-TDG-CMS-2023-AKSDemo] azurerm_container_registry.zerobigaks-demo: Creating... azurerm_kubernetes_cluster.zerobigaks-demo: Creating... azurerm_container_registry.zerobigaks-demo: Still creating... [10s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [10s elapsed] azurerm_container_registry.zerobigaks-demo: Still creating... [20s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [20s elapsed] azurerm_container_registry.zerobigaks-demo: Creation complete after 26s [id=/subscriptions/1199b626-a317-4559-9289-caba7859ee88/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerRegistry/registries/tdgzeroacrdemo] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [30s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [40s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [50s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [1m0s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [1m10s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [1m20s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [1m30s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [1m40s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [1m50s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [2m0s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [2m10s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [2m20s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [2m30s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [2m40s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [2m50s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [3m0s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [3m10s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [3m20s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [3m30s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Still creating... [3m40s elapsed] azurerm_kubernetes_cluster.zerobigaks-demo: Creation complete after 3m49s [id=/subscriptions/1199b626-a317-4559-9289-caba7859ee88/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerService/managedClusters/tdgzeroaksdemo] azurerm_role_assignment.enablePulling: Creating... azurerm_role_assignment.enablePulling: Still creating... [10s elapsed] azurerm_role_assignment.enablePulling: Still creating... [20s elapsed] azurerm_role_assignment.enablePulling: Still creating... [30s elapsed] azurerm_role_assignment.enablePulling: Creation complete after 33s [id=/subscriptions/1199b626-a317-4559-9289-caba7859ee88/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerRegistry/registries/tdgzeroacrdemo/providers/Microsoft.Authorization/roleAssignments/7cc351f4-a90e-aa84-d037-54aa37d5129f] Apply complete! Resources: 4 added, 0 changed, 0 destroyed. Outputs: aks_fqdn = "zerobigaksdemo-m2wziz05.hcp.koreacentral.azmk8s.io" aks_id = "/subscriptions/1199b626-a317-4559-9289-caba7859ee88/resourceGroups/RG-TDG-CMS-2023-AKSDemo/providers/Microsoft.ContainerService/managedClusters/tdgzeroaksdemo" aks_node_rg = "MC_RG-TDG-CMS-2023-AKSDemo_tdgzeroaksdemo_koreacentral" |
Terraform 배포 결과 확인
Azure Portal로 이동하여 배포 결과를 확인한다.
ACR에 대한 AKS 관리 ID Role 부여 현황을 확인한다.
AKS 클러스터 검증
# Define variables ACR_Name="tdgzeroacrdemo" RG_Name="RG-TDG-CMS-2023-AKSDemo" # Get AKS credentials # Get Node Info |
zerobig@sa-winvm:/mnt/c/Users/zerobig/TerroformAksDeployDemo$ AKS_Name="tdgzeroaksdemo"ACR_Name="tdgzeroacrdemo"RG_Name="RG-TDG-CMS-2023-AKSDemo" zerobig@sa-winvm:/mnt/c/Users/zerobig/TerroformAksDeployDemo$ AKS_Name="tdgzeroaksdemo" ACR_Name="tdgzeroacrdemo" RG_Name="RG-TDG-CMS-2023-AKSDemo" zerobig@sa-winvm:/mnt/c/Users/zerobig/TerroformAksDeployDemo$ az aks get-credentials -g $RG_Name -n $AKS_Name Merged "tdgzeroaksdemo" as current context in /home/zerobig/.kube/config zerobig@sa-winvm:/mnt/c/Users/zerobig/TerroformAksDeployDemo$ kubectl get node NAME STATUS ROLES AGE VERSION aks-default-34060743-vmss000000 Ready agent 22m v1.27.7 aks-default-34060743-vmss000001 Ready agent 22m v1.27.7
Application 배포 및 검증
사전 작업
애플리케이션 빌드 및 구성을 위해 먼저 JAVA, Maven 설치가 필요하다.
JAVA 설치
# Install JDK sudo apt update sudo apt install default-jdk # Verify the installation java -version |
MAVEN 설치
# Check the latest version https://downloads.apache.org/maven/maven-3/ # Download Apache Maven wget https://downloads.apache.org/maven/maven-3/3.9.5/binaries/apache-maven-3.9.5-bin.tar.gz -P /tmp # Extract the Archive sudo tar xf /tmp/apache-maven-3.9.5-bin.tar.gz -C /opt # Create a symbolic link sudo ln -s /opt/apache-maven-3.9.5 /opt/maven # Setup environment variables sudo vi /etc/profile.d/maven.sh export JAVA_HOME=/usr/lib/jvm/default-java export M2_HOME=/opt/maven export MAVEN_HOME=/opt/maven export PATH=${M2_HOME}/bin:${PATH} sudo chmod +x /etc/profile.d/maven.sh source /etc/profile.d/maven.sh # Verify the installation mvn -version |
소스 준비 및 로컬 검증
새로 터미널을 띄워 wsl로 전환 후에 샘플 소스를 내려 받는다.
git clone https://github.com/zer0big/gs-spring-boot-aks.git cd gs-spring-boot-aks code . |
mvn clean package 명령으로 컴파일을 수행 한다. 참고로 clean 옵션은 maven build 시 생성된 모든 것들을 삭제한다.
mvn clean package -DskipTests |
target 디렉토리로 이동 후 java -jar 명령을 통해 로컬에서 샘플 소스의 컴파일 결과를 실행하고 브라우저를 통해 유효성을 검증한다.
java -jar gs-spring-boot-docker-0.1.0.jar |
zerobig@winvm4azuresa:~/gs-spring-boot-aks/target$ java -jar gs-spring-boot-docker-0.1.0.jar . ____ _ __ _ _ /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ \\/ ___)| |_)| | | | | || (_| | ) ) ) ) ' |____| .__|_| |_|_| |_\__, | / / / / =========|_|==============|___/=/_/_/_/ :: Spring Boot :: (v2.3.0.RELEASE) 2022-07-17 17:56:30.666 INFO 7189 --- [ main] hello.Application : Starting Application v0.1.0 on winvm4azuresa with PID 7189 (/home/zerobig/gs-spring-boot-aks/target/gs-spring-boot-docker-0.1.0.jar started by zerobig in /home/zerobig/gs-spring-boot-aks/target) 2022-07-17 17:56:30.669 INFO 7189 --- [ main] hello.Application : No active profile set, falling back to default profiles: default 2022-07-17 17:56:32.043 INFO 7189 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http) 2022-07-17 17:56:32.062 INFO 7189 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat] 2022-07-17 17:56:32.063 INFO 7189 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.35] 2022-07-17 17:56:32.161 INFO 7189 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext 2022-07-17 17:56:32.161 INFO 7189 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 1406 ms 2022-07-17 17:56:32.440 INFO 7189 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor' 2022-07-17 17:56:32.657 INFO 7189 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path '' 2022-07-17 17:56:32.683 INFO 7189 --- [ main] hello.Application : Started Application in 3.058 seconds (JVM running for 3.798) 2022-07-17 17:57:39.998 INFO 7189 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet' 2022-07-17 17:57:40.000 INFO 7189 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet' 2022-07-17 17:57:40.020 INFO 7189 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 20 ms |
별도의 Windows 터미널 창에서 다음 명령을 수행한다.
start http://localhost:8080 |
검증 완료 후 Ctrl + c를 실행하여 실행을 중지한다.
다음 작업 진행에 앞서 Bash 터미널 창에서 현재 target 디렉토리에서 상위 디렉토리로 이동한다.
cd .. |
Containerizing 및 로컬 검증
docker build 명령을 수행하여 docker images를 생성한다.
docker build -t appmod-demo4tdgcms . docker images |
zerobig@sa-winvm:/mnt/c/Users/zerobig/gs-spring-boot-aks$ docker build -t appmod-demo4tdgcms . [+] Building 10.0s (7/7) FINISHED docker:default => [internal] load .dockerignore 0.1s => => transferring context: 2B 0.0s => [internal] load build definition from Dockerfile 0.2s => => transferring dockerfile: 163B 0.0s => [internal] load metadata for docker.io/library/openjdk:8-jdk-alpine 2.8s => [internal] load build context 1.0s => => transferring context: 16.47MB 0.9s => [1/2] FROM docker.io/library/openjdk:8-jdk-alpine@sha256:94792824df2df33402f201713f932b58cb9de94a0cd524164a0f2283343547b3 5.3s => => resolve docker.io/library/openjdk:8-jdk-alpine@sha256:94792824df2df33402f201713f932b58cb9de94a0cd524164a0f2283343547b3 0.1s => => sha256:c2274a1a0e2786ee9101b08f76111f9ab8019e368dce1e325d3c284a0ca33397 70.73MB / 70.73MB 3.4s => => sha256:94792824df2df33402f201713f932b58cb9de94a0cd524164a0f2283343547b3 1.64kB / 1.64kB 0.0s => => sha256:44b3cea369c947527e266275cee85c71a81f20fc5076f6ebb5a13f19015dce71 947B / 947B 0.0s => => sha256:a3562aa0b991a80cfe8172847c8be6dbf6e46340b759c2b782f8b8be45342717 3.40kB / 3.40kB 0.0s => => sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10 2.76MB / 2.76MB 0.6s => => sha256:f910a506b6cb1dbec766725d70356f695ae2bf2bea6224dbe8c7c6ad4f3664a2 238B / 238B 0.3s => => extracting sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10 0.4s => => extracting sha256:f910a506b6cb1dbec766725d70356f695ae2bf2bea6224dbe8c7c6ad4f3664a2 0.0s => => extracting sha256:c2274a1a0e2786ee9101b08f76111f9ab8019e368dce1e325d3c284a0ca33397 1.4s => [2/2] ADD target/*.jar app.jar 1.5s => exporting to image 0.2s => => exporting layers 0.1s => => writing image sha256:e961dcb75ee02609f3339978200c57b972328ccc39d50fcd497233d2bdda8ef4 0.0s => => naming to docker.io/library/appmod-demo4tdgcms 0.0s What's Next? View a summary of image vulnerabilities and recommendations → docker scout quickview zerobig@sa-winvm:/mnt/c/Users/zerobig/gs-spring-boot-aks$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE appmod-demo4tdgcms latest e961dcb75ee0 10 seconds ago 121MB |
docker run 명령을 수행하여 로컬에서 동작 유효성을 검증한다. 로컬포트는 임의로 지정 가능하다. 다음 예에서는 8888을 사용한다.
zerobig@sa-winvm:/mnt/c/Users/zerobig/gs-spring-boot-aks$ docker run -d -p 8888:8080 appmod-demo4tdgcms 408c86d81b75b823858263d8f9b79a6d4ddf06d5ca6b63e04e0fa0ba431bb10a |
별도의 Windows 터미널 창에서 다음 명령을 수행한다.
start http://localhost:8888 |
Docker Tag, Push
최조 작업하던 창으로 이동한다.
$ACR_Name 변수값을 반환하여야 하며, 안되었다면 다시 변수값을 입력 한다.
자신의 ACR 서버 주소 형식에 맞게 docker tag하고 push 명령을 수행하여 생성한 ACR에 images를 Push한다.
docker tag appmod-demo4tdgcms $ACR_Name.azurecr.io/appmod-demo4tdgcms //자신의 ACR 서버 주소로 변경 docker images az acr login -n $ACR_Name docker push $ACR_Name.azurecr.io/appmod-demo4tdgcms |
tdg-zerobig-wsls# echo $ACR_Name tdgzeroacrdemo tdg-zerobig-wsls# docker tag appmod-demo4tdgcms $ACR_Name.azurecr.io/appmod-demo4tdgcms tdg-zerobig-wsls# tdg-zerobig-wsls# docker images REPOSITORY TAG IMAGE ID CREATED SIZE tdgzeroacrdemo.azurecr.io/appmod-demo4tdgcms latest 4498a272643f 5 minutes ago 121MB appmod-demo4tdgcms latest 4498a272643f 5 minutes ago 121MB tdg-zerobig-wsls# tdg-zerobig-wsls# az acr login -n $ACR_Name Login Succeeded tdg-zerobig-wsls# tdg-zerobig-wsls# docker push $ACR_Name.azurecr.io/appmod-demo4tdgcms Using default tag: latest The push refers to repository [tdgzeroacrdemo.azurecr.io/appmod-demo4tdgcms] 6d14af32611d: Pushed ceaf9e1ebef5: Pushed 9b9b7f3d56a0: Pushed f1b5933fe4b5: Pushed latest: digest: sha256:da72ad49804f887e6f1c7ef0a176a829e9881eb248a896117973a0d7b040c4e3 size: 1159 tdg-zerobig-wsls# |
Azure Portal에서 등록 결과를 확인한다.
YAML Manifest 구성
k8s/deploy-svc.yaml 파일을 열어 “images” 정보를 각자의 값으로 업데이트 한다.
apiVersion: apps/v1 kind: Deployment metadata: name: zeroaksdemo spec: replicas: 2 selector: matchLabels: app: zero-aks-app template: metadata: labels: app: zero-aks-app spec: containers: - name: zero-aks-demo image: tdgzeroacrdemo.azurecr.io/appmod-demo4tdccms:latest ports: - containerPort: 8080 --- apiVersion: v1 kind: Service metadata: name: zero-aks-app spec: ports: - name: http-port port: 80 targetPort: 8080 selector: app: zero-aks-app type: LoadBalancer |
YAML Manifest 배포 및 결과 검증
zerobig@sa-winvm:/mnt/c/Users/zerobig/TerroformAksDeployDemo$ kubectl get nodes NAME STATUS ROLES AGE VERSION aks-default-34060743-vmss000000 Ready agent 54m v1.27.7 aks-default-34060743-vmss000001 Ready agent 54m v1.27.7 zerobig@sa-winvm:/mnt/c/Users/zerobig/TerroformAksDeployDemo$ kubectl apply -f k8s/deploy-svc.yaml deployment.apps/zeroaksdemo created service/zero-aks-app created zerobig@sa-winvm:/mnt/c/Users/zerobig/TerroformAksDeployDemo$ kubectl get pod NAME READY STATUS RESTARTS AGE zeroaksdemo-5686444c7c-29x5m 1/1 Running 0 10s zeroaksdemo-5686444c7c-f2z85 1/1 Running 0 10s zeroaksdemo-5686444c7c-mfb65 1/1 Running 0 10s zerobig@sa-winvm:/mnt/c/Users/zerobig/TerroformAksDeployDemo$ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 56m zero-aks-app LoadBalancer 10.0.50.60 20.196.252.253 80:32045/TCP 18s zerobig@sa-winvm:/mnt/c/Users/zerobig/TerroformAksDeployDemo$ kubectl get pod NAME READY STATUS RESTARTS AGE zeroaksdemo-5686444c7c-29x5m 1/1 Running 0 68s zeroaksdemo-5686444c7c-f2z85 1/1 Running 0 68s zeroaksdemo-5686444c7c-mfb65 1/1 Running 0 68s |
리소스 정리
모든 테스트를 수행하고 정상적으로 결과가 검증되었다면, terraform destroy 명령을 시행하여 배포한 리소스를 제거한다.