Feature/gitops

.github/workflows/ecr_push_and_ec2_deploy.yml → .github/workflows/ecr_image_push.yml

@@ -4,6 +4,7 @@ on:
     branches:
       - main
       - dev
+      - feature/gitops
 
 env:
   AWS_REGION: ap-northeast-2     
@@ -35,24 +36,16 @@ jobs:
       id: build-image
       env:
         ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-        IMAGE_TAG: latest      
+        IMAGE_TAG: ${{ github.sha }}      
       run: |
-        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
         docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
         echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
-
-    - name: EC2 server deploy
-      uses: appleboy/ssh-action@master
-      with:
-        host: ${{ secrets.EC2_HOST_IP }}
-        key: ${{ secrets.EC2_SSH_KEY }}
-        username: ${{ secrets.EC2_USER_NAME }}
-        port: ${{ secrets.EC2_PORT }}
-        script: |
-          cd ~/app &&
-          sudo $(aws ecr get-login --no-include-email --region ap-northeast-2) &&
-          sudo docker-compose pull mongle-server &&
-          sudo docker-compose down &&
-          sudo echo 'y' | sudo docker container prune &&
-          sudo docker-compose up -d &&
-          sudo echo 'y' | sudo docker system prune
+
+    - name: Trigger ArgoCD Webhook
+      run: |
+        curl -X POST \
+          -H "Content-Type: application/json" \
+          -d '{"repository": {"clone_url": "'"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY"'"}, "push": {"ref": "'"$GITHUB_REF"'"}}' \
+          ${{ secrets.WEB_HOOK_URL }}

devops/helm/mgmg/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: mgmg
+description: A Helm chart for MGMG application
+type: application
+version: 0.1.0
+appVersion: "1.0.0" 

devops/helm/mgmg/README.md

@@ -0,0 +1,36 @@
+# Mongle Server Helm Chart
+
+## 소개
+이 Helm Chart는 mgmg 애플리케이션을 Kubernetes 클러스터에 배포하기 위한 것입니다.
+
+## 설치 방법
+
+```bash
+# 배포 전 템플릿 확인
+helm template mgmg ./devops/helm/mgmg
+
+# 애플리케이션 배포
+helm install mgmg ./devops/helm/mgmg
+
+# 환경 변수 지정하여 배포
+helm install mgmg ./devops/helm/mgmg --set image.repository=<repository> --set image.tag=<tag>
+```
+
+## 구성 요소
+- Deployment: mgmg 애플리케이션 파드
+- Service: 애플리케이션에 대한 서비스
+- Ingress: 외부 접근을 위한 인그레스 설정
+
+## 변수 설정
+필요한 변수들은 `values.yaml` 파일에서 설정하거나 `--set` 플래그를 사용하여 오버라이드할 수 있습니다.
+
+```bash
+helm install mgmg ./devops/helm/mgmg --values custom-values.yaml
+```
+
+## 주요 변수
+- `replicaCount`: 파드 복제본 수
+- `image.repository`: 도커 이미지 저장소
+- `image.tag`: 도커 이미지 태그
+- `service.port`: 서비스 포트
+- `ingress.hosts`: 인그레스 호스트 설정 

devops/helm/mgmg/templates/NOTES.txt

@@ -0,0 +1,19 @@
+Thank you for installing {{ .Chart.Name }}.
+
+Your release is named {{ .Release.Name }}.
+
+To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get all {{ .Release.Name }}
+
+{{- if .Values.ingress.enabled }}
+The application can be accessed via:
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }}
+{{- end }}
+{{- else }}
+The application can be accessed via port-forwarding:
+  kubectl port-forward svc/{{ include "mgmg.fullname" . }} 8080:{{ .Values.service.port }} -n {{ .Release.Namespace }}
+  Then access: http://localhost:8080
+{{- end }} 

devops/helm/mgmg/templates/_helpers.tpl

@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "mgmg.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "mgmg.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "mgmg.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "mgmg.labels" -}}
+helm.sh/chart: {{ include "mgmg.chart" . }}
+{{ include "mgmg.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "mgmg.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "mgmg.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }} 

devops/helm/mgmg/templates/configmap.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mgmg-env
+  namespace: {{ .Values.namespace | default "default" }} 
+data:
+  .env: |
+    NODE_ENV={{ .Values.config.NODE_ENV }}
+    PORT={{ .Values.config.PORT }}
+    AWS_REGION={{ .Values.config.AWS_REGION }}
+    AWS_IAM_ACCESS_KEY_ID={{ .Values.config.AWS_IAM_ACCESS_KEY_ID }}
+    AWS_IAM_SECRET_ACCESS_KEY={{ .Values.config.AWS_IAM_SECRET_ACCESS_KEY }}

devops/helm/mgmg/templates/deployment.yaml

@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "mgmg.fullname" . }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- include "mgmg.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  strategy:
+  type: RollingUpdate
+  rollingUpdate:
+    maxUnavailable: 0
+    maxSurge: 1
+  selector:
+    matchLabels:
+      {{- include "mgmg.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "mgmg.selectorLabels" . | nindent 8 }}
+    spec:
+      revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      - name: {{ .Chart.Name }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        ports:
+        - containerPort: {{ .Values.service.targetPort }}
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 3000
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 3
+          successThreshold: 1
+
+        env:
+        {{- toYaml .Values.env | nindent 8 }}
+        {{- if .Values.configMap }}
+        volumeMounts:
+        - name: env-config
+          mountPath: {{ .Values.configMap.mountPath }}
+          subPath: .env 
+        {{- end }}
+      {{- if .Values.configMap }}
+      volumes:
+      - name: env-config
+        configMap:
+          name: {{ .Values.configMap.name }}
+      {{- end }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }} 

devops/helm/mgmg/templates/ingress.yaml

@@ -0,0 +1,40 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "mgmg.fullname" . }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- include "mgmg.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.name }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ include "mgmg.fullname" $ }}
+                port:
+                  number: {{ $.Values.service.port }}
+          {{- end }}
+    {{- end }}
+{{- end }} 

devops/helm/mgmg/templates/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "mgmg.fullname" . }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- include "mgmg.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.targetPort }}
+  selector:
+    {{- include "mgmg.selectorLabels" . | nindent 4 }} 

devops/helm/mgmg/values.yaml

@@ -0,0 +1,70 @@
+
+# 복제 수
+replicaCount: 1
+
+# 네임스페이스
+namespace: default
+
+# 이미지
+image:
+  repository: AWS_ACCOUNT_ID.dkr.ecr.ap-northeast-2.amazonaws.com/mgmg
+  tag: latest
+  pullPolicy: Always
+
+# 이미지 풀 시크릿
+imagePullSecrets:
+  - name: ecr-secret
+
+# 레이블 오버라이드
+nameOverride: ""
+fullnameOverride: ""
+
+# 노드 선택
+nodeSelector:
+  node-role.kubernetes.io/worker: "true"
+
+# 서비스
+service:
+  type: ClusterIP
+  port: 80
+  targetPort: 3000
+
+# 인그레스
+ingress:
+  name: traefik
+  enabled: true
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+  hosts:
+    - host: api.mgmg.life
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: cert-wildcard
+      hosts:
+        - api.mgmg.life
+
+env:
+  - name: LOG_LEVEL
+    value: "info"
+  - name: NODE_NAME
+    valueFrom:
+      fieldRef:
+         fieldPath: spec.nodeName
+
+# 환경 변수
+configMap:
+  name: mgmg-env
+  mountPath: /app/config 
+
+config:
+  NODE_ENV: dev
+  PORT: 3000
+  AWS_REGION: ap-northeast-2
+  AWS_IAM_ACCESS_KEY_ID: AWS_IAM_ACCESS_KEY_ID
+  AWS_IAM_SECRET_ACCESS_KEY: AWS_IAM_SECRET_ACCESS_KEY
+
+# 배포 이력 제한
+revisionHistoryLimit: 10

src/app.controller.ts

@@ -1,12 +1,13 @@
 import { Controller, Get } from '@nestjs/common';
 import { AppService } from './app.service';
+import * as process from 'node:process';
 
 @Controller()
 export class AppController {
   constructor(private readonly appService: AppService) {}
 
   @Get()
   getHello(): string {
-    return this.appService.getHello();
+    return `${this.appService.getHello()} (Node: ${process.env.NODE_NAME || '알 수 없음'})`;
   }
 }