CI/CD 1주차 정리

🏗️ 실습 준비

1. 실습 레포지토리 클론

git clone https://github.com/gitops-cookbook/chapters

2. 도커허브 Acess Token 발급

3. 발급된 토큰으로 로그인

docker login -u <id>

# 결과
i Info → A Personal Access Token (PAT) can be used instead.
         To create a PAT, visit https://app.docker.com/settings

Password: <발급된 토큰>

# 결과
WARNING! Your credentials are stored unencrypted in '/home/devshin/.docker/config.json'.
Configure a credential helper to remove this warning. See
https://docs.docker.com/go/credential-store/

Login Succeeded

4. kind 클러스터 생성

kind create cluster --name myk8s --image kindest/node:v1.32.8 --config - <<EOF
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  extraPortMappings:
  - containerPort: 30000
    hostPort: 30000
  - containerPort: 30001
    hostPort: 30001
- role: worker
EOF

✅ 출력

Creating cluster "myk8s" ...
 ✓ Ensuring node image (kindest/node:v1.32.8) 🖼 
 ✓ Preparing nodes 📦 📦  
 ✓ Writing configuration 📜 
 ✓ Starting control-plane 🕹️ 
 ✓ Installing CNI 🔌 
 ✓ Installing StorageClass 💾 
 ✓ Joining worker nodes 🚜 
Set kubectl context to "kind-myk8s"
You can now use your cluster with:

kubectl cluster-info --context kind-myk8s

Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/#community 🙂

5. kind 노드 목록 확인

kind get nodes --name myk8s

✅ 출력

myk8s-control-plane
myk8s-worker

6. 기본 네임스페이스 전환

kubens default

# 결과
✔ Active namespace is "default"

7. 도커 네트워크 목록 확인

docker network ls

✅ 출력

NETWORK ID     NAME      DRIVER    SCOPE
fc329dabc0ef   bridge    bridge    local
bec308f23ee5   host      host      local
1da18f85ffec   kind      bridge    local
225e867f21f9   none      null      local

• kind 전용 브리지 네트워크 생성

8. kind 네트워크 세부 정보 조회

docker inspect kind | jq

✅ 출력

[
  {
    "Name": "kind",
    "Id": "1da18f85ffecfc8a2170a57b9369bf4387586703d6c83f3accf900e9145b7772",
    "Created": "2025-10-18T15:06:51.081819223+09:00",
    "Scope": "local",
    "Driver": "bridge",
    "EnableIPv4": true,
    "EnableIPv6": true,
    "IPAM": {
      "Driver": "default",
      "Options": {},
      "Config": [
        {
          "Subnet": "fc00:f853:ccd:e793::/64"
        },
        {
          "Subnet": "172.18.0.0/16",
          "Gateway": "172.18.0.1"
        }
      ]
    },
    "Internal": false,
    "Attachable": false,
    "Ingress": false,
    "ConfigFrom": {
      "Network": ""
    },
    "ConfigOnly": false,
    "Containers": {
      "1ef7f7ad8535332606690ec5ff56ae72df32c85fbf2c889a5618785e75b5967a": {
        "Name": "myk8s-worker",
        "EndpointID": "865f00e0498a27f4afc48696e63a9928b06a6c3670befefb1b2bac00b5e2867f",
        "MacAddress": "d2:2b:3a:f4:b2:5b",
        "IPv4Address": "172.18.0.2/16",
        "IPv6Address": "fc00:f853:ccd:e793::2/64"
      },
      "e4d4f4c84c020e54ba54045c7f09305982cf660ee483bd23e87c72067b479d95": {
        "Name": "myk8s-control-plane",
        "EndpointID": "b99e31c8649d55aa7d08eb452bb81b13f30b0bf1316919e1ad0e159ecab84585",
        "MacAddress": "3a:68:23:56:48:a5",
        "IPv4Address": "172.18.0.3/16",
        "IPv6Address": "fc00:f853:ccd:e793::3/64"
      }
    },
    "Options": {
      "com.docker.network.bridge.enable_ip_masquerade": "true",
      "com.docker.network.driver.mtu": "1500"
    },
    "Labels": {}
  }
]

• IPv4 서브넷 172.18.0.0/16, 게이트웨이 172.18.0.1
• IPv6 서브넷 fc00:f853:ccd:e793::/64
• 컨테이너 IP: control-plane 172.18.0.3, worker 172.18.0.2

9. Kubernetes 노드 상세 조회

kubectl get node -o wide

✅ 출력

NAME                  STATUS   ROLES           AGE     VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                         KERNEL-VERSION   CONTAINER-RUNTIME
myk8s-control-plane   Ready    control-plane   3m30s   v1.32.8   172.18.0.3    <none>        Debian GNU/Linux 12 (bookworm)   6.17.3-arch2-1   containerd://2.1.3
myk8s-worker          Ready    <none>          3m14s   v1.32.8   172.18.0.2    <none>        Debian GNU/Linux 12 (bookworm)   6.17.3-arch2-1   containerd://2.1.3

10. 도커 컨테이너 목록 확인

docker ps

✅ 출력

CONTAINER ID   IMAGE                  COMMAND                  CREATED         STATUS         PORTS                                                             NAMES
e4d4f4c84c02   kindest/node:v1.32.8   "/usr/local/bin/entr…"   5 minutes ago   Up 5 minutes   0.0.0.0:30000-30001->30000-30001/tcp, 127.0.0.1:35121->6443/tcp   myk8s-control-plane
1ef7f7ad8535   kindest/node:v1.32.8   "/usr/local/bin/entr…"   5 minutes ago   Up 5 minutes                                                                     myk8s-worker

• myk8s-control-plane: 호스트 127.0.0.1:35121 → 컨테이너 6443(API 서버) 포워딩, 호스트 0.0.0.0:30000-30001 → 컨테이너 30000-30001 NodePort 포워딩
• myk8s-worker: 정상 기동(포트 매핑 없음, 내부 네트워킹 참여)

11. 시스템 파드 및 CNI(kindnet) 상태 확인

kubectl get pod -A -o wide

✅ 출력

NAMESPACE            NAME                                          READY   STATUS    RESTARTS   AGE     IP           NODE                  NOMINATED NODE   READINESS GATES
kube-system          coredns-668d6bf9bc-c8nvg                      1/1     Running   0          4m2s    10.244.0.3   myk8s-control-plane   <none>           <none>
kube-system          coredns-668d6bf9bc-x558x                      1/1     Running   0          4m2s    10.244.0.4   myk8s-control-plane   <none>           <none>
kube-system          etcd-myk8s-control-plane                      1/1     Running   0          4m10s   172.18.0.3   myk8s-control-plane   <none>           <none>
kube-system          kindnet-5qv46                                 1/1     Running   0          4m2s    172.18.0.3   myk8s-control-plane   <none>           <none>
kube-system          kindnet-g7mlp                                 1/1     Running   0          3m56s   172.18.0.2   myk8s-worker          <none>           <none>
kube-system          kube-apiserver-myk8s-control-plane            1/1     Running   0          4m10s   172.18.0.3   myk8s-control-plane   <none>           <none>
kube-system          kube-controller-manager-myk8s-control-plane   1/1     Running   0          4m9s    172.18.0.3   myk8s-control-plane   <none>           <none>
kube-system          kube-proxy-c2wvh                              1/1     Running   0          3m56s   172.18.0.2   myk8s-worker          <none>           <none>
kube-system          kube-proxy-sqjsg                              1/1     Running   0          4m2s    172.18.0.3   myk8s-control-plane   <none>           <none>
kube-system          kube-scheduler-myk8s-control-plane            1/1     Running   0          4m10s   172.18.0.3   myk8s-control-plane   <none>           <none>
local-path-storage   local-path-provisioner-7dc846544d-9wnfp       1/1     Running   0          4m2s    10.244.0.2   myk8s-control-plane   <none>   

• kindnet(CNI) 각 노드에 설치/Running

12. 컨트롤 플레인 포트 리스닝 확인

docker exec -it myk8s-control-plane ss -tnlp

✅ 출력

State          Recv-Q         Send-Q                 Local Address:Port                  Peer Address:Port         Process                                           
LISTEN         0              4096                       127.0.0.1:2381                       0.0.0.0:*             users:(("etcd",pid=718,fd=13))                   
LISTEN         0              4096                       127.0.0.1:2379                       0.0.0.0:*             users:(("etcd",pid=718,fd=8))                    
LISTEN         0              4096                       127.0.0.1:45205                      0.0.0.0:*             users:(("containerd",pid=112,fd=11))             
LISTEN         0              4096                      127.0.0.11:33261                      0.0.0.0:*                                                              
LISTEN         0              4096                      172.18.0.3:2380                       0.0.0.0:*             users:(("etcd",pid=718,fd=7))                    
LISTEN         0              4096                      172.18.0.3:2379                       0.0.0.0:*             users:(("etcd",pid=718,fd=9))                    
LISTEN         0              4096                       127.0.0.1:10259                      0.0.0.0:*             users:(("kube-scheduler",pid=561,fd=3))          
LISTEN         0              4096                       127.0.0.1:10257                      0.0.0.0:*             users:(("kube-controller",pid=582,fd=3))         
LISTEN         0              4096                       127.0.0.1:10249                      0.0.0.0:*             users:(("kube-proxy",pid=1016,fd=10))            
LISTEN         0              4096                       127.0.0.1:10248                      0.0.0.0:*             users:(("kubelet",pid=793,fd=8))                 
LISTEN         0              4096                               *:10256                            *:*             users:(("kube-proxy",pid=1016,fd=12))            
LISTEN         0              4096                               *:10250                            *:*             users:(("kubelet",pid=793,fd=22))                
LISTEN         0              4096                               *:6443                             *:*             users:(("kube-apiserver",pid=603,fd=3))

13. 컨트롤 플레인 컨테이너 셸 접속

docker exec -it myk8s-control-plane bash    
root@myk8s-control-plane:/# hostname
myk8s-control-plane

---

📦 도커를 사용한 컨테이너 (이미지) 빌드 : layer , image build / push

1. 로컬 이미지 목록 확인

docker images

✅ 출력

REPOSITORY                        TAG                                                           IMAGE ID       CREATED        SIZE
quay.io/cilium/cilium             v1.17.8                                                       ab0dfe84bb2a   3 weeks ago    794MB
quay.io/cilium/operator-generic   v1.17.8                                                       710ed26a6a26   3 weeks ago    128MB
kindest/node                      v1.32.8                                                       05f8e4e76c17   7 weeks ago    1.04GB
quay.io/cilium/cilium             v1.17.6                                                       40c15f03eb84   3 months ago   819MB
quay.io/cilium/operator-generic   v1.17.6                                                       95a65abe2c97   3 months ago   127MB
quay.io/cilium/cilium-envoy       v1.33.4-1752151664-7c2edb0b44cf95f326d628b837fcdd845102ba68   48bdcd4253db   3 months ago   174MB
nicolaka/netshoot                 latest                                                        0ac86781a84f   3 months ago   594MB

2. 작업 디렉토리 이동

cd chapters/chapters/ch03/python-app

3. Dockerfile 개요

chapters/chapters/ch03/python-app/Dockerfile

FROM registry.access.redhat.com/ubi8/python-39 # 기반 레이어가 되는 이미지  # 참고로 ubi8/python-39 이미지는 25년 11월 만료 예정
ENV PORT 8080
EXPOSE 8080
WORKDIR /usr/src/app

COPY requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt

COPY . .

ENTRYPOINT ["python"] # 컨테이너 내부의 앱 진입점 entrypoint 정의
CMD ["app.py"] # 컨테이너르 시작할 때 사용하는 명령어

4. 레지스트리 변수 지정

MYREGISTRY=docker.io
MYUSER=<내 계정>
MYTOKEN=<발급받은 토큰>

• 푸시 대상 레지스트리/사용자 계정/토큰 변수 설정

5. 컨테이너 이미지 빌드

docker build -f Dockerfile -t $MYREGISTRY/$MYUSER/pythonapp:latest .

✅ 출력

...
Successfully built a8ea70de71df
Successfully tagged shinminjin/pythonapp:latest

6. 빌드 결과 확인

docker images

✅ 출력

REPOSITORY                                  TAG                                                           IMAGE ID       CREATED         SIZE
shinminjin/pythonapp                        latest                                                        a8ea70de71df   2 minutes ago   878MB
registry.access.redhat.com/ubi8/python-39   latest                                                        9a62815cc4ee   3 days ago      874MB
quay.io/cilium/cilium                       v1.17.8                                                       ab0dfe84bb2a   3 weeks ago     794MB
quay.io/cilium/operator-generic             v1.17.8                                                       710ed26a6a26   3 weeks ago     128MB
kindest/node                                v1.32.8                                                       05f8e4e76c17   7 weeks ago     1.04GB
quay.io/cilium/cilium                       v1.17.6                                                       40c15f03eb84   3 months ago    819MB
quay.io/cilium/operator-generic             v1.17.6                                                       95a65abe2c97   3 months ago    127MB
quay.io/cilium/cilium-envoy                 v1.33.4-1752151664-7c2edb0b44cf95f326d628b837fcdd845102ba68   48bdcd4253db   3 months ago    174MB
nicolaka/netshoot                           latest                                                        0ac86781a84f   3 months ago    594MB

• shinminjin/pythonapp:latest 생성
• 베이스 이미지도 로컬에 존재

7. 레이어 구조 확인

docker inspect $MYUSER/pythonapp:latest | jq

✅ 출력

...
    "RootFS": {
      "Type": "layers",
      "Layers": [
        "sha256:efbb01c414da9dbe80503875585172034d618260b0179622a67440af141ada49",
        "sha256:0e770dacd8dd8e0f783addb2f8e2889360ecc1443acc1ca32f03158f8b459b14",
        "sha256:03b1af2d2f1752f587c99bf9afca0a564054b79f46cf22cef211f86f1d4a4497",
        "sha256:ae81327beceb885cbdb2663e2f89e6e55aaa614f5ce2d502f772420d6fe37f2f",
        "sha256:f3254a7dd3384ddbb3c0e625d2468c77b1fd7eeff593a4151f1dcdb7b4585a88",
        "sha256:a94bd60400ee5d1ed6225c7cc8e3ac321c2b07714d8c8b196e01bff9ac1b6250",
        "sha256:b588d060ae71588c819934b2923b3a01aa5bbee6220f105a0aa1b2cfcbda4c3a",
        "sha256:c51214f09723d2a982015329f6403d2f6cd622a43bf63b1b85fbd80d724a252e"
      ]
    },
...
      "Labels": {
        "architecture": "x86_64",
...

• RootFS.layers를 통해 이미지가 여러 레이어로 구성됨을 확인
• 동일한 베이스 레이어는 캐시/중복제거로 재사용됨
• Labels.architecture로 CPU 아키텍처(예: x86_64/amd64) 확인

8. 빌드 히스토리 확인

docker history $MYUSER/pythonapp:latest

✅ 출력

IMAGE          CREATED         CREATED BY                                      SIZE      COMMENT
a8ea70de71df   5 minutes ago   /bin/sh -c #(nop)  CMD ["app.py"]               0B        
b2ad3083a346   5 minutes ago   /bin/sh -c #(nop)  ENTRYPOINT ["python"]        0B        
d585858ececc   5 minutes ago   /bin/sh -c #(nop) COPY dir:8da83ed45573a3f70…   399B      
9364763d41ce   6 minutes ago   /bin/sh -c pip install --no-cache-dir -r req…   4.05MB    
10975489ffe5   6 minutes ago   /bin/sh -c #(nop) COPY file:54785910b54a4aa5…   5B        
2222d1f682e5   6 minutes ago   /bin/sh -c #(nop) WORKDIR /usr/src/app          0B        
10793852df9a   6 minutes ago   /bin/sh -c #(nop)  EXPOSE 8080                  0B        
531e18d75ae0   6 minutes ago   /bin/sh -c #(nop)  ENV PORT=8080                0B        
9a62815cc4ee   3 days ago      /bin/sh -c #(nop) LABEL "architecture"="x86_…   221MB     
...

9. 베이스 이미지 동기화 · 검증

docker pull registry.access.redhat.com/ubi8/python-39:latest

# 결과
latest: Pulling from ubi8/python-39
Digest: sha256:1f8117d04c016fc6c161d4809e0b89f33c31a545a3217573bf1edbca30d105da
Status: Image is up to date for registry.access.redhat.com/ubi8/python-39:latest
registry.access.redhat.com/ubi8/python-39:latest

docker inspect registry.access.redhat.com/ubi8/python-39:latest | jq

✅ 출력

...
    "RootFS": {
      "Type": "layers",
      "Layers": [
        "sha256:efbb01c414da9dbe80503875585172034d618260b0179622a67440af141ada49",
        "sha256:0e770dacd8dd8e0f783addb2f8e2889360ecc1443acc1ca32f03158f8b459b14",
        "sha256:03b1af2d2f1752f587c99bf9afca0a564054b79f46cf22cef211f86f1d4a4497",
        "sha256:ae81327beceb885cbdb2663e2f89e6e55aaa614f5ce2d502f772420d6fe37f2f"
      ]
    },
...

• 베이스 ubi8/python-39:latest 최신 상태 확인 후 레이어 비교
• 베이스의 상위 4개 레이어가 pythonapp 이미지의 하위 4개 레이어와 동일 → 효율적 캐시/전송

10. 레지스트리 푸시

docker push $MYREGISTRY/$MYUSER/pythonapp:latest

# 결과
The push refers to repository [docker.io/shinminjin/pythonapp]
c51214f09723: Pushed 
b588d060ae71: Pushed 
a94bd60400ee: Pushed 
f3254a7dd338: Pushed 
ae81327beceb: Pushed 
03b1af2d2f17: Pushed 
0e770dacd8dd: Pushed 
efbb01c414da: Pushed 
latest: digest: sha256:f56d5b4a97bea885d92a4557b865cbe01c78ec555ad6af1e39999f072457d471 size: 1999

11. 컨테이너 실행

docker run -d --name myweb -p 8080:8080 -it $MYREGISTRY/$MYUSER/pythonapp:latest

# 결과
0527fecad198ef5a5f592c5b11fe7e682e8b90e70cf95e12455a3eb621810693

• 공개 레지스트리의 이미지를 기반으로 컨테이너 실행, 포트 매핑 8080:8080

docker ps

✅ 출력

CONTAINER ID   IMAGE                         COMMAND                  CREATED          STATUS          PORTS                                                             NAMES
0527fecad198   shinminjin/pythonapp:latest   "python app.py"          23 seconds ago   Up 22 seconds   0.0.0.0:8080->8080/tcp, [::]:8080->8080/tcp                       myweb
e4d4f4c84c02   kindest/node:v1.32.8          "/usr/local/bin/entr…"   44 minutes ago   Up 44 minutes   0.0.0.0:30000-30001->30000-30001/tcp, 127.0.0.1:35121->6443/tcp   myk8s-control-plane
1ef7f7ad8535   kindest/node:v1.32.8          "/usr/local/bin/entr…"   44 minutes ago   Up 44 minutes                                                                     myk8s-worker

• 컨테이너 myweb 생성·기동

12. 애플리케이션 응답 확인

curl 127.0.0.1:8080

# 결과
Hello, World! # 앱 정상 동작

13. 컨테이너 로그 확인

docker logs myweb

...
172.17.0.1 - - [18/Oct/2025 06:52:26] "GET / HTTP/1.1" 200 -

14. 다음 실습을 위한 정리

docker rm -f myweb

---

☕ 도커가 필요 없는 Jib을 사용한 컨테이너 빌드

1. 워커 컨테이너 bash 진입

docker exec -it myk8s-worker bash
root@myk8s-worker:/# 

• 워커 컨테이너 내부에서 실습 진행

2. openjdk 설치

root@myk8s-worker:/# apt update
mkdir -p /usr/share/man/man1
apt install perl-modules-5.36 -y
apt install openjdk-17-jdk -y

3. java 버전 확인

root@myk8s-worker:/# java -version

# 결과
openjdk version "17.0.16" 2025-07-15
OpenJDK Runtime Environment (build 17.0.16+8-Debian-1deb12u1)
OpenJDK 64-Bit Server VM (build 17.0.16+8-Debian-1deb12u1, mixed mode, sharing)

4. maven 설치 및 확인

root@myk8s-worker:/# apt install maven -y

root@myk8s-worker:/# mvn -version

Apache Maven 3.8.7
Maven home: /usr/share/maven
Java version: 17.0.16, vendor: Debian, runtime: /usr/lib/jvm/java-17-openjdk-amd64
Default locale: en_US, platform encoding: ANSI_X3.4-1968
OS name: "linux", version: "6.17.3-arch2-1", arch: "amd64", family: "unix"

5. 보조 툴 설치

root@myk8s-worker:/# apt install git tree wget curl jq -y

6. 소스 코드 클론 및 이동

root@myk8s-worker:/# git clone https://github.com/gitops-cookbook/chapters
root@myk8s-worker:/# cd /chapters/chapters/ch03/springboot-app/

7. 빌드 전 구조 스냅샷 생성

root@myk8s-worker:/chapters/chapters/ch03/springboot-app# tree | tee -a before.txt
.
|-- mvnw
|-- mvnw.cmd
|-- pom.xml
`-- src
    |-- main
    |   |-- java
    |   |   `-- com
    |   |       `-- redhat
    |   |           `-- hello
    |   |               |-- Greeting.java
    |   |               |-- GreetingController.java
    |   |               `-- HelloApplication.java
    |   `-- resources
    |       `-- application.properties
    `-- test
        `-- java
            `-- com
                `-- redhat
                    `-- hello
                        `-- HelloApplicationTests.java

13 directories, 8 files

8. Docker 미설치 상태 확인

root@myk8s-worker:/chapters/chapters/ch03/springboot-app# docker info
bash: docker: command not found

9. Jib로 Docker 없이 이미지 빌드·푸시

mvn compile com.google.cloud.tools:jib-maven-plugin:3.4.6:build \
  -Dimage=docker.io/shinminjin/jib-example:latest \
  -Djib.to.auth.username=$MYUSER \
  -Djib.to.auth.password=$MYTOKEN
  
  # MAC 사용자는 아래 내용 추가
  -Djib.from.platforms=linux/arm64

✅ 출력

...
[INFO] Using credentials from <to><auth> for shinminjin/jib-example
[INFO] The base image requires auth. Trying again for eclipse-temurin:11-jre...
[INFO] Using base image with digest: sha256:12e6611e8bdd47af0a12574f69c178745b09998459ccbac2ec2b08e837bce1a7
[INFO] 
[INFO] Container entrypoint set to [java, -cp, @/app/jib-classpath-file, com.redhat.hello.HelloApplication]
[INFO] 
[INFO] Built and pushed image as shinminjin/jib-example
[INFO] Executing tasks:
[INFO] [==============================] 100.0% complete
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  01:00 min
[INFO] Finished at: 2025-10-18T07:13:19Z
[INFO] ------------------------------------------------------------------------

• jib-maven-plugin 사용하여 docker.io/<내 계정>/jib-example:latest로 빌드 및 레지스트리 푸시 수행함

10. 타깃 및 캐시 산출물 확인

root@myk8s-worker:/chapters/chapters/ch03/springboot-app# tree | tee -a after.txt
.
|-- after.txt
|-- before.txt
|-- mvnw
|-- mvnw.cmd
|-- pom.xml
|-- src
|   |-- main
|   |   |-- java
|   |   |   `-- com
|   |   |       `-- redhat
|   |   |           `-- hello
|   |   |               |-- Greeting.java
|   |   |               |-- GreetingController.java
|   |   |               `-- HelloApplication.java
|   |   `-- resources
|   |       `-- application.properties
|   `-- test
|       `-- java
|           `-- com
|               `-- redhat
|                   `-- hello
|                       `-- HelloApplicationTests.java
`-- target
    |-- classes
    |   |-- application.properties
    |   `-- com
    |       `-- redhat
    |           `-- hello
    |               |-- Greeting.class
    |               |-- GreetingController.class
    |               `-- HelloApplication.class
    |-- generated-sources
    |   `-- annotations
    |-- jib-cache
    |   |-- jib-classpath-file
    |   |-- jib-main-class-file
    |   |-- layers
    |   |   |-- 6d6cf0398708e59e5a4e91e9f666d82687b54231c18464f6fa4374c545950561
    |   |   |   `-- 19453caec741a081acf3685cfd1cd9b92b8bb6685a7154c3a154fb5192796338
    |   |   |-- 80179ad604dc1a50d17a7522de854594aadb14ea38cb15e5036b52e9df65d580
    |   |   |   `-- 32aa8a1c89daefa50dd23dc2f178889e2008f5e7f08c380263798f95b8ea23b6
    |   |   |-- d2bcf32f8182a5ac9249f422ea33e6330258546e9795099d154e09f073108a9b
    |   |   |   `-- 12f836f93b6bb6fc700bee8bab11f19b8737647d247545568f2e35d99f74ba65
    |   |   `-- d3589b3a4a640a631770abb1568e2c8fa9af3826b67fc08991e0be6dfdae81f2
    |   |       `-- d0047b3741306dc4c7234a4cc69d9f972160b76ca8cbe2774660913604bfff29
    |   |-- selectors
    |   |   |-- 2d6ea2f6fbf63f3caf2c2aa164e4999faaab096183f439e555bd9ee453bf3684
    |   |   |-- d6b95711ce792518c4e1db29232a7b6a2075f15379d19d59c5b1a93e7afab012
    |   |   |-- d9dae33b6c627d451afcf9280630f3458966d13158bffc9892411eaa1ab6802c
    |   |   `-- f0e4752dd04821b9490d0bb8330b3a716ae229a80262f93c816d6545ab65bc24
    |   `-- tmp
    |-- jib-image.digest
    |-- jib-image.id
    |-- jib-image.json
    `-- maven-status
        `-- maven-compiler-plugin
            `-- compile
                `-- default-compile
                    |-- createdFiles.lst
                    `-- inputFiles.lst

32 directories, 29 files

• target/ 디렉터리 생성 및 jib-cache, jib-image.* 파일 생성 확인

11. 컨테이너 셸 종료

root@myk8s-worker:/chapters/chapters/ch03/springboot-app# exit

12. Jib로 푸시한 이미지로 컨테이너 실행

docker run -d --name myweb2 -p 8080:8080 -it docker.io/$MYUSER/jib-example

# 결과
Unable to find image 'shinminjin/jib-example:latest' locally
latest: Pulling from shinminjin/jib-example
4b3ffd8ccb52: Pull complete 
0b2668578c63: Pull complete 
0b04dbdb2b3f: Pull complete 
fd4132a90b04: Pull complete 
43cbcd26df05: Pull complete 
80179ad604dc: Pull complete 
6d6cf0398708: Pull complete 
d2bcf32f8182: Pull complete 
d3589b3a4a64: Pull complete 
Digest: sha256:63b47bedc99cb91c3e690d4942f4608045534078b992c04374f4cde40601ae9a
Status: Downloaded newer image for shinminjin/jib-example:latest
9b96595492a1a15bfbdf9001495426340c2e702fa354f7e0ed85c0076dcbb0dd

13. 컨테이너 상태 확인

docker ps

✅ 출력

CONTAINER ID   IMAGE                    COMMAND                  CREATED             STATUS             PORTS                                                             NAMES
9b96595492a1   shinminjin/jib-example   "java -cp @/app/jib-…"   28 seconds ago      Up 27 seconds      0.0.0.0:8080->8080/tcp, [::]:8080->8080/tcp                       myweb2
e4d4f4c84c02   kindest/node:v1.32.8     "/usr/local/bin/entr…"   About an hour ago   Up About an hour   0.0.0.0:30000-30001->30000-30001/tcp, 127.0.0.1:35121->6443/tcp   myk8s-control-plane
1ef7f7ad8535   kindest/node:v1.32.8     "/usr/local/bin/entr…"   About an hour ago   Up About an hour                                                                     myk8s-worker

• 컨테이너 myweb2 Up 상태 확인

14. API 호출 동작 확인

curl -s 127.0.0.1:8080/hello | jq

✅ 출력

{
  "id": 1,
  "content": "Hello, World!"
}

15. 로컬 이미지 목록 확인

docker images

✅ 출력

REPOSITORY                                  TAG                                                           IMAGE ID       CREATED          SIZE
shinminjin/pythonapp                        latest                                                        a8ea70de71df   48 minutes ago   878MB
registry.access.redhat.com/ubi8/python-39   latest                                                        9a62815cc4ee   3 days ago       874MB
quay.io/cilium/cilium                       v1.17.8                                                       ab0dfe84bb2a   3 weeks ago      794MB
quay.io/cilium/operator-generic             v1.17.8                                                       710ed26a6a26   3 weeks ago      128MB
kindest/node                                v1.32.8                                                       05f8e4e76c17   7 weeks ago      1.04GB
quay.io/cilium/cilium                       v1.17.6                                                       40c15f03eb84   3 months ago     819MB
quay.io/cilium/operator-generic             v1.17.6                                                       95a65abe2c97   3 months ago     127MB
quay.io/cilium/cilium-envoy                 v1.33.4-1752151664-7c2edb0b44cf95f326d628b837fcdd845102ba68   48bdcd4253db   3 months ago     174MB
nicolaka/netshoot                           latest                                                        0ac86781a84f   3 months ago     594MB
shinminjin/jib-example                      latest                                                        2574b2ca2237   55 years ago     281MB

• shinminjin/jib-example:latest 생성 확인함

16. 아키텍처 확인

docker inspect $MYUSER/jib-example | jq

✅ 출력

...
    "Architecture": "amd64",
...

• Mac/ARM 환경에서 빌드 시 arm64로 출력

17. 다음 실습을 위한 정리

docker rm -f myweb2

---

📝 빌다 Buildah (+Podman) 를 사용한 컨테이너 빌드

• 빌다는 데몬이 필요 없는 솔루션으로, 도커 소켓을 마운트하지 않고도 컨테이너 안에 이미지를 생성할 수 있다.
• https://www.redhat.com/ko/topics/containers/what-is-buildah
• https://buildah.io/

1. 컨트롤 플레인 셸 진입

docker exec -it myk8s-control-plane bash
root@myk8s-control-plane:/# 

2. Podman 설치 및 초기 상태 확인

root@myk8s-control-plane:/# apt update
mkdir -p /usr/share/man/man1
apt install podman -y

root@myk8s-control-plane:/# podman images
podman ps

✅ 출력

REPOSITORY  TAG         IMAGE ID    CREATED     SIZE

CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES

• podman images, podman ps 결과 비어 있음

3. Buildah 사용 가능 여부 점검

root@myk8s-control-plane:/# buildah images
buildah containers

✅ 출력

REPOSITORY   TAG   IMAGE ID   CREATED   SIZE

CONTAINER ID  BUILDER  IMAGE ID     IMAGE NAME                       CONTAINER NAME

• Podman 설치 시 Buildah 동반 설치됨
• buildah images, buildah containers 모두 비어 있음

4. 베이스 이미지 준비(도커 데몬 없이)

root@myk8s-control-plane:/# buildah from --arch amd64 quay.io/centos/centos:latest
# macOS: buildah from --arch arm64 quay.io/centos/centos:latest

# 결과
Trying to pull quay.io/centos/centos:latest...
Getting image source signatures
Copying blob bf573055768d done  
Copying config 4fbde73dcc done  
Writing manifest to image destination
Storing signatures
centos-working-container

5. Buildah는 “빌드 전용” 도구임을 확인

root@myk8s-control-plane:/# podman ps -a

CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES

• Buildah는 이미지를 만들고 조작하지만 컨테이너 실행은 하지 않음

6. 이미지 존재 확인

root@myk8s-control-plane:/# buildah images

REPOSITORY              TAG      IMAGE ID       CREATED      SIZE
quay.io/centos/centos   latest   4fbde73dcc66   4 days ago   316 MB

root@myk8s-control-plane:/# podman images

REPOSITORY             TAG         IMAGE ID      CREATED     SIZE
quay.io/centos/centos  latest      4fbde73dcc66  4 days ago  316 MB

• quay.io/centos/centos:latest 확인

7. 빌드(전용) 컨테이너 상태 확인

root@myk8s-control-plane:/# buildah containers

✅ 출력

CONTAINER ID  BUILDER  IMAGE ID     IMAGE NAME                       CONTAINER NAME
7650deaf4203     *     4fbde73dcc66 quay.io/centos/centos:latest     centos-working-container

• BUILDER * (실행 상태가 아님)

8. 패키지 설치로 레이어 생성

root@myk8s-control-plane:/# buildah run centos-working-container yum install httpd -y

# 결과
...
Installed:
  apr-1.7.5-3.el10.x86_64                         apr-util-1.6.3-21.el10.x86_64                    apr-util-lmdb-1.6.3-21.el10.x86_64          
  apr-util-openssl-1.6.3-21.el10.x86_64           centos-logos-httpd-100.2-3.el10.noarch           httpd-2.4.63-5.el10.x86_64                  
  httpd-core-2.4.63-5.el10.x86_64                 httpd-filesystem-2.4.63-5.el10.noarch            httpd-tools-2.4.63-5.el10.x86_64            
  libbrotli-1.1.0-6.el10.x86_64                   lmdb-libs-0.9.32-4.el10.x86_64                   mailcap-2.1.54-8.el10.noarch                
  mod_http2-2.0.29-3.el10.x86_64                  mod_lua-2.4.63-5.el10.x86_64                    

Complete!

9. 정적 파일 추가

(1) index.html 파일 생성

root@myk8s-control-plane:/# cat << EOF > index.html
<html>
    <head>
        <title>Cloudneta CICD Study</title>
    </head>
    <body>
        <h1>Hello, World!</h1>
    </body>
</html>
EOF

(2) 새 레이어에 파일 추가

root@myk8s-control-plane:/# buildah copy centos-working-container index.html /var/www/html/index.html

# 결과
8440a1923c28a8191233d25ccf21579a7a5131276655466471d6a22ce4962a79

10. 엔트리포인트 설정

root@myk8s-control-plane:/# buildah config --entrypoint "/usr/sbin/httpd -DFOREGROUND" centos-working-container

# 결과
WARN[0000] cmd "/bin/bash" exists but will be ignored because of entrypoint settings

11. 이미지 커밋 및 태깅

root@myk8s-control-plane:/# buildah commit centos-working-container docker.io/$MYUSER/gitops-website

# 결과
Getting image source signatures
Copying blob 288e9c66457d skipped: already exists  
Copying blob 957e9335c924 done  
Copying config 938fa8386a done  
Writing manifest to image destination
Storing signatures
938fa8386a92e68b8dd10ccdccaa3e5fb1fcaba96e7b79a9246e4c3a6b4ac888

root@myk8s-control-plane:/# podman ps -a

CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES

• 현재 기동된 건 없음

root@myk8s-control-plane:/# buildah images && podman images

REPOSITORY                            TAG      IMAGE ID       CREATED          SIZE
docker.io/shinminjin/gitops-website   latest   938fa8386a92   22 seconds ago   361 MB
quay.io/centos/centos                 latest   4fbde73dcc66   4 days ago       316 MB

REPOSITORY                           TAG         IMAGE ID      CREATED         SIZE
docker.io/shinminjin/gitops-website  latest      938fa8386a92  23 seconds ago  361 MB
quay.io/centos/centos                latest      4fbde73dcc66  4 days ago      316 MB

• 생성된 이미지 확인

12. 메타데이터 확인

root@myk8s-control-plane:/# podman inspect docker.io/$MYUSER/gitops-website | jq

[
  {
    "Id": "938fa8386a92e68b8dd10ccdccaa3e5fb1fcaba96e7b79a9246e4c3a6b4ac888",
    "Digest": "sha256:45bd7216a3e5a7045d58276ddce67691564ae924e041c972647c4535dd3b62da",
    "RepoTags": [
      "docker.io/shinminjin/gitops-website:latest"
    ],
    "RepoDigests": [
      "docker.io/shinminjin/gitops-website@sha256:45bd7216a3e5a7045d58276ddce67691564ae924e041c972647c4535dd3b62da"
    ],
    "Parent": "4fbde73dcc66c4096cdf69b4501944bb10b8cc122f8e6697f6008e79a0ec0a78",
    "Comment": "",
    "Created": "2025-10-18T08:24:45.893945154Z",
    "Config": {
      "Env": [
        "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
      ],
      "Entrypoint": [
        "/bin/sh",
        "-c",
        "/usr/sbin/httpd -DFOREGROUND"
      ],
      "Cmd": [
        "/bin/bash"
      ],
      "Labels": {
        "io.buildah.version": "1.28.2",
        "org.label-schema.build-date": "20251014",
        "org.label-schema.license": "GPLv2",
        "org.label-schema.name": "CentOS Stream 10 Base Image",
        "org.label-schema.schema-version": "1.0",
        "org.label-schema.vendor": "CentOS"
      }
    },
    "Version": "",
    "Author": "",
    "Architecture": "amd64",
    "Os": "linux",
    "Size": 361206115,
    "VirtualSize": 361206115,
    "GraphDriver": {
      "Name": "overlay",
      "Data": {
        "LowerDir": "/var/lib/containers/storage/overlay/288e9c66457def91d1c4b833c1d7c27b74e5ee668d9c2693b7a524eacdb6f6bd/diff",
        "UpperDir": "/var/lib/containers/storage/overlay/7525618a6d8f819d17933fe4343c39d4dc5d583992db20e01dbb8496744b3500/diff",
        "WorkDir": "/var/lib/containers/storage/overlay/7525618a6d8f819d17933fe4343c39d4dc5d583992db20e01dbb8496744b3500/work"
      }
    },
    "RootFS": {
      "Type": "layers",
      "Layers": [
        "sha256:288e9c66457def91d1c4b833c1d7c27b74e5ee668d9c2693b7a524eacdb6f6bd",
        "sha256:957e9335c924e02b42c4233231d0b6b57f9afa9636797393a6371a487a1674c9"
      ]
    },
    "Labels": {
      "io.buildah.version": "1.28.2",
      "org.label-schema.build-date": "20251014",
      "org.label-schema.license": "GPLv2",
      "org.label-schema.name": "CentOS Stream 10 Base Image",
      "org.label-schema.schema-version": "1.0",
      "org.label-schema.vendor": "CentOS"
    },
    "Annotations": {
      "org.opencontainers.image.base.digest": "sha256:caff14a3c4a998010ebbac7a6043a51099d01bdef4cc5440adb65ed394af651c",
      "org.opencontainers.image.base.name": "quay.io/centos/centos:latest"
    },
    "ManifestType": "application/vnd.oci.image.manifest.v1+json",
    "User": "",
    "History": [
      {
        "created": "2025-10-14T05:03:24.931468502Z",
        "created_by": "/bin/sh -c #(nop) ADD file:3759e74e60f67ef6a1280cb05dc9a36d058c801452e4f32e1c8238bfdc60ccd8 in / ",
        "empty_layer": true
      },
      {
        "created": "2025-10-14T05:03:24.931531936Z",
        "created_by": "/bin/sh -c #(nop) LABEL org.label-schema.schema-version=\"1.0\"     org.label-schema.name=\"CentOS Stream 10 Base Image\"     org.label-schema.vendor=\"CentOS\"     org.label-schema.license=\"GPLv2\"     org.label-schema.build-date=\"20251014\"",
        "empty_layer": true
      },
      {
        "created": "2025-10-14T05:03:27.441354994Z",
        "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]"
      },
      {
        "created": "2025-10-18T08:24:46.346083851Z",
        "created_by": "/bin/sh",
        "comment": "FROM quay.io/centos/centos:latest"
      }
    ],
    "NamesHistory": [
      "docker.io/shinminjin/gitops-website:latest"
    ]
  }
]

13. Podman으로 컨테이너 실행

root@myk8s-control-plane:/# podman run --runtime /usr/local/sbin/runc -d --name myweb -p 8080:80 -it docker.io/$MYUSER/gitops-website

# 결과
ae4ffb535484069fd069b317b18a107c8a6a87048c576e867bb0d32d18599f59

root@myk8s-control-plane:/# podman ps

CONTAINER ID  IMAGE                                       COMMAND     CREATED         STATUS             PORTS                 NAMES
ae4ffb535484  docker.io/shinminjin/gitops-website:latest  /bin/bash   14 seconds ago  Up 14 seconds ago  0.0.0.0:8080->80/tcp  myweb

• 포트 매핑 0.0.0.0:8080->80/tcp 확인

14. 동작 검증

root@myk8s-control-plane:/# curl -s 127.0.0.1:8080

<html>
    <head>
        <title>Cloudneta CICD Study</title>
    </head>
    <body>
        <h1>Hello, World!</h1>
    </body>
</html>

• index.html 내용 확인

15. 컨테이너 런타임 구분 주의

root@myk8s-control-plane:/# crictl images

IMAGE                                           TAG                  IMAGE ID            SIZE
docker.io/kindest/kindnetd                      v20250512-df8de77b   409467f978b4a       44.4MB
docker.io/kindest/local-path-helper             v20241212-8ac705d0   baa0d31514ee5       3.08MB
docker.io/kindest/local-path-provisioner        v20250214-acbabc1a   bbb6209cc873b       22.5MB
registry.k8s.io/coredns/coredns                 v1.11.3              c69fa2e9cbf5f       18.6MB
registry.k8s.io/etcd                            3.5.16-0             a9e7e6b294baf       57.7MB
registry.k8s.io/kube-apiserver-amd64            v1.32.8              0d4edaa48e2f9       98.1MB
registry.k8s.io/kube-apiserver                  v1.32.8              0d4edaa48e2f9       98.1MB
registry.k8s.io/kube-controller-manager-amd64   v1.32.8              b248d0b0c74ad       90.8MB
registry.k8s.io/kube-controller-manager         v1.32.8              b248d0b0c74ad       90.8MB
registry.k8s.io/kube-proxy-amd64                v1.32.8              d7b94972d43c5       95.3MB
registry.k8s.io/kube-proxy                      v1.32.8              d7b94972d43c5       95.3MB
registry.k8s.io/kube-scheduler-amd64            v1.32.8              2ac266f06c9a5       70.7MB
registry.k8s.io/kube-scheduler                  v1.32.8              2ac266f06c9a5       70.7MB
registry.k8s.io/pause                           3.10                 873ed75102791       320kB

• crictl images에는 보이지 않음
• 이유는 kind 노드가 containerd를 K8s 런타임으로 사용하고, Podman/Buildah는 별도의 스토리지를 사용하기 때문임

16. 다음 실습을 위한 정리

root@myk8s-control-plane:/# podman rm -f myweb
root@myk8s-control-plane:/# podman ps
CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES

---

🧾 Dockerfile로 Buildah 이미지 빌드

1. Dockerfile 작성

root@myk8s-control-plane:/# cat << EOF > Dockerfile
FROM centos:latest
RUN yum -y install httpd
COPY index.html /var/www/html/index.html
EXPOSE 80
CMD ["/usr/sbin/httpd", "-DFOREGROUND"]
EOF

2. Buildah로 이미지 빌드

root@myk8s-control-plane:/# buildah build -f Dockerfile -t docker.io/shinminjin/gitops-website

# 결과
...
Successfully tagged docker.io/shinminjin/gitops-website:latest
608d6d7411053434a23414231b8bbe89365a4c593e33b1bb4f26a6d14f43ff57

3. 빌드 산출물 확인

root@myk8s-control-plane:/# buildah ps

CONTAINER ID  BUILDER  IMAGE ID     IMAGE NAME                       CONTAINER NAME
7650deaf4203     *     4fbde73dcc66 quay.io/centos/centos:latest     centos-working-container

4. 레지스트리 로그인

root@myk8s-control-plane:/# buildah login --username $MYUSER docker.io

# 결과 
Password: $MYTOKEN
Login Succeeded!

5. 이미지 푸시

root@myk8s-control-plane:/# buildah push <imageID> docker.io/$MYUSER/gitops-website

# 결과
Getting image source signatures
Copying blob 288e9c66457d done  
Copying config 4fbde73dcc done  
Writing manifest to image destination
Storing signatures

---

🧰 빌드팩(Buildpacks)으로 컨테이너 빌드

• https://buildpacks.io/
• https://buildpacks.io/docs/

1. 빌드팩 설치 (Arch Linux)

• https://buildpacks.io/docs/for-platform-operators/how-to/integrate-ci/pack/

(1) pack-cli 설치

sudo pacman -S pack-cli

(2) which pack 입력 시, 찾을 수 없다는 결과 나옴

which pack

# 결과
pack not found

(3) 실행 파일 경로 정리

sudo pacman -Ql pack-cli | grep /usr/bin/pack

# 결과
pack-cli /usr/bin/pack-cli

• 패키지 바이너리명이 /usr/bin/pack-cli

sudo ln -s /usr/bin/pack-cli /usr/bin/pack

• pack 이름으로 링크 생성

which pack

# 결과
/usr/bin/pack

(4) .zshrc에 자동완성(fpath) 설정 추가

grep -qxF 'fpath=("$HOME/.zsh/completions" $fpath)' ~/.zshrc || \
  printf '%s\n' 'fpath=("$HOME/.zsh/completions" $fpath)' >> ~/.zshrc

# compinit 보장
grep -q 'autoload -Uz compinit' ~/.zshrc || \
  printf '%s\n' 'autoload -Uz compinit' >> ~/.zshrc
grep -q '^compinit' ~/.zshrc || \
  printf '%s\n' 'compinit' >> ~/.zshrc

(5) 적용

source ~/.zshrc

2. 샘플 앱 디렉터리 이동

cd chapters/chapters/ch03/nodejs-app/
tree

├── package.json
├── package-lock.json
└── server.js

3. 추천 Builder 목록 확인

pack builder suggest

✅ 출력

Suggested builders:
	Google:                gcr.io/buildpacks/builder:google-22                     Ubuntu 22.04 base image with buildpacks for .NET, Dart, Go, Java, Node.js, PHP, Python, and Ruby                                                                 
	Heroku:                heroku/builder:24                                       Ubuntu 24.04 AMD64+ARM64 base image with buildpacks for .NET, Go, Java, Node.js, PHP, Python, Ruby & Scala.                                                      
	Paketo Buildpacks:     paketobuildpacks/builder-jammy-base                     Ubuntu 22.04 Jammy Jellyfish base image with buildpacks for Java, Go, .NET Core, Node.js, Python, Apache HTTPD, NGINX and Procfile                               
	Paketo Buildpacks:     paketobuildpacks/builder-jammy-buildpackless-static     Static base image (Ubuntu Jammy Jellyfish build image, distroless-like run image) with no buildpacks included. To use, specify buildpacks at build time.         
	Paketo Buildpacks:     paketobuildpacks/builder-jammy-full                     Ubuntu 22.04 Jammy Jellyfish full image with buildpacks for Apache HTTPD, Go, Java, Java Native Image, .NET, NGINX, Node.js, PHP, Procfile, Python, and Ruby     
	Paketo Buildpacks:     paketobuildpacks/builder-jammy-tiny                     Tiny base image (Ubuntu Jammy Jellyfish build image, distroless-like run image) with buildpacks for Java, Java Native Image and Go                               
	Paketo Buildpacks:     paketobuildpacks/builder-ubi8-base                      Ubi 8 base builder with buildpacks for Node.js, Java, Quarkus and Procfile                                                                                       

Tip: Learn more about a specific builder with:
	pack builder inspect <builder-image>

4. 빌드 전 로컬 이미지 상태 확인

docker images

✅ 출력

REPOSITORY                                  TAG                                                           IMAGE ID       CREATED        SIZE
shinminjin/pythonapp                        latest                                                        a8ea70de71df   6 hours ago    878MB
registry.access.redhat.com/ubi8/python-39   latest                                                        9a62815cc4ee   3 days ago     874MB
quay.io/cilium/cilium                       v1.17.8                                                       ab0dfe84bb2a   3 weeks ago    794MB
quay.io/cilium/operator-generic             v1.17.8                                                       710ed26a6a26   3 weeks ago    128MB
kindest/node                                v1.32.8                                                       05f8e4e76c17   7 weeks ago    1.04GB
quay.io/cilium/cilium                       v1.17.6                                                       40c15f03eb84   3 months ago   819MB
quay.io/cilium/operator-generic             v1.17.6                                                       95a65abe2c97   3 months ago   127MB
quay.io/cilium/cilium-envoy                 v1.33.4-1752151664-7c2edb0b44cf95f326d628b837fcdd845102ba68   48bdcd4253db   3 months ago   174MB
nicolaka/netshoot                           latest                                                        0ac86781a84f   3 months ago   594MB
shinminjin/jib-example                      latest                                                        2574b2ca2237   55 years ago   281MB

5. Buildpacks로 이미지 빌드

pack build nodejs-app --builder paketobuildpacks/builder-jammy-base
# macOS일 경우: heroku/builder:24

# 결과
...
Successfully built image nodejs-app

• Dockerfile 없이 빌더를 지정해 애플리케이션 이미지를 생성

6. 빌드 후 이미지 확인

docker images

✅ 출력

REPOSITORY                                  TAG                                                           IMAGE ID       CREATED        SIZE
shinminjin/pythonapp                        latest                                                        a8ea70de71df   6 hours ago    878MB
paketobuildpacks/run-jammy-base             latest                                                        63ae3d417547   33 hours ago   110MB
registry.access.redhat.com/ubi8/python-39   latest                                                        9a62815cc4ee   3 days ago     874MB
quay.io/cilium/cilium                       v1.17.8                                                       ab0dfe84bb2a   3 weeks ago    794MB
quay.io/cilium/operator-generic             v1.17.8                                                       710ed26a6a26   3 weeks ago    128MB
kindest/node                                v1.32.8                                                       05f8e4e76c17   7 weeks ago    1.04GB
quay.io/cilium/cilium                       v1.17.6                                                       40c15f03eb84   3 months ago   819MB
quay.io/cilium/operator-generic             v1.17.6                                                       95a65abe2c97   3 months ago   127MB
quay.io/cilium/cilium-envoy                 v1.33.4-1752151664-7c2edb0b44cf95f326d628b837fcdd845102ba68   48bdcd4253db   3 months ago   174MB
nicolaka/netshoot                           latest                                                        0ac86781a84f   3 months ago   594MB
paketobuildpacks/builder-jammy-base         latest                                                        2e24e4fa6193   45 years ago   2.65GB
nodejs-app                                  latest                                                        6b36b0446f4e   45 years ago   374MB
shinminjin/jib-example                      latest                                                        2574b2ca2237   55 years ago   281MB

• paketobuildpacks/builder-jammy-base(builder)
• paketobuildpacks/run-jammy-base(run) + nodejs-app:latest가 로컬에 존재

7. 컨테이너 기동(런타임 검증)

docker run -d --name myapp --rm -p 3000:3000 nodejs-app

# 결과
ca05981571cc349b28eed15e43537851b116fa4646c0ccf387717e015c126c05

docker ps

✅ 출력

CONTAINER ID   IMAGE                  COMMAND                  CREATED          STATUS          PORTS                                                             NAMES
ca05981571cc   nodejs-app             "/cnb/process/web"       24 seconds ago   Up 23 seconds   0.0.0.0:3000->3000/tcp, [::]:3000->3000/tcp                       myapp
e4d4f4c84c02   kindest/node:v1.32.8   "/usr/local/bin/entr…"   7 hours ago      Up 7 hours      0.0.0.0:30000-30001->30000-30001/tcp, 127.0.0.1:35121->6443/tcp   myk8s-control-plane
1ef7f7ad8535   kindest/node:v1.32.8   "/usr/local/bin/entr…"   7 hours ago      Up 7 hours                                                                        myk8s-worker

8. 애플리케이션 응답 확인

curl -s 127.0.0.1:3000

# 결과
Hello Buildpacks!

9. 다음 실습을 위한 정리

docker rm -f myapp

---

🐚 Shipwrite와 kaniko or Buildah를 사용한 쿠버네티스 기반 컨테이너 빌드

1. Tekton 파이프라인 설치

• https://shipwright.io/docs/introduction/

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.70.0/release.yaml

2. Tekton CRD 확인

kubectl get crd

✅ 출력

NAME                                       CREATED AT
clustertasks.tekton.dev                    2025-10-18T12:48:30Z
customruns.tekton.dev                      2025-10-18T12:48:30Z
pipelineruns.tekton.dev                    2025-10-18T12:48:30Z
pipelines.tekton.dev                       2025-10-18T12:48:30Z
resolutionrequests.resolution.tekton.dev   2025-10-18T12:48:30Z
stepactions.tekton.dev                     2025-10-18T12:48:30Z
taskruns.tekton.dev                        2025-10-18T12:48:31Z
tasks.tekton.dev                           2025-10-18T12:48:30Z
verificationpolicies.tekton.dev            2025-10-18T12:48:31Z

• tasks.tekton.dev, pipelineruns.tekton.dev 등 다수 CRD 확인

3. Shipwright Builds 설치

• https://shipwright.io/docs/getting-started/installation/

kubectl apply -f https://github.com/shipwright-io/build/releases/download/v0.11.0/release.yaml

4. Shipwright CRD 확인

kubectl get crd | grep shipwright

✅ 출력

buildruns.shipwright.io                    2025-10-18T12:50:47Z
builds.shipwright.io                       2025-10-18T12:50:47Z
buildstrategies.shipwright.io              2025-10-18T12:50:47Z
clusterbuildstrategies.shipwright.io       2025-10-18T12:50:47Z

5. Build 리소스 스키마 조회

kubectl explain builds.shipwright.io

✅ 출력

GROUP:      shipwright.io
KIND:       Build
VERSION:    v1alpha1

DESCRIPTION:
    Build is the Schema representing a Build definition
    
FIELDS:
  apiVersion	<string>
    APIVersion defines the versioned schema of this representation of an object.
    Servers should convert recognized schemas to the latest internal value, and
    may reject unrecognized values. More info:
    https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

  kind	<string>
    Kind is a string value representing the REST resource this object
    represents. Servers may infer this from the endpoint the client submits
    requests to. Cannot be updated. In CamelCase. More info:
    https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

  metadata	<ObjectMeta>
    Standard object's metadata. More info:
    https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

  spec	<Object> -required-
    BuildSpec defines the desired state of Build

  status	<Object>
    BuildStatus defines the observed state of Build 
     NOTICE: This is deprecated and will be removed in a future release.

• spec.source, spec.strategy, spec.output 등 필수 필드 확인

6. Shipwright 컨트롤러 동작 확인

kubectl get all -n shipwright-build

✅ 출력

NAME                                               READY   STATUS    RESTARTS   AGE
pod/shipwright-build-controller-86f455d89b-krms7   1/1     Running   0          2m11s

NAME                                          READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/shipwright-build-controller   1/1     1            1           2m11s

NAME                                                     DESIRED   CURRENT   READY   AGE
replicaset.apps/shipwright-build-controller-86f455d89b   1         1         1       2m11s

7. 빌드 전략 설치

kubectl apply -f https://github.com/shipwright-io/build/releases/download/v0.11.0/sample-strategies.yaml

8. 빌드 전략 목록 확인

kubectl get clusterbuildstrategy

✅ 출력

NAME                     AGE
buildah                  77s
buildkit                 77s
buildpacks-v3            77s
buildpacks-v3-heroku     77s
kaniko                   77s
kaniko-trivy             77s
ko                       77s
source-to-image          77s
source-to-image-redhat   77s

9. 특정 전략 세부 확인

kubectl get clusterbuildstrategy buildah -o yaml

...
    image: quay.io/containers/buildah:v1.27.0
    name: build-and-push
...

kubectl get clusterbuildstrategy buildkit -o yaml
...
    image: moby/buildkit:nightly-rootless
...

• buildah는 quay.io/containers/buildah, buildkit은 moby/buildkit 사용

10. 레지스트리 자격 변수 지정

• https://shipwright.io/docs/build/authentication/#docker-hub

REGISTRY_SERVER=https://index.docker.io/v1/ # or quay.io
REGISTRY_USER=<your_registry_user>
REGISTRY_PASSWORD=<your_registry_password>
EMAIL=<your_email>

11. 푸시용 시크릿 생성

kubectl create secret docker-registry push-secret \
--docker-server=$REGISTRY_SERVER \
--docker-username=$REGISTRY_USER \
--docker-password=$REGISTRY_PASSWORD \
--docker-email=$EMAIL

# 결과
secret/push-secret created

kubectl get secret

NAME          TYPE                             DATA   AGE
push-secret   kubernetes.io/dockerconfigjson   1      27s

12. Build 리소스 생성

cat <<EOF | kubectl apply -f -
apiVersion: shipwright.io/v1alpha1
kind: Build
metadata:
  name: kaniko-golang-build
  annotations:
    build.shipwright.io/build-run-deletion: "true"   # 빌드 완료 후 BuildRun 삭제
spec:
  source:
    url: https://github.com/shipwright-io/sample-go  # 소스 코드를 가져올 저장소
    contextDir: docker-build                         # 소스 코드가 있는 디렉터리
  strategy:
    name: kaniko                                     # 빌드에 사용할 ClusterBuildStrategy 이름
    kind: ClusterBuildStrategy
  dockerfile: Dockerfile
  output:
    image: docker.io/$REGISTRY_USER/sample-golang:latest # 결과 이미지를 저장할 장소
    credentials:
      name: push-secret                              # 레지스트리에 인증하고 이미지를 푸시하는 데 사용할 시크릿 이름  
EOF

# 결과
build.shipwright.io/kaniko-golang-build created

13. Build 생성 결과 확인

kubectl get builds kaniko-golang-build -o yaml

✅ 출력

...
spec:
  dockerfile: Dockerfile
  output:
    credentials:
      name: push-secret
    image: docker.io/shinminjin/sample-golang:latest
  source:
    contextDir: docker-build
    url: https://github.com/shipwright-io/sample-go
  strategy:
    kind: ClusterBuildStrategy
    name: kaniko
...

kubectl get builds  

✅ 출력

NAME                  REGISTERED   REASON      BUILDSTRATEGYKIND      BUILDSTRATEGYNAME   CREATIONTIME
kaniko-golang-build   True         Succeeded   ClusterBuildStrategy   kaniko              2m10s

• REGISTERED=True, REASON=Succeeded 확인

14. 빌드 파드 모니터링 준비 (신규터미널)

kubectl get pod -n default -w

15. BuildRun 매니페스트 작성

cat << EOF > buildrun-go.yaml
apiVersion: shipwright.io/v1alpha1
kind: BuildRun
metadata:
  generateName: kaniko-golang-buildrun-
spec:
  buildRef:
    name: kaniko-golang-build
EOF

16. BuildRun 실행

kubectl create -f buildrun-go.yaml

• 소스 클론 → Dockerfile 기반 kaniko 빌드 → 레지스트리 푸시 수행
• 완료까지 대략 1분 정도 소요

17. 로그 · 상태 모니터링

k9s -> pod -> l (옵션 f, w, t)

✅ 출력

18. 빌드 파드 이미지/스텝 확인

kubectl describe pod -l clusterbuildstrategy.shipwright.io/name=kaniko | grep 'Image:' -B2

✅ 출력

  prepare:
    Container ID:  containerd://34ce5e58a1c51b9663dc6e343805e65f8f0f30c4108c43e7c66765eb6bb5471d
    Image:         ghcr.io/tektoncd/pipeline/entrypoint-bff0a22da108bc2f16c818c97641a296:v0.70.0@sha256:763d4cd4e362d381b46a5474d3d358e7731d7c13e22ebf632ef530b857521a48
--
  working-dir-initializer:
    Container ID:  containerd://eb80306209c38d7f79599ab27753d07e6fdb882e5f945d24ca56c37fb8f64a12
    Image:         ghcr.io/tektoncd/pipeline/workingdirinit-0c558922ec6a1b739e550e349f2d5fc1:v0.70.0@sha256:ed97cc8058e349c48be1364753a6e47732ba4f8d8aec814bd2cdb8a4ddafa23a
--
  step-source-default:
    Container ID:  containerd://1f6e3b0c210f895c5207bd2d42086b1dbd2d284e999bb01bed827dcf837d97bc
    Image:         ghcr.io/shipwright-io/build/git:v0.11.0@sha256:aecf8bdc01ea00be83e933162a0b6d063846b315fe9dcae60e4be1a34e85d514
--
  step-build-and-push:
    Container ID:  containerd://e8c30bbe0490f9ade3929e4c83da3db026d1d627e2a1d3826162c2595c5f1520
    Image:         gcr.io/kaniko-project/executor:v1.9.0
--
  step-results:
    Container ID:  containerd://4860ac68761a750df3aa95c53e8d29704f0c24392e0e4d69f0700281632c23fe
    Image:         registry.access.redhat.com/ubi9/ubi-minimal

19. BuildRun 결과 확인

kubectl get buildruns.shipwright.io

✅ 출력

NAME                           SUCCEEDED   REASON      STARTTIME   COMPLETIONTIME
kaniko-golang-buildrun-k7s94   True        Succeeded   12m         11m

20. 다음 실습을 위한 정리

kubectl delete build,buildrun --all