CI/CD 3주차 정리

Posted Nov 2, 2025

By GAGA

33 min read

🚀 kind로 k8s 배포

1. kind 클러스터 생성

  
kind create cluster --name myk8s --image kindest/node:v1.32.8 --config - <<EOF
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
networking:
  apiServerAddress: "0.0.0.0"
nodes:
- role: control-plane
  extraPortMappings:
  - containerPort: 30000
    hostPort: 30000
  - containerPort: 30001
    hostPort: 30001
  - containerPort: 30002
    hostPort: 30002
  - containerPort: 30003
    hostPort: 30003
- role: worker
EOF

# 결과
Creating cluster "myk8s" ...
 ✓ Ensuring node image (kindest/node:v1.32.8) 🖼
 ✓ Preparing nodes 📦 📦  
 ✓ Writing configuration 📜 
 ✓ Starting control-plane 🕹️ 
 ✓ Installing CNI 🔌 
 ✓ Installing StorageClass 💾 
 ✓ Joining worker nodes 🚜 
Set kubectl context to "kind-myk8s"
You can now use your cluster with:

kubectl cluster-info --context kind-myk8s

Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/#community 🙂

2. 노드/네임스페이스 확인

kind get nodes --name myk8s

# 결과
myk8s-worker
myk8s-control-plane

kubens default

# 결과
✔ Active namespace is "default"

3. Docker 컨테이너 확인 및 API 포트 매핑

docker ps

CONTAINER ID   IMAGE                  COMMAND                  CREATED              STATUS              PORTS                                                           NAMES
ea4fa45f8d82   kindest/node:v1.32.8   "/usr/local/bin/entr…"   About a minute ago   Up About a minute   0.0.0.0:30000-30003->30000-30003/tcp, 0.0.0.0:44501->6443/tcp   myk8s-control-plane
665b94422e49   kindest/node:v1.32.8   "/usr/local/bin/entr…"   About a minute ago   Up About a minute                                                                   myk8s-worker

컨트롤플레인: 0.0.0.0:44501 -> 6443 (K8s API)
NodePort: 30000~30003 호스트와 매핑

4. 호스트 IP 확인 및 K8s API 호출

ifconfig | grep 192.

# 결과
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        inet 192.168.219.107  netmask 255.255.255.0  broadcast 192.168.219.255

  
curl https://192.168.219.107:44501/version -k

# 결과
{
  "major": "1",
  "minor": "32",
  "gitVersion": "v1.32.8",
  "gitCommit": "2e83bc4bf31e88b7de81d5341939d5ce2460f46f",
  "gitTreeState": "clean",
  "buildDate": "2025-08-13T14:21:22Z",
  "goVersion": "go1.23.11",
  "compiler": "gc",
  "platform": "linux/amd64"
}%

🧩 docker compose

1. CI/CD 프로젝트 디렉터리 준비

mkdir cicd-labs
cd cicd-labs

  
docker network ls

# 결과
NETWORK ID     NAME      DRIVER    SCOPE
...
1da18f85ffec   kind      bridge    local
...

2. docker-compose 구성 (Jenkins + Gogs)

  
export DOCKER_GID=$(stat -c '%g' /var/run/docker.sock)

  
cat <<EOT > docker-compose.yaml
services:

  jenkins:
    container_name: jenkins
    image: jenkins/jenkins
    restart: unless-stopped
    networks:
      - kind
    ports:
      - "8080:8080"
      - "50000:50000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - jenkins_home:/var/jenkins_home
    group_add:
      - "${DOCKER_GID}"

  gogs:
    container_name: gogs
    image: gogs/gogs
    restart: unless-stopped
    networks:
      - kind
    ports:
      - "10022:22"
      - "3000:3000"
    volumes:
      - gogs-data:/data

volumes:
  jenkins_home:
  gogs-data:

networks:
  kind:
    external: true
EOT

3. 컨테이너 기동 및 상태 확인

  
docker compose up -d

# 결과
[+] Running 4/4
 ✔ Volume cicd-labs_jenkins_home  Created                                                                     0.0s 
 ✔ Volume cicd-labs_gogs-data     Created                                                                     0.0s 
 ✔ Container gogs                 Started                                                                     0.2s 
 ✔ Container jenkins              Started                                                                     0.2s 

  
docker compose ps

NAME      IMAGE             COMMAND                  SERVICE   CREATED          STATUS                             PORTS
gogs      gogs/gogs         "/app/gogs/docker/st…"   gogs      30 seconds ago   Up 29 seconds (health: starting)   0.0.0.0:3000->3000/tcp, [::]:3000->3000/tcp, 0.0.0.0:10022->22/tcp, [::]:10022->22/tcp
jenkins   jenkins/jenkins   "/usr/bin/tini -- /u…"   jenkins   30 seconds ago   Up 29 seconds                      0.0.0.0:8080->8080/tcp, [::]:8080->8080/tcp, 0.0.0.0:50000->50000/tcp, [::]:50000->50000/tcp

  
for i in gogs jenkins ; do echo ">> container : $i <<"; docker compose exec $i sh -c "whoami && pwd"; echo; done

>> container : gogs <<
root
/app/gogs

>> container : jenkins <<
jenkins
/

4. 도커를 이용하여 각 컨테이너로 접속

  
docker compose exec jenkins bash
jenkins@4aec55fcb34f:/$ exit
exit

docker compose exec gogs bash
f5292520283a:/app/gogs# exit
exit

5. Jenkins 컨테이너 초기 설정

  
docker compose exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword
dc92d4a5e233407f9fbb1dfaf986e75a # 패스워드 입력

(1) 웹 접속: http:<자신의 IP>:8080 진입 후, 권장 플러그인 설치

(2) 사용자 생성: devops / qwe123

(3) 설정완료

🎯 Jenkins 컨테이너에서 호스트에 도커 데몬 사용 설정

1. 컨테이너 내부 Docker CLI 설치

  
docker compose exec --privileged -u root jenkins bash
root@4aec55fcb34f:/# id
uid=0(root) gid=0(root) groups=0(root)

  
root@4aec55fcb34f:/# curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update && apt install docker-ce-cli curl tree jq yq -y

2. 호스트 데몬 연결 확인

  
root@4aec55fcb34f:/# docker ps
CONTAINER ID   IMAGE                  COMMAND                  CREATED          STATUS                    PORTS                                                                                          NAMES
4aec55fcb34f   jenkins/jenkins        "/usr/bin/tini -- /u…"   14 minutes ago   Up 14 minutes             0.0.0.0:8080->8080/tcp, [::]:8080->8080/tcp, 0.0.0.0:50000->50000/tcp, [::]:50000->50000/tcp   jenkins
f5292520283a   gogs/gogs              "/app/gogs/docker/st…"   14 minutes ago   Up 14 minutes (healthy)   0.0.0.0:3000->3000/tcp, [::]:3000->3000/tcp, 0.0.0.0:10022->22/tcp, [::]:10022->22/tcp         gogs
ea4fa45f8d82   kindest/node:v1.32.8   "/usr/local/bin/entr…"   17 minutes ago   Up 17 minutes             0.0.0.0:30000-30003->30000-30003/tcp, 0.0.0.0:44501->6443/tcp                                  myk8s-control-plane
665b94422e49   kindest/node:v1.32.8   "/usr/local/bin/entr…"   17 minutes ago   Up 17 minutes                                                                                                            myk8s-worker

root@a0c3ece04d03:/# which docker
/usr/bin/docker

3. jenkins 사용자 권한 부여 시도

  
root@4aec55fcb34f:/# chgrp docker /var/run/docker.sock
ls -l /var/run/docker.sock
usermod -aG docker jenkins
cat /etc/group | grep docker
chgrp: invalid group: ‘docker’
srw-rw---- 1 root 957 0 Oct 25 11:35 /var/run/docker.sock
usermod: group 'docker' does not exist

root@4aec55fcb34f:/# exit
exit

컨테이너 내부에서 usermod -aG docker jenkins, chgrp docker /var/run/docker.sock 시도했으나 docker 그룹 미존재로 실패함

4. Jenkins 컨테이너 재시작 후 권한 에러 관찰

docker compose restart jenkins

[+] Restarting 1/1
 ✔ Container jenkins  Started

  
docker compose exec jenkins docker ps

permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.51/containers/json": dial unix /var/run/docker.sock: connect: permission denied

5. docker-compose로 소켓 GID 매핑 적용

  
export DOCKER_GID=$(stat -c '%g' /var/run/docker.sock)

  
...
services:
  jenkins:
    container_name: jenkins
    image: jenkins/jenkins
    restart: unless-stopped
    networks:
      - cicd-network
    ports:
      - "8080:8080"
      - "50000:50000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - jenkins_home:/var/jenkins_home
    group_add:
      - "${DOCKER_GID}"
...      

docker compose up -d

호스트 소켓 GID를 환경변수로 추출해 group_add에 반영하여 권한 문제 해결함

6. 컨테이너 재생성으로 Docker CLI 휘발 문제와 재설치

  
docker compose exec jenkins docker ps
OCI runtime exec failed: exec failed: unable to start container process: exec: "docker": executable file not found in $PATH

  
docker compose exec --privileged -u root jenkins bash

root@4aec55fcb34f:/# curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update && apt install docker-ce-cli curl tree jq yq -y

7. 최종 동작 검증

  
docker compose exec jenkins docker ps

CONTAINER ID   IMAGE                  COMMAND                  CREATED          STATUS                    PORTS                                                                                          NAMES
af793fe999f9   jenkins/jenkins        "/usr/bin/tini -- /u…"   6 minutes ago    Up 5 minutes              0.0.0.0:8080->8080/tcp, [::]:8080->8080/tcp, 0.0.0.0:50000->50000/tcp, [::]:50000->50000/tcp   jenkins
f5292520283a   gogs/gogs              "/app/gogs/docker/st…"   27 minutes ago   Up 27 minutes (healthy)   0.0.0.0:3000->3000/tcp, [::]:3000->3000/tcp, 0.0.0.0:10022->22/tcp, [::]:10022->22/tcp         gogs
ea4fa45f8d82   kindest/node:v1.32.8   "/usr/local/bin/entr…"   30 minutes ago   Up 30 minutes             0.0.0.0:30000-30003->30000-30003/tcp, 0.0.0.0:44501->6443/tcp                                  myk8s-control-plane
665b94422e49   kindest/node:v1.32.8   "/usr/local/bin/entr…"   30 minutes ago   Up 30 minutes                                                                                                            myk8s-worker

  
docker compose exec jenkins cat /etc/group

# 결과
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
...
jenkins:x:1000:

jenkins 사용자 컨텍스트에서 Docker 명령 정상 동작 확인함

⚙️ Gogs 컨테이너 초기 설정

1. 초기 설정 웹 접속

**http://<**자신의 IP**>:3000/install**

데이터베이스 유형: SQLite3
애플리케이션 URL: http://<자신의 IP>:3000/
기본 브랜치: main
관리자 계정 설정: 이름(계정명 devops), 비밀번호, 이메일 입력

2. Token 생성

Your Settings > Applications > Generate New Token - Token Name(devops) 메모하기

3. 개발팀용 Repository 생성

Repository Name : dev-app
Visibility : (Check) This repository is Private
.gitignore : Python
Readme : Default → (Check) initialize this repository with selected files and template

⇒ Create Repository

4. 데브옵스팀용 Repository 생성

Repository Name : ops-deploy
Visibility : (Check) This repository is Private
.gitignore : Python
Readme : Default → (Check) initialize this repository with selected files and template

🐚 Gogs 실습을 위한 저장소 설정

1. Gogs 컨테이너 셸 접속

docker exec -it gogs bash
f5292520283a:/app/gogs# 

  
f5292520283a:/app/gogs# TMOUT=0
pwd
ls
cd /data
/app/gogs

# 결과
data    docker  gogs    log

  
f5292520283a:/data# ls -al

# 결과
total 20
drwxr-xr-x    5 git      git           4096 Nov  1 09:00 .
drwxr-xr-x    1 root     root          4096 Nov  1 09:00 ..
drwxr-xr-x    4 git      git           4096 Nov  1 09:36 git
drwxr-xr-x    5 git      git           4096 Nov  1 09:00 gogs
drwx------    2 git      git           4096 Nov  1 09:00 ssh

2. 토큰·IP 환경변수 설정

  
f5292520283a:/data# TOKEN=<각자 Gogs Token>
f5292520283a:/data# MyIP=<각자 자신의 IP>

3. dev-app 저장소 클론

  
git clone http://devops:$TOKEN@$MyIP:3000/devops/dev-app.git

f5292520283a:/data# git clone http://devops:$TOKEN@$MyIP:3000/devops/dev-app.git
Cloning into 'dev-app'...
remote: Enumerating objects: 4, done.
remote: Counting objects: 100% (4/4), done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 4 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0)
Unpacking objects: 100% (4/4), 690 bytes | 690.00 KiB/s, done.

f5292520283a:/data# cd /data/dev-app
f5292520283a:/data/dev-app# tree
.
└── README.md

0 directories, 1 files

4. Git 로컬 설정

  
f5292520283a:/data/dev-app# git config --local user.name "devops"
git config --local user.email "a@a.com"
git config --local init.defaultBranch main
git config --local credential.helper store
git --no-pager config --local --list
cat .git/config

# 결과
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
remote.origin.url=http://devops:6f5bccf278f4e14b32d16f36db047b6440357acd@192.168.219.107:3000/devops/dev-app.git
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
branch.main.remote=origin
branch.main.merge=refs/heads/main
user.name=devops
user.email=a@a.com
init.defaultbranch=main
credential.helper=store
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = http://devops:6f5bccf278f4e14b32d16f36db047b6440357acd@192.168.219.107:3000/devops/dev-app.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "main"]
	remote = origin
	merge = refs/heads/main
[user]
	name = devops
	email = a@a.com
[init]
	defaultBranch = main
[credential]
	helper = store

5. 애플리케이션 파일 작성

(1) server.py 파일

  
f5292520283a:/data/dev-app# cat > server.py <<EOF
from http.server import ThreadingHTTPServer, BaseHTTPRequestHandler
from datetime import datetime
import socket

class RequestHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        match self.path:
            case '/':
                now = datetime.now()
                hostname = socket.gethostname()
                response_string = now.strftime("The time is %-I:%M:%S %p, VERSION 0.0.1\n")
                response_string += f"Server hostname: {hostname}\n"                
                self.respond_with(200, response_string)
            case '/healthz':
                self.respond_with(200, "Healthy")
            case _:
                self.respond_with(404, "Not Found")

    def respond_with(self, status_code: int, content: str) -> None:
        self.send_response(status_code)
        self.send_header('Content-type', 'text/plain')
        self.end_headers()
        self.wfile.write(bytes(content, "utf-8")) 

def startServer():
    try:
        server = ThreadingHTTPServer(('', 80), RequestHandler)
        print("Listening on " + ":".join(map(str, server.server_address)))
        server.serve_forever()
    except KeyboardInterrupt:
        server.shutdown()

if __name__== "__main__":
    startServer()
EOF

(2) Dockerfile

  
f5292520283a:/data/dev-app# cat > Dockerfile <<EOF
FROM python:3.12
ENV PYTHONUNBUFFERED 1
COPY . /app
WORKDIR /app 
CMD python3 server.py
EOF

(3) VERSION

  
f5292520283a:/data/dev-app# echo "0.0.1" > VERSION

6. 커밋 및 푸시

  
f5292520283a:/data/dev-app# tree
git status
git add .
git commit -m "Add dev-app"
git push -u origin main

# 결과
.
├── Dockerfile
├── README.md
├── VERSION
└── server.py

0 directories, 4 files
On branch main
Your branch is up to date with 'origin/main'.

Untracked files:
  (use "git add <file>..." to include in what will be committed)
	Dockerfile
	VERSION
	server.py

nothing added to commit but untracked files present (use "git add" to track)
[main 5e0b56b] Add dev-app
 3 files changed, 40 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 VERSION
 create mode 100644 server.py
Enumerating objects: 6, done.
Counting objects: 100% (6/6), done.
Delta compression using up to 18 threads
Compressing objects: 100% (4/4), done.
Writing objects: 100% (5/5), 1014 bytes | 1014.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0)
To http://192.168.219.107:3000/devops/dev-app.git
   bcd7702..5e0b56b  main -> main
branch 'main' set up to track 'origin/main'.

🐳 도커 허브

1. 도커 허브 토큰 발급

2. Private 리포지토리 생성(dev-app)

🤖 Jenkins CI Pipeline

1. Jenkins 플러그인 설치

Pipeline Stage View - Docs
Docker Pipeline : building, testing, and using Docker images from Jenkins Pipeline - Docs
Gogs : Webhook Plugin - Docs

2. 자격증명 설정

Jenkins 관리 → Credentials → Globals → Add Credentials

(1) Gogs Repo 자격증명 설정 : gogs-crd
Kind : Username with password
Username : devops
Password : <Gogs 토큰>
ID : gogs-crd

(2) 도커 허브 자격증명 설정 : dockerhub-crd
Kind : Username with password
Username : <도커 계정명>
Password : <도커 계정 암호 혹은 토큰>
ID : dockerhub-crd

3. Jenkins Item 생성

(1) item 지정

(2) Pipeline script

  
pipeline {
    agent any
    environment {
        DOCKER_IMAGE = '<자신의 도커 허브 계정>/dev-app' // Docker 이미지 이름
    }
    stages {
        stage('Checkout') {
            steps {
                 git branch: 'main',
                 url: 'http://<자신의 IP>:3000/devops/dev-app.git',  // Git에서 코드 체크아웃
                 credentialsId: 'gogs-crd'  // Credentials ID
            }
        }
        stage('Read VERSION') {
            steps {
                script {
                    // VERSION 파일 읽기
                    def version = readFile('VERSION').trim()
                    echo "Version found: ${version}"
                    // 환경 변수 설정
                    env.DOCKER_TAG = version
                }
            }
        }
        stage('Docker Build and Push') {
            steps {
                script {
                    docker.withRegistry('https://index.docker.io/v1/', 'dockerhub-crd') {
                        // DOCKER_TAG 사용
                        def appImage = docker.build("${DOCKER_IMAGE}:${DOCKER_TAG}")
                        appImage.push()
                        appImage.push("latest")
                    }
                }
            }
        }
    }
    post {
        success {
            echo "Docker image ${DOCKER_IMAGE}:${DOCKER_TAG} has been built and pushed successfully!"
        }
        failure {
            echo "Pipeline failed. Please check the logs."
        }
    }
}

(3) 빌드 진행

🧭 Deploying to Kubernetes

1. Deployment 생성

DHUSER=<도커 허브 계정명>

  
cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
  name: timeserver
spec:
  replicas: 2
  selector:
    matchLabels:
      pod: timeserver-pod
  template:
    metadata:
      labels:
        pod: timeserver-pod
    spec:
      containers:
      - name: timeserver-container
        image: docker.io/$DHUSER/dev-app:0.0.1
        livenessProbe:
          initialDelaySeconds: 30
          periodSeconds: 30
          httpGet:
            path: /healthz
            port: 80
            scheme: HTTP
          timeoutSeconds: 5
          failureThreshold: 3
          successThreshold: 1
EOF
deployment.apps/timeserver created

2. ImagePullBackOff 원인 진단

  
kubectl get deploy,rs,pod -o wide

# 결과
NAME                         READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS             IMAGES                               SELECTOR
deployment.apps/timeserver   0/2     2            0           81s   timeserver-container   docker.io/shinminjin/dev-app:0.0.1   pod=timeserver-pod

NAME                                    DESIRED   CURRENT   READY   AGE   CONTAINERS             IMAGES                               SELECTOR
replicaset.apps/timeserver-6cd9654cc7   2         2         0       81s   timeserver-container   docker.io/shinminjin/dev-app:0.0.1   pod=timeserver-pod,pod-template-hash=6cd9654cc7

NAME                              READY   STATUS             RESTARTS   AGE   IP           NODE           NOMINATED NODE   READINESS GATES
pod/timeserver-6cd9654cc7-8jtdb   0/1     ImagePullBackOff   0          81s   10.244.1.2   myk8s-worker   <none>           <none>
pod/timeserver-6cd9654cc7-hkfw5   0/1     ImagePullBackOff   0          81s   10.244.1.3   myk8s-worker   <none>           <none>

  
kubectl describe pod

# 결과
...
Events:
  Type     Reason     Age                 From               Message
  ----     ------     ----                ----               -------
  Normal   Scheduled  104s                default-scheduler  Successfully assigned default/timeserver-6cd9654cc7-hkfw5 to myk8s-worker
  Normal   BackOff    22s (x5 over 102s)  kubelet            Back-off pulling image "docker.io/shinminjin/dev-app:0.0.1"
  Warning  Failed     22s (x5 over 102s)  kubelet            Error: ImagePullBackOff
  Normal   Pulling    10s (x4 over 104s)  kubelet            Pulling image "docker.io/shinminjin/dev-app:0.0.1"
  Warning  Failed     9s (x4 over 102s)   kubelet            Failed to pull image "docker.io/shinminjin/dev-app:0.0.1": failed to pull and unpack image "docker.io/shinminjin/dev-app:0.0.1": failed to resolve reference "docker.io/shinminjin/dev-app:0.0.1": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
  Warning  Failed     9s (x4 over 102s)   kubelet            Error: ErrImagePull

보통 컨테이너 이미지 정보를 잘못 기입하는 경우에 발생
혹은 이미지 저장소에 이미지가 없거나, 이미지 가져오는 자격 증명이 없는 경우에 발생

3. Docker Hub 자격증명 시크릿 생성

  
DHUSER=<도커 허브 계정>
DHPASS=<도커 허브 암호 혹은 토큰>

  
kubectl create secret docker-registry dockerhub-secret \
  --docker-server=https://index.docker.io/v1/ \
  --docker-username=$DHUSER \
  --docker-password=$DHPASS
  
# 결과
secret/dockerhub-secret created

4. Deployment에 imagePullSecrets 적용

  
cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
  name: timeserver
spec:
  replicas: 2
  selector:
    matchLabels:
      pod: timeserver-pod
  template:
    metadata:
      labels:
        pod: timeserver-pod
    spec:
      containers:
      - name: timeserver-container
        image: docker.io/$DHUSER/dev-app:0.0.1
        livenessProbe:
          initialDelaySeconds: 30
          periodSeconds: 30
          httpGet:
            path: /healthz
            port: 80
            scheme: HTTP
          timeoutSeconds: 5
          failureThreshold: 3
          successThreshold: 1
      imagePullSecrets:
      - name: dockerhub-secret
EOF

# 결과
deployment.apps/timeserver configured

5. 리소스 상태 확인

  
kubectl get deploy,rs,pod -o wide

# 결과
NAME                         READY   UP-TO-DATE   AVAILABLE   AGE    CONTAINERS             IMAGES                               SELECTOR
deployment.apps/timeserver   2/2     2            2           7m5s   timeserver-container   docker.io/shinminjin/dev-app:0.0.1   pod=timeserver-pod

NAME                                    DESIRED   CURRENT   READY   AGE    CONTAINERS             IMAGES                               SELECTOR
replicaset.apps/timeserver-69c87f9f8c   2         2         2       60s    timeserver-container   docker.io/shinminjin/dev-app:0.0.1   pod=timeserver-pod,pod-template-hash=69c87f9f8c
replicaset.apps/timeserver-6cd9654cc7   0         0         0       7m5s   timeserver-container   docker.io/shinminjin/dev-app:0.0.1   pod=timeserver-pod,pod-template-hash=6cd9654cc7

NAME                              READY   STATUS    RESTARTS   AGE   IP           NODE           NOMINATED NODE   READINESS GATES
pod/timeserver-69c87f9f8c-jr2j6   1/1     Running   0          60s   10.244.1.4   myk8s-worker   <none>           <none>
pod/timeserver-69c87f9f8c-tjlp2   1/1     Running   0          22s   10.244.1.5   myk8s-worker   <none>           <none>

6. Service 공개

  
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
  name: timeserver
spec:
  selector:
    pod: timeserver-pod
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
    nodePort: 30000
  type: NodePort
EOF

# 결과
service/timeserver created

  
curl http://127.0.0.1:30000

# 결과
The time is 1:07:41 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-jr2j6

호출 시 시간/호스트명 응답 확인

7. 반복 접속

  
while true; do curl -s --connect-timeout 1 http://127.0.0.1:30000 ; sleep 1 ; done

# 결과
The time is 1:08:23 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-jr2j6
The time is 1:08:24 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-tjlp2
The time is 1:08:25 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-tjlp2
The time is 1:08:26 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-tjlp2
The time is 1:08:27 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-tjlp2
The time is 1:08:28 PM, VERSION 0.0.1
...

🖥️ Updating your application : k8s Deploying an application with Jenkins

1. Git 반영

샘플 앱 server.py, VERSION 코드 변경(0.0.2)

  
f5292520283a:/data/dev-app# git add . && git commit -m "VERSION $(cat VERSION) Changed" && git push -u origin main

# 결과
[main cc68f85] VERSION 0.0.2 Changed
 2 files changed, 2 insertions(+), 2 deletions(-)
Enumerating objects: 7, done.
Counting objects: 100% (7/7), done.
Delta compression using up to 18 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (4/4), 340 bytes | 340.00 KiB/s, done.
Total 4 (delta 2), reused 0 (delta 0), pack-reused 0 (from 0)
To http://192.168.219.107:3000/devops/dev-app.git
   5e0b56b..cc68f85  main -> main
branch 'main' set up to track 'origin/main'.

2. VERSION 0.0.1 확인

  
The time is 1:16:26 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-tjlp2
The time is 1:16:27 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-jr2j6
The time is 1:16:28 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-jr2j6
The time is 1:16:29 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-tjlp2
The time is 1:16:30 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-tjlp2
The time is 1:16:31 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-tjlp2
The time is 1:16:32 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-tjlp2
The time is 1:16:33 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-jr2j6
The time is 1:16:34 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-jr2j6
...

  
kubectl get deploy,rs,pod,svc,ep -owide

# 결과
NAME                         READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS             IMAGES                               SELECTOR
deployment.apps/timeserver   2/2     2            2           18m   timeserver-container   docker.io/shinminjin/dev-app:0.0.1   pod=timeserver-pod

NAME                                    DESIRED   CURRENT   READY   AGE   CONTAINERS             IMAGES                               SELECTOR
replicaset.apps/timeserver-69c87f9f8c   2         2         2       12m   timeserver-container   docker.io/shinminjin/dev-app:0.0.1   pod=timeserver-pod,pod-template-hash=69c87f9f8c
replicaset.apps/timeserver-6cd9654cc7   0         0         0       18m   timeserver-container   docker.io/shinminjin/dev-app:0.0.1   pod=timeserver-pod,pod-template-hash=6cd9654cc7

NAME                              READY   STATUS    RESTARTS   AGE   IP           NODE           NOMINATED NODE   READINESS GATES
pod/timeserver-69c87f9f8c-jr2j6   1/1     Running   0          12m   10.244.1.4   myk8s-worker   <none>           <none>
pod/timeserver-69c87f9f8c-tjlp2   1/1     Running   0          11m   10.244.1.5   myk8s-worker   <none>           <none>

NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE     SELECTOR
service/kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP        4h19m   <none>
service/timeserver   NodePort    10.96.88.179   <none>        80:30000/TCP   10m     pod=timeserver-pod

NAME                   ENDPOINTS                     AGE
endpoints/kubernetes   172.18.0.2:6443               4h19m
endpoints/timeserver   10.244.1.4:80,10.244.1.5:80   10m

CI 빌드·푸시는 완료되었으나 K8s 쪽 이미지 태그 업데이트가 자동으로 반영되지 않음

3. 수동 롤링 업데이트 실행

  
kubectl set image deployment timeserver timeserver-container=$DHUSER/dev-app:0.0.2 && watch -d "kubectl get deploy,ep timeserver -owide; echo; kubectl get rs,pod"

  
Server hostname: timeserver-69c87f9f8c-jr2j6
The time is 1:18:15 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-tjlp2
The time is 1:18:16 PM, VERSION 0.0.1
Server hostname: timeserver-69c87f9f8c-tjlp2
The time is 1:18:17 PM, VERSION 0.0.2
Server hostname: timeserver-79d564b95c-28lmt
The time is 1:18:18 PM, VERSION 0.0.2
Server hostname: timeserver-79d564b95c-28lmt
The time is 1:18:19 PM, VERSION 0.0.2
Server hostname: timeserver-79d564b95c-28lmt
The time is 1:18:20 PM, VERSION 0.0.2
...

이미지 태그 0.0.2로 갱신함

🔐 Gogs Webhooks 설정

1. Gogs 보안 설정(app.ini) 업데이트

f5292520283a:/data/dev-app# cd ../gogs/conf/
f5292520283a:/data/gogs/conf# vi app.ini

  
[security]      
INSTALL_LOCK = true            
SECRET_KEY   = QYNoxvpdPUjpRf1
LOCAL_NETWORK_ALLOWLIST = 192.168.254.110 # 각자 자신의 IP

  
f5292520283a:/data/gogs/conf# exit
exit

# gogs 재시작
docker compose restart gogs

# 결과
WARN[0000] The "DOCKER_GID" variable is not set. Defaulting to a blank string. 
[+] Restarting 1/1
 ✔ Container gogs  Started

2. Gogs Webhook → Jenkins 트리거 설정

Payload URL : http://192.168.219.107:8080/gogs-webhook/?job=SCM-Pipeline/  # 각자 자신의 IP
Content Type : application/json
Secret : qwe123
When should this webhook be triggered? : Just the push event
Active : Check

3. Jenkins Item 생성(Pipeline) : SCM-Pipeline

GitHub project : http://<자신의 IP>:3000/<Gogs 계정명>/dev-app
Use Gogs secret : qwe123
Pipeline script from SCM
- SCM : Git
	- Repo URL(http://<자신의 IP>:3000/<Gogs 계정명>/dev-app)
	- Credentials(devops/***)
	- Branch(*/main)
- Script Path : Jenkinsfile

4. Gogs 컨테이너 재접속 및 리포지토리 경로 이동

  
docker exec -it gogs bash
f5292520283a:/app/gogs# cd ../../data/dev-app/
f5292520283a:/data/dev-app# 

5. Jenkinsfile 생성 및 푸시

f5292520283a:/data/dev-app# tree
.
├── Dockerfile
├── README.md
├── VERSION
└── server.py

0 directories, 4 files

f5292520283a:/data/dev-app# touch Jenkinsfile

  
pipeline {
    agent any
    environment {
        DOCKER_IMAGE = '<자신의 도커 허브 계정>/dev-app' // Docker 이미지 이름
    }
    stages {
        stage('Checkout') {
            steps {
                 git branch: 'main',
                 url: 'http://<자신의 IP>:3000/devops/dev-app.git',  // Git에서 코드 체크아웃
                 credentialsId: 'gogs-crd'  // Credentials ID
            }
        }
        stage('Read VERSION') {
            steps {
                script {
                    // VERSION 파일 읽기
                    def version = readFile('VERSION').trim()
                    echo "Version found: ${version}"
                    // 환경 변수 설정
                    env.DOCKER_TAG = version
                }
            }
        }
        stage('Docker Build and Push') {
            steps {
                script {
                    docker.withRegistry('https://index.docker.io/v1/', 'dockerhub-crd') {
                        // DOCKER_TAG 사용
                        def appImage = docker.build("${DOCKER_IMAGE}:${DOCKER_TAG}")
                        appImage.push()
                        appImage.push("latest")
                    }
                }
            }
        }
    }
    post {
        success {
            echo "Docker image ${DOCKER_IMAGE}:${DOCKER_TAG} has been built and pushed successfully!"
        }
        failure {
            echo "Pipeline failed. Please check the logs."
        }
    }
}

  
f5292520283a:/data/dev-app# git add . && git commit -m "VERSION $(cat VERSION) Changed" && git push -u origin main

# 결과
[main 8d36c4b] VERSION 0.0.3 Changed
 3 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 Jenkinsfile
Enumerating objects: 8, done.
Counting objects: 100% (8/8), done.
Delta compression using up to 18 threads
Compressing objects: 100% (4/4), done.
Writing objects: 100% (5/5), 1.06 KiB | 1.06 MiB/s, done.
Total 5 (delta 1), reused 0 (delta 0), pack-reused 0 (from 0)
To http://192.168.219.107:3000/devops/dev-app.git
   cc68f85..8d36c4b  main -> main
branch 'main' set up to track 'origin/main'.

6. k8s에 신규 버전 적용

  
kubectl set image deployment timeserver timeserver-container=$DHUSER/dev-app:0.0.3 && while true; do curl -s --connect-timeout 1 http://127.0.0.1:30000 ; sleep 1 ; done

# 결과
deployment.apps/timeserver image updated
Server hostname: timeserver-79d564b95c-28lmt
The time is 1:56:48 PM, VERSION 0.0.2
Server hostname: timeserver-79d564b95c-vpb6d
The time is 1:56:49 PM, VERSION 0.0.2
Server hostname: timeserver-79d564b95c-28lmt
The time is 1:56:50 PM, VERSION 0.0.2
Server hostname: timeserver-79d564b95c-vpb6d
The time is 1:56:51 PM, VERSION 0.0.2
Server hostname: timeserver-79d564b95c-vpb6d
The time is 1:56:52 PM, VERSION 0.0.3
Server hostname: timeserver-6566694f9d-vz2zr
The time is 1:56:53 PM, VERSION 0.0.3
Server hostname: timeserver-6566694f9d-vz2zr
The time is 1:56:54 PM, VERSION 0.0.3
Server hostname: timeserver-6566694f9d-vz2zr
The time is 1:56:55 PM, VERSION 0.0.3
...

🌐 Jenkins CD by K8S(Kind)

1. Jenkins 컨테이너에 kubectl/helm 설치

  
docker compose exec --privileged -u root jenkins bash
root@af793fe999f9:/# curl -LO "https://dl.k8s.io/release/v1.32.8/bin/linux/amd64/kubectl"

# 결과
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   138  100   138    0     0    252      0 --:--:-- --:--:-- --:--:--   251
100 54.6M  100 54.6M    0     0  15.8M      0  0:00:03  0:00:03 --:--:-- 22.7M

  
root@af793fe999f9:/# install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
kubectl version --client=true

# 결과
Client Version: v1.32.8
Kustomize Version: v5.5.0

  
root@af793fe999f9:/# curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
helm version

# 결과
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 11928  100 11928    0     0  27938      0 --:--:-- --:--:-- --:--:-- 27934
Downloading https://get.helm.sh/helm-v3.19.0-linux-amd64.tar.gz
Verifying checksum... Done.
Preparing to install helm into /usr/local/bin
helm installed into /usr/local/bin/helm
version.BuildInfo{Version:"v3.19.0", GitCommit:"3d8990f0836691f0229297773f3524598f46bda6", GitTreeState:"clean", GoVersion:"go1.24.7"}

root@af793fe999f9:/# exit
exit

2. 클라이언트 버전 확인

  
docker compose exec jenkins kubectl version --client=true

# 결과
Client Version: v1.32.8
Kustomize Version: v5.5.0

  
docker compose exec jenkins helm version

# 결과
version.BuildInfo{Version:"v3.19.0", GitCommit:"3d8990f0836691f0229297773f3524598f46bda6", GitTreeState:"clean", GoVersion:"go1.24.7"}

3. Kind 컨트롤플레인 IP 확인

  
docker inspect myk8s-control-plane | grep IPAddress

# 결과
            "SecondaryIPAddresses": null,
            "IPAddress": "",
                    "IPAddress": "172.18.0.2",

4. Jenkins → K8s API 연결 확인

  
docker exec -it jenkins curl https://172.18.0.2:6443/version -k

# 결과
{
  "major": "1",
  "minor": "32",
  "gitVersion": "v1.32.8",
  "gitCommit": "2e83bc4bf31e88b7de81d5341939d5ce2460f46f",
  "gitTreeState": "clean",
  "buildDate": "2025-08-13T14:21:22Z",
  "goVersion": "go1.23.11",
  "compiler": "gc",
  "platform": "linux/amd64"
}%                                                                     

5. Kubeconfig 준비 및 수정

cp ~/.kube/config ./kube-config

        server: https://0.0.0.0:44501
      name: kind-myk8s

				server: https://<myk8s-control-plane 컨테이너 IP>:6443 # 자신의 환경에 맞게 변경
		  name: kind-myk8s

6. Jenkins 자격증명(k8s-crd) 생성

7. 파이프라인 아이템 생성(k8s-cmd)

  
pipeline {
    agent any
    environment {
        KUBECONFIG = credentials('k8s-crd')
    }
    stages {
        stage('List Pods') {
            steps {
                sh '''
                # Fetch and display Pods
                kubectl get pods -A --kubeconfig "$KUBECONFIG"
                '''
            }
        }
    }
}

🔁 Jenkins를 이용한 blue-green 배포

1. 기존 리소스 정리

  
kubectl delete deploy,svc timeserver

# 결과
deployment.apps "timeserver" deleted from default namespace
service "timeserver" deleted from default namespace

2. 배포 매니페스트 디렉터리 생성

f5292520283a:/data/dev-app# mkdir deploy

3. Blue/Green/Service 매니페스트 작성

  
f5292520283a:/data/dev-app# cat > deploy/echo-server-blue.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: echo-server-blue
spec:
  replicas: 2
  selector:
    matchLabels:
      app: echo-server
      version: blue
  template:
    metadata:
      labels:
        app: echo-server
        version: blue
    spec:
      containers:
      - name: echo-server
        image: hashicorp/http-echo
        args:
        - "-text=Hello from Blue"
        ports:
        - containerPort: 5678
EOF

cat > deploy/echo-server-service.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
  name: echo-server-service
spec:
  selector:
    app: echo-server
    version: blue
  ports:
  - protocol: TCP
    port: 80
    targetPort: 5678
    nodePort: 30000
  type: NodePort
EOF

cat > deploy/echo-server-green.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: echo-server-green
spec:
  replicas: 2
  selector:
    matchLabels:
      app: echo-server
      version: green
  template:
    metadata:
      labels:
        app: echo-server
        version: green
    spec:
      containers:
      - name: echo-server
        image: hashicorp/http-echo
        args:
        - "-text=Hello from Green"
        ports:
        - containerPort: 5678
EOF

f5292520283a:/data/dev-app# tree
.
├── Dockerfile
├── Jenkinsfile
├── README.md
├── VERSION
├── deploy
│   ├── echo-server-blue.yaml
│   ├── echo-server-green.yaml
│   └── echo-server-service.yaml
└── server.py

1 directories, 8 files

4. Git 커밋/푸시로 매니페스트 반영

  
f5292520283a:/data/dev-app# git add . && git commit -m "Add echo server yaml" && git push -u origin main

# 결과
[main b7b758f] Add echo server yaml
 3 files changed, 60 insertions(+)
 create mode 100644 deploy/echo-server-blue.yaml
 create mode 100644 deploy/echo-server-green.yaml
 create mode 100644 deploy/echo-server-service.yaml
Enumerating objects: 7, done.
Counting objects: 100% (7/7), done.
Delta compression using up to 18 threads
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 789 bytes | 789.00 KiB/s, done.
Total 6 (delta 2), reused 0 (delta 0), pack-reused 0 (from 0)
To http://192.168.219.107:3000/devops/dev-app.git
   273223f..b7b758f  main -> main
branch 'main' set up to track 'origin/main'.

5. Blue-Green 관찰용 반복 스크립트 실행

  
while true; do curl -s --connect-timeout 1 http://127.0.0.1:30000 ; echo ; sleep 1  ; kubectl get deploy -owide ; echo ; kubectl get svc,ep echo-server-service -owide ; echo "------------" ; done

# 결과
No resources found in default namespace.

Error from server (NotFound): services "echo-server-service" not found
Error from server (NotFound): endpoints "echo-server-service" not found
------------

No resources found in default namespace.

Error from server (NotFound): services "echo-server-service" not found
Error from server (NotFound): endpoints "echo-server-service" not found
------------

No resources found in default namespace.

Error from server (NotFound): services "echo-server-service" not found
Error from server (NotFound): endpoints "echo-server-service" not found
------------
...

6. Jenkins 파이프라인 생성(k8s-bluegreen)

  
pipeline {
    agent any

    environment {
        KUBECONFIG = credentials('k8s-crd')
    }

    stages {
        stage('Checkout') {
            steps {
                 git branch: 'main',
                 url: 'http://<자신의 IP>:3000/devops/dev-app.git',  // Git에서 코드 체크아웃
                 credentialsId: 'gogs-crd'  // Credentials ID
            }
        }

        stage('container image build') {
            steps {
                echo "container image build"
            }
        }

        stage('container image upload') {
            steps {
                echo "container image upload"
            }
        }

        stage('k8s deployment blue version') {
            steps {
                sh "kubectl apply -f ./deploy/echo-server-blue.yaml --kubeconfig $KUBECONFIG"
                sh "kubectl apply -f ./deploy/echo-server-service.yaml --kubeconfig $KUBECONFIG"
            }
        }

        stage('approve green version') {
            steps {
                input message: 'approve green version', ok: "Yes"
            }
        }

        stage('k8s deployment green version') {
            steps {
	        	sh "kubectl apply -f ./deploy/echo-server-green.yaml --kubeconfig $KUBECONFIG"
            }
        }

        stage('approve version switching') {
            steps {
                script {
                    returnValue = input message: 'Green switching?', ok: "Yes", parameters: [booleanParam(defaultValue: true, name: 'IS_SWITCHED')]
                    if (returnValue) {
                        sh "kubectl patch svc echo-server-service -p '{\"spec\": {\"selector\": {\"version\": \"green\"}}}' --kubeconfig $KUBECONFIG"
                    }
                }
            }
        }

        stage('Blue Rollback') {
            steps {
                script {
                    returnValue = input message: 'Blue Rollback?', parameters: [choice(choices: ['done', 'rollback'], name: 'IS_ROLLBACk')]
                    if (returnValue == "done") {
                        sh "kubectl delete -f ./deploy/echo-server-blue.yaml --kubeconfig $KUBECONFIG"
                    }
                    if (returnValue == "rollback") {
                        sh "kubectl patch svc echo-server-service -p '{\"spec\": {\"selector\": {\"version\": \"blue\"}}}' --kubeconfig $KUBECONFIG"
                    }
                }
            }
        }
    }
}

7. 수동 승인 단계 안내

(1) 그린 환경 배포 진행 여부

(2) 서비스 전환(트래픽 그린) 여부

(3) 블루 삭제 또는 롤백(서비스 blue로 재전환) 선택

CI/CD

This post is licensed under CC BY 4.0 by the author.