Skip to content

chore: GCP 레지스트리 provider 스크립트 추가 & 레플리카셋 임시 조정 #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
doup2001 merged 3 commits into from
Apr 6, 2026
Merged

chore: GCP 레지스트리 provider 스크립트 추가 & 레플리카셋 임시 조정 #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
79cecf2
chore: GCP 레지스트리 provider 스크립트 추가 (#12)
doup2001 Apr 6, 2026
1615eac
fix: 임시로 레플리카셋 개수 조절 (#12)
doup2001 Apr 6, 2026
fee3b99
fix: 스크립트 변수명 해석 문제 수정 (#12)
doup2001 Apr 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion k8s-kustomize/overlays/prod/backend/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
# 스펙
spec:
# Replica 개수
replicas: 1
replicas: 0

# 라벨
template:
Expand Down
2 changes: 1 addition & 1 deletion k8s-kustomize/overlays/prod/frontend/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
# 스펙
spec:
# Replica 개수
replicas: 1
replicas: 0

# 라벨
template:
Expand Down
53 changes: 53 additions & 0 deletions terraform/environments/prod/scripts/k8s-master-init.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,59 @@ apt-get update -y
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl

# ========================================
# kubelet Artifact Registry credential provider 설정
# ========================================
mkdir -p /etc/kubernetes /opt/image-credential-provider

cat <<'PROVIDER_EOF' >/opt/image-credential-provider/gcp-artifact-registry-provider
#!/usr/bin/env bash
set -euo pipefail

# kubelet 요청 본문은 현재 인증 계산에 사용하지 않으므로 읽고 종료합니다.
cat >/dev/null

token_response="$(curl -fsSL -H 'Metadata-Flavor: Google' \
http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token)"
access_token="$(printf '%s' "$${token_response}" | sed -n 's/.*"access_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"

if [ -z "$${access_token}" ]; then
echo "메타데이터 서버에서 Artifact Registry access token을 가져오지 못했습니다." >&2
exit 1
fi

cat <<JSON_EOF
{
"apiVersion": "credentialprovider.kubelet.k8s.io/v1",
"kind": "CredentialProviderResponse",
"cacheKeyType": "Registry",
"auth": {
"*.pkg.dev": {
"username": "oauth2accesstoken",
"password": "$${access_token}"
}
}
}
JSON_EOF
PROVIDER_EOF

chmod 0755 /opt/image-credential-provider/gcp-artifact-registry-provider

cat <<'EOF' >/etc/kubernetes/credential-provider-config.yaml
apiVersion: kubelet.config.k8s.io/v1
kind: CredentialProviderConfig
providers:
- name: gcp-artifact-registry-provider
apiVersion: credentialprovider.kubelet.k8s.io/v1
matchImages:
- "*.pkg.dev"
defaultCacheDuration: "30m"
EOF

cat <<'EOF' >/etc/default/kubelet
KUBELET_EXTRA_ARGS="--image-credential-provider-config=/etc/kubernetes/credential-provider-config.yaml --image-credential-provider-bin-dir=/opt/image-credential-provider"
EOF

# ========================================
# 서비스 활성화
# ========================================
Expand Down
53 changes: 53 additions & 0 deletions terraform/environments/prod/scripts/k8s-worker-init.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,59 @@ apt-get update -y
apt-get install -y kubelet kubeadm
apt-mark hold kubelet kubeadm

# ========================================
# kubelet Artifact Registry credential provider 설정
# ========================================
mkdir -p /etc/kubernetes /opt/image-credential-provider

cat <<'PROVIDER_EOF' >/opt/image-credential-provider/gcp-artifact-registry-provider
#!/usr/bin/env bash
set -euo pipefail

# kubelet 요청 본문은 현재 인증 계산에 사용하지 않으므로 읽고 종료합니다.
cat >/dev/null

token_response="$(curl -fsSL -H 'Metadata-Flavor: Google' \
http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token)"
access_token="$(printf '%s' "${token_response}" | sed -n 's/.*"access_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"

if [ -z "${access_token}" ]; then
echo "메타데이터 서버에서 Artifact Registry access token을 가져오지 못했습니다." >&2
exit 1
fi

cat <<JSON_EOF
{
"apiVersion": "credentialprovider.kubelet.k8s.io/v1",
"kind": "CredentialProviderResponse",
"cacheKeyType": "Registry",
"auth": {
"*.pkg.dev": {
"username": "oauth2accesstoken",
"password": "${access_token}"
}
}
}
JSON_EOF
PROVIDER_EOF

chmod 0755 /opt/image-credential-provider/gcp-artifact-registry-provider

cat <<'EOF' >/etc/kubernetes/credential-provider-config.yaml
apiVersion: kubelet.config.k8s.io/v1
kind: CredentialProviderConfig
providers:
- name: gcp-artifact-registry-provider
apiVersion: credentialprovider.kubelet.k8s.io/v1
matchImages:
- "*.pkg.dev"
defaultCacheDuration: "30m"
EOF

cat <<'EOF' >/etc/default/kubelet
KUBELET_EXTRA_ARGS="--image-credential-provider-config=/etc/kubernetes/credential-provider-config.yaml --image-credential-provider-bin-dir=/opt/image-credential-provider"
EOF

# ========================================
# 서비스 활성화
# ========================================
Expand Down
Loading