From 4a7ade157a07b0ed5fb1f57be50225d198c5b869 Mon Sep 17 00:00:00 2001 From: mklee Date: Mon, 22 Dec 2025 13:49:35 +0000 Subject: [PATCH] update whatap agent build&secret,Deploy --- Dockerfile | 40 +++++++----- Dockerfile.bak | 64 +++++++++++++++++++ k8s/aws/10-petclinic-secret-whatap.yaml | 31 +++++++++ k8s/aws/20-petclinic-Deployments-postgre.yaml | 36 +++++++++-- 4 files changed, 151 insertions(+), 20 deletions(-) create mode 100644 Dockerfile.bak create mode 100644 k8s/aws/10-petclinic-secret-whatap.yaml diff --git a/Dockerfile b/Dockerfile index c0679a4c5..c0c7c88bf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,19 +4,32 @@ FROM maven:3.9-eclipse-temurin-25 AS builder WORKDIR /app -# 의존성 캐시 COPY pom.xml ./ RUN --mount=type=cache,target=/root/.m2 \ mvn -q -DskipTests dependency:go-offline -# 전체 소스 복사 COPY . . - -# 패키징 (테스트 스킵) RUN --mount=type=cache,target=/root/.m2 \ mvn -q -DskipTests package +# ========================= +# 1.5) Whatap Agent unpack stage +# ========================= +FROM eclipse-temurin:25-jdk AS whatap_agent +WORKDIR /whatap +# repo root 하위 whatap/whatap.agent.java.tar.gz 를 넣어둔 상태라고 했으니 그대로 복사 +COPY whatap/whatap.agent.java.tar.gz /tmp/whatap.agent.java.tar.gz + +RUN set -eux; \ + mkdir -p /whatap; \ + tar -xzf /tmp/whatap.agent.java.tar.gz -C /whatap; \ + rm -f /tmp/whatap.agent.java.tar.gz; \ + ls -al /whatap; \ + # 버전이 붙은 jar명을 고정 파일명으로 링크/복사해두면 운영이 편함 + AGENT_JAR="$(ls -1 /whatap/whatap.agent*.jar 2>/dev/null | head -n 1)"; \ + test -n "$AGENT_JAR"; \ + cp -f "$AGENT_JAR" /whatap/whatap.agent.jar # ========================= # 2) jlink로 Slim JRE 생성 @@ -24,10 +37,8 @@ RUN --mount=type=cache,target=/root/.m2 \ FROM eclipse-temurin:25-jdk AS jre WORKDIR /jrebuild -# Fat JAR 복사 COPY --from=builder /app/target/*.jar ./app.jar -# jdeps + jlink : Spring Boot + Tomcat용 공통 모듈 세트 포함 RUN set -eux; \ DEPS="$(jdeps --ignore-missing-deps --multi-release=25 --print-module-deps app.jar)"; \ jlink --strip-debug --no-man-pages --no-header-files --compress=2 \ @@ -37,28 +48,27 @@ java.logging,java.security.jgss,jdk.security.auth,java.security.sasl,java.instru jdk.crypto.ec,jdk.unsupported" \ --output /opt/jre - # ========================= # 3) Runtime (Distroless) # ========================= FROM gcr.io/distroless/base-debian12:nonroot WORKDIR /app -# jlink로 만든 JRE + 앱 복사 -COPY --from=jre /opt/jre /opt/jre -COPY --from=builder /app/target/*.jar ./app.jar +COPY --from=jre /opt/jre /opt/jre +COPY --from=builder /app/target/*.jar ./app.jar + +# ✅ Whatap agent 파일도 런타임에 포함 +COPY --from=whatap_agent /whatap /whatap -# java 실행 경로 ENV PATH="/opt/jre/bin:${PATH}" -# JVM 옵션 +# ✅ -javaagent는 여기서 기본 탑재 (배포에서 덮어써도 됨) ENV JAVA_TOOL_OPTIONS="\ +-javaagent:/whatap/whatap.agent.jar \ -XX:+UseContainerSupport \ -XX:MaxRAMPercentage=75 \ -XX:+ExitOnOutOfMemoryError \ -XX:+AlwaysActAsServerClassMachine" EXPOSE 8080 - -ENTRYPOINT ["java", "-jar", "/app/app.jar"] - +ENTRYPOINT ["java", "-jar", "/app/app.jar"] \ No newline at end of file diff --git a/Dockerfile.bak b/Dockerfile.bak new file mode 100644 index 000000000..c0679a4c5 --- /dev/null +++ b/Dockerfile.bak @@ -0,0 +1,64 @@ +# ========================= +# 1) Build (Maven + JDK 25) +# ========================= +FROM maven:3.9-eclipse-temurin-25 AS builder +WORKDIR /app + +# 의존성 캐시 +COPY pom.xml ./ +RUN --mount=type=cache,target=/root/.m2 \ + mvn -q -DskipTests dependency:go-offline + +# 전체 소스 복사 +COPY . . + +# 패키징 (테스트 스킵) +RUN --mount=type=cache,target=/root/.m2 \ + mvn -q -DskipTests package + + + +# ========================= +# 2) jlink로 Slim JRE 생성 +# ========================= +FROM eclipse-temurin:25-jdk AS jre +WORKDIR /jrebuild + +# Fat JAR 복사 +COPY --from=builder /app/target/*.jar ./app.jar + +# jdeps + jlink : Spring Boot + Tomcat용 공통 모듈 세트 포함 +RUN set -eux; \ + DEPS="$(jdeps --ignore-missing-deps --multi-release=25 --print-module-deps app.jar)"; \ + jlink --strip-debug --no-man-pages --no-header-files --compress=2 \ + --add-modules "$DEPS,\ +java.desktop,java.management,jdk.management,java.sql,java.naming,\ +java.logging,java.security.jgss,jdk.security.auth,java.security.sasl,java.instrument,\ +jdk.crypto.ec,jdk.unsupported" \ + --output /opt/jre + + +# ========================= +# 3) Runtime (Distroless) +# ========================= +FROM gcr.io/distroless/base-debian12:nonroot +WORKDIR /app + +# jlink로 만든 JRE + 앱 복사 +COPY --from=jre /opt/jre /opt/jre +COPY --from=builder /app/target/*.jar ./app.jar + +# java 실행 경로 +ENV PATH="/opt/jre/bin:${PATH}" + +# JVM 옵션 +ENV JAVA_TOOL_OPTIONS="\ +-XX:+UseContainerSupport \ +-XX:MaxRAMPercentage=75 \ +-XX:+ExitOnOutOfMemoryError \ +-XX:+AlwaysActAsServerClassMachine" + +EXPOSE 8080 + +ENTRYPOINT ["java", "-jar", "/app/app.jar"] + diff --git a/k8s/aws/10-petclinic-secret-whatap.yaml b/k8s/aws/10-petclinic-secret-whatap.yaml new file mode 100644 index 000000000..ee92fc471 --- /dev/null +++ b/k8s/aws/10-petclinic-secret-whatap.yaml @@ -0,0 +1,31 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: whatap-apm-secret + namespace: petclinic-ns +spec: + refreshInterval: 1h + secretStoreRef: + name: aws-secretsmanager + kind: ClusterSecretStore + target: + name: whatap-apm-secret + creationPolicy: Owner + template: + type: Opaque + data: + paramkey.txt: | + ABCDEF + data: + - secretKey: WHATAP_LICENSE + remoteRef: + key: /finalproj/dev/whatap-apm + property: license + - secretKey: WHATAP_SERVER_HOST + remoteRef: + key: /finalproj/dev/whatap-apm + property: server_host + - secretKey: WHATAP_MICRO_ENABLED + remoteRef: + key: /finalproj/dev/whatap-apm + property: micro_enabled diff --git a/k8s/aws/20-petclinic-Deployments-postgre.yaml b/k8s/aws/20-petclinic-Deployments-postgre.yaml index a76df97a6..800001d55 100644 --- a/k8s/aws/20-petclinic-Deployments-postgre.yaml +++ b/k8s/aws/20-petclinic-Deployments-postgre.yaml @@ -15,7 +15,6 @@ spec: labels: app: petclinic spec: - # 🔹 여기: service account 지정 serviceAccountName: petclinic-sa nodeSelector: @@ -27,17 +26,25 @@ spec: value: "app" effect: "NoSchedule" + # ✅ (추가) paramkey.txt를 Secret에서 파일로 마운트하기 위한 볼륨 + volumes: + - name: whatap-paramkey + secret: + secretName: whatap-apm-secret + items: + - key: paramkey.txt + path: paramkey.txt + containers: - name: petclinic-container image: 723926525504.dkr.ecr.ap-northeast-2.amazonaws.com/eks/petclinic:138ba75 - - # DB 설정은 ConfigMap / Secret에서 그대로 가져오기 envFrom: - secretRef: name: petclinic-db-secret + - secretRef: + name: whatap-apm-secret - # 🔹 여기: Spring profile을 postgres용으로 env: - name: SPRING_PROFILES_ACTIVE value: "postgres" @@ -45,7 +52,26 @@ spec: value: "org.postgresql.Driver" - name: APP_VERSION value: "local" - + + # ✅ Whatap + 기존 JVM 옵션 (덮어쓰기 주의 OK) + - name: JAVA_TOOL_OPTIONS + value: >- + -javaagent:/whatap/whatap.agent.jar + -Dwhatap.server.host=$(WHATAP_SERVER_HOST) + -Dlicense=$(WHATAP_LICENSE) + -Dwhatap.micro.enabled=$(WHATAP_MICRO_ENABLED) + -Dwhatap.paramkey=/whatap-conf/paramkey.txt + -XX:+UseContainerSupport + -XX:MaxRAMPercentage=75 + -XX:+ExitOnOutOfMemoryError + -XX:+AlwaysActAsServerClassMachine + + # ✅ (위치 중요) containers[] 내부에 있어야 함 + volumeMounts: + - name: whatap-paramkey + mountPath: /whatap-conf + readOnly: true + ports: - name: http containerPort: 8080