Secret Sync 공식 자료: Secret Sync
AWS Secret Manager Sync 자료: Secret Manager Sync
24. 8. 31.약 5 분
Dev Mode 를 활용한 테스트
목적 : Spring boot 기반 애플리케이션에서 Nomad 를 이용하여 Vault의 dynamic secret 을 최소한의 코드변경으로 사용할 수 있는 워크 플로우 구성
코드 기반 인경우의 예제 : https://dev.to/aws-builders/aws-sts-with-spring-cloud-vault-1e5g
Vault-Nomad Integration : https://www.nomadproject.io/docs/integrations/vault-integration
Version (Download)
- Nomad v1.3.1 (2b054e38e91af964d1235faa98c286ca3f527e56)
- Vault v1.10.3 (af866591ee60485f05d6e32dd63dde93df686dfb)
Kubernetes 환경인 경우 Vault CSI Provider를 통해 비슷한 구성 가능 : https://www.vaultproject.io/docs/platform/k8s/csi
22. 5. 28.약 21 분
22. 4. 19.약 6 분
- aws cloud 환경에서 별도의 모니터링 툴을 사용하지 않고 nomad-apm 기능을 이용한 auscaler 구성
- Nomad Autoscaler 다운로드 :
- 주요링크
- Nomad Autoscaler aws IAM policy 관련 : https://www.nomadproject.io/tools/autoscaling/plugins/target/aws-asg
- Nomad Autoscaler policy 관련 : https://www.nomadproject.io/tools/autoscaling/policy
- Nomad Autoscaler의 nomad-apm 을 사용하는 경우 : https://www.nomadproject.io/tools/autoscaling/plugins/apm/nomad
22. 2. 16.약 6 분
ubuntu.pkr.hcl
# packer init client.pkr.hcl
# packer build -force .
variable "region" {
default = "ap-northeast-2"
}
variable "cni-version" {
default = "1.0.1"
}
packer {
required_plugins {
amazon = {
version = ">= 0.0.2"
source = "github.com/hashicorp/amazon"
}
}
}
source "amazon-ebs" "example" {
ami_name = "gs_demo_ubuntu_{{timestamp}}"
instance_type = "t3.micro"
region = var.region
source_ami_filter {
filters = {
name = "ubuntu/images/*ubuntu-bionic-18.04-amd64-server-*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["099720109477"]
}
ssh_username = "ubuntu"
}
build {
sources = ["source.amazon-ebs.example"]
provisioner "file" {
source = "./file/"
destination = "/tmp"
}
provisioner "shell" {
inline = [
"set -x",
"echo Connected via Consul/Nomad client at \"${build.User}@${build.Host}:${build.Port}\"",
"sudo apt-get update",
"sudo apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release",
"sudo apt-get update",
"curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -",
"sudo apt-add-repository \"deb [arch=amd64] https://apt.releases.hashicorp.com bionic main\"",
"sudo apt-get update && sudo apt-get -y install consul nomad netcat nginx",
"curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -",
"sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable\"",
"sudo apt-get update",
"sudo apt-get install -y docker-ce openjdk-11-jdk",
"curl -sL -o cni-plugins.tgz https://github.com/containernetworking/plugins/releases/download/v${var.cni-version}/cni-plugins-linux-amd64-v${var.cni-version}.tgz",
"sudo mkdir -p /opt/cni/bin",
"sudo tar -C /opt/cni/bin -xzf cni-plugins.tgz",
]
}
}
21. 12. 20.약 4 분
windows.pkr.hcl
variable "region" {
default = "ap-northeast-2"
}
variable "cni-version" {
default = "1.0.1"
}
locals {
nomad_url = "https://releases.hashicorp.com/nomad/1.2.3/nomad_1.2.3_windows_amd64.zip"
consul_url = "https://releases.hashicorp.com/consul/1.11.1/consul_1.11.1_windows_amd64.zip"
jre_url = "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.13%2B8/OpenJDK11U-jre_x64_windows_hotspot_11.0.13_8.zip"
}
packer {
required_plugins {
amazon = {
version = ">= 0.0.2"
source = "github.com/hashicorp/amazon"
}
}
}
source "amazon-ebs" "example" {
ami_name = "gs_demo_windows_{{timestamp}}"
communicator = "winrm"
instance_type = "t2.micro"
region = var.region
source_ami_filter {
filters = {
name = "*Windows_Server-2019-English-Full-Base*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["amazon"]
}
user_data_file = "./bootstrap_win.txt"
winrm_password = "SuperS3cr3t!!!!"
winrm_username = "Administrator"
}
build {
sources = ["source.amazon-ebs.example"]
provisioner "powershell" {
inline = [
"New-Item \"C:\\temp\" -ItemType Directory",
]
}
// provisioner "file" {
// source = "./file/"
// destination = "/tmp"
// }
provisioner "powershell" {
inline = [
"New-Item \"C:\\hashicorp\\jre\\\" -ItemType Directory",
"New-Item \"C:\\hashicorp\\consul\\bin\\\" -ItemType Directory",
"New-Item \"C:\\hashicorp\\consul\\data\\\" -ItemType Directory",
"New-Item \"C:\\hashicorp\\consul\\conf\\\" -ItemType Directory",
"New-Item \"C:\\hashicorp\\nomad\\bin\\\" -ItemType Directory",
"New-Item \"C:\\hashicorp\\nomad\\data\\\" -ItemType Directory",
"New-Item \"C:\\hashicorp\\nomad\\conf\\\" -ItemType Directory",
"Invoke-WebRequest -Uri ${local.jre_url} -OutFile $env:TEMP\\jre.zip",
"Invoke-WebRequest -Uri ${local.consul_url} -OutFile $env:TEMP\\consul.zip",
"Invoke-WebRequest -Uri ${local.nomad_url} -OutFile $env:TEMP\\nomad.zip",
"Expand-Archive $env:TEMP\\jre.zip -DestinationPath C:\\hashicorp\\jre\\",
"Expand-Archive $env:TEMP\\consul.zip -DestinationPath C:\\hashicorp\\consul\\bin\\",
"Expand-Archive $env:TEMP\\nomad.zip -DestinationPath C:\\hashicorp\\nomad\\bin\\",
"[Environment]::SetEnvironmentVariable(\"Path\", $env:Path + \";C:\\hashicorp\\jre\\jdk-11.0.13+8-jre\\bin;C:\\hashicorp\\nomad\\bin;C:\\hashicorp\\consul\\bin\", \"Machine\")",
// "$old = (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment' -Name path).path",
// "$new = \"$old;C:\\hashicorp\\jre\\jdk-11.0.13+8-jre\\bin;C:\\hashicorp\\nomad\\bin;C:\\hashicorp\\consul\\bin\"",
// "Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment' -Name path -Value $new",
]
}
}
21. 12. 20.약 9 분