AWS 컨테이너 서비스 (ECR)
사용하는 것 보다는 환경을 설정해주는 것이 많이 어렵고 복잡하다.
(사실상 매뉴얼대로 해도 안될 수도 있다.)
EC2에 도커를 설치하고 컨테이너를 올릴 수도 있다.
컨테이너 이미지 저장소
Amazon ECR (Elastic Container Registry)
오케스트레이션 도구
Amazon EKS (쿠버네티스)
Amazon ECS (도커)
컨테이너 호스팅 방식
EC2 - 지속해서 사용하는 경우 Fargate보다 비용적으로 이점이 있다.
Fargate - 서버리스 방식으로 잠깐쓰고 안쓴다면 이게 더 저렴함
ECR 생성 및 푸시 실습
사전 설정
1. IAM을 통해서 계정을 하나 만들자
- 권한은 ecs full access 권한을 줄 수도 있으나, 그것만으로는 부족할 수 있으니 admin access 관리자 권한을 준다
2. VPC를 새로 만들자
1. EC2 인스턴스 생성 - 도커파일 빌드를 위한.
2. 프라이빗 ECR로 컨테이너 이미지 업로드
1) EC2 인스턴스에 접속
, #_
~\_ ####_ Amazon Linux 2023
~~ \_#####\
~~ \###|
~~ \#/ ___ https://aws.amazon.com/linux/amazon-linux-2023
~~ V~' '->
~~~ /
~~._. _/
_/ _/
_/m/'
[ec2-user@ip-10-20-13-22 ~]$
2) Dockerfile과 src/index.html 생성
[ec2-user@ip-10-20-13-22 ~]$ mkdir work
[ec2-user@ip-10-20-13-22 ~]$ cd work/
[ec2-user@ip-10-20-13-22 work]$ ls
[ec2-user@ip-10-20-13-22 work]$ vim Dockerfile
[ec2-user@ip-10-20-13-22 work]$ cat Dockerfile
FROM alpine
RUN apk update
RUN apk add apache2
COPY src/index.html /var/www/localhost/htdocs/index.html
ENTRYPOINT ["/usr/sbin/httpd","-D","FOREGROUND"]
[ec2-user@ip-10-20-13-22 work]$ mkdir src
[ec2-user@ip-10-20-13-22 work]$ vim src/index.html
[ec2-user@ip-10-20-13-22 work]$ cat src/index.html
<h1> Hi ECR </h1>
3) 도커 설치
[ec2-user@ip-10-20-13-22 work]$ sudo yum -y install docker
Installed:
containerd-1.7.11-1.amzn2023.0.1.x86_64 docker-25.0.3-1.amzn2023.0.1.x86_64
iptables-libs-1.8.8-3.amzn2023.0.2.x86_64 iptables-nft-1.8.8-3.amzn2023.0.2.x86_64
libcgroup-3.0-1.amzn2023.0.1.x86_64 libnetfilter_conntrack-1.0.8-2.amzn2023.0.2.x86_64
libnfnetlink-1.0.1-19.amzn2023.0.2.x86_64 libnftnl-1.2.2-2.amzn2023.0.2.x86_64
pigz-2.5-1.amzn2023.0.3.x86_64 runc-1.1.11-1.amzn2023.0.1.x86_64
Complete!
[ec2-user@ip-10-20-13-22 work]$ sudo systemctl start docker
[ec2-user@ip-10-20-13-22 work]$ sudo usermod -aG docker ec2-user (sudo 안써도 되게)
새로 로그인!!!!!
# 설치 확인
[ec2-user@ip-10-20-13-22 work]$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c1ec31eb5944: Pull complete
Digest: sha256:53641cd209a4fecfc68e21a99871ce8c6920b2e7502df0a20671c6fccc73a7c6
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
4) 도커 이미지 생성 (빌드)
[ec2-user@ip-10-20-13-22 work]$ docker build -t alpine:httpd .
[+] Building 5.1s (9/9) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 240B 0.0s
=> [internal] load metadata for docker.io/library/alpine:latest 2.3s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/4] FROM docker.io/library/alpine:latest@sha256:c5b1261d6d3e43071626931fc004f70149baeb 0.5s
=> => resolve docker.io/library/alpine:latest@sha256:c5b1261d6d3e43071626931fc004f70149baeb 0.0s
=> => sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad 1.64kB / 1.64kB 0.0s
=> => sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0 528B / 528B 0.0s
=> => sha256:05455a08881ea9cf0e752bc48e61bbd71a34c029bb13df01e40e3e70e0d007 1.47kB / 1.47kB 0.0s
=> => sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fba 3.41MB / 3.41MB 0.3s
=> => extracting sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 0.2s
=> [internal] load build context 0.0s
=> => transferring context: 204B 0.0s
=> [2/4] RUN apk update 0.9s
=> [3/4] RUN apk add apache2 1.1s
=> [4/4] COPY src/index.html /var/www/localhost/htdocs/index.html 0.1s
=> exporting to image 0.1s
=> => exporting layers 0.1s
=> => writing image sha256:55a547ec21487871d7b7d22c570640251c8eaa55f1673f99135dd02785495306 0.0s
=> => naming to docker.io/library/alpine:apache 0.0s
5) 도커 컨테이너 실행 및 이미지 제대로 된건지 확인
[ec2-user@ip-10-20-13-22 work]$ docker run -d alpine:httpd
3c7e7d291ce708d77afb9247145fe5b37ae5972f10cb9acf79f45b8dd959b14e
[ec2-user@ip-10-20-13-22 work]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine httpd 54bcac23f51b 22 seconds ago 13.4MB
alpine apache 55a547ec2148 7 minutes ago 13.4MB
hello-world latest d2c94e258dcb 10 months ago 13.3kB
[ec2-user@ip-10-20-13-22 work]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3c7e7d291ce7 alpine:httpd "/usr/sbin/httpd -D …" 10 seconds ago Up 9 seconds nice_gauss
ac213f9816f5 alpine:apache "/usr/sbin/httpd -D …" 6 minutes ago Up 6 minutes confident_easley
[ec2-user@ip-10-20-13-22 work]$ docker inspect nice_gauss |grep -i ipa
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.3",
"IPAMConfig": null,
"IPAddress": "172.17.0.3",
[ec2-user@ip-10-20-13-22 work]$ curl 172.17.0.3
<h1> Hi ECR </h1>
6) 리포지토리 생성 (ECR)
7) 리포지 토리 푸시
[ec2-user@ip-10-20-13-22 work]$ sudo aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin .dkr.ecr.ap-northeast-2.amazonaws.com
Unable to locate credentials. You can configure credentials by running "aws configure".
Error: Cannot perform an interactive login from a non TTY device
안됨
8) 액세스 키부터 만들어야함
사용자 > 보안 자격 증명 > 액세스 키 생성
[ec2-user@ip-10-20-13-22 work]$ aws configure
AWS Access Key ID [None]: AKIAYS2NT2EELOUSQDMB
AWS Secret Access Key [None]: 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
Default region name [None]: ap-northeast-2
Default output format [None]: json
[ec2-user@ip-10-20-13-22 work]$ cat ~/.aws/config
[default]
region = ap-northeast-2
output = json[ec2-user@ip-10-20-13-22 work]$ aws sts get-caller-identity
{
"UserId": "AIDAYS2NT2EENJB4VIMKC",
"Account": "----------",
"Arn": "arn:aws:iam::----------:user/ecsadmin"
}
9) 다시 푸시명령으로 돌아와서 1번부터 해주면 됨
1번 인증 토큰을 검색하고 레지스트리에 대해 Docker 클라이언트를 인증합니다.
[ec2-user@ip-10-20-13-22 work]$ aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS
--password-stdin -------.dkr.ecr.ap-northeast-2.amazonaws.com
WARNING! Your password will be stored unencrypted in /home/ec2-user/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
2번은 alpine:httpd 빌드 했으므로 패스
3번 빌드가 완료되면 이미지에 태그를 지정하여 이 리포지토리에 푸시할 수 있습니다.
[ec2-user@ip-10-20-13-22 work]$ docker tag alpine:httpd ------.dkr.ecr.ap-northeast-2.amazonaws.com/alpine-web:latest
[ec2-user@ip-10-20-13-22 work]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
------------.dkr.ecr.ap-northeast-2.amazonaws.com/alpine-web latest 54bcac23f51b 27 minutes ago 13.4MB
alpine httpd 54bcac23f51b 27 minutes ago 13.4MB
alpine apache 55a547ec2148 34 minutes ago 13.4MB
hello-world latest d2c94e258dcb 10 months ago 13.3kB
4번 다음 명령을 실행하여 이 이미지를 새로 생성한 AWS 리포지토리로 푸시합니다.
[ec2-user@ip-10-20-13-22 work]$ docker push ---------.dkr.ecr.ap-northeast-2.amazonaws.com/alpine-web:latest
The push refers to repository [---------.dkr.ecr.ap-northeast-2.amazonaws.com/alpine-web]
87a0b23dda88: Pushed
3fbb36f63644: Pushed
8a3c5724e3f5: Pushed
d4fc045c9e3a: Pushed
latest: digest: sha256:e7a5d8774babbf936b041be09e38655df9d2501344c2788b4853e129d365e4d3 size: 1157
3. 퍼블릭 리포지토리에 업로드
1번 인증 토큰을 검색하고 레지스트리에 대해 Docker 클라이언트를 인증합니다.
# 리전이 이상해보여도 그냥 하면 된다.
[ec2-user@ip-10-20-13-22 work]$ aws ecr-public get-login-password --region us-east-1 | docker login --username AWS
--password-stdin public.ecr.aws/w2x3b4b6
WARNING! Your password will be stored unencrypted in /home/ec2-user/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
3번
[ec2-user@ip-10-20-13-22 work]$ docker tag alpine:httpd public.ecr.aws/w2x3b4b6/alpine-apache:latest
[ec2-user@ip-10-20-13-22 work]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
------------.dkr.ecr.ap-northeast-2.amazonaws.com/alpine-web latest 54bcac23f51b 39 minutes ago 13.4MB
alpine httpd 54bcac23f51b 39 minutes ago 13.4MB
public.ecr.aws/w2x3b4b6/alpine-apache latest 54bcac23f51b 39 minutes ago 13.4MB
alpine apache 55a547ec2148 46 minutes ago 13.4MB
hello-world latest d2c94e258dcb 10 months ago 13.3kB
4번
[ec2-user@ip-10-20-13-22 work]$ docker push public.ecr.aws/w2x3b4b6/alpine-apache:latest
The push refers to repository [public.ecr.aws/w2x3b4b6/alpine-apache]
87a0b23dda88: Pushed
3fbb36f63644: Pushed
8a3c5724e3f5: Pushed
d4fc045c9e3a: Pushed
latest: digest: sha256:e7a5d8774babbf936b041be09e38655df9d2501344c2788b4853e129d365e4d3 size: 1157
'Cloud > Aws' 카테고리의 다른 글
| Amazon ECS (0) | 2024.03.21 |
|---|---|
| Amazon EFS (0) | 2024.03.18 |
| 객체 스토리지 - Amazon S3 (0) | 2024.03.18 |
| 관계형 데이터 베이스 서비스 - Amazon RDS, Aurora (0) | 2024.03.15 |
| Private Subnet (0) | 2024.03.15 |