Jenkins CI/CD 파이프라인 완전 구축 및 가이드 개선

주요 작업: - Kustomize 기반 환경별 배포 구조 완성 (dev/staging/prod) - deployment-patch.yaml 개선: replicas + resources 통합 관리 - Strategic Merge Patch 형식으로 변경하여 가독성 및 유지보수성 향상 - 환경별 차등 리소스 할당 정책 적용 - Jenkins 파이프라인 스크립트 및 수동 배포 스크립트 완성 - 상세한 체크리스트 및 실수 방지 가이드 추가 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-06-13 03:59:10 +00:00 · 2025-09-12 12:09:54 +09:00
parent 892f30ba44
commit 042198deb0
63 changed files with 1156 additions and 1615 deletions
@@ -4,5 +4,8 @@ metadata:
  name: cm-common
 data:
  CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.20.214.196.128.nip.io"
+  JWT_ACCESS_TOKEN_VALIDITY: "18000000"  # 5시간
+  JWT_REFRESH_TOKEN_VALIDITY: "86400000"
+  REDIS_PORT: "6379"
  SPRING_PROFILES_ACTIVE: "dev"
-  DDL_AUTO: "update"
+  DDL_AUTO: "update"
@@ -0,0 +1,89 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-gateway
+spec:
+  replicas: 1
+  template:
+    spec:
+      containers:
+      - name: api-gateway
+        resources:
+          requests:
+            cpu: 256m
+            memory: 256Mi
+          limits:
+            cpu: 1024m
+            memory: 1024Mi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-service
+spec:
+  replicas: 1
+  template:
+    spec:
+      containers:
+      - name: user-service
+        resources:
+          requests:
+            cpu: 256m
+            memory: 256Mi
+          limits:
+            cpu: 1024m
+            memory: 1024Mi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bill-service
+spec:
+  replicas: 1
+  template:
+    spec:
+      containers:
+      - name: bill-service
+        resources:
+          requests:
+            cpu: 256m
+            memory: 256Mi
+          limits:
+            cpu: 1024m
+            memory: 1024Mi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: product-service
+spec:
+  replicas: 1
+  template:
+    spec:
+      containers:
+      - name: product-service
+        resources:
+          requests:
+            cpu: 256m
+            memory: 256Mi
+          limits:
+            cpu: 1024m
+            memory: 1024Mi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kos-mock
+spec:
+  replicas: 1
+  template:
+    spec:
+      containers:
+      - name: kos-mock
+        resources:
+          requests:
+            cpu: 256m
+            memory: 256Mi
+          limits:
+            cpu: 1024m
+            memory: 1024Mi
@@ -6,5 +6,43 @@ metadata:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
 spec:
+  ingressClassName: nginx
  rules:
-  - host: phonebill-api.20.214.196.128.nip.io
+  - host: phonebill-api.20.214.196.128.nip.io
+    http:
+      paths:
+      - path: /api/v1/auth
+        pathType: Prefix
+        backend:
+          service:
+            name: user-service
+            port:
+              number: 80
+      - path: /api/v1/users
+        pathType: Prefix
+        backend:
+          service:
+            name: user-service
+            port:
+              number: 80
+      - path: /api/v1/bills
+        pathType: Prefix
+        backend:
+          service:
+            name: bill-service
+            port:
+              number: 80
+      - path: /api/v1/products
+        pathType: Prefix
+        backend:
+          service:
+            name: product-service
+            port:
+              number: 80
+      - path: /api/v1/kos
+        pathType: Prefix
+        backend:
+          service:
+            name: kos-mock
+            port:
+              number: 80
@@ -4,16 +4,30 @@ kind: Kustomization
 namespace: phonebill-dev

 resources:
- ../../base
+  - ../../base
+
+patchesStrategicMerge:
+  - configmap-common-patch.yaml
+  - deployment-patch.yaml
+  - ingress-patch.yaml
+  - secret-common-patch.yaml
+  - secret-user-service-patch.yaml
+  - secret-bill-service-patch.yaml
+  - secret-product-service-patch.yaml
+
+images:
+  - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
+    newTag: dev-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/user-service
+    newTag: dev-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
+    newTag: dev-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/product-service
+    newTag: dev-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
+    newTag: dev-latest
+
+namePrefix: dev-

 commonLabels:
-  env: dev
-  
-patchesStrategicMerge:
- configmap-common-patch.yaml
- secret-common-patch.yaml
- ingress-patch.yaml
- replica-patch.yaml
- secret-user-service-patch.yaml
- secret-bill-service-patch.yaml
- secret-product-service-patch.yaml
+  environment: dev
@@ -1,35 +0,0 @@
-# Replica count patches for dev environment
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: api-gateway
-spec:
-  replicas: 1
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: user-service
-spec:
-  replicas: 1
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: bill-service
-spec:
-  replicas: 1
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: product-service
-spec:
-  replicas: 1
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kos-mock
-spec:
-  replicas: 1
@@ -5,4 +5,6 @@ metadata:
 type: Opaque
 stringData:
  DB_HOST: "bill-inquiry-postgres-dev-postgresql"
-  DB_PASSWORD: "BillUser2025!"
+  DB_NAME: "bill_inquiry_db"
+  DB_USERNAME: "bill_inquiry_user"
+  DB_PASSWORD: "BillUser2025!"
@@ -4,5 +4,6 @@ metadata:
  name: secret-common
 type: Opaque
 stringData:
+  JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
  REDIS_HOST: "redis-cache-dev-master"
-  REDIS_PASSWORD: "Redis2025Dev!"
+  REDIS_PASSWORD: "Redis2025Dev!"
@@ -5,4 +5,6 @@ metadata:
 type: Opaque
 stringData:
  DB_HOST: "product-change-postgres-dev-postgresql"
-  DB_PASSWORD: "ProductUser2025!"
+  DB_NAME: "product_change_db"
+  DB_USERNAME: "product_change_user"
+  DB_PASSWORD: "ProductUser2025!"
@@ -5,4 +5,6 @@ metadata:
 type: Opaque
 stringData:
  DB_HOST: "auth-postgres-dev-postgresql"
-  DB_PASSWORD: "AuthUser2025!"
+  DB_NAME: "phonebill_auth"
+  DB_USERNAME: "auth_user"
+  DB_PASSWORD: "AuthUser2025!"
@@ -3,6 +3,9 @@ kind: ConfigMap
 metadata:
  name: cm-common
 data:
-  CORS_ALLOWED_ORIGINS: "https://phonebill.example.com,https://phonebill-app.example.com"
+  CORS_ALLOWED_ORIGINS: "https://phonebill.20.214.196.128.nip.io"
+  JWT_ACCESS_TOKEN_VALIDITY: "3600000"  # 1시간
+  JWT_REFRESH_TOKEN_VALIDITY: "86400000"
+  REDIS_PORT: "6379"
  SPRING_PROFILES_ACTIVE: "prod"
-  DDL_AUTO: "validate"
+  DDL_AUTO: "validate"
@@ -0,0 +1,89 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-gateway
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: api-gateway
+        resources:
+          requests:
+            cpu: 1024m
+            memory: 1024Mi
+          limits:
+            cpu: 4096m
+            memory: 4096Mi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-service
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: user-service
+        resources:
+          requests:
+            cpu: 1024m
+            memory: 1024Mi
+          limits:
+            cpu: 4096m
+            memory: 4096Mi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bill-service
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: bill-service
+        resources:
+          requests:
+            cpu: 1024m
+            memory: 1024Mi
+          limits:
+            cpu: 4096m
+            memory: 4096Mi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: product-service
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: product-service
+        resources:
+          requests:
+            cpu: 1024m
+            memory: 1024Mi
+          limits:
+            cpu: 4096m
+            memory: 4096Mi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kos-mock
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: kos-mock
+        resources:
+          requests:
+            cpu: 1024m
+            memory: 1024Mi
+          limits:
+            cpu: 4096m
+            memory: 4096Mi
@@ -7,10 +7,50 @@ metadata:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-protocols: "TLSv1.2 TLSv1.3"
+    nginx.ingress.kubernetes.io/ssl-ciphers: "ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-GCM-SHA384"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
-    - phonebill-api.example.com
+    - phonebill.20.214.196.128.nip.io
    secretName: phonebill-prod-tls
  rules:
-  - host: phonebill-api.example.com
+  - host: phonebill.20.214.196.128.nip.io
+    http:
+      paths:
+      - path: /api/v1/auth
+        pathType: Prefix
+        backend:
+          service:
+            name: user-service
+            port:
+              number: 80
+      - path: /api/v1/users
+        pathType: Prefix
+        backend:
+          service:
+            name: user-service
+            port:
+              number: 80
+      - path: /api/v1/bills
+        pathType: Prefix
+        backend:
+          service:
+            name: bill-service
+            port:
+              number: 80
+      - path: /api/v1/products
+        pathType: Prefix
+        backend:
+          service:
+            name: product-service
+            port:
+              number: 80
+      - path: /api/v1/kos
+        pathType: Prefix
+        backend:
+          service:
+            name: kos-mock
+            port:
+              number: 80
@@ -4,10 +4,30 @@ kind: Kustomization
 namespace: phonebill-prod

 resources:
- ../../base
+  - ../../base
+
+patchesStrategicMerge:
+  - configmap-common-patch.yaml
+  - deployment-patch.yaml
+  - ingress-patch.yaml
+  - secret-common-patch.yaml
+  - secret-user-service-patch.yaml
+  - secret-bill-service-patch.yaml
+  - secret-product-service-patch.yaml
+
+images:
+  - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
+    newTag: prod-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/user-service
+    newTag: prod-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
+    newTag: prod-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/product-service
+    newTag: prod-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
+    newTag: prod-latest
+
+namePrefix: prod-

 commonLabels:
-  env: prod
-  
-patchesStrategicMerge:
- env-patches.yaml
+  environment: prod
@@ -1,35 +0,0 @@
-# Replica count patches for production environment
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: api-gateway
-spec:
-  replicas: 3
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: user-service
-spec:
-  replicas: 3
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: bill-service
-spec:
-  replicas: 3
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: product-service
-spec:
-  replicas: 3
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kos-mock
-spec:
-  replicas: 2
@@ -5,4 +5,6 @@ metadata:
 type: Opaque
 stringData:
  DB_HOST: "bill-inquiry-postgres-prod-postgresql"
-  DB_PASSWORD: "BillUserProd$ecure2025!"
+  DB_NAME: "bill_inquiry_db"
+  DB_USERNAME: "bill_inquiry_user"
+  DB_PASSWORD: "BillUser2025Prod!"
@@ -4,5 +4,6 @@ metadata:
  name: secret-common
 type: Opaque
 stringData:
+  JWT_SECRET: "prod7Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/prod"
  REDIS_HOST: "redis-cache-prod-master"
-  REDIS_PASSWORD: "Redis2025Prod$ecure!"
+  REDIS_PASSWORD: "Redis2025Prod!"
@@ -5,4 +5,6 @@ metadata:
 type: Opaque
 stringData:
  DB_HOST: "product-change-postgres-prod-postgresql"
-  DB_PASSWORD: "ProductUserProd$ecure2025!"
+  DB_NAME: "product_change_db"
+  DB_USERNAME: "product_change_user"
+  DB_PASSWORD: "ProductUser2025Prod!"
@@ -5,4 +5,6 @@ metadata:
 type: Opaque
 stringData:
  DB_HOST: "auth-postgres-prod-postgresql"
-  DB_PASSWORD: "AuthUserProd$ecure2025!"
+  DB_NAME: "phonebill_auth"
+  DB_USERNAME: "auth_user"
+  DB_PASSWORD: "AuthUser2025Prod!"
@@ -3,6 +3,9 @@ kind: ConfigMap
 metadata:
  name: cm-common
 data:
-  CORS_ALLOWED_ORIGINS: "https://phonebill-staging.example.com,https://phonebill.staging.example.com"
+  CORS_ALLOWED_ORIGINS: "https://phonebill-staging.20.214.196.128.nip.io"
+  JWT_ACCESS_TOKEN_VALIDITY: "18000000"  # 5시간
+  JWT_REFRESH_TOKEN_VALIDITY: "86400000"
+  REDIS_PORT: "6379"
  SPRING_PROFILES_ACTIVE: "staging"
-  DDL_AUTO: "validate"
+  DDL_AUTO: "validate"
@@ -0,0 +1,89 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-gateway
+spec:
+  replicas: 2
+  template:
+    spec:
+      containers:
+      - name: api-gateway
+        resources:
+          requests:
+            cpu: 512m
+            memory: 512Mi
+          limits:
+            cpu: 2048m
+            memory: 2048Mi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-service
+spec:
+  replicas: 2
+  template:
+    spec:
+      containers:
+      - name: user-service
+        resources:
+          requests:
+            cpu: 512m
+            memory: 512Mi
+          limits:
+            cpu: 2048m
+            memory: 2048Mi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bill-service
+spec:
+  replicas: 2
+  template:
+    spec:
+      containers:
+      - name: bill-service
+        resources:
+          requests:
+            cpu: 512m
+            memory: 512Mi
+          limits:
+            cpu: 2048m
+            memory: 2048Mi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: product-service
+spec:
+  replicas: 2
+  template:
+    spec:
+      containers:
+      - name: product-service
+        resources:
+          requests:
+            cpu: 512m
+            memory: 512Mi
+          limits:
+            cpu: 2048m
+            memory: 2048Mi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kos-mock
+spec:
+  replicas: 2
+  template:
+    spec:
+      containers:
+      - name: kos-mock
+        resources:
+          requests:
+            cpu: 512m
+            memory: 512Mi
+          limits:
+            cpu: 2048m
+            memory: 2048Mi
@@ -7,9 +7,47 @@ metadata:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
-    - phonebill-api-staging.example.com
+    - phonebill-staging.20.214.196.128.nip.io
    secretName: phonebill-staging-tls
  rules:
-  - host: phonebill-api-staging.example.com
+  - host: phonebill-staging.20.214.196.128.nip.io
+    http:
+      paths:
+      - path: /api/v1/auth
+        pathType: Prefix
+        backend:
+          service:
+            name: user-service
+            port:
+              number: 80
+      - path: /api/v1/users
+        pathType: Prefix
+        backend:
+          service:
+            name: user-service
+            port:
+              number: 80
+      - path: /api/v1/bills
+        pathType: Prefix
+        backend:
+          service:
+            name: bill-service
+            port:
+              number: 80
+      - path: /api/v1/products
+        pathType: Prefix
+        backend:
+          service:
+            name: product-service
+            port:
+              number: 80
+      - path: /api/v1/kos
+        pathType: Prefix
+        backend:
+          service:
+            name: kos-mock
+            port:
+              number: 80
@@ -4,16 +4,30 @@ kind: Kustomization
 namespace: phonebill-staging

 resources:
- ../../base
+  - ../../base
+
+patchesStrategicMerge:
+  - configmap-common-patch.yaml
+  - deployment-patch.yaml
+  - ingress-patch.yaml
+  - secret-common-patch.yaml
+  - secret-user-service-patch.yaml
+  - secret-bill-service-patch.yaml
+  - secret-product-service-patch.yaml
+
+images:
+  - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
+    newTag: staging-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/user-service
+    newTag: staging-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
+    newTag: staging-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/product-service
+    newTag: staging-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
+    newTag: staging-latest
+
+namePrefix: staging-

 commonLabels:
-  env: staging
-  
-patchesStrategicMerge:
- configmap-common-patch.yaml
- secret-common-patch.yaml
- ingress-patch.yaml
- replica-patch.yaml
- secret-user-service-patch.yaml
- secret-bill-service-patch.yaml
- secret-product-service-patch.yaml
+  environment: staging
@@ -1,35 +0,0 @@
-# Replica count patches for staging environment
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: api-gateway
-spec:
-  replicas: 2
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: user-service
-spec:
-  replicas: 2
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: bill-service
-spec:
-  replicas: 2
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: product-service
-spec:
-  replicas: 2
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kos-mock
-spec:
-  replicas: 1
@@ -5,4 +5,6 @@ metadata:
 type: Opaque
 stringData:
  DB_HOST: "bill-inquiry-postgres-staging-postgresql"
-  DB_PASSWORD: "BillUserStaging2025!"
+  DB_NAME: "bill_inquiry_db"
+  DB_USERNAME: "bill_inquiry_user"
+  DB_PASSWORD: "BillUser2025Staging!"
@@ -4,5 +4,6 @@ metadata:
  name: secret-common
 type: Opaque
 stringData:
+  JWT_SECRET: "staging5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/staging"
  REDIS_HOST: "redis-cache-staging-master"
-  REDIS_PASSWORD: "Redis2025Staging!"
+  REDIS_PASSWORD: "Redis2025Staging!"
@@ -5,4 +5,6 @@ metadata:
 type: Opaque
 stringData:
  DB_HOST: "product-change-postgres-staging-postgresql"
-  DB_PASSWORD: "ProductUserStaging2025!"
+  DB_NAME: "product_change_db"
+  DB_USERNAME: "product_change_user"
+  DB_PASSWORD: "ProductUser2025Staging!"
@@ -5,4 +5,6 @@ metadata:
 type: Opaque
 stringData:
  DB_HOST: "auth-postgres-staging-postgresql"
-  DB_PASSWORD: "AuthUserStaging2025!"
+  DB_NAME: "phonebill_auth"
+  DB_USERNAME: "auth_user"
+  DB_PASSWORD: "AuthUser2025Staging!"