Jenkins CI/CD 파이프라인 업데이트

- Jenkinsfile 개선: SonarQube 분석, Quality Gate 추가 - 환경별 설정 파일 업데이트 (dev/staging/prod) - Kustomize base 및 overlay 파일 정리 - prod 환경 overlay 파일 추가 - 배포 스크립트 및 검증 스크립트 업데이트 - 파이프라인 가이드 문서 업데이트 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-06-12 19:49:10 +00:00 · 2025-12-01 12:57:35 +09:00
parent b467b84426
commit 0f054109bb
48 changed files with 372 additions and 387 deletions
@@ -1,8 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: api-gateway-config
-  
+  name: cm-api-gateway
  labels:
    app: api-gateway
    app.kubernetes.io/part-of: phonebill
@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: api-gateway
-  
  labels:
    app: api-gateway
    app.kubernetes.io/part-of: phonebill
@@ -25,11 +24,11 @@ spec:
          name: http
        envFrom:
        - configMapRef:
-            name: phonebill-common-config
+            name: cm-common
        - configMapRef:
-            name: api-gateway-config
+            name: cm-api-gateway
        - secretRef:
-            name: phonebill-common-secret
+            name: secret-common
        resources:
          requests:
            cpu: "256m"
@@ -2,7 +2,6 @@ apiVersion: v1
 kind: Service
 metadata:
  name: api-gateway
-  
  labels:
    app: api-gateway
    app.kubernetes.io/part-of: phonebill
@@ -1,8 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: bill-service-config
-  
+  name: cm-bill-service
  labels:
    app: bill-service
    app.kubernetes.io/part-of: phonebill
@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: bill-service
-  
  labels:
    app: bill-service
    app.kubernetes.io/part-of: phonebill
@@ -25,13 +24,13 @@ spec:
          name: http
        envFrom:
        - configMapRef:
-            name: phonebill-common-config
+            name: cm-common
        - configMapRef:
-            name: bill-service-config
+            name: cm-bill-service
        - secretRef:
-            name: phonebill-common-secret
+            name: secret-common
        - secretRef:
-            name: bill-service-db-secret
+            name: secret-bill-service
        resources:
          requests:
            cpu: "256m"
@@ -1,8 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: bill-service-db-secret
-  
+  name: secret-bill-service
  labels:
    app: bill-service
    app.kubernetes.io/part-of: phonebill
@@ -2,7 +2,6 @@ apiVersion: v1
 kind: Service
 metadata:
  name: bill-service
-  
  labels:
    app: bill-service
    app.kubernetes.io/part-of: phonebill
@@ -1,8 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: phonebill-common-config
-  
+  name: cm-common
  labels:
    app.kubernetes.io/part-of: phonebill
 data:
@@ -2,7 +2,6 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: phonebill-ingress
-  
  labels:
    app.kubernetes.io/part-of: phonebill
  annotations:
@@ -10,6 +9,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "60"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "60"
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
 spec:
  ingressClassName: nginx
  rules:
@@ -1,13 +1,10 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: phonebill-common-secret
-  
+  name: secret-common
  labels:
    app.kubernetes.io/part-of: phonebill
 type: Opaque
 stringData:
-  # JWT Secret (최소 256비트 이상, HS256 알고리즘용)
  JWT_SECRET: "EK1ZV7vROOXREXbYe/BCISdQq0Yklk9JtoA2v88ux1DBDc0bDGiRRxHeDSb7GHkDP9IUYHMVsBi4/1rS4OhfRg=="
-  # Redis 비밀번호 (비밀번호 없는 경우 빈 값)
  REDIS_PASSWORD: "P@ssw0rd$"
@@ -1,8 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: kos-mock-config
-  
+  name: cm-kos-mock
  labels:
    app: kos-mock
    app.kubernetes.io/part-of: phonebill
@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: kos-mock
-  
  labels:
    app: kos-mock
    app.kubernetes.io/part-of: phonebill
@@ -25,11 +24,11 @@ spec:
          name: http
        envFrom:
        - configMapRef:
-            name: phonebill-common-config
+            name: cm-common
        - configMapRef:
-            name: kos-mock-config
+            name: cm-kos-mock
        - secretRef:
-            name: phonebill-common-secret
+            name: secret-common
        resources:
          requests:
            cpu: "256m"
@@ -2,7 +2,6 @@ apiVersion: v1
 kind: Service
 metadata:
  name: kos-mock
-  
  labels:
    app: kos-mock
    app.kubernetes.io/part-of: phonebill
@@ -1,8 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: product-service-config
-  
+  name: cm-product-service
  labels:
    app: product-service
    app.kubernetes.io/part-of: phonebill
@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: product-service
-  
  labels:
    app: product-service
    app.kubernetes.io/part-of: phonebill
@@ -25,13 +24,13 @@ spec:
          name: http
        envFrom:
        - configMapRef:
-            name: phonebill-common-config
+            name: cm-common
        - configMapRef:
-            name: product-service-config
+            name: cm-product-service
        - secretRef:
-            name: phonebill-common-secret
+            name: secret-common
        - secretRef:
-            name: product-service-db-secret
+            name: secret-product-service
        resources:
          requests:
            cpu: "256m"
@@ -1,8 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: product-service-db-secret
-  
+  name: secret-product-service
  labels:
    app: product-service
    app.kubernetes.io/part-of: phonebill
@@ -2,7 +2,6 @@ apiVersion: v1
 kind: Service
 metadata:
  name: product-service
-  
  labels:
    app: product-service
    app.kubernetes.io/part-of: phonebill
@@ -1,8 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: user-service-config
-  
+  name: cm-user-service
  labels:
    app: user-service
    app.kubernetes.io/part-of: phonebill
@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: user-service
-  
  labels:
    app: user-service
    app.kubernetes.io/part-of: phonebill
@@ -25,13 +24,13 @@ spec:
          name: http
        envFrom:
        - configMapRef:
-            name: phonebill-common-config
+            name: cm-common
        - configMapRef:
-            name: user-service-config
+            name: cm-user-service
        - secretRef:
-            name: phonebill-common-secret
+            name: secret-common
        - secretRef:
-            name: user-service-db-secret
+            name: secret-user-service
        resources:
          requests:
            cpu: "256m"
@@ -1,8 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: user-service-db-secret
-  
+  name: secret-user-service
  labels:
    app: user-service
    app.kubernetes.io/part-of: phonebill
@@ -2,7 +2,6 @@ apiVersion: v1
 kind: Service
 metadata:
  name: user-service
-  
  labels:
    app: user-service
    app.kubernetes.io/part-of: phonebill
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: phonebill-common-config
+  name: cm-common
  labels:
    app.kubernetes.io/part-of: phonebill
 data:
@@ -7,21 +7,18 @@ resources:
  - ../../base

 patches:
-  # Common patches
  - path: cm-common-patch.yaml
    target:
      kind: ConfigMap
-      name: phonebill-common-config
+      name: cm-common
  - path: secret-common-patch.yaml
    target:
      kind: Secret
-      name: phonebill-common-secret
+      name: secret-common
  - path: ingress-patch.yaml
    target:
      kind: Ingress
      name: phonebill-ingress
-
-  # Deployment patches
  - path: deployment-api-gateway-patch.yaml
    target:
      kind: Deployment
@@ -42,29 +39,27 @@ patches:
    target:
      kind: Deployment
      name: kos-mock
-
-  # Service Secret patches
  - path: secret-user-service-patch.yaml
    target:
      kind: Secret
-      name: user-service-db-secret
+      name: secret-user-service
  - path: secret-bill-service-patch.yaml
    target:
      kind: Secret
-      name: bill-service-db-secret
+      name: secret-bill-service
  - path: secret-product-service-patch.yaml
    target:
      kind: Secret
-      name: product-service-db-secret
+      name: secret-product-service

 images:
  - name: docker.io/hiondal/api-gateway
-    newTag: latest
+    newTag: dev-latest
  - name: docker.io/hiondal/user-service
-    newTag: latest
+    newTag: dev-latest
  - name: docker.io/hiondal/bill-service
-    newTag: latest
+    newTag: dev-latest
  - name: docker.io/hiondal/product-service
-    newTag: latest
+    newTag: dev-latest
  - name: docker.io/hiondal/kos-mock
-    newTag: latest
+    newTag: dev-latest
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: bill-service-db-secret
+  name: secret-bill-service
  labels:
    app: bill-service
    app.kubernetes.io/part-of: phonebill
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: phonebill-common-secret
+  name: secret-common
  labels:
    app.kubernetes.io/part-of: phonebill
 type: Opaque
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: product-service-db-secret
+  name: secret-product-service
  labels:
    app: product-service
    app.kubernetes.io/part-of: phonebill
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: user-service-db-secret
+  name: secret-user-service
  labels:
    app: user-service
    app.kubernetes.io/part-of: phonebill
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: phonebill-common-config
+  name: cm-common
  labels:
    app.kubernetes.io/part-of: phonebill
 data:
@@ -16,7 +16,7 @@ spec:
  tls:
  - hosts:
    - phonebill.example.com
-    secretName: phonebill-prod-tls
+    secretName: phonebill-tls
  rules:
  - host: phonebill.example.com
    http:
@@ -1,27 +1,24 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

-namespace: phonebill-prod
+namespace: phonebill

 resources:
  - ../../base

 patches:
-  # Common patches
  - path: cm-common-patch.yaml
    target:
      kind: ConfigMap
-      name: phonebill-common-config
+      name: cm-common
  - path: secret-common-patch.yaml
    target:
      kind: Secret
-      name: phonebill-common-secret
+      name: secret-common
  - path: ingress-patch.yaml
    target:
      kind: Ingress
      name: phonebill-ingress
-
-  # Deployment patches
  - path: deployment-api-gateway-patch.yaml
    target:
      kind: Deployment
@@ -42,29 +39,27 @@ patches:
    target:
      kind: Deployment
      name: kos-mock
-
-  # Service Secret patches
  - path: secret-user-service-patch.yaml
    target:
      kind: Secret
-      name: user-service-db-secret
+      name: secret-user-service
  - path: secret-bill-service-patch.yaml
    target:
      kind: Secret
-      name: bill-service-db-secret
+      name: secret-bill-service
  - path: secret-product-service-patch.yaml
    target:
      kind: Secret
-      name: product-service-db-secret
+      name: secret-product-service

 images:
  - name: docker.io/hiondal/api-gateway
-    newTag: latest
+    newTag: prod-latest
  - name: docker.io/hiondal/user-service
-    newTag: latest
+    newTag: prod-latest
  - name: docker.io/hiondal/bill-service
-    newTag: latest
+    newTag: prod-latest
  - name: docker.io/hiondal/product-service
-    newTag: latest
+    newTag: prod-latest
  - name: docker.io/hiondal/kos-mock
-    newTag: latest
+    newTag: prod-latest
@@ -1,11 +1,11 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: bill-service-db-secret
+  name: secret-bill-service
  labels:
    app: bill-service
    app.kubernetes.io/part-of: phonebill
 type: Opaque
 stringData:
  DB_USERNAME: "unicorn"
-  DB_PASSWORD: "PROD_DB_PASSWORD"
+  DB_PASSWORD: "P@ssw0rd$"
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: phonebill-common-secret
+  name: secret-common
  labels:
    app.kubernetes.io/part-of: phonebill
 type: Opaque
 stringData:
-  JWT_SECRET: "PROD_JWT_SECRET_REPLACE_WITH_SECURE_VALUE"
-  REDIS_PASSWORD: "PROD_REDIS_PASSWORD"
+  JWT_SECRET: "EK1ZV7vROOXREXbYe/BCISdQq0Yklk9JtoA2v88ux1DBDc0bDGiRRxHeDSb7GHkDP9IUYHMVsBi4/1rS4OhfRg=="
+  REDIS_PASSWORD: "P@ssw0rd$"
@@ -1,11 +1,11 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: product-service-db-secret
+  name: secret-product-service
  labels:
    app: product-service
    app.kubernetes.io/part-of: phonebill
 type: Opaque
 stringData:
  DB_USERNAME: "unicorn"
-  DB_PASSWORD: "PROD_DB_PASSWORD"
+  DB_PASSWORD: "P@ssw0rd$"
@@ -1,11 +1,11 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: user-service-db-secret
+  name: secret-user-service
  labels:
    app: user-service
    app.kubernetes.io/part-of: phonebill
 type: Opaque
 stringData:
  DB_USERNAME: "unicorn"
-  DB_PASSWORD: "PROD_DB_PASSWORD"
+  DB_PASSWORD: "P@ssw0rd$"
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: phonebill-common-config
+  name: cm-common
  labels:
    app.kubernetes.io/part-of: phonebill
 data:
@@ -10,7 +10,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-send-timeout: "60"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "60"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    cert-manager.io/cluster-issuer: "letsencrypt-staging"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
  ingressClassName: nginx
  tls:
@@ -7,21 +7,18 @@ resources:
  - ../../base

 patches:
-  # Common patches
  - path: cm-common-patch.yaml
    target:
      kind: ConfigMap
-      name: phonebill-common-config
+      name: cm-common
  - path: secret-common-patch.yaml
    target:
      kind: Secret
-      name: phonebill-common-secret
+      name: secret-common
  - path: ingress-patch.yaml
    target:
      kind: Ingress
      name: phonebill-ingress
-
-  # Deployment patches
  - path: deployment-api-gateway-patch.yaml
    target:
      kind: Deployment
@@ -42,29 +39,27 @@ patches:
    target:
      kind: Deployment
      name: kos-mock
-
-  # Service Secret patches
  - path: secret-user-service-patch.yaml
    target:
      kind: Secret
-      name: user-service-db-secret
+      name: secret-user-service
  - path: secret-bill-service-patch.yaml
    target:
      kind: Secret
-      name: bill-service-db-secret
+      name: secret-bill-service
  - path: secret-product-service-patch.yaml
    target:
      kind: Secret
-      name: product-service-db-secret
+      name: secret-product-service

 images:
  - name: docker.io/hiondal/api-gateway
-    newTag: latest
+    newTag: staging-latest
  - name: docker.io/hiondal/user-service
-    newTag: latest
+    newTag: staging-latest
  - name: docker.io/hiondal/bill-service
-    newTag: latest
+    newTag: staging-latest
  - name: docker.io/hiondal/product-service
-    newTag: latest
+    newTag: staging-latest
  - name: docker.io/hiondal/kos-mock
-    newTag: latest
+    newTag: staging-latest
@@ -1,11 +1,11 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: bill-service-db-secret
+  name: secret-bill-service
  labels:
    app: bill-service
    app.kubernetes.io/part-of: phonebill
 type: Opaque
 stringData:
  DB_USERNAME: "unicorn"
-  DB_PASSWORD: "STAGING_DB_PASSWORD"
+  DB_PASSWORD: "P@ssw0rd$"
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: phonebill-common-secret
+  name: secret-common
  labels:
    app.kubernetes.io/part-of: phonebill
 type: Opaque
 stringData:
-  JWT_SECRET: "STAGING_JWT_SECRET_REPLACE_WITH_SECURE_VALUE"
-  REDIS_PASSWORD: "STAGING_REDIS_PASSWORD"
+  JWT_SECRET: "EK1ZV7vROOXREXbYe/BCISdQq0Yklk9JtoA2v88ux1DBDc0bDGiRRxHeDSb7GHkDP9IUYHMVsBi4/1rS4OhfRg=="
+  REDIS_PASSWORD: "P@ssw0rd$"
@@ -1,11 +1,11 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: product-service-db-secret
+  name: secret-product-service
  labels:
    app: product-service
    app.kubernetes.io/part-of: phonebill
 type: Opaque
 stringData:
  DB_USERNAME: "unicorn"
-  DB_PASSWORD: "STAGING_DB_PASSWORD"
+  DB_PASSWORD: "P@ssw0rd$"
@@ -1,11 +1,11 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: user-service-db-secret
+  name: secret-user-service
  labels:
    app: user-service
    app.kubernetes.io/part-of: phonebill
 type: Opaque
 stringData:
  DB_USERNAME: "unicorn"
-  DB_PASSWORD: "STAGING_DB_PASSWORD"
+  DB_PASSWORD: "P@ssw0rd$"