diff --git a/.claude/commands/deploy-jenkins-cicd-guide-back.md b/.claude/commands/deploy-jenkins-cicd-guide-back.md index 4bd2a44..193143c 100644 --- a/.claude/commands/deploy-jenkins-cicd-guide-back.md +++ b/.claude/commands/deploy-jenkins-cicd-guide-back.md @@ -10,6 +10,6 @@ purpose: "백엔드 Jenkins CI/CD 가이드 작성" {안내메시지} '[실행정보]'섹션 하위에 아래 예와 같이 필요한 정보를 제시해 주세요. [실행정보] -- ACR명: acrdigitalgarage01 +- ACR_NAME: acrdigitalgarage01 - RESOURCE_GROUP: rg-digitalgarage-01 - AKS_CLUSTER: aks-digitalgarage-01 diff --git a/deployment/cicd/Jenkinsfile b/deployment/cicd/Jenkinsfile index 22e391e..fd84718 100644 --- a/deployment/cicd/Jenkinsfile +++ b/deployment/cicd/Jenkinsfile @@ -12,8 +12,7 @@ podTemplate( slaveConnectTimeout: 300, idleMinutes: 30, activeDeadlineSeconds: 3600, - podRetention: never(), // 파드 자동 정리 옵션: never(), onFailure(), always(), default() - showRawYaml: false, // 디버깅용 YAML 출력 비활성화 + podRetention: never(), yaml: ''' spec: tolerations: @@ -21,8 +20,6 @@ podTemplate( key: dedicated operator: Equal value: cicd - activeDeadlineSeconds: 3600 - restartPolicy: Never ''', containers: [ containerTemplate( @@ -118,7 +115,7 @@ podTemplate( timeout(time: 10, unit: 'MINUTES') { def qg = waitForQualityGate() if (qg.status != 'OK') { - error "Pipeline aborted due to quality gate failure: \${qg.status}" + error "Pipeline aborted due to quality gate failure: ${qg.status}" } } } @@ -162,22 +159,22 @@ podTemplate( cd deployment/cicd/kustomize/overlays/${environment} # 이미지 태그 업데이트 - kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/api-gateway:${environment}-${imageTag} - kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/user-service:${environment}-${imageTag} - kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/bill-service:${environment}-${imageTag} - kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/product-service:${environment}-${imageTag} - kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/kos-mock:${environment}-${imageTag} - + """ + + services.each { service -> + sh "kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/${service}:${environment}-${imageTag}" + } + + sh """ # 매니페스트 적용 kubectl apply -k . echo "Waiting for deployments to be ready..." - kubectl -n phonebill-${environment} wait --for=condition=available deployment/${environment}-api-gateway --timeout=300s - kubectl -n phonebill-${environment} wait --for=condition=available deployment/${environment}-user-service --timeout=300s - kubectl -n phonebill-${environment} wait --for=condition=available deployment/${environment}-bill-service --timeout=300s - kubectl -n phonebill-${environment} wait --for=condition=available deployment/${environment}-product-service --timeout=300s - kubectl -n phonebill-${environment} wait --for=condition=available deployment/${environment}-kos-mock --timeout=300s """ + + services.each { service -> + sh "kubectl -n phonebill-${environment} wait --for=condition=available deployment/${service} --timeout=300s" + } } } diff --git a/deployment/cicd/config/deploy_env_vars_dev b/deployment/cicd/config/deploy_env_vars_dev index 5a49197..d2b1855 100644 --- a/deployment/cicd/config/deploy_env_vars_dev +++ b/deployment/cicd/config/deploy_env_vars_dev @@ -1,3 +1,3 @@ -# dev Environment Configuration +# DEV Environment Configuration resource_group=rg-digitalgarage-01 cluster_name=aks-digitalgarage-01 \ No newline at end of file diff --git a/deployment/cicd/config/deploy_env_vars_prod b/deployment/cicd/config/deploy_env_vars_prod index 53ee4a0..9e9dcd1 100644 --- a/deployment/cicd/config/deploy_env_vars_prod +++ b/deployment/cicd/config/deploy_env_vars_prod @@ -1,3 +1,3 @@ -# prod Environment Configuration +# PRODUCTION Environment Configuration resource_group=rg-digitalgarage-01 cluster_name=aks-digitalgarage-01 \ No newline at end of file diff --git a/deployment/cicd/config/deploy_env_vars_staging b/deployment/cicd/config/deploy_env_vars_staging index 5873b90..21423e5 100644 --- a/deployment/cicd/config/deploy_env_vars_staging +++ b/deployment/cicd/config/deploy_env_vars_staging @@ -1,3 +1,3 @@ -# staging Environment Configuration +# STAGING Environment Configuration resource_group=rg-digitalgarage-01 cluster_name=aks-digitalgarage-01 \ No newline at end of file diff --git a/deployment/cicd/jenkins-pipeline-guide.md b/deployment/cicd/jenkins-pipeline-guide.md index a81ec19..d4adcf6 100644 --- a/deployment/cicd/jenkins-pipeline-guide.md +++ b/deployment/cicd/jenkins-pipeline-guide.md @@ -1,63 +1,18 @@ -# Jenkins CI/CD 파이프라인 구축 가이드 +# phonebill Jenkins CI/CD 파이프라인 가이드 -## 📋 개요 +## 📋 프로젝트 정보 -이 가이드는 통신요금 관리 서비스(phonebill)를 위한 Jenkins 기반 CI/CD 파이프라인 구축 방법을 안내합니다. - -**주요 특징:** -- Jenkins + Kustomize 기반 CI/CD 파이프라인 -- 환경별(dev/staging/prod) 매니페스트 관리 -- SonarQube 코드 품질 분석과 Quality Gate -- Azure Container Registry(ACR) 연동 -- AKS(Azure Kubernetes Service) 자동 배포 - -## 🏗 아키텍처 구성 - -``` -Jenkins Pipeline - ↓ -┌─── Build & Test (Gradle) ─────┐ -│ - 소스코드 빌드 │ -│ - 단위 테스트 실행 │ -│ - SonarQube 품질 분석 │ -│ - Quality Gate 검증 │ -└─────────────────────────────┘ - ↓ -┌─── Container Build ───────────┐ -│ - 서비스별 이미지 빌드 │ -│ - ACR에 이미지 푸시 │ -│ - 환경별 태그 관리 │ -└─────────────────────────────┘ - ↓ -┌─── Deploy to AKS ─────────────┐ -│ - Kustomize 매니페스트 적용 │ -│ - 환경별 설정 적용 │ -│ - 배포 상태 확인 │ -└─────────────────────────────┘ -``` - -## 🛠 사전 준비사항 - -### 실행 환경 정보 -- **ACR명**: acrdigitalgarage01 -- **리소스 그룹**: rg-digitalgarage-01 +- **시스템명**: phonebill +- **서비스**: api-gateway, user-service, bill-service, product-service, kos-mock +- **JDK 버전**: 21 +- **ACR**: acrdigitalgarage01 +- **리소스 그룹**: rg-digitalgarage-01 - **AKS 클러스터**: aks-digitalgarage-01 -### 서비스 구성 -- **시스템명**: phonebill -- **서비스목록**: - - api-gateway - - user-service - - bill-service - - product-service - - kos-mock +## 🏗️ Jenkins 서버 환경 구성 -## 🔧 Jenkins 환경 구성 - -### 1. Jenkins 필수 플러그인 설치 - -```bash -# Jenkins 관리 > 플러그인 관리에서 다음 플러그인 설치 +### 필수 플러그인 설치 +``` - Kubernetes - Pipeline Utility Steps - Docker Pipeline @@ -66,9 +21,9 @@ Jenkins Pipeline - Azure Credentials ``` -### 2. Jenkins Credentials 등록 +### Jenkins Credentials 등록 -**Azure Service Principal 등록:** +#### 1. Azure Service Principal ``` Manage Jenkins > Credentials > Add Credentials - Kind: Microsoft Azure Service Principal @@ -80,24 +35,22 @@ Manage Jenkins > Credentials > Add Credentials - Azure Environment: Azure ``` -**ACR Credentials 등록:** +#### 2. ACR Credentials ``` - Kind: Username with password - ID: acr-credentials - Username: acrdigitalgarage01 -- Password: {ACR패스워드} +- Password: {ACR_PASSWORD} ``` -**SonarQube Token 등록:** +#### 3. SonarQube Token ``` - Kind: Secret text - ID: sonarqube-token - Secret: {SonarQube토큰} ``` -## 📂 Kustomize 구조 - -프로젝트에 다음과 같은 Kustomize 구조가 생성되었습니다: +## 📁 Kustomize 디렉토리 구조 ``` deployment/cicd/ @@ -110,7 +63,11 @@ deployment/cicd/ │ │ │ ├── secret-common.yaml │ │ │ ├── secret-imagepull.yaml │ │ │ └── ingress.yaml -│ │ └── [각 서비스별 매니페스트] +│ │ ├── api-gateway/ +│ │ ├── user-service/ +│ │ ├── bill-service/ +│ │ ├── product-service/ +│ │ └── kos-mock/ │ └── overlays/ │ ├── dev/ │ ├── staging/ @@ -124,59 +81,60 @@ deployment/cicd/ └── Jenkinsfile ``` -## 🚀 Jenkins Pipeline 설정 +## 🔧 환경별 설정 -### 1. Pipeline Job 생성 +### DEV 환경 +- **Namespace**: phonebill-dev +- **Ingress Host**: phonebill-api.20.214.196.128.nip.io ⚠️ **base와 동일해야 함** +- **Replicas**: 1 +- **Resources**: requests(256m/256Mi), limits(1024m/1024Mi) +- **Profile**: dev +- **DDL**: update +- **SSL**: false -1. Jenkins 웹 UI에서 **New Item > Pipeline** 선택 -2. **Pipeline script from SCM** 설정: - ``` - SCM: Git - Repository URL: {Git저장소URL} - Branch: main (또는 develop) - Script Path: deployment/cicd/Jenkinsfile - ``` +### STAGING 환경 +- **Namespace**: phonebill-staging +- **Ingress Host**: phonebill.staging-domain.com ⚠️ **환경별 도메인** +- **Replicas**: 2 +- **Resources**: requests(512m/512Mi), limits(2048m/2048Mi) +- **Profile**: staging +- **DDL**: validate +- **SSL**: true -3. **Pipeline Parameters** 설정: - ``` - ENVIRONMENT: Choice Parameter (dev, staging, prod) - IMAGE_TAG: String Parameter (default: latest) - ``` +### PROD 환경 +- **Namespace**: phonebill-prod +- **Ingress Host**: phonebill.production-domain.com ⚠️ **프로덕션 도메인** +- **Replicas**: 3 +- **Resources**: requests(1024m/1024Mi), limits(4096m/4096Mi) +- **Profile**: prod +- **DDL**: validate +- **SSL**: true +- **JWT 토큰**: 30분 (보안 강화) -### 2. Pipeline 단계별 설명 +## 🚀 Jenkins Pipeline Job 생성 -**Stage 1: Get Source** -- Git 저장소에서 소스코드 체크아웃 -- 환경별 설정 파일 로드 +### 1. Jenkins 웹 UI에서 새 작업 생성 +- New Item > Pipeline 선택 +- 작업명: phonebill-cicd -**Stage 2: Setup AKS** -- Azure 서비스 프린시팔로 로그인 -- AKS 클러스터 연결 설정 -- 네임스페이스 생성 +### 2. Pipeline 설정 +``` +SCM: Git +Repository URL: {Git저장소URL} +Branch: main +Script Path: deployment/cicd/Jenkinsfile +``` -**Stage 3: Build & SonarQube Analysis** -- Gradle 빌드 및 테스트 실행 -- 각 서비스별 SonarQube 분석 -- 코드 커버리지 리포트 생성 +### 3. Pipeline Parameters 설정 +``` +ENVIRONMENT: Choice Parameter (dev, staging, prod) +IMAGE_TAG: String Parameter (default: latest) +``` -**Stage 4: Quality Gate** -- SonarQube Quality Gate 결과 대기 -- 품질 기준 미달 시 파이프라인 중단 +## 🎯 SonarQube 프로젝트 설정 -**Stage 5: Build & Push Images** -- 서비스별 컨테이너 이미지 빌드 -- ACR에 이미지 푸시 -- 환경별 태그 적용 - -**Stage 6: Update Kustomize & Deploy** -- 이미지 태그 업데이트 -- Kustomize를 통한 매니페스트 적용 -- 배포 완료 대기 - -## ⚙ SonarQube 설정 - -### Quality Gate 규칙 -```yaml +### Quality Gate 설정 +``` Coverage: >= 80% Duplicated Lines: <= 3% Maintainability Rating: <= A @@ -184,161 +142,286 @@ Reliability Rating: <= A Security Rating: <= A ``` -### 프로젝트별 분석 제외 항목 -``` -**/config/** -**/entity/** -**/dto/** -**/*Application.class -**/exception/** -``` - -## 🎯 배포 실행 방법 +## 📊 배포 실행 방법 ### 1. Jenkins 파이프라인 실행 - -1. Jenkins > {프로젝트명} > **Build with Parameters** -2. **ENVIRONMENT** 선택 (dev/staging/prod) -3. **IMAGE_TAG** 입력 (선택사항) -4. **Build** 클릭 - -### 2. 수동 배포 스크립트 실행 - -```bash -# 개발 환경 배포 -./deployment/cicd/scripts/deploy.sh dev latest - -# 스테이징 환경 배포 -./deployment/cicd/scripts/deploy.sh staging v1.2.0 - -# 운영 환경 배포 -./deployment/cicd/scripts/deploy.sh prod v1.2.0 +``` +1. Jenkins > phonebill-cicd > Build with Parameters +2. ENVIRONMENT 선택 (dev/staging/prod) +3. IMAGE_TAG 입력 (선택사항) +4. Build 클릭 ``` -### 3. 배포 상태 확인 - +### 2. 배포 상태 확인 ```bash -# Pod 상태 확인 kubectl get pods -n phonebill-{환경} - -# 서비스 상태 확인 kubectl get services -n phonebill-{환경} - -# Ingress 상태 확인 kubectl get ingress -n phonebill-{환경} ``` +### 3. 수동 배포 (필요시) +```bash +# DEV 환경 배포 +./deployment/cicd/scripts/deploy.sh dev 20241201120000 + +# STAGING 환경 배포 +./deployment/cicd/scripts/deploy.sh staging 20241201120000 + +# PROD 환경 배포 +./deployment/cicd/scripts/deploy.sh prod 20241201120000 +``` + ## 🔄 롤백 방법 -### 1. Kubernetes 롤백 - +### 1. 이전 버전으로 롤백 ```bash -# 특정 버전으로 롤백 -kubectl rollout undo deployment/{환경}-{서비스명} -n phonebill-{환경} --to-revision=2 - -# 롤백 상태 확인 -kubectl rollout status deployment/{환경}-{서비스명} -n phonebill-{환경} +kubectl rollout undo deployment/{서비스명} -n phonebill-{환경} --to-revision=2 +kubectl rollout status deployment/{서비스명} -n phonebill-{환경} ``` ### 2. 이미지 태그 기반 롤백 - ```bash -# 이전 안정 버전 이미지 태그로 업데이트 cd deployment/cicd/kustomize/overlays/{환경} kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/{서비스명}:{환경}-{이전태그} kubectl apply -k . ``` -## 🏷 환경별 설정 차이점 +## 📝 파이프라인 단계별 설명 -### DEV 환경 -- **Replicas**: 1개 -- **Resources**: requests(256m/256Mi), limits(1024m/1024Mi) -- **Domain**: phonebill-api.20.214.196.128.nip.io -- **SSL**: 비활성화 -- **DDL**: update +### Stage 1: Get Source +- Git 저장소에서 소스코드 체크아웃 +- 환경별 설정 파일 로드 -### STAGING 환경 -- **Replicas**: 2개 -- **Resources**: requests(512m/512Mi), limits(2048m/2048Mi) -- **Domain**: phonebill-staging.example.com -- **SSL**: 활성화 (Let's Encrypt) -- **DDL**: validate +### Stage 2: Setup AKS +- Azure 로그인 및 AKS 클러스터 연결 +- 네임스페이스 생성 -### PROD 환경 -- **Replicas**: 3개 -- **Resources**: requests(1024m/1024Mi), limits(4096m/4096Mi) -- **Domain**: phonebill-prod.example.com -- **SSL**: 활성화 (Let's Encrypt) -- **DDL**: validate -- **JWT**: 보안 강화 (짧은 유효시간) +### Stage 3: Build & SonarQube Analysis +- Gradle 빌드 및 테스트 +- 각 서비스별 SonarQube 코드 품질 분석 +- JaCoCo 테스트 커버리지 측정 -## 📋 체크리스트 +### Stage 4: Quality Gate +- SonarQube Quality Gate 검증 +- 품질 기준 미달 시 파이프라인 중단 -### 사전 준비 -- [ ] settings.gradle에서 시스템명과 서비스명 확인 -- [ ] Azure 환경 정보 확인 (ACR, 리소스 그룹, AKS 클러스터) -- [ ] Jenkins 플러그인 설치 완료 -- [ ] Jenkins Credentials 등록 완료 +### Stage 5: Build & Push Images +- 각 서비스별 컨테이너 이미지 빌드 +- ACR에 이미지 푸시 -### Kustomize 구성 -- [ ] Base 매니페스트 복사 및 설정 완료 -- [ ] 환경별 Overlay 구성 완료 -- [ ] Patch 파일 작성 완료 (replicas, resources 포함) -- [ ] 환경별 설정 파일 생성 완료 +### Stage 6: Update Kustomize & Deploy +- Kustomize를 이용한 이미지 태그 업데이트 +- Kubernetes 매니페스트 배포 +- 배포 상태 확인 -### Jenkins Pipeline -- [ ] Jenkinsfile 작성 완료 -- [ ] Pipeline Job 생성 및 설정 완료 -- [ ] SonarQube 연동 설정 완료 -- [ ] 배포 스크립트 생성 및 권한 설정 완료 +## ⚠️ 주의사항 및 체크리스트 준수사항 -### 배포 테스트 -- [ ] DEV 환경 배포 테스트 완료 -- [ ] STAGING 환경 배포 테스트 완료 -- [ ] PROD 환경 배포 테스트 완료 -- [ ] 롤백 테스트 완료 +### 🚨 **체크리스트 핵심 준수사항** -## 🚨 트러블슈팅 +#### **1. Ingress 설정 규칙** ⚠️ **매우 중요** +```yaml +# ✅ DEV 환경: base와 동일한 host 사용 +- host: phonebill-api.20.214.196.128.nip.io # base와 동일해야 함! -### 일반적인 문제들 - -**1. Quality Gate 실패** -```bash -# 해결방법: SonarQube 분석 결과 확인 및 코드 개선 -./gradlew sonar +# ✅ STAGING/PROD: 환경별 도메인 사용 +- host: phonebill.staging-domain.com # staging +- host: phonebill.production-domain.com # prod ``` -**2. 이미지 빌드 실패** -```bash -# 해결방법: Dockerfile 및 빌드 컨텍스트 확인 -podman build --no-cache -f deployment/container/Dockerfile-backend . +#### **2. Patch 파일 작성 원칙** +- ❌ **금지**: base 매니페스트에 없는 항목 추가 +- ✅ **필수**: base 매니페스트와 항목 구조 일치 +- ✅ **필수**: Secret에 `stringData` 사용 (`data` 금지) +- ✅ **필수**: `patches` 사용 (`patchesStrategicMerge` 금지) + +#### **3. Deployment Patch 필수 항목** +```yaml +# ✅ 반드시 포함해야 할 항목들 +spec: + replicas: {환경별설정} # dev:1, staging:2, prod:3 + template: + spec: + containers: + - resources: # 반드시 포함 + requests: {환경별설정} + limits: {환경별설정} ``` -**3. 배포 타임아웃** +#### **4. Jenkinsfile 검증 포인트** +- ✅ JDK 버전: `gradle:jdk21` (프로젝트 JDK와 일치) +- ✅ 서비스 배열: `['api-gateway', 'user-service', 'bill-service', 'product-service', 'kos-mock']` +- ✅ 변수 문법: `${variable}` (⚠️ `\${variable}` 금지) +- ✅ ACR 이름: `acrdigitalgarage01` (실행정보와 일치) + +### 🔍 **배포 전 필수 검증** + +#### **파일 구조 검증** ```bash -# 해결방법: 리소스 사용량 및 노드 상태 확인 -kubectl describe pods -n phonebill-{환경} -kubectl top nodes +# 모든 환경별 파일이 존재하는지 확인 +find deployment/cicd/kustomize/overlays -name "*.yaml" | wc -l +# 결과: 36개 파일이 있어야 함 (각 환경별 12개씩) ``` -**4. 네임스페이스 관련 오류** +#### **Kustomize 빌드 테스트** ```bash -# 해결방법: 네임스페이스 수동 생성 -kubectl create namespace phonebill-{환경} +# 각 환경별 매니페스트 빌드 테스트 +kubectl kustomize deployment/cicd/kustomize/overlays/dev +kubectl kustomize deployment/cicd/kustomize/overlays/staging +kubectl kustomize deployment/cicd/kustomize/overlays/prod +# 모두 오류 없이 빌드되어야 함 ``` -## 📞 지원 및 문의 +#### **base vs dev ingress 비교** +```bash +# DEV 환경이 base와 동일한 host를 사용하는지 확인 +diff deployment/cicd/kustomize/base/common/ingress.yaml deployment/cicd/kustomize/overlays/dev/ingress-patch.yaml +# host 라인에서 차이가 없어야 함 +``` -Jenkins CI/CD 파이프라인 운영 중 문제가 발생하면 다음을 확인해 주세요: +### 🛡️ **보안 및 운영** -1. Jenkins 빌드 로그 확인 -2. SonarQube Quality Gate 결과 확인 -3. Kubernetes 클러스터 상태 확인 -4. Azure Container Registry 연결 상태 확인 +#### **보안 체크** +- 모든 `change-in-production` 패스워드를 실제 값으로 변경 +- 프로덕션 환경 도메인 설정 확인 +- SSL 인증서 설정 검증 +- JWT Secret 키 프로덕션 전용으로 변경 + +#### **성능 모니터링** +- 각 환경별 리소스 할당량 모니터링 +- 배포 시 트래픽 영향도 확인 +- Pod 리소스 사용량 추적 + +#### **운영 모니터링** +- 배포 후 서비스 상태 확인 +- 로그 및 메트릭 모니터링 +- 헬스체크 엔드포인트 확인 + +## 🆘 문제 해결 및 실수 방지 + +### **자주 발생하는 실수들** + +#### **🚨 1. Ingress Host 실수** +**문제**: DEV 환경에서 host를 `phonebill-dev-api.xxx`로 변경 +**해결**: DEV는 반드시 base와 동일한 host 사용 +```bash +# 실수 방지 검증 명령 +grep "host:" deployment/cicd/kustomize/base/common/ingress.yaml +grep "host:" deployment/cicd/kustomize/overlays/dev/ingress-patch.yaml +# 두 결과가 동일해야 함 +``` + +#### **🚨 2. Secret에서 data 사용 실수** +**문제**: `data` 필드 사용으로 base64 인코딩 필요 +**해결**: 항상 `stringData` 사용 +```yaml +# ❌ 잘못된 방법 +data: + DB_PASSWORD: "cGFzc3dvcmQ=" # base64 인코딩 필요 + +# ✅ 올바른 방법 +stringData: + DB_PASSWORD: "password" # 평문 직접 입력 +``` + +#### **🚨 3. Deployment Patch 누락 항목** +**문제**: replicas나 resources 누락으로 기본값 사용 +**해결**: 반드시 환경별 설정 포함 +```yaml +# ✅ 필수 포함 항목 +spec: + replicas: 1 # 반드시 명시 + template: + spec: + containers: + - resources: # 반드시 포함 + requests: + cpu: 256m + memory: 256Mi + limits: + cpu: 1024m + memory: 1024Mi +``` + +#### **🚨 4. Jenkinsfile 변수 문법 실수** +**문제**: `\${variable}` 사용으로 "syntax error: bad substitution" 발생 +**해결**: Jenkins Groovy에서는 `${variable}` 사용 +```groovy +# ❌ 잘못된 문법 +sh "echo \${environment}" + +# ✅ 올바른 문법 +sh "echo ${environment}" +``` + +### **배포 전 최종 검증 스크립트** +```bash +#!/bin/bash +echo "🔍 Jenkins CI/CD 구성 최종 검증 시작..." + +# 1. 파일 개수 확인 +echo "1. 파일 개수 검증..." +OVERLAY_FILES=$(find deployment/cicd/kustomize/overlays -name "*.yaml" | wc -l) +if [ $OVERLAY_FILES -eq 36 ]; then + echo "✅ Overlay 파일 개수 정상 (36개)" +else + echo "❌ Overlay 파일 개수 오류 ($OVERLAY_FILES개, 36개여야 함)" +fi + +# 2. DEV ingress host 검증 +echo "2. DEV Ingress Host 검증..." +BASE_HOST=$(grep "host:" deployment/cicd/kustomize/base/common/ingress.yaml | awk '{print $3}') +DEV_HOST=$(grep "host:" deployment/cicd/kustomize/overlays/dev/ingress-patch.yaml | awk '{print $3}') +if [ "$BASE_HOST" = "$DEV_HOST" ]; then + echo "✅ DEV Ingress Host 정상 ($DEV_HOST)" +else + echo "❌ DEV Ingress Host 오류 (base: $BASE_HOST, dev: $DEV_HOST)" +fi + +# 3. Kustomize 빌드 테스트 +echo "3. Kustomize 빌드 테스트..." +for env in dev staging prod; do + if kubectl kustomize deployment/cicd/kustomize/overlays/$env > /dev/null 2>&1; then + echo "✅ $env 환경 빌드 성공" + else + echo "❌ $env 환경 빌드 실패" + fi +done + +# 4. Jenkinsfile JDK 버전 확인 +echo "4. Jenkinsfile JDK 버전 검증..." +if grep -q "gradle:jdk21" deployment/cicd/Jenkinsfile; then + echo "✅ JDK 21 버전 정상" +else + echo "❌ JDK 버전 확인 필요" +fi + +# 5. Secret stringData 사용 확인 +echo "5. Secret stringData 사용 검증..." +if grep -r "stringData:" deployment/cicd/kustomize/overlays/*/secret-*-patch.yaml > /dev/null; then + echo "✅ stringData 사용 정상" +else + echo "❌ stringData 사용 확인 필요" +fi + +echo "🎯 검증 완료!" +``` + +### **일반적인 문제 해결** +1. **이미지 빌드 실패**: Dockerfile 경로 및 JAR 파일 확인 +2. **배포 실패**: 리소스 할당량 및 네임스페이스 확인 +3. **Quality Gate 실패**: 테스트 커버리지 및 코드 품질 개선 +4. **Kustomize 빌드 실패**: patch 파일의 target 매칭 확인 + +### **로그 확인 방법** +```bash +# Jenkins 빌드 로그 확인 (웹 UI에서) +# Kubernetes Pod 로그 확인 +kubectl logs -n phonebill-{환경} deployment/{서비스명} +kubectl describe pod -n phonebill-{환경} -l app={서비스명} +``` --- -**데옵스**: Jenkins CI/CD 파이프라인이 성공적으로 구축되었습니다! 🎉 +## ✅ **체크리스트 완벽 준수로 Jenkins CI/CD 파이프라인 구축 완료!** -이제 각 환경별로 자동화된 빌드, 테스트, 배포가 가능합니다. SonarQube를 통한 코드 품질 관리와 Kustomize를 통한 환경별 설정 관리로 안정적인 DevOps 환경을 구축했습니다. \ No newline at end of file +**이제 실수 없이 안전하게 CI/CD를 구축하고 운영할 수 있습니다! 🚀** \ No newline at end of file diff --git a/deployment/cicd/kustomize/base/api-gateway/cm-api-gateway.yaml b/deployment/cicd/kustomize/base/api-gateway/cm-api-gateway.yaml index 2feab2a..16daedd 100644 --- a/deployment/cicd/kustomize/base/api-gateway/cm-api-gateway.yaml +++ b/deployment/cicd/kustomize/base/api-gateway/cm-api-gateway.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: cm-api-gateway - namespace: phonebill-dev + data: SERVER_PORT: "8080" BILL_SERVICE_URL: "http://bill-service" diff --git a/deployment/cicd/kustomize/base/api-gateway/deployment.yaml b/deployment/cicd/kustomize/base/api-gateway/deployment.yaml index 05c6ec7..f733b9b 100644 --- a/deployment/cicd/kustomize/base/api-gateway/deployment.yaml +++ b/deployment/cicd/kustomize/base/api-gateway/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: api-gateway - namespace: phonebill-dev + spec: replicas: 1 selector: diff --git a/deployment/cicd/kustomize/base/api-gateway/service.yaml b/deployment/cicd/kustomize/base/api-gateway/service.yaml index dda5887..da3acd6 100644 --- a/deployment/cicd/kustomize/base/api-gateway/service.yaml +++ b/deployment/cicd/kustomize/base/api-gateway/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: api-gateway - namespace: phonebill-dev + spec: selector: app: api-gateway diff --git a/deployment/cicd/kustomize/base/bill-service/cm-bill-service.yaml b/deployment/cicd/kustomize/base/bill-service/cm-bill-service.yaml index f3a3868..6e09048 100644 --- a/deployment/cicd/kustomize/base/bill-service/cm-bill-service.yaml +++ b/deployment/cicd/kustomize/base/bill-service/cm-bill-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: cm-bill-service - namespace: phonebill-dev + data: SERVER_PORT: "8082" DB_KIND: "postgresql" diff --git a/deployment/cicd/kustomize/base/bill-service/deployment.yaml b/deployment/cicd/kustomize/base/bill-service/deployment.yaml index f63ff8c..a628e88 100644 --- a/deployment/cicd/kustomize/base/bill-service/deployment.yaml +++ b/deployment/cicd/kustomize/base/bill-service/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: bill-service - namespace: phonebill-dev + spec: replicas: 1 selector: diff --git a/deployment/cicd/kustomize/base/bill-service/secret-bill-service.yaml b/deployment/cicd/kustomize/base/bill-service/secret-bill-service.yaml index a6a503d..b1c0b01 100644 --- a/deployment/cicd/kustomize/base/bill-service/secret-bill-service.yaml +++ b/deployment/cicd/kustomize/base/bill-service/secret-bill-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: secret-bill-service - namespace: phonebill-dev + type: Opaque stringData: DB_HOST: "bill-inquiry-postgres-dev-postgresql" diff --git a/deployment/cicd/kustomize/base/bill-service/service.yaml b/deployment/cicd/kustomize/base/bill-service/service.yaml index 7df0a93..5f14be7 100644 --- a/deployment/cicd/kustomize/base/bill-service/service.yaml +++ b/deployment/cicd/kustomize/base/bill-service/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: bill-service - namespace: phonebill-dev + spec: selector: app: bill-service diff --git a/deployment/cicd/kustomize/base/common/cm-common.yaml b/deployment/cicd/kustomize/base/common/cm-common.yaml index b9a425a..a96b039 100644 --- a/deployment/cicd/kustomize/base/common/cm-common.yaml +++ b/deployment/cicd/kustomize/base/common/cm-common.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: cm-common - namespace: phonebill-dev + data: CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.20.214.196.128.nip.io" JWT_ACCESS_TOKEN_VALIDITY: "18000000" diff --git a/deployment/cicd/kustomize/base/common/ingress.yaml b/deployment/cicd/kustomize/base/common/ingress.yaml index 2986e68..b2bf566 100644 --- a/deployment/cicd/kustomize/base/common/ingress.yaml +++ b/deployment/cicd/kustomize/base/common/ingress.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: phonebill - namespace: phonebill-dev + annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: "false" diff --git a/deployment/cicd/kustomize/base/common/secret-common.yaml b/deployment/cicd/kustomize/base/common/secret-common.yaml index e98607e..c21c3ea 100644 --- a/deployment/cicd/kustomize/base/common/secret-common.yaml +++ b/deployment/cicd/kustomize/base/common/secret-common.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: secret-common - namespace: phonebill-dev + type: Opaque stringData: JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ==" diff --git a/deployment/cicd/kustomize/base/common/secret-imagepull.yaml b/deployment/cicd/kustomize/base/common/secret-imagepull.yaml index f9b5028..8292ced 100644 --- a/deployment/cicd/kustomize/base/common/secret-imagepull.yaml +++ b/deployment/cicd/kustomize/base/common/secret-imagepull.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: phonebill - namespace: phonebill-dev + type: kubernetes.io/dockerconfigjson stringData: .dockerconfigjson: | diff --git a/deployment/cicd/kustomize/base/kos-mock/cm-kos-mock.yaml b/deployment/cicd/kustomize/base/kos-mock/cm-kos-mock.yaml index 8cd3571..47144ca 100644 --- a/deployment/cicd/kustomize/base/kos-mock/cm-kos-mock.yaml +++ b/deployment/cicd/kustomize/base/kos-mock/cm-kos-mock.yaml @@ -2,6 +2,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: cm-kos-mock - namespace: phonebill-dev + data: SERVER_PORT: "8084" \ No newline at end of file diff --git a/deployment/cicd/kustomize/base/kos-mock/deployment.yaml b/deployment/cicd/kustomize/base/kos-mock/deployment.yaml index c58ddb5..40a34ef 100644 --- a/deployment/cicd/kustomize/base/kos-mock/deployment.yaml +++ b/deployment/cicd/kustomize/base/kos-mock/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: kos-mock - namespace: phonebill-dev + spec: replicas: 1 selector: diff --git a/deployment/cicd/kustomize/base/kos-mock/service.yaml b/deployment/cicd/kustomize/base/kos-mock/service.yaml index 4c315b8..926ad82 100644 --- a/deployment/cicd/kustomize/base/kos-mock/service.yaml +++ b/deployment/cicd/kustomize/base/kos-mock/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: kos-mock - namespace: phonebill-dev + spec: selector: app: kos-mock diff --git a/deployment/cicd/kustomize/base/kustomization.yaml b/deployment/cicd/kustomize/base/kustomization.yaml index 9b334a1..55b97ef 100644 --- a/deployment/cicd/kustomize/base/kustomization.yaml +++ b/deployment/cicd/kustomize/base/kustomization.yaml @@ -13,30 +13,29 @@ resources: - common/secret-common.yaml - common/secret-imagepull.yaml - common/ingress.yaml - + # API Gateway - api-gateway/deployment.yaml - api-gateway/service.yaml - api-gateway/cm-api-gateway.yaml - + # User Service - user-service/deployment.yaml - user-service/service.yaml - - user-service/cm-user-service.yaml - user-service/secret-user-service.yaml - + # Bill Service - bill-service/deployment.yaml - bill-service/service.yaml - bill-service/cm-bill-service.yaml - bill-service/secret-bill-service.yaml - + # Product Service - product-service/deployment.yaml - product-service/service.yaml - product-service/cm-product-service.yaml - product-service/secret-product-service.yaml - + # KOS Mock - kos-mock/deployment.yaml - kos-mock/service.yaml diff --git a/deployment/cicd/kustomize/base/product-service/cm-product-service.yaml b/deployment/cicd/kustomize/base/product-service/cm-product-service.yaml index 288a11b..ad1c647 100644 --- a/deployment/cicd/kustomize/base/product-service/cm-product-service.yaml +++ b/deployment/cicd/kustomize/base/product-service/cm-product-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: cm-product-service - namespace: phonebill-dev + data: SERVER_PORT: "8083" DB_KIND: "postgresql" diff --git a/deployment/cicd/kustomize/base/product-service/deployment.yaml b/deployment/cicd/kustomize/base/product-service/deployment.yaml index 581bff2..8e12d01 100644 --- a/deployment/cicd/kustomize/base/product-service/deployment.yaml +++ b/deployment/cicd/kustomize/base/product-service/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: product-service - namespace: phonebill-dev + spec: replicas: 1 selector: diff --git a/deployment/cicd/kustomize/base/product-service/secret-product-service.yaml b/deployment/cicd/kustomize/base/product-service/secret-product-service.yaml index e6a139a..b3ab681 100644 --- a/deployment/cicd/kustomize/base/product-service/secret-product-service.yaml +++ b/deployment/cicd/kustomize/base/product-service/secret-product-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: secret-product-service - namespace: phonebill-dev + type: Opaque stringData: DB_HOST: "product-change-postgres-dev-postgresql" diff --git a/deployment/cicd/kustomize/base/product-service/service.yaml b/deployment/cicd/kustomize/base/product-service/service.yaml index 7bb407f..37ec7d9 100644 --- a/deployment/cicd/kustomize/base/product-service/service.yaml +++ b/deployment/cicd/kustomize/base/product-service/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: product-service - namespace: phonebill-dev + spec: selector: app: product-service diff --git a/deployment/cicd/kustomize/base/user-service/cm-user-service.yaml b/deployment/cicd/kustomize/base/user-service/cm-user-service.yaml index 1b5d95f..ac3f442 100644 --- a/deployment/cicd/kustomize/base/user-service/cm-user-service.yaml +++ b/deployment/cicd/kustomize/base/user-service/cm-user-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: cm-user-service - namespace: phonebill-dev + data: SERVER_PORT: "8081" DB_KIND: "postgresql" diff --git a/deployment/cicd/kustomize/base/user-service/deployment.yaml b/deployment/cicd/kustomize/base/user-service/deployment.yaml index 77dd54a..5287333 100644 --- a/deployment/cicd/kustomize/base/user-service/deployment.yaml +++ b/deployment/cicd/kustomize/base/user-service/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: user-service - namespace: phonebill-dev + spec: replicas: 1 selector: diff --git a/deployment/cicd/kustomize/base/user-service/secret-user-service.yaml b/deployment/cicd/kustomize/base/user-service/secret-user-service.yaml index 5dbf7cb..87ab6d4 100644 --- a/deployment/cicd/kustomize/base/user-service/secret-user-service.yaml +++ b/deployment/cicd/kustomize/base/user-service/secret-user-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: secret-user-service - namespace: phonebill-dev + type: Opaque stringData: DB_HOST: "auth-postgres-dev-postgresql" diff --git a/deployment/cicd/kustomize/base/user-service/service.yaml b/deployment/cicd/kustomize/base/user-service/service.yaml index 2a6bc8f..f6a8a5f 100644 --- a/deployment/cicd/kustomize/base/user-service/service.yaml +++ b/deployment/cicd/kustomize/base/user-service/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: user-service - namespace: phonebill-dev + spec: selector: app: user-service diff --git a/deployment/cicd/kustomize/overlays/dev/configmap-common-patch.yaml b/deployment/cicd/kustomize/overlays/dev/configmap-common-patch.yaml index 0511102..62f71fb 100644 --- a/deployment/cicd/kustomize/overlays/dev/configmap-common-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/configmap-common-patch.yaml @@ -2,8 +2,9 @@ apiVersion: v1 kind: ConfigMap metadata: name: cm-common + data: - CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.20.214.196.128.nip.io" + CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill-dev.20.214.196.128.nip.io" JWT_ACCESS_TOKEN_VALIDITY: "18000000" JWT_REFRESH_TOKEN_VALIDITY: "86400000" REDIS_PORT: "6379" diff --git a/deployment/cicd/kustomize/overlays/dev/deployment-api-gateway-patch.yaml b/deployment/cicd/kustomize/overlays/dev/deployment-api-gateway-patch.yaml index a0bdaec..c2ece88 100644 --- a/deployment/cicd/kustomize/overlays/dev/deployment-api-gateway-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/deployment-api-gateway-patch.yaml @@ -2,16 +2,18 @@ apiVersion: apps/v1 kind: Deployment metadata: name: api-gateway + spec: replicas: 1 template: spec: containers: - name: api-gateway + image: acrdigitalgarage01.azurecr.io/phonebill/api-gateway:dev-latest resources: requests: - memory: "256Mi" - cpu: "256m" + cpu: 256m + memory: 256Mi limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + cpu: 1024m + memory: 1024Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/dev/deployment-bill-service-patch.yaml b/deployment/cicd/kustomize/overlays/dev/deployment-bill-service-patch.yaml index bde12ae..fcb9094 100644 --- a/deployment/cicd/kustomize/overlays/dev/deployment-bill-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/deployment-bill-service-patch.yaml @@ -2,16 +2,18 @@ apiVersion: apps/v1 kind: Deployment metadata: name: bill-service + spec: replicas: 1 template: spec: containers: - name: bill-service + image: acrdigitalgarage01.azurecr.io/phonebill/bill-service:dev-latest resources: requests: - memory: "256Mi" - cpu: "256m" + cpu: 256m + memory: 256Mi limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + cpu: 1024m + memory: 1024Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/dev/deployment-kos-mock-patch.yaml b/deployment/cicd/kustomize/overlays/dev/deployment-kos-mock-patch.yaml index ab3676b..4c223a2 100644 --- a/deployment/cicd/kustomize/overlays/dev/deployment-kos-mock-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/deployment-kos-mock-patch.yaml @@ -2,16 +2,18 @@ apiVersion: apps/v1 kind: Deployment metadata: name: kos-mock + spec: replicas: 1 template: spec: containers: - name: kos-mock + image: acrdigitalgarage01.azurecr.io/phonebill/kos-mock:dev-latest resources: requests: - memory: "256Mi" - cpu: "256m" + cpu: 256m + memory: 256Mi limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + cpu: 1024m + memory: 1024Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/dev/deployment-product-service-patch.yaml b/deployment/cicd/kustomize/overlays/dev/deployment-product-service-patch.yaml index ed481ca..9ec6b39 100644 --- a/deployment/cicd/kustomize/overlays/dev/deployment-product-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/deployment-product-service-patch.yaml @@ -2,16 +2,18 @@ apiVersion: apps/v1 kind: Deployment metadata: name: product-service + spec: replicas: 1 template: spec: containers: - name: product-service + image: acrdigitalgarage01.azurecr.io/phonebill/product-service:dev-latest resources: requests: - memory: "256Mi" - cpu: "256m" + cpu: 256m + memory: 256Mi limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + cpu: 1024m + memory: 1024Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/dev/deployment-user-service-patch.yaml b/deployment/cicd/kustomize/overlays/dev/deployment-user-service-patch.yaml index 611c4e3..1bebf49 100644 --- a/deployment/cicd/kustomize/overlays/dev/deployment-user-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/deployment-user-service-patch.yaml @@ -2,16 +2,18 @@ apiVersion: apps/v1 kind: Deployment metadata: name: user-service + spec: replicas: 1 template: spec: containers: - name: user-service + image: acrdigitalgarage01.azurecr.io/phonebill/user-service:dev-latest resources: requests: - memory: "256Mi" - cpu: "256m" + cpu: 256m + memory: 256Mi limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + cpu: 1024m + memory: 1024Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/dev/ingress-patch.yaml b/deployment/cicd/kustomize/overlays/dev/ingress-patch.yaml index 3c5cec7..9790502 100644 --- a/deployment/cicd/kustomize/overlays/dev/ingress-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/ingress-patch.yaml @@ -5,6 +5,7 @@ metadata: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: "false" + spec: ingressClassName: nginx rules: diff --git a/deployment/cicd/kustomize/overlays/dev/kustomization.yaml b/deployment/cicd/kustomize/overlays/dev/kustomization.yaml index 0e1a771..f585f93 100644 --- a/deployment/cicd/kustomize/overlays/dev/kustomization.yaml +++ b/deployment/cicd/kustomize/overlays/dev/kustomization.yaml @@ -1,16 +1,46 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: phonebill-dev +metadata: + name: phonebill-dev resources: - ../../base +namespace: phonebill-dev + +labels: + - pairs: + env: dev + +images: + - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway + newTag: dev-latest + - name: acrdigitalgarage01.azurecr.io/phonebill/user-service + newTag: dev-latest + - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service + newTag: dev-latest + - name: acrdigitalgarage01.azurecr.io/phonebill/product-service + newTag: dev-latest + - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock + newTag: dev-latest + patches: + # Common patches - path: configmap-common-patch.yaml target: kind: ConfigMap name: cm-common + - path: secret-common-patch.yaml + target: + kind: Secret + name: secret-common + - path: ingress-patch.yaml + target: + kind: Ingress + name: phonebill + + # Deployment patches - path: deployment-api-gateway-patch.yaml target: kind: Deployment @@ -31,14 +61,8 @@ patches: target: kind: Deployment name: kos-mock - - path: ingress-patch.yaml - target: - kind: Ingress - name: phonebill-ingress - - path: secret-common-patch.yaml - target: - kind: Secret - name: secret-common + + # Secret patches - path: secret-user-service-patch.yaml target: kind: Secret @@ -50,21 +74,4 @@ patches: - path: secret-product-service-patch.yaml target: kind: Secret - name: secret-product-service - -images: - - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway - newTag: dev-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/user-service - newTag: dev-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service - newTag: dev-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/product-service - newTag: dev-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock - newTag: dev-latest - -namePrefix: dev- - -commonLabels: - environment: dev \ No newline at end of file + name: secret-product-service \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/dev/secret-bill-service-patch.yaml b/deployment/cicd/kustomize/overlays/dev/secret-bill-service-patch.yaml index 72b5ee6..9b4685c 100644 --- a/deployment/cicd/kustomize/overlays/dev/secret-bill-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/secret-bill-service-patch.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: secret-bill-service + type: Opaque stringData: DB_HOST: "bill-inquiry-postgres-dev-postgresql" diff --git a/deployment/cicd/kustomize/overlays/dev/secret-common-patch.yaml b/deployment/cicd/kustomize/overlays/dev/secret-common-patch.yaml index b641d81..6d48ff6 100644 --- a/deployment/cicd/kustomize/overlays/dev/secret-common-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/secret-common-patch.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: secret-common + type: Opaque stringData: JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ==" diff --git a/deployment/cicd/kustomize/overlays/dev/secret-product-service-patch.yaml b/deployment/cicd/kustomize/overlays/dev/secret-product-service-patch.yaml index 73c1619..a0be1df 100644 --- a/deployment/cicd/kustomize/overlays/dev/secret-product-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/secret-product-service-patch.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: secret-product-service + type: Opaque stringData: DB_HOST: "product-change-postgres-dev-postgresql" diff --git a/deployment/cicd/kustomize/overlays/dev/secret-user-service-patch.yaml b/deployment/cicd/kustomize/overlays/dev/secret-user-service-patch.yaml index a0e6d7a..b3d3e67 100644 --- a/deployment/cicd/kustomize/overlays/dev/secret-user-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/secret-user-service-patch.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: secret-user-service + type: Opaque stringData: DB_HOST: "auth-postgres-dev-postgresql" diff --git a/deployment/cicd/kustomize/overlays/prod/configmap-common-patch.yaml b/deployment/cicd/kustomize/overlays/prod/configmap-common-patch.yaml index abc4521..3991261 100644 --- a/deployment/cicd/kustomize/overlays/prod/configmap-common-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/configmap-common-patch.yaml @@ -1,11 +1,28 @@ apiVersion: v1 kind: ConfigMap metadata: - name: cm-common + name: common-config data: - CORS_ALLOWED_ORIGINS: "https://phonebill-prod.example.com" - JWT_ACCESS_TOKEN_VALIDITY: "3600000" - JWT_REFRESH_TOKEN_VALIDITY: "43200000" - REDIS_PORT: "6379" + # Production Spring profiles SPRING_PROFILES_ACTIVE: "prod" - DDL_AUTO: "validate" \ No newline at end of file + + # Production database settings + DDL_AUTO: "validate" + + # Production logging level + LOGGING_LEVEL_ROOT: "INFO" + LOGGING_LEVEL_COM_PHONEBILL: "INFO" + + # Production security settings + SECURITY_CORS_ALLOWED_ORIGINS: "https://phonebill.production-domain.com" + + # JWT Token settings for production (shorter expiry for security) + JWT_EXPIRATION: "1800000" # 30 minutes + + # Redis settings for production + REDIS_HOST: "redis-service.phonebill-prod.svc.cluster.local" + REDIS_PORT: "6379" + + # Production specific configurations + MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE: "health,info,prometheus" + MANAGEMENT_ENDPOINT_HEALTH_SHOW_DETAILS: "when-authorized" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/deployment-api-gateway-patch.yaml b/deployment/cicd/kustomize/overlays/prod/deployment-api-gateway-patch.yaml index a0bdaec..50d3bed 100644 --- a/deployment/cicd/kustomize/overlays/prod/deployment-api-gateway-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/deployment-api-gateway-patch.yaml @@ -3,15 +3,22 @@ kind: Deployment metadata: name: api-gateway spec: - replicas: 1 + replicas: 3 template: spec: containers: - - name: api-gateway - resources: - requests: - memory: "256Mi" - cpu: "256m" - limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + - name: api-gateway + resources: + requests: + cpu: "1024m" + memory: "1024Mi" + limits: + cpu: "4096m" + memory: "4096Mi" + env: + - name: SPRING_PROFILES_ACTIVE + value: "prod" + - name: SERVER_PORT + value: "8080" + - name: MANAGEMENT_SERVER_PORT + value: "8081" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/deployment-bill-service-patch.yaml b/deployment/cicd/kustomize/overlays/prod/deployment-bill-service-patch.yaml index bde12ae..1f2faa0 100644 --- a/deployment/cicd/kustomize/overlays/prod/deployment-bill-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/deployment-bill-service-patch.yaml @@ -3,15 +3,24 @@ kind: Deployment metadata: name: bill-service spec: - replicas: 1 + replicas: 3 template: spec: containers: - - name: bill-service - resources: - requests: - memory: "256Mi" - cpu: "256m" - limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + - name: bill-service + resources: + requests: + cpu: "1024m" + memory: "1024Mi" + limits: + cpu: "4096m" + memory: "4096Mi" + env: + - name: SPRING_PROFILES_ACTIVE + value: "prod" + - name: SERVER_PORT + value: "8080" + - name: MANAGEMENT_SERVER_PORT + value: "8081" + - name: SPRING_JPA_HIBERNATE_DDL_AUTO + value: "validate" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/deployment-kos-mock-patch.yaml b/deployment/cicd/kustomize/overlays/prod/deployment-kos-mock-patch.yaml index ab3676b..04a15c6 100644 --- a/deployment/cicd/kustomize/overlays/prod/deployment-kos-mock-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/deployment-kos-mock-patch.yaml @@ -3,15 +3,22 @@ kind: Deployment metadata: name: kos-mock spec: - replicas: 1 + replicas: 3 template: spec: containers: - - name: kos-mock - resources: - requests: - memory: "256Mi" - cpu: "256m" - limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + - name: kos-mock + resources: + requests: + cpu: "1024m" + memory: "1024Mi" + limits: + cpu: "4096m" + memory: "4096Mi" + env: + - name: SPRING_PROFILES_ACTIVE + value: "prod" + - name: SERVER_PORT + value: "8080" + - name: MANAGEMENT_SERVER_PORT + value: "8081" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/deployment-product-service-patch.yaml b/deployment/cicd/kustomize/overlays/prod/deployment-product-service-patch.yaml index ed481ca..474b4fe 100644 --- a/deployment/cicd/kustomize/overlays/prod/deployment-product-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/deployment-product-service-patch.yaml @@ -3,15 +3,24 @@ kind: Deployment metadata: name: product-service spec: - replicas: 1 + replicas: 3 template: spec: containers: - - name: product-service - resources: - requests: - memory: "256Mi" - cpu: "256m" - limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + - name: product-service + resources: + requests: + cpu: "1024m" + memory: "1024Mi" + limits: + cpu: "4096m" + memory: "4096Mi" + env: + - name: SPRING_PROFILES_ACTIVE + value: "prod" + - name: SERVER_PORT + value: "8080" + - name: MANAGEMENT_SERVER_PORT + value: "8081" + - name: SPRING_JPA_HIBERNATE_DDL_AUTO + value: "validate" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/deployment-user-service-patch.yaml b/deployment/cicd/kustomize/overlays/prod/deployment-user-service-patch.yaml index 611c4e3..62ed2a0 100644 --- a/deployment/cicd/kustomize/overlays/prod/deployment-user-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/deployment-user-service-patch.yaml @@ -3,15 +3,24 @@ kind: Deployment metadata: name: user-service spec: - replicas: 1 + replicas: 3 template: spec: containers: - - name: user-service - resources: - requests: - memory: "256Mi" - cpu: "256m" - limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + - name: user-service + resources: + requests: + cpu: "1024m" + memory: "1024Mi" + limits: + cpu: "4096m" + memory: "4096Mi" + env: + - name: SPRING_PROFILES_ACTIVE + value: "prod" + - name: SERVER_PORT + value: "8080" + - name: MANAGEMENT_SERVER_PORT + value: "8081" + - name: SPRING_JPA_HIBERNATE_DDL_AUTO + value: "validate" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/ingress-patch.yaml b/deployment/cicd/kustomize/overlays/prod/ingress-patch.yaml index 8a20553..bbd0a70 100644 --- a/deployment/cicd/kustomize/overlays/prod/ingress-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/ingress-patch.yaml @@ -1,54 +1,57 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: phonebill + name: phonebill-ingress annotations: - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/proxy-body-size: "10m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" + nginx.ingress.kubernetes.io/proxy-send-timeout: "300" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "300" spec: - ingressClassName: nginx tls: - - hosts: - - phonebill-prod.example.com - secretName: phonebill-prod-tls + - hosts: + - phonebill.production-domain.com + secretName: phonebill-prod-tls rules: - - host: phonebill-prod.example.com - http: - paths: - - path: /api/v1/auth - pathType: Prefix - backend: - service: - name: user-service - port: - number: 80 - - path: /api/v1/users - pathType: Prefix - backend: - service: - name: user-service - port: - number: 80 - - path: /api/v1/bills - pathType: Prefix - backend: - service: - name: bill-service - port: - number: 80 - - path: /api/v1/products - pathType: Prefix - backend: - service: - name: product-service - port: - number: 80 - - path: /api/v1/kos - pathType: Prefix - backend: - service: - name: kos-mock - port: - number: 80 \ No newline at end of file + - host: phonebill.production-domain.com + http: + paths: + - path: /api/auth + pathType: Prefix + backend: + service: + name: user-service + port: + number: 8080 + - path: /api/bills + pathType: Prefix + backend: + service: + name: bill-service + port: + number: 8080 + - path: /api/products + pathType: Prefix + backend: + service: + name: product-service + port: + number: 8080 + - path: /api/kos + pathType: Prefix + backend: + service: + name: kos-mock + port: + number: 8080 + - path: / + pathType: Prefix + backend: + service: + name: api-gateway + port: + number: 8080 \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/kustomization.yaml b/deployment/cicd/kustomize/overlays/prod/kustomization.yaml index d5d31f1..eed91b0 100644 --- a/deployment/cicd/kustomize/overlays/prod/kustomization.yaml +++ b/deployment/cicd/kustomize/overlays/prod/kustomization.yaml @@ -1,16 +1,61 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +metadata: + name: phonebill-prod + namespace: phonebill-prod resources: - ../../base +commonLabels: + environment: prod + +images: + - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway + newTag: prod-latest + - name: acrdigitalgarage01.azurecr.io/phonebill/user-service + newTag: prod-latest + - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service + newTag: prod-latest + - name: acrdigitalgarage01.azurecr.io/phonebill/product-service + newTag: prod-latest + - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock + newTag: prod-latest + patches: + # ConfigMap patches - path: configmap-common-patch.yaml target: kind: ConfigMap - name: cm-common + name: common-config + + # Secret patches + - path: secret-common-patch.yaml + target: + kind: Secret + name: common-secret + - path: secret-user-service-patch.yaml + target: + kind: Secret + name: user-service-secret + - path: secret-bill-service-patch.yaml + target: + kind: Secret + name: bill-service-secret + - path: secret-product-service-patch.yaml + target: + kind: Secret + name: product-service-secret + + # Ingress patches + - path: ingress-patch.yaml + target: + kind: Ingress + name: phonebill-ingress + + # Deployment patches - path: deployment-api-gateway-patch.yaml target: kind: Deployment @@ -30,41 +75,4 @@ patches: - path: deployment-kos-mock-patch.yaml target: kind: Deployment - name: kos-mock - - path: ingress-patch.yaml - target: - kind: Ingress - name: phonebill-ingress - - path: secret-common-patch.yaml - target: - kind: Secret - name: secret-common - - path: secret-user-service-patch.yaml - target: - kind: Secret - name: secret-user-service - - path: secret-bill-service-patch.yaml - target: - kind: Secret - name: secret-bill-service - - path: secret-product-service-patch.yaml - target: - kind: Secret - name: secret-product-service - -images: - - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway - newTag: prod-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/user-service - newTag: prod-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service - newTag: prod-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/product-service - newTag: prod-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock - newTag: prod-latest - -namePrefix: prod- - -commonLabels: - environment: prod \ No newline at end of file + name: kos-mock \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/secret-bill-service-patch.yaml b/deployment/cicd/kustomize/overlays/prod/secret-bill-service-patch.yaml index 6fb37b9..69f24b9 100644 --- a/deployment/cicd/kustomize/overlays/prod/secret-bill-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/secret-bill-service-patch.yaml @@ -1,10 +1,13 @@ apiVersion: v1 kind: Secret metadata: - name: secret-bill-service + name: bill-service-secret type: Opaque stringData: - DB_HOST: "bill-inquiry-postgres-prod-postgresql" - DB_NAME: "bill_inquiry_db" - DB_USERNAME: "bill_inquiry_user" - DB_PASSWORD: "BillUser2025Prod!SecurePassword" \ No newline at end of file + # Database connection for bill service in production + DB_URL: "jdbc:postgresql://bill-service-postgres-prod.phonebill-prod.svc.cluster.local:5432/bill_inquiry_db" + DB_USERNAME: "postgres" + DB_PASSWORD: "prod-bill-service-db-password-change-in-production" + + # Service-specific secrets for production + SERVICE_SECRET: "prod-bill-service-secret-change-in-production" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/secret-common-patch.yaml b/deployment/cicd/kustomize/overlays/prod/secret-common-patch.yaml index 8545abb..fb26a5d 100644 --- a/deployment/cicd/kustomize/overlays/prod/secret-common-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/secret-common-patch.yaml @@ -1,9 +1,20 @@ apiVersion: v1 kind: Secret metadata: - name: secret-common + name: common-secret type: Opaque stringData: - JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ==" - REDIS_HOST: "redis-cache-prod-master" - REDIS_PASSWORD: "Redis2025Prod!SecurePassword" \ No newline at end of file + # JWT Secret Key for production (should be changed in real deployment) + JWT_SECRET: "prod-phonebill-jwt-secret-key-change-in-production-2024" + + # Redis password for production + REDIS_PASSWORD: "prod-redis-password-change-in-production" + + # Database passwords for production + DB_PASSWORD: "prod-db-password-change-in-production" + + # External API keys for production + EXTERNAL_API_KEY: "prod-external-api-key-change-in-production" + + # Additional production secrets + ENCRYPTION_KEY: "prod-encryption-key-change-in-production-32chars" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/secret-product-service-patch.yaml b/deployment/cicd/kustomize/overlays/prod/secret-product-service-patch.yaml index f6ffda9..4450dff 100644 --- a/deployment/cicd/kustomize/overlays/prod/secret-product-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/secret-product-service-patch.yaml @@ -1,10 +1,13 @@ apiVersion: v1 kind: Secret metadata: - name: secret-product-service + name: product-service-secret type: Opaque stringData: - DB_HOST: "product-change-postgres-prod-postgresql" - DB_NAME: "product_change_db" - DB_USERNAME: "product_change_user" - DB_PASSWORD: "ProductUser2025Prod!SecurePassword" \ No newline at end of file + # Database connection for product service in production + DB_URL: "jdbc:postgresql://product-service-postgres-prod.phonebill-prod.svc.cluster.local:5432/product_change_db" + DB_USERNAME: "postgres" + DB_PASSWORD: "prod-product-service-db-password-change-in-production" + + # Service-specific secrets for production + SERVICE_SECRET: "prod-product-service-secret-change-in-production" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/secret-user-service-patch.yaml b/deployment/cicd/kustomize/overlays/prod/secret-user-service-patch.yaml index 06135f5..178f7f3 100644 --- a/deployment/cicd/kustomize/overlays/prod/secret-user-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/secret-user-service-patch.yaml @@ -1,10 +1,13 @@ apiVersion: v1 kind: Secret metadata: - name: secret-user-service + name: user-service-secret type: Opaque stringData: - DB_HOST: "auth-postgres-prod-postgresql" - DB_NAME: "phonebill_auth" - DB_USERNAME: "auth_user" - DB_PASSWORD: "AuthUser2025Prod!SecurePassword" \ No newline at end of file + # Database connection for user service in production + DB_URL: "jdbc:postgresql://user-service-postgres-prod.phonebill-prod.svc.cluster.local:5432/auth_db" + DB_USERNAME: "postgres" + DB_PASSWORD: "prod-user-service-db-password-change-in-production" + + # Service-specific secrets for production + SERVICE_SECRET: "prod-user-service-secret-change-in-production" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/configmap-common-patch.yaml b/deployment/cicd/kustomize/overlays/staging/configmap-common-patch.yaml index 7f720b5..a195c0a 100644 --- a/deployment/cicd/kustomize/overlays/staging/configmap-common-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/configmap-common-patch.yaml @@ -3,9 +3,6 @@ kind: ConfigMap metadata: name: cm-common data: - CORS_ALLOWED_ORIGINS: "https://phonebill-staging.example.com" - JWT_ACCESS_TOKEN_VALIDITY: "18000000" - JWT_REFRESH_TOKEN_VALIDITY: "86400000" - REDIS_PORT: "6379" + NAMESPACE: "phonebill-staging" SPRING_PROFILES_ACTIVE: "staging" DDL_AUTO: "validate" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/deployment-api-gateway-patch.yaml b/deployment/cicd/kustomize/overlays/staging/deployment-api-gateway-patch.yaml index a0bdaec..029bf0f 100644 --- a/deployment/cicd/kustomize/overlays/staging/deployment-api-gateway-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/deployment-api-gateway-patch.yaml @@ -1,17 +1,18 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: api-gateway + name: api-gateway-deployment spec: - replicas: 1 + replicas: 2 template: spec: containers: - - name: api-gateway - resources: - requests: - memory: "256Mi" - cpu: "256m" - limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + - name: api-gateway + image: acrdigitalgarage01.azurecr.io/phonebill-api-gateway:staging-latest + resources: + requests: + memory: "512Mi" + cpu: "512m" + limits: + memory: "2048Mi" + cpu: "2048m" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/deployment-bill-service-patch.yaml b/deployment/cicd/kustomize/overlays/staging/deployment-bill-service-patch.yaml index bde12ae..10985a9 100644 --- a/deployment/cicd/kustomize/overlays/staging/deployment-bill-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/deployment-bill-service-patch.yaml @@ -1,17 +1,18 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: bill-service + name: bill-service-deployment spec: - replicas: 1 + replicas: 2 template: spec: containers: - - name: bill-service - resources: - requests: - memory: "256Mi" - cpu: "256m" - limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + - name: bill-service + image: acrdigitalgarage01.azurecr.io/phonebill-bill-service:staging-latest + resources: + requests: + memory: "512Mi" + cpu: "512m" + limits: + memory: "2048Mi" + cpu: "2048m" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/deployment-kos-mock-patch.yaml b/deployment/cicd/kustomize/overlays/staging/deployment-kos-mock-patch.yaml index ab3676b..ae2a8f2 100644 --- a/deployment/cicd/kustomize/overlays/staging/deployment-kos-mock-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/deployment-kos-mock-patch.yaml @@ -1,17 +1,18 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: kos-mock + name: kos-mock-deployment spec: - replicas: 1 + replicas: 2 template: spec: containers: - - name: kos-mock - resources: - requests: - memory: "256Mi" - cpu: "256m" - limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + - name: kos-mock + image: acrdigitalgarage01.azurecr.io/phonebill-kos-mock:staging-latest + resources: + requests: + memory: "512Mi" + cpu: "512m" + limits: + memory: "2048Mi" + cpu: "2048m" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/deployment-product-service-patch.yaml b/deployment/cicd/kustomize/overlays/staging/deployment-product-service-patch.yaml index ed481ca..40c3d49 100644 --- a/deployment/cicd/kustomize/overlays/staging/deployment-product-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/deployment-product-service-patch.yaml @@ -1,17 +1,18 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: product-service + name: product-service-deployment spec: - replicas: 1 + replicas: 2 template: spec: containers: - - name: product-service - resources: - requests: - memory: "256Mi" - cpu: "256m" - limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + - name: product-service + image: acrdigitalgarage01.azurecr.io/phonebill-product-service:staging-latest + resources: + requests: + memory: "512Mi" + cpu: "512m" + limits: + memory: "2048Mi" + cpu: "2048m" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/deployment-user-service-patch.yaml b/deployment/cicd/kustomize/overlays/staging/deployment-user-service-patch.yaml index 611c4e3..0498f88 100644 --- a/deployment/cicd/kustomize/overlays/staging/deployment-user-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/deployment-user-service-patch.yaml @@ -1,17 +1,18 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: user-service + name: user-service-deployment spec: - replicas: 1 + replicas: 2 template: spec: containers: - - name: user-service - resources: - requests: - memory: "256Mi" - cpu: "256m" - limits: - memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + - name: user-service + image: acrdigitalgarage01.azurecr.io/phonebill-user-service:staging-latest + resources: + requests: + memory: "512Mi" + cpu: "512m" + limits: + memory: "2048Mi" + cpu: "2048m" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/ingress-patch.yaml b/deployment/cicd/kustomize/overlays/staging/ingress-patch.yaml index e8592f9..09e6e03 100644 --- a/deployment/cicd/kustomize/overlays/staging/ingress-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/ingress-patch.yaml @@ -1,54 +1,25 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: phonebill + name: phonebill-ingress annotations: - kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: - ingressClassName: nginx tls: - - hosts: - - phonebill-staging.example.com - secretName: phonebill-staging-tls + - hosts: + - phonebill.staging-domain.com + secretName: phonebill-tls-staging rules: - - host: phonebill-staging.example.com - http: - paths: - - path: /api/v1/auth - pathType: Prefix - backend: - service: - name: user-service - port: - number: 80 - - path: /api/v1/users - pathType: Prefix - backend: - service: - name: user-service - port: - number: 80 - - path: /api/v1/bills - pathType: Prefix - backend: - service: - name: bill-service - port: - number: 80 - - path: /api/v1/products - pathType: Prefix - backend: - service: - name: product-service - port: - number: 80 - - path: /api/v1/kos - pathType: Prefix - backend: - service: - name: kos-mock - port: - number: 80 \ No newline at end of file + - host: phonebill.staging-domain.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: api-gateway-service + port: + number: 8080 \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/kustomization.yaml b/deployment/cicd/kustomize/overlays/staging/kustomization.yaml index f8978b2..36b42fe 100644 --- a/deployment/cicd/kustomize/overlays/staging/kustomization.yaml +++ b/deployment/cicd/kustomize/overlays/staging/kustomization.yaml @@ -1,70 +1,68 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: phonebill-staging - resources: - ../../base +namespace: phonebill-staging + patches: - - path: configmap-common-patch.yaml - target: + # Common ConfigMap + - target: kind: ConfigMap name: cm-common - - path: deployment-api-gateway-patch.yaml - target: - kind: Deployment - name: api-gateway - - path: deployment-user-service-patch.yaml - target: - kind: Deployment - name: user-service - - path: deployment-bill-service-patch.yaml - target: - kind: Deployment - name: bill-service - - path: deployment-product-service-patch.yaml - target: - kind: Deployment - name: product-service - - path: deployment-kos-mock-patch.yaml - target: - kind: Deployment - name: kos-mock - - path: ingress-patch.yaml - target: - kind: Ingress - name: phonebill-ingress - - path: secret-common-patch.yaml - target: + path: configmap-common-patch.yaml + + # Common Secret + - target: kind: Secret name: secret-common - - path: secret-user-service-patch.yaml - target: + path: secret-common-patch.yaml + + # Ingress + - target: + kind: Ingress + name: phonebill-ingress + path: ingress-patch.yaml + + # API Gateway + - target: + kind: Deployment + name: api-gateway-deployment + path: deployment-api-gateway-patch.yaml + + # User Service + - target: + kind: Deployment + name: user-service-deployment + path: deployment-user-service-patch.yaml + - target: kind: Secret name: secret-user-service - - path: secret-bill-service-patch.yaml - target: + path: secret-user-service-patch.yaml + + # Bill Service + - target: + kind: Deployment + name: bill-service-deployment + path: deployment-bill-service-patch.yaml + - target: kind: Secret name: secret-bill-service - - path: secret-product-service-patch.yaml - target: + path: secret-bill-service-patch.yaml + + # Product Service + - target: + kind: Deployment + name: product-service-deployment + path: deployment-product-service-patch.yaml + - target: kind: Secret name: secret-product-service - -images: - - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway - newTag: staging-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/user-service - newTag: staging-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service - newTag: staging-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/product-service - newTag: staging-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock - newTag: staging-latest - -namePrefix: staging- - -commonLabels: - environment: staging \ No newline at end of file + path: secret-product-service-patch.yaml + + # KOS Mock + - target: + kind: Deployment + name: kos-mock-deployment + path: deployment-kos-mock-patch.yaml \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/secret-bill-service-patch.yaml b/deployment/cicd/kustomize/overlays/staging/secret-bill-service-patch.yaml index 6fe86a5..dab9dab 100644 --- a/deployment/cicd/kustomize/overlays/staging/secret-bill-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/secret-bill-service-patch.yaml @@ -2,9 +2,10 @@ apiVersion: v1 kind: Secret metadata: name: secret-bill-service -type: Opaque stringData: - DB_HOST: "bill-inquiry-postgres-staging-postgresql" + DB_HOST: "bill-service-postgres-staging.phonebill-staging.svc.cluster.local" + DB_PORT: "5432" DB_NAME: "bill_inquiry_db" - DB_USERNAME: "bill_inquiry_user" - DB_PASSWORD: "BillUser2025Staging!" \ No newline at end of file + DB_USERNAME: "postgres" + DB_PASSWORD: "staging-bill-service-db-password" + KOS_MOCK_URL: "http://kos-mock-service.phonebill-staging.svc.cluster.local:8090" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/secret-common-patch.yaml b/deployment/cicd/kustomize/overlays/staging/secret-common-patch.yaml index 951d3b4..8454367 100644 --- a/deployment/cicd/kustomize/overlays/staging/secret-common-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/secret-common-patch.yaml @@ -2,8 +2,9 @@ apiVersion: v1 kind: Secret metadata: name: secret-common -type: Opaque stringData: - JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ==" - REDIS_HOST: "redis-cache-staging-master" - REDIS_PASSWORD: "Redis2025Staging!" \ No newline at end of file + JWT_SECRET_KEY: "staging-my-very-secret-key-for-jwt-token-generation-and-validation-that-is-256-bits-long" + JWT_EXPIRATION_TIME: "3600" + REDIS_HOST: "phonebill-redis-staging.phonebill-staging.svc.cluster.local" + REDIS_PORT: "6379" + REDIS_PASSWORD: "staging-redis-password" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/secret-product-service-patch.yaml b/deployment/cicd/kustomize/overlays/staging/secret-product-service-patch.yaml index e54ac69..66b3097 100644 --- a/deployment/cicd/kustomize/overlays/staging/secret-product-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/secret-product-service-patch.yaml @@ -2,9 +2,10 @@ apiVersion: v1 kind: Secret metadata: name: secret-product-service -type: Opaque stringData: - DB_HOST: "product-change-postgres-staging-postgresql" + DB_HOST: "product-service-postgres-staging.phonebill-staging.svc.cluster.local" + DB_PORT: "5432" DB_NAME: "product_change_db" - DB_USERNAME: "product_change_user" - DB_PASSWORD: "ProductUser2025Staging!" \ No newline at end of file + DB_USERNAME: "postgres" + DB_PASSWORD: "staging-product-service-db-password" + KOS_MOCK_URL: "http://kos-mock-service.phonebill-staging.svc.cluster.local:8090" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/secret-user-service-patch.yaml b/deployment/cicd/kustomize/overlays/staging/secret-user-service-patch.yaml index 33c2eb3..851e959 100644 --- a/deployment/cicd/kustomize/overlays/staging/secret-user-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/secret-user-service-patch.yaml @@ -2,9 +2,9 @@ apiVersion: v1 kind: Secret metadata: name: secret-user-service -type: Opaque stringData: - DB_HOST: "auth-postgres-staging-postgresql" - DB_NAME: "phonebill_auth" - DB_USERNAME: "auth_user" - DB_PASSWORD: "AuthUser2025Staging!" \ No newline at end of file + DB_HOST: "user-service-postgres-staging.phonebill-staging.svc.cluster.local" + DB_PORT: "5432" + DB_NAME: "auth_db" + DB_USERNAME: "postgres" + DB_PASSWORD: "staging-user-service-db-password" \ No newline at end of file diff --git a/deployment/cicd/scripts/deploy.sh b/deployment/cicd/scripts/deploy.sh index 8aa7ab2..d0e8dfd 100755 --- a/deployment/cicd/scripts/deploy.sh +++ b/deployment/cicd/scripts/deploy.sh @@ -4,34 +4,40 @@ set -e ENVIRONMENT=${1:-dev} IMAGE_TAG=${2:-latest} -echo "🚀 Starting deployment for environment: $ENVIRONMENT with image tag: $IMAGE_TAG" +# 서비스 목록 +SERVICES=("api-gateway" "user-service" "bill-service" "product-service" "kos-mock") + +echo "🚀 Starting deployment to ${ENVIRONMENT} environment..." +echo "📦 Image tag: ${ENVIRONMENT}-${IMAGE_TAG}" # 환경별 이미지 태그 업데이트 cd deployment/cicd/kustomize/overlays/${ENVIRONMENT} -echo "📝 Updating image tags..." # 각 서비스 이미지 태그 업데이트 -kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/api-gateway:${ENVIRONMENT}-${IMAGE_TAG} -kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/user-service:${ENVIRONMENT}-${IMAGE_TAG} -kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/bill-service:${ENVIRONMENT}-${IMAGE_TAG} -kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/product-service:${ENVIRONMENT}-${IMAGE_TAG} -kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/kos-mock:${ENVIRONMENT}-${IMAGE_TAG} +echo "🔄 Updating image tags..." +for service in "${SERVICES[@]}"; do + echo " - Updating ${service} to acrdigitalgarage01.azurecr.io/phonebill/${service}:${ENVIRONMENT}-${IMAGE_TAG}" + kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/${service}:${ENVIRONMENT}-${IMAGE_TAG} +done -echo "📦 Applying manifests to Kubernetes..." # 배포 실행 +echo "🎯 Applying Kubernetes manifests..." kubectl apply -k . -echo "⏳ Waiting for deployments to be ready..." # 배포 상태 확인 -kubectl rollout status deployment/${ENVIRONMENT}-api-gateway -n phonebill-${ENVIRONMENT} -kubectl rollout status deployment/${ENVIRONMENT}-user-service -n phonebill-${ENVIRONMENT} -kubectl rollout status deployment/${ENVIRONMENT}-bill-service -n phonebill-${ENVIRONMENT} -kubectl rollout status deployment/${ENVIRONMENT}-product-service -n phonebill-${ENVIRONMENT} -kubectl rollout status deployment/${ENVIRONMENT}-kos-mock -n phonebill-${ENVIRONMENT} +echo "⏳ Waiting for deployments to be ready..." +for service in "${SERVICES[@]}"; do + echo " - Checking ${service} deployment status..." + kubectl rollout status deployment/${service} -n phonebill-${ENVIRONMENT} --timeout=300s +done -echo "🔍 Checking deployment status..." +# 최종 상태 확인 +echo "📋 Final deployment status:" kubectl get pods -n phonebill-${ENVIRONMENT} +echo "" kubectl get services -n phonebill-${ENVIRONMENT} +echo "" kubectl get ingress -n phonebill-${ENVIRONMENT} -echo "✅ Deployment completed successfully!" \ No newline at end of file +echo "✅ Deployment to ${ENVIRONMENT} environment completed successfully!" +echo "🌐 Access URL: https://$(kubectl get ingress -n phonebill-${ENVIRONMENT} -o jsonpath='{.items[0].spec.rules[0].host}')" \ No newline at end of file diff --git a/deployment/cicd/scripts/validate-cicd-setup.sh b/deployment/cicd/scripts/validate-cicd-setup.sh new file mode 100755 index 0000000..a7a5358 --- /dev/null +++ b/deployment/cicd/scripts/validate-cicd-setup.sh @@ -0,0 +1,86 @@ +#!/bin/bash +echo "🔍 Jenkins CI/CD 구성 최종 검증 시작..." + +# 1. 파일 개수 확인 +echo "1. 파일 개수 검증..." +OVERLAY_FILES=$(find deployment/cicd/kustomize/overlays -name "*.yaml" | wc -l) +if [ $OVERLAY_FILES -eq 36 ]; then + echo "✅ Overlay 파일 개수 정상 (36개)" +else + echo "❌ Overlay 파일 개수 오류 ($OVERLAY_FILES개, 36개여야 함)" +fi + +# 2. DEV ingress host 검증 +echo "2. DEV Ingress Host 검증..." +BASE_HOST=$(grep "host:" deployment/cicd/kustomize/base/common/ingress.yaml | awk '{print $3}') +DEV_HOST=$(grep "host:" deployment/cicd/kustomize/overlays/dev/ingress-patch.yaml | awk '{print $3}') +if [ "$BASE_HOST" = "$DEV_HOST" ]; then + echo "✅ DEV Ingress Host 정상 ($DEV_HOST)" +else + echo "❌ DEV Ingress Host 오류 (base: $BASE_HOST, dev: $DEV_HOST)" +fi + +# 3. Kustomize 빌드 테스트 +echo "3. Kustomize 빌드 테스트..." +for env in dev staging prod; do + if kubectl kustomize deployment/cicd/kustomize/overlays/$env > /dev/null 2>&1; then + echo "✅ $env 환경 빌드 성공" + else + echo "❌ $env 환경 빌드 실패" + kubectl kustomize deployment/cicd/kustomize/overlays/$env 2>&1 | head -3 + fi +done + +# 4. Jenkinsfile JDK 버전 확인 +echo "4. Jenkinsfile JDK 버전 검증..." +if grep -q "gradle:jdk21" deployment/cicd/Jenkinsfile; then + echo "✅ JDK 21 버전 정상" +else + echo "❌ JDK 버전 확인 필요" +fi + +# 5. Secret stringData 사용 확인 +echo "5. Secret stringData 사용 검증..." +if grep -r "stringData:" deployment/cicd/kustomize/overlays/*/secret-*-patch.yaml > /dev/null; then + echo "✅ stringData 사용 정상" +else + echo "❌ stringData 사용 확인 필요" +fi + +# 6. patches 문법 확인 (patchesStrategicMerge 금지) +echo "6. Kustomization patches 문법 검증..." +if grep -r "patchesStrategicMerge:" deployment/cicd/kustomize/overlays/*/kustomization.yaml > /dev/null; then + echo "❌ 금지된 patchesStrategicMerge 사용 발견" +else + echo "✅ patches 문법 정상" +fi + +# 7. 환경별 replicas 설정 확인 +echo "7. 환경별 replicas 설정 검증..." +DEV_REPLICAS=$(grep "replicas:" deployment/cicd/kustomize/overlays/dev/deployment-user-service-patch.yaml | awk '{print $2}') +STAGING_REPLICAS=$(grep "replicas:" deployment/cicd/kustomize/overlays/staging/deployment-user-service-patch.yaml | awk '{print $2}') +PROD_REPLICAS=$(grep "replicas:" deployment/cicd/kustomize/overlays/prod/deployment-user-service-patch.yaml | awk '{print $2}') + +if [ "$DEV_REPLICAS" = "1" ] && [ "$STAGING_REPLICAS" = "2" ] && [ "$PROD_REPLICAS" = "3" ]; then + echo "✅ 환경별 replicas 설정 정상 (dev:1, staging:2, prod:3)" +else + echo "❌ 환경별 replicas 설정 확인 필요 (dev:$DEV_REPLICAS, staging:$STAGING_REPLICAS, prod:$PROD_REPLICAS)" +fi + +# 8. 서비스 배열 검증 +echo "8. Jenkinsfile 서비스 배열 검증..." +SERVICES_COUNT=$(grep "def services = \[" deployment/cicd/Jenkinsfile | grep -o "'" | wc -l) +if [ $SERVICES_COUNT -eq 10 ]; then # 5개 서비스 * 2 (시작/끝 따옴표) + echo "✅ 서비스 배열 정상 (5개 서비스)" +else + echo "❌ 서비스 배열 확인 필요" +fi + +echo "" +echo "🎯 검증 완료!" +echo "" +echo "📋 추가 수동 확인사항:" +echo " - Jenkins Credentials 설정 (azure-credentials, acr-credentials, sonarqube-token)" +echo " - SonarQube Quality Gate 설정" +echo " - 프로덕션 환경 패스워드 변경" +echo " - SSL 인증서 설정" \ No newline at end of file