diff --git a/.github/kustomize/base/api-gateway/deployment.yaml b/.github/kustomize/base/api-gateway/deployment.yaml index ceb7e8c..537cc74 100644 --- a/.github/kustomize/base/api-gateway/deployment.yaml +++ b/.github/kustomize/base/api-gateway/deployment.yaml @@ -16,7 +16,7 @@ spec: - name: phonebill containers: - name: api-gateway - image: acrdigitalgarage01.azurecr.io/phonebill/api-gateway:latest + image: docker.io/hiondal/api-gateway:latest imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/.github/kustomize/base/bill-service/deployment.yaml b/.github/kustomize/base/bill-service/deployment.yaml index 78a42dd..fc604e6 100644 --- a/.github/kustomize/base/bill-service/deployment.yaml +++ b/.github/kustomize/base/bill-service/deployment.yaml @@ -16,7 +16,7 @@ spec: - name: phonebill containers: - name: bill-service - image: acrdigitalgarage01.azurecr.io/phonebill/bill-service:latest + image: docker.io/hiondal/bill-service:latest imagePullPolicy: Always ports: - containerPort: 8082 diff --git a/.github/kustomize/base/bill-service/secret-bill-service.yaml b/.github/kustomize/base/bill-service/secret-bill-service.yaml index caaa7cf..a131fce 100644 --- a/.github/kustomize/base/bill-service/secret-bill-service.yaml +++ b/.github/kustomize/base/bill-service/secret-bill-service.yaml @@ -4,7 +4,7 @@ metadata: name: secret-bill-service type: Opaque stringData: - DB_HOST: "bill-inquiry-postgres-dev-postgresql" - DB_NAME: "bill_inquiry_db" - DB_USERNAME: "bill_inquiry_user" - DB_PASSWORD: "BillUser2025@" + DB_HOST: "inquiry-postgresql " + DB_NAME: "inquirydb" + DB_USERNAME: "unicorn" + DB_PASSWORD: "P@ssw0rd$" diff --git a/.github/kustomize/base/common/cm-common.yaml b/.github/kustomize/base/common/cm-common.yaml index 3c16172..7c8a437 100644 --- a/.github/kustomize/base/common/cm-common.yaml +++ b/.github/kustomize/base/common/cm-common.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: cm-common data: - CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill-dg0500.20.214.196.128.nip.io" + CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.52.231.227.173.nip.io" JWT_ACCESS_TOKEN_VALIDITY: "18000000" JWT_REFRESH_TOKEN_VALIDITY: "86400000" REDIS_PORT: "6379" diff --git a/.github/kustomize/base/common/ingress.yaml b/.github/kustomize/base/common/ingress.yaml index da97115..e944eda 100644 --- a/.github/kustomize/base/common/ingress.yaml +++ b/.github/kustomize/base/common/ingress.yaml @@ -8,7 +8,7 @@ metadata: spec: ingressClassName: nginx rules: - - host: phonebill-dg0500-api.20.214.196.128.nip.io + - host: phonebill-api.52.231.227.173.nip.io http: paths: - path: /api/v1/auth diff --git a/.github/kustomize/base/common/secret-common.yaml b/.github/kustomize/base/common/secret-common.yaml index 53795ab..ae05d20 100644 --- a/.github/kustomize/base/common/secret-common.yaml +++ b/.github/kustomize/base/common/secret-common.yaml @@ -5,5 +5,5 @@ metadata: type: Opaque stringData: JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ==" - REDIS_HOST: "redis-cache-dev-master" - REDIS_PASSWORD: "Redis2025Dev@" \ No newline at end of file + REDIS_HOST: "cache-redis-master" + REDIS_PASSWORD: "P@ssw0rd$" \ No newline at end of file diff --git a/.github/kustomize/base/common/secret-imagepull.yaml b/.github/kustomize/base/common/secret-imagepull.yaml index 6bd576e..10e229e 100644 --- a/.github/kustomize/base/common/secret-imagepull.yaml +++ b/.github/kustomize/base/common/secret-imagepull.yaml @@ -7,10 +7,10 @@ stringData: .dockerconfigjson: | { "auths": { - "acrdigitalgarage01.azurecr.io": { - "username": "acrdigitalgarage01", - "password": "+OY+rmOagorjWvQe/tTk6oqvnZI8SmNbY/Y2o5EDcY+ACRDCDbYk", - "auth": "YWNyZGlnaXRhbGdhcmFnZTAxOitPWStybU9hZ29yald2UWUvdFRrNm9xdm5aSThTbU5iWS9ZMm81RURjWStBQ1JEQ0RiWWs=" + "docker.io": { + "username": "${DOCKER_USERNAME}", + "password": "${DOCKER_PASSWORD}", + "auth": "${DOCKER_AUTH}" } } } \ No newline at end of file diff --git a/.github/kustomize/base/kos-mock/deployment.yaml b/.github/kustomize/base/kos-mock/deployment.yaml index bd588f4..c453ba3 100644 --- a/.github/kustomize/base/kos-mock/deployment.yaml +++ b/.github/kustomize/base/kos-mock/deployment.yaml @@ -16,7 +16,7 @@ spec: - name: phonebill containers: - name: kos-mock - image: acrdigitalgarage01.azurecr.io/phonebill/kos-mock:latest + image: docker.io/hiondal/kos-mock:latest imagePullPolicy: Always ports: - containerPort: 8084 diff --git a/.github/kustomize/base/kustomization.yaml b/.github/kustomize/base/kustomization.yaml index 2c9ed50..c1ba52f 100644 --- a/.github/kustomize/base/kustomization.yaml +++ b/.github/kustomize/base/kustomization.yaml @@ -40,13 +40,13 @@ resources: - kos-mock/cm-kos-mock.yaml images: - - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway + - name: docker.io/hiondal/api-gateway newTag: latest - - name: acrdigitalgarage01.azurecr.io/phonebill/user-service + - name: docker.io/hiondal/user-service newTag: latest - - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service + - name: docker.io/hiondal/bill-service newTag: latest - - name: acrdigitalgarage01.azurecr.io/phonebill/product-service + - name: docker.io/hiondal/product-service newTag: latest - - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock + - name: docker.io/hiondal/kos-mock newTag: latest diff --git a/.github/kustomize/base/product-service/deployment.yaml b/.github/kustomize/base/product-service/deployment.yaml index 0b463a3..ea10c3e 100644 --- a/.github/kustomize/base/product-service/deployment.yaml +++ b/.github/kustomize/base/product-service/deployment.yaml @@ -16,7 +16,7 @@ spec: - name: phonebill containers: - name: product-service - image: acrdigitalgarage01.azurecr.io/phonebill/product-service:latest + image: docker.io/hiondal/product-service:latest imagePullPolicy: Always ports: - containerPort: 8083 diff --git a/.github/kustomize/base/product-service/secret-product-service.yaml b/.github/kustomize/base/product-service/secret-product-service.yaml index e773ec9..c96a72c 100644 --- a/.github/kustomize/base/product-service/secret-product-service.yaml +++ b/.github/kustomize/base/product-service/secret-product-service.yaml @@ -4,7 +4,7 @@ metadata: name: secret-product-service type: Opaque stringData: - DB_HOST: "product-change-postgres-dev-postgresql" - DB_NAME: "product_change_db" - DB_USERNAME: "product_change_user" - DB_PASSWORD: "ProductUser2025@" \ No newline at end of file + DB_HOST: "change-postgresql" + DB_NAME: "changedb" + DB_USERNAME: "unicorn" + DB_PASSWORD: "P@ssw0rd$" \ No newline at end of file diff --git a/.github/kustomize/base/user-service/deployment.yaml b/.github/kustomize/base/user-service/deployment.yaml index 2dbd2d4..41e9694 100644 --- a/.github/kustomize/base/user-service/deployment.yaml +++ b/.github/kustomize/base/user-service/deployment.yaml @@ -16,7 +16,7 @@ spec: - name: phonebill containers: - name: user-service - image: acrdigitalgarage01.azurecr.io/phonebill/user-service:latest + image: docker.io/hiondal/user-service:latest imagePullPolicy: Always ports: - containerPort: 8081 diff --git a/.github/kustomize/base/user-service/secret-user-service.yaml b/.github/kustomize/base/user-service/secret-user-service.yaml index 8424423..e52b4e5 100644 --- a/.github/kustomize/base/user-service/secret-user-service.yaml +++ b/.github/kustomize/base/user-service/secret-user-service.yaml @@ -4,7 +4,7 @@ metadata: name: secret-user-service type: Opaque stringData: - DB_HOST: "auth-postgres-dev-postgresql" - DB_NAME: "phonebill_auth" - DB_USERNAME: "auth_user" - DB_PASSWORD: "AuthUser2025@" \ No newline at end of file + DB_HOST: "auth-postgresql" + DB_NAME: "authdb" + DB_USERNAME: "unicorn" + DB_PASSWORD: "P@ssw0rd$" \ No newline at end of file diff --git a/.github/kustomize/overlays/dev/cm-common-patch.yaml b/.github/kustomize/overlays/dev/cm-common-patch.yaml index 5c670fa..e9d58f6 100644 --- a/.github/kustomize/overlays/dev/cm-common-patch.yaml +++ b/.github/kustomize/overlays/dev/cm-common-patch.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: cm-common data: - CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill-dg0500.20.214.196.128.nip.io" + CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.52.231.227.173.nip.io" JWT_ACCESS_TOKEN_VALIDITY: "3600000" JWT_REFRESH_TOKEN_VALIDITY: "86400000" REDIS_PORT: "6379" diff --git a/.github/kustomize/overlays/dev/ingress-patch.yaml b/.github/kustomize/overlays/dev/ingress-patch.yaml index 2ab0ccd..1c19964 100644 --- a/.github/kustomize/overlays/dev/ingress-patch.yaml +++ b/.github/kustomize/overlays/dev/ingress-patch.yaml @@ -8,7 +8,7 @@ metadata: spec: ingressClassName: nginx rules: - - host: phonebill-dg0500-api.20.214.196.128.nip.io + - host: phonebill-api.52.231.227.173.nip.io http: paths: - path: /api/v1/auth diff --git a/.github/kustomize/overlays/dev/kustomization.yaml b/.github/kustomize/overlays/dev/kustomization.yaml index 1ee94f6..a0e2014 100644 --- a/.github/kustomize/overlays/dev/kustomization.yaml +++ b/.github/kustomize/overlays/dev/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: phonebill-dg0500 +namespace: phonebill resources: - ../../base @@ -64,13 +64,13 @@ patches: name: kos-mock images: - - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway + - name: docker.io/hiondal/api-gateway newTag: dev-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/user-service + - name: docker.io/hiondal/user-service newTag: dev-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service + - name: docker.io/hiondal/bill-service newTag: dev-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/product-service + - name: docker.io/hiondal/product-service newTag: dev-latest - - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock + - name: docker.io/hiondal/kos-mock newTag: dev-latest diff --git a/.github/kustomize/overlays/dev/secret-bill-service-patch.yaml b/.github/kustomize/overlays/dev/secret-bill-service-patch.yaml index caaa7cf..a131fce 100644 --- a/.github/kustomize/overlays/dev/secret-bill-service-patch.yaml +++ b/.github/kustomize/overlays/dev/secret-bill-service-patch.yaml @@ -4,7 +4,7 @@ metadata: name: secret-bill-service type: Opaque stringData: - DB_HOST: "bill-inquiry-postgres-dev-postgresql" - DB_NAME: "bill_inquiry_db" - DB_USERNAME: "bill_inquiry_user" - DB_PASSWORD: "BillUser2025@" + DB_HOST: "inquiry-postgresql " + DB_NAME: "inquirydb" + DB_USERNAME: "unicorn" + DB_PASSWORD: "P@ssw0rd$" diff --git a/.github/kustomize/overlays/dev/secret-common-patch.yaml b/.github/kustomize/overlays/dev/secret-common-patch.yaml index e81141b..9f3880c 100644 --- a/.github/kustomize/overlays/dev/secret-common-patch.yaml +++ b/.github/kustomize/overlays/dev/secret-common-patch.yaml @@ -5,5 +5,5 @@ metadata: type: Opaque stringData: JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ==" - REDIS_HOST: "redis-cache-dev-master" - REDIS_PASSWORD: "Redis2025Dev@" + REDIS_HOST: "cache-redis-master" + REDIS_PASSWORD: "P@ssw0rd$" diff --git a/.github/kustomize/overlays/dev/secret-product-service-patch.yaml b/.github/kustomize/overlays/dev/secret-product-service-patch.yaml index a607e53..788bfbf 100644 --- a/.github/kustomize/overlays/dev/secret-product-service-patch.yaml +++ b/.github/kustomize/overlays/dev/secret-product-service-patch.yaml @@ -4,7 +4,7 @@ metadata: name: secret-product-service type: Opaque stringData: - DB_HOST: "product-change-postgres-dev-postgresql" - DB_NAME: "product_change_db" - DB_USERNAME: "product_change_user" - DB_PASSWORD: "ProductUser2025@" + DB_HOST: "change-postgresql" + DB_NAME: "changedb" + DB_USERNAME: "unicorn" + DB_PASSWORD: "P@ssw0rd$" diff --git a/.github/kustomize/overlays/dev/secret-user-service-patch.yaml b/.github/kustomize/overlays/dev/secret-user-service-patch.yaml index fc49850..bd6aa09 100644 --- a/.github/kustomize/overlays/dev/secret-user-service-patch.yaml +++ b/.github/kustomize/overlays/dev/secret-user-service-patch.yaml @@ -4,7 +4,7 @@ metadata: name: secret-user-service type: Opaque stringData: - DB_HOST: "auth-postgres-dev-postgresql" - DB_NAME: "phonebill_auth" - DB_USERNAME: "auth_user" - DB_PASSWORD: "AuthUser2025@" + DB_HOST: "auth-postgresql" + DB_NAME: "authdb" + DB_USERNAME: "unicorn" + DB_PASSWORD: "P@ssw0rd$" diff --git a/.github/workflows/backend-cicd.yaml b/.github/workflows/backend-cicd.yaml index 35dea4b..7873db2 100644 --- a/.github/workflows/backend-cicd.yaml +++ b/.github/workflows/backend-cicd.yaml @@ -1,4 +1,4 @@ -name: Backend Services CI/CD +name: Backend Services CI/CD (Generic K8s) on: push: @@ -13,40 +13,24 @@ on: - '.github/**' pull_request: branches: [ main ] - workflow_dispatch: - inputs: - ENVIRONMENT: - description: 'Target environment' - required: true - default: 'dev' - type: choice - options: - - dev - - staging - - prod - SKIP_SONARQUBE: - description: 'Skip SonarQube Analysis' - required: false - default: 'true' - type: choice - options: - - 'true' - - 'false' env: - REGISTRY: acrdigitalgarage01.azurecr.io - IMAGE_ORG: phonebill - RESOURCE_GROUP: rg-digitalgarage-01 - AKS_CLUSTER: aks-digitalgarage-01 - NAMESPACE: phonebill-dg0500 + # ============================================ + # 변경: Azure ACR → Docker Hub + # ============================================ + REGISTRY: docker.io + IMAGE_ORG: ${{ secrets.DOCKERHUB_USERNAME }} + NAMESPACE: phonebill + + # SSH 터널링용 + MINIKUBE_IP: "192.168.49.2" jobs: build: name: Build and Test runs-on: ubuntu-latest outputs: - #image_tag: ${{ steps.set_outputs.outputs.image_tag }} - image_tag: dg0500 + image_tag: ${{ steps.set_outputs.outputs.image_tag }} environment: ${{ steps.set_outputs.outputs.environment }} steps: @@ -63,47 +47,10 @@ jobs: - name: Determine environment id: determine_env run: | - # Use input parameter or default to 'dev' - ENVIRONMENT="${{ github.event.inputs.ENVIRONMENT || 'dev' }}" + # workflow_dispatch 입력값 우선, 없으면 vars 사용 + ENVIRONMENT="${{ vars.ENVIRONMENT || 'dev' }}" echo "environment=$ENVIRONMENT" >> $GITHUB_OUTPUT - - name: Load environment variables - id: env_vars - run: | - ENV=${{ steps.determine_env.outputs.environment }} - - # Initialize variables with defaults - REGISTRY="acrdigitalgarage01.azurecr.io" - IMAGE_ORG="phonebill" - RESOURCE_GROUP="rg-digitalgarage-01" - AKS_CLUSTER="aks-digitalgarage-01" - NAMESPACE="phonebill-dg0500" - - # Read environment variables from .github/config file - if [[ -f ".github/config/deploy_env_vars_${ENV}" ]]; then - while IFS= read -r line || [[ -n "$line" ]]; do - # Skip comments and empty lines - [[ "$line" =~ ^#.*$ ]] && continue - [[ -z "$line" ]] && continue - - # Extract key-value pairs - key=$(echo "$line" | cut -d '=' -f1) - value=$(echo "$line" | cut -d '=' -f2-) - - # Override defaults if found in config - case "$key" in - "resource_group") RESOURCE_GROUP="$value" ;; - "cluster_name") AKS_CLUSTER="$value" ;; - esac - done < ".github/config/deploy_env_vars_${ENV}" - fi - - # Export for other jobs - echo "REGISTRY=$REGISTRY" >> $GITHUB_ENV - echo "IMAGE_ORG=$IMAGE_ORG" >> $GITHUB_ENV - echo "RESOURCE_GROUP=$RESOURCE_GROUP" >> $GITHUB_ENV - echo "AKS_CLUSTER=$AKS_CLUSTER" >> $GITHUB_ENV - - name: Grant execute permission for gradlew run: chmod +x gradlew @@ -112,19 +59,12 @@ jobs: ./gradlew build -x test - name: SonarQube Analysis & Quality Gate + if: ${{ vars.SKIP_SONARQUBE != 'true' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} run: | - # Check if SonarQube should be skipped - SKIP_SONARQUBE="${{ github.event.inputs.SKIP_SONARQUBE || 'true' }}" - - if [[ "$SKIP_SONARQUBE" == "true" ]]; then - echo "⏭️ Skipping SonarQube Analysis (SKIP_SONARQUBE=$SKIP_SONARQUBE)" - exit 0 - fi - # Define services array services=(api-gateway user-service bill-service product-service kos-mock) @@ -154,7 +94,6 @@ jobs: - name: Set outputs id: set_outputs run: | - # Generate timestamp for image tag IMAGE_TAG=$(date +%Y%m%d%H%M%S) echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT echo "environment=${{ steps.determine_env.outputs.environment }}" >> $GITHUB_OUTPUT @@ -175,27 +114,21 @@ jobs: - name: Set environment variables from build job run: | - echo "REGISTRY=${{ env.REGISTRY }}" >> $GITHUB_ENV - echo "IMAGE_ORG=${{ env.IMAGE_ORG }}" >> $GITHUB_ENV echo "ENVIRONMENT=${{ needs.build.outputs.environment }}" >> $GITHUB_ENV echo "IMAGE_TAG=${{ needs.build.outputs.image_tag }}" >> $GITHUB_ENV - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Login to Docker Hub (prevent rate limit) + # ============================================ + # 변경: Docker Hub 로그인만 사용 + # ============================================ + - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - - name: Login to Azure Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.ACR_USERNAME }} - password: ${{ secrets.ACR_PASSWORD }} - - name: Build and push Docker images for all services run: | # Define services array @@ -208,9 +141,11 @@ jobs: --build-arg BUILD_LIB_DIR="$service/build/libs" \ --build-arg ARTIFACTORY_FILE="$service.jar" \ -f deployment/container/Dockerfile-backend \ - -t ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }} . + -t ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }} \ + -t ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/$service:${{ needs.build.outputs.environment }}-latest . - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }} + docker push ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }} + docker push ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/$service:${{ needs.build.outputs.environment }}-latest done deploy: @@ -222,31 +157,68 @@ jobs: - name: Check out code uses: actions/checkout@v4 - - name: Set image tag environment variable + - name: Set environment variables run: | echo "IMAGE_TAG=${{ needs.build.outputs.image_tag }}" >> $GITHUB_ENV echo "ENVIRONMENT=${{ needs.build.outputs.environment }}" >> $GITHUB_ENV - - name: Install Azure CLI + # ============================================ + # 변경: Azure CLI/Login 제거 → SSH 터널링 + # ============================================ + - name: Setup SSH key run: | - curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash + mkdir -p ~/.ssh + echo "${{ secrets.VM_SSH_KEY }}" > ~/.ssh/vm_key + chmod 600 ~/.ssh/vm_key + ssh-keyscan -H ${{ secrets.VM_IP }} >> ~/.ssh/known_hosts 2>/dev/null || true - - name: Azure Login - uses: azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} + - name: Create SSH tunnel to Minikube + run: | + ssh -i ~/.ssh/vm_key \ + -o StrictHostKeyChecking=no \ + -o ServerAliveInterval=60 \ + -L 8443:${{ env.MINIKUBE_IP }}:8443 \ + ${{ secrets.VM_USER }}@${{ secrets.VM_IP }} -N & + sleep 5 + echo "✅ SSH tunnel established" + + # ============================================ + # 변경: az aks get-credentials → KUBECONFIG Secret + # ============================================ - name: Setup kubectl uses: azure/setup-kubectl@v3 - - name: Get AKS Credentials + - name: Configure kubectl via KUBECONFIG run: | - az aks get-credentials --resource-group ${{ env.RESOURCE_GROUP }} --name ${{ env.AKS_CLUSTER }} --overwrite-existing + mkdir -p $HOME/.kube + echo "${{ secrets.KUBECONFIG }}" > $HOME/.kube/config + chmod 600 $HOME/.kube/config + + # server 주소를 localhost:8443으로 변경 (SSH 터널 통해 접근) + sed -i 's|server:.*|server: https://127.0.0.1:8443|g' $HOME/.kube/config + + - name: Verify cluster connection + run: | + kubectl cluster-info + kubectl get nodes - name: Create namespace run: | kubectl create namespace ${{ env.NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f - + # ============================================ + # 추가: Docker Hub pull secret 생성 + # ============================================ + - name: Create image pull secret + run: | + kubectl create secret docker-registry dockerhub-secret \ + --docker-server=docker.io \ + --docker-username=${{ secrets.DOCKERHUB_USERNAME }} \ + --docker-password=${{ secrets.DOCKERHUB_PASSWORD }} \ + --namespace=${{ env.NAMESPACE }} \ + --dry-run=client -o yaml | kubectl apply -f - + - name: Install Kustomize run: | curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash @@ -254,17 +226,17 @@ jobs: - name: Update Kustomize images and deploy run: | - # 환경별 디렉토리로 이동 cd .github/kustomize/overlays/${{ env.ENVIRONMENT }} - # 각 서비스별 이미지 태그 업데이트 - kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/api-gateway:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }} - kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/user-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }} - kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/bill-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }} - kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/product-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }} - kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/kos-mock:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }} + # ============================================ + # 변경: 이미지 경로를 Docker Hub로 + # ============================================ + kustomize edit set image ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/api-gateway:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }} + kustomize edit set image ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/user-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }} + kustomize edit set image ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/bill-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }} + kustomize edit set image ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/product-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }} + kustomize edit set image ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/kos-mock:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }} - # 매니페스트 적용 kubectl apply -k . - name: Wait for deployments to be ready @@ -275,3 +247,16 @@ jobs: kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/bill-service --timeout=300s kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/product-service --timeout=300s kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/kos-mock --timeout=300s + + - name: Show deployment status + run: | + kubectl -n ${{ env.NAMESPACE }} get pods -o wide + kubectl -n ${{ env.NAMESPACE }} get svc + + # ============================================ + # 추가: SSH 터널 정리 + # ============================================ + - name: Cleanup SSH tunnel + if: always() + run: | + pkill -f "ssh.*8443" || true diff --git a/.github/workflows/backend-cicd_ArgoCD.yaml b/.github/workflows/backend-cicd_ArgoCD.yaml deleted file mode 100644 index ce3df94..0000000 --- a/.github/workflows/backend-cicd_ArgoCD.yaml +++ /dev/null @@ -1,255 +0,0 @@ -name: Backend Services CI/CD (ArgoCD) - -on: - push: - branches: [ main, develop ] - paths: - - 'api-gateway/**' - - 'user-service/**' - - 'bill-service/**' - - 'product-service/**' - - 'kos-mock/**' - - 'common/**' - - '.github/**' - pull_request: - branches: [ main ] - workflow_dispatch: - inputs: - ENVIRONMENT: - description: 'Target environment' - required: true - default: 'dev' - type: choice - options: - - dev - - staging - - prod - SKIP_SONARQUBE: - description: 'Skip SonarQube Analysis' - required: false - default: 'true' - type: choice - options: - - 'true' - - 'false' - -env: - REGISTRY: acrdigitalgarage01.azurecr.io - IMAGE_ORG: phonebill - RESOURCE_GROUP: rg-digitalgarage-01 - AKS_CLUSTER: aks-digitalgarage-01 - NAMESPACE: phonebill-dg0500 - -jobs: - build: - name: Build and Test - runs-on: ubuntu-latest - outputs: - #image_tag: ${{ steps.set_outputs.outputs.image_tag }} - image_tag: dg0500 - environment: ${{ steps.set_outputs.outputs.environment }} - - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Set up JDK 21 - uses: actions/setup-java@v3 - with: - java-version: '21' - distribution: 'temurin' - cache: 'gradle' - - - name: Determine environment - id: determine_env - run: | - # Use input parameter or default to 'dev' - ENVIRONMENT="${{ github.event.inputs.ENVIRONMENT || 'dev' }}" - echo "environment=$ENVIRONMENT" >> $GITHUB_OUTPUT - - - name: Load environment variables - id: env_vars - run: | - ENV=${{ steps.determine_env.outputs.environment }} - - # Initialize variables with defaults - REGISTRY="acrdigitalgarage01.azurecr.io" - IMAGE_ORG="phonebill" - RESOURCE_GROUP="rg-digitalgarage-01" - AKS_CLUSTER="aks-digitalgarage-01" - NAMESPACE="phonebill-dg0500" - - # Read environment variables from .github/config file - if [[ -f ".github/config/deploy_env_vars_${ENV}" ]]; then - while IFS= read -r line || [[ -n "$line" ]]; do - # Skip comments and empty lines - [[ "$line" =~ ^#.*$ ]] && continue - [[ -z "$line" ]] && continue - - # Extract key-value pairs - key=$(echo "$line" | cut -d '=' -f1) - value=$(echo "$line" | cut -d '=' -f2-) - - # Override defaults if found in config - case "$key" in - "resource_group") RESOURCE_GROUP="$value" ;; - "cluster_name") AKS_CLUSTER="$value" ;; - esac - done < ".github/config/deploy_env_vars_${ENV}" - fi - - # Export for other jobs - echo "REGISTRY=$REGISTRY" >> $GITHUB_ENV - echo "IMAGE_ORG=$IMAGE_ORG" >> $GITHUB_ENV - echo "RESOURCE_GROUP=$RESOURCE_GROUP" >> $GITHUB_ENV - echo "AKS_CLUSTER=$AKS_CLUSTER" >> $GITHUB_ENV - - - name: Grant execute permission for gradlew - run: chmod +x gradlew - - - name: Build with Gradle - run: | - ./gradlew build -x test - - - name: SonarQube Analysis & Quality Gate - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} - run: | - # Check if SonarQube should be skipped - SKIP_SONARQUBE="${{ github.event.inputs.SKIP_SONARQUBE || 'true' }}" - - if [[ "$SKIP_SONARQUBE" == "true" ]]; then - echo "⏭️ Skipping SonarQube Analysis (SKIP_SONARQUBE=$SKIP_SONARQUBE)" - exit 0 - fi - - # Define services array - services=(api-gateway user-service bill-service product-service kos-mock) - - # Run tests, coverage reports, and SonarQube analysis for each service - for service in "${services[@]}"; do - ./gradlew :$service:test :$service:jacocoTestReport :$service:sonar \ - -Dsonar.projectKey=phonebill-$service-${{ steps.determine_env.outputs.environment }} \ - -Dsonar.projectName=phonebill-$service-${{ steps.determine_env.outputs.environment }} \ - -Dsonar.host.url=$SONAR_HOST_URL \ - -Dsonar.token=$SONAR_TOKEN \ - -Dsonar.java.binaries=build/classes/java/main \ - -Dsonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml \ - -Dsonar.exclusions=**/config/**,**/entity/**,**/dto/**,**/*Application.class,**/exception/** - done - - - name: Upload build artifacts - uses: actions/upload-artifact@v4 - with: - name: app-builds - path: | - api-gateway/build/libs/*.jar - user-service/build/libs/*.jar - bill-service/build/libs/*.jar - product-service/build/libs/*.jar - kos-mock/build/libs/*.jar - - - name: Set outputs - id: set_outputs - run: | - # Generate timestamp for image tag - IMAGE_TAG=$(date +%Y%m%d%H%M%S) - echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT - echo "environment=${{ steps.determine_env.outputs.environment }}" >> $GITHUB_OUTPUT - - release: - name: Build and Push Docker Images - needs: build - runs-on: ubuntu-latest - - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Download build artifacts - uses: actions/download-artifact@v4 - with: - name: app-builds - - - name: Set environment variables from build job - run: | - echo "REGISTRY=${{ env.REGISTRY }}" >> $GITHUB_ENV - echo "IMAGE_ORG=${{ env.IMAGE_ORG }}" >> $GITHUB_ENV - echo "ENVIRONMENT=${{ needs.build.outputs.environment }}" >> $GITHUB_ENV - echo "IMAGE_TAG=${{ needs.build.outputs.image_tag }}" >> $GITHUB_ENV - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to Docker Hub (prevent rate limit) - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - - - name: Login to Azure Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.ACR_USERNAME }} - password: ${{ secrets.ACR_PASSWORD }} - - - name: Build and push Docker images for all services - run: | - # Define services array - services=(api-gateway user-service bill-service product-service kos-mock) - - # Build and push each service image - for service in "${services[@]}"; do - echo "Building and pushing $service..." - docker build \ - --build-arg BUILD_LIB_DIR="$service/build/libs" \ - --build-arg ARTIFACTORY_FILE="$service.jar" \ - -f deployment/container/Dockerfile-backend \ - -t ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }} . - - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }} - done - - update-manifest: - name: Update Manifest Repository - needs: [build, release] - runs-on: ubuntu-latest - - steps: - - name: Set image tag environment variable - run: | - echo "IMAGE_TAG=${{ needs.build.outputs.image_tag }}" >> $GITHUB_ENV - echo "ENVIRONMENT=${{ needs.build.outputs.environment }}" >> $GITHUB_ENV - - - name: Update Manifest Repository - run: | - # 매니페스트 레포지토리 클론 - REPO_URL=$(echo "https://github.com/cna-bootcamp/phonebill-manifest.git" | sed 's|https://||') - git clone https://${{ secrets.GIT_USERNAME }}:${{ secrets.GIT_PASSWORD }}@${REPO_URL} manifest-repo - cd manifest-repo - - # Kustomize 설치 - curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash - sudo mv kustomize /usr/local/bin/ - - # 매니페스트 업데이트 - cd phonebill/kustomize/overlays/${{ env.ENVIRONMENT }} - - # 각 서비스별 이미지 태그 업데이트 - services="api-gateway user-service bill-service product-service kos-mock" - for service in $services; do - kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/$service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }} - done - - # Git 설정 및 푸시 - cd ../../../.. - git config user.name "GitHub Actions" - git config user.email "actions@github.com" - git add . - git commit -m "🚀 Update phonebill ${{ env.ENVIRONMENT }} images to ${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}" - git push origin main - - echo "✅ 매니페스트 업데이트 완료. ArgoCD가 자동으로 배포합니다."