Jenkins CI/CD 파이프라인 구축 완료

- Kustomize 기반 환경별 배포 구성 (dev/staging/prod) - Jenkins 파이프라인 with SonarQube 품질 게이트 - 파드 자동 정리 및 보안 강화 설정 - 환경별 차등 리소스 할당 및 도메인 설정 - 수동 배포 및 검증 스크립트 제공 - 5개 마이크로서비스 병렬 빌드/배포 지원 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-06-12 19:49:10 +00:00 · 2025-09-12 22:29:40 +09:00
parent d12d8c0838
commit 725635fadd
46 changed files with 969 additions and 921 deletions
@@ -13,31 +13,31 @@ resources:
  - common/secret-common.yaml
  - common/secret-imagepull.yaml
  - common/ingress.yaml
-  
-  # API Gateway
+
+  # api-gateway
  - api-gateway/deployment.yaml
  - api-gateway/service.yaml
  - api-gateway/cm-api-gateway.yaml
-  
-  # User Service
+
+  # user-service
  - user-service/deployment.yaml
  - user-service/service.yaml
  - user-service/cm-user-service.yaml
  - user-service/secret-user-service.yaml
  
-  # Bill Service
+  # bill-service
  - bill-service/deployment.yaml
  - bill-service/service.yaml
  - bill-service/cm-bill-service.yaml
  - bill-service/secret-bill-service.yaml
  
-  # Product Service
+  # product-service
  - product-service/deployment.yaml
  - product-service/service.yaml
  - product-service/cm-product-service.yaml
  - product-service/secret-product-service.yaml
  
-  # KOS Mock
+  # kos-mock
  - kos-mock/deployment.yaml
  - kos-mock/service.yaml
  - kos-mock/cm-kos-mock.yaml
@@ -1,6 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: phonebill
-  labels:
-    name: phonebill
+  name: phonebill
@@ -2,11 +2,16 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: cm-common
-
 data:
-  CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill-dev.20.214.196.128.nip.io"
-  JWT_ACCESS_TOKEN_VALIDITY: "18000000"
-  JWT_REFRESH_TOKEN_VALIDITY: "86400000"
-  REDIS_PORT: "6379"
+  # 환경별 프로파일 설정
  SPRING_PROFILES_ACTIVE: "dev"
-  DDL_AUTO: "update"
+  
+  # 개발 환경 도메인 설정
+  CORS_ALLOWED_ORIGINS: "http://phonebill-api.20.214.196.128.nip.io"
+  
+  # 개발 환경 DDL 설정 (데이터 보존을 위해 update 사용)
+  DDL_AUTO: "update"
+  
+  # JWT 토큰 유효시간 (개발 환경은 긴 유효시간)
+  JWT_ACCESS_TOKEN_EXPIRATION: "3600000"
+  JWT_REFRESH_TOKEN_EXPIRATION: "86400000"
@@ -2,18 +2,16 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: api-gateway
-
 spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: api-gateway
-        image: acrdigitalgarage01.azurecr.io/phonebill/api-gateway:dev-latest
        resources:
          requests:
-            cpu: 256m
-            memory: 256Mi
+            memory: "256Mi"
+            cpu: "256m"
          limits:
-            cpu: 1024m
-            memory: 1024Mi
+            memory: "1024Mi"
+            cpu: "1024m"
@@ -2,18 +2,16 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: bill-service
-
 spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: bill-service
-        image: acrdigitalgarage01.azurecr.io/phonebill/bill-service:dev-latest
        resources:
          requests:
-            cpu: 256m
-            memory: 256Mi
+            memory: "256Mi"
+            cpu: "256m"
          limits:
-            cpu: 1024m
-            memory: 1024Mi
+            memory: "1024Mi"
+            cpu: "1024m"
@@ -2,18 +2,16 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: kos-mock
-
 spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: kos-mock
-        image: acrdigitalgarage01.azurecr.io/phonebill/kos-mock:dev-latest
        resources:
          requests:
-            cpu: 256m
-            memory: 256Mi
+            memory: "256Mi"
+            cpu: "256m"
          limits:
-            cpu: 1024m
-            memory: 1024Mi
+            memory: "1024Mi"
+            cpu: "1024m"
@@ -2,18 +2,16 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: product-service
-
 spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: product-service
-        image: acrdigitalgarage01.azurecr.io/phonebill/product-service:dev-latest
        resources:
          requests:
-            cpu: 256m
-            memory: 256Mi
+            memory: "256Mi"
+            cpu: "256m"
          limits:
-            cpu: 1024m
-            memory: 1024Mi
+            memory: "1024Mi"
+            cpu: "1024m"
@@ -2,18 +2,16 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: user-service
-
 spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: user-service
-        image: acrdigitalgarage01.azurecr.io/phonebill/user-service:dev-latest
        resources:
          requests:
-            cpu: 256m
-            memory: 256Mi
+            memory: "256Mi"
+            cpu: "256m"
          limits:
-            cpu: 1024m
-            memory: 1024Mi
+            memory: "1024Mi"
+            cpu: "1024m"
@@ -5,7 +5,6 @@ metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
-
 spec:
  ingressClassName: nginx
  rules:
@@ -1,46 +1,16 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

-metadata:
-  name: phonebill-dev
+namespace: phonebill-dev

 resources:
  - ../../base

-namespace: phonebill-dev
-
-labels:
-  - pairs:
-      env: dev
-
-images:
-  - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
-    newTag: dev-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/user-service
-    newTag: dev-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
-    newTag: dev-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/product-service
-    newTag: dev-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
-    newTag: dev-latest
-
 patches:
-  # Common patches
  - path: configmap-common-patch.yaml
    target:
      kind: ConfigMap
      name: cm-common
-  - path: secret-common-patch.yaml
-    target:
-      kind: Secret
-      name: secret-common
-  - path: ingress-patch.yaml
-    target:
-      kind: Ingress
-      name: phonebill
-  
-  # Deployment patches
  - path: deployment-api-gateway-patch.yaml
    target:
      kind: Deployment
@@ -61,8 +31,14 @@ patches:
    target:
      kind: Deployment
      name: kos-mock
-  
-  # Secret patches
+  - path: ingress-patch.yaml
+    target:
+      kind: Ingress
+      name: phonebill
+  - path: secret-common-patch.yaml
+    target:
+      kind: Secret
+      name: secret-common
  - path: secret-user-service-patch.yaml
    target:
      kind: Secret
@@ -74,4 +50,19 @@ patches:
  - path: secret-product-service-patch.yaml
    target:
      kind: Secret
-      name: secret-product-service
+      name: secret-product-service
+
+images:
+  - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
+    newTag: dev-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/user-service
+    newTag: dev-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
+    newTag: dev-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/product-service
+    newTag: dev-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
+    newTag: dev-latest
+
+commonLabels:
+  environment: dev
@@ -2,10 +2,8 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: secret-bill-service
-
 type: Opaque
 stringData:
-  DB_HOST: "bill-inquiry-postgres-dev-postgresql"
-  DB_NAME: "bill_inquiry_db"
-  DB_USERNAME: "bill_inquiry_user"
-  DB_PASSWORD: "BillUser2025!"
+  # Bill Service DB 접속 정보 (개발 환경)
+  DB_PASSWORD: "billdb-dev-password"
+  DB_URL: "jdbc:postgresql://bill-inquiry-postgres-dev-postgresql:5432/bill_inquiry_db"
@@ -2,9 +2,12 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: secret-common
-
 type: Opaque
 stringData:
-  JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
-  REDIS_HOST: "redis-cache-dev-master"
-  REDIS_PASSWORD: "Redis2025Dev!"
+  # Redis 설정 (개발 환경)
+  REDIS_PASSWORD: "dev-redis-password"
+  
+  # JWT Secret Key (개발 환경용)
+  JWT_SECRET: "dev-jwt-secret-key-for-phonebill-development"
+  
+  # 개발 환경용 공통 시크릿
@@ -2,10 +2,8 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: secret-product-service
-
 type: Opaque
 stringData:
-  DB_HOST: "product-change-postgres-dev-postgresql"
-  DB_NAME: "product_change_db"
-  DB_USERNAME: "product_change_user"
-  DB_PASSWORD: "ProductUser2025!"
+  # Product Service DB 접속 정보 (개발 환경)
+  DB_PASSWORD: "productdb-dev-password"
+  DB_URL: "jdbc:postgresql://product-change-postgres-dev-postgresql:5432/product_change_db"
@@ -2,10 +2,8 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: secret-user-service
-
 type: Opaque
 stringData:
-  DB_HOST: "auth-postgres-dev-postgresql"
-  DB_NAME: "phonebill_auth"
-  DB_USERNAME: "auth_user"
-  DB_PASSWORD: "AuthUser2025!"
+  # User Service DB 접속 정보 (개발 환경)
+  DB_PASSWORD: "userdb-dev-password"
+  DB_URL: "jdbc:postgresql://user-auth-postgres-dev-postgresql:5432/user_auth_db"
@@ -0,0 +1,72 @@
+# Production Overlay Configuration
+
+This directory contains the Kustomize overlay configuration for the production environment of the phonebill project.
+
+## Configuration Overview
+
+### Environment Details
+- **Namespace**: `phonebill-prod`
+- **Environment**: Production
+- **Replicas**: 3 (for all services)
+- **Domain**: `phonebill.yourdomain.com`
+- **Image Tag**: `prod-latest`
+- **SSL**: Enabled with HTTPS redirect
+
+### Security Configuration
+- **JWT Access Token**: 30분 (1800000ms) - 보안 강화를 위한 짧은 만료시간
+- **JWT Refresh Token**: 12시간 (43200000ms)
+- **DDL Auto**: `validate` - 프로덕션 안전성을 위한 스키마 검증 모드
+- **SSL Redirect**: 강제 HTTPS 리디렉션
+
+### Resource Allocation
+All services are configured with:
+- **Requests**: 1024m CPU, 1024Mi Memory
+- **Limits**: 4096m CPU, 4096Mi Memory
+
+### Health Checks
+- **Liveness Probe**: 2분 초기 지연, 30초 간격
+- **Readiness Probe**: 1분 초기 지연, 10초 간격
+
+## Files Structure
+
+```
+prod/
+├── kustomization.yaml                    # 메인 오버레이 설정
+├── configmap-common-patch.yaml          # 공통 설정 (프로덕션 프로파일)
+├── secret-common-patch.yaml             # 공통 시크릿 (JWT, Redis)
+├── ingress-patch.yaml                   # HTTPS 인그레스 설정
+├── deployment-api-gateway-patch.yaml    # API Gateway 배포 설정
+├── deployment-user-service-patch.yaml   # 사용자 서비스 배포 설정
+├── deployment-bill-service-patch.yaml   # 요금조회 서비스 배포 설정
+├── deployment-product-service-patch.yaml# 상품변경 서비스 배포 설정
+├── deployment-kos-mock-patch.yaml       # KOS Mock 배포 설정
+├── secret-user-service-patch.yaml       # 사용자 서비스 DB 연결정보
+├── secret-bill-service-patch.yaml       # 요금조회 서비스 DB 연결정보
+└── secret-product-service-patch.yaml    # 상품변경 서비스 DB 연결정보
+```
+
+## Deployment Command
+
+```bash
+# Apply production configuration
+kubectl apply -k deployment/cicd/kustomize/overlays/prod/
+
+# Validate configuration before applying
+kubectl kustomize deployment/cicd/kustomize/overlays/prod/
+```
+
+## Important Notes
+
+1. **Secret Values**: 모든 시크릿 값들은 실제 프로덕션 환경에 맞게 변경해야 합니다.
+2. **Domain Configuration**: `phonebill.yourdomain.com`을 실제 도메인으로 변경하세요.
+3. **Certificate**: SSL 인증서 설정을 위해 cert-manager가 구성되어 있어야 합니다.
+4. **Database**: 각 서비스별 전용 데이터베이스 인스턴스가 필요합니다.
+5. **Monitoring**: 프로덕션 환경에서는 모니터링 및 로깅 설정이 중요합니다.
+
+## Database Services Required
+
+프로덕션 환경에서는 다음 데이터베이스 서비스들이 필요합니다:
+- `auth-postgres-prod-service` (사용자 서비스)
+- `bill-inquiry-postgres-prod-service` (요금조회 서비스)
+- `product-change-postgres-prod-service` (상품변경 서비스)
+- `redis-prod-service` (공통 캐시)
@@ -1,28 +1,19 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: common-config
+  name: cm-common
+  namespace: phonebill-prod
 data:
-  # Production Spring profiles
  SPRING_PROFILES_ACTIVE: "prod"
-  
-  # Production database settings
  DDL_AUTO: "validate"
  
-  # Production logging level
-  LOGGING_LEVEL_ROOT: "INFO"
-  LOGGING_LEVEL_COM_PHONEBILL: "INFO"
+  # JWT 설정 - 프로덕션 보안 강화
+  JWT_ACCESS_EXPIRATION: "1800000"    # 30분 (1800초)
+  JWT_REFRESH_EXPIRATION: "43200000"  # 12시간 (43200초)
  
-  # Production security settings
-  SECURITY_CORS_ALLOWED_ORIGINS: "https://phonebill.production-domain.com"
+  # 로깅 설정
+  LOG_LEVEL_ROOT: "INFO"
+  LOG_LEVEL_COM_PHONEBILL: "INFO"
  
-  # JWT Token settings for production (shorter expiry for security)
-  JWT_EXPIRATION: "1800000"  # 30 minutes
-  
-  # Redis settings for production
-  REDIS_HOST: "redis-service.phonebill-prod.svc.cluster.local"
-  REDIS_PORT: "6379"
-  
-  # Production specific configurations
-  MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE: "health,info,prometheus"
-  MANAGEMENT_ENDPOINT_HEALTH_SHOW_DETAILS: "when-authorized"
+  # 캐시 설정
+  CACHE_TTL: "3600"  # 1시간
@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: api-gateway
+  namespace: phonebill-prod
 spec:
  replicas: 3
  template:
@@ -10,15 +11,24 @@ spec:
        - name: api-gateway
          resources:
            requests:
-              cpu: "1024m"
              memory: "1024Mi"
+              cpu: "1024m"
            limits:
-              cpu: "4096m"
              memory: "4096Mi"
-          env:
-            - name: SPRING_PROFILES_ACTIVE
-              value: "prod"
-            - name: SERVER_PORT
-              value: "8080"
-            - name: MANAGEMENT_SERVER_PORT
-              value: "8081"
+              cpu: "4096m"
+          livenessProbe:
+            httpGet:
+              path: /actuator/health
+              port: 8080
+            initialDelaySeconds: 120
+            periodSeconds: 30
+            timeoutSeconds: 10
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: 8080
+            initialDelaySeconds: 60
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 3
@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: bill-service
+  namespace: phonebill-prod
 spec:
  replicas: 3
  template:
@@ -10,17 +11,24 @@ spec:
        - name: bill-service
          resources:
            requests:
-              cpu: "1024m"
              memory: "1024Mi"
+              cpu: "1024m"
            limits:
-              cpu: "4096m"
              memory: "4096Mi"
-          env:
-            - name: SPRING_PROFILES_ACTIVE
-              value: "prod"
-            - name: SERVER_PORT
-              value: "8080"
-            - name: MANAGEMENT_SERVER_PORT
-              value: "8081"
-            - name: SPRING_JPA_HIBERNATE_DDL_AUTO
-              value: "validate"
+              cpu: "4096m"
+          livenessProbe:
+            httpGet:
+              path: /actuator/health
+              port: 8080
+            initialDelaySeconds: 120
+            periodSeconds: 30
+            timeoutSeconds: 10
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: 8080
+            initialDelaySeconds: 60
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 3
@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: kos-mock
+  namespace: phonebill-prod
 spec:
  replicas: 3
  template:
@@ -10,15 +11,24 @@ spec:
        - name: kos-mock
          resources:
            requests:
-              cpu: "1024m"
              memory: "1024Mi"
+              cpu: "1024m"
            limits:
-              cpu: "4096m"
              memory: "4096Mi"
-          env:
-            - name: SPRING_PROFILES_ACTIVE
-              value: "prod"
-            - name: SERVER_PORT
-              value: "8080"
-            - name: MANAGEMENT_SERVER_PORT
-              value: "8081"
+              cpu: "4096m"
+          livenessProbe:
+            httpGet:
+              path: /actuator/health
+              port: 8080
+            initialDelaySeconds: 120
+            periodSeconds: 30
+            timeoutSeconds: 10
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: 8080
+            initialDelaySeconds: 60
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 3
@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: product-service
+  namespace: phonebill-prod
 spec:
  replicas: 3
  template:
@@ -10,17 +11,24 @@ spec:
        - name: product-service
          resources:
            requests:
-              cpu: "1024m"
              memory: "1024Mi"
+              cpu: "1024m"
            limits:
-              cpu: "4096m"
              memory: "4096Mi"
-          env:
-            - name: SPRING_PROFILES_ACTIVE
-              value: "prod"
-            - name: SERVER_PORT
-              value: "8080"
-            - name: MANAGEMENT_SERVER_PORT
-              value: "8081"
-            - name: SPRING_JPA_HIBERNATE_DDL_AUTO
-              value: "validate"
+              cpu: "4096m"
+          livenessProbe:
+            httpGet:
+              path: /actuator/health
+              port: 8080
+            initialDelaySeconds: 120
+            periodSeconds: 30
+            timeoutSeconds: 10
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: 8080
+            initialDelaySeconds: 60
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 3
@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: user-service
+  namespace: phonebill-prod
 spec:
  replicas: 3
  template:
@@ -10,17 +11,24 @@ spec:
        - name: user-service
          resources:
            requests:
-              cpu: "1024m"
              memory: "1024Mi"
+              cpu: "1024m"
            limits:
-              cpu: "4096m"
              memory: "4096Mi"
-          env:
-            - name: SPRING_PROFILES_ACTIVE
-              value: "prod"
-            - name: SERVER_PORT
-              value: "8080"
-            - name: MANAGEMENT_SERVER_PORT
-              value: "8081"
-            - name: SPRING_JPA_HIBERNATE_DDL_AUTO
-              value: "validate"
+              cpu: "4096m"
+          livenessProbe:
+            httpGet:
+              path: /actuator/health
+              port: 8080
+            initialDelaySeconds: 120
+            periodSeconds: 30
+            timeoutSeconds: 10
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: 8080
+            initialDelaySeconds: 60
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 3
@@ -1,53 +1,26 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: phonebill-ingress
+  name: phonebill
+  namespace: phonebill-prod
  annotations:
-    kubernetes.io/ingress.class: "nginx"
+    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/proxy-body-size: "10m"
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
-    nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
 spec:
  tls:
    - hosts:
-        - phonebill.production-domain.com
+        - phonebill.yourdomain.com
      secretName: phonebill-prod-tls
  rules:
-    - host: phonebill.production-domain.com
+    - host: phonebill.yourdomain.com
      http:
        paths:
-          - path: /api/auth
-            pathType: Prefix
-            backend:
-              service:
-                name: user-service
-                port:
-                  number: 8080
-          - path: /api/bills
-            pathType: Prefix
-            backend:
-              service:
-                name: bill-service
-                port:
-                  number: 8080
-          - path: /api/products
-            pathType: Prefix
-            backend:
-              service:
-                name: product-service
-                port:
-                  number: 8080
-          - path: /api/kos
-            pathType: Prefix
-            backend:
-              service:
-                name: kos-mock
-                port:
-                  number: 8080
          - path: /
            pathType: Prefix
            backend:
@@ -1,61 +1,16 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

-metadata:
-  name: phonebill-prod
-
 namespace: phonebill-prod

 resources:
  - ../../base

-commonLabels:
-  environment: prod
-
-images:
-  - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
-    newTag: prod-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/user-service
-    newTag: prod-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
-    newTag: prod-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/product-service
-    newTag: prod-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
-    newTag: prod-latest
-
 patches:
-  # ConfigMap patches
  - path: configmap-common-patch.yaml
    target:
      kind: ConfigMap
-      name: common-config
-  
-  # Secret patches
-  - path: secret-common-patch.yaml
-    target:
-      kind: Secret
-      name: common-secret
-  - path: secret-user-service-patch.yaml
-    target:
-      kind: Secret
-      name: user-service-secret
-  - path: secret-bill-service-patch.yaml
-    target:
-      kind: Secret
-      name: bill-service-secret
-  - path: secret-product-service-patch.yaml
-    target:
-      kind: Secret
-      name: product-service-secret
-  
-  # Ingress patches
-  - path: ingress-patch.yaml
-    target:
-      kind: Ingress
-      name: phonebill-ingress
-  
-  # Deployment patches
+      name: cm-common
  - path: deployment-api-gateway-patch.yaml
    target:
      kind: Deployment
@@ -75,4 +30,39 @@ patches:
  - path: deployment-kos-mock-patch.yaml
    target:
      kind: Deployment
-      name: kos-mock
+      name: kos-mock
+  - path: ingress-patch.yaml
+    target:
+      kind: Ingress
+      name: phonebill
+  - path: secret-common-patch.yaml
+    target:
+      kind: Secret
+      name: secret-common
+  - path: secret-user-service-patch.yaml
+    target:
+      kind: Secret
+      name: secret-user-service
+  - path: secret-bill-service-patch.yaml
+    target:
+      kind: Secret
+      name: secret-bill-service
+  - path: secret-product-service-patch.yaml
+    target:
+      kind: Secret
+      name: secret-product-service
+
+images:
+  - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
+    newTag: prod-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/user-service
+    newTag: prod-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
+    newTag: prod-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/product-service
+    newTag: prod-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
+    newTag: prod-latest
+
+commonLabels:
+  environment: prod
@@ -1,13 +1,22 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: bill-service-secret
+  name: secret-bill-service
+  namespace: phonebill-prod
 type: Opaque
 stringData:
-  # Database connection for bill service in production
-  DB_URL: "jdbc:postgresql://bill-service-postgres-prod.phonebill-prod.svc.cluster.local:5432/bill_inquiry_db"
+  # 요금조회 서비스 전용 데이터베이스 연결정보
+  DB_HOST: "bill-inquiry-postgres-prod-service"
+  DB_PORT: "5432"
+  DB_NAME: "bill_inquiry_db"
  DB_USERNAME: "postgres"
-  DB_PASSWORD: "prod-bill-service-db-password-change-in-production"
+  DB_PASSWORD: "your-production-bill-db-password"
  
-  # Service-specific secrets for production
-  SERVICE_SECRET: "prod-bill-service-secret-change-in-production"
+  # 데이터베이스 연결 풀 설정 (프로덕션 최적화)
+  DB_MAX_POOL_SIZE: "20"
+  DB_MIN_IDLE: "5"
+  DB_CONNECTION_TIMEOUT: "30000"
+  
+  # KOS 연동 설정
+  KOS_BASE_URL: "http://kos-mock:8080"
+  KOS_API_KEY: "your-production-kos-api-key"
@@ -1,20 +1,17 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: common-secret
+  name: secret-common
+  namespace: phonebill-prod
 type: Opaque
 stringData:
-  # JWT Secret Key for production (should be changed in real deployment)
-  JWT_SECRET: "prod-phonebill-jwt-secret-key-change-in-production-2024"
+  # JWT 설정
+  JWT_SECRET: "your-production-jwt-secret-key-here-must-be-very-secure"
  
-  # Redis password for production
-  REDIS_PASSWORD: "prod-redis-password-change-in-production"
+  # Redis 설정
+  REDIS_HOST: "redis-prod-service"
+  REDIS_PORT: "6379"
+  REDIS_PASSWORD: "your-production-redis-password"
  
-  # Database passwords for production
-  DB_PASSWORD: "prod-db-password-change-in-production"
-  
-  # External API keys for production
-  EXTERNAL_API_KEY: "prod-external-api-key-change-in-production"
-  
-  # Additional production secrets
-  ENCRYPTION_KEY: "prod-encryption-key-change-in-production-32chars"
+  # 암호화 설정
+  ENCRYPTION_KEY: "your-production-encryption-key-32-chars"
@@ -1,13 +1,22 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: product-service-secret
+  name: secret-product-service
+  namespace: phonebill-prod
 type: Opaque
 stringData:
-  # Database connection for product service in production
-  DB_URL: "jdbc:postgresql://product-service-postgres-prod.phonebill-prod.svc.cluster.local:5432/product_change_db"
+  # 상품변경 서비스 전용 데이터베이스 연결정보
+  DB_HOST: "product-change-postgres-prod-service"
+  DB_PORT: "5432"
+  DB_NAME: "product_change_db"
  DB_USERNAME: "postgres"
-  DB_PASSWORD: "prod-product-service-db-password-change-in-production"
+  DB_PASSWORD: "your-production-product-db-password"
  
-  # Service-specific secrets for production
-  SERVICE_SECRET: "prod-product-service-secret-change-in-production"
+  # 데이터베이스 연결 풀 설정 (프로덕션 최적화)
+  DB_MAX_POOL_SIZE: "20"
+  DB_MIN_IDLE: "5"
+  DB_CONNECTION_TIMEOUT: "30000"
+  
+  # KOS 연동 설정
+  KOS_BASE_URL: "http://kos-mock:8080"
+  KOS_API_KEY: "your-production-kos-api-key"
@@ -1,13 +1,18 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: user-service-secret
+  name: secret-user-service
+  namespace: phonebill-prod
 type: Opaque
 stringData:
-  # Database connection for user service in production
-  DB_URL: "jdbc:postgresql://user-service-postgres-prod.phonebill-prod.svc.cluster.local:5432/auth_db"
+  # 사용자 서비스 전용 데이터베이스 연결정보
+  DB_HOST: "auth-postgres-prod-service"
+  DB_PORT: "5432"
+  DB_NAME: "auth_db"
  DB_USERNAME: "postgres"
-  DB_PASSWORD: "prod-user-service-db-password-change-in-production"
+  DB_PASSWORD: "your-production-auth-db-password"
  
-  # Service-specific secrets for production
-  SERVICE_SECRET: "prod-user-service-secret-change-in-production"
+  # 데이터베이스 연결 풀 설정 (프로덕션 최적화)
+  DB_MAX_POOL_SIZE: "20"
+  DB_MIN_IDLE: "5"
+  DB_CONNECTION_TIMEOUT: "30000"
@@ -3,6 +3,15 @@ kind: ConfigMap
 metadata:
  name: cm-common
 data:
-  NAMESPACE: "phonebill-staging"
+  # 환경별 프로파일 설정
  SPRING_PROFILES_ACTIVE: "staging"
-  DDL_AUTO: "validate"
+  
+  # 스테이징 환경 도메인 설정
+  CORS_ALLOWED_ORIGINS: "https://phonebill-staging.yourdomain.com"
+  
+  # 스테이징 환경 DDL 설정 (데이터 검증을 위해 validate 사용)
+  DDL_AUTO: "validate"
+  
+  # JWT 토큰 유효시간 (스테이징 환경은 운영과 유사한 유효시간)
+  JWT_ACCESS_TOKEN_EXPIRATION: "1800000"
+  JWT_REFRESH_TOKEN_EXPIRATION: "43200000"
@@ -1,18 +1,17 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: api-gateway-deployment
+  name: api-gateway
 spec:
  replicas: 2
  template:
    spec:
      containers:
-        - name: api-gateway
-          image: acrdigitalgarage01.azurecr.io/phonebill-api-gateway:staging-latest
-          resources:
-            requests:
-              memory: "512Mi"
-              cpu: "512m"
-            limits:
-              memory: "2048Mi"
-              cpu: "2048m"
+      - name: api-gateway
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "512m"
+          limits:
+            memory: "2048Mi"
+            cpu: "2048m"
@@ -1,18 +1,17 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: bill-service-deployment
+  name: bill-service
 spec:
  replicas: 2
  template:
    spec:
      containers:
-        - name: bill-service
-          image: acrdigitalgarage01.azurecr.io/phonebill-bill-service:staging-latest
-          resources:
-            requests:
-              memory: "512Mi"
-              cpu: "512m"
-            limits:
-              memory: "2048Mi"
-              cpu: "2048m"
+      - name: bill-service
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "512m"
+          limits:
+            memory: "2048Mi"
+            cpu: "2048m"
@@ -1,18 +1,17 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: kos-mock-deployment
+  name: kos-mock
 spec:
  replicas: 2
  template:
    spec:
      containers:
-        - name: kos-mock
-          image: acrdigitalgarage01.azurecr.io/phonebill-kos-mock:staging-latest
-          resources:
-            requests:
-              memory: "512Mi"
-              cpu: "512m"
-            limits:
-              memory: "2048Mi"
-              cpu: "2048m"
+      - name: kos-mock
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "512m"
+          limits:
+            memory: "2048Mi"
+            cpu: "2048m"
@@ -1,18 +1,17 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: product-service-deployment
+  name: product-service
 spec:
  replicas: 2
  template:
    spec:
      containers:
-        - name: product-service
-          image: acrdigitalgarage01.azurecr.io/phonebill-product-service:staging-latest
-          resources:
-            requests:
-              memory: "512Mi"
-              cpu: "512m"
-            limits:
-              memory: "2048Mi"
-              cpu: "2048m"
+      - name: product-service
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "512m"
+          limits:
+            memory: "2048Mi"
+            cpu: "2048m"
@@ -1,18 +1,17 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: user-service-deployment
+  name: user-service
 spec:
  replicas: 2
  template:
    spec:
      containers:
-        - name: user-service
-          image: acrdigitalgarage01.azurecr.io/phonebill-user-service:staging-latest
-          resources:
-            requests:
-              memory: "512Mi"
-              cpu: "512m"
-            limits:
-              memory: "2048Mi"
-              cpu: "2048m"
+      - name: user-service
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "512m"
+          limits:
+            memory: "2048Mi"
+            cpu: "2048m"
@@ -1,25 +1,53 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: phonebill-ingress
+  name: phonebill
  annotations:
+    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: letsencrypt-prod
 spec:
+  ingressClassName: nginx
  tls:
-    - hosts:
-        - phonebill.staging-domain.com
-      secretName: phonebill-tls-staging
+  - hosts:
+    - phonebill-staging.yourdomain.com
+    secretName: phonebill-staging-tls
  rules:
-    - host: phonebill.staging-domain.com
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: api-gateway-service
-                port:
-                  number: 8080
+  - host: phonebill-staging.yourdomain.com
+    http:
+      paths:
+      - path: /api/v1/auth
+        pathType: Prefix
+        backend:
+          service:
+            name: user-service
+            port:
+              number: 80
+      - path: /api/v1/users
+        pathType: Prefix
+        backend:
+          service:
+            name: user-service
+            port:
+              number: 80
+      - path: /api/v1/bills
+        pathType: Prefix
+        backend:
+          service:
+            name: bill-service
+            port:
+              number: 80
+      - path: /api/v1/products
+        pathType: Prefix
+        backend:
+          service:
+            name: product-service
+            port:
+              number: 80
+      - path: /api/v1/kos
+        pathType: Prefix
+        backend:
+          service:
+            name: kos-mock
+            port:
+              number: 80
@@ -1,68 +1,68 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

+namespace: phonebill-staging
+
 resources:
  - ../../base

-namespace: phonebill-staging
-
 patches:
-  # Common ConfigMap
-  - target:
+  - path: configmap-common-patch.yaml
+    target:
      kind: ConfigMap
      name: cm-common
-    path: configmap-common-patch.yaml
-  
-  # Common Secret
-  - target:
+  - path: deployment-api-gateway-patch.yaml
+    target:
+      kind: Deployment
+      name: api-gateway
+  - path: deployment-user-service-patch.yaml
+    target:
+      kind: Deployment
+      name: user-service
+  - path: deployment-bill-service-patch.yaml
+    target:
+      kind: Deployment
+      name: bill-service
+  - path: deployment-product-service-patch.yaml
+    target:
+      kind: Deployment
+      name: product-service
+  - path: deployment-kos-mock-patch.yaml
+    target:
+      kind: Deployment
+      name: kos-mock
+  - path: ingress-patch.yaml
+    target:
+      kind: Ingress
+      name: phonebill
+  - path: secret-common-patch.yaml
+    target:
      kind: Secret
      name: secret-common
-    path: secret-common-patch.yaml
-  
-  # Ingress
-  - target:
-      kind: Ingress
-      name: phonebill-ingress
-    path: ingress-patch.yaml
-  
-  # API Gateway
-  - target:
-      kind: Deployment
-      name: api-gateway-deployment
-    path: deployment-api-gateway-patch.yaml
-  
-  # User Service
-  - target:
-      kind: Deployment
-      name: user-service-deployment
-    path: deployment-user-service-patch.yaml
-  - target:
+  - path: secret-user-service-patch.yaml
+    target:
      kind: Secret
      name: secret-user-service
-    path: secret-user-service-patch.yaml
-  
-  # Bill Service
-  - target:
-      kind: Deployment
-      name: bill-service-deployment
-    path: deployment-bill-service-patch.yaml
-  - target:
+  - path: secret-bill-service-patch.yaml
+    target:
      kind: Secret
      name: secret-bill-service
-    path: secret-bill-service-patch.yaml
-  
-  # Product Service
-  - target:
-      kind: Deployment
-      name: product-service-deployment
-    path: deployment-product-service-patch.yaml
-  - target:
+  - path: secret-product-service-patch.yaml
+    target:
      kind: Secret
      name: secret-product-service
-    path: secret-product-service-patch.yaml
-  
-  # KOS Mock
-  - target:
-      kind: Deployment
-      name: kos-mock-deployment
-    path: deployment-kos-mock-patch.yaml
+
+images:
+  - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
+    newTag: staging-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/user-service
+    newTag: staging-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
+    newTag: staging-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/product-service
+    newTag: staging-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
+    newTag: staging-latest
+
+commonLabels:
+  environment: staging
@@ -2,10 +2,8 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: secret-bill-service
+type: Opaque
 stringData:
-  DB_HOST: "bill-service-postgres-staging.phonebill-staging.svc.cluster.local"
-  DB_PORT: "5432"
-  DB_NAME: "bill_inquiry_db"
-  DB_USERNAME: "postgres"
-  DB_PASSWORD: "staging-bill-service-db-password"
-  KOS_MOCK_URL: "http://kos-mock-service.phonebill-staging.svc.cluster.local:8090"
+  # Bill Service DB 접속 정보 (스테이징 환경)
+  DB_PASSWORD: "billdb-staging-password"
+  DB_URL: "jdbc:postgresql://bill-inquiry-postgres-staging-postgresql:5432/bill_inquiry_db"
@@ -2,9 +2,12 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: secret-common
+type: Opaque
 stringData:
-  JWT_SECRET_KEY: "staging-my-very-secret-key-for-jwt-token-generation-and-validation-that-is-256-bits-long"
-  JWT_EXPIRATION_TIME: "3600"
-  REDIS_HOST: "phonebill-redis-staging.phonebill-staging.svc.cluster.local"
-  REDIS_PORT: "6379"
-  REDIS_PASSWORD: "staging-redis-password"
+  # Redis 설정 (스테이징 환경)
+  REDIS_PASSWORD: "staging-redis-password"
+  
+  # JWT Secret Key (스테이징 환경용)
+  JWT_SECRET: "staging-jwt-secret-key-for-phonebill-staging-environment"
+  
+  # 스테이징 환경용 공통 시크릿
@@ -2,10 +2,8 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: secret-product-service
+type: Opaque
 stringData:
-  DB_HOST: "product-service-postgres-staging.phonebill-staging.svc.cluster.local"
-  DB_PORT: "5432"
-  DB_NAME: "product_change_db"
-  DB_USERNAME: "postgres"
-  DB_PASSWORD: "staging-product-service-db-password"
-  KOS_MOCK_URL: "http://kos-mock-service.phonebill-staging.svc.cluster.local:8090"
+  # Product Service DB 접속 정보 (스테이징 환경)
+  DB_PASSWORD: "productdb-staging-password"
+  DB_URL: "jdbc:postgresql://product-change-postgres-staging-postgresql:5432/product_change_db"
@@ -2,9 +2,8 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: secret-user-service
+type: Opaque
 stringData:
-  DB_HOST: "user-service-postgres-staging.phonebill-staging.svc.cluster.local"
-  DB_PORT: "5432"
-  DB_NAME: "auth_db"
-  DB_USERNAME: "postgres"
-  DB_PASSWORD: "staging-user-service-db-password"
+  # User Service DB 접속 정보 (스테이징 환경)
+  DB_PASSWORD: "userdb-staging-password"
+  DB_URL: "jdbc:postgresql://user-auth-postgres-staging-postgresql:5432/user_auth_db"