Jenkins CI/CD 파이프라인 구축 완료

- Kustomize 기반 환경별 배포 구성 (dev/staging/prod) - Jenkins 파이프라인 with SonarQube 품질 게이트 - 파드 자동 정리 및 보안 강화 설정 - 환경별 차등 리소스 할당 및 도메인 설정 - 수동 배포 및 검증 스크립트 제공 - 5개 마이크로서비스 병렬 빌드/배포 지원 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-06-13 03:59:10 +00:00 · 2025-09-12 22:29:40 +09:00
parent d12d8c0838
commit 725635fadd
46 changed files with 969 additions and 921 deletions
@@ -2,11 +2,16 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: cm-common
-
 data:
-  CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill-dev.20.214.196.128.nip.io"
-  JWT_ACCESS_TOKEN_VALIDITY: "18000000"
-  JWT_REFRESH_TOKEN_VALIDITY: "86400000"
-  REDIS_PORT: "6379"
+  # 환경별 프로파일 설정
  SPRING_PROFILES_ACTIVE: "dev"
-  DDL_AUTO: "update"
+  
+  # 개발 환경 도메인 설정
+  CORS_ALLOWED_ORIGINS: "http://phonebill-api.20.214.196.128.nip.io"
+  
+  # 개발 환경 DDL 설정 (데이터 보존을 위해 update 사용)
+  DDL_AUTO: "update"
+  
+  # JWT 토큰 유효시간 (개발 환경은 긴 유효시간)
+  JWT_ACCESS_TOKEN_EXPIRATION: "3600000"
+  JWT_REFRESH_TOKEN_EXPIRATION: "86400000"
@@ -2,18 +2,16 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: api-gateway
-
 spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: api-gateway
-        image: acrdigitalgarage01.azurecr.io/phonebill/api-gateway:dev-latest
        resources:
          requests:
-            cpu: 256m
-            memory: 256Mi
+            memory: "256Mi"
+            cpu: "256m"
          limits:
-            cpu: 1024m
-            memory: 1024Mi
+            memory: "1024Mi"
+            cpu: "1024m"
@@ -2,18 +2,16 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: bill-service
-
 spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: bill-service
-        image: acrdigitalgarage01.azurecr.io/phonebill/bill-service:dev-latest
        resources:
          requests:
-            cpu: 256m
-            memory: 256Mi
+            memory: "256Mi"
+            cpu: "256m"
          limits:
-            cpu: 1024m
-            memory: 1024Mi
+            memory: "1024Mi"
+            cpu: "1024m"
@@ -2,18 +2,16 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: kos-mock
-
 spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: kos-mock
-        image: acrdigitalgarage01.azurecr.io/phonebill/kos-mock:dev-latest
        resources:
          requests:
-            cpu: 256m
-            memory: 256Mi
+            memory: "256Mi"
+            cpu: "256m"
          limits:
-            cpu: 1024m
-            memory: 1024Mi
+            memory: "1024Mi"
+            cpu: "1024m"
@@ -2,18 +2,16 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: product-service
-
 spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: product-service
-        image: acrdigitalgarage01.azurecr.io/phonebill/product-service:dev-latest
        resources:
          requests:
-            cpu: 256m
-            memory: 256Mi
+            memory: "256Mi"
+            cpu: "256m"
          limits:
-            cpu: 1024m
-            memory: 1024Mi
+            memory: "1024Mi"
+            cpu: "1024m"
@@ -2,18 +2,16 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: user-service
-
 spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: user-service
-        image: acrdigitalgarage01.azurecr.io/phonebill/user-service:dev-latest
        resources:
          requests:
-            cpu: 256m
-            memory: 256Mi
+            memory: "256Mi"
+            cpu: "256m"
          limits:
-            cpu: 1024m
-            memory: 1024Mi
+            memory: "1024Mi"
+            cpu: "1024m"
@@ -5,7 +5,6 @@ metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
-
 spec:
  ingressClassName: nginx
  rules:
@@ -1,46 +1,16 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

-metadata:
-  name: phonebill-dev
+namespace: phonebill-dev

 resources:
  - ../../base

-namespace: phonebill-dev
-
-labels:
-  - pairs:
-      env: dev
-
-images:
-  - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
-    newTag: dev-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/user-service
-    newTag: dev-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
-    newTag: dev-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/product-service
-    newTag: dev-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
-    newTag: dev-latest
-
 patches:
-  # Common patches
  - path: configmap-common-patch.yaml
    target:
      kind: ConfigMap
      name: cm-common
-  - path: secret-common-patch.yaml
-    target:
-      kind: Secret
-      name: secret-common
-  - path: ingress-patch.yaml
-    target:
-      kind: Ingress
-      name: phonebill
-  
-  # Deployment patches
  - path: deployment-api-gateway-patch.yaml
    target:
      kind: Deployment
@@ -61,8 +31,14 @@ patches:
    target:
      kind: Deployment
      name: kos-mock
-  
-  # Secret patches
+  - path: ingress-patch.yaml
+    target:
+      kind: Ingress
+      name: phonebill
+  - path: secret-common-patch.yaml
+    target:
+      kind: Secret
+      name: secret-common
  - path: secret-user-service-patch.yaml
    target:
      kind: Secret
@@ -74,4 +50,19 @@ patches:
  - path: secret-product-service-patch.yaml
    target:
      kind: Secret
-      name: secret-product-service
+      name: secret-product-service
+
+images:
+  - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
+    newTag: dev-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/user-service
+    newTag: dev-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
+    newTag: dev-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/product-service
+    newTag: dev-latest
+  - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
+    newTag: dev-latest
+
+commonLabels:
+  environment: dev
@@ -2,10 +2,8 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: secret-bill-service
-
 type: Opaque
 stringData:
-  DB_HOST: "bill-inquiry-postgres-dev-postgresql"
-  DB_NAME: "bill_inquiry_db"
-  DB_USERNAME: "bill_inquiry_user"
-  DB_PASSWORD: "BillUser2025!"
+  # Bill Service DB 접속 정보 (개발 환경)
+  DB_PASSWORD: "billdb-dev-password"
+  DB_URL: "jdbc:postgresql://bill-inquiry-postgres-dev-postgresql:5432/bill_inquiry_db"
@@ -2,9 +2,12 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: secret-common
-
 type: Opaque
 stringData:
-  JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
-  REDIS_HOST: "redis-cache-dev-master"
-  REDIS_PASSWORD: "Redis2025Dev!"
+  # Redis 설정 (개발 환경)
+  REDIS_PASSWORD: "dev-redis-password"
+  
+  # JWT Secret Key (개발 환경용)
+  JWT_SECRET: "dev-jwt-secret-key-for-phonebill-development"
+  
+  # 개발 환경용 공통 시크릿
@@ -2,10 +2,8 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: secret-product-service
-
 type: Opaque
 stringData:
-  DB_HOST: "product-change-postgres-dev-postgresql"
-  DB_NAME: "product_change_db"
-  DB_USERNAME: "product_change_user"
-  DB_PASSWORD: "ProductUser2025!"
+  # Product Service DB 접속 정보 (개발 환경)
+  DB_PASSWORD: "productdb-dev-password"
+  DB_URL: "jdbc:postgresql://product-change-postgres-dev-postgresql:5432/product_change_db"
@@ -2,10 +2,8 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: secret-user-service
-
 type: Opaque
 stringData:
-  DB_HOST: "auth-postgres-dev-postgresql"
-  DB_NAME: "phonebill_auth"
-  DB_USERNAME: "auth_user"
-  DB_PASSWORD: "AuthUser2025!"
+  # User Service DB 접속 정보 (개발 환경)
+  DB_PASSWORD: "userdb-dev-password"
+  DB_URL: "jdbc:postgresql://user-auth-postgres-dev-postgresql:5432/user_auth_db"