shared-dg05-unicorn/phonebill
1
0
Fork 0
mirror of https://github.com/cna-bootcamp/phonebill.git synced 2026-06-13 12:09:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Jenkins CI/CD 파이프라인 구축 완료

Browse Source 
- Kustomize 기반 환경별 배포 구성 (dev/staging/prod)
- Jenkins 파이프라인 with SonarQube 품질 게이트
- 파드 자동 정리 및 보안 강화 설정
- 환경별 차등 리소스 할당 및 도메인 설정
- 수동 배포 및 검증 스크립트 제공
- 5개 마이크로서비스 병렬 빌드/배포 지원

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
hiondal
2025-09-12 22:29:40 +09:00
parent d12d8c0838
commit 725635fadd
46 changed files with 969 additions and 921 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deployment/cicd/kustomize/overlays/prod/README.md
+72
View File
@@ -0,0 +1,72 @@
# Production Overlay Configuration
This directory contains the Kustomize overlay configuration for the production environment of the phonebill project.
## Configuration Overview
### Environment Details
- **Namespace**: `phonebill-prod`
- **Environment**: Production
- **Replicas**: 3 (for all services)
- **Domain**: `phonebill.yourdomain.com`
- **Image Tag**: `prod-latest`
- **SSL**: Enabled with HTTPS redirect
### Security Configuration
- **JWT Access Token**: 30분 (1800000ms) - 보안 강화를 위한 짧은 만료시간
- **JWT Refresh Token**: 12시간 (43200000ms)
- **DDL Auto**: `validate` - 프로덕션 안전성을 위한 스키마 검증 모드
- **SSL Redirect**: 강제 HTTPS 리디렉션
### Resource Allocation
All services are configured with:
- **Requests**: 1024m CPU, 1024Mi Memory
- **Limits**: 4096m CPU, 4096Mi Memory
### Health Checks
- **Liveness Probe**: 2분 초기 지연, 30초 간격
- **Readiness Probe**: 1분 초기 지연, 10초 간격
## Files Structure
```
prod/
├── kustomization.yaml # 메인 오버레이 설정
├── configmap-common-patch.yaml # 공통 설정 (프로덕션 프로파일)
├── secret-common-patch.yaml # 공통 시크릿 (JWT, Redis)
├── ingress-patch.yaml # HTTPS 인그레스 설정
├── deployment-api-gateway-patch.yaml # API Gateway 배포 설정
├── deployment-user-service-patch.yaml # 사용자 서비스 배포 설정
├── deployment-bill-service-patch.yaml # 요금조회 서비스 배포 설정
├── deployment-product-service-patch.yaml# 상품변경 서비스 배포 설정
├── deployment-kos-mock-patch.yaml # KOS Mock 배포 설정
├── secret-user-service-patch.yaml # 사용자 서비스 DB 연결정보
├── secret-bill-service-patch.yaml # 요금조회 서비스 DB 연결정보
└── secret-product-service-patch.yaml # 상품변경 서비스 DB 연결정보
```
## Deployment Command
```bash
# Apply production configuration
kubectl apply -k deployment/cicd/kustomize/overlays/prod/
# Validate configuration before applying
kubectl kustomize deployment/cicd/kustomize/overlays/prod/
```
## Important Notes
1. **Secret Values**: 모든 시크릿 값들은 실제 프로덕션 환경에 맞게 변경해야 합니다.
2. **Domain Configuration**: `phonebill.yourdomain.com`을 실제 도메인으로 변경하세요.
3. **Certificate**: SSL 인증서 설정을 위해 cert-manager가 구성되어 있어야 합니다.
4. **Database**: 각 서비스별 전용 데이터베이스 인스턴스가 필요합니다.
5. **Monitoring**: 프로덕션 환경에서는 모니터링 및 로깅 설정이 중요합니다.
## Database Services Required
프로덕션 환경에서는 다음 데이터베이스 서비스들이 필요합니다:
- `auth-postgres-prod-service` (사용자 서비스)
- `bill-inquiry-postgres-prod-service` (요금조회 서비스)
- `product-change-postgres-prod-service` (상품변경 서비스)
- `redis-prod-service` (공통 캐시)
deployment/cicd/kustomize/overlays/prod/configmap-common-patch.yaml
+10 -19
View File
@@ -1,28 +1,19 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: common-config
name: cm-common
namespace: phonebill-prod
data:
# Production Spring profiles
SPRING_PROFILES_ACTIVE: "prod"
# Production database settings
DDL_AUTO: "validate"
# Production logging level
LOGGING_LEVEL_ROOT: "INFO"
LOGGING_LEVEL_COM_PHONEBILL: "INFO"
# JWT 설정 - 프로덕션 보안 강화
JWT_ACCESS_EXPIRATION: "1800000" # 30분 (1800초)
JWT_REFRESH_EXPIRATION: "43200000" # 12시간 (43200초)
# Production security settings
SECURITY_CORS_ALLOWED_ORIGINS: "https://phonebill.production-domain.com"
# 로깅 설정
LOG_LEVEL_ROOT: "INFO"
LOG_LEVEL_COM_PHONEBILL: "INFO"
# JWT Token settings for production (shorter expiry for security)
JWT_EXPIRATION: "1800000" # 30 minutes
# Redis settings for production
REDIS_HOST: "redis-service.phonebill-prod.svc.cluster.local"
REDIS_PORT: "6379"
# Production specific configurations
MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE: "health,info,prometheus"
MANAGEMENT_ENDPOINT_HEALTH_SHOW_DETAILS: "when-authorized"
# 캐시 설정
CACHE_TTL: "3600" # 1시간
deployment/cicd/kustomize/overlays/prod/deployment-api-gateway-patch.yaml
+19 -9
View File
@@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
namespace: phonebill-prod
spec:
replicas: 3
template:
@@ -10,15 +11,24 @@ spec:
- name: api-gateway
resources:
requests:
cpu: "1024m"
memory: "1024Mi"
cpu: "1024m"
limits:
cpu: "4096m"
memory: "4096Mi"
env:
- name: SPRING_PROFILES_ACTIVE
value: "prod"
- name: SERVER_PORT
value: "8080"
- name: MANAGEMENT_SERVER_PORT
value: "8081"
cpu: "4096m"
livenessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 120
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
deployment/cicd/kustomize/overlays/prod/deployment-bill-service-patch.yaml
+19 -11
View File
@@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: bill-service
namespace: phonebill-prod
spec:
replicas: 3
template:
@@ -10,17 +11,24 @@ spec:
- name: bill-service
resources:
requests:
cpu: "1024m"
memory: "1024Mi"
cpu: "1024m"
limits:
cpu: "4096m"
memory: "4096Mi"
env:
- name: SPRING_PROFILES_ACTIVE
value: "prod"
- name: SERVER_PORT
value: "8080"
- name: MANAGEMENT_SERVER_PORT
value: "8081"
- name: SPRING_JPA_HIBERNATE_DDL_AUTO
value: "validate"
cpu: "4096m"
livenessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 120
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
deployment/cicd/kustomize/overlays/prod/deployment-kos-mock-patch.yaml
+19 -9
View File
@@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: kos-mock
namespace: phonebill-prod
spec:
replicas: 3
template:
@@ -10,15 +11,24 @@ spec:
- name: kos-mock
resources:
requests:
cpu: "1024m"
memory: "1024Mi"
cpu: "1024m"
limits:
cpu: "4096m"
memory: "4096Mi"
env:
- name: SPRING_PROFILES_ACTIVE
value: "prod"
- name: SERVER_PORT
value: "8080"
- name: MANAGEMENT_SERVER_PORT
value: "8081"
cpu: "4096m"
livenessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 120
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
deployment/cicd/kustomize/overlays/prod/deployment-product-service-patch.yaml
+19 -11
View File
@@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: product-service
namespace: phonebill-prod
spec:
replicas: 3
template:
@@ -10,17 +11,24 @@ spec:
- name: product-service
resources:
requests:
cpu: "1024m"
memory: "1024Mi"
cpu: "1024m"
limits:
cpu: "4096m"
memory: "4096Mi"
env:
- name: SPRING_PROFILES_ACTIVE
value: "prod"
- name: SERVER_PORT
value: "8080"
- name: MANAGEMENT_SERVER_PORT
value: "8081"
- name: SPRING_JPA_HIBERNATE_DDL_AUTO
value: "validate"
cpu: "4096m"
livenessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 120
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
deployment/cicd/kustomize/overlays/prod/deployment-user-service-patch.yaml
+19 -11
View File
@@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: user-service
namespace: phonebill-prod
spec:
replicas: 3
template:
@@ -10,17 +11,24 @@ spec:
- name: user-service
resources:
requests:
cpu: "1024m"
memory: "1024Mi"
cpu: "1024m"
limits:
cpu: "4096m"
memory: "4096Mi"
env:
- name: SPRING_PROFILES_ACTIVE
value: "prod"
- name: SERVER_PORT
value: "8080"
- name: MANAGEMENT_SERVER_PORT
value: "8081"
- name: SPRING_JPA_HIBERNATE_DDL_AUTO
value: "validate"
cpu: "4096m"
livenessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 120
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
deployment/cicd/kustomize/overlays/prod/ingress-patch.yaml
+8 -35
View File
@@ -1,53 +1,26 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: phonebill-ingress
name: phonebill
namespace: phonebill-prod
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
spec:
tls:
- hosts:
- phonebill.production-domain.com
- phonebill.yourdomain.com
secretName: phonebill-prod-tls
rules:
- host: phonebill.production-domain.com
- host: phonebill.yourdomain.com
http:
paths:
- path: /api/auth
pathType: Prefix
backend:
service:
name: user-service
port:
number: 8080
- path: /api/bills
pathType: Prefix
backend:
service:
name: bill-service
port:
number: 8080
- path: /api/products
pathType: Prefix
backend:
service:
name: product-service
port:
number: 8080
- path: /api/kos
pathType: Prefix
backend:
service:
name: kos-mock
port:
number: 8080
- path: /
pathType: Prefix
backend:
deployment/cicd/kustomize/overlays/prod/kustomization.yaml
+37 -47
View File
@@ -1,61 +1,16 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: phonebill-prod
namespace: phonebill-prod
resources:
- ../../base
commonLabels:
environment: prod
images:
- name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
newTag: prod-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/user-service
newTag: prod-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
newTag: prod-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/product-service
newTag: prod-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
newTag: prod-latest
patches:
# ConfigMap patches
- path: configmap-common-patch.yaml
target:
kind: ConfigMap
name: common-config
# Secret patches
- path: secret-common-patch.yaml
target:
kind: Secret
name: common-secret
- path: secret-user-service-patch.yaml
target:
kind: Secret
name: user-service-secret
- path: secret-bill-service-patch.yaml
target:
kind: Secret
name: bill-service-secret
- path: secret-product-service-patch.yaml
target:
kind: Secret
name: product-service-secret
# Ingress patches
- path: ingress-patch.yaml
target:
kind: Ingress
name: phonebill-ingress
# Deployment patches
name: cm-common
- path: deployment-api-gateway-patch.yaml
target:
kind: Deployment
@@ -75,4 +30,39 @@ patches:
- path: deployment-kos-mock-patch.yaml
target:
kind: Deployment
name: kos-mock
name: kos-mock
- path: ingress-patch.yaml
target:
kind: Ingress
name: phonebill
- path: secret-common-patch.yaml
target:
kind: Secret
name: secret-common
- path: secret-user-service-patch.yaml
target:
kind: Secret
name: secret-user-service
- path: secret-bill-service-patch.yaml
target:
kind: Secret
name: secret-bill-service
- path: secret-product-service-patch.yaml
target:
kind: Secret
name: secret-product-service
images:
- name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
newTag: prod-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/user-service
newTag: prod-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
newTag: prod-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/product-service
newTag: prod-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
newTag: prod-latest
commonLabels:
environment: prod
deployment/cicd/kustomize/overlays/prod/secret-bill-service-patch.yaml
+15 -6
View File
@@ -1,13 +1,22 @@
apiVersion: v1
kind: Secret
metadata:
name: bill-service-secret
name: secret-bill-service
namespace: phonebill-prod
type: Opaque
stringData:
# Database connection for bill service in production
DB_URL: "jdbc:postgresql://bill-service-postgres-prod.phonebill-prod.svc.cluster.local:5432/bill_inquiry_db"
# 요금조회 서비스 전용 데이터베이스 연결정보
DB_HOST: "bill-inquiry-postgres-prod-service"
DB_PORT: "5432"
DB_NAME: "bill_inquiry_db"
DB_USERNAME: "postgres"
DB_PASSWORD: "prod-bill-service-db-password-change-in-production"
DB_PASSWORD: "your-production-bill-db-password"
# Service-specific secrets for production
SERVICE_SECRET: "prod-bill-service-secret-change-in-production"
# 데이터베이스 연결 풀 설정 (프로덕션 최적화)
DB_MAX_POOL_SIZE: "20"
DB_MIN_IDLE: "5"
DB_CONNECTION_TIMEOUT: "30000"
# KOS 연동 설정
KOS_BASE_URL: "http://kos-mock:8080"
KOS_API_KEY: "your-production-kos-api-key"
deployment/cicd/kustomize/overlays/prod/secret-common-patch.yaml
+10 -13
View File
@@ -1,20 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
name: common-secret
name: secret-common
namespace: phonebill-prod
type: Opaque
stringData:
# JWT Secret Key for production (should be changed in real deployment)
JWT_SECRET: "prod-phonebill-jwt-secret-key-change-in-production-2024"
# JWT 설정
JWT_SECRET: "your-production-jwt-secret-key-here-must-be-very-secure"
# Redis password for production
REDIS_PASSWORD: "prod-redis-password-change-in-production"
# Redis 설정
REDIS_HOST: "redis-prod-service"
REDIS_PORT: "6379"
REDIS_PASSWORD: "your-production-redis-password"
# Database passwords for production
DB_PASSWORD: "prod-db-password-change-in-production"
# External API keys for production
EXTERNAL_API_KEY: "prod-external-api-key-change-in-production"
# Additional production secrets
ENCRYPTION_KEY: "prod-encryption-key-change-in-production-32chars"
# 암호화 설정
ENCRYPTION_KEY: "your-production-encryption-key-32-chars"
deployment/cicd/kustomize/overlays/prod/secret-product-service-patch.yaml
+15 -6
View File
@@ -1,13 +1,22 @@
apiVersion: v1
kind: Secret
metadata:
name: product-service-secret
name: secret-product-service
namespace: phonebill-prod
type: Opaque
stringData:
# Database connection for product service in production
DB_URL: "jdbc:postgresql://product-service-postgres-prod.phonebill-prod.svc.cluster.local:5432/product_change_db"
# 상품변경 서비스 전용 데이터베이스 연결정보
DB_HOST: "product-change-postgres-prod-service"
DB_PORT: "5432"
DB_NAME: "product_change_db"
DB_USERNAME: "postgres"
DB_PASSWORD: "prod-product-service-db-password-change-in-production"
DB_PASSWORD: "your-production-product-db-password"
# Service-specific secrets for production
SERVICE_SECRET: "prod-product-service-secret-change-in-production"
# 데이터베이스 연결 풀 설정 (프로덕션 최적화)
DB_MAX_POOL_SIZE: "20"
DB_MIN_IDLE: "5"
DB_CONNECTION_TIMEOUT: "30000"
# KOS 연동 설정
KOS_BASE_URL: "http://kos-mock:8080"
KOS_API_KEY: "your-production-kos-api-key"
deployment/cicd/kustomize/overlays/prod/secret-user-service-patch.yaml
+11 -6
View File
@@ -1,13 +1,18 @@
apiVersion: v1
kind: Secret
metadata:
name: user-service-secret
name: secret-user-service
namespace: phonebill-prod
type: Opaque
stringData:
# Database connection for user service in production
DB_URL: "jdbc:postgresql://user-service-postgres-prod.phonebill-prod.svc.cluster.local:5432/auth_db"
# 사용자 서비스 전용 데이터베이스 연결정보
DB_HOST: "auth-postgres-prod-service"
DB_PORT: "5432"
DB_NAME: "auth_db"
DB_USERNAME: "postgres"
DB_PASSWORD: "prod-user-service-db-password-change-in-production"
DB_PASSWORD: "your-production-auth-db-password"
# Service-specific secrets for production
SERVICE_SECRET: "prod-user-service-secret-change-in-production"
# 데이터베이스 연결 풀 설정 (프로덕션 최적화)
DB_MAX_POOL_SIZE: "20"
DB_MIN_IDLE: "5"
DB_CONNECTION_TIMEOUT: "30000"