shared-dg05-unicorn/phonebill
1
0
Fork 0
mirror of https://github.com/cna-bootcamp/phonebill.git synced 2025-12-05 23:56:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

user-service SecurityConfig 수정: Actuator endpoints ADMIN 권한 요구 설정 제거하여 Kubernetes probe 체크 정상화

Browse Source
This commit is contained in:
hiondal 2025-09-11 11:15:41 +09:00
parent 3e51992bc4
commit 744f33875c
26 changed files with 861 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bill-service/src/main/java/com/phonebill/bill/config/SecurityConfig.java
View File

@ -88,9 +88,6 @@ public class SecurityConfig {
// OPTIONS 요청은 모두 허용 (CORS Preflight)
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// Actuator endpoints (관리용)
.requestMatchers("/actuator/**").hasRole("ADMIN")
// 나머지 모든 요청 인증 필요
.anyRequest().authenticated()
)

11
deployment/k8s/api-gateway/cm-api-gateway.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-api-gateway
namespace: phonebill-dev
data:
SERVER_PORT: "8080"
BILL_SERVICE_URL: "http://bill-service"
PRODUCT_SERVICE_URL: "http://product-service"
USER_SERVICE_URL: "http://user-service"
KOS_MOCK_URL: "http://kos-mock"

58
deployment/k8s/api-gateway/deployment.yaml Normal file
View File

@ -0,0 +1,58 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
namespace: phonebill-dev
spec:
replicas: 1
selector:
matchLabels:
app: api-gateway
template:
metadata:
labels:
app: api-gateway
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: api-gateway
image: acrdigitalgarage01.azurecr.io/phonebill/api-gateway:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-api-gateway
- secretRef:
name: secret-common
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

12
deployment/k8s/api-gateway/service.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: api-gateway
namespace: phonebill-dev
spec:
selector:
app: api-gateway
ports:
- port: 80
targetPort: 8080
type: ClusterIP

23
deployment/k8s/bill-service/cm-bill-service.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-bill-service
namespace: phonebill-dev
data:
SERVER_PORT: "8082"
DB_KIND: "postgresql"
DB_PORT: "5432"
DB_CONNECTION_TIMEOUT: "30000"
DB_IDLE_TIMEOUT: "600000"
DB_LEAK_DETECTION: "60000"
DB_MAX_LIFETIME: "1800000"
DB_MAX_POOL: "20"
DB_MIN_IDLE: "5"
KOS_BASE_URL: "http://kos-mock"
LOG_FILE_NAME: "logs/bill-service.log"
REDIS_DATABASE: "1"
REDIS_MAX_ACTIVE: "8"
REDIS_MAX_IDLE: "8"
REDIS_MAX_WAIT: "-1"
REDIS_MIN_IDLE: "0"
REDIS_TIMEOUT: "2000"

60
deployment/k8s/bill-service/deployment.yaml Normal file
View File

@ -0,0 +1,60 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: bill-service
namespace: phonebill-dev
spec:
replicas: 1
selector:
matchLabels:
app: bill-service
template:
metadata:
labels:
app: bill-service
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: bill-service
image: acrdigitalgarage01.azurecr.io/phonebill/bill-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8082
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-bill-service
- secretRef:
name: secret-common
- secretRef:
name: secret-bill-service
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /actuator/health
port: 8082
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8082
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8082
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

11
deployment/k8s/bill-service/secret-bill-service.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-bill-service
namespace: phonebill-dev
type: Opaque
stringData:
DB_HOST: "bill-inquiry-postgres-dev-postgresql"
DB_NAME: "bill_inquiry_db"
DB_USERNAME: "bill_inquiry_user"
DB_PASSWORD: "BillUser2025!"

12
deployment/k8s/bill-service/service.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: bill-service
namespace: phonebill-dev
spec:
selector:
app: bill-service
ports:
- port: 80
targetPort: 8082
type: ClusterIP

11
deployment/k8s/common/cm-common.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-common
namespace: phonebill-dev
data:
CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.20.214.196.128.nip.io"
JWT_ACCESS_TOKEN_VALIDITY: "18000000"
JWT_REFRESH_TOKEN_VALIDITY: "86400000"
REDIS_PORT: "6379"
SPRING_PROFILES_ACTIVE: "dev"

49
deployment/k8s/common/ingress.yaml Normal file
View File

@ -0,0 +1,49 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: phonebill
namespace: phonebill-dev
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
ingressClassName: nginx
rules:
- host: phonebill-api.20.214.196.128.nip.io
http:
paths:
- path: /api/v1/auth
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/users
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/bills
pathType: Prefix
backend:
service:
name: bill-service
port:
number: 80
- path: /api/v1/products
pathType: Prefix
backend:
service:
name: product-service
port:
number: 80
- path: /api/v1/kos
pathType: Prefix
backend:
service:
name: kos-mock
port:
number: 80

10
deployment/k8s/common/secret-common.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-common
namespace: phonebill-dev
type: Opaque
stringData:
JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
REDIS_HOST: "redis-cache-dev-master"
REDIS_PASSWORD: "Redis2025Dev!"

17
deployment/k8s/common/secret-imagepull.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
name: phonebill
namespace: phonebill-dev
type: kubernetes.io/dockerconfigjson
stringData:
.dockerconfigjson: |
{
"auths": {
"acrdigitalgarage01.azurecr.io": {
"username": "acrdigitalgarage01",
"password": "+OY+rmOagorjWvQe/tTk6oqvnZI8SmNbY/Y2o5EDcY+ACRDCDbYk",
"auth": "YWNyZGlnaXRhbGdhcmFnZTAxOitPWStybU9hZ29yald2UWUvdFRrNm9xdm5aSThTbU5iWS9ZMm81RURjWStBQ1JEQ0RiWWs="
}
}
}

313
deployment/k8s/deploy-k8s-guide.md Normal file
View File

@ -0,0 +1,313 @@
# 통신요금 관리 서비스 백엔드 Kubernetes 배포 가이드
## 📋 배포 개요
**시스템명**: phonebill
**네임스페이스**: phonebill-dev
**ACR명**: acrdigitalgarage01
**k8s명**: aks-digitalgarage-01
**파드수**: 1개 (각 서비스)
**리소스**: CPU 256m/1024m, 메모리 256Mi/1024Mi
## 🎯 배포 대상 서비스
| 서비스명 | 포트 | 엔드포인트 |
|---------|------|-----------|
| api-gateway | 8080 | Gateway 및 라우팅 |
| user-service | 8081 | /api/v1/auth, /api/v1/users |
| bill-service | 8082 | /api/v1/bills |
| product-service | 8083 | /api/v1/products |
| kos-mock | 8084 | /api/v1/kos |
## 📋 배포 전 검증 결과
### ✅ 검증 완료 항목
- 객체이름 네이밍룰 준수
- Secret에서 stringData 사용
- JWT_SECRET 실행 프로파일 값 적용
- Image 경로 올바른 형식
- Service/Ingress 포트 매핑 일치 (80번)
- Controller @RequestMapping 기반 path 설정
- 보안 환경변수 Secret 분리
- REDIS_DATABASE 서비스별 구분 (0,1,2)
- envFrom 사용으로 환경변수 주입
- 실행 프로파일 전체 환경변수 매핑 완료
### ✅ 배포 전 확인 완료 사항
모든 환경 정보가 확인되어 매니페스트 파일에 반영 완료되었습니다:
1. **✅ Ingress Controller External IP**: `20.214.196.128`
2. **✅ ACR 인증 정보**: `acrdigitalgarage01` / 실제 패스워드 적용
3. **✅ Redis Service**: `redis-cache-dev-master`
4. **✅ Database Services**:
- User Service: `auth-postgres-dev-postgresql`
- Bill Service: `bill-inquiry-postgres-dev-postgresql`
- Product Service: `product-change-postgres-dev-postgresql`
## 🔧 사전 확인 방법
### 1. Azure 로그인 상태 확인
```bash
az account show
```
### 2. AKS Credential 확인
```bash
kubectl cluster-info
```
### 3. 네임스페이스 존재 확인
```bash
kubectl get ns phonebill-dev
```
### 4. Ingress Controller External IP 확인 ✅
```bash
kubectl get svc ingress-nginx-controller -n ingress-nginx
```
**확인 완료**: EXTERNAL-IP = `20.214.196.128`
### 5. ACR 인증 정보 확인 ✅
```bash
# USERNAME 확인
USERNAME=$(az acr credential show -n acrdigitalgarage01 --query "username" -o tsv)
echo $USERNAME
# PASSWORD 확인
PASSWORD=$(az acr credential show -n acrdigitalgarage01 --query "passwords[0].value" -o tsv)
echo $PASSWORD
```
**확인 완료**: USERNAME = `acrdigitalgarage01`, PASSWORD = 실제 값 적용
### 6. Redis Service 이름 확인 ✅
```bash
kubectl get svc -n phonebill-dev | grep redis
```
**확인 완료**: `redis-cache-dev-master` (ClusterIP)
### 7. Database Service 이름 확인 ✅
```bash
# 각 서비스별 DB 확인
kubectl get svc -n phonebill-dev | grep auth
kubectl get svc -n phonebill-dev | grep bill
kubectl get svc -n phonebill-dev | grep product
```
**확인 완료**:
- User Service: `auth-postgres-dev-postgresql`
- Bill Service: `bill-inquiry-postgres-dev-postgresql`
- Product Service: `product-change-postgres-dev-postgresql`
## ✅ 매니페스트 업데이트 완료
모든 매니페스트 파일이 실제 환경 정보로 업데이트 완료되었습니다:
### 1. ✅ Ingress External IP 적용
`deployment/k8s/common/ingress.yaml`:
```yaml
host: phonebill-api.20.214.196.128.nip.io
```
### 2. ✅ CORS Origins 적용
`deployment/k8s/common/cm-common.yaml`:
```yaml
CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.20.214.196.128.nip.io"
```
### 3. ✅ ACR 인증 정보 적용
`deployment/k8s/common/secret-imagepull.yaml`:
```yaml
stringData:
.dockerconfigjson: |
{
"auths": {
"acrdigitalgarage01.azurecr.io": {
"username": "acrdigitalgarage01",
"password": "+OY+rmOagorjWvQe/tTk6oqvnZI8SmNbY/Y2o5EDcY+ACRDCDbYk",
"auth": "YWNyZGlnaXRhbGdhcmFnZTAxOitPWStybU9hZ29yald2UWUvdFRrNm9xdm5aSThTbU5iWS9ZMm81RURjWStBQ1JEQ0RiWWs="
}
}
}
```
### 4. ✅ Redis Host 적용
`deployment/k8s/common/secret-common.yaml`:
```yaml
REDIS_HOST: "redis-cache-dev-master"
```
### 5. ✅ Database Host 적용
**user-service**: `deployment/k8s/user-service/secret-user-service.yaml`
```yaml
DB_HOST: "auth-postgres-dev-postgresql"
```
**bill-service**: `deployment/k8s/bill-service/secret-bill-service.yaml`
```yaml
DB_HOST: "bill-inquiry-postgres-dev-postgresql"
```
**product-service**: `deployment/k8s/product-service/secret-product-service.yaml`
```yaml
DB_HOST: "product-change-postgres-dev-postgresql"
```
## 🚀 배포 실행 가이드
### 1. 공통 매니페스트 적용
```bash
kubectl apply -f deployment/k8s/common/
```
### 2. 서비스별 매니페스트 적용
```bash
# 각 서비스 순차 적용
kubectl apply -f deployment/k8s/api-gateway/
kubectl apply -f deployment/k8s/user-service/
kubectl apply -f deployment/k8s/bill-service/
kubectl apply -f deployment/k8s/product-service/
kubectl apply -f deployment/k8s/kos-mock/
```
### 3. 배포 상태 확인
#### 전체 객체 확인
```bash
kubectl get all -n phonebill-dev
```
#### Pod 상태 확인
```bash
kubectl get pods -n phonebill-dev
```
#### Service 확인
```bash
kubectl get svc -n phonebill-dev
```
#### Ingress 확인
```bash
kubectl get ingress -n phonebill-dev
```
#### ConfigMap/Secret 확인
```bash
kubectl get cm,secret -n phonebill-dev
```
### 4. 로그 확인
```bash
# 특정 서비스 로그 확인
kubectl logs -f deployment/user-service -n phonebill-dev
kubectl logs -f deployment/bill-service -n phonebill-dev
kubectl logs -f deployment/product-service -n phonebill-dev
kubectl logs -f deployment/api-gateway -n phonebill-dev
kubectl logs -f deployment/kos-mock -n phonebill-dev
```
### 5. Health Check 확인
```bash
# 각 서비스 Health 상태 확인 (Pod 내부에서)
kubectl exec -n phonebill-dev deployment/user-service -- curl http://localhost:8081/actuator/health
kubectl exec -n phonebill-dev deployment/bill-service -- curl http://localhost:8082/actuator/health
kubectl exec -n phonebill-dev deployment/product-service -- curl http://localhost:8083/actuator/health
```
## 🔍 문제 해결 가이드
### Pod 시작 실패시
```bash
# Pod 상세 정보 확인
kubectl describe pod <POD_NAME> -n phonebill-dev
# 이벤트 확인
kubectl get events -n phonebill-dev --sort-by='.lastTimestamp'
```
### ConfigMap/Secret 변경시
```bash
# 변경 후 Pod 재시작
kubectl rollout restart deployment/<SERVICE_NAME> -n phonebill-dev
```
### 네트워크 연결 문제
```bash
# Service DNS 해결 테스트
kubectl exec -n phonebill-dev deployment/api-gateway -- nslookup user-service
```
## 📊 환경변수 매핑 테이블
| 서비스명 | 환경변수 | 지정 객체명 | 환경변수값 |
|---------|---------|-----------|-----------|
| api-gateway | SERVER_PORT | cm-api-gateway | 8080 |
| api-gateway | BILL_SERVICE_URL | cm-api-gateway | http://bill-service |
| api-gateway | PRODUCT_SERVICE_URL | cm-api-gateway | http://product-service |
| api-gateway | USER_SERVICE_URL | cm-api-gateway | http://user-service |
| api-gateway | KOS_MOCK_URL | cm-api-gateway | http://kos-mock |
| 공통 | CORS_ALLOWED_ORIGINS | cm-common | http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.{EXTERNAL_IP}.nip.io |
| 공통 | JWT_ACCESS_TOKEN_VALIDITY | cm-common | 18000000 |
| 공통 | JWT_REFRESH_TOKEN_VALIDITY | cm-common | 86400000 |
| 공통 | JWT_SECRET | secret-common | (base64 encoded JWT secret) |
| 공통 | REDIS_HOST | secret-common | (Redis 서비스명) |
| 공통 | REDIS_PASSWORD | secret-common | Redis2025Dev! |
| 공통 | REDIS_PORT | cm-common | 6379 |
| 공통 | SPRING_PROFILES_ACTIVE | cm-common | dev |
| user-service | SERVER_PORT | cm-user-service | 8081 |
| user-service | DB_KIND | cm-user-service | postgresql |
| user-service | DB_PORT | cm-user-service | 5432 |
| user-service | DDL_AUTO | cm-user-service | update |
| user-service | REDIS_DATABASE | cm-user-service | 0 |
| user-service | SHOW_SQL | cm-user-service | true |
| user-service | DB_HOST | secret-user-service | (Auth DB 서비스명) |
| user-service | DB_NAME | secret-user-service | phonebill_auth |
| user-service | DB_USERNAME | secret-user-service | auth_user |
| user-service | DB_PASSWORD | secret-user-service | AuthUser2025! |
| bill-service | SERVER_PORT | cm-bill-service | 8082 |
| bill-service | DB_KIND | cm-bill-service | postgresql |
| bill-service | DB_PORT | cm-bill-service | 5432 |
| bill-service | DB_CONNECTION_TIMEOUT | cm-bill-service | 30000 |
| bill-service | DB_IDLE_TIMEOUT | cm-bill-service | 600000 |
| bill-service | DB_LEAK_DETECTION | cm-bill-service | 60000 |
| bill-service | DB_MAX_LIFETIME | cm-bill-service | 1800000 |
| bill-service | DB_MAX_POOL | cm-bill-service | 20 |
| bill-service | DB_MIN_IDLE | cm-bill-service | 5 |
| bill-service | KOS_BASE_URL | cm-bill-service | http://kos-mock |
| bill-service | LOG_FILE_NAME | cm-bill-service | logs/bill-service.log |
| bill-service | REDIS_DATABASE | cm-bill-service | 1 |
| bill-service | REDIS_MAX_ACTIVE | cm-bill-service | 8 |
| bill-service | REDIS_MAX_IDLE | cm-bill-service | 8 |
| bill-service | REDIS_MAX_WAIT | cm-bill-service | -1 |
| bill-service | REDIS_MIN_IDLE | cm-bill-service | 0 |
| bill-service | REDIS_TIMEOUT | cm-bill-service | 2000 |
| bill-service | DB_HOST | secret-bill-service | (Bill DB 서비스명) |
| bill-service | DB_NAME | secret-bill-service | bill_inquiry_db |
| bill-service | DB_USERNAME | secret-bill-service | bill_inquiry_user |
| bill-service | DB_PASSWORD | secret-bill-service | BillUser2025! |
| product-service | SERVER_PORT | cm-product-service | 8083 |
| product-service | DB_KIND | cm-product-service | postgresql |
| product-service | DB_PORT | cm-product-service | 5432 |
| product-service | DDL_AUTO | cm-product-service | update |
| product-service | KOS_BASE_URL | cm-product-service | http://kos-mock |
| product-service | KOS_CLIENT_ID | cm-product-service | product-service-dev |
| product-service | KOS_MOCK_ENABLED | cm-product-service | true |
| product-service | REDIS_DATABASE | cm-product-service | 2 |
| product-service | DB_HOST | secret-product-service | (Product DB 서비스명) |
| product-service | DB_NAME | secret-product-service | product_change_db |
| product-service | DB_USERNAME | secret-product-service | product_change_user |
| product-service | DB_PASSWORD | secret-product-service | ProductUser2025! |
| product-service | KOS_API_KEY | secret-product-service | dev-api-key |
| kos-mock | SERVER_PORT | cm-kos-mock | 8084 |
## 🎯 배포 완료 후 접근 URL
- **API Gateway**: http://phonebill-api.20.214.196.128.nip.io
- **Swagger UI**: http://phonebill-api.20.214.196.128.nip.io/swagger-ui/index.html
- **사용자 인증**: http://phonebill-api.20.214.196.128.nip.io/api/v1/auth
- **요금 조회**: http://phonebill-api.20.214.196.128.nip.io/api/v1/bills
- **상품 변경**: http://phonebill-api.20.214.196.128.nip.io/api/v1/products
---
**✅ 배포 준비 완료**: 모든 환경 정보가 확인되어 매니페스트 파일에 반영되었습니다. 이제 바로 배포를 진행할 수 있습니다.

7
deployment/k8s/kos-mock/cm-kos-mock.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-kos-mock
namespace: phonebill-dev
data:
SERVER_PORT: "8084"

58
deployment/k8s/kos-mock/deployment.yaml Normal file
View File

@ -0,0 +1,58 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kos-mock
namespace: phonebill-dev
spec:
replicas: 1
selector:
matchLabels:
app: kos-mock
template:
metadata:
labels:
app: kos-mock
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: kos-mock
image: acrdigitalgarage01.azurecr.io/phonebill/kos-mock:latest
imagePullPolicy: Always
ports:
- containerPort: 8084
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-kos-mock
- secretRef:
name: secret-common
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /actuator/health
port: 8084
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8084
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8084
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

12
deployment/k8s/kos-mock/service.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: kos-mock
namespace: phonebill-dev
spec:
selector:
app: kos-mock
ports:
- port: 80
targetPort: 8084
type: ClusterIP

14
deployment/k8s/product-service/cm-product-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-product-service
namespace: phonebill-dev
data:
SERVER_PORT: "8083"
DB_KIND: "postgresql"
DB_PORT: "5432"
DDL_AUTO: "update"
KOS_BASE_URL: "http://kos-mock"
KOS_CLIENT_ID: "product-service-dev"
KOS_MOCK_ENABLED: "true"
REDIS_DATABASE: "2"

60
deployment/k8s/product-service/deployment.yaml Normal file
View File

@ -0,0 +1,60 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: product-service
namespace: phonebill-dev
spec:
replicas: 1
selector:
matchLabels:
app: product-service
template:
metadata:
labels:
app: product-service
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: product-service
image: acrdigitalgarage01.azurecr.io/phonebill/product-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8083
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-product-service
- secretRef:
name: secret-common
- secretRef:
name: secret-product-service
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /actuator/health
port: 8083
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8083
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8083
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

12
deployment/k8s/product-service/secret-product-service.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-product-service
namespace: phonebill-dev
type: Opaque
stringData:
DB_HOST: "product-change-postgres-dev-postgresql"
DB_NAME: "product_change_db"
DB_USERNAME: "product_change_user"
DB_PASSWORD: "ProductUser2025!"
KOS_API_KEY: "dev-api-key"

12
deployment/k8s/product-service/service.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: product-service
namespace: phonebill-dev
spec:
selector:
app: product-service
ports:
- port: 80
targetPort: 8083
type: ClusterIP

12
deployment/k8s/user-service/cm-user-service.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-user-service
namespace: phonebill-dev
data:
SERVER_PORT: "8081"
DB_KIND: "postgresql"
DB_PORT: "5432"
DDL_AUTO: "update"
REDIS_DATABASE: "0"
SHOW_SQL: "true"

60
deployment/k8s/user-service/deployment.yaml Normal file
View File

@ -0,0 +1,60 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-service
namespace: phonebill-dev
spec:
replicas: 1
selector:
matchLabels:
app: user-service
template:
metadata:
labels:
app: user-service
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: user-service
image: acrdigitalgarage01.azurecr.io/phonebill/user-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8081
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-user-service
- secretRef:
name: secret-common
- secretRef:
name: secret-user-service
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /actuator/health
port: 8081
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8081
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8081
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

11
deployment/k8s/user-service/secret-user-service.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-user-service
namespace: phonebill-dev
type: Opaque
stringData:
DB_HOST: "auth-postgres-dev-postgresql"
DB_NAME: "phonebill_auth"
DB_USERNAME: "auth_user"
DB_PASSWORD: "AuthUser2025!"

12
deployment/k8s/user-service/service.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: user-service
namespace: phonebill-dev
spec:
selector:
app: user-service
ports:
- port: 80
targetPort: 8081
type: ClusterIP

5
product-service/src/main/java/com/unicorn/phonebill/product/config/SecurityConfig.java
View File

@ -64,10 +64,7 @@ public class SecurityConfig {
// Protected endpoints (인증 필요)
.requestMatchers("/products/**").authenticated()
// Actuator endpoints (관리용)
.requestMatchers("/actuator/**").hasRole("ADMIN")
// 나머지 모든 요청 인증 필요
.anyRequest().authenticated()
)

8
user-service/src/main/java/com/phonebill/user/config/SecurityConfig.java
View File

@ -59,15 +59,13 @@ public class SecurityConfig {
"/swagger-ui/**",
"/swagger-ui.html",
"/swagger-resources/**",
"/webjars/**"
"/webjars/**",
"/actuator/**"
).permitAll()
// Protected endpoints (인증 필요)
.requestMatchers("/auth/**").authenticated()
// Actuator endpoints (관리용)
.requestMatchers("/actuator/**").hasRole("ADMIN")
// 나머지 모든 요청 인증 필요
.anyRequest().authenticated()
)