From 744f33875ce4f0ea4e21730fa81fdabee6ae979a Mon Sep 17 00:00:00 2001 From: hiondal Date: Thu, 11 Sep 2025 11:15:41 +0900 Subject: [PATCH] =?UTF-8?q?user-service=20SecurityConfig=20=EC=88=98?= =?UTF-8?q?=EC=A0=95:=20Actuator=20endpoints=20ADMIN=20=EA=B6=8C=ED=95=9C?= =?UTF-8?q?=20=EC=9A=94=EA=B5=AC=20=EC=84=A4=EC=A0=95=20=EC=A0=9C=EA=B1=B0?= =?UTF-8?q?=ED=95=98=EC=97=AC=20Kubernetes=20probe=20=EC=B2=B4=ED=81=AC=20?= =?UTF-8?q?=EC=A0=95=EC=83=81=ED=99=94?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../phonebill/bill/config/SecurityConfig.java | 3 - .../k8s/api-gateway/cm-api-gateway.yaml | 11 + deployment/k8s/api-gateway/deployment.yaml | 58 ++++ deployment/k8s/api-gateway/service.yaml | 12 + .../k8s/bill-service/cm-bill-service.yaml | 23 ++ deployment/k8s/bill-service/deployment.yaml | 60 ++++ .../k8s/bill-service/secret-bill-service.yaml | 11 + deployment/k8s/bill-service/service.yaml | 12 + deployment/k8s/common/cm-common.yaml | 11 + deployment/k8s/common/ingress.yaml | 49 +++ deployment/k8s/common/secret-common.yaml | 10 + deployment/k8s/common/secret-imagepull.yaml | 17 + deployment/k8s/deploy-k8s-guide.md | 313 ++++++++++++++++++ deployment/k8s/kos-mock/cm-kos-mock.yaml | 7 + deployment/k8s/kos-mock/deployment.yaml | 58 ++++ deployment/k8s/kos-mock/service.yaml | 12 + .../product-service/cm-product-service.yaml | 14 + .../k8s/product-service/deployment.yaml | 60 ++++ .../secret-product-service.yaml | 12 + deployment/k8s/product-service/service.yaml | 12 + .../k8s/user-service/cm-user-service.yaml | 12 + deployment/k8s/user-service/deployment.yaml | 60 ++++ .../k8s/user-service/secret-user-service.yaml | 11 + deployment/k8s/user-service/service.yaml | 12 + .../product/config/SecurityConfig.java | 5 +- .../phonebill/user/config/SecurityConfig.java | 8 +- 26 files changed, 861 insertions(+), 12 deletions(-) create mode 100644 deployment/k8s/api-gateway/cm-api-gateway.yaml create mode 100644 deployment/k8s/api-gateway/deployment.yaml create mode 100644 deployment/k8s/api-gateway/service.yaml create mode 100644 deployment/k8s/bill-service/cm-bill-service.yaml create mode 100644 deployment/k8s/bill-service/deployment.yaml create mode 100644 deployment/k8s/bill-service/secret-bill-service.yaml create mode 100644 deployment/k8s/bill-service/service.yaml create mode 100644 deployment/k8s/common/cm-common.yaml create mode 100644 deployment/k8s/common/ingress.yaml create mode 100644 deployment/k8s/common/secret-common.yaml create mode 100644 deployment/k8s/common/secret-imagepull.yaml create mode 100644 deployment/k8s/deploy-k8s-guide.md create mode 100644 deployment/k8s/kos-mock/cm-kos-mock.yaml create mode 100644 deployment/k8s/kos-mock/deployment.yaml create mode 100644 deployment/k8s/kos-mock/service.yaml create mode 100644 deployment/k8s/product-service/cm-product-service.yaml create mode 100644 deployment/k8s/product-service/deployment.yaml create mode 100644 deployment/k8s/product-service/secret-product-service.yaml create mode 100644 deployment/k8s/product-service/service.yaml create mode 100644 deployment/k8s/user-service/cm-user-service.yaml create mode 100644 deployment/k8s/user-service/deployment.yaml create mode 100644 deployment/k8s/user-service/secret-user-service.yaml create mode 100644 deployment/k8s/user-service/service.yaml diff --git a/bill-service/src/main/java/com/phonebill/bill/config/SecurityConfig.java b/bill-service/src/main/java/com/phonebill/bill/config/SecurityConfig.java index ac1def2..198228f 100644 --- a/bill-service/src/main/java/com/phonebill/bill/config/SecurityConfig.java +++ b/bill-service/src/main/java/com/phonebill/bill/config/SecurityConfig.java @@ -88,9 +88,6 @@ public class SecurityConfig { // OPTIONS 요청은 모두 허용 (CORS Preflight) .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() - // Actuator endpoints (관리용) - .requestMatchers("/actuator/**").hasRole("ADMIN") - // 나머지 모든 요청 인증 필요 .anyRequest().authenticated() ) diff --git a/deployment/k8s/api-gateway/cm-api-gateway.yaml b/deployment/k8s/api-gateway/cm-api-gateway.yaml new file mode 100644 index 0000000..2feab2a --- /dev/null +++ b/deployment/k8s/api-gateway/cm-api-gateway.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cm-api-gateway + namespace: phonebill-dev +data: + SERVER_PORT: "8080" + BILL_SERVICE_URL: "http://bill-service" + PRODUCT_SERVICE_URL: "http://product-service" + USER_SERVICE_URL: "http://user-service" + KOS_MOCK_URL: "http://kos-mock" \ No newline at end of file diff --git a/deployment/k8s/api-gateway/deployment.yaml b/deployment/k8s/api-gateway/deployment.yaml new file mode 100644 index 0000000..05c6ec7 --- /dev/null +++ b/deployment/k8s/api-gateway/deployment.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api-gateway + namespace: phonebill-dev +spec: + replicas: 1 + selector: + matchLabels: + app: api-gateway + template: + metadata: + labels: + app: api-gateway + spec: + imagePullSecrets: + - name: phonebill + containers: + - name: api-gateway + image: acrdigitalgarage01.azurecr.io/phonebill/api-gateway:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + envFrom: + - configMapRef: + name: cm-common + - configMapRef: + name: cm-api-gateway + - secretRef: + name: secret-common + resources: + requests: + cpu: 256m + memory: 256Mi + limits: + cpu: 1024m + memory: 1024Mi + startupProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 3 + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 3 \ No newline at end of file diff --git a/deployment/k8s/api-gateway/service.yaml b/deployment/k8s/api-gateway/service.yaml new file mode 100644 index 0000000..dda5887 --- /dev/null +++ b/deployment/k8s/api-gateway/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: api-gateway + namespace: phonebill-dev +spec: + selector: + app: api-gateway + ports: + - port: 80 + targetPort: 8080 + type: ClusterIP \ No newline at end of file diff --git a/deployment/k8s/bill-service/cm-bill-service.yaml b/deployment/k8s/bill-service/cm-bill-service.yaml new file mode 100644 index 0000000..60072bd --- /dev/null +++ b/deployment/k8s/bill-service/cm-bill-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cm-bill-service + namespace: phonebill-dev +data: + SERVER_PORT: "8082" + DB_KIND: "postgresql" + DB_PORT: "5432" + DB_CONNECTION_TIMEOUT: "30000" + DB_IDLE_TIMEOUT: "600000" + DB_LEAK_DETECTION: "60000" + DB_MAX_LIFETIME: "1800000" + DB_MAX_POOL: "20" + DB_MIN_IDLE: "5" + KOS_BASE_URL: "http://kos-mock" + LOG_FILE_NAME: "logs/bill-service.log" + REDIS_DATABASE: "1" + REDIS_MAX_ACTIVE: "8" + REDIS_MAX_IDLE: "8" + REDIS_MAX_WAIT: "-1" + REDIS_MIN_IDLE: "0" + REDIS_TIMEOUT: "2000" \ No newline at end of file diff --git a/deployment/k8s/bill-service/deployment.yaml b/deployment/k8s/bill-service/deployment.yaml new file mode 100644 index 0000000..f63ff8c --- /dev/null +++ b/deployment/k8s/bill-service/deployment.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bill-service + namespace: phonebill-dev +spec: + replicas: 1 + selector: + matchLabels: + app: bill-service + template: + metadata: + labels: + app: bill-service + spec: + imagePullSecrets: + - name: phonebill + containers: + - name: bill-service + image: acrdigitalgarage01.azurecr.io/phonebill/bill-service:latest + imagePullPolicy: Always + ports: + - containerPort: 8082 + envFrom: + - configMapRef: + name: cm-common + - configMapRef: + name: cm-bill-service + - secretRef: + name: secret-common + - secretRef: + name: secret-bill-service + resources: + requests: + cpu: 256m + memory: 256Mi + limits: + cpu: 1024m + memory: 1024Mi + startupProbe: + httpGet: + path: /actuator/health + port: 8082 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: 8082 + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 3 + livenessProbe: + httpGet: + path: /actuator/health/liveness + port: 8082 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 3 \ No newline at end of file diff --git a/deployment/k8s/bill-service/secret-bill-service.yaml b/deployment/k8s/bill-service/secret-bill-service.yaml new file mode 100644 index 0000000..a6a503d --- /dev/null +++ b/deployment/k8s/bill-service/secret-bill-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: secret-bill-service + namespace: phonebill-dev +type: Opaque +stringData: + DB_HOST: "bill-inquiry-postgres-dev-postgresql" + DB_NAME: "bill_inquiry_db" + DB_USERNAME: "bill_inquiry_user" + DB_PASSWORD: "BillUser2025!" \ No newline at end of file diff --git a/deployment/k8s/bill-service/service.yaml b/deployment/k8s/bill-service/service.yaml new file mode 100644 index 0000000..7df0a93 --- /dev/null +++ b/deployment/k8s/bill-service/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: bill-service + namespace: phonebill-dev +spec: + selector: + app: bill-service + ports: + - port: 80 + targetPort: 8082 + type: ClusterIP \ No newline at end of file diff --git a/deployment/k8s/common/cm-common.yaml b/deployment/k8s/common/cm-common.yaml new file mode 100644 index 0000000..8656986 --- /dev/null +++ b/deployment/k8s/common/cm-common.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cm-common + namespace: phonebill-dev +data: + CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.20.214.196.128.nip.io" + JWT_ACCESS_TOKEN_VALIDITY: "18000000" + JWT_REFRESH_TOKEN_VALIDITY: "86400000" + REDIS_PORT: "6379" + SPRING_PROFILES_ACTIVE: "dev" \ No newline at end of file diff --git a/deployment/k8s/common/ingress.yaml b/deployment/k8s/common/ingress.yaml new file mode 100644 index 0000000..2986e68 --- /dev/null +++ b/deployment/k8s/common/ingress.yaml @@ -0,0 +1,49 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: phonebill + namespace: phonebill-dev + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "false" +spec: + ingressClassName: nginx + rules: + - host: phonebill-api.20.214.196.128.nip.io + http: + paths: + - path: /api/v1/auth + pathType: Prefix + backend: + service: + name: user-service + port: + number: 80 + - path: /api/v1/users + pathType: Prefix + backend: + service: + name: user-service + port: + number: 80 + - path: /api/v1/bills + pathType: Prefix + backend: + service: + name: bill-service + port: + number: 80 + - path: /api/v1/products + pathType: Prefix + backend: + service: + name: product-service + port: + number: 80 + - path: /api/v1/kos + pathType: Prefix + backend: + service: + name: kos-mock + port: + number: 80 \ No newline at end of file diff --git a/deployment/k8s/common/secret-common.yaml b/deployment/k8s/common/secret-common.yaml new file mode 100644 index 0000000..e98607e --- /dev/null +++ b/deployment/k8s/common/secret-common.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: secret-common + namespace: phonebill-dev +type: Opaque +stringData: + JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ==" + REDIS_HOST: "redis-cache-dev-master" + REDIS_PASSWORD: "Redis2025Dev!" \ No newline at end of file diff --git a/deployment/k8s/common/secret-imagepull.yaml b/deployment/k8s/common/secret-imagepull.yaml new file mode 100644 index 0000000..f9b5028 --- /dev/null +++ b/deployment/k8s/common/secret-imagepull.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + name: phonebill + namespace: phonebill-dev +type: kubernetes.io/dockerconfigjson +stringData: + .dockerconfigjson: | + { + "auths": { + "acrdigitalgarage01.azurecr.io": { + "username": "acrdigitalgarage01", + "password": "+OY+rmOagorjWvQe/tTk6oqvnZI8SmNbY/Y2o5EDcY+ACRDCDbYk", + "auth": "YWNyZGlnaXRhbGdhcmFnZTAxOitPWStybU9hZ29yald2UWUvdFRrNm9xdm5aSThTbU5iWS9ZMm81RURjWStBQ1JEQ0RiWWs=" + } + } + } \ No newline at end of file diff --git a/deployment/k8s/deploy-k8s-guide.md b/deployment/k8s/deploy-k8s-guide.md new file mode 100644 index 0000000..c239b18 --- /dev/null +++ b/deployment/k8s/deploy-k8s-guide.md @@ -0,0 +1,313 @@ +# 통신요금 관리 서비스 백엔드 Kubernetes 배포 가이드 + +## 📋 배포 개요 + +**시스템명**: phonebill +**네임스페이스**: phonebill-dev +**ACR명**: acrdigitalgarage01 +**k8s명**: aks-digitalgarage-01 +**파드수**: 1개 (각 서비스) +**리소스**: CPU 256m/1024m, 메모리 256Mi/1024Mi + +## 🎯 배포 대상 서비스 + +| 서비스명 | 포트 | 엔드포인트 | +|---------|------|-----------| +| api-gateway | 8080 | Gateway 및 라우팅 | +| user-service | 8081 | /api/v1/auth, /api/v1/users | +| bill-service | 8082 | /api/v1/bills | +| product-service | 8083 | /api/v1/products | +| kos-mock | 8084 | /api/v1/kos | + +## 📋 배포 전 검증 결과 + +### ✅ 검증 완료 항목 +- 객체이름 네이밍룰 준수 +- Secret에서 stringData 사용 +- JWT_SECRET 실행 프로파일 값 적용 +- Image 경로 올바른 형식 +- Service/Ingress 포트 매핑 일치 (80번) +- Controller @RequestMapping 기반 path 설정 +- 보안 환경변수 Secret 분리 +- REDIS_DATABASE 서비스별 구분 (0,1,2) +- envFrom 사용으로 환경변수 주입 +- 실행 프로파일 전체 환경변수 매핑 완료 + +### ✅ 배포 전 확인 완료 사항 +모든 환경 정보가 확인되어 매니페스트 파일에 반영 완료되었습니다: + +1. **✅ Ingress Controller External IP**: `20.214.196.128` +2. **✅ ACR 인증 정보**: `acrdigitalgarage01` / 실제 패스워드 적용 +3. **✅ Redis Service**: `redis-cache-dev-master` +4. **✅ Database Services**: + - User Service: `auth-postgres-dev-postgresql` + - Bill Service: `bill-inquiry-postgres-dev-postgresql` + - Product Service: `product-change-postgres-dev-postgresql` + +## 🔧 사전 확인 방법 + +### 1. Azure 로그인 상태 확인 +```bash +az account show +``` + +### 2. AKS Credential 확인 +```bash +kubectl cluster-info +``` + +### 3. 네임스페이스 존재 확인 +```bash +kubectl get ns phonebill-dev +``` + +### 4. Ingress Controller External IP 확인 ✅ +```bash +kubectl get svc ingress-nginx-controller -n ingress-nginx +``` +**확인 완료**: EXTERNAL-IP = `20.214.196.128` + +### 5. ACR 인증 정보 확인 ✅ +```bash +# USERNAME 확인 +USERNAME=$(az acr credential show -n acrdigitalgarage01 --query "username" -o tsv) +echo $USERNAME + +# PASSWORD 확인 +PASSWORD=$(az acr credential show -n acrdigitalgarage01 --query "passwords[0].value" -o tsv) +echo $PASSWORD +``` +**확인 완료**: USERNAME = `acrdigitalgarage01`, PASSWORD = 실제 값 적용 + +### 6. Redis Service 이름 확인 ✅ +```bash +kubectl get svc -n phonebill-dev | grep redis +``` +**확인 완료**: `redis-cache-dev-master` (ClusterIP) + +### 7. Database Service 이름 확인 ✅ +```bash +# 각 서비스별 DB 확인 +kubectl get svc -n phonebill-dev | grep auth +kubectl get svc -n phonebill-dev | grep bill +kubectl get svc -n phonebill-dev | grep product +``` +**확인 완료**: +- User Service: `auth-postgres-dev-postgresql` +- Bill Service: `bill-inquiry-postgres-dev-postgresql` +- Product Service: `product-change-postgres-dev-postgresql` + +## ✅ 매니페스트 업데이트 완료 + +모든 매니페스트 파일이 실제 환경 정보로 업데이트 완료되었습니다: + +### 1. ✅ Ingress External IP 적용 +`deployment/k8s/common/ingress.yaml`: +```yaml +host: phonebill-api.20.214.196.128.nip.io +``` + +### 2. ✅ CORS Origins 적용 +`deployment/k8s/common/cm-common.yaml`: +```yaml +CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.20.214.196.128.nip.io" +``` + +### 3. ✅ ACR 인증 정보 적용 +`deployment/k8s/common/secret-imagepull.yaml`: +```yaml +stringData: + .dockerconfigjson: | + { + "auths": { + "acrdigitalgarage01.azurecr.io": { + "username": "acrdigitalgarage01", + "password": "+OY+rmOagorjWvQe/tTk6oqvnZI8SmNbY/Y2o5EDcY+ACRDCDbYk", + "auth": "YWNyZGlnaXRhbGdhcmFnZTAxOitPWStybU9hZ29yald2UWUvdFRrNm9xdm5aSThTbU5iWS9ZMm81RURjWStBQ1JEQ0RiWWs=" + } + } + } +``` + +### 4. ✅ Redis Host 적용 +`deployment/k8s/common/secret-common.yaml`: +```yaml +REDIS_HOST: "redis-cache-dev-master" +``` + +### 5. ✅ Database Host 적용 + +**user-service**: `deployment/k8s/user-service/secret-user-service.yaml` +```yaml +DB_HOST: "auth-postgres-dev-postgresql" +``` + +**bill-service**: `deployment/k8s/bill-service/secret-bill-service.yaml` +```yaml +DB_HOST: "bill-inquiry-postgres-dev-postgresql" +``` + +**product-service**: `deployment/k8s/product-service/secret-product-service.yaml` +```yaml +DB_HOST: "product-change-postgres-dev-postgresql" +``` + +## 🚀 배포 실행 가이드 + +### 1. 공통 매니페스트 적용 +```bash +kubectl apply -f deployment/k8s/common/ +``` + +### 2. 서비스별 매니페스트 적용 +```bash +# 각 서비스 순차 적용 +kubectl apply -f deployment/k8s/api-gateway/ +kubectl apply -f deployment/k8s/user-service/ +kubectl apply -f deployment/k8s/bill-service/ +kubectl apply -f deployment/k8s/product-service/ +kubectl apply -f deployment/k8s/kos-mock/ +``` + +### 3. 배포 상태 확인 + +#### 전체 객체 확인 +```bash +kubectl get all -n phonebill-dev +``` + +#### Pod 상태 확인 +```bash +kubectl get pods -n phonebill-dev +``` + +#### Service 확인 +```bash +kubectl get svc -n phonebill-dev +``` + +#### Ingress 확인 +```bash +kubectl get ingress -n phonebill-dev +``` + +#### ConfigMap/Secret 확인 +```bash +kubectl get cm,secret -n phonebill-dev +``` + +### 4. 로그 확인 +```bash +# 특정 서비스 로그 확인 +kubectl logs -f deployment/user-service -n phonebill-dev +kubectl logs -f deployment/bill-service -n phonebill-dev +kubectl logs -f deployment/product-service -n phonebill-dev +kubectl logs -f deployment/api-gateway -n phonebill-dev +kubectl logs -f deployment/kos-mock -n phonebill-dev +``` + +### 5. Health Check 확인 +```bash +# 각 서비스 Health 상태 확인 (Pod 내부에서) +kubectl exec -n phonebill-dev deployment/user-service -- curl http://localhost:8081/actuator/health +kubectl exec -n phonebill-dev deployment/bill-service -- curl http://localhost:8082/actuator/health +kubectl exec -n phonebill-dev deployment/product-service -- curl http://localhost:8083/actuator/health +``` + +## 🔍 문제 해결 가이드 + +### Pod 시작 실패시 +```bash +# Pod 상세 정보 확인 +kubectl describe pod -n phonebill-dev + +# 이벤트 확인 +kubectl get events -n phonebill-dev --sort-by='.lastTimestamp' +``` + +### ConfigMap/Secret 변경시 +```bash +# 변경 후 Pod 재시작 +kubectl rollout restart deployment/ -n phonebill-dev +``` + +### 네트워크 연결 문제 +```bash +# Service DNS 해결 테스트 +kubectl exec -n phonebill-dev deployment/api-gateway -- nslookup user-service +``` + +## 📊 환경변수 매핑 테이블 + +| 서비스명 | 환경변수 | 지정 객체명 | 환경변수값 | +|---------|---------|-----------|-----------| +| api-gateway | SERVER_PORT | cm-api-gateway | 8080 | +| api-gateway | BILL_SERVICE_URL | cm-api-gateway | http://bill-service | +| api-gateway | PRODUCT_SERVICE_URL | cm-api-gateway | http://product-service | +| api-gateway | USER_SERVICE_URL | cm-api-gateway | http://user-service | +| api-gateway | KOS_MOCK_URL | cm-api-gateway | http://kos-mock | +| 공통 | CORS_ALLOWED_ORIGINS | cm-common | http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.{EXTERNAL_IP}.nip.io | +| 공통 | JWT_ACCESS_TOKEN_VALIDITY | cm-common | 18000000 | +| 공통 | JWT_REFRESH_TOKEN_VALIDITY | cm-common | 86400000 | +| 공통 | JWT_SECRET | secret-common | (base64 encoded JWT secret) | +| 공통 | REDIS_HOST | secret-common | (Redis 서비스명) | +| 공통 | REDIS_PASSWORD | secret-common | Redis2025Dev! | +| 공통 | REDIS_PORT | cm-common | 6379 | +| 공통 | SPRING_PROFILES_ACTIVE | cm-common | dev | +| user-service | SERVER_PORT | cm-user-service | 8081 | +| user-service | DB_KIND | cm-user-service | postgresql | +| user-service | DB_PORT | cm-user-service | 5432 | +| user-service | DDL_AUTO | cm-user-service | update | +| user-service | REDIS_DATABASE | cm-user-service | 0 | +| user-service | SHOW_SQL | cm-user-service | true | +| user-service | DB_HOST | secret-user-service | (Auth DB 서비스명) | +| user-service | DB_NAME | secret-user-service | phonebill_auth | +| user-service | DB_USERNAME | secret-user-service | auth_user | +| user-service | DB_PASSWORD | secret-user-service | AuthUser2025! | +| bill-service | SERVER_PORT | cm-bill-service | 8082 | +| bill-service | DB_KIND | cm-bill-service | postgresql | +| bill-service | DB_PORT | cm-bill-service | 5432 | +| bill-service | DB_CONNECTION_TIMEOUT | cm-bill-service | 30000 | +| bill-service | DB_IDLE_TIMEOUT | cm-bill-service | 600000 | +| bill-service | DB_LEAK_DETECTION | cm-bill-service | 60000 | +| bill-service | DB_MAX_LIFETIME | cm-bill-service | 1800000 | +| bill-service | DB_MAX_POOL | cm-bill-service | 20 | +| bill-service | DB_MIN_IDLE | cm-bill-service | 5 | +| bill-service | KOS_BASE_URL | cm-bill-service | http://kos-mock | +| bill-service | LOG_FILE_NAME | cm-bill-service | logs/bill-service.log | +| bill-service | REDIS_DATABASE | cm-bill-service | 1 | +| bill-service | REDIS_MAX_ACTIVE | cm-bill-service | 8 | +| bill-service | REDIS_MAX_IDLE | cm-bill-service | 8 | +| bill-service | REDIS_MAX_WAIT | cm-bill-service | -1 | +| bill-service | REDIS_MIN_IDLE | cm-bill-service | 0 | +| bill-service | REDIS_TIMEOUT | cm-bill-service | 2000 | +| bill-service | DB_HOST | secret-bill-service | (Bill DB 서비스명) | +| bill-service | DB_NAME | secret-bill-service | bill_inquiry_db | +| bill-service | DB_USERNAME | secret-bill-service | bill_inquiry_user | +| bill-service | DB_PASSWORD | secret-bill-service | BillUser2025! | +| product-service | SERVER_PORT | cm-product-service | 8083 | +| product-service | DB_KIND | cm-product-service | postgresql | +| product-service | DB_PORT | cm-product-service | 5432 | +| product-service | DDL_AUTO | cm-product-service | update | +| product-service | KOS_BASE_URL | cm-product-service | http://kos-mock | +| product-service | KOS_CLIENT_ID | cm-product-service | product-service-dev | +| product-service | KOS_MOCK_ENABLED | cm-product-service | true | +| product-service | REDIS_DATABASE | cm-product-service | 2 | +| product-service | DB_HOST | secret-product-service | (Product DB 서비스명) | +| product-service | DB_NAME | secret-product-service | product_change_db | +| product-service | DB_USERNAME | secret-product-service | product_change_user | +| product-service | DB_PASSWORD | secret-product-service | ProductUser2025! | +| product-service | KOS_API_KEY | secret-product-service | dev-api-key | +| kos-mock | SERVER_PORT | cm-kos-mock | 8084 | + +## 🎯 배포 완료 후 접근 URL + +- **API Gateway**: http://phonebill-api.20.214.196.128.nip.io +- **Swagger UI**: http://phonebill-api.20.214.196.128.nip.io/swagger-ui/index.html +- **사용자 인증**: http://phonebill-api.20.214.196.128.nip.io/api/v1/auth +- **요금 조회**: http://phonebill-api.20.214.196.128.nip.io/api/v1/bills +- **상품 변경**: http://phonebill-api.20.214.196.128.nip.io/api/v1/products + +--- + +**✅ 배포 준비 완료**: 모든 환경 정보가 확인되어 매니페스트 파일에 반영되었습니다. 이제 바로 배포를 진행할 수 있습니다. \ No newline at end of file diff --git a/deployment/k8s/kos-mock/cm-kos-mock.yaml b/deployment/k8s/kos-mock/cm-kos-mock.yaml new file mode 100644 index 0000000..8cd3571 --- /dev/null +++ b/deployment/k8s/kos-mock/cm-kos-mock.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cm-kos-mock + namespace: phonebill-dev +data: + SERVER_PORT: "8084" \ No newline at end of file diff --git a/deployment/k8s/kos-mock/deployment.yaml b/deployment/k8s/kos-mock/deployment.yaml new file mode 100644 index 0000000..c58ddb5 --- /dev/null +++ b/deployment/k8s/kos-mock/deployment.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kos-mock + namespace: phonebill-dev +spec: + replicas: 1 + selector: + matchLabels: + app: kos-mock + template: + metadata: + labels: + app: kos-mock + spec: + imagePullSecrets: + - name: phonebill + containers: + - name: kos-mock + image: acrdigitalgarage01.azurecr.io/phonebill/kos-mock:latest + imagePullPolicy: Always + ports: + - containerPort: 8084 + envFrom: + - configMapRef: + name: cm-common + - configMapRef: + name: cm-kos-mock + - secretRef: + name: secret-common + resources: + requests: + cpu: 256m + memory: 256Mi + limits: + cpu: 1024m + memory: 1024Mi + startupProbe: + httpGet: + path: /actuator/health + port: 8084 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: 8084 + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 3 + livenessProbe: + httpGet: + path: /actuator/health/liveness + port: 8084 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 3 \ No newline at end of file diff --git a/deployment/k8s/kos-mock/service.yaml b/deployment/k8s/kos-mock/service.yaml new file mode 100644 index 0000000..4c315b8 --- /dev/null +++ b/deployment/k8s/kos-mock/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: kos-mock + namespace: phonebill-dev +spec: + selector: + app: kos-mock + ports: + - port: 80 + targetPort: 8084 + type: ClusterIP \ No newline at end of file diff --git a/deployment/k8s/product-service/cm-product-service.yaml b/deployment/k8s/product-service/cm-product-service.yaml new file mode 100644 index 0000000..67d4026 --- /dev/null +++ b/deployment/k8s/product-service/cm-product-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cm-product-service + namespace: phonebill-dev +data: + SERVER_PORT: "8083" + DB_KIND: "postgresql" + DB_PORT: "5432" + DDL_AUTO: "update" + KOS_BASE_URL: "http://kos-mock" + KOS_CLIENT_ID: "product-service-dev" + KOS_MOCK_ENABLED: "true" + REDIS_DATABASE: "2" \ No newline at end of file diff --git a/deployment/k8s/product-service/deployment.yaml b/deployment/k8s/product-service/deployment.yaml new file mode 100644 index 0000000..581bff2 --- /dev/null +++ b/deployment/k8s/product-service/deployment.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: product-service + namespace: phonebill-dev +spec: + replicas: 1 + selector: + matchLabels: + app: product-service + template: + metadata: + labels: + app: product-service + spec: + imagePullSecrets: + - name: phonebill + containers: + - name: product-service + image: acrdigitalgarage01.azurecr.io/phonebill/product-service:latest + imagePullPolicy: Always + ports: + - containerPort: 8083 + envFrom: + - configMapRef: + name: cm-common + - configMapRef: + name: cm-product-service + - secretRef: + name: secret-common + - secretRef: + name: secret-product-service + resources: + requests: + cpu: 256m + memory: 256Mi + limits: + cpu: 1024m + memory: 1024Mi + startupProbe: + httpGet: + path: /actuator/health + port: 8083 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: 8083 + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 3 + livenessProbe: + httpGet: + path: /actuator/health/liveness + port: 8083 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 3 \ No newline at end of file diff --git a/deployment/k8s/product-service/secret-product-service.yaml b/deployment/k8s/product-service/secret-product-service.yaml new file mode 100644 index 0000000..9f30bd9 --- /dev/null +++ b/deployment/k8s/product-service/secret-product-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: secret-product-service + namespace: phonebill-dev +type: Opaque +stringData: + DB_HOST: "product-change-postgres-dev-postgresql" + DB_NAME: "product_change_db" + DB_USERNAME: "product_change_user" + DB_PASSWORD: "ProductUser2025!" + KOS_API_KEY: "dev-api-key" \ No newline at end of file diff --git a/deployment/k8s/product-service/service.yaml b/deployment/k8s/product-service/service.yaml new file mode 100644 index 0000000..7bb407f --- /dev/null +++ b/deployment/k8s/product-service/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: product-service + namespace: phonebill-dev +spec: + selector: + app: product-service + ports: + - port: 80 + targetPort: 8083 + type: ClusterIP \ No newline at end of file diff --git a/deployment/k8s/user-service/cm-user-service.yaml b/deployment/k8s/user-service/cm-user-service.yaml new file mode 100644 index 0000000..1b5d95f --- /dev/null +++ b/deployment/k8s/user-service/cm-user-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cm-user-service + namespace: phonebill-dev +data: + SERVER_PORT: "8081" + DB_KIND: "postgresql" + DB_PORT: "5432" + DDL_AUTO: "update" + REDIS_DATABASE: "0" + SHOW_SQL: "true" \ No newline at end of file diff --git a/deployment/k8s/user-service/deployment.yaml b/deployment/k8s/user-service/deployment.yaml new file mode 100644 index 0000000..77dd54a --- /dev/null +++ b/deployment/k8s/user-service/deployment.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: user-service + namespace: phonebill-dev +spec: + replicas: 1 + selector: + matchLabels: + app: user-service + template: + metadata: + labels: + app: user-service + spec: + imagePullSecrets: + - name: phonebill + containers: + - name: user-service + image: acrdigitalgarage01.azurecr.io/phonebill/user-service:latest + imagePullPolicy: Always + ports: + - containerPort: 8081 + envFrom: + - configMapRef: + name: cm-common + - configMapRef: + name: cm-user-service + - secretRef: + name: secret-common + - secretRef: + name: secret-user-service + resources: + requests: + cpu: 256m + memory: 256Mi + limits: + cpu: 1024m + memory: 1024Mi + startupProbe: + httpGet: + path: /actuator/health + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: 8081 + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 3 + livenessProbe: + httpGet: + path: /actuator/health/liveness + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 3 \ No newline at end of file diff --git a/deployment/k8s/user-service/secret-user-service.yaml b/deployment/k8s/user-service/secret-user-service.yaml new file mode 100644 index 0000000..5dbf7cb --- /dev/null +++ b/deployment/k8s/user-service/secret-user-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: secret-user-service + namespace: phonebill-dev +type: Opaque +stringData: + DB_HOST: "auth-postgres-dev-postgresql" + DB_NAME: "phonebill_auth" + DB_USERNAME: "auth_user" + DB_PASSWORD: "AuthUser2025!" \ No newline at end of file diff --git a/deployment/k8s/user-service/service.yaml b/deployment/k8s/user-service/service.yaml new file mode 100644 index 0000000..2a6bc8f --- /dev/null +++ b/deployment/k8s/user-service/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: user-service + namespace: phonebill-dev +spec: + selector: + app: user-service + ports: + - port: 80 + targetPort: 8081 + type: ClusterIP \ No newline at end of file diff --git a/product-service/src/main/java/com/unicorn/phonebill/product/config/SecurityConfig.java b/product-service/src/main/java/com/unicorn/phonebill/product/config/SecurityConfig.java index ff0618d..b279f0d 100644 --- a/product-service/src/main/java/com/unicorn/phonebill/product/config/SecurityConfig.java +++ b/product-service/src/main/java/com/unicorn/phonebill/product/config/SecurityConfig.java @@ -64,10 +64,7 @@ public class SecurityConfig { // Protected endpoints (인증 필요) .requestMatchers("/products/**").authenticated() - - // Actuator endpoints (관리용) - .requestMatchers("/actuator/**").hasRole("ADMIN") - + // 나머지 모든 요청 인증 필요 .anyRequest().authenticated() ) diff --git a/user-service/src/main/java/com/phonebill/user/config/SecurityConfig.java b/user-service/src/main/java/com/phonebill/user/config/SecurityConfig.java index 92985c0..1e4c0eb 100644 --- a/user-service/src/main/java/com/phonebill/user/config/SecurityConfig.java +++ b/user-service/src/main/java/com/phonebill/user/config/SecurityConfig.java @@ -59,15 +59,13 @@ public class SecurityConfig { "/swagger-ui/**", "/swagger-ui.html", "/swagger-resources/**", - "/webjars/**" + "/webjars/**", + "/actuator/**" ).permitAll() // Protected endpoints (인증 필요) .requestMatchers("/auth/**").authenticated() - - // Actuator endpoints (관리용) - .requestMatchers("/actuator/**").hasRole("ADMIN") - + // 나머지 모든 요청 인증 필요 .anyRequest().authenticated() )