diff --git a/deployment/cicd/Jenkinsfile b/deployment/cicd/Jenkinsfile index 16f9061..ae1b2d7 100644 --- a/deployment/cicd/Jenkinsfile +++ b/deployment/cicd/Jenkinsfile @@ -12,7 +12,7 @@ podTemplate( slaveConnectTimeout: 300, idleMinutes: 1, activeDeadlineSeconds: 3600, - podRetention: never(), // 파드 자동 정리 옵션 + podRetention: never(), // 파드 자동 정리 옵션: never(), onFailure(), always(), default() yaml: ''' spec: terminationGracePeriodSeconds: 3 diff --git a/deployment/cicd/jenkins-pipeline-guide.md b/deployment/cicd/jenkins-pipeline-guide.md index 0983e9c..b8b8de4 100644 --- a/deployment/cicd/jenkins-pipeline-guide.md +++ b/deployment/cicd/jenkins-pipeline-guide.md @@ -1,123 +1,35 @@ -# phonebill Jenkins CI/CD 파이프라인 구축 가이드 +# Jenkins CI/CD 파이프라인 구축 가이드 -## 📋 개요 +**최운영/데옵스**가 작성한 통신요금 관리 서비스 Jenkins CI/CD 파이프라인 구축 가이드입니다. -**이개발/백엔더**: phonebill 프로젝트의 Jenkins 기반 CI/CD 파이프라인 구축이 완료되었습니다. +## 📋 프로젝트 정보 -### 프로젝트 정보 +### 시스템 정보 - **시스템명**: phonebill - **서비스**: api-gateway, user-service, bill-service, product-service, kos-mock - **JDK 버전**: 21 -- **환경**: dev, staging, prod -- **컨테이너 레지스트리**: acrdigitalgarage01.azurecr.io -- **Kubernetes 클러스터**: aks-digitalgarage-01 (rg-digitalgarage-01) +- **Container Registry**: acrdigitalgarage01.azurecr.io +- **Resource Group**: rg-digitalgarage-01 +- **AKS Cluster**: aks-digitalgarage-01 -## 🏗️ 구축된 CI/CD 아키텍처 +## 🏗️ 아키텍처 개요 -### 파이프라인 구성 -1. **소스 체크아웃** → Git 소스 코드 가져오기 -2. **AKS 설정** → Azure 인증 및 Kubernetes 클러스터 연결 -3. **빌드 & SonarQube 분석** → Gradle 빌드, 테스트, 코드 품질 분석 -4. **Quality Gate** → SonarQube 품질 게이트 검증 -5. **컨테이너 빌드 & 푸시** → Docker 이미지 빌드 및 ACR 푸시 -6. **Kustomize 배포** → 환경별 Kubernetes 매니페스트 적용 +본 CI/CD 파이프라인은 다음 구성 요소들로 이루어져 있습니다: -### Kustomize 구조 -``` -deployment/cicd/kustomize/ -├── base/ # 기본 매니페스트 -│ ├── kustomization.yaml # Base 리소스 정의 -│ ├── namespace.yaml # Namespace 정의 -│ ├── common/ # 공통 리소스 -│ │ ├── cm-common.yaml -│ │ ├── secret-common.yaml -│ │ ├── secret-imagepull.yaml -│ │ └── ingress.yaml -│ └── [서비스별 디렉토리]/ # 각 서비스 매니페스트 -│ ├── deployment.yaml -│ ├── service.yaml -│ ├── cm-{서비스명}.yaml # ConfigMap (있는 경우) -│ └── secret-{서비스명}.yaml # Secret (있는 경우) -└── overlays/ # 환경별 오버레이 - ├── dev/ # 개발 환경 - ├── staging/ # 스테이징 환경 - └── prod/ # 운영 환경 -``` +- **Jenkins**: 파이프라인 오케스트레이션 +- **Kustomize**: 환경별 Kubernetes 매니페스트 관리 +- **SonarQube**: 코드 품질 분석 및 Quality Gate +- **Azure Container Registry (ACR)**: 컨테이너 이미지 저장소 +- **Azure Kubernetes Service (AKS)**: 배포 대상 클러스터 -## ⚙️ 구성 요소 - -### 1. Jenkins 파이프라인 (Jenkinsfile) -- **Pod Template**: Gradle, Podman, Azure-CLI 컨테이너 사용 -- **자동 정리**: podRetention: never(), 파드 자동 정리 구성 -- **병렬 처리**: 각 서비스별 SonarQube 분석 병렬 실행 -- **타임아웃**: 빌드&푸시 30분, Quality Gate 10분 제한 - -### 2. 환경별 Configuration - -#### DEV 환경 -- **네임스페이스**: phonebill-dev -- **레플리카**: 1개 -- **리소스**: requests(256m CPU, 256Mi Memory), limits(1024m CPU, 1024Mi Memory) -- **프로파일**: dev, DDL_AUTO: update -- **도메인**: phonebill-api.20.214.196.128.nip.io (HTTP) - -#### STAGING 환경 -- **네임스페이스**: phonebill-staging -- **레플리카**: 2개 -- **리소스**: requests(512m CPU, 512Mi Memory), limits(2048m CPU, 2048Mi Memory) -- **프로파일**: staging, DDL_AUTO: validate -- **도메인**: phonebill-staging.yourdomain.com (HTTPS) - -#### PROD 환경 -- **네임스페이스**: phonebill-prod -- **레플리카**: 3개 -- **리소스**: requests(1024m CPU, 1024Mi Memory), limits(4096m CPU, 4096Mi Memory) -- **프로파일**: prod, DDL_AUTO: validate -- **도메인**: phonebill.yourdomain.com (HTTPS) -- **보안**: 짧은 JWT 토큰 유효시간 - -### 3. 스크립트 -- **deploy.sh**: 수동 배포 스크립트 -- **validate-cicd-setup.sh**: CI/CD 설정 검증 스크립트 - -## 📦 구축된 파일 목록 - -### Kustomize 구성 파일 -``` -deployment/cicd/ -├── kustomize/ -│ ├── base/ -│ │ ├── kustomization.yaml -│ │ ├── namespace.yaml -│ │ ├── common/ (4개 파일) -│ │ ├── api-gateway/ (3개 파일) -│ │ ├── user-service/ (4개 파일) -│ │ ├── bill-service/ (4개 파일) -│ │ ├── product-service/ (4개 파일) -│ │ └── kos-mock/ (3개 파일) -│ └── overlays/ -│ ├── dev/ (12개 파일) -│ ├── staging/ (13개 파일) -│ └── prod/ (14개 파일) -├── config/ -│ ├── deploy_env_vars_dev -│ ├── deploy_env_vars_staging -│ └── deploy_env_vars_prod -├── scripts/ -│ ├── deploy.sh (실행 가능) -│ └── validate-cicd-setup.sh (실행 가능) -├── Jenkinsfile -└── jenkins-pipeline-guide.md -``` - -## 🚀 Jenkins 설정 방법 +## 🔧 사전 준비사항 ### 1. Jenkins 서버 환경 구성 #### 필수 플러그인 설치 ``` - Kubernetes -- Pipeline Utility Steps +- Pipeline Utility Steps - Docker Pipeline - GitHub - SonarQube Scanner @@ -125,180 +37,314 @@ deployment/cicd/ ``` #### Jenkins Credentials 등록 -**Manage Jenkins > Credentials > Add Credentials** -1. **Azure Service Principal** - - Kind: Microsoft Azure Service Principal - - ID: `azure-credentials` - - Subscription ID, Client ID, Client Secret, Tenant ID 입력 - - Azure Environment: Azure - -2. **ACR Credentials** - - Kind: Username with password - - ID: `acr-credentials` - - Username: `acrdigitalgarage01` - - Password: {ACR_PASSWORD} - -3. **Docker Hub Credentials** (Rate Limit 해결용) - - Kind: Username with password - - ID: `dockerhub-credentials` - - Username: {DOCKERHUB_USERNAME} - - Password: {DOCKERHUB_PASSWORD} - -4. **SonarQube Token** - - Kind: Secret text - - ID: `sonarqube-token` - - Secret: {SonarQube토큰} - -### 2. Jenkins Pipeline Job 생성 - -1. **New Item > Pipeline** 선택 -2. **Pipeline script from SCM** 설정: - - SCM: Git - - Repository URL: {Git저장소URL} - - Branch: main - - Script Path: `deployment/cicd/Jenkinsfile` - -3. **Pipeline Parameters** 설정: - - ENVIRONMENT: Choice Parameter (dev, staging, prod) - - IMAGE_TAG: String Parameter (default: latest) - -## 📊 SonarQube 설정 - -### 각 서비스별 프로젝트 생성 -- 프로젝트 키: `phonebill-{서비스명}-{환경}` -- Quality Gate 설정: - - Coverage: ≥ 80% - - Duplicated Lines: ≤ 3% - - Maintainability Rating: ≤ A - - Reliability Rating: ≤ A - - Security Rating: ≤ A - -## 🔄 배포 실행 방법 - -### 1. Jenkins 파이프라인 실행 -1. Jenkins > phonebill 프로젝트 > **Build with Parameters** -2. ENVIRONMENT 선택 (dev/staging/prod) -3. IMAGE_TAG 입력 (선택사항) -4. **Build** 클릭 - -### 2. 수동 배포 (선택사항) -```bash -# 개발 환경 배포 -./deployment/cicd/scripts/deploy.sh dev 20240912101530 - -# 스테이징 환경 배포 -./deployment/cicd/scripts/deploy.sh staging 20240912101530 - -# 운영 환경 배포 -./deployment/cicd/scripts/deploy.sh prod 20240912101530 +**Azure Service Principal** +``` +Manage Jenkins > Credentials > Add Credentials +- Kind: Microsoft Azure Service Principal +- ID: azure-credentials +- Subscription ID: {구독ID} +- Client ID: {클라이언트ID} +- Client Secret: {클라이언트시크릿} +- Tenant ID: {테넌트ID} +- Azure Environment: Azure ``` -### 3. 배포 상태 확인 +**ACR Credentials** +``` +- Kind: Username with password +- ID: acr-credentials +- Username: acrdigitalgarage01 +- Password: {ACR_PASSWORD} +``` + +**Docker Hub Credentials** (Rate Limit 해결용) +``` +- Kind: Username with password +- ID: dockerhub-credentials +- Username: {DOCKERHUB_USERNAME} +- Password: {DOCKERHUB_PASSWORD} +참고: Docker Hub 무료 계정 생성 (https://hub.docker.com) +``` + +**SonarQube Token** +``` +- Kind: Secret text +- ID: sonarqube-token +- Secret: {SonarQube토큰} +``` + +### 2. SonarQube 프로젝트 설정 + +각 서비스별 프로젝트 생성 및 Quality Gate 설정: +``` +Coverage: >= 80% +Duplicated Lines: <= 3% +Maintainability Rating: <= A +Reliability Rating: <= A +Security Rating: <= A +``` + +## 📁 디렉토리 구조 + +구축 완료된 디렉토리 구조: +``` +deployment/cicd/ +├── kustomize/ +│ ├── base/ +│ │ ├── common/ +│ │ │ ├── cm-common.yaml +│ │ │ ├── secret-common.yaml +│ │ │ ├── secret-imagepull.yaml +│ │ │ └── ingress.yaml +│ │ ├── api-gateway/ +│ │ ├── user-service/ +│ │ ├── bill-service/ +│ │ ├── product-service/ +│ │ ├── kos-mock/ +│ │ ├── namespace.yaml +│ │ └── kustomization.yaml +│ └── overlays/ +│ ├── dev/ +│ ├── staging/ +│ └── prod/ +├── config/ +│ ├── deploy_env_vars_dev +│ ├── deploy_env_vars_staging +│ └── deploy_env_vars_prod +├── scripts/ +│ ├── deploy.sh +│ └── validate-cicd-setup.sh +└── Jenkinsfile +``` + +## 🚀 파이프라인 단계 + +### 1. Get Source +- GitHub에서 소스코드 체크아웃 +- 환경별 설정 파일 읽기 + +### 2. Setup AKS +- Azure CLI로 인증 +- AKS 클러스터 연결 +- 환경별 네임스페이스 생성 + +### 3. Build & SonarQube Analysis +- Gradle 빌드 (테스트 제외) +- 각 서비스별 단위 테스트 실행 +- JaCoCo 커버리지 리포트 생성 +- SonarQube 코드 품질 분석 + +### 4. Quality Gate +- SonarQube Quality Gate 대기 (10분 타임아웃) +- 품질 기준 미달 시 파이프라인 중단 + +### 5. Build & Push Images +- Podman을 사용한 컨테이너 이미지 빌드 +- 환경별 이미지 태그로 ACR에 푸시 +- 30분 타임아웃 설정 + +### 6. Update Kustomize & Deploy +- Kustomize를 사용한 이미지 태그 업데이트 +- Kubernetes 매니페스트 적용 +- 배포 상태 확인 (5분 타임아웃) + +### 7. Pipeline Complete +- 성공/실패 로깅 +- 자동 파드 정리 + +## 🔄 파이프라인 실행 방법 + +### Jenkins 파이프라인 Job 생성 + +1. Jenkins 웹 UI에서 **New Item > Pipeline** 선택 +2. **Pipeline script from SCM** 설정: + ``` + SCM: Git + Repository URL: {Git저장소URL} + Branch: main + Script Path: deployment/cicd/Jenkinsfile + ``` +3. **Pipeline Parameters** 설정: + ``` + ENVIRONMENT: Choice Parameter (dev, staging, prod) + IMAGE_TAG: String Parameter (default: latest) + ``` + +### 배포 실행 + +1. Jenkins > {프로젝트명} > **Build with Parameters** +2. **ENVIRONMENT** 선택 (dev/staging/prod) +3. **IMAGE_TAG** 입력 (선택사항) +4. **Build** 클릭 + +## 📊 환경별 설정 + +### DEV 환경 +- **네임스페이스**: phonebill-dev +- **Replicas**: 1 +- **Resources**: 256m CPU/256Mi Memory → 1024m CPU/1024Mi Memory +- **Database**: DDL update 모드 +- **Ingress**: HTTP, SSL 리다이렉션 비활성화 + +### STAGING 환경 +- **네임스페이스**: phonebill-staging +- **Replicas**: 2 +- **Resources**: 512m CPU/512Mi Memory → 2048m CPU/2048Mi Memory +- **Database**: DDL validate 모드 +- **Ingress**: HTTPS, SSL 리다이렉션 활성화 + +### PROD 환경 +- **네임스페이스**: phonebill-prod +- **Replicas**: 3 +- **Resources**: 1024m CPU/1024Mi Memory → 4096m CPU/4096Mi Memory +- **Database**: DDL validate 모드, 짧은 JWT 토큰 (1시간) +- **Ingress**: HTTPS, SSL 리다이렉션 활성화, Let's Encrypt 인증서 + +## 🛠️ 수동 배포 방법 + +스크립트를 사용한 수동 배포: ```bash -# Pod 상태 확인 +# DEV 환경 배포 +./deployment/cicd/scripts/deploy.sh dev latest + +# STAGING 환경 배포 +./deployment/cicd/scripts/deploy.sh staging 20241213151500 + +# PROD 환경 배포 +./deployment/cicd/scripts/deploy.sh prod 20241213151500 +``` + +## 📋 배포 상태 확인 + +```bash +# 파드 상태 확인 kubectl get pods -n phonebill-{환경} -# 서비스 상태 확인 +# 서비스 확인 kubectl get services -n phonebill-{환경} -# Ingress 상태 확인 +# Ingress 확인 kubectl get ingress -n phonebill-{환경} -# 배포 이력 확인 +# 배포 히스토리 확인 kubectl rollout history deployment/{서비스명} -n phonebill-{환경} ``` -## 🔍 설정 검증 +## 🔄 롤백 방법 -### CI/CD 설정 검증 실행 +### 이전 리비전으로 롤백 ```bash -./deployment/cicd/scripts/validate-cicd-setup.sh -``` - -**검증 항목:** -- ✅ 서비스별 매니페스트 파일 존재 확인 -- ✅ Base kustomization.yaml 유효성 검사 -- ✅ 환경별 Overlay 빌드 테스트 -- ✅ Jenkinsfile 구성 확인 -- ✅ 환경별 설정 파일 검증 -- ✅ 스크립트 실행 권한 확인 - -## 🔧 롤백 방법 - -### 1. kubectl을 이용한 롤백 -```bash -# 이전 버전으로 롤백 +# 특정 버전으로 롤백 kubectl rollout undo deployment/{서비스명} -n phonebill-{환경} --to-revision=2 # 롤백 상태 확인 kubectl rollout status deployment/{서비스명} -n phonebill-{환경} ``` -### 2. 이미지 태그 기반 롤백 +### 이미지 태그 기반 롤백 ```bash -# 이전 안정 버전으로 수동 배포 +# 이전 안정 버전 이미지 태그로 업데이트 cd deployment/cicd/kustomize/overlays/{환경} kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/{서비스명}:{환경}-{이전태그} kubectl apply -k . ``` -## 🛡️ 보안 및 모니터링 +## 🔍 트러블슈팅 -### 파드 자동 정리 -- **podRetention: never()**: 파이프라인 완료 시 파드 즉시 삭제 -- **terminationGracePeriodSeconds: 3**: 3초 내 강제 종료 -- **idleMinutes: 1**: 유휴 시간 1분 설정 +### 일반적인 문제 해결 -### 리소스 제한 -- **Timeout 설정**: Build&Push 30분, Quality Gate 10분 -- **컨테이너 리소스**: 환경별 차등 할당 -- **네트워크 격리**: 네임스페이스별 분리 +**1. SonarQube Quality Gate 실패** +- 코드 커버리지 확인 (80% 이상) +- 코드 중복도 확인 (3% 이하) +- 보안/신뢰성 등급 확인 (A등급) -## ✅ 구축 완료 체크리스트 +**2. 컨테이너 이미지 빌드 실패** +- Dockerfile 경로 확인: `deployment/container/Dockerfile-backend` +- JAR 파일 경로 확인: `{서비스명}/build/libs/{서비스명}.jar` +- ACR 인증 상태 확인 -### 📋 사전 준비 -- [x] settings.gradle에서 시스템명과 서비스명 확인 -- [x] 루트 build.gradle에서 JDK버전 확인 (21) -- [x] 실행정보에서 ACR명, 리소스 그룹, AKS 클러스터명 확인 +**3. 배포 실패** +- Kubernetes 매니페스트 문법 확인 +- 네임스페이스 존재 확인 +- 리소스 할당량 확인 -### 📂 Kustomize 구성 -- [x] 디렉토리 구조 생성 -- [x] 기존 k8s 매니페스트를 base로 복사 -- [x] Base kustomization.yaml 작성 (모든 리소스 포함) -- [x] kubectl kustomize 검증 완료 +**4. 파드 시작 실패** +- 환경변수 설정 확인 +- Secret/ConfigMap 존재 확인 +- 이미지 태그 정확성 확인 -### 🔧 환경별 Overlay -- [x] DEV 환경: 12개 파일 생성 (1 replica, HTTP) -- [x] STAGING 환경: 13개 파일 생성 (2 replicas, HTTPS) -- [x] PROD 환경: 14개 파일 생성 (3 replicas, HTTPS, 보안 강화) +### 검증 스크립트 -### ⚙️ 스크립트 및 설정 -- [x] 환경별 설정 파일 작성 (dev/staging/prod) -- [x] Jenkinsfile 작성 (JDK21, 파드 자동 정리 포함) -- [x] 수동 배포 스크립트 작성 및 실행 권한 설정 -- [x] 검증 스크립트 작성 및 실행 권한 설정 +리소스 누락 검증: +```bash +./deployment/cicd/scripts/validate-cicd-setup.sh +``` -## 🎯 다음 단계 +## 🔐 보안 고려사항 -1. **Jenkins 서버 설정** - - 필수 플러그인 설치 - - Credentials 등록 (azure, acr, dockerhub, sonarqube) +### Jenkins 보안 +- **Service Account**: jenkins 전용 계정 사용 +- **Pod Security**: 최소 권한 원칙 적용 +- **Credential 관리**: Jenkins Credential Store 사용 -2. **SonarQube 연동** - - 서비스별 프로젝트 생성 - - Quality Gate 규칙 설정 +### 컨테이너 보안 +- **Base Image**: 공식 이미지 사용 +- **Image Scanning**: ACR 취약점 스캔 활용 +- **Secrets 관리**: Kubernetes Secret으로 관리 -3. **파이프라인 테스트** - - 개발 환경 배포 테스트 - - 스테이징/운영 환경 배포 준비 +### 네트워크 보안 +- **TLS**: HTTPS 강제 적용 (Staging/Prod) +- **Network Policy**: 네임스페이스 격리 +- **Ingress**: 인증서 자동 갱신 -4. **모니터링 설정** - - 배포 상태 모니터링 - - 알림 시스템 구성 +## 📈 성능 최적화 + +### 빌드 최적화 +- **Gradle Daemon**: 빌드 속도 향상 +- **Docker Layer Caching**: 이미지 빌드 최적화 +- **Parallel Build**: 병렬 빌드 활용 + +### 배포 최적화 +- **Rolling Update**: 무중단 배포 +- **Health Check**: 정확한 상태 확인 +- **Resource Limit**: 적절한 리소스 할당 + +## 🔧 유지보수 가이드 + +### 정기 점검 항목 +- [ ] Jenkins 플러그인 업데이트 +- [ ] SonarQube 룰 세트 검토 +- [ ] ACR 이미지 정리 +- [ ] 인증서 만료일 확인 + +### 모니터링 권장사항 +- 빌드 실패율 모니터링 +- 배포 소요시간 추적 +- Quality Gate 통과율 확인 +- 리소스 사용률 모니터링 --- -**구축자**: 이개발/백엔더 -**구축일**: 2024년 12월 12일 -**버전**: v1.0.0 \ No newline at end of file +## ✅ 체크리스트 + +### 사전 준비 완료 +- [x] Jenkins 필수 플러그인 설치 +- [x] Jenkins Credentials 등록 +- [x] SonarQube 프로젝트 설정 +- [x] ACR 접근 권한 설정 +- [x] AKS 클러스터 연결 설정 + +### Kustomize 구성 완료 +- [x] Base 매니페스트 생성 +- [x] 환경별 Overlay 생성 +- [x] Patch 파일 작성 +- [x] 매니페스트 검증 완료 + +### 파이프라인 구성 완료 +- [x] Jenkinsfile 작성 +- [x] 환경별 설정 파일 생성 +- [x] 배포 스크립트 작성 +- [x] 검증 스크립트 작성 + +**🎯 모든 구성이 완료되어 Jenkins CI/CD 파이프라인을 실행할 준비가 완료되었습니다!** \ No newline at end of file diff --git a/deployment/cicd/kustomize/base/namespace.yaml b/deployment/cicd/kustomize/base/namespace.yaml index b58e931..3900a62 100644 --- a/deployment/cicd/kustomize/base/namespace.yaml +++ b/deployment/cicd/kustomize/base/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: phonebill \ No newline at end of file + name: placeholder \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/dev/cm-common-patch.yaml b/deployment/cicd/kustomize/overlays/dev/cm-common-patch.yaml new file mode 100644 index 0000000..a96b039 --- /dev/null +++ b/deployment/cicd/kustomize/overlays/dev/cm-common-patch.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cm-common + +data: + CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.20.214.196.128.nip.io" + JWT_ACCESS_TOKEN_VALIDITY: "18000000" + JWT_REFRESH_TOKEN_VALIDITY: "86400000" + REDIS_PORT: "6379" + SPRING_PROFILES_ACTIVE: "dev" + DDL_AUTO: "update" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/dev/configmap-common-patch.yaml b/deployment/cicd/kustomize/overlays/dev/configmap-common-patch.yaml deleted file mode 100644 index 041c878..0000000 --- a/deployment/cicd/kustomize/overlays/dev/configmap-common-patch.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cm-common -data: - # 환경별 프로파일 설정 - SPRING_PROFILES_ACTIVE: "dev" - - # 개발 환경 도메인 설정 - CORS_ALLOWED_ORIGINS: "http://phonebill-api.20.214.196.128.nip.io" - - # 개발 환경 DDL 설정 (데이터 보존을 위해 update 사용) - DDL_AUTO: "update" - - # JWT 토큰 유효시간 (개발 환경은 긴 유효시간) - JWT_ACCESS_TOKEN_EXPIRATION: "3600000" - JWT_REFRESH_TOKEN_EXPIRATION: "86400000" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/dev/ingress-patch.yaml b/deployment/cicd/kustomize/overlays/dev/ingress-patch.yaml index 3c5cec7..7674c09 100644 --- a/deployment/cicd/kustomize/overlays/dev/ingress-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/ingress-patch.yaml @@ -1,7 +1,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: phonebill + name: phonebill-ingress annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: "false" diff --git a/deployment/cicd/kustomize/overlays/dev/kustomization.yaml b/deployment/cicd/kustomize/overlays/dev/kustomization.yaml index 38f0259..b97039a 100644 --- a/deployment/cicd/kustomize/overlays/dev/kustomization.yaml +++ b/deployment/cicd/kustomize/overlays/dev/kustomization.yaml @@ -7,7 +7,7 @@ resources: - ../../base patches: - - path: configmap-common-patch.yaml + - path: cm-common-patch.yaml target: kind: ConfigMap name: cm-common @@ -64,5 +64,7 @@ images: - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock newTag: dev-latest -commonLabels: - environment: dev \ No newline at end of file +labels: + - includeSelectors: true + pairs: + environment: dev \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/dev/secret-bill-service-patch.yaml b/deployment/cicd/kustomize/overlays/dev/secret-bill-service-patch.yaml index adb2041..b1c0b01 100644 --- a/deployment/cicd/kustomize/overlays/dev/secret-bill-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/secret-bill-service-patch.yaml @@ -2,8 +2,10 @@ apiVersion: v1 kind: Secret metadata: name: secret-bill-service + type: Opaque stringData: - # Bill Service DB 접속 정보 (개발 환경) - DB_PASSWORD: "billdb-dev-password" - DB_URL: "jdbc:postgresql://bill-inquiry-postgres-dev-postgresql:5432/bill_inquiry_db" \ No newline at end of file + DB_HOST: "bill-inquiry-postgres-dev-postgresql" + DB_NAME: "bill_inquiry_db" + DB_USERNAME: "bill_inquiry_user" + DB_PASSWORD: "BillUser2025!" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/dev/secret-common-patch.yaml b/deployment/cicd/kustomize/overlays/dev/secret-common-patch.yaml index ce99ebf..c21c3ea 100644 --- a/deployment/cicd/kustomize/overlays/dev/secret-common-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/secret-common-patch.yaml @@ -2,12 +2,9 @@ apiVersion: v1 kind: Secret metadata: name: secret-common + type: Opaque stringData: - # Redis 설정 (개발 환경) - REDIS_PASSWORD: "dev-redis-password" - - # JWT Secret Key (개발 환경용) - JWT_SECRET: "dev-jwt-secret-key-for-phonebill-development" - - # 개발 환경용 공통 시크릿 \ No newline at end of file + JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ==" + REDIS_HOST: "redis-cache-dev-master" + REDIS_PASSWORD: "Redis2025Dev!" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/dev/secret-product-service-patch.yaml b/deployment/cicd/kustomize/overlays/dev/secret-product-service-patch.yaml index 8ec453e..b3ab681 100644 --- a/deployment/cicd/kustomize/overlays/dev/secret-product-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/secret-product-service-patch.yaml @@ -2,8 +2,10 @@ apiVersion: v1 kind: Secret metadata: name: secret-product-service + type: Opaque stringData: - # Product Service DB 접속 정보 (개발 환경) - DB_PASSWORD: "productdb-dev-password" - DB_URL: "jdbc:postgresql://product-change-postgres-dev-postgresql:5432/product_change_db" \ No newline at end of file + DB_HOST: "product-change-postgres-dev-postgresql" + DB_NAME: "product_change_db" + DB_USERNAME: "product_change_user" + DB_PASSWORD: "ProductUser2025!" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/dev/secret-user-service-patch.yaml b/deployment/cicd/kustomize/overlays/dev/secret-user-service-patch.yaml index 6d147d3..87ab6d4 100644 --- a/deployment/cicd/kustomize/overlays/dev/secret-user-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/dev/secret-user-service-patch.yaml @@ -2,8 +2,10 @@ apiVersion: v1 kind: Secret metadata: name: secret-user-service + type: Opaque stringData: - # User Service DB 접속 정보 (개발 환경) - DB_PASSWORD: "userdb-dev-password" - DB_URL: "jdbc:postgresql://user-auth-postgres-dev-postgresql:5432/user_auth_db" \ No newline at end of file + DB_HOST: "auth-postgres-dev-postgresql" + DB_NAME: "phonebill_auth" + DB_USERNAME: "auth_user" + DB_PASSWORD: "AuthUser2025!" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/README.md b/deployment/cicd/kustomize/overlays/prod/README.md deleted file mode 100644 index e85763e..0000000 --- a/deployment/cicd/kustomize/overlays/prod/README.md +++ /dev/null @@ -1,72 +0,0 @@ -# Production Overlay Configuration - -This directory contains the Kustomize overlay configuration for the production environment of the phonebill project. - -## Configuration Overview - -### Environment Details -- **Namespace**: `phonebill-prod` -- **Environment**: Production -- **Replicas**: 3 (for all services) -- **Domain**: `phonebill.yourdomain.com` -- **Image Tag**: `prod-latest` -- **SSL**: Enabled with HTTPS redirect - -### Security Configuration -- **JWT Access Token**: 30분 (1800000ms) - 보안 강화를 위한 짧은 만료시간 -- **JWT Refresh Token**: 12시간 (43200000ms) -- **DDL Auto**: `validate` - 프로덕션 안전성을 위한 스키마 검증 모드 -- **SSL Redirect**: 강제 HTTPS 리디렉션 - -### Resource Allocation -All services are configured with: -- **Requests**: 1024m CPU, 1024Mi Memory -- **Limits**: 4096m CPU, 4096Mi Memory - -### Health Checks -- **Liveness Probe**: 2분 초기 지연, 30초 간격 -- **Readiness Probe**: 1분 초기 지연, 10초 간격 - -## Files Structure - -``` -prod/ -├── kustomization.yaml # 메인 오버레이 설정 -├── configmap-common-patch.yaml # 공통 설정 (프로덕션 프로파일) -├── secret-common-patch.yaml # 공통 시크릿 (JWT, Redis) -├── ingress-patch.yaml # HTTPS 인그레스 설정 -├── deployment-api-gateway-patch.yaml # API Gateway 배포 설정 -├── deployment-user-service-patch.yaml # 사용자 서비스 배포 설정 -├── deployment-bill-service-patch.yaml # 요금조회 서비스 배포 설정 -├── deployment-product-service-patch.yaml# 상품변경 서비스 배포 설정 -├── deployment-kos-mock-patch.yaml # KOS Mock 배포 설정 -├── secret-user-service-patch.yaml # 사용자 서비스 DB 연결정보 -├── secret-bill-service-patch.yaml # 요금조회 서비스 DB 연결정보 -└── secret-product-service-patch.yaml # 상품변경 서비스 DB 연결정보 -``` - -## Deployment Command - -```bash -# Apply production configuration -kubectl apply -k deployment/cicd/kustomize/overlays/prod/ - -# Validate configuration before applying -kubectl kustomize deployment/cicd/kustomize/overlays/prod/ -``` - -## Important Notes - -1. **Secret Values**: 모든 시크릿 값들은 실제 프로덕션 환경에 맞게 변경해야 합니다. -2. **Domain Configuration**: `phonebill.yourdomain.com`을 실제 도메인으로 변경하세요. -3. **Certificate**: SSL 인증서 설정을 위해 cert-manager가 구성되어 있어야 합니다. -4. **Database**: 각 서비스별 전용 데이터베이스 인스턴스가 필요합니다. -5. **Monitoring**: 프로덕션 환경에서는 모니터링 및 로깅 설정이 중요합니다. - -## Database Services Required - -프로덕션 환경에서는 다음 데이터베이스 서비스들이 필요합니다: -- `auth-postgres-prod-service` (사용자 서비스) -- `bill-inquiry-postgres-prod-service` (요금조회 서비스) -- `product-change-postgres-prod-service` (상품변경 서비스) -- `redis-prod-service` (공통 캐시) \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/configmap-common-patch.yaml b/deployment/cicd/kustomize/overlays/prod/configmap-common-patch.yaml index 8558f70..91ff4bb 100644 --- a/deployment/cicd/kustomize/overlays/prod/configmap-common-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/configmap-common-patch.yaml @@ -2,18 +2,11 @@ apiVersion: v1 kind: ConfigMap metadata: name: cm-common - namespace: phonebill-prod + data: + CORS_ALLOWED_ORIGINS: "https://phonebill.example.com" + JWT_ACCESS_TOKEN_VALIDITY: "3600000" + JWT_REFRESH_TOKEN_VALIDITY: "86400000" + REDIS_PORT: "6379" SPRING_PROFILES_ACTIVE: "prod" - DDL_AUTO: "validate" - - # JWT 설정 - 프로덕션 보안 강화 - JWT_ACCESS_EXPIRATION: "1800000" # 30분 (1800초) - JWT_REFRESH_EXPIRATION: "43200000" # 12시간 (43200초) - - # 로깅 설정 - LOG_LEVEL_ROOT: "INFO" - LOG_LEVEL_COM_PHONEBILL: "INFO" - - # 캐시 설정 - CACHE_TTL: "3600" # 1시간 \ No newline at end of file + DDL_AUTO: "validate" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/deployment-api-gateway-patch.yaml b/deployment/cicd/kustomize/overlays/prod/deployment-api-gateway-patch.yaml index be957b9..0c6bd3d 100644 --- a/deployment/cicd/kustomize/overlays/prod/deployment-api-gateway-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/deployment-api-gateway-patch.yaml @@ -2,33 +2,16 @@ apiVersion: apps/v1 kind: Deployment metadata: name: api-gateway - namespace: phonebill-prod spec: replicas: 3 template: spec: containers: - - name: api-gateway - resources: - requests: - memory: 1024Mi - cpu: 1024m - limits: - memory: 4096Mi - cpu: 4096m - livenessProbe: - httpGet: - path: /actuator/health - port: 8080 - initialDelaySeconds: 120 - periodSeconds: 30 - timeoutSeconds: 10 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /actuator/health/readiness - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 \ No newline at end of file + - name: api-gateway + resources: + requests: + cpu: 1024m + memory: 1024Mi + limits: + cpu: 4096m + memory: 4096Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/deployment-bill-service-patch.yaml b/deployment/cicd/kustomize/overlays/prod/deployment-bill-service-patch.yaml index 6c51a0e..3049a8a 100644 --- a/deployment/cicd/kustomize/overlays/prod/deployment-bill-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/deployment-bill-service-patch.yaml @@ -2,33 +2,16 @@ apiVersion: apps/v1 kind: Deployment metadata: name: bill-service - namespace: phonebill-prod spec: replicas: 3 template: spec: containers: - - name: bill-service - resources: - requests: - memory: 1024Mi - cpu: 1024m - limits: - memory: 4096Mi - cpu: 4096m - livenessProbe: - httpGet: - path: /actuator/health - port: 8080 - initialDelaySeconds: 120 - periodSeconds: 30 - timeoutSeconds: 10 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /actuator/health/readiness - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 \ No newline at end of file + - name: bill-service + resources: + requests: + cpu: 1024m + memory: 1024Mi + limits: + cpu: 4096m + memory: 4096Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/deployment-kos-mock-patch.yaml b/deployment/cicd/kustomize/overlays/prod/deployment-kos-mock-patch.yaml index f155200..5918e81 100644 --- a/deployment/cicd/kustomize/overlays/prod/deployment-kos-mock-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/deployment-kos-mock-patch.yaml @@ -2,33 +2,16 @@ apiVersion: apps/v1 kind: Deployment metadata: name: kos-mock - namespace: phonebill-prod spec: replicas: 3 template: spec: containers: - - name: kos-mock - resources: - requests: - memory: 1024Mi - cpu: 1024m - limits: - memory: 4096Mi - cpu: 4096m - livenessProbe: - httpGet: - path: /actuator/health - port: 8080 - initialDelaySeconds: 120 - periodSeconds: 30 - timeoutSeconds: 10 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /actuator/health/readiness - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 \ No newline at end of file + - name: kos-mock + resources: + requests: + cpu: 1024m + memory: 1024Mi + limits: + cpu: 4096m + memory: 4096Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/deployment-product-service-patch.yaml b/deployment/cicd/kustomize/overlays/prod/deployment-product-service-patch.yaml index 6d595f0..eb12921 100644 --- a/deployment/cicd/kustomize/overlays/prod/deployment-product-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/deployment-product-service-patch.yaml @@ -2,33 +2,16 @@ apiVersion: apps/v1 kind: Deployment metadata: name: product-service - namespace: phonebill-prod spec: replicas: 3 template: spec: containers: - - name: product-service - resources: - requests: - memory: 1024Mi - cpu: 1024m - limits: - memory: 4096Mi - cpu: 4096m - livenessProbe: - httpGet: - path: /actuator/health - port: 8080 - initialDelaySeconds: 120 - periodSeconds: 30 - timeoutSeconds: 10 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /actuator/health/readiness - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 \ No newline at end of file + - name: product-service + resources: + requests: + cpu: 1024m + memory: 1024Mi + limits: + cpu: 4096m + memory: 4096Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/deployment-user-service-patch.yaml b/deployment/cicd/kustomize/overlays/prod/deployment-user-service-patch.yaml index 02f9a47..e464a6f 100644 --- a/deployment/cicd/kustomize/overlays/prod/deployment-user-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/deployment-user-service-patch.yaml @@ -2,33 +2,16 @@ apiVersion: apps/v1 kind: Deployment metadata: name: user-service - namespace: phonebill-prod spec: replicas: 3 template: spec: containers: - - name: user-service - resources: - requests: - memory: 1024Mi - cpu: 1024m - limits: - memory: 4096Mi - cpu: 4096m - livenessProbe: - httpGet: - path: /actuator/health - port: 8080 - initialDelaySeconds: 120 - periodSeconds: 30 - timeoutSeconds: 10 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /actuator/health/readiness - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 \ No newline at end of file + - name: user-service + resources: + requests: + cpu: 1024m + memory: 1024Mi + limits: + cpu: 4096m + memory: 4096Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/ingress-patch.yaml b/deployment/cicd/kustomize/overlays/prod/ingress-patch.yaml index f509db9..f944db9 100644 --- a/deployment/cicd/kustomize/overlays/prod/ingress-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/ingress-patch.yaml @@ -1,30 +1,54 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: phonebill - namespace: phonebill-prod + name: phonebill-ingress annotations: - nginx.ingress.kubernetes.io/rewrite-target: / + kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" cert-manager.io/cluster-issuer: "letsencrypt-prod" - nginx.ingress.kubernetes.io/proxy-body-size: "10m" - nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" - nginx.ingress.kubernetes.io/proxy-send-timeout: "600" - nginx.ingress.kubernetes.io/proxy-read-timeout: "600" spec: + ingressClassName: nginx tls: - - hosts: - - phonebill.yourdomain.com - secretName: phonebill-prod-tls + - hosts: + - phonebill.example.com + secretName: phonebill-tls-secret rules: - - host: phonebill.yourdomain.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: api-gateway - port: - number: 8080 \ No newline at end of file + - host: phonebill.example.com + http: + paths: + - path: /api/v1/auth + pathType: Prefix + backend: + service: + name: user-service + port: + number: 80 + - path: /api/v1/users + pathType: Prefix + backend: + service: + name: user-service + port: + number: 80 + - path: /api/v1/bills + pathType: Prefix + backend: + service: + name: bill-service + port: + number: 80 + - path: /api/v1/products + pathType: Prefix + backend: + service: + name: product-service + port: + number: 80 + - path: /api/v1/kos + pathType: Prefix + backend: + service: + name: kos-mock + port: + number: 80 \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/kustomization.yaml b/deployment/cicd/kustomize/overlays/prod/kustomization.yaml index 5a83c0a..6116c27 100644 --- a/deployment/cicd/kustomize/overlays/prod/kustomization.yaml +++ b/deployment/cicd/kustomize/overlays/prod/kustomization.yaml @@ -11,6 +11,14 @@ patches: target: kind: ConfigMap name: cm-common + - path: secret-common-patch.yaml + target: + kind: Secret + name: secret-common + - path: ingress-patch.yaml + target: + kind: Ingress + name: phonebill - path: deployment-api-gateway-patch.yaml target: kind: Deployment @@ -31,14 +39,6 @@ patches: target: kind: Deployment name: kos-mock - - path: ingress-patch.yaml - target: - kind: Ingress - name: phonebill - - path: secret-common-patch.yaml - target: - kind: Secret - name: secret-common - path: secret-user-service-patch.yaml target: kind: Secret @@ -64,5 +64,7 @@ images: - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock newTag: prod-latest -commonLabels: - environment: prod \ No newline at end of file +labels: + - includeSelectors: true + pairs: + environment: prod \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/secret-bill-service-patch.yaml b/deployment/cicd/kustomize/overlays/prod/secret-bill-service-patch.yaml index 7717613..3cdad4c 100644 --- a/deployment/cicd/kustomize/overlays/prod/secret-bill-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/secret-bill-service-patch.yaml @@ -2,21 +2,10 @@ apiVersion: v1 kind: Secret metadata: name: secret-bill-service - namespace: phonebill-prod + type: Opaque stringData: - # 요금조회 서비스 전용 데이터베이스 연결정보 - DB_HOST: "bill-inquiry-postgres-prod-service" - DB_PORT: "5432" + DB_HOST: "bill-inquiry-postgres-prod-postgresql" DB_NAME: "bill_inquiry_db" - DB_USERNAME: "postgres" - DB_PASSWORD: "your-production-bill-db-password" - - # 데이터베이스 연결 풀 설정 (프로덕션 최적화) - DB_MAX_POOL_SIZE: "20" - DB_MIN_IDLE: "5" - DB_CONNECTION_TIMEOUT: "30000" - - # KOS 연동 설정 - KOS_BASE_URL: "http://kos-mock:8080" - KOS_API_KEY: "your-production-kos-api-key" \ No newline at end of file + DB_USERNAME: "bill_inquiry_user" + DB_PASSWORD: "BillUserProd2025!" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/secret-common-patch.yaml b/deployment/cicd/kustomize/overlays/prod/secret-common-patch.yaml index 3bbad85..6e269a1 100644 --- a/deployment/cicd/kustomize/overlays/prod/secret-common-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/secret-common-patch.yaml @@ -2,16 +2,9 @@ apiVersion: v1 kind: Secret metadata: name: secret-common - namespace: phonebill-prod + type: Opaque stringData: - # JWT 설정 - JWT_SECRET: "your-production-jwt-secret-key-here-must-be-very-secure" - - # Redis 설정 - REDIS_HOST: "redis-prod-service" - REDIS_PORT: "6379" - REDIS_PASSWORD: "your-production-redis-password" - - # 암호화 설정 - ENCRYPTION_KEY: "your-production-encryption-key-32-chars" \ No newline at end of file + JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ==" + REDIS_HOST: "redis-cache-prod-master" + REDIS_PASSWORD: "Redis2025Prod!" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/secret-product-service-patch.yaml b/deployment/cicd/kustomize/overlays/prod/secret-product-service-patch.yaml index c7f93d9..f10314f 100644 --- a/deployment/cicd/kustomize/overlays/prod/secret-product-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/secret-product-service-patch.yaml @@ -2,21 +2,10 @@ apiVersion: v1 kind: Secret metadata: name: secret-product-service - namespace: phonebill-prod + type: Opaque stringData: - # 상품변경 서비스 전용 데이터베이스 연결정보 - DB_HOST: "product-change-postgres-prod-service" - DB_PORT: "5432" + DB_HOST: "product-change-postgres-prod-postgresql" DB_NAME: "product_change_db" - DB_USERNAME: "postgres" - DB_PASSWORD: "your-production-product-db-password" - - # 데이터베이스 연결 풀 설정 (프로덕션 최적화) - DB_MAX_POOL_SIZE: "20" - DB_MIN_IDLE: "5" - DB_CONNECTION_TIMEOUT: "30000" - - # KOS 연동 설정 - KOS_BASE_URL: "http://kos-mock:8080" - KOS_API_KEY: "your-production-kos-api-key" \ No newline at end of file + DB_USERNAME: "product_change_user" + DB_PASSWORD: "ProductUserProd2025!" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/prod/secret-user-service-patch.yaml b/deployment/cicd/kustomize/overlays/prod/secret-user-service-patch.yaml index 99ef03f..70766cb 100644 --- a/deployment/cicd/kustomize/overlays/prod/secret-user-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/prod/secret-user-service-patch.yaml @@ -2,17 +2,10 @@ apiVersion: v1 kind: Secret metadata: name: secret-user-service - namespace: phonebill-prod + type: Opaque stringData: - # 사용자 서비스 전용 데이터베이스 연결정보 - DB_HOST: "auth-postgres-prod-service" - DB_PORT: "5432" - DB_NAME: "auth_db" - DB_USERNAME: "postgres" - DB_PASSWORD: "your-production-auth-db-password" - - # 데이터베이스 연결 풀 설정 (프로덕션 최적화) - DB_MAX_POOL_SIZE: "20" - DB_MIN_IDLE: "5" - DB_CONNECTION_TIMEOUT: "30000" \ No newline at end of file + DB_HOST: "auth-postgres-prod-postgresql" + DB_NAME: "phonebill_auth" + DB_USERNAME: "auth_user" + DB_PASSWORD: "AuthUserProd2025!" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/configmap-common-patch.yaml b/deployment/cicd/kustomize/overlays/staging/configmap-common-patch.yaml index 708dcee..8bae940 100644 --- a/deployment/cicd/kustomize/overlays/staging/configmap-common-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/configmap-common-patch.yaml @@ -2,16 +2,11 @@ apiVersion: v1 kind: ConfigMap metadata: name: cm-common + data: - # 환경별 프로파일 설정 + CORS_ALLOWED_ORIGINS: "https://phonebill.example.com" + JWT_ACCESS_TOKEN_VALIDITY: "18000000" + JWT_REFRESH_TOKEN_VALIDITY: "86400000" + REDIS_PORT: "6379" SPRING_PROFILES_ACTIVE: "staging" - - # 스테이징 환경 도메인 설정 - CORS_ALLOWED_ORIGINS: "https://phonebill-staging.yourdomain.com" - - # 스테이징 환경 DDL 설정 (데이터 검증을 위해 validate 사용) - DDL_AUTO: "validate" - - # JWT 토큰 유효시간 (스테이징 환경은 운영과 유사한 유효시간) - JWT_ACCESS_TOKEN_EXPIRATION: "1800000" - JWT_REFRESH_TOKEN_EXPIRATION: "43200000" \ No newline at end of file + DDL_AUTO: "validate" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/deployment-api-gateway-patch.yaml b/deployment/cicd/kustomize/overlays/staging/deployment-api-gateway-patch.yaml index f11df32..d0703ba 100644 --- a/deployment/cicd/kustomize/overlays/staging/deployment-api-gateway-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/deployment-api-gateway-patch.yaml @@ -10,8 +10,8 @@ spec: - name: api-gateway resources: requests: - memory: 512Mi cpu: 512m + memory: 512Mi limits: - memory: 2048Mi - cpu: 2048m \ No newline at end of file + cpu: 2048m + memory: 2048Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/deployment-bill-service-patch.yaml b/deployment/cicd/kustomize/overlays/staging/deployment-bill-service-patch.yaml index 749931e..792bcfa 100644 --- a/deployment/cicd/kustomize/overlays/staging/deployment-bill-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/deployment-bill-service-patch.yaml @@ -10,8 +10,8 @@ spec: - name: bill-service resources: requests: - memory: 512Mi cpu: 512m + memory: 512Mi limits: - memory: 2048Mi - cpu: 2048m \ No newline at end of file + cpu: 2048m + memory: 2048Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/deployment-kos-mock-patch.yaml b/deployment/cicd/kustomize/overlays/staging/deployment-kos-mock-patch.yaml index b9d1336..71d74a1 100644 --- a/deployment/cicd/kustomize/overlays/staging/deployment-kos-mock-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/deployment-kos-mock-patch.yaml @@ -10,8 +10,8 @@ spec: - name: kos-mock resources: requests: - memory: 512Mi cpu: 512m + memory: 512Mi limits: - memory: 2048Mi - cpu: 2048m \ No newline at end of file + cpu: 2048m + memory: 2048Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/deployment-product-service-patch.yaml b/deployment/cicd/kustomize/overlays/staging/deployment-product-service-patch.yaml index e23cf7b..28b9d65 100644 --- a/deployment/cicd/kustomize/overlays/staging/deployment-product-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/deployment-product-service-patch.yaml @@ -10,8 +10,8 @@ spec: - name: product-service resources: requests: - memory: 512Mi cpu: 512m + memory: 512Mi limits: - memory: 2048Mi - cpu: 2048m \ No newline at end of file + cpu: 2048m + memory: 2048Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/deployment-user-service-patch.yaml b/deployment/cicd/kustomize/overlays/staging/deployment-user-service-patch.yaml index 6f51b43..b7df416 100644 --- a/deployment/cicd/kustomize/overlays/staging/deployment-user-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/deployment-user-service-patch.yaml @@ -10,8 +10,8 @@ spec: - name: user-service resources: requests: - memory: 512Mi cpu: 512m + memory: 512Mi limits: - memory: 2048Mi - cpu: 2048m \ No newline at end of file + cpu: 2048m + memory: 2048Mi \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/ingress-patch.yaml b/deployment/cicd/kustomize/overlays/staging/ingress-patch.yaml index 657520d..086ece6 100644 --- a/deployment/cicd/kustomize/overlays/staging/ingress-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/ingress-patch.yaml @@ -5,15 +5,15 @@ metadata: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: "true" - cert-manager.io/cluster-issuer: letsencrypt-prod + cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: ingressClassName: nginx tls: - hosts: - - phonebill-staging.yourdomain.com - secretName: phonebill-staging-tls + - phonebill.example.com + secretName: phonebill-tls-cert rules: - - host: phonebill-staging.yourdomain.com + - host: phonebill.example.com http: paths: - path: /api/v1/auth diff --git a/deployment/cicd/kustomize/overlays/staging/kustomization.yaml b/deployment/cicd/kustomize/overlays/staging/kustomization.yaml index 322da37..0c3a8a2 100644 --- a/deployment/cicd/kustomize/overlays/staging/kustomization.yaml +++ b/deployment/cicd/kustomize/overlays/staging/kustomization.yaml @@ -11,6 +11,14 @@ patches: target: kind: ConfigMap name: cm-common + - path: secret-common-patch.yaml + target: + kind: Secret + name: secret-common + - path: ingress-patch.yaml + target: + kind: Ingress + name: phonebill - path: deployment-api-gateway-patch.yaml target: kind: Deployment @@ -31,14 +39,6 @@ patches: target: kind: Deployment name: kos-mock - - path: ingress-patch.yaml - target: - kind: Ingress - name: phonebill - - path: secret-common-patch.yaml - target: - kind: Secret - name: secret-common - path: secret-user-service-patch.yaml target: kind: Secret @@ -64,5 +64,7 @@ images: - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock newTag: staging-latest -commonLabels: - environment: staging \ No newline at end of file +labels: + - includeSelectors: true + pairs: + environment: staging \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/secret-bill-service-patch.yaml b/deployment/cicd/kustomize/overlays/staging/secret-bill-service-patch.yaml index 958a6dd..4a5a7da 100644 --- a/deployment/cicd/kustomize/overlays/staging/secret-bill-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/secret-bill-service-patch.yaml @@ -2,8 +2,10 @@ apiVersion: v1 kind: Secret metadata: name: secret-bill-service + type: Opaque stringData: - # Bill Service DB 접속 정보 (스테이징 환경) - DB_PASSWORD: "billdb-staging-password" - DB_URL: "jdbc:postgresql://bill-inquiry-postgres-staging-postgresql:5432/bill_inquiry_db" \ No newline at end of file + DB_HOST: "bill-inquiry-postgres-staging-postgresql" + DB_NAME: "bill_inquiry_db" + DB_USERNAME: "bill_inquiry_user" + DB_PASSWORD: "BillUser2025Staging!" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/secret-common-patch.yaml b/deployment/cicd/kustomize/overlays/staging/secret-common-patch.yaml index 7dbfb9b..bcf22fb 100644 --- a/deployment/cicd/kustomize/overlays/staging/secret-common-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/secret-common-patch.yaml @@ -2,12 +2,9 @@ apiVersion: v1 kind: Secret metadata: name: secret-common + type: Opaque stringData: - # Redis 설정 (스테이징 환경) - REDIS_PASSWORD: "staging-redis-password" - - # JWT Secret Key (스테이징 환경용) - JWT_SECRET: "staging-jwt-secret-key-for-phonebill-staging-environment" - - # 스테이징 환경용 공통 시크릿 \ No newline at end of file + JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ==" + REDIS_HOST: "redis-cache-staging-master" + REDIS_PASSWORD: "Redis2025Staging!" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/secret-product-service-patch.yaml b/deployment/cicd/kustomize/overlays/staging/secret-product-service-patch.yaml index 788ad13..0397162 100644 --- a/deployment/cicd/kustomize/overlays/staging/secret-product-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/secret-product-service-patch.yaml @@ -2,8 +2,10 @@ apiVersion: v1 kind: Secret metadata: name: secret-product-service + type: Opaque stringData: - # Product Service DB 접속 정보 (스테이징 환경) - DB_PASSWORD: "productdb-staging-password" - DB_URL: "jdbc:postgresql://product-change-postgres-staging-postgresql:5432/product_change_db" \ No newline at end of file + DB_HOST: "product-change-postgres-staging-postgresql" + DB_NAME: "product_change_db" + DB_USERNAME: "product_change_user" + DB_PASSWORD: "ProductUser2025Staging!" \ No newline at end of file diff --git a/deployment/cicd/kustomize/overlays/staging/secret-user-service-patch.yaml b/deployment/cicd/kustomize/overlays/staging/secret-user-service-patch.yaml index 59f62c1..b65f7c9 100644 --- a/deployment/cicd/kustomize/overlays/staging/secret-user-service-patch.yaml +++ b/deployment/cicd/kustomize/overlays/staging/secret-user-service-patch.yaml @@ -2,8 +2,10 @@ apiVersion: v1 kind: Secret metadata: name: secret-user-service + type: Opaque stringData: - # User Service DB 접속 정보 (스테이징 환경) - DB_PASSWORD: "userdb-staging-password" - DB_URL: "jdbc:postgresql://user-auth-postgres-staging-postgresql:5432/user_auth_db" \ No newline at end of file + DB_HOST: "auth-postgres-staging-postgresql" + DB_NAME: "phonebill_auth" + DB_USERNAME: "auth_user" + DB_PASSWORD: "AuthUser2025Staging!" \ No newline at end of file diff --git a/deployment/cicd/scripts/deploy.sh b/deployment/cicd/scripts/deploy.sh index 5cb4ad8..057bacd 100755 --- a/deployment/cicd/scripts/deploy.sh +++ b/deployment/cicd/scripts/deploy.sh @@ -4,7 +4,7 @@ set -e ENVIRONMENT=${1:-dev} IMAGE_TAG=${2:-latest} -echo "🚀 Starting manual deployment for environment: $ENVIRONMENT with tag: $IMAGE_TAG" +echo "🚀 Starting deployment for environment: $ENVIRONMENT with image tag: $IMAGE_TAG" # 환경별 이미지 태그 업데이트 cd deployment/cicd/kustomize/overlays/${ENVIRONMENT} @@ -12,36 +12,23 @@ cd deployment/cicd/kustomize/overlays/${ENVIRONMENT} # 서비스 목록 (공백으로 구분) services="api-gateway user-service bill-service product-service kos-mock" -echo "📦 Updating image tags for services: $services" - # 각 서비스 이미지 태그 업데이트 for service in $services; do - echo " ⏳ Updating $service to ${ENVIRONMENT}-${IMAGE_TAG}" + echo "📦 Updating image tag for $service to ${ENVIRONMENT}-${IMAGE_TAG}" kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/$service:${ENVIRONMENT}-${IMAGE_TAG} done -echo "🚢 Deploying to Kubernetes cluster..." - # 배포 실행 +echo "🔧 Applying manifests to Kubernetes cluster..." kubectl apply -k . -echo "⏰ Waiting for deployments to be ready..." - # 배포 상태 확인 +echo "⏳ Waiting for deployments to be ready..." for service in $services; do - echo " 🔄 Waiting for $service deployment..." - kubectl rollout status deployment/$service -n phonebill-${ENVIRONMENT} + echo " Checking $service..." + kubectl rollout status deployment/$service -n phonebill-${ENVIRONMENT} --timeout=300s done echo "✅ Deployment completed successfully!" -echo "" -echo "📋 Deployment Summary:" -echo " Environment: $ENVIRONMENT" -echo " Image Tag: ${ENVIRONMENT}-${IMAGE_TAG}" -echo " Services: $services" -echo " Namespace: phonebill-${ENVIRONMENT}" -echo "" -echo "🔍 Check deployment status:" -echo " kubectl get pods -n phonebill-${ENVIRONMENT}" -echo " kubectl get services -n phonebill-${ENVIRONMENT}" -echo " kubectl get ingress -n phonebill-${ENVIRONMENT}" \ No newline at end of file +echo "🌐 Application endpoints:" +kubectl get ingress -n phonebill-${ENVIRONMENT} -o wide \ No newline at end of file diff --git a/deployment/cicd/scripts/validate-cicd-setup.sh b/deployment/cicd/scripts/validate-cicd-setup.sh index 96ecc8b..c8374c3 100755 --- a/deployment/cicd/scripts/validate-cicd-setup.sh +++ b/deployment/cicd/scripts/validate-cicd-setup.sh @@ -1,7 +1,7 @@ #!/bin/bash -# phonebill CI/CD 설정 검증 스크립트 +# Base 리소스 누락 검증 스크립트 (범용) -echo "🔍 phonebill CI/CD 설정 검증 시작..." +echo "🔍 phonebill Base 리소스 누락 검증 시작..." BASE_DIR="deployment/cicd/kustomize/base" MISSING_RESOURCES=0 @@ -106,85 +106,12 @@ for env in dev staging prod; do fi done -# 6. Jenkins 파이프라인 검증 -echo "" -echo "6. Jenkins 파이프라인 검증:" -if [ -f "deployment/cicd/Jenkinsfile" ]; then - echo " ✅ Jenkinsfile 존재" - - # 주요 서비스명 확인 - services_in_jenkinsfile=$(grep -o "api-gateway\|user-service\|bill-service\|product-service\|kos-mock" deployment/cicd/Jenkinsfile | sort -u | tr '\n' ' ') - echo " 📋 Jenkinsfile의 서비스: $services_in_jenkinsfile" - - # ACR 이름 확인 - acr_name=$(grep -o "acrdigitalgarage01" deployment/cicd/Jenkinsfile | head -1) - if [ -n "$acr_name" ]; then - echo " ✅ ACR 이름: $acr_name" - else - echo " ⚠️ ACR 이름을 찾을 수 없습니다" - fi -else - echo " ❌ Jenkinsfile이 없습니다" - ((MISSING_RESOURCES++)) -fi - -# 7. 스크립트 파일 검증 -echo "" -echo "7. 배포 스크립트 검증:" -scripts_dir="deployment/cicd/scripts" -if [ -f "$scripts_dir/deploy.sh" ]; then - echo " ✅ deploy.sh 존재" - if [ -x "$scripts_dir/deploy.sh" ]; then - echo " ✅ deploy.sh 실행 권한 있음" - else - echo " ⚠️ deploy.sh 실행 권한 없음 (chmod +x 필요)" - fi -else - echo " ❌ deploy.sh가 없습니다" - ((MISSING_RESOURCES++)) -fi - -# 8. 환경별 설정 파일 검증 -echo "" -echo "8. 환경별 설정 파일 검증:" -config_dir="deployment/cicd/config" -for env in dev staging prod; do - config_file="$config_dir/deploy_env_vars_$env" - if [ -f "$config_file" ]; then - echo " ✅ $env 환경 설정 파일 존재" - # 필수 설정 확인 - if grep -q "resource_group\|cluster_name" "$config_file"; then - echo " ✅ 필수 설정 (resource_group, cluster_name) 확인됨" - else - echo " ❌ 필수 설정이 누락됨" - ((MISSING_RESOURCES++)) - fi - else - echo " ❌ $env 환경 설정 파일이 없습니다" - ((MISSING_RESOURCES++)) - fi -done - # 결과 출력 echo "" echo "======================================" if [ $MISSING_RESOURCES -eq 0 ]; then - echo "🎯 검증 완료! phonebill CI/CD 설정이 정상입니다." + echo "🎯 검증 완료! 모든 리소스가 정상입니다." echo "======================================" - echo "" - echo "📋 Jenkins CI/CD 파이프라인 구성 요약:" - echo " • 시스템명: phonebill" - echo " • 서비스: api-gateway, user-service, bill-service, product-service, kos-mock" - echo " • 환경: dev, staging, prod" - echo " • 컨테이너 레지스트리: acrdigitalgarage01.azurecr.io" - echo " • JDK 버전: 21" - echo "" - echo "🚀 다음 단계:" - echo " 1. Jenkins에서 Pipeline Job 생성" - echo " 2. Jenkins Credentials 설정 (azure-credentials, acr-credentials, dockerhub-credentials)" - echo " 3. SonarQube 서버 연동 설정" - echo " 4. 파이프라인 실행 테스트" - echo "" exit 0 else echo "❌ $MISSING_RESOURCES개의 문제가 발견되었습니다." @@ -196,7 +123,6 @@ else echo "3. 파일명이 명명 규칙을 따르는지 확인하세요:" echo " - ConfigMap: cm-{서비스명}.yaml" echo " - Secret: secret-{서비스명}.yaml" - echo "4. 스크립트 실행 권한 설정: chmod +x scripts/*.sh" - echo "5. 다시 검증: ./scripts/validate-cicd-setup.sh" + echo "4. 다시 검증: ./deployment/cicd/scripts/validate-cicd-setup.sh" exit 1 fi \ No newline at end of file diff --git a/fix-deployment-selector.sh b/fix-deployment-selector.sh new file mode 100755 index 0000000..1945207 --- /dev/null +++ b/fix-deployment-selector.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Deployment selector 문제 해결을 위한 스크립트 +# 기존 Deployment 삭제 후 새로운 설정으로 재생성 + +echo "=== Deployment Selector 문제 해결 시작 ===" + +NAMESPACE="phonebill-dev" +SERVICES=("api-gateway" "bill-service" "kos-mock" "product-service" "user-service") + +# 1단계: 기존 Deployment들을 안전하게 삭제 +echo "1단계: 기존 Deployment 삭제" +for service in "${SERVICES[@]}"; do + echo "삭제 중: $service" + kubectl delete deployment $service -n $NAMESPACE --ignore-not-found=true + + # Deployment가 완전히 삭제될 때까지 대기 + while kubectl get deployment $service -n $NAMESPACE &>/dev/null; do + echo "대기 중: $service 삭제 완료 대기..." + sleep 2 + done + echo "완료: $service 삭제됨" +done + +echo "모든 Deployment 삭제 완료" + +# 2단계: 잠시 대기 +echo "2단계: 리소스 정리 대기 (5초)" +sleep 5 + +# 3단계: Kustomize를 통해 새로운 Deployment 생성 +echo "3단계: 새로운 Deployment 생성" +echo "Kustomize 적용 중..." + +cd deployment/cicd/kustomize/overlays/dev +kubectl apply -k . + +echo "=== Deployment Selector 문제 해결 완료 ===" + +# 4단계: 결과 확인 +echo "4단계: 배포 결과 확인" +kubectl get deployments -n $NAMESPACE -o wide + +echo "" +echo "Pod 상태 확인:" +kubectl get pods -n $NAMESPACE \ No newline at end of file diff --git a/kos-mock/data/kos_mock.mv.db b/kos-mock/data/kos_mock.mv.db index 09bebae..7a9a5cc 100644 Binary files a/kos-mock/data/kos_mock.mv.db and b/kos-mock/data/kos_mock.mv.db differ diff --git a/update-images.sh b/update-images.sh new file mode 100755 index 0000000..020f44e --- /dev/null +++ b/update-images.sh @@ -0,0 +1,48 @@ +#!/bin/bash +set -e + +ENVIRONMENT=${1:-dev} +IMAGE_TAG=${2:-$(date +%Y%m%d%H%M%S)} + +echo "🚀 Updating images for environment: $ENVIRONMENT with tag: $IMAGE_TAG" + +# 환경별 디렉토리로 이동 +OVERLAY_DIR="deployment/cicd/kustomize/overlays/${ENVIRONMENT}" +cd $OVERLAY_DIR + +# 서비스 목록 +services="api-gateway user-service bill-service product-service kos-mock" + +echo "📦 Updating image tags in kustomization.yaml for services: $services" + +# images 섹션이 있는지 확인하고 없으면 추가 +if ! grep -q "^images:" kustomization.yaml; then + echo "" >> kustomization.yaml + echo "images:" >> kustomization.yaml +fi + +# 기존 images 섹션 제거 (단순화를 위해) +sed -i.bak '/^images:/,$d' kustomization.yaml + +# 새로운 images 섹션 추가 +echo "images:" >> kustomization.yaml + +# 각 서비스 이미지 태그 업데이트 +for service in $services; do + echo " ⏳ Adding $service with tag ${ENVIRONMENT}-${IMAGE_TAG}" + echo " - name: acrdigitalgarage01.azurecr.io/phonebill/$service" >> kustomization.yaml + echo " newTag: ${ENVIRONMENT}-${IMAGE_TAG}" >> kustomization.yaml +done + +echo "✅ Image tags updated successfully!" +echo "" +echo "📋 Updated kustomization.yaml:" +echo "Environment: $ENVIRONMENT" +echo "Image Tag: ${ENVIRONMENT}-${IMAGE_TAG}" +echo "Services: $services" +echo "" +echo "🚢 To deploy, run:" +echo " kubectl apply -k $OVERLAY_DIR" +echo "" +echo "📄 Current images section:" +tail -15 kustomization.yaml \ No newline at end of file