Jenkins CI/CD 파이프라인 구축 완료

- Kustomize 기반 환경별 배포 구조 구축 • Base 매니페스트: deployment/cicd/kustomize/base/ • 환경별 오버레이: overlays/{dev,staging,prod} • 기존 k8s 매니페스트를 Kustomize 구조로 마이그레이션 - Jenkins 파이프라인 설정 • Jenkinsfile: Pod Template, SonarQube, 배포 자동화 • 환경별 설정 파일: config/deploy_env_vars_{env} • 수동 배포 스크립트: scripts/deploy.sh - Azure 연동 설정 • ACR (acrdigitalgarage01) 및 AKS (aks-digitalgarage-01) • 환경별 리소스 분리 및 보안 설정 - 완전한 구축 가이드 문서 • deployment/cicd/jenkins-pipeline-guide.md • Jenkins 플러그인, RBAC, 트러블슈팅 가이드 포함 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-06-12 19:49:10 +00:00 · 2025-09-12 10:46:05 +09:00
parent 0f1e22c5dc
commit 892f30ba44
67 changed files with 2430 additions and 10 deletions
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm-api-gateway
+data:
+  SERVER_PORT: "8080"
+  BILL_SERVICE_URL: "http://bill-service"
+  PRODUCT_SERVICE_URL: "http://product-service"
+  USER_SERVICE_URL: "http://user-service"
+  KOS_MOCK_URL: "http://kos-mock"
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-gateway
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: api-gateway
+  template:
+    metadata:
+      labels:
+        app: api-gateway
+    spec:
+      imagePullSecrets:
+      - name: phonebill
+      containers:
+      - name: api-gateway
+        image: acrdigitalgarage01.azurecr.io/phonebill/api-gateway:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+        envFrom:
+        - configMapRef:
+            name: cm-common
+        - configMapRef:
+            name: cm-api-gateway
+        - secretRef:
+            name: secret-common
+        resources:
+          requests:
+            cpu: 256m
+            memory: 256Mi
+          limits:
+            cpu: 1024m
+            memory: 1024Mi
+        startupProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          failureThreshold: 6
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          failureThreshold: 3
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          failureThreshold: 3
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- cm-api-gateway.yaml
+- deployment.yaml
+- service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: api-gateway
+spec:
+  selector:
+    app: api-gateway
+  ports:
+  - port: 80
+    targetPort: 8080
+  type: ClusterIP
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm-bill-service
+data:
+  SERVER_PORT: "8082"
+  DB_KIND: "postgresql"
+  DB_PORT: "5432"
+  DB_CONNECTION_TIMEOUT: "30000"
+  DB_IDLE_TIMEOUT: "600000"
+  DB_LEAK_DETECTION: "60000"
+  DB_MAX_LIFETIME: "1800000"
+  DB_MAX_POOL: "20"
+  DB_MIN_IDLE: "5"
+  KOS_BASE_URL: "http://kos-mock"
+  REDIS_DATABASE: "1"
+  REDIS_MAX_ACTIVE: "8"
+  REDIS_MAX_IDLE: "8"
+  REDIS_MAX_WAIT: "-1"
+  REDIS_MIN_IDLE: "0"
+  REDIS_TIMEOUT: "2000"
@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bill-service
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: bill-service
+  template:
+    metadata:
+      labels:
+        app: bill-service
+    spec:
+      imagePullSecrets:
+      - name: phonebill
+      containers:
+      - name: bill-service
+        image: acrdigitalgarage01.azurecr.io/phonebill/bill-service:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8082
+        envFrom:
+        - configMapRef:
+            name: cm-common
+        - configMapRef:
+            name: cm-bill-service
+        - secretRef:
+            name: secret-common
+        - secretRef:
+            name: secret-bill-service
+        resources:
+          requests:
+            cpu: 256m
+            memory: 256Mi
+          limits:
+            cpu: 1024m
+            memory: 1024Mi
+        startupProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8082
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          failureThreshold: 6
+        readinessProbe:
+          httpGet:
+            path: /actuator/health/readiness
+            port: 8082
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          failureThreshold: 3
+        livenessProbe:
+          httpGet:
+            path: /actuator/health/liveness
+            port: 8082
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          failureThreshold: 3
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- cm-bill-service.yaml
+- deployment.yaml
+- secret-bill-service.yaml
+- service.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-bill-service
+type: Opaque
+stringData:
+  DB_HOST: "bill-inquiry-postgres-dev-postgresql"
+  DB_NAME: "bill_inquiry_db"
+  DB_USERNAME: "bill_inquiry_user"
+  DB_PASSWORD: "BillUser2025!"
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: bill-service
+spec:
+  selector:
+    app: bill-service
+  ports:
+  - port: 80
+    targetPort: 8082
+  type: ClusterIP
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm-common
+data:
+  CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.20.214.196.128.nip.io"
+  JWT_ACCESS_TOKEN_VALIDITY: "18000000"
+  JWT_REFRESH_TOKEN_VALIDITY: "86400000"
+  REDIS_PORT: "6379"
+  SPRING_PROFILES_ACTIVE: "dev"
+  DDL_AUTO: "update"
@@ -0,0 +1,48 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: phonebill
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: phonebill-api.20.214.196.128.nip.io
+    http:
+      paths:
+      - path: /api/v1/auth
+        pathType: Prefix
+        backend:
+          service:
+            name: user-service
+            port:
+              number: 80
+      - path: /api/v1/users
+        pathType: Prefix
+        backend:
+          service:
+            name: user-service
+            port:
+              number: 80
+      - path: /api/v1/bills
+        pathType: Prefix
+        backend:
+          service:
+            name: bill-service
+            port:
+              number: 80
+      - path: /api/v1/products
+        pathType: Prefix
+        backend:
+          service:
+            name: product-service
+            port:
+              number: 80
+      - path: /api/v1/kos
+        pathType: Prefix
+        backend:
+          service:
+            name: kos-mock
+            port:
+              number: 80
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- cm-common.yaml
+- ingress.yaml
+- secret-common.yaml
+- secret-imagepull.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-common
+type: Opaque
+stringData:
+  JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
+  REDIS_HOST: "redis-cache-dev-master"
+  REDIS_PASSWORD: "Redis2025Dev!"
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: phonebill
+type: kubernetes.io/dockerconfigjson
+stringData:
+  .dockerconfigjson: |
+    {
+      "auths": {
+        "acrdigitalgarage01.azurecr.io": {
+          "username": "acrdigitalgarage01",
+          "password": "+OY+rmOagorjWvQe/tTk6oqvnZI8SmNbY/Y2o5EDcY+ACRDCDbYk",
+          "auth": "YWNyZGlnaXRhbGdhcmFnZTAxOitPWStybU9hZ29yald2UWUvdFRrNm9xdm5aSThTbU5iWS9ZMm81RURjWStBQ1JEQ0RiWWs="
+        }
+      }
+    }
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm-kos-mock
+data:
+  SERVER_PORT: "8084"
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kos-mock
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kos-mock
+  template:
+    metadata:
+      labels:
+        app: kos-mock
+    spec:
+      imagePullSecrets:
+      - name: phonebill
+      containers:
+      - name: kos-mock
+        image: acrdigitalgarage01.azurecr.io/phonebill/kos-mock:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8084
+        envFrom:
+        - configMapRef:
+            name: cm-common
+        - configMapRef:
+            name: cm-kos-mock
+        - secretRef:
+            name: secret-common
+        resources:
+          requests:
+            cpu: 256m
+            memory: 256Mi
+          limits:
+            cpu: 1024m
+            memory: 1024Mi
+        startupProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8084
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          failureThreshold: 6
+        readinessProbe:
+          httpGet:
+            path: /actuator/health/readiness
+            port: 8084
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          failureThreshold: 3
+        livenessProbe:
+          httpGet:
+            path: /actuator/health/liveness
+            port: 8084
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          failureThreshold: 3
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- cm-kos-mock.yaml
+- deployment.yaml
+- service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kos-mock
+spec:
+  selector:
+    app: kos-mock
+  ports:
+  - port: 80
+    targetPort: 8084
+  type: ClusterIP
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- common
+- api-gateway
+- user-service
+- bill-service
+- product-service
+- kos-mock
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm-product-service
+data:
+  SERVER_PORT: "8083"
+  DB_KIND: "postgresql"
+  DB_PORT: "5432"
+  KOS_BASE_URL: "http://kos-mock"
+  REDIS_DATABASE: "2"
@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: product-service
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: product-service
+  template:
+    metadata:
+      labels:
+        app: product-service
+    spec:
+      imagePullSecrets:
+      - name: phonebill
+      containers:
+      - name: product-service
+        image: acrdigitalgarage01.azurecr.io/phonebill/product-service:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8083
+        envFrom:
+        - configMapRef:
+            name: cm-common
+        - configMapRef:
+            name: cm-product-service
+        - secretRef:
+            name: secret-common
+        - secretRef:
+            name: secret-product-service
+        resources:
+          requests:
+            cpu: 256m
+            memory: 256Mi
+          limits:
+            cpu: 1024m
+            memory: 1024Mi
+        startupProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8083
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          failureThreshold: 6
+        readinessProbe:
+          httpGet:
+            path: /actuator/health/readiness
+            port: 8083
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          failureThreshold: 3
+        livenessProbe:
+          httpGet:
+            path: /actuator/health/liveness
+            port: 8083
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          failureThreshold: 3
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- cm-product-service.yaml
+- deployment.yaml
+- secret-product-service.yaml
+- service.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-product-service
+type: Opaque
+stringData:
+  DB_HOST: "product-change-postgres-dev-postgresql"
+  DB_NAME: "product_change_db"
+  DB_USERNAME: "product_change_user"
+  DB_PASSWORD: "ProductUser2025!"
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: product-service
+spec:
+  selector:
+    app: product-service
+  ports:
+  - port: 80
+    targetPort: 8083
+  type: ClusterIP
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm-user-service
+data:
+  SERVER_PORT: "8081"
+  DB_KIND: "postgresql"
+  DB_PORT: "5432"
+  DDL_AUTO: "update"
+  REDIS_DATABASE: "0"
+  SHOW_SQL: "true"
@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-service
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: user-service
+  template:
+    metadata:
+      labels:
+        app: user-service
+    spec:
+      imagePullSecrets:
+      - name: phonebill
+      containers:
+      - name: user-service
+        image: acrdigitalgarage01.azurecr.io/phonebill/user-service:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8081
+        envFrom:
+        - configMapRef:
+            name: cm-common
+        - configMapRef:
+            name: cm-user-service
+        - secretRef:
+            name: secret-common
+        - secretRef:
+            name: secret-user-service
+        resources:
+          requests:
+            cpu: 256m
+            memory: 256Mi
+          limits:
+            cpu: 1024m
+            memory: 1024Mi
+        startupProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8081
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          failureThreshold: 6
+        readinessProbe:
+          httpGet:
+            path: /actuator/health/readiness
+            port: 8081
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          failureThreshold: 3
+        livenessProbe:
+          httpGet:
+            path: /actuator/health/liveness
+            port: 8081
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          failureThreshold: 3
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- cm-user-service.yaml
+- deployment.yaml
+- secret-user-service.yaml
+- service.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-user-service
+type: Opaque
+stringData:
+  DB_HOST: "auth-postgres-dev-postgresql"
+  DB_NAME: "phonebill_auth"
+  DB_USERNAME: "auth_user"
+  DB_PASSWORD: "AuthUser2025!"
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: user-service
+spec:
+  selector:
+    app: user-service
+  ports:
+  - port: 80
+    targetPort: 8081
+  type: ClusterIP
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm-common
+data:
+  CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.20.214.196.128.nip.io"
+  SPRING_PROFILES_ACTIVE: "dev"
+  DDL_AUTO: "update"
@@ -0,0 +1,10 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: phonebill
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+spec:
+  rules:
+  - host: phonebill-api.20.214.196.128.nip.io
@@ -0,0 +1,19 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: phonebill-dev
+
+resources:
+- ../../base
+
+commonLabels:
+  env: dev
+  
+patchesStrategicMerge:
+- configmap-common-patch.yaml
+- secret-common-patch.yaml
+- ingress-patch.yaml
+- replica-patch.yaml
+- secret-user-service-patch.yaml
+- secret-bill-service-patch.yaml
+- secret-product-service-patch.yaml
@@ -0,0 +1,35 @@
+# Replica count patches for dev environment
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-gateway
+spec:
+  replicas: 1
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-service
+spec:
+  replicas: 1
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bill-service
+spec:
+  replicas: 1
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: product-service
+spec:
+  replicas: 1
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kos-mock
+spec:
+  replicas: 1
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-bill-service
+type: Opaque
+stringData:
+  DB_HOST: "bill-inquiry-postgres-dev-postgresql"
+  DB_PASSWORD: "BillUser2025!"
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-common
+type: Opaque
+stringData:
+  REDIS_HOST: "redis-cache-dev-master"
+  REDIS_PASSWORD: "Redis2025Dev!"
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-product-service
+type: Opaque
+stringData:
+  DB_HOST: "product-change-postgres-dev-postgresql"
+  DB_PASSWORD: "ProductUser2025!"
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-user-service
+type: Opaque
+stringData:
+  DB_HOST: "auth-postgres-dev-postgresql"
+  DB_PASSWORD: "AuthUser2025!"
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm-common
+data:
+  CORS_ALLOWED_ORIGINS: "https://phonebill.example.com,https://phonebill-app.example.com"
+  SPRING_PROFILES_ACTIVE: "prod"
+  DDL_AUTO: "validate"
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: phonebill
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+spec:
+  tls:
+  - hosts:
+    - phonebill-api.example.com
+    secretName: phonebill-prod-tls
+  rules:
+  - host: phonebill-api.example.com
@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: phonebill-prod
+
+resources:
+- ../../base
+
+commonLabels:
+  env: prod
+  
+patchesStrategicMerge:
+- env-patches.yaml
@@ -0,0 +1,35 @@
+# Replica count patches for production environment
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-gateway
+spec:
+  replicas: 3
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-service
+spec:
+  replicas: 3
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bill-service
+spec:
+  replicas: 3
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: product-service
+spec:
+  replicas: 3
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kos-mock
+spec:
+  replicas: 2
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-bill-service
+type: Opaque
+stringData:
+  DB_HOST: "bill-inquiry-postgres-prod-postgresql"
+  DB_PASSWORD: "BillUserProd$ecure2025!"
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-common
+type: Opaque
+stringData:
+  REDIS_HOST: "redis-cache-prod-master"
+  REDIS_PASSWORD: "Redis2025Prod$ecure!"
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-product-service
+type: Opaque
+stringData:
+  DB_HOST: "product-change-postgres-prod-postgresql"
+  DB_PASSWORD: "ProductUserProd$ecure2025!"
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-user-service
+type: Opaque
+stringData:
+  DB_HOST: "auth-postgres-prod-postgresql"
+  DB_PASSWORD: "AuthUserProd$ecure2025!"
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm-common
+data:
+  CORS_ALLOWED_ORIGINS: "https://phonebill-staging.example.com,https://phonebill.staging.example.com"
+  SPRING_PROFILES_ACTIVE: "staging"
+  DDL_AUTO: "validate"
@@ -0,0 +1,15 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: phonebill
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+spec:
+  tls:
+  - hosts:
+    - phonebill-api-staging.example.com
+    secretName: phonebill-staging-tls
+  rules:
+  - host: phonebill-api-staging.example.com
@@ -0,0 +1,19 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: phonebill-staging
+
+resources:
+- ../../base
+
+commonLabels:
+  env: staging
+  
+patchesStrategicMerge:
+- configmap-common-patch.yaml
+- secret-common-patch.yaml
+- ingress-patch.yaml
+- replica-patch.yaml
+- secret-user-service-patch.yaml
+- secret-bill-service-patch.yaml
+- secret-product-service-patch.yaml
@@ -0,0 +1,35 @@
+# Replica count patches for staging environment
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-gateway
+spec:
+  replicas: 2
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-service
+spec:
+  replicas: 2
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bill-service
+spec:
+  replicas: 2
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: product-service
+spec:
+  replicas: 2
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kos-mock
+spec:
+  replicas: 1
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-bill-service
+type: Opaque
+stringData:
+  DB_HOST: "bill-inquiry-postgres-staging-postgresql"
+  DB_PASSWORD: "BillUserStaging2025!"
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-common
+type: Opaque
+stringData:
+  REDIS_HOST: "redis-cache-staging-master"
+  REDIS_PASSWORD: "Redis2025Staging!"
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-product-service
+type: Opaque
+stringData:
+  DB_HOST: "product-change-postgres-staging-postgresql"
+  DB_PASSWORD: "ProductUserStaging2025!"
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-user-service
+type: Opaque
+stringData:
+  DB_HOST: "auth-postgres-staging-postgresql"
+  DB_PASSWORD: "AuthUserStaging2025!"