shared-dg05-unicorn/phonebill
1
0
Fork 0
mirror of https://github.com/cna-bootcamp/phonebill.git synced 2025-12-06 08:06:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Jenkins CI/CD 파이프라인 구축 완료

Browse Source 
- Kustomize 기반 환경별 배포 구조 구성
  * Base: 공통 매니페스트 (29개 파일)
  * Overlays: dev/staging/prod 환경별 설정 (39개 파일)
  * 환경별 리소스 및 보안 정책 차별화

- Jenkins 파이프라인 구현
  * JDK 21, Podman, Kustomize 통합
  * SonarQube 품질 분석 및 Quality Gate
  * 환경별 이미지 태그 및 배포 자동화
  * Pod 자동 정리로 리소스 최적화

- 운영 도구 및 스크립트
  * 수동 배포 스크립트 (deploy.sh)
  * 리소스 검증 스크립트 (validate-resources.sh)
  * 환경별 설정 파일 관리

- 완전한 가이드 문서
  * Jenkins 설정 및 Credentials 등록 방법
  * SonarQube 연동 및 Quality Gate 설정
  * 배포 실행 및 트러블슈팅 가이드

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
ondal 2025-09-30 21:24:21 +09:00
parent 8792b7c876
commit f15fe45870
66 changed files with 2111 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

225
deployment/cicd/Jenkinsfile vendored Normal file
View File

@ -0,0 +1,225 @@
def PIPELINE_ID = "${env.BUILD_NUMBER}"
def getImageTag() {
def dateFormat = new java.text.SimpleDateFormat('yyyyMMddHHmmss')
def currentDate = new Date()
return dateFormat.format(currentDate)
}
podTemplate(
label: "${PIPELINE_ID}",
serviceAccount: 'jenkins',
slaveConnectTimeout: 300,
idleMinutes: 1,
activeDeadlineSeconds: 3600,
podRetention: never(), // 파드 자동 정리 옵션: never(), onFailure(), always(), default()
yaml: '''
spec:
terminationGracePeriodSeconds: 3
restartPolicy: Never
tolerations:
- effect: NoSchedule
key: dedicated
operator: Equal
value: cicd
''',
containers: [
containerTemplate(
name: 'podman',
image: "mgoltzsche/podman",
ttyEnabled: true,
command: 'cat',
privileged: true,
resourceRequestCpu: '500m',
resourceRequestMemory: '2Gi',
resourceLimitCpu: '2000m',
resourceLimitMemory: '4Gi'
),
containerTemplate(
name: 'gradle',
image: 'gradle:jdk21',
ttyEnabled: true,
command: 'cat',
resourceRequestCpu: '500m',
resourceRequestMemory: '1Gi',
resourceLimitCpu: '1000m',
resourceLimitMemory: '2Gi',
envVars: [
envVar(key: 'DOCKER_HOST', value: 'unix:///run/podman/podman.sock'),
envVar(key: 'TESTCONTAINERS_DOCKER_SOCKET_OVERRIDE', value: '/run/podman/podman.sock'),
envVar(key: 'TESTCONTAINERS_RYUK_DISABLED', value: 'true')
]
),
containerTemplate(
name: 'azure-cli',
image: 'hiondal/azure-kubectl:latest',
command: 'cat',
ttyEnabled: true,
resourceRequestCpu: '200m',
resourceRequestMemory: '512Mi',
resourceLimitCpu: '500m',
resourceLimitMemory: '1Gi'
)
],
volumes: [
emptyDirVolume(mountPath: '/home/gradle/.gradle', memory: false),
emptyDirVolume(mountPath: '/root/.azure', memory: false),
emptyDirVolume(mountPath: '/run/podman', memory: false)
]
) {
node(PIPELINE_ID) {
def props
//def imageTag = getImageTag()
def imageTag = "dg0500"
def environment = params.ENVIRONMENT ?: 'dev'
def skipSonarQube = (params.SKIP_SONARQUBE?.toLowerCase() == 'true')
def services = ['api-gateway', 'user-service', 'bill-service', 'product-service', 'kos-mock']
try {
stage("Get Source") {
checkout scm
props = readProperties file: "deployment/cicd/config/deploy_env_vars_${environment}"
}
stage("Setup AKS") {
container('azure-cli') {
withCredentials([azureServicePrincipal('azure-credentials')]) {
sh """
az login --service-principal -u \$AZURE_CLIENT_ID -p \$AZURE_CLIENT_SECRET -t \$AZURE_TENANT_ID
az aks get-credentials --resource-group ${props.resource_group} --name ${props.cluster_name} --overwrite-existing
kubectl create namespace phonebill-dg0500 --dry-run=client -o yaml | kubectl apply -f -
"""
}
}
}
stage('Build') {
container('gradle') {
sh """
chmod +x gradlew
./gradlew build -x test
"""
}
}
stage('SonarQube Analysis & Quality Gate') {
if (skipSonarQube) {
echo "⏭️ Skipping SonarQube Analysis (SKIP_SONARQUBE=${params.SKIP_SONARQUBE})"
} else {
container('gradle') {
withSonarQubeEnv('SonarQube') {
// 각 서비스별 테스트 및 SonarQube 분석
services.each { service ->
sh """
./gradlew :${service}:test :${service}:jacocoTestReport :${service}:sonar \\
-Dsonar.projectKey=phonebill-${service}-dg0500 \\
-Dsonar.projectName=phonebill-${service}-dg0500 \\
-Dsonar.java.binaries=build/classes/java/main \\
-Dsonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml \\
-Dsonar.exclusions=**/config/**,**/entity/**,**/dto/**,**/*Application.class,**/exception/**
"""
}
// Quality Gate 확인
timeout(time: 10, unit: 'MINUTES') {
def qg = waitForQualityGate()
if (qg.status != 'OK') {
error "Pipeline aborted due to quality gate failure: ${qg.status}"
}
}
}
}
}
}
stage('Build & Push Images') {
timeout(time: 30, unit: 'MINUTES') {
container('podman') {
withCredentials([
usernamePassword(
credentialsId: 'acr-credentials',
usernameVariable: 'ACR_USERNAME',
passwordVariable: 'ACR_PASSWORD'
),
usernamePassword(
credentialsId: 'dockerhub-credentials',
usernameVariable: 'DOCKERHUB_USERNAME',
passwordVariable: 'DOCKERHUB_PASSWORD'
)
]) {
// Docker Hub 로그인 (rate limit 해결)
sh "podman login docker.io --username \$DOCKERHUB_USERNAME --password \$DOCKERHUB_PASSWORD"
// ACR 로그인
sh "podman login acrdigitalgarage01.azurecr.io --username \$ACR_USERNAME --password \$ACR_PASSWORD"
services.each { service ->
sh """
podman build \\
--build-arg BUILD_LIB_DIR="${service}/build/libs" \\
--build-arg ARTIFACTORY_FILE="${service}.jar" \\
-f deployment/container/Dockerfile-backend \\
-t acrdigitalgarage01.azurecr.io/phonebill/${service}:${environment}-${imageTag} .
podman push acrdigitalgarage01.azurecr.io/phonebill/${service}:${environment}-${imageTag}
"""
}
}
}
}
}
stage('Update Kustomize & Deploy') {
container('azure-cli') {
sh """
# Kustomize 설치 (sudo 없이 사용자 디렉토리에 설치)
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash
mkdir -p \$HOME/bin
mv kustomize \$HOME/bin/
export PATH=\$PATH:\$HOME/bin
# 환경별 디렉토리로 이동
cd deployment/cicd/kustomize/overlays/${environment}
# 서비스 목록 정의 (실제 서비스명으로 교체, 공백으로 구분)
services="api-gateway user-service bill-service product-service kos-mock"
# 이미지 태그 업데이트
for service in \$services; do
\$HOME/bin/kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/\$service:${environment}-${imageTag}
done
# 매니페스트 적용
kubectl apply -k .
# 배포 상태 확인
echo "Waiting for deployments to be ready..."
for service in \$services; do
kubectl -n phonebill-dg0500 wait --for=condition=available deployment/\$service --timeout=300s
done
"""
}
}
// 파이프라인 완료 로그 (Scripted Pipeline 방식)
stage('Pipeline Complete') {
echo "🧹 Pipeline completed. Pod cleanup handled by Jenkins Kubernetes Plugin."
// 성공/실패 여부 로깅
if (currentBuild.result == null || currentBuild.result == 'SUCCESS') {
echo "✅ Pipeline completed successfully!"
} else {
echo "❌ Pipeline failed with result: ${currentBuild.result}"
}
}
} catch (Exception e) {
currentBuild.result = 'FAILURE'
echo "❌ Pipeline failed with exception: ${e.getMessage()}"
throw e
} finally {
echo "🧹 Cleaning up resources and preparing for pod termination..."
echo "Pod will be terminated in 3 seconds due to terminationGracePeriodSeconds: 3"
}
}
}

3
deployment/cicd/config/deploy_env_vars_dev Normal file
View File

@ -0,0 +1,3 @@
# dev Environment Configuration
resource_group=rg-digitalgarage-01
cluster_name=aks-digitalgarage-01

3
deployment/cicd/config/deploy_env_vars_prod Normal file
View File

@ -0,0 +1,3 @@
# prod Environment Configuration
resource_group=rg-digitalgarage-01
cluster_name=aks-digitalgarage-01

3
deployment/cicd/config/deploy_env_vars_staging Normal file
View File

@ -0,0 +1,3 @@
# staging Environment Configuration
resource_group=rg-digitalgarage-01
cluster_name=aks-digitalgarage-01

377
deployment/cicd/jenkins-pipeline-guide.md Normal file
View File

@ -0,0 +1,377 @@
# phonebill Jenkins CI/CD 파이프라인 구축 가이드
## 📋 개요
본 가이드는 phonebill 프로젝트를 위한 Jenkins + Kustomize 기반 CI/CD 파이프라인 구축 방법을 제공합니다.
### 프로젝트 정보
- **시스템명**: phonebill
- **서비스 목록**: api-gateway, user-service, bill-service, product-service, kos-mock
- **JDK 버전**: 21
- **Azure 환경**:
- ACR: acrdigitalgarage01
- 리소스 그룹: rg-digitalgarage-01
- AKS 클러스터: aks-digitalgarage-01
- 네임스페이스: phonebill-dg0500
## 🏗️ 파이프라인 아키텍처
### 주요 구성 요소
- **빌드**: Gradle 기반 멀티모듈 빌드
- **품질 검증**: SonarQube 분석 & Quality Gate
- **컨테이너화**: Podman 기반 이미지 빌드
- **배포**: Kustomize를 통한 환경별 배포
- **인프라**: AKS (Azure Kubernetes Service)
### 환경별 설정
| 환경 | Replicas | CPU Request | Memory Request | CPU Limit | Memory Limit |
|------|----------|-------------|----------------|-----------|--------------|
| dev | 1 | 256m | 256Mi | 1024m | 1024Mi |
| staging | 2 | 512m | 512Mi | 2048m | 2048Mi |
| prod | 3 | 1024m | 1024Mi | 4096m | 4096Mi |
## 🚀 Jenkins 서버 환경 구성
### 1. Jenkins 필수 플러그인 설치
Jenkins 관리 > Plugin Manager에서 다음 플러그인들을 설치해주세요:
```bash
# Jenkins 필수 플러그인 목록
- Kubernetes
- Pipeline Utility Steps
- Docker Pipeline
- GitHub
- SonarQube Scanner
- Azure Credentials
```
### 2. Jenkins Credentials 등록
**Manage Jenkins > Credentials > Add Credentials**에서 다음 인증 정보들을 등록해주세요:
#### Azure Service Principal
```
Kind: Microsoft Azure Service Principal
ID: azure-credentials
Subscription ID: {구독ID}
Client ID: {클라이언트ID}
Client Secret: {클라이언트시크릿}
Tenant ID: {테넌트ID}
Azure Environment: Azure
```
#### ACR Credentials
```
Kind: Username with password
ID: acr-credentials
Username: acrdigitalgarage01
Password: {ACR_PASSWORD}
```
#### Docker Hub Credentials (Rate Limit 해결용)
```
Kind: Username with password
ID: dockerhub-credentials
Username: {DOCKERHUB_USERNAME}
Password: {DOCKERHUB_PASSWORD}
참고: Docker Hub 무료 계정 생성 (https://hub.docker.com)
```
#### SonarQube Token
```
Kind: Secret text
ID: sonarqube-token
Secret: {SonarQube토큰}
```
## 📂 Kustomize 구조
```
deployment/cicd/kustomize/
├── base/
│ ├── kustomization.yaml # Base 설정
│ ├── common/ # 공통 리소스
│ │ ├── cm-common.yaml
│ │ ├── secret-common.yaml
│ │ ├── secret-imagepull.yaml
│ │ └── ingress.yaml
│ ├── api-gateway/ # API Gateway 리소스
│ │ ├── deployment.yaml
│ │ ├── service.yaml
│ │ └── cm-api-gateway.yaml
│ ├── user-service/ # User Service 리소스
│ │ ├── deployment.yaml
│ │ ├── service.yaml
│ │ ├── cm-user-service.yaml
│ │ └── secret-user-service.yaml
│ ├── bill-service/ # Bill Service 리소스
│ │ ├── deployment.yaml
│ │ ├── service.yaml
│ │ ├── cm-bill-service.yaml
│ │ └── secret-bill-service.yaml
│ ├── product-service/ # Product Service 리소스
│ │ ├── deployment.yaml
│ │ ├── service.yaml
│ │ ├── cm-product-service.yaml
│ │ └── secret-product-service.yaml
│ └── kos-mock/ # KOS Mock 리소스
│ ├── deployment.yaml
│ ├── service.yaml
│ └── cm-kos-mock.yaml
└── overlays/
├── dev/ # 개발 환경
│ ├── kustomization.yaml
│ ├── cm-common-patch.yaml
│ ├── secret-common-patch.yaml
│ ├── ingress-patch.yaml
│ ├── deployment-*-patch.yaml (각 서비스별)
│ └── secret-*-patch.yaml (Secret 보유 서비스)
├── staging/ # 스테이징 환경
│ └── (dev와 동일한 구조)
└── prod/ # 운영 환경
└── (dev와 동일한 구조)
```
## 🔧 Jenkins Pipeline Job 생성
### 1. 새 Pipeline Job 생성
1. Jenkins 대시보드에서 **New Item** 클릭
2. **Pipeline** 선택하고 프로젝트명 입력
3. **OK** 클릭
### 2. Pipeline 설정
#### General 탭
- **Build Parameters** 추가:
```
ENVIRONMENT: Choice Parameter
Choices: dev, staging, prod
Default: dev
IMAGE_TAG: String Parameter
Default: latest
Description: 이미지 태그 (기본값: latest)
SKIP_SONARQUBE: String Parameter
Default: true
Description: SonarQube 분석 건너뛰기 (true/false)
```
#### Pipeline 탭
```
Definition: Pipeline script from SCM
SCM: Git
Repository URL: {Git저장소URL}
Branch: main (또는 develop)
Script Path: deployment/cicd/Jenkinsfile
```
## 📊 SonarQube 프로젝트 설정
### 1. 각 서비스별 SonarQube 프로젝트 생성
- phonebill-api-gateway-{환경}
- phonebill-user-service-{환경}
- phonebill-bill-service-{환경}
- phonebill-product-service-{환경}
- phonebill-kos-mock-{환경}
### 2. Quality Gate 설정
```
Coverage: >= 80%
Duplicated Lines: <= 3%
Maintainability Rating: <= A
Reliability Rating: <= A
Security Rating: <= A
```
## 🚀 배포 실행 방법
### 1. Jenkins Pipeline 실행
1. Jenkins > {프로젝트명} > **Build with Parameters** 클릭
2. 파라미터 설정:
- **ENVIRONMENT**: dev/staging/prod 선택
- **IMAGE_TAG**: 이미지 태그 입력 (선택사항)
- **SKIP_SONARQUBE**: SonarQube 분석 건너뛰려면 "true", 실행하려면 "false"
3. **Build** 클릭
### 2. 수동 배포 (스크립트 사용)
```bash
# 개발 환경 배포
./deployment/cicd/scripts/deploy.sh dev 20241230120000
# 스테이징 환경 배포
./deployment/cicd/scripts/deploy.sh staging 20241230120000
# 운영 환경 배포
./deployment/cicd/scripts/deploy.sh prod 20241230120000
```
### 3. 배포 상태 확인
```bash
# Pod 상태 확인
kubectl get pods -n phonebill-dg0500
# 서비스 상태 확인
kubectl get services -n phonebill-dg0500
# Ingress 상태 확인
kubectl get ingress -n phonebill-dg0500
# 특정 서비스 로그 확인
kubectl logs -f deployment/user-service -n phonebill-dg0500
```
## 🔍 리소스 검증
### 리소스 검증 스크립트 실행
```bash
# 모든 Kustomize 리소스 검증
./deployment/cicd/scripts/validate-resources.sh
```
### 수동 검증 명령어
```bash
# Base 검증
kubectl kustomize deployment/cicd/kustomize/base/
# 환경별 검증
kubectl kustomize deployment/cicd/kustomize/overlays/dev/
kubectl kustomize deployment/cicd/kustomize/overlays/staging/
kubectl kustomize deployment/cicd/kustomize/overlays/prod/
```
## 🔄 롤백 방법
### 1. Kubernetes 롤백
```bash
# 특정 버전으로 롤백
kubectl rollout undo deployment/{서비스명} -n phonebill-dg0500 --to-revision=2
# 롤백 상태 확인
kubectl rollout status deployment/{서비스명} -n phonebill-dg0500
```
### 2. 이미지 태그 기반 롤백
```bash
# 이전 안정 버전 이미지 태그로 업데이트
cd deployment/cicd/kustomize/overlays/{환경}
kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/{서비스명}:{환경}-{이전태그}
kubectl apply -k .
```
## 🎯 파이프라인 단계별 설명
### 1. Get Source
- Git 저장소에서 소스코드 체크아웃
- 환경별 설정 파일 로드
### 2. Setup AKS
- Azure CLI를 통한 AKS 클러스터 연결
- 네임스페이스 생성 (phonebill-dg0500)
### 3. Build
- Gradle을 통한 멀티모듈 빌드
- 테스트는 SonarQube 단계에서 실행
### 4. SonarQube Analysis & Quality Gate
- 각 서비스별 개별 테스트 실행
- JaCoCo 코드 커버리지 리포트 생성
- SonarQube 정적 분석
- Quality Gate 통과 검증
### 5. Build & Push Images
- Podman을 통한 컨테이너 이미지 빌드
- 환경별 태그로 ACR에 푸시
- 30분 타임아웃 설정
### 6. Update Kustomize & Deploy
- Kustomize를 통한 이미지 태그 업데이트
- 환경별 매니페스트 적용
- 배포 완료까지 대기 (5분 타임아웃)
### 7. Pipeline Complete
- 파이프라인 완료 상태 로깅
- Pod 자동 정리 (3초 후 종료)
## ⚠️ 주의사항
### 1. 파드 자동 정리
- 파이프라인 완료 시 에이전트 파드 자동 삭제
- `podRetention: never()` 설정으로 즉시 정리
- 리소스 절약을 위한 필수 설정
### 2. 변수 참조 문법
- Jenkins Groovy에서는 `${variable}` 사용
- `\${variable}` 사용 시 "syntax error: bad substitution" 오류 발생
### 3. 쉘 호환성
- Jenkins 컨테이너 기본 쉘이 `/bin/sh`인 경우
- Bash 배열 문법 `()` 미지원으로 공백 구분 문자열 사용
### 4. 환경별 설정 차이점
- **DEV**: SSL 리다이렉트 비활성화, 기본 도메인 사용
- **STAGING/PROD**: SSL 리다이렉트 활성화, 사용자 정의 도메인, 인증서 설정
## 🛠️ 트러블슈팅
### 1. 빌드 실패
```bash
# Gradle 캐시 클리어
./gradlew clean build
# JDK 버전 확인
java -version
```
### 2. 이미지 푸시 실패
```bash
# ACR 로그인 확인
az acr login --name acrdigitalgarage01
# Docker Hub rate limit 확인
docker info | grep -i rate
```
### 3. 배포 실패
```bash
# 네임스페이스 확인
kubectl get namespaces
# 리소스 상태 확인
kubectl describe deployment/{서비스명} -n phonebill-dg0500
```
### 4. SonarQube 분석 실패
- SonarQube 서버 연결 상태 확인
- 토큰 유효성 검증
- Quality Gate 설정 확인
## 📈 모니터링 및 로그
### 1. Jenkins 빌드 히스토리
- 각 단계별 실행 시간 추적
- 실패 단계 및 원인 분석
### 2. 애플리케이션 로그
```bash
# 실시간 로그 모니터링
kubectl logs -f deployment/{서비스명} -n phonebill-dg0500
# 특정 기간 로그 확인
kubectl logs deployment/{서비스명} -n phonebill-dg0500 --since=1h
```
### 3. 성능 메트릭
- Kubernetes 메트릭 서버 활용
- 각 서비스별 리소스 사용량 모니터링
---
## 📞 지원
문의사항이나 문제 발생 시:
1. Jenkins 빌드 로그 확인
2. Kubernetes 이벤트 확인: `kubectl get events -n phonebill-dg0500`
3. 리소스 검증 스크립트 실행: `./deployment/cicd/scripts/validate-resources.sh`
**최운영/데옵스**: phonebill Jenkins CI/CD 파이프라인이 성공적으로 구축되었습니다! 🎉

10
deployment/cicd/kustomize/base/api-gateway/cm-api-gateway.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-api-gateway
data:
SERVER_PORT: "8080"
BILL_SERVICE_URL: "http://bill-service"
PRODUCT_SERVICE_URL: "http://product-service"
USER_SERVICE_URL: "http://user-service"
KOS_MOCK_URL: "http://kos-mock"

57
deployment/cicd/kustomize/base/api-gateway/deployment.yaml Normal file
View File

@ -0,0 +1,57 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
spec:
replicas: 1
selector:
matchLabels:
app: api-gateway
template:
metadata:
labels:
app: api-gateway
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: api-gateway
image: acrdigitalgarage01.azurecr.io/phonebill/api-gateway:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-api-gateway
- secretRef:
name: secret-common
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

11
deployment/cicd/kustomize/base/api-gateway/service.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: api-gateway
spec:
selector:
app: api-gateway
ports:
- port: 80
targetPort: 8080
type: ClusterIP

21
deployment/cicd/kustomize/base/bill-service/cm-bill-service.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-bill-service
data:
SERVER_PORT: "8082"
DB_KIND: "postgresql"
DB_PORT: "5432"
DB_CONNECTION_TIMEOUT: "30000"
DB_IDLE_TIMEOUT: "600000"
DB_LEAK_DETECTION: "60000"
DB_MAX_LIFETIME: "1800000"
DB_MAX_POOL: "20"
DB_MIN_IDLE: "5"
KOS_BASE_URL: "http://kos-mock"
REDIS_DATABASE: "1"
REDIS_MAX_ACTIVE: "8"
REDIS_MAX_IDLE: "8"
REDIS_MAX_WAIT: "-1"
REDIS_MIN_IDLE: "0"
REDIS_TIMEOUT: "2000"

59
deployment/cicd/kustomize/base/bill-service/deployment.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: bill-service
spec:
replicas: 1
selector:
matchLabels:
app: bill-service
template:
metadata:
labels:
app: bill-service
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: bill-service
image: acrdigitalgarage01.azurecr.io/phonebill/bill-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8082
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-bill-service
- secretRef:
name: secret-common
- secretRef:
name: secret-bill-service
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /actuator/health
port: 8082
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8082
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8082
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

10
deployment/cicd/kustomize/base/bill-service/secret-bill-service.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-bill-service
type: Opaque
stringData:
DB_HOST: "bill-inquiry-postgres-dev-postgresql"
DB_NAME: "bill_inquiry_db"
DB_USERNAME: "bill_inquiry_user"
DB_PASSWORD: "BillUser2025@"

11
deployment/cicd/kustomize/base/bill-service/service.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: bill-service
spec:
selector:
app: bill-service
ports:
- port: 80
targetPort: 8082
type: ClusterIP

11
deployment/cicd/kustomize/base/common/cm-common.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-common
data:
CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill-dg0500.20.214.196.128.nip.io"
JWT_ACCESS_TOKEN_VALIDITY: "18000000"
JWT_REFRESH_TOKEN_VALIDITY: "86400000"
REDIS_PORT: "6379"
SPRING_PROFILES_ACTIVE: "dev"
DDL_AUTO: "update"

49
deployment/cicd/kustomize/base/common/ingress.yaml Normal file
View File

@ -0,0 +1,49 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: phonebill
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
ingressClassName: nginx
rules:
- host: phonebill-dg0500-api.20.214.196.128.nip.io
http:
paths:
- path: /api/v1/auth
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/users
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/bills
pathType: Prefix
backend:
service:
name: bill-service
port:
number: 80
- path: /api/v1/products
pathType: Prefix
backend:
service:
name: product-service
port:
number: 80
- path: /api/v1/kos
pathType: Prefix
backend:
service:
name: kos-mock
port:
number: 80

9
deployment/cicd/kustomize/base/common/secret-common.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-common
type: Opaque
stringData:
JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
REDIS_HOST: "redis-cache-dev-master"
REDIS_PASSWORD: "Redis2025Dev@"

16
deployment/cicd/kustomize/base/common/secret-imagepull.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Secret
metadata:
name: phonebill
type: kubernetes.io/dockerconfigjson
stringData:
.dockerconfigjson: |
{
"auths": {
"acrdigitalgarage01.azurecr.io": {
"username": "acrdigitalgarage01",
"password": "+OY+rmOagorjWvQe/tTk6oqvnZI8SmNbY/Y2o5EDcY+ACRDCDbYk",
"auth": "YWNyZGlnaXRhbGdhcmFnZTAxOitPWStybU9hZ29yald2UWUvdFRrNm9xdm5aSThTbU5iWS9ZMm81RURjWStBQ1JEQ0RiWWs="
}
}
}

6
deployment/cicd/kustomize/base/kos-mock/cm-kos-mock.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-kos-mock
data:
SERVER_PORT: "8084"

57
deployment/cicd/kustomize/base/kos-mock/deployment.yaml Normal file
View File

@ -0,0 +1,57 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kos-mock
spec:
replicas: 1
selector:
matchLabels:
app: kos-mock
template:
metadata:
labels:
app: kos-mock
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: kos-mock
image: acrdigitalgarage01.azurecr.io/phonebill/kos-mock:latest
imagePullPolicy: Always
ports:
- containerPort: 8084
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-kos-mock
- secretRef:
name: secret-common
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /actuator/health
port: 8084
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8084
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8084
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

11
deployment/cicd/kustomize/base/kos-mock/service.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: kos-mock
spec:
selector:
app: kos-mock
ports:
- port: 80
targetPort: 8084
type: ClusterIP

56
deployment/cicd/kustomize/base/kustomization.yaml Normal file
View File

@ -0,0 +1,56 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: phonebill-base
resources:
# Common resources
- common/cm-common.yaml
- common/secret-common.yaml
- common/secret-imagepull.yaml
- common/ingress.yaml
# api-gateway
- api-gateway/deployment.yaml
- api-gateway/service.yaml
- api-gateway/cm-api-gateway.yaml
# user-service
- user-service/deployment.yaml
- user-service/service.yaml
- user-service/cm-user-service.yaml
- user-service/secret-user-service.yaml
# bill-service
- bill-service/deployment.yaml
- bill-service/service.yaml
- bill-service/cm-bill-service.yaml
- bill-service/secret-bill-service.yaml
# product-service
- product-service/deployment.yaml
- product-service/service.yaml
- product-service/cm-product-service.yaml
- product-service/secret-product-service.yaml
# kos-mock
- kos-mock/deployment.yaml
- kos-mock/service.yaml
- kos-mock/cm-kos-mock.yaml
commonLabels:
app: phonebill
version: v1
images:
- name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/user-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/product-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
newTag: latest

10
deployment/cicd/kustomize/base/product-service/cm-product-service.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-product-service
data:
SERVER_PORT: "8083"
DB_KIND: "postgresql"
DB_PORT: "5432"
KOS_BASE_URL: "http://kos-mock"
REDIS_DATABASE: "2"

59
deployment/cicd/kustomize/base/product-service/deployment.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: product-service
spec:
replicas: 1
selector:
matchLabels:
app: product-service
template:
metadata:
labels:
app: product-service
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: product-service
image: acrdigitalgarage01.azurecr.io/phonebill/product-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8083
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-product-service
- secretRef:
name: secret-common
- secretRef:
name: secret-product-service
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /actuator/health
port: 8083
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8083
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8083
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

10
deployment/cicd/kustomize/base/product-service/secret-product-service.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-product-service
type: Opaque
stringData:
DB_HOST: "product-change-postgres-dev-postgresql"
DB_NAME: "product_change_db"
DB_USERNAME: "product_change_user"
DB_PASSWORD: "ProductUser2025@"

11
deployment/cicd/kustomize/base/product-service/service.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: product-service
spec:
selector:
app: product-service
ports:
- port: 80
targetPort: 8083
type: ClusterIP

11
deployment/cicd/kustomize/base/user-service/cm-user-service.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-user-service
data:
SERVER_PORT: "8081"
DB_KIND: "postgresql"
DB_PORT: "5432"
DDL_AUTO: "update"
REDIS_DATABASE: "0"
SHOW_SQL: "true"

59
deployment/cicd/kustomize/base/user-service/deployment.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-service
spec:
replicas: 1
selector:
matchLabels:
app: user-service
template:
metadata:
labels:
app: user-service
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: user-service
image: acrdigitalgarage01.azurecr.io/phonebill/user-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8081
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-user-service
- secretRef:
name: secret-common
- secretRef:
name: secret-user-service
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /actuator/health
port: 8081
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8081
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8081
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

10
deployment/cicd/kustomize/base/user-service/secret-user-service.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-user-service
type: Opaque
stringData:
DB_HOST: "auth-postgres-dev-postgresql"
DB_NAME: "phonebill_auth"
DB_USERNAME: "auth_user"
DB_PASSWORD: "AuthUser2025@"

11
deployment/cicd/kustomize/base/user-service/service.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: user-service
spec:
selector:
app: user-service
ports:
- port: 80
targetPort: 8081
type: ClusterIP

11
deployment/cicd/kustomize/overlays/dev/cm-common-patch.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-common
data:
CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill-dg0500.20.214.196.128.nip.io"
JWT_ACCESS_TOKEN_VALIDITY: "18000000"
JWT_REFRESH_TOKEN_VALIDITY: "86400000"
REDIS_PORT: "6379"
SPRING_PROFILES_ACTIVE: "dev"
DDL_AUTO: "update"

17
deployment/cicd/kustomize/overlays/dev/deployment-api-gateway-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
spec:
replicas: 1
template:
spec:
containers:
- name: api-gateway
resources:
requests:
cpu: "256m"
memory: "256Mi"
limits:
cpu: "1024m"
memory: "1024Mi"

17
deployment/cicd/kustomize/overlays/dev/deployment-bill-service-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: bill-service
spec:
replicas: 1
template:
spec:
containers:
- name: bill-service
resources:
requests:
cpu: "256m"
memory: "256Mi"
limits:
cpu: "1024m"
memory: "1024Mi"

17
deployment/cicd/kustomize/overlays/dev/deployment-kos-mock-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kos-mock
spec:
replicas: 1
template:
spec:
containers:
- name: kos-mock
resources:
requests:
cpu: "256m"
memory: "256Mi"
limits:
cpu: "1024m"
memory: "1024Mi"

17
deployment/cicd/kustomize/overlays/dev/deployment-product-service-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: product-service
spec:
replicas: 1
template:
spec:
containers:
- name: product-service
resources:
requests:
cpu: "256m"
memory: "256Mi"
limits:
cpu: "1024m"
memory: "1024Mi"

17
deployment/cicd/kustomize/overlays/dev/deployment-user-service-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-service
spec:
replicas: 1
template:
spec:
containers:
- name: user-service
resources:
requests:
cpu: "256m"
memory: "256Mi"
limits:
cpu: "1024m"
memory: "1024Mi"

48
deployment/cicd/kustomize/overlays/dev/ingress-patch.yaml Normal file
View File

@ -0,0 +1,48 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: phonebill
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
ingressClassName: nginx
rules:
- host: phonebill-dg0500-api.20.214.196.128.nip.io
http:
paths:
- path: /api/v1/auth
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/users
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/bills
pathType: Prefix
backend:
service:
name: bill-service
port:
number: 80
- path: /api/v1/products
pathType: Prefix
backend:
service:
name: product-service
port:
number: 80
- path: /api/v1/kos
pathType: Prefix
backend:
service:
name: kos-mock
port:
number: 80

65
deployment/cicd/kustomize/overlays/dev/kustomization.yaml Normal file
View File

@ -0,0 +1,65 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: phonebill-dg0500
resources:
- ../../base
patches:
- path: cm-common-patch.yaml
target:
kind: ConfigMap
name: cm-common
- path: deployment-api-gateway-patch.yaml
target:
kind: Deployment
name: api-gateway
- path: deployment-user-service-patch.yaml
target:
kind: Deployment
name: user-service
- path: deployment-bill-service-patch.yaml
target:
kind: Deployment
name: bill-service
- path: deployment-product-service-patch.yaml
target:
kind: Deployment
name: product-service
- path: deployment-kos-mock-patch.yaml
target:
kind: Deployment
name: kos-mock
- path: ingress-patch.yaml
target:
kind: Ingress
name: phonebill
- path: secret-common-patch.yaml
target:
kind: Secret
name: secret-common
- path: secret-user-service-patch.yaml
target:
kind: Secret
name: secret-user-service
- path: secret-bill-service-patch.yaml
target:
kind: Secret
name: secret-bill-service
- path: secret-product-service-patch.yaml
target:
kind: Secret
name: secret-product-service
images:
- name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/user-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/product-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
newTag: latest

10
deployment/cicd/kustomize/overlays/dev/secret-bill-service-patch.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-bill-service
type: Opaque
stringData:
DB_HOST: "bill-inquiry-postgres-dev-postgresql"
DB_NAME: "bill_inquiry_db"
DB_USERNAME: "bill_inquiry_user"
DB_PASSWORD: "BillUser2025@"

9
deployment/cicd/kustomize/overlays/dev/secret-common-patch.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-common
type: Opaque
stringData:
JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
REDIS_HOST: "redis-cache-dev-master"
REDIS_PASSWORD: "Redis2025Dev@"

10
deployment/cicd/kustomize/overlays/dev/secret-product-service-patch.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-product-service
type: Opaque
stringData:
DB_HOST: "product-change-postgres-dev-postgresql"
DB_NAME: "product_change_db"
DB_USERNAME: "product_change_user"
DB_PASSWORD: "ProductUser2025@"

10
deployment/cicd/kustomize/overlays/dev/secret-user-service-patch.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-user-service
type: Opaque
stringData:
DB_HOST: "auth-postgres-dev-postgresql"
DB_NAME: "phonebill_auth"
DB_USERNAME: "auth_user"
DB_PASSWORD: "AuthUser2025@"

11
deployment/cicd/kustomize/overlays/prod/cm-common-patch.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-common
data:
CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill-dg0500.20.214.196.128.nip.io"
JWT_ACCESS_TOKEN_VALIDITY: "3600000"
JWT_REFRESH_TOKEN_VALIDITY: "43200000"
REDIS_PORT: "6379"
SPRING_PROFILES_ACTIVE: "prod"
DDL_AUTO: "validate"

17
deployment/cicd/kustomize/overlays/prod/deployment-api-gateway-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
spec:
replicas: 3
template:
spec:
containers:
- name: api-gateway
resources:
requests:
cpu: "1024m"
memory: "1024Mi"
limits:
cpu: "4096m"
memory: "4096Mi"

17
deployment/cicd/kustomize/overlays/prod/deployment-bill-service-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: bill-service
spec:
replicas: 3
template:
spec:
containers:
- name: bill-service
resources:
requests:
cpu: "1024m"
memory: "1024Mi"
limits:
cpu: "4096m"
memory: "4096Mi"

17
deployment/cicd/kustomize/overlays/prod/deployment-kos-mock-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kos-mock
spec:
replicas: 3
template:
spec:
containers:
- name: kos-mock
resources:
requests:
cpu: "1024m"
memory: "1024Mi"
limits:
cpu: "4096m"
memory: "4096Mi"

17
deployment/cicd/kustomize/overlays/prod/deployment-product-service-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: product-service
spec:
replicas: 3
template:
spec:
containers:
- name: product-service
resources:
requests:
cpu: "1024m"
memory: "1024Mi"
limits:
cpu: "4096m"
memory: "4096Mi"

17
deployment/cicd/kustomize/overlays/prod/deployment-user-service-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-service
spec:
replicas: 3
template:
spec:
containers:
- name: user-service
resources:
requests:
cpu: "1024m"
memory: "1024Mi"
limits:
cpu: "4096m"
memory: "4096Mi"

53
deployment/cicd/kustomize/overlays/prod/ingress-patch.yaml Normal file
View File

@ -0,0 +1,53 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: phonebill
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- phonebill.example.com
secretName: phonebill-prod-tls
rules:
- host: phonebill.example.com
http:
paths:
- path: /api/v1/auth
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/users
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/bills
pathType: Prefix
backend:
service:
name: bill-service
port:
number: 80
- path: /api/v1/products
pathType: Prefix
backend:
service:
name: product-service
port:
number: 80
- path: /api/v1/kos
pathType: Prefix
backend:
service:
name: kos-mock
port:
number: 80

65
deployment/cicd/kustomize/overlays/prod/kustomization.yaml Normal file
View File

@ -0,0 +1,65 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: phonebill-dg0500
resources:
- ../../base
patches:
- path: cm-common-patch.yaml
target:
kind: ConfigMap
name: cm-common
- path: deployment-api-gateway-patch.yaml
target:
kind: Deployment
name: api-gateway
- path: deployment-user-service-patch.yaml
target:
kind: Deployment
name: user-service
- path: deployment-bill-service-patch.yaml
target:
kind: Deployment
name: bill-service
- path: deployment-product-service-patch.yaml
target:
kind: Deployment
name: product-service
- path: deployment-kos-mock-patch.yaml
target:
kind: Deployment
name: kos-mock
- path: ingress-patch.yaml
target:
kind: Ingress
name: phonebill
- path: secret-common-patch.yaml
target:
kind: Secret
name: secret-common
- path: secret-user-service-patch.yaml
target:
kind: Secret
name: secret-user-service
- path: secret-bill-service-patch.yaml
target:
kind: Secret
name: secret-bill-service
- path: secret-product-service-patch.yaml
target:
kind: Secret
name: secret-product-service
images:
- name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/user-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/product-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
newTag: latest

10
deployment/cicd/kustomize/overlays/prod/secret-bill-service-patch.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-bill-service
type: Opaque
stringData:
DB_HOST: "bill-inquiry-postgres-dev-postgresql"
DB_NAME: "bill_inquiry_db"
DB_USERNAME: "bill_inquiry_user"
DB_PASSWORD: "BillUser2025@"

9
deployment/cicd/kustomize/overlays/prod/secret-common-patch.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-common
type: Opaque
stringData:
JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
REDIS_HOST: "redis-cache-dev-master"
REDIS_PASSWORD: "Redis2025Dev@"

10
deployment/cicd/kustomize/overlays/prod/secret-product-service-patch.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-product-service
type: Opaque
stringData:
DB_HOST: "product-change-postgres-dev-postgresql"
DB_NAME: "product_change_db"
DB_USERNAME: "product_change_user"
DB_PASSWORD: "ProductUser2025@"

10
deployment/cicd/kustomize/overlays/prod/secret-user-service-patch.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-user-service
type: Opaque
stringData:
DB_HOST: "auth-postgres-dev-postgresql"
DB_NAME: "phonebill_auth"
DB_USERNAME: "auth_user"
DB_PASSWORD: "AuthUser2025@"

11
deployment/cicd/kustomize/overlays/staging/cm-common-patch.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-common
data:
CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill-dg0500.20.214.196.128.nip.io"
JWT_ACCESS_TOKEN_VALIDITY: "18000000"
JWT_REFRESH_TOKEN_VALIDITY: "86400000"
REDIS_PORT: "6379"
SPRING_PROFILES_ACTIVE: "staging"
DDL_AUTO: "validate"

17
deployment/cicd/kustomize/overlays/staging/deployment-api-gateway-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
spec:
replicas: 2
template:
spec:
containers:
- name: api-gateway
resources:
requests:
cpu: "512m"
memory: "512Mi"
limits:
cpu: "2048m"
memory: "2048Mi"

17
deployment/cicd/kustomize/overlays/staging/deployment-bill-service-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: bill-service
spec:
replicas: 2
template:
spec:
containers:
- name: bill-service
resources:
requests:
cpu: "512m"
memory: "512Mi"
limits:
cpu: "2048m"
memory: "2048Mi"

17
deployment/cicd/kustomize/overlays/staging/deployment-kos-mock-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kos-mock
spec:
replicas: 2
template:
spec:
containers:
- name: kos-mock
resources:
requests:
cpu: "512m"
memory: "512Mi"
limits:
cpu: "2048m"
memory: "2048Mi"

17
deployment/cicd/kustomize/overlays/staging/deployment-product-service-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: product-service
spec:
replicas: 2
template:
spec:
containers:
- name: product-service
resources:
requests:
cpu: "512m"
memory: "512Mi"
limits:
cpu: "2048m"
memory: "2048Mi"

17
deployment/cicd/kustomize/overlays/staging/deployment-user-service-patch.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-service
spec:
replicas: 2
template:
spec:
containers:
- name: user-service
resources:
requests:
cpu: "512m"
memory: "512Mi"
limits:
cpu: "2048m"
memory: "2048Mi"

53
deployment/cicd/kustomize/overlays/staging/ingress-patch.yaml Normal file
View File

@ -0,0 +1,53 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: phonebill
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- phonebill-staging.example.com
secretName: phonebill-staging-tls
rules:
- host: phonebill-staging.example.com
http:
paths:
- path: /api/v1/auth
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/users
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/bills
pathType: Prefix
backend:
service:
name: bill-service
port:
number: 80
- path: /api/v1/products
pathType: Prefix
backend:
service:
name: product-service
port:
number: 80
- path: /api/v1/kos
pathType: Prefix
backend:
service:
name: kos-mock
port:
number: 80

65
deployment/cicd/kustomize/overlays/staging/kustomization.yaml Normal file
View File

@ -0,0 +1,65 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: phonebill-dg0500
resources:
- ../../base
patches:
- path: cm-common-patch.yaml
target:
kind: ConfigMap
name: cm-common
- path: deployment-api-gateway-patch.yaml
target:
kind: Deployment
name: api-gateway
- path: deployment-user-service-patch.yaml
target:
kind: Deployment
name: user-service
- path: deployment-bill-service-patch.yaml
target:
kind: Deployment
name: bill-service
- path: deployment-product-service-patch.yaml
target:
kind: Deployment
name: product-service
- path: deployment-kos-mock-patch.yaml
target:
kind: Deployment
name: kos-mock
- path: ingress-patch.yaml
target:
kind: Ingress
name: phonebill
- path: secret-common-patch.yaml
target:
kind: Secret
name: secret-common
- path: secret-user-service-patch.yaml
target:
kind: Secret
name: secret-user-service
- path: secret-bill-service-patch.yaml
target:
kind: Secret
name: secret-bill-service
- path: secret-product-service-patch.yaml
target:
kind: Secret
name: secret-product-service
images:
- name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/user-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/product-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
newTag: latest

10
deployment/cicd/kustomize/overlays/staging/secret-bill-service-patch.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-bill-service
type: Opaque
stringData:
DB_HOST: "bill-inquiry-postgres-dev-postgresql"
DB_NAME: "bill_inquiry_db"
DB_USERNAME: "bill_inquiry_user"
DB_PASSWORD: "BillUser2025@"

9
deployment/cicd/kustomize/overlays/staging/secret-common-patch.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-common
type: Opaque
stringData:
JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
REDIS_HOST: "redis-cache-dev-master"
REDIS_PASSWORD: "Redis2025Dev@"

10
deployment/cicd/kustomize/overlays/staging/secret-product-service-patch.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-product-service
type: Opaque
stringData:
DB_HOST: "product-change-postgres-dev-postgresql"
DB_NAME: "product_change_db"
DB_USERNAME: "product_change_user"
DB_PASSWORD: "ProductUser2025@"

10
deployment/cicd/kustomize/overlays/staging/secret-user-service-patch.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-user-service
type: Opaque
stringData:
DB_HOST: "auth-postgres-dev-postgresql"
DB_NAME: "phonebill_auth"
DB_USERNAME: "auth_user"
DB_PASSWORD: "AuthUser2025@"

43
deployment/cicd/scripts/deploy.sh Executable file
View File

@ -0,0 +1,43 @@
#!/bin/bash
set -e
ENVIRONMENT=${1:-dev}
IMAGE_TAG=${2:-latest}
echo "🚀 Starting deployment for environment: $ENVIRONMENT with image tag: $IMAGE_TAG"
# 환경별 이미지 태그 업데이트
cd deployment/cicd/kustomize/overlays/${ENVIRONMENT}
# 서비스 목록 (공백으로 구분)
services="api-gateway user-service bill-service product-service kos-mock"
echo "📦 Updating image tags for services: $services"
# 각 서비스 이미지 태그 업데이트
for service in $services; do
echo " - Updating $service to ${ENVIRONMENT}-${IMAGE_TAG}"
kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/$service:${ENVIRONMENT}-${IMAGE_TAG}
done
echo "🔧 Applying Kubernetes manifests..."
# 배포 실행
kubectl apply -k .
echo "⏳ Waiting for deployments to be ready..."
# 배포 상태 확인
for service in $services; do
echo " - Checking rollout status for $service"
kubectl rollout status deployment/$service -n phonebill-dg0500 --timeout=300s
done
echo "✅ Deployment completed successfully!"
echo ""
echo "📊 Current deployment status:"
kubectl get pods -n phonebill-dg0500 -o wide
echo ""
echo "🌐 Service endpoints:"
kubectl get services -n phonebill-dg0500
echo ""
echo "🔗 Ingress information:"
kubectl get ingress -n phonebill-dg0500

128
deployment/cicd/scripts/validate-resources.sh Executable file
View File

@ -0,0 +1,128 @@
#!/bin/bash
# Base 리소스 누락 검증 스크립트 (phonebill 전용)
echo "🔍 phonebill Base 리소스 누락 검증 시작..."
BASE_DIR="deployment/cicd/kustomize/base"
MISSING_RESOURCES=0
REQUIRED_FILES=("deployment.yaml" "service.yaml")
OPTIONAL_FILES=("cm-" "secret-")
# 1. 각 서비스 디렉토리의 파일 확인
echo "1. 서비스 디렉토리별 파일 목록:"
for dir in $BASE_DIR/*/; do
if [ -d "$dir" ] && [[ $(basename "$dir") != "common" ]]; then
service=$(basename "$dir")
echo "=== $service ==="
# 필수 파일 확인
for required in "${REQUIRED_FILES[@]}"; do
if [ -f "$dir$required" ]; then
echo "$required"
else
echo " ❌ MISSING REQUIRED: $required"
((MISSING_RESOURCES++))
fi
done
# 선택적 파일 확인
for optional in "${OPTIONAL_FILES[@]}"; do
files=($(ls "$dir"$optional*".yaml" 2>/dev/null))
if [ ${#files[@]} -gt 0 ]; then
for file in "${files[@]}"; do
echo "$(basename "$file")"
done
fi
done
echo ""
fi
done
# 2. Common 리소스 확인
echo "2. Common 리소스 확인:"
COMMON_DIR="$BASE_DIR/common"
if [ -d "$COMMON_DIR" ]; then
common_files=($(ls "$COMMON_DIR"/*.yaml 2>/dev/null))
if [ ${#common_files[@]} -gt 0 ]; then
for file in "${common_files[@]}"; do
echo " ✅ common/$(basename "$file")"
done
else
echo " ❌ Common 디렉토리에 YAML 파일이 없습니다"
((MISSING_RESOURCES++))
fi
else
echo " ❌ Common 디렉토리가 없습니다"
((MISSING_RESOURCES++))
fi
# 3. kustomization.yaml과 실제 파일 비교
echo ""
echo "3. kustomization.yaml 리소스 검증:"
if [ -f "$BASE_DIR/kustomization.yaml" ]; then
while IFS= read -r line; do
# resources 섹션의 YAML 파일 경로 추출
if [[ $line =~ ^[[:space:]]*-[[:space:]]*([^#]+\.yaml)[[:space:]]*$ ]]; then
resource_path=$(echo "${BASH_REMATCH[1]}" | xargs) # 공백 제거
full_path="$BASE_DIR/$resource_path"
if [ -f "$full_path" ]; then
echo "$resource_path"
else
echo " ❌ MISSING: $resource_path"
((MISSING_RESOURCES++))
fi
fi
done < "$BASE_DIR/kustomization.yaml"
else
echo " ❌ kustomization.yaml 파일이 없습니다"
((MISSING_RESOURCES++))
fi
# 4. kubectl kustomize 검증
echo ""
echo "4. Kustomize 빌드 테스트:"
if kubectl kustomize "$BASE_DIR" > /dev/null 2>&1; then
echo " ✅ Base kustomization 빌드 성공"
else
echo " ❌ Base kustomization 빌드 실패:"
kubectl kustomize "$BASE_DIR" 2>&1 | head -5 | sed 's/^/ /'
((MISSING_RESOURCES++))
fi
# 5. 환경별 overlay 검증
echo ""
echo "5. 환경별 Overlay 검증:"
for env in dev staging prod; do
overlay_dir="deployment/cicd/kustomize/overlays/$env"
if [ -d "$overlay_dir" ] && [ -f "$overlay_dir/kustomization.yaml" ]; then
if kubectl kustomize "$overlay_dir" > /dev/null 2>&1; then
echo "$env 환경 빌드 성공"
else
echo "$env 환경 빌드 실패"
((MISSING_RESOURCES++))
fi
else
echo " ⚠️ $env 환경 설정 없음 (선택사항)"
fi
done
# 결과 출력
echo ""
echo "======================================"
if [ $MISSING_RESOURCES -eq 0 ]; then
echo "🎯 검증 완료! 모든 리소스가 정상입니다."
echo "======================================"
exit 0
else
echo "$MISSING_RESOURCES개의 문제가 발견되었습니다."
echo "======================================"
echo ""
echo "💡 문제 해결 가이드:"
echo "1. 누락된 파일들을 base 디렉토리에 추가하세요"
echo "2. kustomization.yaml에서 존재하지 않는 파일 참조를 제거하세요"
echo "3. 파일명이 명명 규칙을 따르는지 확인하세요:"
echo " - ConfigMap: cm-{서비스명}.yaml"
echo " - Secret: secret-{서비스명}.yaml"
echo "4. 다시 검증: ./scripts/validate-resources.sh"
exit 1
fi