shared-dg05-unicorn/phonebill
1
0
Fork 0
mirror of https://github.com/cna-bootcamp/phonebill.git synced 2025-12-06 08:06:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

GitHub Actions CI/CD 파이프라인 구축 완료

Browse Source 
- GitHub Actions 전용 Kustomize 매니페스트 생성 (.github/kustomize/)
- 환경별 Overlay 구성 (dev/staging/prod)
- Base Kustomization 및 환경별 패치 파일 작성
- GitHub Actions 워크플로우 파일 작성 (.github/workflows/backend-cicd.yaml)
- 환경별 설정 파일 및 수동 배포 스크립트 작성
- CI/CD 구축 가이드 문서 생성 (.github/deploy-actions-cicd-back.md)

주요 기능:
- 자동 빌드/테스트/배포 파이프라인
- SonarQube 코드 품질 분석 (선택적)
- 환경별 최적화 설정 (리소스, 보안, 도메인)
- ACR 기반 컨테이너 이미지 관리
- 헬스체크 및 롤백 지원
This commit is contained in:
hiondal 2025-09-15 12:50:04 +09:00
parent 6e060089f9
commit f3b068d101
70 changed files with 2003 additions and 354 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.claude/commands/deploy-actions-cicd-guide-back.md Normal file
View File

@ -0,0 +1,15 @@
---
command: "/deploy-actions-cicd-guide-back"
category: "배포"
purpose: "백엔드 GitHub Actions CI/CD 가이드 작성"
---
@cicd
'백엔드GitHubActions파이프라인작성가이드'에 따라 GitHub Actions를 이용한 CI/CD 가이드를 작성해 주세요.
프롬프트에 '[실행정보]'항목이 없으면 수행을 중단하고 안내 메시지를 표시해 주세요.
{안내메시지}
'[실행정보]'섹션 하위에 아래 예와 같이 필요한 정보를 제시해 주세요.
[실행정보]
- ACR_NAME: acrdigitalgarage01
- RESOURCE_GROUP: rg-digitalgarage-01
- AKS_CLUSTER: aks-digitalgarage-01

3
.github/config/deploy_env_vars_dev vendored Normal file
View File

@ -0,0 +1,3 @@
# dev Environment Configuration
resource_group=rg-digitalgarage-01
cluster_name=aks-digitalgarage-01

3
.github/config/deploy_env_vars_prod vendored Normal file
View File

@ -0,0 +1,3 @@
# prod Environment Configuration
resource_group=rg-digitalgarage-01
cluster_name=aks-digitalgarage-01

3
.github/config/deploy_env_vars_staging vendored Normal file
View File

@ -0,0 +1,3 @@
# staging Environment Configuration
resource_group=rg-digitalgarage-01
cluster_name=aks-digitalgarage-01

237
.github/deploy-actions-cicd-back.md vendored Normal file
View File

@ -0,0 +1,237 @@
# 백엔드 GitHub Actions 파이프라인 구축 가이드
## 📋 프로젝트 정보
**시스템명**: phonebill
**서비스 목록**: api-gateway, user-service, bill-service, product-service, kos-mock
**JDK 버전**: 21
**실행 환경**:
- **ACR**: acrdigitalgarage01
- **리소스 그룹**: rg-digitalgarage-01
- **AKS 클러스터**: aks-digitalgarage-01
## 🚀 GitHub Repository 환경 구성
### Repository Secrets 설정
`Repository Settings > Secrets and variables > Actions > Repository secrets`에 등록:
```bash
# Azure Service Principal
AZURE_CREDENTIALS:
{
"clientId": "{클라이언트ID}",
"clientSecret": "{클라이언트시크릿}",
"subscriptionId": "{구독ID}",
"tenantId": "{테넌트ID}"
}
# ACR Credentials
ACR_USERNAME: acrdigitalgarage01
ACR_PASSWORD: {ACR패스워드}
# SonarQube (선택사항)
SONAR_TOKEN: {SonarQube토큰}
SONAR_HOST_URL: {SonarQube서버URL}
# Docker Hub (Rate Limit 해결용, 선택사항)
DOCKERHUB_USERNAME: {Docker Hub 사용자명}
DOCKERHUB_PASSWORD: {Docker Hub 패스워드}
```
### Repository Variables 설정
`Repository Settings > Secrets and variables > Actions > Variables > Repository variables`에 등록:
```bash
# Workflow 제어 변수
ENVIRONMENT: dev (기본값, 수동실행시 선택 가능: dev/staging/prod)
SKIP_SONARQUBE: true (기본값, 수동실행시 선택 가능: true/false)
```
### 사용 방법
- **자동 실행**: Push/PR 시 기본값 사용 (ENVIRONMENT=dev, SKIP_SONARQUBE=true)
- **수동 실행**: Actions 탭 > "Backend Services CI/CD" > "Run workflow" 버튼 클릭
- Environment: dev/staging/prod 선택
- Skip SonarQube Analysis: true/false 선택
## 📁 디렉토리 구조
```
.github/
├── kustomize/ # GitHub Actions 전용 Kustomize 매니페스트
│ ├── base/ # 기본 매니페스트
│ │ ├── kustomization.yaml
│ │ ├── namespace.yaml
│ │ ├── common/ # 공통 리소스
│ │ │ ├── cm-common.yaml
│ │ │ ├── secret-common.yaml
│ │ │ ├── secret-imagepull.yaml
│ │ │ └── ingress.yaml
│ │ ├── api-gateway/ # API Gateway 리소스
│ │ ├── user-service/ # User Service 리소스
│ │ ├── bill-service/ # Bill Service 리소스
│ │ ├── product-service/ # Product Service 리소스
│ │ └── kos-mock/ # KOS Mock 리소스
│ └── overlays/ # 환경별 오버레이
│ ├── dev/ # 개발 환경
│ ├── staging/ # 스테이징 환경
│ └── prod/ # 운영 환경
├── config/ # 환경별 배포 설정
│ ├── deploy_env_vars_dev
│ ├── deploy_env_vars_staging
│ └── deploy_env_vars_prod
├── scripts/ # 배포 스크립트
│ └── deploy-actions.sh
└── workflows/ # GitHub Actions 워크플로우
└── backend-cicd.yaml
```
## 🔄 환경별 설정
### DEV 환경
- **네임스페이스**: phonebill-dev
- **프로파일**: dev
- **DDL 모드**: update
- **리플리카**: 1개
- **리소스**: 256Mi/256m (요청), 1024Mi/1024m (제한)
- **도메인**: phonebill-api.20.214.196.128.nip.io (기존과 동일)
- **HTTPS**: 비활성화
### STAGING 환경
- **네임스페이스**: phonebill-staging
- **프로파일**: staging
- **DDL 모드**: validate
- **리플리카**: 2개
- **리소스**: 512Mi/512m (요청), 2048Mi/2048m (제한)
- **도메인**: phonebill.staging.example.com
- **HTTPS**: 활성화 (ssl-redirect: true)
### PROD 환경
- **네임스페이스**: phonebill-prod
- **프로파일**: prod
- **DDL 모드**: validate
- **리플리카**: 3개
- **리소스**: 1024Mi/1024m (요청), 4096Mi/4096m (제한)
- **도메인**: phonebill.example.com
- **HTTPS**: 활성화 (ssl-redirect: true)
- **JWT 토큰**: 보안 강화 (ACCESS: 1시간, REFRESH: 12시간)
## 🚀 배포 방법
### 1. 자동 배포 (GitHub Actions)
**코드 Push 시 자동 실행**:
```bash
git add .
git commit -m "feature: 새 기능 추가"
git push origin main # 또는 develop
```
**수동 트리거**:
1. GitHub > Actions 탭 이동
2. "Backend Services CI/CD" 선택
3. "Run workflow" 클릭
4. 환경(dev/staging/prod) 및 SonarQube 분석 여부 선택
5. "Run workflow" 실행
### 2. 수동 배포 (로컬)
```bash
# 개발 환경 배포
./.github/scripts/deploy-actions.sh dev latest
# 스테이징 환경 배포
./.github/scripts/deploy-actions.sh staging 20241215120000
# 운영 환경 배포
./.github/scripts/deploy-actions.sh prod 20241215120000
```
## 🔙 롤백 방법
### 1. GitHub Actions 롤백
```bash
# 이전 성공한 워크플로우 실행으로 롤백
1. GitHub > Actions > 성공한 이전 워크플로우 선택
2. "Re-run all jobs" 클릭
```
### 2. kubectl 롤백
```bash
# 특정 버전으로 롤백
kubectl rollout undo deployment/{환경}-{서비스명} -n phonebill-{환경} --to-revision=2
# 롤백 상태 확인
kubectl rollout status deployment/{환경}-{서비스명} -n phonebill-{환경}
```
### 3. 수동 스크립트 롤백
```bash
# 이전 안정 버전 이미지 태그로 배포
./.github/scripts/deploy-actions.sh {환경} {이전태그}
```
## 📊 SonarQube 프로젝트 설정
각 서비스별 프로젝트 생성 및 Quality Gate 설정:
```bash
Coverage: >= 80%
Duplicated Lines: <= 3%
Maintainability Rating: <= A
Reliability Rating: <= A
Security Rating: <= A
```
## ✅ 체크리스트
### 사전 준비
- [ ] GitHub Repository Secrets 설정 완료
- [ ] GitHub Repository Variables 설정 완료
- [ ] Azure Service Principal 권한 확인
- [ ] ACR 접근 권한 확인
- [ ] AKS 클러스터 접근 권한 확인
### 배포 확인
- [ ] GitHub Actions 워크플로우 정상 실행
- [ ] 모든 서비스 이미지 빌드 및 푸시 성공
- [ ] Kustomize 매니페스트 적용 성공
- [ ] 모든 Deployment 정상 배포 (Available 상태)
- [ ] Health Check 통과
- [ ] Ingress 정상 동작 확인
### 서비스 검증
- [ ] API Gateway 응답 확인: `curl -f http://localhost:8080/actuator/health`
- [ ] 각 서비스별 Pod 상태 확인: `kubectl get pods -n phonebill-{환경}`
- [ ] 서비스 연결 확인: `kubectl get services -n phonebill-{환경}`
- [ ] Ingress 설정 확인: `kubectl get ingress -n phonebill-{환경}`
## 🔧 문제 해결
### 일반적인 문제
1. **이미지 빌드 실패**: Dockerfile 경로 및 빌드 컨텍스트 확인
2. **매니페스트 적용 실패**: Kustomize 구문 오류 확인
3. **Pod 시작 실패**: 환경변수 및 Secret 설정 확인
4. **Health Check 실패**: 애플리케이션 로그 확인
### 로그 확인 명령어
```bash
# Pod 로그 확인
kubectl logs -n phonebill-{환경} {pod-name}
# Deployment 상태 확인
kubectl describe deployment -n phonebill-{환경} {deployment-name}
# 이벤트 확인
kubectl get events -n phonebill-{환경} --sort-by='.lastTimestamp'
```
---
## 📞 지원
구축 과정에서 문제가 발생하거나 추가 지원이 필요한 경우, 다음 사항을 포함하여 문의:
1. 환경 정보 (dev/staging/prod)
2. 오류 메시지 및 로그
3. 실행한 명령어
4. 현재 상태 (kubectl get all -n phonebill-{환경})
**구축 완료 🎉**

11
.github/kustomize/base/api-gateway/cm-api-gateway.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-api-gateway
data:
SERVER_PORT: "8080"
BILL_SERVICE_URL: "http://bill-service"
PRODUCT_SERVICE_URL: "http://product-service"
USER_SERVICE_URL: "http://user-service"
KOS_MOCK_URL: "http://kos-mock"

58
.github/kustomize/base/api-gateway/deployment.yaml vendored Normal file
View File

@ -0,0 +1,58 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
spec:
replicas: 1
selector:
matchLabels:
app: api-gateway
template:
metadata:
labels:
app: api-gateway
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: api-gateway
image: acrdigitalgarage01.azurecr.io/phonebill/api-gateway:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-api-gateway
- secretRef:
name: secret-common
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

12
.github/kustomize/base/api-gateway/service.yaml vendored Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: api-gateway
spec:
selector:
app: api-gateway
ports:
- port: 80
targetPort: 8080
type: ClusterIP

22
.github/kustomize/base/bill-service/cm-bill-service.yaml vendored Normal file
View File

@ -0,0 +1,22 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-bill-service
data:
SERVER_PORT: "8082"
DB_KIND: "postgresql"
DB_PORT: "5432"
DB_CONNECTION_TIMEOUT: "30000"
DB_IDLE_TIMEOUT: "600000"
DB_LEAK_DETECTION: "60000"
DB_MAX_LIFETIME: "1800000"
DB_MAX_POOL: "20"
DB_MIN_IDLE: "5"
KOS_BASE_URL: "http://kos-mock"
REDIS_DATABASE: "1"
REDIS_MAX_ACTIVE: "8"
REDIS_MAX_IDLE: "8"
REDIS_MAX_WAIT: "-1"
REDIS_MIN_IDLE: "0"
REDIS_TIMEOUT: "2000"

60
.github/kustomize/base/bill-service/deployment.yaml vendored Normal file
View File

@ -0,0 +1,60 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: bill-service
spec:
replicas: 1
selector:
matchLabels:
app: bill-service
template:
metadata:
labels:
app: bill-service
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: bill-service
image: acrdigitalgarage01.azurecr.io/phonebill/bill-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8082
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-bill-service
- secretRef:
name: secret-common
- secretRef:
name: secret-bill-service
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /actuator/health
port: 8082
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8082
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8082
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

11
.github/kustomize/base/bill-service/secret-bill-service.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-bill-service
type: Opaque
stringData:
DB_HOST: "bill-inquiry-postgres-dev-postgresql"
DB_NAME: "bill_inquiry_db"
DB_USERNAME: "bill_inquiry_user"
DB_PASSWORD: "BillUser2025!"

12
.github/kustomize/base/bill-service/service.yaml vendored Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: bill-service
spec:
selector:
app: bill-service
ports:
- port: 80
targetPort: 8082
type: ClusterIP

12
.github/kustomize/base/common/cm-common.yaml vendored Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-common
data:
CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.20.214.196.128.nip.io"
JWT_ACCESS_TOKEN_VALIDITY: "18000000"
JWT_REFRESH_TOKEN_VALIDITY: "86400000"
REDIS_PORT: "6379"
SPRING_PROFILES_ACTIVE: "dev"
DDL_AUTO: "update"

49
.github/kustomize/base/common/ingress.yaml vendored Normal file
View File

@ -0,0 +1,49 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: phonebill
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
ingressClassName: nginx
rules:
- host: phonebill-api.20.214.196.128.nip.io
http:
paths:
- path: /api/v1/auth
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/users
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/bills
pathType: Prefix
backend:
service:
name: bill-service
port:
number: 80
- path: /api/v1/products
pathType: Prefix
backend:
service:
name: product-service
port:
number: 80
- path: /api/v1/kos
pathType: Prefix
backend:
service:
name: kos-mock
port:
number: 80

10
.github/kustomize/base/common/secret-common.yaml vendored Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-common
type: Opaque
stringData:
JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
REDIS_HOST: "redis-cache-dev-master"
REDIS_PASSWORD: "Redis2025Dev!"

17
.github/kustomize/base/common/secret-imagepull.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
name: phonebill
type: kubernetes.io/dockerconfigjson
stringData:
.dockerconfigjson: |
{
"auths": {
"acrdigitalgarage01.azurecr.io": {
"username": "acrdigitalgarage01",
"password": "+OY+rmOagorjWvQe/tTk6oqvnZI8SmNbY/Y2o5EDcY+ACRDCDbYk",
"auth": "YWNyZGlnaXRhbGdhcmFnZTAxOitPWStybU9hZ29yald2UWUvdFRrNm9xdm5aSThTbU5iWS9ZMm81RURjWStBQ1JEQ0RiWWs="
}
}
}

7
.github/kustomize/base/kos-mock/cm-kos-mock.yaml vendored Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-kos-mock
data:
SERVER_PORT: "8084"

58
.github/kustomize/base/kos-mock/deployment.yaml vendored Normal file
View File

@ -0,0 +1,58 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kos-mock
spec:
replicas: 1
selector:
matchLabels:
app: kos-mock
template:
metadata:
labels:
app: kos-mock
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: kos-mock
image: acrdigitalgarage01.azurecr.io/phonebill/kos-mock:latest
imagePullPolicy: Always
ports:
- containerPort: 8084
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-kos-mock
- secretRef:
name: secret-common
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /actuator/health
port: 8084
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8084
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8084
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

12
.github/kustomize/base/kos-mock/service.yaml vendored Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: kos-mock
spec:
selector:
app: kos-mock
ports:
- port: 80
targetPort: 8084
type: ClusterIP

57
.github/kustomize/base/kustomization.yaml vendored Normal file
View File

@ -0,0 +1,57 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: phonebill-base
resources:
# Common resources
- namespace.yaml
- common/cm-common.yaml
- common/secret-common.yaml
- common/secret-imagepull.yaml
- common/ingress.yaml
# API Gateway
- api-gateway/deployment.yaml
- api-gateway/service.yaml
- api-gateway/cm-api-gateway.yaml
# User Service
- user-service/deployment.yaml
- user-service/service.yaml
- user-service/cm-user-service.yaml
- user-service/secret-user-service.yaml
# Bill Service
- bill-service/deployment.yaml
- bill-service/service.yaml
- bill-service/cm-bill-service.yaml
- bill-service/secret-bill-service.yaml
# Product Service
- product-service/deployment.yaml
- product-service/service.yaml
- product-service/cm-product-service.yaml
- product-service/secret-product-service.yaml
# KOS Mock
- kos-mock/deployment.yaml
- kos-mock/service.yaml
- kos-mock/cm-kos-mock.yaml
commonLabels:
app: phonebill
version: v1
images:
- name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/user-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/product-service
newTag: latest
- name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
newTag: latest

4
.github/kustomize/base/namespace.yaml vendored Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: phonebill-dev

11
.github/kustomize/base/product-service/cm-product-service.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-product-service
data:
SERVER_PORT: "8083"
DB_KIND: "postgresql"
DB_PORT: "5432"
KOS_BASE_URL: "http://kos-mock"
REDIS_DATABASE: "2"

60
.github/kustomize/base/product-service/deployment.yaml vendored Normal file
View File

@ -0,0 +1,60 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: product-service
spec:
replicas: 1
selector:
matchLabels:
app: product-service
template:
metadata:
labels:
app: product-service
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: product-service
image: acrdigitalgarage01.azurecr.io/phonebill/product-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8083
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-product-service
- secretRef:
name: secret-common
- secretRef:
name: secret-product-service
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /actuator/health
port: 8083
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8083
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8083
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

11
.github/kustomize/base/product-service/secret-product-service.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-product-service
type: Opaque
stringData:
DB_HOST: "product-change-postgres-dev-postgresql"
DB_NAME: "product_change_db"
DB_USERNAME: "product_change_user"
DB_PASSWORD: "ProductUser2025!"

12
.github/kustomize/base/product-service/service.yaml vendored Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: product-service
spec:
selector:
app: product-service
ports:
- port: 80
targetPort: 8083
type: ClusterIP

12
.github/kustomize/base/user-service/cm-user-service.yaml vendored Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-user-service
data:
SERVER_PORT: "8081"
DB_KIND: "postgresql"
DB_PORT: "5432"
DDL_AUTO: "update"
REDIS_DATABASE: "0"
SHOW_SQL: "true"

60
.github/kustomize/base/user-service/deployment.yaml vendored Normal file
View File

@ -0,0 +1,60 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-service
spec:
replicas: 1
selector:
matchLabels:
app: user-service
template:
metadata:
labels:
app: user-service
spec:
imagePullSecrets:
- name: phonebill
containers:
- name: user-service
image: acrdigitalgarage01.azurecr.io/phonebill/user-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8081
envFrom:
- configMapRef:
name: cm-common
- configMapRef:
name: cm-user-service
- secretRef:
name: secret-common
- secretRef:
name: secret-user-service
resources:
requests:
cpu: 256m
memory: 256Mi
limits:
cpu: 1024m
memory: 1024Mi
startupProbe:
httpGet:
path: /actuator/health
port: 8081
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8081
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8081
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 3

11
.github/kustomize/base/user-service/secret-user-service.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-user-service
type: Opaque
stringData:
DB_HOST: "auth-postgres-dev-postgresql"
DB_NAME: "phonebill_auth"
DB_USERNAME: "auth_user"
DB_PASSWORD: "AuthUser2025!"

12
.github/kustomize/base/user-service/service.yaml vendored Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: user-service
spec:
selector:
app: user-service
ports:
- port: 80
targetPort: 8081
type: ClusterIP

12
.github/kustomize/overlays/dev/cm-common-patch.yaml vendored Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-common
data:
CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.20.214.196.128.nip.io"
JWT_ACCESS_TOKEN_VALIDITY: "18000000"
JWT_REFRESH_TOKEN_VALIDITY: "86400000"
REDIS_PORT: "6379"
SPRING_PROFILES_ACTIVE: "dev"
DDL_AUTO: "update"

17
.github/kustomize/overlays/dev/deployment-api-gateway-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
spec:
replicas: 1
template:
spec:
containers:
- name: api-gateway
resources:
requests:
memory: "256Mi"
cpu: "256m"
limits:
memory: "1024Mi"
cpu: "1024m"

17
.github/kustomize/overlays/dev/deployment-bill-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: bill-service
spec:
replicas: 1
template:
spec:
containers:
- name: bill-service
resources:
requests:
memory: "256Mi"
cpu: "256m"
limits:
memory: "1024Mi"
cpu: "1024m"

17
.github/kustomize/overlays/dev/deployment-kos-mock-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kos-mock
spec:
replicas: 1
template:
spec:
containers:
- name: kos-mock
resources:
requests:
memory: "256Mi"
cpu: "256m"
limits:
memory: "1024Mi"
cpu: "1024m"

17
.github/kustomize/overlays/dev/deployment-product-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: product-service
spec:
replicas: 1
template:
spec:
containers:
- name: product-service
resources:
requests:
memory: "256Mi"
cpu: "256m"
limits:
memory: "1024Mi"
cpu: "1024m"

17
.github/kustomize/overlays/dev/deployment-user-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-service
spec:
replicas: 1
template:
spec:
containers:
- name: user-service
resources:
requests:
memory: "256Mi"
cpu: "256m"
limits:
memory: "1024Mi"
cpu: "1024m"

49
.github/kustomize/overlays/dev/ingress-patch.yaml vendored Normal file
View File

@ -0,0 +1,49 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: phonebill
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
ingressClassName: nginx
rules:
- host: phonebill-api.20.214.196.128.nip.io
http:
paths:
- path: /api/v1/auth
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/users
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/bills
pathType: Prefix
backend:
service:
name: bill-service
port:
number: 80
- path: /api/v1/products
pathType: Prefix
backend:
service:
name: product-service
port:
number: 80
- path: /api/v1/kos
pathType: Prefix
backend:
service:
name: kos-mock
port:
number: 80

70
.github/kustomize/overlays/dev/kustomization.yaml vendored Normal file
View File

@ -0,0 +1,70 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: phonebill-dev
resources:
- ../../base
patches:
- path: cm-common-patch.yaml
target:
kind: ConfigMap
name: cm-common
- path: deployment-api-gateway-patch.yaml
target:
kind: Deployment
name: api-gateway
- path: deployment-user-service-patch.yaml
target:
kind: Deployment
name: user-service
- path: deployment-bill-service-patch.yaml
target:
kind: Deployment
name: bill-service
- path: deployment-product-service-patch.yaml
target:
kind: Deployment
name: product-service
- path: deployment-kos-mock-patch.yaml
target:
kind: Deployment
name: kos-mock
- path: ingress-patch.yaml
target:
kind: Ingress
name: phonebill
- path: secret-common-patch.yaml
target:
kind: Secret
name: secret-common
- path: secret-user-service-patch.yaml
target:
kind: Secret
name: secret-user-service
- path: secret-bill-service-patch.yaml
target:
kind: Secret
name: secret-bill-service
- path: secret-product-service-patch.yaml
target:
kind: Secret
name: secret-product-service
images:
- name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
newTag: dev-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/user-service
newTag: dev-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
newTag: dev-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/product-service
newTag: dev-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
newTag: dev-latest
namePrefix: dev-
commonLabels:
environment: dev

11
.github/kustomize/overlays/dev/secret-bill-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-bill-service
type: Opaque
stringData:
DB_HOST: "bill-inquiry-postgres-dev-postgresql"
DB_NAME: "bill_inquiry_db"
DB_USERNAME: "bill_inquiry_user"
DB_PASSWORD: "BillUser2025!"

10
.github/kustomize/overlays/dev/secret-common-patch.yaml vendored Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-common
type: Opaque
stringData:
JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
REDIS_HOST: "redis-cache-dev-master"
REDIS_PASSWORD: "Redis2025Dev!"

11
.github/kustomize/overlays/dev/secret-product-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-product-service
type: Opaque
stringData:
DB_HOST: "product-change-postgres-dev-postgresql"
DB_NAME: "product_change_db"
DB_USERNAME: "product_change_user"
DB_PASSWORD: "ProductUser2025!"

11
.github/kustomize/overlays/dev/secret-user-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-user-service
type: Opaque
stringData:
DB_HOST: "auth-postgres-dev-postgresql"
DB_NAME: "phonebill_auth"
DB_USERNAME: "auth_user"
DB_PASSWORD: "AuthUser2025!"

12
.github/kustomize/overlays/prod/cm-common-patch.yaml vendored Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-common
data:
CORS_ALLOWED_ORIGINS: "https://phonebill.example.com"
JWT_ACCESS_TOKEN_VALIDITY: "3600000"
JWT_REFRESH_TOKEN_VALIDITY: "43200000"
REDIS_PORT: "6379"
SPRING_PROFILES_ACTIVE: "prod"
DDL_AUTO: "validate"

17
.github/kustomize/overlays/prod/deployment-api-gateway-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
spec:
replicas: 3
template:
spec:
containers:
- name: api-gateway
resources:
requests:
memory: "4096Mi"
cpu: "4096m"
limits:
memory: "4096Mi"
cpu: "4096m"

17
.github/kustomize/overlays/prod/deployment-bill-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: bill-service
spec:
replicas: 3
template:
spec:
containers:
- name: bill-service
resources:
requests:
memory: "4096Mi"
cpu: "4096m"
limits:
memory: "4096Mi"
cpu: "4096m"

17
.github/kustomize/overlays/prod/deployment-kos-mock-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kos-mock
spec:
replicas: 3
template:
spec:
containers:
- name: kos-mock
resources:
requests:
memory: "4096Mi"
cpu: "4096m"
limits:
memory: "4096Mi"
cpu: "4096m"

17
.github/kustomize/overlays/prod/deployment-product-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: product-service
spec:
replicas: 3
template:
spec:
containers:
- name: product-service
resources:
requests:
memory: "4096Mi"
cpu: "4096m"
limits:
memory: "4096Mi"
cpu: "4096m"

17
.github/kustomize/overlays/prod/deployment-user-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-service
spec:
replicas: 3
template:
spec:
containers:
- name: user-service
resources:
requests:
memory: "4096Mi"
cpu: "4096m"
limits:
memory: "4096Mi"
cpu: "4096m"

54
.github/kustomize/overlays/prod/ingress-patch.yaml vendored Normal file
View File

@ -0,0 +1,54 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: phonebill
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- phonebill.example.com
secretName: phonebill-prod-tls
rules:
- host: phonebill.example.com
http:
paths:
- path: /api/v1/auth
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/users
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/bills
pathType: Prefix
backend:
service:
name: bill-service
port:
number: 80
- path: /api/v1/products
pathType: Prefix
backend:
service:
name: product-service
port:
number: 80
- path: /api/v1/kos
pathType: Prefix
backend:
service:
name: kos-mock
port:
number: 80

70
.github/kustomize/overlays/prod/kustomization.yaml vendored Normal file
View File

@ -0,0 +1,70 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: phonebill-prod
resources:
- ../../base
patches:
- path: cm-common-patch.yaml
target:
kind: ConfigMap
name: cm-common
- path: deployment-api-gateway-patch.yaml
target:
kind: Deployment
name: api-gateway
- path: deployment-user-service-patch.yaml
target:
kind: Deployment
name: user-service
- path: deployment-bill-service-patch.yaml
target:
kind: Deployment
name: bill-service
- path: deployment-product-service-patch.yaml
target:
kind: Deployment
name: product-service
- path: deployment-kos-mock-patch.yaml
target:
kind: Deployment
name: kos-mock
- path: ingress-patch.yaml
target:
kind: Ingress
name: phonebill
- path: secret-common-patch.yaml
target:
kind: Secret
name: secret-common
- path: secret-user-service-patch.yaml
target:
kind: Secret
name: secret-user-service
- path: secret-bill-service-patch.yaml
target:
kind: Secret
name: secret-bill-service
- path: secret-product-service-patch.yaml
target:
kind: Secret
name: secret-product-service
images:
- name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
newTag: prod-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/user-service
newTag: prod-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
newTag: prod-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/product-service
newTag: prod-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
newTag: prod-latest
namePrefix: prod-
commonLabels:
environment: prod

11
.github/kustomize/overlays/prod/secret-bill-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-bill-service
type: Opaque
stringData:
DB_HOST: "bill-inquiry-postgres-dev-postgresql"
DB_NAME: "bill_inquiry_db"
DB_USERNAME: "bill_inquiry_user"
DB_PASSWORD: "BillUser2025!"

10
.github/kustomize/overlays/prod/secret-common-patch.yaml vendored Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-common
type: Opaque
stringData:
JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
REDIS_HOST: "redis-cache-dev-master"
REDIS_PASSWORD: "Redis2025Dev!"

11
.github/kustomize/overlays/prod/secret-product-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-product-service
type: Opaque
stringData:
DB_HOST: "product-change-postgres-dev-postgresql"
DB_NAME: "product_change_db"
DB_USERNAME: "product_change_user"
DB_PASSWORD: "ProductUser2025!"

11
.github/kustomize/overlays/prod/secret-user-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-user-service
type: Opaque
stringData:
DB_HOST: "auth-postgres-dev-postgresql"
DB_NAME: "phonebill_auth"
DB_USERNAME: "auth_user"
DB_PASSWORD: "AuthUser2025!"

12
.github/kustomize/overlays/staging/cm-common-patch.yaml vendored Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-common
data:
CORS_ALLOWED_ORIGINS: "https://phonebill.staging.example.com"
JWT_ACCESS_TOKEN_VALIDITY: "18000000"
JWT_REFRESH_TOKEN_VALIDITY: "86400000"
REDIS_PORT: "6379"
SPRING_PROFILES_ACTIVE: "staging"
DDL_AUTO: "validate"

17
.github/kustomize/overlays/staging/deployment-api-gateway-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
spec:
replicas: 2
template:
spec:
containers:
- name: api-gateway
resources:
requests:
memory: "512Mi"
cpu: "512m"
limits:
memory: "2048Mi"
cpu: "2048m"

17
.github/kustomize/overlays/staging/deployment-bill-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: bill-service
spec:
replicas: 2
template:
spec:
containers:
- name: bill-service
resources:
requests:
memory: "512Mi"
cpu: "512m"
limits:
memory: "2048Mi"
cpu: "2048m"

17
.github/kustomize/overlays/staging/deployment-kos-mock-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kos-mock
spec:
replicas: 2
template:
spec:
containers:
- name: kos-mock
resources:
requests:
memory: "512Mi"
cpu: "512m"
limits:
memory: "2048Mi"
cpu: "2048m"

17
.github/kustomize/overlays/staging/deployment-product-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: product-service
spec:
replicas: 2
template:
spec:
containers:
- name: product-service
resources:
requests:
memory: "512Mi"
cpu: "512m"
limits:
memory: "2048Mi"
cpu: "2048m"

17
.github/kustomize/overlays/staging/deployment-user-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-service
spec:
replicas: 2
template:
spec:
containers:
- name: user-service
resources:
requests:
memory: "512Mi"
cpu: "512m"
limits:
memory: "2048Mi"
cpu: "2048m"

54
.github/kustomize/overlays/staging/ingress-patch.yaml vendored Normal file
View File

@ -0,0 +1,54 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: phonebill
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- phonebill.staging.example.com
secretName: phonebill-staging-tls
rules:
- host: phonebill.staging.example.com
http:
paths:
- path: /api/v1/auth
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/users
pathType: Prefix
backend:
service:
name: user-service
port:
number: 80
- path: /api/v1/bills
pathType: Prefix
backend:
service:
name: bill-service
port:
number: 80
- path: /api/v1/products
pathType: Prefix
backend:
service:
name: product-service
port:
number: 80
- path: /api/v1/kos
pathType: Prefix
backend:
service:
name: kos-mock
port:
number: 80

70
.github/kustomize/overlays/staging/kustomization.yaml vendored Normal file
View File

@ -0,0 +1,70 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: phonebill-staging
resources:
- ../../base
patches:
- path: cm-common-patch.yaml
target:
kind: ConfigMap
name: cm-common
- path: deployment-api-gateway-patch.yaml
target:
kind: Deployment
name: api-gateway
- path: deployment-user-service-patch.yaml
target:
kind: Deployment
name: user-service
- path: deployment-bill-service-patch.yaml
target:
kind: Deployment
name: bill-service
- path: deployment-product-service-patch.yaml
target:
kind: Deployment
name: product-service
- path: deployment-kos-mock-patch.yaml
target:
kind: Deployment
name: kos-mock
- path: ingress-patch.yaml
target:
kind: Ingress
name: phonebill
- path: secret-common-patch.yaml
target:
kind: Secret
name: secret-common
- path: secret-user-service-patch.yaml
target:
kind: Secret
name: secret-user-service
- path: secret-bill-service-patch.yaml
target:
kind: Secret
name: secret-bill-service
- path: secret-product-service-patch.yaml
target:
kind: Secret
name: secret-product-service
images:
- name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
newTag: staging-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/user-service
newTag: staging-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
newTag: staging-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/product-service
newTag: staging-latest
- name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
newTag: staging-latest
namePrefix: staging-
commonLabels:
environment: staging

11
.github/kustomize/overlays/staging/secret-bill-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-bill-service
type: Opaque
stringData:
DB_HOST: "bill-inquiry-postgres-dev-postgresql"
DB_NAME: "bill_inquiry_db"
DB_USERNAME: "bill_inquiry_user"
DB_PASSWORD: "BillUser2025!"

10
.github/kustomize/overlays/staging/secret-common-patch.yaml vendored Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-common
type: Opaque
stringData:
JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
REDIS_HOST: "redis-cache-dev-master"
REDIS_PASSWORD: "Redis2025Dev!"

11
.github/kustomize/overlays/staging/secret-product-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-product-service
type: Opaque
stringData:
DB_HOST: "product-change-postgres-dev-postgresql"
DB_NAME: "product_change_db"
DB_USERNAME: "product_change_user"
DB_PASSWORD: "ProductUser2025!"

11
.github/kustomize/overlays/staging/secret-user-service-patch.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: secret-user-service
type: Opaque
stringData:
DB_HOST: "auth-postgres-dev-postgresql"
DB_NAME: "phonebill_auth"
DB_USERNAME: "auth_user"
DB_PASSWORD: "AuthUser2025!"

64
.github/scripts/deploy-actions.sh vendored Normal file
View File

@ -0,0 +1,64 @@
#!/bin/bash
set -e
ENVIRONMENT=${1:-dev}
IMAGE_TAG=${2:-latest}
echo "🚀 Manual deployment starting..."
echo "Environment: $ENVIRONMENT"
echo "Image Tag: $IMAGE_TAG"
# Check if kustomize is installed
if ! command -v kustomize &> /dev/null; then
echo "Installing Kustomize..."
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash
sudo mv kustomize /usr/local/bin/
fi
# Load environment variables from .github/config
if [[ -f ".github/config/deploy_env_vars_${ENVIRONMENT}" ]]; then
source ".github/config/deploy_env_vars_${ENVIRONMENT}"
echo "✅ Environment variables loaded for $ENVIRONMENT"
else
echo "❌ Environment configuration file not found: .github/config/deploy_env_vars_${ENVIRONMENT}"
exit 1
fi
# Create namespace
echo "📝 Creating namespace phonebill-${ENVIRONMENT}..."
kubectl create namespace phonebill-${ENVIRONMENT} --dry-run=client -o yaml | kubectl apply -f -
# 환경별 이미지 태그 업데이트 (.github/kustomize 사용)
cd .github/kustomize/overlays/${ENVIRONMENT}
echo "🔄 Updating image tags..."
# 서비스 배열 정의
services=(api-gateway user-service bill-service product-service kos-mock)
# 각 서비스별 이미지 태그 업데이트
for service in "${services[@]}"; do
kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/$service:${ENVIRONMENT}-${IMAGE_TAG}
done
echo "🚀 Deploying to Kubernetes..."
# 배포 실행
kubectl apply -k .
echo "⏳ Waiting for deployments to be ready..."
# 서비스별 배포 상태 확인
for service in "${services[@]}"; do
kubectl rollout status deployment/${ENVIRONMENT}-$service -n phonebill-${ENVIRONMENT} --timeout=300s
done
echo "🔍 Health check..."
# API Gateway Health Check (첫 번째 서비스가 API Gateway라고 가정)
GATEWAY_SERVICE=${services[0]}
GATEWAY_POD=$(kubectl get pod -n phonebill-${ENVIRONMENT} -l app.kubernetes.io/name=${ENVIRONMENT}-$GATEWAY_SERVICE -o jsonpath='{.items[0].metadata.name}')
kubectl -n phonebill-${ENVIRONMENT} exec $GATEWAY_POD -- curl -f http://localhost:8080/actuator/health || echo "Health check failed, but deployment completed"
echo "📋 Service Information:"
kubectl get pods -n phonebill-${ENVIRONMENT}
kubectl get services -n phonebill-${ENVIRONMENT}
kubectl get ingress -n phonebill-${ENVIRONMENT}
echo "✅ GitHub Actions deployment completed successfully!"

286
.github/workflows/backend-cicd.yaml vendored Normal file
View File

@ -0,0 +1,286 @@
name: Backend Services CI/CD
on:
push:
branches: [ main, develop ]
paths:
- 'api-gateway/**'
- 'user-service/**'
- 'bill-service/**'
- 'product-service/**'
- 'kos-mock/**'
- 'common/**'
- '.github/**'
pull_request:
branches: [ main ]
workflow_dispatch:
inputs:
ENVIRONMENT:
description: 'Target environment'
required: true
default: 'dev'
type: choice
options:
- dev
- staging
- prod
SKIP_SONARQUBE:
description: 'Skip SonarQube Analysis'
required: false
default: 'true'
type: choice
options:
- 'true'
- 'false'
env:
REGISTRY: acrdigitalgarage01.azurecr.io
IMAGE_ORG: phonebill
RESOURCE_GROUP: rg-digitalgarage-01
AKS_CLUSTER: aks-digitalgarage-01
jobs:
build:
name: Build and Test
runs-on: ubuntu-latest
outputs:
image_tag: ${{ steps.set_outputs.outputs.image_tag }}
environment: ${{ steps.set_outputs.outputs.environment }}
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: '21'
distribution: 'temurin'
cache: 'gradle'
- name: Determine environment
id: determine_env
run: |
# Use input parameter or default to 'dev'
ENVIRONMENT="${{ github.event.inputs.ENVIRONMENT || 'dev' }}"
echo "environment=$ENVIRONMENT" >> $GITHUB_OUTPUT
- name: Load environment variables
id: env_vars
run: |
ENV=${{ steps.determine_env.outputs.environment }}
# Initialize variables with defaults
REGISTRY="acrdigitalgarage01.azurecr.io"
IMAGE_ORG="phonebill"
RESOURCE_GROUP="rg-digitalgarage-01"
AKS_CLUSTER="aks-digitalgarage-01"
# Read environment variables from .github/config file
if [[ -f ".github/config/deploy_env_vars_${ENV}" ]]; then
while IFS= read -r line || [[ -n "$line" ]]; do
# Skip comments and empty lines
[[ "$line" =~ ^#.*$ ]] && continue
[[ -z "$line" ]] && continue
# Extract key-value pairs
key=$(echo "$line" | cut -d '=' -f1)
value=$(echo "$line" | cut -d '=' -f2-)
# Override defaults if found in config
case "$key" in
"resource_group") RESOURCE_GROUP="$value" ;;
"cluster_name") AKS_CLUSTER="$value" ;;
esac
done < ".github/config/deploy_env_vars_${ENV}"
fi
# Export for other jobs
echo "REGISTRY=$REGISTRY" >> $GITHUB_ENV
echo "IMAGE_ORG=$IMAGE_ORG" >> $GITHUB_ENV
echo "RESOURCE_GROUP=$RESOURCE_GROUP" >> $GITHUB_ENV
echo "AKS_CLUSTER=$AKS_CLUSTER" >> $GITHUB_ENV
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Build with Gradle
run: |
./gradlew build -x test
- name: SonarQube Analysis & Quality Gate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: |
# Check if SonarQube should be skipped
SKIP_SONARQUBE="${{ github.event.inputs.SKIP_SONARQUBE || 'true' }}"
if [[ "$SKIP_SONARQUBE" == "true" ]]; then
echo "⏭️ Skipping SonarQube Analysis (SKIP_SONARQUBE=$SKIP_SONARQUBE)"
exit 0
fi
# Define services array
services=(api-gateway user-service bill-service product-service kos-mock)
# Run tests, coverage reports, and SonarQube analysis for each service
for service in "${services[@]}"; do
./gradlew :$service:test :$service:jacocoTestReport :$service:sonar \
-Dsonar.projectKey=phonebill-$service-${{ steps.determine_env.outputs.environment }} \
-Dsonar.projectName=phonebill-$service-${{ steps.determine_env.outputs.environment }} \
-Dsonar.host.url=$SONAR_HOST_URL \
-Dsonar.token=$SONAR_TOKEN \
-Dsonar.java.binaries=build/classes/java/main \
-Dsonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml \
-Dsonar.exclusions=**/config/**,**/entity/**,**/dto/**,**/*Application.class,**/exception/**
done
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: app-builds
path: |
api-gateway/build/libs/*.jar
user-service/build/libs/*.jar
bill-service/build/libs/*.jar
product-service/build/libs/*.jar
kos-mock/build/libs/*.jar
- name: Set outputs
id: set_outputs
run: |
# Generate timestamp for image tag
IMAGE_TAG=$(date +%Y%m%d%H%M%S)
echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
echo "environment=${{ steps.determine_env.outputs.environment }}" >> $GITHUB_OUTPUT
release:
name: Build and Push Docker Images
needs: build
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: app-builds
- name: Set environment variables from build job
run: |
echo "REGISTRY=${{ env.REGISTRY }}" >> $GITHUB_ENV
echo "IMAGE_ORG=${{ env.IMAGE_ORG }}" >> $GITHUB_ENV
echo "ENVIRONMENT=${{ needs.build.outputs.environment }}" >> $GITHUB_ENV
echo "IMAGE_TAG=${{ needs.build.outputs.image_tag }}" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Azure Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.ACR_USERNAME }}
password: ${{ secrets.ACR_PASSWORD }}
- name: Build and push Docker images for all services
run: |
# Define services array
services=(api-gateway user-service bill-service product-service kos-mock)
# Build and push each service image
for service in "${services[@]}"; do
echo "Building and pushing $service..."
docker build \
--build-arg BUILD_LIB_DIR="$service/build/libs" \
--build-arg ARTIFACTORY_FILE="$service.jar" \
-f deployment/container/Dockerfile-backend \
-t ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }} .
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }}
done
deploy:
name: Deploy to Kubernetes
needs: [build, release]
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Set image tag environment variable
run: |
echo "IMAGE_TAG=${{ needs.build.outputs.image_tag }}" >> $GITHUB_ENV
echo "ENVIRONMENT=${{ needs.build.outputs.environment }}" >> $GITHUB_ENV
- name: Install Azure CLI
run: |
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Setup kubectl
uses: azure/setup-kubectl@v3
- name: Get AKS Credentials
run: |
az aks get-credentials --resource-group ${{ env.RESOURCE_GROUP }} --name ${{ env.AKS_CLUSTER }} --overwrite-existing
- name: Create namespace
run: |
kubectl create namespace phonebill-${{ env.ENVIRONMENT }} --dry-run=client -o yaml | kubectl apply -f -
- name: Install Kustomize
run: |
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash
sudo mv kustomize /usr/local/bin/
- name: Update Kustomize images and deploy
run: |
# 환경별 디렉토리로 이동
cd .github/kustomize/overlays/${{ env.ENVIRONMENT }}
# 각 서비스별 이미지 태그 업데이트
kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/api-gateway:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/user-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/bill-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/product-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/kos-mock:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
# 매니페스트 적용
kubectl apply -k .
- name: Wait for deployments to be ready
run: |
echo "Waiting for deployments to be ready..."
kubectl -n phonebill-${{ env.ENVIRONMENT }} wait --for=condition=available deployment/${{ env.ENVIRONMENT }}-api-gateway --timeout=300s
kubectl -n phonebill-${{ env.ENVIRONMENT }} wait --for=condition=available deployment/${{ env.ENVIRONMENT }}-user-service --timeout=300s
kubectl -n phonebill-${{ env.ENVIRONMENT }} wait --for=condition=available deployment/${{ env.ENVIRONMENT }}-bill-service --timeout=300s
kubectl -n phonebill-${{ env.ENVIRONMENT }} wait --for=condition=available deployment/${{ env.ENVIRONMENT }}-product-service --timeout=300s
kubectl -n phonebill-${{ env.ENVIRONMENT }} wait --for=condition=available deployment/${{ env.ENVIRONMENT }}-kos-mock --timeout=300s
- name: Health Check
run: |
echo "🔍 Health Check starting..."
# API Gateway Health Check
GATEWAY_POD=$(kubectl get pod -n phonebill-${{ env.ENVIRONMENT }} -l app.kubernetes.io/name=${{ env.ENVIRONMENT }}-api-gateway -o jsonpath='{.items[0].metadata.name}')
kubectl -n phonebill-${{ env.ENVIRONMENT }} exec $GATEWAY_POD -- curl -f http://localhost:8080/actuator/health || exit 1
echo "✅ All services are healthy!"
- name: Get service information
run: |
echo "📋 Service Information:"
kubectl get pods -n phonebill-${{ env.ENVIRONMENT }}
kubectl get services -n phonebill-${{ env.ENVIRONMENT }}
kubectl get ingress -n phonebill-${{ env.ENVIRONMENT }}
echo "Ingress IP: $(kubectl -n phonebill-${{ env.ENVIRONMENT }} get ingress phonebill-ingress -o jsonpath='{.status.loadBalancer.ingress[0].ip}' 2>/dev/null || echo 'Pending')"

4
CLAUDE.md
View File

@ -310,6 +310,10 @@ QA Engineer
- 설명: 백엔드 서비스를 Jenkins를 이용하여 CI/CD하는 배포 가이드
- URL: https://raw.githubusercontent.com/cna-bootcamp/clauding-guide/refs/heads/main/guides/deploy/deploy-jenkins-cicd-back.md
- 파일명: deploy-jenkins-cicd-back.md
- 백엔드GitHubActions파이프라인작성가이드
- 설명: 백엔드 서비스를 GitHub Actions를 이용하여 CI/CD하는 배포 가이드
- URL: https://raw.githubusercontent.com/cna-bootcamp/clauding-guide/refs/heads/main/guides/deploy/deploy-actions-cicd-back.md
- 파일명: deploy-actions-cicd-back.md
## 참조 문서
- 프로젝트지침템플릿

308
claude/github-actions-migration-plan.md
View File

@ -1,308 +0,0 @@
# GitHub Actions CI/CD 전환 작업계획서
## 📋 개요
현재 Jenkins 기반 CI/CD 파이프라인을 GitHub Actions로 전환하여 더 효율적이고 관리하기 쉬운 DevOps 환경을 구축하는 작업계획서입니다.
## 🎯 전환 목표
- **통합 개발 환경**: GitHub과 CI/CD의 완전한 통합
- **관리 효율성**: Jenkins 인프라 관리 부담 제거
- **보안 강화**: GitHub Secrets를 통한 안전한 자격증명 관리
- **개발자 경험**: GitHub 인터페이스와 통합된 워크플로우
- **비용 최적화**: 자체 관리형 Jenkins 인프라 비용 절감
## 🔍 현재 Jenkins CI/CD 분석
### 기존 Jenkins 파이프라인 구조
```
Jenkins Pipeline
├── Pod Template (Kubernetes 기반)
│ ├── podman container (이미지 빌드)
│ ├── gradle container (빌드 & 테스트)
│ └── azure-cli container (배포)
├── 5개 서비스 병렬 처리
│ ├── api-gateway
│ ├── user-service
│ ├── bill-service
│ ├── product-service
│ └── kos-mock
└── Kustomize 기반 쿠버네티스 배포
```
### 현재 파이프라인 단계
1. **Get Source**: SCM checkout
2. **Setup AKS**: Azure 인증 및 쿠버네티스 클러스터 연결
3. **Build**: Gradle 빌드 (테스트 제외)
4. **SonarQube Analysis**: 코드 품질 분석 (선택적)
5. **Build & Push Images**: Podman으로 컨테이너 이미지 빌드/푸시
6. **Update Kustomize & Deploy**: 쿠버네티스 배포
### 사용 중인 도구 및 서비스
- **빌드 도구**: Gradle with JDK 21
- **컨테이너**: Podman (Docker 대신 사용)
- **레지스트리**: Azure Container Registry (ACR)
- **배포**: Kustomize + kubectl
- **코드 품질**: SonarQube
- **인프라**: Azure Kubernetes Service (AKS)
## 📊 전환 범위 및 우선순위
### 1단계: 핵심 워크플로우 구축 (필수)
- [ ] **기본 빌드 워크플로우**: Gradle 빌드 자동화
- [ ] **컨테이너 이미지 빌드**: Docker 기반 이미지 빌드/푸시
- [ ] **환경별 배포**: dev/staging/prod 환경 지원
- [ ] **시크릿 관리**: 자격증명 및 환경변수 관리
### 2단계: 고도화 기능 (중요)
- [ ] **코드 품질 분석**: SonarQube 통합
- [ ] **테스트 자동화**: 단위/통합 테스트 실행
- [ ] **병렬 처리**: 5개 서비스 동시 빌드/배포
- [ ] **배포 검증**: Health check 및 rollback 기능
### 3단계: 최적화 및 확장 (선택)
- [ ] **캐싱 전략**: 빌드 속도 최적화
- [ ] **매트릭스 빌드**: 다중 환경/버전 지원
- [ ] **알림 시스템**: 빌드 상태 알림
- [ ] **보안 스캔**: 컨테이너 취약점 검사
## 🗂️ 파일 구조 계획
```
.github/
└── workflows/
├── ci-cd.yml # 메인 CI/CD 워크플로우
├── build-and-test.yml # 빌드 및 테스트만 실행
├── deploy-dev.yml # 개발환경 배포
├── deploy-staging.yml # 스테이징환경 배포
└── deploy-prod.yml # 운영환경 배포
scripts/
├── build-images.sh # 이미지 빌드 스크립트
├── deploy-services.sh # 서비스 배포 스크립트
└── health-check.sh # 배포 검증 스크립트
```
## 🔧 기술 스택 매핑
### Jenkins → GitHub Actions 매핑
| Jenkins 요소 | GitHub Actions 대체 | 비고 |
|---------------|-------------------|------|
| Jenkinsfile | .github/workflows/*.yml | YAML 기반 워크플로우 |
| Pod Template | Ubuntu/Windows runners | GitHub hosted runners |
| Podman container | Docker/build-push-action | Docker 기반 이미지 빌드 |
| Gradle container | actions/setup-java | Java 21 + Gradle wrapper |
| Azure CLI container | azure/login | Azure 서비스 연결 |
| Credentials | GitHub Secrets | 암호화된 환경변수 |
| SonarQube | sonarqube-github-action | 코드 품질 분석 |
### 환경변수 및 시크릿
**GitHub Secrets 필요 항목:**
```
AZURE_CLIENT_ID
AZURE_CLIENT_SECRET
AZURE_TENANT_ID
ACR_USERNAME
ACR_PASSWORD
DOCKERHUB_USERNAME
DOCKERHUB_PASSWORD
SONARQUBE_TOKEN
SONARQUBE_HOST_URL
RESOURCE_GROUP_DEV
RESOURCE_GROUP_STAGING
RESOURCE_GROUP_PROD
CLUSTER_NAME_DEV
CLUSTER_NAME_STAGING
CLUSTER_NAME_PROD
```
## 📝 상세 작업 단계
### Phase 1: 환경 준비 (1-2일)
#### 1.1 GitHub Repository 설정
- [ ] GitHub Actions 활성화 확인
- [ ] Branch protection rules 설정
- [ ] Required status checks 구성
#### 1.2 시크릿 구성
- [ ] Azure 서비스 주체 정보 등록
- [ ] ACR 자격증명 등록
- [ ] SonarQube 토큰 등록
- [ ] 환경별 클러스터 정보 등록
#### 1.3 권한 설정
- [ ] GitHub Actions service account 생성
- [ ] AKS 클러스터 접근 권한 부여
- [ ] ACR 이미지 푸시 권한 확인
### Phase 2: 기본 워크플로우 구축 (3-4일)
#### 2.1 빌드 워크플로우 (.github/workflows/build.yml)
```yaml
# 예시 구조
name: Build and Test
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
service: [api-gateway, user-service, bill-service, product-service, kos-mock]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
- name: Build with Gradle
run: ./gradlew :${{ matrix.service }}:build -x test
```
#### 2.2 이미지 빌드 워크플로우
- [ ] Docker 기반 이미지 빌드
- [ ] Multi-stage build 최적화
- [ ] ACR 푸시 자동화
- [ ] 이미지 태그 전략 수립
#### 2.3 배포 워크플로우
- [ ] Kustomize 이미지 태그 업데이트
- [ ] kubectl 배포 실행
- [ ] 배포 상태 확인
- [ ] Rollback 메커니즘
### Phase 3: 고도화 기능 (2-3일)
#### 3.1 테스트 통합
- [ ] 단위 테스트 실행
- [ ] 통합 테스트 실행
- [ ] 테스트 결과 리포팅
- [ ] 커버리지 측정
#### 3.2 코드 품질 분석
- [ ] SonarQube 분석 통합
- [ ] Quality Gate 적용
- [ ] PR 댓글로 품질 리포트
- [ ] 실패 시 배포 중단
#### 3.3 병렬 처리 최적화
- [ ] Matrix strategy 활용
- [ ] Job dependencies 설정
- [ ] 빌드 시간 최적화
- [ ] 캐싱 전략 적용
### Phase 4: 검증 및 안정화 (2-3일)
#### 4.1 기능 검증
- [ ] 전체 파이프라인 End-to-End 테스트
- [ ] 각 환경별 배포 검증
- [ ] 롤백 기능 테스트
- [ ] 성능 벤치마크 비교
#### 4.2 문서화
- [ ] 워크플로우 사용법 문서
- [ ] 트러블슈팅 가이드
- [ ] 마이그레이션 체크리스트
- [ ] 운영 매뉴얼 작성
## ⚠️ 위험 요소 및 대응 방안
### 기술적 위험
| 위험 요소 | 영향도 | 대응 방안 |
|-----------|--------|----------|
| Podman → Docker 변환 | 중 | Docker 호환성 테스트, 이미지 빌드 검증 |
| Jenkins 종속성 | 높음 | 단계적 전환, 병렬 운영 기간 확보 |
| 환경별 설정 차이 | 중 | 환경별 상세 테스트, 설정 검증 도구 |
| 성능 차이 | 낮음 | 빌드 시간 벤치마크, 캐싱 최적화 |
### 운영적 위험
| 위험 요소 | 영향도 | 대응 방안 |
|-----------|--------|----------|
| 배포 중단 | 높음 | Blue-Green 배포, 즉시 롤백 가능 |
| 학습 곡선 | 중 | 교육 계획, 문서화 강화 |
| 권한 관리 복잡성 | 중 | IAM 정책 표준화, 최소 권한 원칙 |
## 📊 성공 지표
### 기술적 지표
- [ ] **빌드 시간**: 현재 대비 20% 이내 유지
- [ ] **배포 성공률**: 99% 이상
- [ ] **MTTR**: 평균 복구 시간 10분 이내
- [ ] **파이프라인 가용성**: 99.9% 이상
### 운영적 지표
- [ ] **관리 복잡성**: Jenkins 인프라 관리 불필요
- [ ] **개발자 만족도**: GitHub 통합 워크플로우
- [ ] **보안 개선**: 중앙화된 시크릿 관리
- [ ] **비용 절감**: Jenkins 인프라 비용 제거
## 🗓️ 일정 계획
### 전체 일정: 8-12 일
```
Week 1 (Day 1-4): 환경 준비 + 기본 워크플로우
├── Day 1-2: GitHub 설정, 시크릿 구성
└── Day 3-4: 빌드 워크플로우 구축
Week 2 (Day 5-8): 고도화 + 검증
├── Day 5-6: 이미지 빌드, 배포 워크플로우
├── Day 7-8: 테스트, 품질 분석 통합
Week 3 (Day 9-12): 최적화 + 안정화
├── Day 9-10: 병렬 처리, 성능 최적화
└── Day 11-12: 검증, 문서화, 운영 전환
```
### 마일스톤
- **M1** (Day 4): 기본 빌드 파이프라인 완료
- **M2** (Day 8): 전체 CI/CD 파이프라인 완료
- **M3** (Day 12): 운영 환경 전환 완료
## ✅ 체크리스트
### 전환 전 준비사항
- [ ] 현재 Jenkins 파이프라인 백업
- [ ] GitHub Actions 사용량 한도 확인
- [ ] 팀 구성원 GitHub Actions 교육
- [ ] 롤백 계획 수립
### 전환 후 검증사항
- [ ] 전체 서비스 빌드/배포 테스트
- [ ] 환경별 배포 검증
- [ ] 성능 벤치마크 비교
- [ ] 보안 설정 점검
- [ ] 문서화 완료 확인
## 📞 담당자 및 역할
### 핵심 담당자
- **DevOps 리드**: 최운영/데옵스 - 워크플로우 설계, 인프라 연동
- **Backend 리드**: 이개발/백엔더 - 빌드 스크립트, 테스트 통합
- **QA 리드**: 정테스트/QA매니저 - 배포 검증, 품질 게이트
### 지원 역할
- **Product Owner**: 김기획/기획자 - 일정 조율, 우선순위 결정
- **Frontend Dev**: 박화면/프론트 - 프론트엔드 빌드 프로세스
## 💡 추천사항
1. **점진적 전환**: 개발환경부터 단계적으로 전환
2. **병렬 운영**: 초기 안정화까지 Jenkins와 병행 운영
3. **모니터링 강화**: 전환 후 집중 모니터링 기간 운영
4. **피드백 수집**: 개발팀 피드백 기반 지속 개선
5. **문서화 우선**: 모든 변경사항 실시간 문서화
---
**작성일**: 2025-01-14
**작성자**: 최운영/데옵스
**검토자**: 김기획/기획자, 이개발/백엔더
**승인자**: Project Owner

46
fix-deployment-selector.sh
View File

@ -1,46 +0,0 @@
#!/bin/bash
# Deployment selector 문제 해결을 위한 스크립트
# 기존 Deployment 삭제 후 새로운 설정으로 재생성
echo "=== Deployment Selector 문제 해결 시작 ==="
NAMESPACE="phonebill-dev"
SERVICES=("api-gateway" "bill-service" "kos-mock" "product-service" "user-service")
# 1단계: 기존 Deployment들을 안전하게 삭제
echo "1단계: 기존 Deployment 삭제"
for service in "${SERVICES[@]}"; do
echo "삭제 중: $service"
kubectl delete deployment $service -n $NAMESPACE --ignore-not-found=true
# Deployment가 완전히 삭제될 때까지 대기
while kubectl get deployment $service -n $NAMESPACE &>/dev/null; do
echo "대기 중: $service 삭제 완료 대기..."
sleep 2
done
echo "완료: $service 삭제됨"
done
echo "모든 Deployment 삭제 완료"
# 2단계: 잠시 대기
echo "2단계: 리소스 정리 대기 (5초)"
sleep 5
# 3단계: Kustomize를 통해 새로운 Deployment 생성
echo "3단계: 새로운 Deployment 생성"
echo "Kustomize 적용 중..."
cd deployment/cicd/kustomize/overlays/dev
kubectl apply -k .
echo "=== Deployment Selector 문제 해결 완료 ==="
# 4단계: 결과 확인
echo "4단계: 배포 결과 확인"
kubectl get deployments -n $NAMESPACE -o wide
echo ""
echo "Pod 상태 확인:"
kubectl get pods -n $NAMESPACE