backend-cicd.yaml 파일 끝 개행 추가

🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
이미지 풀 시크릿 파일 삭제
2025-12-05 23:56:23 +00:00 · 2025-12-02 16:28:53 +09:00 · 2025-12-02 16:14:59 +09:00 · 2025-12-02 16:09:21 +09:00
22 changed files with 138 additions and 424 deletions
--- a/.github/kustomize/base/api-gateway/deployment.yaml
+++ b/.github/kustomize/base/api-gateway/deployment.yaml
@ -16,7 +16,7 @@ spec:
      - name: phonebill
      containers:
      - name: api-gateway
-        image: acrdigitalgarage01.azurecr.io/phonebill/api-gateway:latest
+        image: docker.io/hiondal/api-gateway:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 8080
--- a/.github/kustomize/base/bill-service/deployment.yaml
+++ b/.github/kustomize/base/bill-service/deployment.yaml
@ -16,7 +16,7 @@ spec:
      - name: phonebill
      containers:
      - name: bill-service
-        image: acrdigitalgarage01.azurecr.io/phonebill/bill-service:latest
+        image: docker.io/hiondal/bill-service:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 8082
--- a/.github/kustomize/base/bill-service/secret-bill-service.yaml
+++ b/.github/kustomize/base/bill-service/secret-bill-service.yaml
@ -4,7 +4,7 @@ metadata:
  name: secret-bill-service
 type: Opaque
 stringData:
-  DB_HOST: "bill-inquiry-postgres-dev-postgresql"
-  DB_NAME: "bill_inquiry_db"
-  DB_USERNAME: "bill_inquiry_user"
-  DB_PASSWORD: "BillUser2025@"
+  DB_HOST: "inquiry-postgresql "
+  DB_NAME: "inquirydb"
+  DB_USERNAME: "unicorn"
+  DB_PASSWORD: "P@ssw0rd$"
--- a/.github/kustomize/base/common/cm-common.yaml
+++ b/.github/kustomize/base/common/cm-common.yaml
@ -3,7 +3,7 @@ kind: ConfigMap
 metadata:
  name: cm-common
 data:
-  CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill-dg0500.20.214.196.128.nip.io"
+  CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.52.231.227.173.nip.io"
  JWT_ACCESS_TOKEN_VALIDITY: "18000000"
  JWT_REFRESH_TOKEN_VALIDITY: "86400000"
  REDIS_PORT: "6379"
--- a/.github/kustomize/base/common/ingress.yaml
+++ b/.github/kustomize/base/common/ingress.yaml
@ -8,7 +8,7 @@ metadata:
 spec:
  ingressClassName: nginx
  rules:
-  - host: phonebill-dg0500-api.20.214.196.128.nip.io
+  - host: phonebill-api.52.231.227.173.nip.io
    http:
      paths:
      - path: /api/v1/auth
--- a/.github/kustomize/base/common/secret-common.yaml
+++ b/.github/kustomize/base/common/secret-common.yaml
@ -5,5 +5,5 @@ metadata:
 type: Opaque
 stringData:
  JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
-  REDIS_HOST: "redis-cache-dev-master"
-  REDIS_PASSWORD: "Redis2025Dev@"
+  REDIS_HOST: "cache-redis-master"
+  REDIS_PASSWORD: "P@ssw0rd$"
--- a/.github/kustomize/base/common/secret-imagepull.yaml
+++ b/.github/kustomize/base/common/secret-imagepull.yaml
@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: phonebill
-type: kubernetes.io/dockerconfigjson
-stringData:
-  .dockerconfigjson: |
-    {
-      "auths": {
-        "acrdigitalgarage01.azurecr.io": {
-          "username": "acrdigitalgarage01",
-          "password": "+OY+rmOagorjWvQe/tTk6oqvnZI8SmNbY/Y2o5EDcY+ACRDCDbYk",
-          "auth": "YWNyZGlnaXRhbGdhcmFnZTAxOitPWStybU9hZ29yald2UWUvdFRrNm9xdm5aSThTbU5iWS9ZMm81RURjWStBQ1JEQ0RiWWs="
-        }
-      }
-    }
--- a/.github/kustomize/base/kos-mock/deployment.yaml
+++ b/.github/kustomize/base/kos-mock/deployment.yaml
@ -16,7 +16,7 @@ spec:
      - name: phonebill
      containers:
      - name: kos-mock
-        image: acrdigitalgarage01.azurecr.io/phonebill/kos-mock:latest
+        image: docker.io/hiondal/kos-mock:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 8084
--- a/.github/kustomize/base/kustomization.yaml
+++ b/.github/kustomize/base/kustomization.yaml
@ -8,7 +8,6 @@ resources:
  # Common resources
  - common/cm-common.yaml
  - common/secret-common.yaml
-  - common/secret-imagepull.yaml
  - common/ingress.yaml

  # API Gateway
@ -40,13 +39,13 @@ resources:
  - kos-mock/cm-kos-mock.yaml

 images:
-  - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
+  - name: docker.io/hiondal/api-gateway
    newTag: latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/user-service
+  - name: docker.io/hiondal/user-service
    newTag: latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
+  - name: docker.io/hiondal/bill-service
    newTag: latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/product-service
+  - name: docker.io/hiondal/product-service
    newTag: latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
+  - name: docker.io/hiondal/kos-mock
    newTag: latest
--- a/.github/kustomize/base/product-service/deployment.yaml
+++ b/.github/kustomize/base/product-service/deployment.yaml
@ -16,7 +16,7 @@ spec:
      - name: phonebill
      containers:
      - name: product-service
-        image: acrdigitalgarage01.azurecr.io/phonebill/product-service:latest
+        image: docker.io/hiondal/product-service:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 8083
--- a/.github/kustomize/base/product-service/secret-product-service.yaml
+++ b/.github/kustomize/base/product-service/secret-product-service.yaml
@ -4,7 +4,7 @@ metadata:
  name: secret-product-service
 type: Opaque
 stringData:
-  DB_HOST: "product-change-postgres-dev-postgresql"
-  DB_NAME: "product_change_db"
-  DB_USERNAME: "product_change_user"
-  DB_PASSWORD: "ProductUser2025@"
+  DB_HOST: "change-postgresql"
+  DB_NAME: "changedb"
+  DB_USERNAME: "unicorn"
+  DB_PASSWORD: "P@ssw0rd$"
--- a/.github/kustomize/base/user-service/deployment.yaml
+++ b/.github/kustomize/base/user-service/deployment.yaml
@ -16,7 +16,7 @@ spec:
      - name: phonebill
      containers:
      - name: user-service
-        image: acrdigitalgarage01.azurecr.io/phonebill/user-service:latest
+        image: docker.io/hiondal/user-service:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 8081
--- a/.github/kustomize/base/user-service/secret-user-service.yaml
+++ b/.github/kustomize/base/user-service/secret-user-service.yaml
@ -4,7 +4,7 @@ metadata:
  name: secret-user-service
 type: Opaque
 stringData:
-  DB_HOST: "auth-postgres-dev-postgresql"
-  DB_NAME: "phonebill_auth"
-  DB_USERNAME: "auth_user"
-  DB_PASSWORD: "AuthUser2025@"
+  DB_HOST: "auth-postgresql"
+  DB_NAME: "authdb"
+  DB_USERNAME: "unicorn"
+  DB_PASSWORD: "P@ssw0rd$"
--- a/.github/kustomize/overlays/dev/cm-common-patch.yaml
+++ b/.github/kustomize/overlays/dev/cm-common-patch.yaml
@ -3,7 +3,7 @@ kind: ConfigMap
 metadata:
  name: cm-common
 data:
-  CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill-dg0500.20.214.196.128.nip.io"
+  CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill.52.231.227.173.nip.io"
  JWT_ACCESS_TOKEN_VALIDITY: "3600000"
  JWT_REFRESH_TOKEN_VALIDITY: "86400000"
  REDIS_PORT: "6379"
--- a/.github/kustomize/overlays/dev/ingress-patch.yaml
+++ b/.github/kustomize/overlays/dev/ingress-patch.yaml
@ -8,7 +8,7 @@ metadata:
 spec:
  ingressClassName: nginx
  rules:
-  - host: phonebill-dg0500-api.20.214.196.128.nip.io
+  - host: phonebill-api.52.231.227.173.nip.io
    http:
      paths:
      - path: /api/v1/auth
--- a/.github/kustomize/overlays/dev/kustomization.yaml
+++ b/.github/kustomize/overlays/dev/kustomization.yaml
@ -1,7 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

-namespace: phonebill-dg0500
+namespace: phonebill

 resources:
  - ../../base
@ -64,13 +64,13 @@ patches:
      name: kos-mock

 images:
-  - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway
+  - name: docker.io/hiondal/api-gateway
    newTag: dev-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/user-service
+  - name: docker.io/hiondal/user-service
    newTag: dev-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/bill-service
+  - name: docker.io/hiondal/bill-service
    newTag: dev-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/product-service
+  - name: docker.io/hiondal/product-service
    newTag: dev-latest
-  - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock
+  - name: docker.io/hiondal/kos-mock
    newTag: dev-latest
--- a/.github/kustomize/overlays/dev/secret-bill-service-patch.yaml
+++ b/.github/kustomize/overlays/dev/secret-bill-service-patch.yaml
@ -4,7 +4,7 @@ metadata:
  name: secret-bill-service
 type: Opaque
 stringData:
-  DB_HOST: "bill-inquiry-postgres-dev-postgresql"
-  DB_NAME: "bill_inquiry_db"
-  DB_USERNAME: "bill_inquiry_user"
-  DB_PASSWORD: "BillUser2025@"
+  DB_HOST: "inquiry-postgresql "
+  DB_NAME: "inquirydb"
+  DB_USERNAME: "unicorn"
+  DB_PASSWORD: "P@ssw0rd$"
--- a/.github/kustomize/overlays/dev/secret-common-patch.yaml
+++ b/.github/kustomize/overlays/dev/secret-common-patch.yaml
@ -5,5 +5,5 @@ metadata:
 type: Opaque
 stringData:
  JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ=="
-  REDIS_HOST: "redis-cache-dev-master"
-  REDIS_PASSWORD: "Redis2025Dev@"
+  REDIS_HOST: "cache-redis-master"
+  REDIS_PASSWORD: "P@ssw0rd$"
--- a/.github/kustomize/overlays/dev/secret-product-service-patch.yaml
+++ b/.github/kustomize/overlays/dev/secret-product-service-patch.yaml
@ -4,7 +4,7 @@ metadata:
  name: secret-product-service
 type: Opaque
 stringData:
-  DB_HOST: "product-change-postgres-dev-postgresql"
-  DB_NAME: "product_change_db"
-  DB_USERNAME: "product_change_user"
-  DB_PASSWORD: "ProductUser2025@"
+  DB_HOST: "change-postgresql"
+  DB_NAME: "changedb"
+  DB_USERNAME: "unicorn"
+  DB_PASSWORD: "P@ssw0rd$"
--- a/.github/kustomize/overlays/dev/secret-user-service-patch.yaml
+++ b/.github/kustomize/overlays/dev/secret-user-service-patch.yaml
@ -4,7 +4,7 @@ metadata:
  name: secret-user-service
 type: Opaque
 stringData:
-  DB_HOST: "auth-postgres-dev-postgresql"
-  DB_NAME: "phonebill_auth"
-  DB_USERNAME: "auth_user"
-  DB_PASSWORD: "AuthUser2025@"
+  DB_HOST: "auth-postgresql"
+  DB_NAME: "authdb"
+  DB_USERNAME: "unicorn"
+  DB_PASSWORD: "P@ssw0rd$"
--- a/.github/workflows/backend-cicd.yaml
+++ b/.github/workflows/backend-cicd.yaml
@ -1,4 +1,4 @@
-name: Backend Services CI/CD
+name: Backend Services CI/CD (Generic K8s)

 on:
  push:
@ -13,40 +13,24 @@ on:
      - '.github/**'
  pull_request:
    branches: [ main ]
-  workflow_dispatch:
-    inputs:
-      ENVIRONMENT:
-        description: 'Target environment'
-        required: true
-        default: 'dev'
-        type: choice
-        options:
-          - dev
-          - staging
-          - prod
-      SKIP_SONARQUBE:
-        description: 'Skip SonarQube Analysis'
-        required: false
-        default: 'true'
-        type: choice
-        options:
-          - 'true'
-          - 'false'

 env:
-  REGISTRY: acrdigitalgarage01.azurecr.io
-  IMAGE_ORG: phonebill
-  RESOURCE_GROUP: rg-digitalgarage-01
-  AKS_CLUSTER: aks-digitalgarage-01
-  NAMESPACE: phonebill-dg0500
+  # ============================================
+  # 변경: Azure ACR → Docker Hub
+  # ============================================
+  REGISTRY: docker.io
+  IMAGE_ORG: ${{ secrets.DOCKERHUB_USERNAME }}
+  NAMESPACE: phonebill
+
+  # SSH 터널링용
+  MINIKUBE_IP: "192.168.49.2"

 jobs:
  build:
    name: Build and Test
    runs-on: ubuntu-latest
    outputs:
-      #image_tag: ${{ steps.set_outputs.outputs.image_tag }}
-      image_tag: dg0500
+      image_tag: ${{ steps.set_outputs.outputs.image_tag }}
      environment: ${{ steps.set_outputs.outputs.environment }}

    steps:
@ -63,47 +47,10 @@ jobs:
      - name: Determine environment
        id: determine_env
        run: |
-          # Use input parameter or default to 'dev'
-          ENVIRONMENT="${{ github.event.inputs.ENVIRONMENT || 'dev' }}"
+          # workflow_dispatch 입력값 우선, 없으면 vars 사용
+          ENVIRONMENT="${{ vars.ENVIRONMENT || 'dev' }}"
          echo "environment=$ENVIRONMENT" >> $GITHUB_OUTPUT

-      - name: Load environment variables
-        id: env_vars
-        run: |
-          ENV=${{ steps.determine_env.outputs.environment }}
-
-          # Initialize variables with defaults
-          REGISTRY="acrdigitalgarage01.azurecr.io"
-          IMAGE_ORG="phonebill"
-          RESOURCE_GROUP="rg-digitalgarage-01"
-          AKS_CLUSTER="aks-digitalgarage-01"
-          NAMESPACE="phonebill-dg0500"
-
-          # Read environment variables from .github/config file
-          if [[ -f ".github/config/deploy_env_vars_${ENV}" ]]; then
-            while IFS= read -r line || [[ -n "$line" ]]; do
-              # Skip comments and empty lines
-              [[ "$line" =~ ^#.*$ ]] && continue
-              [[ -z "$line" ]] && continue
-
-              # Extract key-value pairs
-              key=$(echo "$line" | cut -d '=' -f1)
-              value=$(echo "$line" | cut -d '=' -f2-)
-
-              # Override defaults if found in config
-              case "$key" in
-                "resource_group") RESOURCE_GROUP="$value" ;;
-                "cluster_name") AKS_CLUSTER="$value" ;;
-              esac
-            done < ".github/config/deploy_env_vars_${ENV}"
-          fi
-
-          # Export for other jobs
-          echo "REGISTRY=$REGISTRY" >> $GITHUB_ENV
-          echo "IMAGE_ORG=$IMAGE_ORG" >> $GITHUB_ENV
-          echo "RESOURCE_GROUP=$RESOURCE_GROUP" >> $GITHUB_ENV
-          echo "AKS_CLUSTER=$AKS_CLUSTER" >> $GITHUB_ENV
-
      - name: Grant execute permission for gradlew
        run: chmod +x gradlew

@ -112,19 +59,12 @@ jobs:
          ./gradlew build -x test

      - name: SonarQube Analysis & Quality Gate
+        if: ${{ vars.SKIP_SONARQUBE != 'true' }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
        run: |
-          # Check if SonarQube should be skipped
-          SKIP_SONARQUBE="${{ github.event.inputs.SKIP_SONARQUBE || 'true' }}"
-
-          if [[ "$SKIP_SONARQUBE" == "true" ]]; then
-            echo "⏭️ Skipping SonarQube Analysis (SKIP_SONARQUBE=$SKIP_SONARQUBE)"
-            exit 0
-          fi
-
          # Define services array
          services=(api-gateway user-service bill-service product-service kos-mock)

@ -154,7 +94,6 @@ jobs:
      - name: Set outputs
        id: set_outputs
        run: |
-          # Generate timestamp for image tag
          IMAGE_TAG=$(date +%Y%m%d%H%M%S)
          echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
          echo "environment=${{ steps.determine_env.outputs.environment }}" >> $GITHUB_OUTPUT
@ -175,27 +114,21 @@ jobs:

      - name: Set environment variables from build job
        run: |
-          echo "REGISTRY=${{ env.REGISTRY }}" >> $GITHUB_ENV
-          echo "IMAGE_ORG=${{ env.IMAGE_ORG }}" >> $GITHUB_ENV
          echo "ENVIRONMENT=${{ needs.build.outputs.environment }}" >> $GITHUB_ENV
          echo "IMAGE_TAG=${{ needs.build.outputs.image_tag }}" >> $GITHUB_ENV

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

-      - name: Login to Docker Hub (prevent rate limit)
+      # ============================================
+      # 변경: Docker Hub 로그인만 사용
+      # ============================================
+      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

-      - name: Login to Azure Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ secrets.ACR_USERNAME }}
-          password: ${{ secrets.ACR_PASSWORD }}
-
      - name: Build and push Docker images for all services
        run: |
          # Define services array
@ -208,9 +141,11 @@ jobs:
              --build-arg BUILD_LIB_DIR="$service/build/libs" \
              --build-arg ARTIFACTORY_FILE="$service.jar" \
              -f deployment/container/Dockerfile-backend \
-              -t ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }} .
+              -t ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }} \
+              -t ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/$service:${{ needs.build.outputs.environment }}-latest .

-            docker push ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }}
+            docker push ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }}
+            docker push ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/$service:${{ needs.build.outputs.environment }}-latest
          done

  deploy:
@ -222,31 +157,68 @@ jobs:
      - name: Check out code
        uses: actions/checkout@v4

-      - name: Set image tag environment variable
+      - name: Set environment variables
        run: |
          echo "IMAGE_TAG=${{ needs.build.outputs.image_tag }}" >> $GITHUB_ENV
          echo "ENVIRONMENT=${{ needs.build.outputs.environment }}" >> $GITHUB_ENV

-      - name: Install Azure CLI
+      # ============================================
+      # 변경: Azure CLI/Login 제거 → SSH 터널링
+      # ============================================
+      - name: Setup SSH key
        run: |
-          curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
+          mkdir -p ~/.ssh
+          echo "${{ secrets.VM_SSH_KEY }}" > ~/.ssh/vm_key
+          chmod 600 ~/.ssh/vm_key
+          ssh-keyscan -H ${{ secrets.VM_IP }} >> ~/.ssh/known_hosts 2>/dev/null || true

-      - name: Azure Login
-        uses: azure/login@v1
-        with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
+      - name: Create SSH tunnel to Minikube
+        run: |
+          ssh -i ~/.ssh/vm_key \
+              -o StrictHostKeyChecking=no \
+              -o ServerAliveInterval=60 \
+              -L 8443:${{ env.MINIKUBE_IP }}:8443 \
+              ${{ secrets.VM_USER }}@${{ secrets.VM_IP }} -N &

+          sleep 5
+          echo "✅ SSH tunnel established"
+
+      # ============================================
+      # 변경: az aks get-credentials → KUBECONFIG Secret
+      # ============================================
      - name: Setup kubectl
        uses: azure/setup-kubectl@v3

-      - name: Get AKS Credentials
+      - name: Configure kubectl via KUBECONFIG
        run: |
-          az aks get-credentials --resource-group ${{ env.RESOURCE_GROUP }} --name ${{ env.AKS_CLUSTER }} --overwrite-existing
+          mkdir -p $HOME/.kube
+          echo "${{ secrets.KUBECONFIG }}" > $HOME/.kube/config
+          chmod 600 $HOME/.kube/config
+
+          # server 주소를 localhost:8443으로 변경 (SSH 터널 통해 접근)
+          sed -i 's|server:.*|server: https://127.0.0.1:8443|g' $HOME/.kube/config
+
+      - name: Verify cluster connection
+        run: |
+          kubectl cluster-info
+          kubectl get nodes

      - name: Create namespace
        run: |
          kubectl create namespace ${{ env.NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f -

+      # ============================================
+      # 추가: Docker Hub pull secret 생성
+      # ============================================
+      - name: Create image pull secret
+        run: |
+          kubectl create secret docker-registry dockerhub-secret \
+            --docker-server=docker.io \
+            --docker-username=${{ secrets.DOCKERHUB_USERNAME }} \
+            --docker-password=${{ secrets.DOCKERHUB_PASSWORD }} \
+            --namespace=${{ env.NAMESPACE }} \
+            --dry-run=client -o yaml | kubectl apply -f -
+
      - name: Install Kustomize
        run: |
          curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash
@ -254,17 +226,17 @@ jobs:

      - name: Update Kustomize images and deploy
        run: |
-          # 환경별 디렉토리로 이동
          cd .github/kustomize/overlays/${{ env.ENVIRONMENT }}

-          # 각 서비스별 이미지 태그 업데이트
-          kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/api-gateway:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
-          kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/user-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
-          kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/bill-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
-          kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/product-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
-          kustomize edit set image ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/kos-mock:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
+          # ============================================
+          # 변경: 이미지 경로를 Docker Hub로
+          # ============================================
+          kustomize edit set image ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/api-gateway:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
+          kustomize edit set image ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/user-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
+          kustomize edit set image ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/bill-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
+          kustomize edit set image ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/product-service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
+          kustomize edit set image ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/kos-mock:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}

-          # 매니페스트 적용
          kubectl apply -k .

      - name: Wait for deployments to be ready
@ -275,3 +247,17 @@ jobs:
          kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/bill-service --timeout=300s
          kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/product-service --timeout=300s
          kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/kos-mock --timeout=300s
+
+      - name: Show deployment status
+        run: |
+          kubectl -n ${{ env.NAMESPACE }} get pods -o wide
+          kubectl -n ${{ env.NAMESPACE }} get svc
+
+      # ============================================
+      # 추가: SSH 터널 정리
+      # ============================================
+      - name: Cleanup SSH tunnel
+        if: always()
+        run: |
+          pkill -f "ssh.*8443" || true
+
--- a/.github/workflows/backend-cicd_ArgoCD.yaml
+++ b/.github/workflows/backend-cicd_ArgoCD.yaml
@ -1,255 +0,0 @@
-name: Backend Services CI/CD (ArgoCD)
-
-on:
-  push:
-    branches: [ main, develop ]
-    paths:
-      - 'api-gateway/**'
-      - 'user-service/**'
-      - 'bill-service/**'
-      - 'product-service/**'
-      - 'kos-mock/**'
-      - 'common/**'
-      - '.github/**'
-  pull_request:
-    branches: [ main ]
-  workflow_dispatch:
-    inputs:
-      ENVIRONMENT:
-        description: 'Target environment'
-        required: true
-        default: 'dev'
-        type: choice
-        options:
-          - dev
-          - staging
-          - prod
-      SKIP_SONARQUBE:
-        description: 'Skip SonarQube Analysis'
-        required: false
-        default: 'true'
-        type: choice
-        options:
-          - 'true'
-          - 'false'
-
-env:
-  REGISTRY: acrdigitalgarage01.azurecr.io
-  IMAGE_ORG: phonebill
-  RESOURCE_GROUP: rg-digitalgarage-01
-  AKS_CLUSTER: aks-digitalgarage-01
-  NAMESPACE: phonebill-dg0500
-
-jobs:
-  build:
-    name: Build and Test
-    runs-on: ubuntu-latest
-    outputs:
-      #image_tag: ${{ steps.set_outputs.outputs.image_tag }}
-      image_tag: dg0500
-      environment: ${{ steps.set_outputs.outputs.environment }}
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-
-      - name: Set up JDK 21
-        uses: actions/setup-java@v3
-        with:
-          java-version: '21'
-          distribution: 'temurin'
-          cache: 'gradle'
-
-      - name: Determine environment
-        id: determine_env
-        run: |
-          # Use input parameter or default to 'dev'
-          ENVIRONMENT="${{ github.event.inputs.ENVIRONMENT || 'dev' }}"
-          echo "environment=$ENVIRONMENT" >> $GITHUB_OUTPUT
-
-      - name: Load environment variables
-        id: env_vars
-        run: |
-          ENV=${{ steps.determine_env.outputs.environment }}
-
-          # Initialize variables with defaults
-          REGISTRY="acrdigitalgarage01.azurecr.io"
-          IMAGE_ORG="phonebill"
-          RESOURCE_GROUP="rg-digitalgarage-01"
-          AKS_CLUSTER="aks-digitalgarage-01"
-          NAMESPACE="phonebill-dg0500"
-
-          # Read environment variables from .github/config file
-          if [[ -f ".github/config/deploy_env_vars_${ENV}" ]]; then
-            while IFS= read -r line || [[ -n "$line" ]]; do
-              # Skip comments and empty lines
-              [[ "$line" =~ ^#.*$ ]] && continue
-              [[ -z "$line" ]] && continue
-
-              # Extract key-value pairs
-              key=$(echo "$line" | cut -d '=' -f1)
-              value=$(echo "$line" | cut -d '=' -f2-)
-
-              # Override defaults if found in config
-              case "$key" in
-                "resource_group") RESOURCE_GROUP="$value" ;;
-                "cluster_name") AKS_CLUSTER="$value" ;;
-              esac
-            done < ".github/config/deploy_env_vars_${ENV}"
-          fi
-
-          # Export for other jobs
-          echo "REGISTRY=$REGISTRY" >> $GITHUB_ENV
-          echo "IMAGE_ORG=$IMAGE_ORG" >> $GITHUB_ENV
-          echo "RESOURCE_GROUP=$RESOURCE_GROUP" >> $GITHUB_ENV
-          echo "AKS_CLUSTER=$AKS_CLUSTER" >> $GITHUB_ENV
-
-      - name: Grant execute permission for gradlew
-        run: chmod +x gradlew
-
-      - name: Build with Gradle
-        run: |
-          ./gradlew build -x test
-
-      - name: SonarQube Analysis & Quality Gate
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-        run: |
-          # Check if SonarQube should be skipped
-          SKIP_SONARQUBE="${{ github.event.inputs.SKIP_SONARQUBE || 'true' }}"
-
-          if [[ "$SKIP_SONARQUBE" == "true" ]]; then
-            echo "⏭️ Skipping SonarQube Analysis (SKIP_SONARQUBE=$SKIP_SONARQUBE)"
-            exit 0
-          fi
-
-          # Define services array
-          services=(api-gateway user-service bill-service product-service kos-mock)
-
-          # Run tests, coverage reports, and SonarQube analysis for each service
-          for service in "${services[@]}"; do
-            ./gradlew :$service:test :$service:jacocoTestReport :$service:sonar \
-              -Dsonar.projectKey=phonebill-$service-${{ steps.determine_env.outputs.environment }} \
-              -Dsonar.projectName=phonebill-$service-${{ steps.determine_env.outputs.environment }} \
-              -Dsonar.host.url=$SONAR_HOST_URL \
-              -Dsonar.token=$SONAR_TOKEN \
-              -Dsonar.java.binaries=build/classes/java/main \
-              -Dsonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml \
-              -Dsonar.exclusions=**/config/**,**/entity/**,**/dto/**,**/*Application.class,**/exception/**
-          done
-
-      - name: Upload build artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: app-builds
-          path: |
-            api-gateway/build/libs/*.jar
-            user-service/build/libs/*.jar
-            bill-service/build/libs/*.jar
-            product-service/build/libs/*.jar
-            kos-mock/build/libs/*.jar
-
-      - name: Set outputs
-        id: set_outputs
-        run: |
-          # Generate timestamp for image tag
-          IMAGE_TAG=$(date +%Y%m%d%H%M%S)
-          echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
-          echo "environment=${{ steps.determine_env.outputs.environment }}" >> $GITHUB_OUTPUT
-
-  release:
-    name: Build and Push Docker Images
-    needs: build
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-
-      - name: Download build artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: app-builds
-
-      - name: Set environment variables from build job
-        run: |
-          echo "REGISTRY=${{ env.REGISTRY }}" >> $GITHUB_ENV
-          echo "IMAGE_ORG=${{ env.IMAGE_ORG }}" >> $GITHUB_ENV
-          echo "ENVIRONMENT=${{ needs.build.outputs.environment }}" >> $GITHUB_ENV
-          echo "IMAGE_TAG=${{ needs.build.outputs.image_tag }}" >> $GITHUB_ENV
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to Docker Hub (prevent rate limit)
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-      - name: Login to Azure Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ secrets.ACR_USERNAME }}
-          password: ${{ secrets.ACR_PASSWORD }}
-
-      - name: Build and push Docker images for all services
-        run: |
-          # Define services array
-          services=(api-gateway user-service bill-service product-service kos-mock)
-
-          # Build and push each service image
-          for service in "${services[@]}"; do
-            echo "Building and pushing $service..."
-            docker build \
-              --build-arg BUILD_LIB_DIR="$service/build/libs" \
-              --build-arg ARTIFACTORY_FILE="$service.jar" \
-              -f deployment/container/Dockerfile-backend \
-              -t ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }} .
-
-            docker push ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }}
-          done
-
-  update-manifest:
-    name: Update Manifest Repository
-    needs: [build, release]
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Set image tag environment variable
-      run: |
-        echo "IMAGE_TAG=${{ needs.build.outputs.image_tag }}" >> $GITHUB_ENV
-        echo "ENVIRONMENT=${{ needs.build.outputs.environment }}" >> $GITHUB_ENV
-
-    - name: Update Manifest Repository
-      run: |
-        # 매니페스트 레포지토리 클론
-        REPO_URL=$(echo "https://github.com/cna-bootcamp/phonebill-manifest.git" | sed 's|https://||')
-        git clone https://${{ secrets.GIT_USERNAME }}:${{ secrets.GIT_PASSWORD }}@${REPO_URL} manifest-repo
-        cd manifest-repo
-
-        # Kustomize 설치
-        curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash
-        sudo mv kustomize /usr/local/bin/
-
-        # 매니페스트 업데이트
-        cd phonebill/kustomize/overlays/${{ env.ENVIRONMENT }}
-
-        # 각 서비스별 이미지 태그 업데이트
-        services="api-gateway user-service bill-service product-service kos-mock"
-        for service in $services; do
-          kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/$service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}
-        done
-
-        # Git 설정 및 푸시
-        cd ../../../..
-        git config user.name "GitHub Actions"
-        git config user.email "actions@github.com"
-        git add .
-        git commit -m "🚀 Update phonebill ${{ env.ENVIRONMENT }} images to ${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}"
-        git push origin main
-
-        echo "✅ 매니페스트 업데이트 완료. ArgoCD가 자동으로 배포합니다."