add manifest

deployment/database/deploy_db.sh

@@ -1,20 +1,37 @@
 #!/bin/bash
 
+# 사용법 함수 정의
+usage() {
+    echo "Usage: $0 <namespace>"
+    echo "Example: $0 myapp-ns"
+    echo "This script creates PostgreSQL databases for member, mysub, and recommend services in the specified namespace."
+    exit 1
+}
+
+# 파라미터 체크
+if [ $# -ne 1 ]; then
+    usage
+fi
+
+NAMESPACE=$1
+
 # Namespace 존재 여부 확인 후 생성
-if ! kubectl get namespace lifesub-ns &> /dev/null; then
+if ! kubectl get namespace ${NAMESPACE} &> /dev/null; then
-    kubectl create namespace lifesub-ns
+    echo "Creating namespace: ${NAMESPACE}"
+    kubectl create namespace ${NAMESPACE}
 fi
 
 # Namespace 전환
-kubens lifesub-ns
+echo "Switching to namespace: ${NAMESPACE}"
+kubens ${NAMESPACE}
 
-# 각 서비스별 설정 및 배포
+# 각 서비스별 설치
 for service in member mysub recommend; do
-    # values 파일 생성
+    echo "Installing PostgreSQL for ${service} service..."
-    cat << EOF > values-${service}.yaml
+
-# PostgreSQL 아키텍처 설정
+    # Helm으로 PostgreSQL 설치 - heredoc으로 직접 values 전달
+    helm upgrade -i ${service} bitnami/postgresql --version 14.3.2 --values - <<EOF
 architecture: standalone
-# 글로벌 설정
 global:
   postgresql:
     auth:
@@ -24,14 +41,11 @@ global:
       username: "admin"
       password: "Passw0rd"
   storageClass: "managed"
-
-# Primary 설정
 primary:
   persistence:
     enabled: true
     storageClass: "managed"
     size: 10Gi
-
   resources:
     limits:
       memory: "1Gi"
@@ -39,21 +53,19 @@ primary:
     requests:
       memory: "0.5Gi"
       cpu: "0.5"
-
-# 네트워크 설정
 service:
   type: ClusterIP
   ports:
     postgresql: 5432
-# 보안 설정
 securityContext:
   enabled: true
   fsGroup: 1001
   runAsUser: 1001
 EOF
 
-    # Service 파일 생성
+    echo "Creating external service for ${service}..."
-    cat << EOF > svc-${service}.yaml
+    # External Service 생성 - heredoc으로 직접 manifest 적용
+    kubectl apply -f - <<EOF
 apiVersion: v1
 kind: Service
 metadata:
@@ -71,9 +83,6 @@ spec:
   type: LoadBalancer
 EOF
 
-    # Helm으로 PostgreSQL 설치
-    helm upgrade -i ${service} -f values-${service}.yaml bitnami/postgresql --version 14.3.2
-
-    # 외부 서비스 생성
-    kubectl apply -f svc-${service}.yaml
 done
+
+echo "Installation completed successfully in namespace: ${NAMESPACE}"

deployment/database/values-member.yaml

@@ -1,89 +0,0 @@
-# PostgreSQL 아키텍처 설정
-architecture: replication
-
-# 글로벌 설정
-global:
-  postgresql:
-    auth:
-      postgresPassword: "Passw0rd"
-      replicationPassword: "Passw0rd"
-      database: "member"
-      username: "admin"
-      password: "Passw0rd"
-  storageClass: "managed"
-
-# Primary 설정
-primary:
-  persistence:
-    enabled: true
-    storageClass: "managed"
-    size: 10Gi
-
-  resources:
-    limits:
-      memory: "4Gi"
-      cpu: "1"
-    requests:
-      memory: "2Gi"
-      cpu: "0.5"
-
-  # 성능 최적화 설정
-  extraEnvVars:
-    - name: POSTGRESQL_SHARED_BUFFERS
-      value: "1GB"
-    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
-      value: "3GB"
-    - name: POSTGRESQL_MAX_CONNECTIONS
-      value: "200"
-    - name: POSTGRESQL_WORK_MEM
-      value: "16MB"
-    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
-      value: "256MB"
-
-  # 고가용성 설정
-  podAntiAffinityPreset: soft
-
-# Secondary 설정
-readReplicas:
-  replicaCount: 2
-
-  persistence:
-    enabled: true
-    storageClass: "managed"
-    size: 10Gi
-
-  resources:
-    limits:
-      memory: "2Gi"
-      cpu: "1"
-    requests:
-      memory: "1Gi"
-      cpu: "0.5"
-
-  # 성능 최적화 설정
-  extraEnvVars:
-    - name: POSTGRESQL_SHARED_BUFFERS
-      value: "1GB"
-    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
-      value: "3GB"
-    - name: POSTGRESQL_MAX_CONNECTIONS
-      value: "200"
-    - name: POSTGRESQL_WORK_MEM
-      value: "16MB"
-    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
-      value: "256MB"
-
-  # 고가용성 설정
-  podAntiAffinityPreset: soft
-
-# 네트워크 설정
-service:
-  type: ClusterIP
-  ports:
-    postgresql: 5432
-
-# 보안 설정
-securityContext:
-  enabled: true
-  fsGroup: 1001
-  runAsUser: 1001

deployment/database/values-mysub.yaml

@@ -1,89 +0,0 @@
-# PostgreSQL 아키텍처 설정
-architecture: replication
-
-# 글로벌 설정
-global:
-  postgresql:
-    auth:
-      postgresPassword: "Passw0rd"
-      replicationPassword: "Passw0rd"
-      database: "mysub"
-      username: "admin"
-      password: "Passw0rd"
-  storageClass: "managed"
-
-# Primary 설정
-primary:
-  persistence:
-    enabled: true
-    storageClass: "managed"
-    size: 10Gi
-
-  resources:
-    limits:
-      memory: "4Gi"
-      cpu: "1"
-    requests:
-      memory: "2Gi"
-      cpu: "0.5"
-
-  # 성능 최적화 설정
-  extraEnvVars:
-    - name: POSTGRESQL_SHARED_BUFFERS
-      value: "1GB"
-    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
-      value: "3GB"
-    - name: POSTGRESQL_MAX_CONNECTIONS
-      value: "200"
-    - name: POSTGRESQL_WORK_MEM
-      value: "16MB"
-    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
-      value: "256MB"
-
-  # 고가용성 설정
-  podAntiAffinityPreset: soft
-
-# Secondary 설정
-readReplicas:
-  replicaCount: 2
-
-  persistence:
-    enabled: true
-    storageClass: "managed"
-    size: 10Gi
-
-  resources:
-    limits:
-      memory: "2Gi"
-      cpu: "1"
-    requests:
-      memory: "1Gi"
-      cpu: "0.5"
-
-  # 성능 최적화 설정
-  extraEnvVars:
-    - name: POSTGRESQL_SHARED_BUFFERS
-      value: "1GB"
-    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
-      value: "3GB"
-    - name: POSTGRESQL_MAX_CONNECTIONS
-      value: "200"
-    - name: POSTGRESQL_WORK_MEM
-      value: "16MB"
-    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
-      value: "256MB"
-
-  # 고가용성 설정
-  podAntiAffinityPreset: soft
-
-# 네트워크 설정
-service:
-  type: ClusterIP
-  ports:
-    postgresql: 5432
-
-# 보안 설정
-securityContext:
-  enabled: true
-  fsGroup: 1001
-  runAsUser: 1001

deployment/database/values-recommend.yaml

@@ -1,89 +0,0 @@
-# PostgreSQL 아키텍처 설정
-architecture: replication
-
-# 글로벌 설정
-global:
-  postgresql:
-    auth:
-      postgresPassword: "Passw0rd"
-      replicationPassword: "Passw0rd"
-      database: "recommend"
-      username: "admin"
-      password: "Passw0rd"
-  storageClass: "managed"
-
-# Primary 설정
-primary:
-  persistence:
-    enabled: true
-    storageClass: "managed"
-    size: 10Gi
-
-  resources:
-    limits:
-      memory: "4Gi"
-      cpu: "1"
-    requests:
-      memory: "2Gi"
-      cpu: "0.5"
-
-  # 성능 최적화 설정
-  extraEnvVars:
-    - name: POSTGRESQL_SHARED_BUFFERS
-      value: "1GB"
-    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
-      value: "3GB"
-    - name: POSTGRESQL_MAX_CONNECTIONS
-      value: "200"
-    - name: POSTGRESQL_WORK_MEM
-      value: "16MB"
-    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
-      value: "256MB"
-
-  # 고가용성 설정
-  podAntiAffinityPreset: soft
-
-# Secondary 설정
-readReplicas:
-  replicaCount: 2
-
-  persistence:
-    enabled: true
-    storageClass: "managed"
-    size: 10Gi
-
-  resources:
-    limits:
-      memory: "2Gi"
-      cpu: "1"
-    requests:
-      memory: "1Gi"
-      cpu: "0.5"
-
-  # 성능 최적화 설정
-  extraEnvVars:
-    - name: POSTGRESQL_SHARED_BUFFERS
-      value: "1GB"
-    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
-      value: "3GB"
-    - name: POSTGRESQL_MAX_CONNECTIONS
-      value: "200"
-    - name: POSTGRESQL_WORK_MEM
-      value: "16MB"
-    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
-      value: "256MB"
-
-  # 고가용성 설정
-  podAntiAffinityPreset: soft
-
-# 네트워크 설정
-service:
-  type: ClusterIP
-  ports:
-    postgresql: 5432
-
-# 보안 설정
-securityContext:
-  enabled: true
-  fsGroup: 1001
-  runAsUser: 1001

deployment/database/values.template.yaml

@@ -1,89 +0,0 @@
-# PostgreSQL 아키텍처 설정
-architecture: replication
-
-# 글로벌 설정
-global:
-  postgresql:
-    auth:
-      postgresPassword: "Passw0rd"
-      replicationPassword: "Passw0rd"
-      database: "${DATABASE}"
-      username: "admin"
-      password: "Passw0rd"
-  storageClass: "managed"
-
-# Primary 설정
-primary:
-  persistence:
-    enabled: true
-    storageClass: "managed"
-    size: 10Gi
-
-  resources:
-    limits:
-      memory: "4Gi"
-      cpu: "1"
-    requests:
-      memory: "2Gi"
-      cpu: "0.5"
-
-  # 성능 최적화 설정
-  extraEnvVars:
-    - name: POSTGRESQL_SHARED_BUFFERS
-      value: "1GB"
-    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
-      value: "3GB"
-    - name: POSTGRESQL_MAX_CONNECTIONS
-      value: "200"
-    - name: POSTGRESQL_WORK_MEM
-      value: "16MB"
-    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
-      value: "256MB"
-
-  # 고가용성 설정
-  podAntiAffinityPreset: soft
-
-# Secondary 설정
-readReplicas:
-  replicaCount: 2
-
-  persistence:
-    enabled: true
-    storageClass: "managed"
-    size: 10Gi
-
-  resources:
-    limits:
-      memory: "2Gi"
-      cpu: "1"
-    requests:
-      memory: "1Gi"
-      cpu: "0.5"
-
-  # 성능 최적화 설정
-  extraEnvVars:
-    - name: POSTGRESQL_SHARED_BUFFERS
-      value: "1GB"
-    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
-      value: "3GB"
-    - name: POSTGRESQL_MAX_CONNECTIONS
-      value: "200"
-    - name: POSTGRESQL_WORK_MEM
-      value: "16MB"
-    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
-      value: "256MB"
-
-  # 고가용성 설정
-  podAntiAffinityPreset: soft
-
-# 네트워크 설정
-service:
-  type: ClusterIP
-  ports:
-    postgresql: 5432
-
-# 보안 설정
-securityContext:
-  enabled: true
-  fsGroup: 1001
-  runAsUser: 1001

deployment/manifest/configmaps/common-config.yaml

@@ -6,4 +6,4 @@ metadata:
 data:
   JPA_DDL_AUTO: update
   JPA_SHOW_SQL: "true"
-  ALLOWED_ORIGINS: "http://lifesub-web"
+  ALLOWED_ORIGINS: "http://localhost*,http://lifesub-web*"

deployment/manifest/deployments/member-deployment.yaml

@@ -35,3 +35,22 @@ spec:
                 name: common-secret
             - secretRef:
                 name: member-secret
+          startupProbe:
+            httpGet:
+              path: /actuator/health
+              port: 8081
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            failureThreshold: 30
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: 8081
+            initialDelaySeconds: 10
+            periodSeconds: 5
+          livenessProbe:
+            httpGet:
+              path: /actuator/health/liveness
+              port: 8081
+            initialDelaySeconds: 60
+            periodSeconds: 15

deployment/manifest/deployments/mysub-deployment.yaml

@@ -35,21 +35,22 @@ spec:
                 name: common-secret
             - secretRef:
                 name: mysub-secret
-          #startupProbe:
+          startupProbe:
-          #  tcpSocket:
-          #    port: 5432
-          #  initialDelaySeconds: 30
-          #  periodSeconds: 10
-          #  failureThreshold: 30
-          readinessProbe:
             httpGet:
               path: /actuator/health
               port: 8082
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            failureThreshold: 30
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: 8082
             initialDelaySeconds: 10
             periodSeconds: 5
           livenessProbe:
             httpGet:
-              path: /actuator/health
+              path: /actuator/health/readiness
               port: 8082
             initialDelaySeconds: 60
             periodSeconds: 15

deployment/manifest/deployments/recommend-deployment.yaml

@@ -35,21 +35,22 @@ spec:
                 name: common-secret
             - secretRef:
                 name: recommend-secret
-          #startupProbe:
+          startupProbe:
-          #  tcpSocket:
-          #    port: 5432
-          #  initialDelaySeconds: 30
-          #  periodSeconds: 10
-          #  failureThreshold: 30
-          readinessProbe:
             httpGet:
               path: /actuator/health
               port: 8083
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            failureThreshold: 30
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: 8083
             initialDelaySeconds: 10
             periodSeconds: 5
           livenessProbe:
             httpGet:
-              path: /actuator/health
+              path: /actuator/health/liveness
               port: 8083
             initialDelaySeconds: 60
             periodSeconds: 15

deployment/manifest/ingresses/ingress.yaml

@@ -0,0 +1,34 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: backend-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - http:
+        paths:
+          - path: /member(/|$)(.*)
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: member
+                port:
+                  number: 80
+          - path: /mysub(/|$)(.*)
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: mysub
+                port:
+                  number: 80
+          - path: /recommend(/|$)(.*)
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: recommend
+                port:
+                  number: 80

member/src/main/java/com/unicorn/lifesub/member/config/SecurityConfig.java

@@ -23,6 +23,7 @@ import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import java.util.Arrays;
+import java.util.List;
 
 @Slf4j
 @Configuration      //Config 레이어의 클래스임을 나타내며 Bean클래스로 등록되어 실행시 자동으로 객체가 생성됨
@@ -78,40 +79,16 @@ public class SecurityConfig {
     }
 
     @Bean
-    public CorsConfigurationSource corsConfigurationSource() {
+    protected CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
-
+        //configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));
-        // 허용된 origin 로깅
+        configuration.setAllowedOriginPatterns(Arrays.asList(allowedOrigins.split(",")));
-        log.info("Allowed origins: {}", allowedOrigins);
+        configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
-        String[] origins = allowedOrigins.split(",");
+        configuration.setAllowedHeaders(List.of("*"));
-        for (String origin : origins) {
-            log.info("Adding allowed origin: {}", origin.trim());
-            configuration.addAllowedOrigin(origin.trim());
-        }
-
-        // HTTP 메서드 설정
-        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
-
-        // 헤더 설정
-        configuration.setAllowedHeaders(Arrays.asList(
-                "Authorization",
-                "Content-Type",
-                "X-Requested-With",
-                "Accept",
-                "Origin",
-                "Access-Control-Request-Method",
-                "Access-Control-Request-Headers"
-        ));
-
-        // 인증 정보 허용
         configuration.setAllowCredentials(true);
 
-        // preflight 요청의 캐시 시간 설정 (1시간)
-        configuration.setMaxAge(3600L);
-
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", configuration);
-
         return source;
     }
 

mysub-infra/src/main/java/com/unicorn/lifesub/mysub/infra/config/SecurityConfig.java

@@ -63,7 +63,8 @@ public class SecurityConfig {
     @Bean
     protected CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));
+        //configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));
+        configuration.setAllowedOriginPatterns(Arrays.asList(allowedOrigins.split(",")));
         configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
         configuration.setAllowedHeaders(List.of("*"));
         configuration.setAllowCredentials(true);

recommend/src/main/java/com/unicorn/lifesub/recommend/config/SecurityConfig.java

@@ -54,7 +54,8 @@ public class SecurityConfig {
     @Bean
     protected CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));
+        //configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));
+        configuration.setAllowedOriginPatterns(Arrays.asList(allowedOrigins.split(",")));
         configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
         configuration.setAllowedHeaders(List.of("*"));
         configuration.setAllowCredentials(true);