add manifest

2026-06-13 13:09:10 +00:00 · 2025-02-16 12:53:00 +09:00
parent 0df82fbe63
commit aad73b3b8c
31 changed files with 112 additions and 425 deletions
@@ -1,20 +1,37 @@
 #!/bin/bash
 # 사용법 함수 정의
 usage() {
    echo "Usage: $0 <namespace>"
    echo "Example: $0 myapp-ns"
    echo "This script creates PostgreSQL databases for member, mysub, and recommend services in the specified namespace."
    exit 1
 }
 # 파라미터 체크
 if [ $# -ne 1 ]; then
    usage
 fi
 NAMESPACE=$1
 # Namespace 존재 여부 확인 후 생성
-if ! kubectl get namespace lifesub-ns &> /dev/null; then
+if ! kubectl get namespace ${NAMESPACE} &> /dev/null; then
-    kubectl create namespace lifesub-ns
+    echo "Creating namespace: ${NAMESPACE}"
    kubectl create namespace ${NAMESPACE}
 fi
 # Namespace 전환
-kubens lifesub-ns
+echo "Switching to namespace: ${NAMESPACE}"
 kubens ${NAMESPACE}
-# 각 서비스별 설정 및 배포
+# 각 서비스별 설치
 for service in member mysub recommend; do
-    # values 파일 생성
+    echo "Installing PostgreSQL for ${service} service..."
-    cat << EOF > values-${service}.yaml
+
-# PostgreSQL 아키텍처 설정
+    # Helm으로 PostgreSQL 설치 - heredoc으로 직접 values 전달
    helm upgrade -i ${service} bitnami/postgresql --version 14.3.2 --values - <<EOF
 architecture: standalone
 # 글로벌 설정
 global:
  postgresql:
    auth:
@@ -24,14 +41,11 @@ global:
      username: "admin"
      password: "Passw0rd"
  storageClass: "managed"
 # Primary 설정
 primary:
  persistence:
    enabled: true
    storageClass: "managed"
    size: 10Gi
  resources:
    limits:
      memory: "1Gi"
@@ -39,21 +53,19 @@ primary:
    requests:
      memory: "0.5Gi"
      cpu: "0.5"
 # 네트워크 설정
 service:
  type: ClusterIP
  ports:
    postgresql: 5432
 # 보안 설정
 securityContext:
  enabled: true
  fsGroup: 1001
  runAsUser: 1001
 EOF
-    # Service 파일 생성
+    echo "Creating external service for ${service}..."
-    cat << EOF > svc-${service}.yaml
+    # External Service 생성 - heredoc으로 직접 manifest 적용
    kubectl apply -f - <<EOF
 apiVersion: v1
 kind: Service
 metadata:
@@ -71,9 +83,6 @@ spec:
  type: LoadBalancer
 EOF
-    # Helm으로 PostgreSQL 설치
+done
    helm upgrade -i ${service} -f values-${service}.yaml bitnami/postgresql --version 14.3.2
-    # 외부 서비스 생성
+echo "Installation completed successfully in namespace: ${NAMESPACE}"
    kubectl apply -f svc-${service}.yaml
 done
@@ -1,89 +0,0 @@
 # PostgreSQL 아키텍처 설정
 architecture: replication
 # 글로벌 설정
 global:
  postgresql:
    auth:
      postgresPassword: "Passw0rd"
      replicationPassword: "Passw0rd"
      database: "member"
      username: "admin"
      password: "Passw0rd"
  storageClass: "managed"
 # Primary 설정
 primary:
  persistence:
    enabled: true
    storageClass: "managed"
    size: 10Gi
  resources:
    limits:
      memory: "4Gi"
      cpu: "1"
    requests:
      memory: "2Gi"
      cpu: "0.5"
  # 성능 최적화 설정
  extraEnvVars:
    - name: POSTGRESQL_SHARED_BUFFERS
      value: "1GB"
    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
      value: "3GB"
    - name: POSTGRESQL_MAX_CONNECTIONS
      value: "200"
    - name: POSTGRESQL_WORK_MEM
      value: "16MB"
    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
      value: "256MB"
  # 고가용성 설정
  podAntiAffinityPreset: soft
 # Secondary 설정
 readReplicas:
  replicaCount: 2
  persistence:
    enabled: true
    storageClass: "managed"
    size: 10Gi
  resources:
    limits:
      memory: "2Gi"
      cpu: "1"
    requests:
      memory: "1Gi"
      cpu: "0.5"
  # 성능 최적화 설정
  extraEnvVars:
    - name: POSTGRESQL_SHARED_BUFFERS
      value: "1GB"
    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
      value: "3GB"
    - name: POSTGRESQL_MAX_CONNECTIONS
      value: "200"
    - name: POSTGRESQL_WORK_MEM
      value: "16MB"
    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
      value: "256MB"
  # 고가용성 설정
  podAntiAffinityPreset: soft
 # 네트워크 설정
 service:
  type: ClusterIP
  ports:
    postgresql: 5432
 # 보안 설정
 securityContext:
  enabled: true
  fsGroup: 1001
  runAsUser: 1001
@@ -1,89 +0,0 @@
 # PostgreSQL 아키텍처 설정
 architecture: replication
 # 글로벌 설정
 global:
  postgresql:
    auth:
      postgresPassword: "Passw0rd"
      replicationPassword: "Passw0rd"
      database: "mysub"
      username: "admin"
      password: "Passw0rd"
  storageClass: "managed"
 # Primary 설정
 primary:
  persistence:
    enabled: true
    storageClass: "managed"
    size: 10Gi
  resources:
    limits:
      memory: "4Gi"
      cpu: "1"
    requests:
      memory: "2Gi"
      cpu: "0.5"
  # 성능 최적화 설정
  extraEnvVars:
    - name: POSTGRESQL_SHARED_BUFFERS
      value: "1GB"
    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
      value: "3GB"
    - name: POSTGRESQL_MAX_CONNECTIONS
      value: "200"
    - name: POSTGRESQL_WORK_MEM
      value: "16MB"
    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
      value: "256MB"
  # 고가용성 설정
  podAntiAffinityPreset: soft
 # Secondary 설정
 readReplicas:
  replicaCount: 2
  persistence:
    enabled: true
    storageClass: "managed"
    size: 10Gi
  resources:
    limits:
      memory: "2Gi"
      cpu: "1"
    requests:
      memory: "1Gi"
      cpu: "0.5"
  # 성능 최적화 설정
  extraEnvVars:
    - name: POSTGRESQL_SHARED_BUFFERS
      value: "1GB"
    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
      value: "3GB"
    - name: POSTGRESQL_MAX_CONNECTIONS
      value: "200"
    - name: POSTGRESQL_WORK_MEM
      value: "16MB"
    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
      value: "256MB"
  # 고가용성 설정
  podAntiAffinityPreset: soft
 # 네트워크 설정
 service:
  type: ClusterIP
  ports:
    postgresql: 5432
 # 보안 설정
 securityContext:
  enabled: true
  fsGroup: 1001
  runAsUser: 1001
@@ -1,89 +0,0 @@
 # PostgreSQL 아키텍처 설정
 architecture: replication
 # 글로벌 설정
 global:
  postgresql:
    auth:
      postgresPassword: "Passw0rd"
      replicationPassword: "Passw0rd"
      database: "recommend"
      username: "admin"
      password: "Passw0rd"
  storageClass: "managed"
 # Primary 설정
 primary:
  persistence:
    enabled: true
    storageClass: "managed"
    size: 10Gi
  resources:
    limits:
      memory: "4Gi"
      cpu: "1"
    requests:
      memory: "2Gi"
      cpu: "0.5"
  # 성능 최적화 설정
  extraEnvVars:
    - name: POSTGRESQL_SHARED_BUFFERS
      value: "1GB"
    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
      value: "3GB"
    - name: POSTGRESQL_MAX_CONNECTIONS
      value: "200"
    - name: POSTGRESQL_WORK_MEM
      value: "16MB"
    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
      value: "256MB"
  # 고가용성 설정
  podAntiAffinityPreset: soft
 # Secondary 설정
 readReplicas:
  replicaCount: 2
  persistence:
    enabled: true
    storageClass: "managed"
    size: 10Gi
  resources:
    limits:
      memory: "2Gi"
      cpu: "1"
    requests:
      memory: "1Gi"
      cpu: "0.5"
  # 성능 최적화 설정
  extraEnvVars:
    - name: POSTGRESQL_SHARED_BUFFERS
      value: "1GB"
    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
      value: "3GB"
    - name: POSTGRESQL_MAX_CONNECTIONS
      value: "200"
    - name: POSTGRESQL_WORK_MEM
      value: "16MB"
    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
      value: "256MB"
  # 고가용성 설정
  podAntiAffinityPreset: soft
 # 네트워크 설정
 service:
  type: ClusterIP
  ports:
    postgresql: 5432
 # 보안 설정
 securityContext:
  enabled: true
  fsGroup: 1001
  runAsUser: 1001
@@ -1,89 +0,0 @@
 # PostgreSQL 아키텍처 설정
 architecture: replication
 # 글로벌 설정
 global:
  postgresql:
    auth:
      postgresPassword: "Passw0rd"
      replicationPassword: "Passw0rd"
      database: "${DATABASE}"
      username: "admin"
      password: "Passw0rd"
  storageClass: "managed"
 # Primary 설정
 primary:
  persistence:
    enabled: true
    storageClass: "managed"
    size: 10Gi
  resources:
    limits:
      memory: "4Gi"
      cpu: "1"
    requests:
      memory: "2Gi"
      cpu: "0.5"
  # 성능 최적화 설정
  extraEnvVars:
    - name: POSTGRESQL_SHARED_BUFFERS
      value: "1GB"
    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
      value: "3GB"
    - name: POSTGRESQL_MAX_CONNECTIONS
      value: "200"
    - name: POSTGRESQL_WORK_MEM
      value: "16MB"
    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
      value: "256MB"
  # 고가용성 설정
  podAntiAffinityPreset: soft
 # Secondary 설정
 readReplicas:
  replicaCount: 2
  persistence:
    enabled: true
    storageClass: "managed"
    size: 10Gi
  resources:
    limits:
      memory: "2Gi"
      cpu: "1"
    requests:
      memory: "1Gi"
      cpu: "0.5"
  # 성능 최적화 설정
  extraEnvVars:
    - name: POSTGRESQL_SHARED_BUFFERS
      value: "1GB"
    - name: POSTGRESQL_EFFECTIVE_CACHE_SIZE
      value: "3GB"
    - name: POSTGRESQL_MAX_CONNECTIONS
      value: "200"
    - name: POSTGRESQL_WORK_MEM
      value: "16MB"
    - name: POSTGRESQL_MAINTENANCE_WORK_MEM
      value: "256MB"
  # 고가용성 설정
  podAntiAffinityPreset: soft
 # 네트워크 설정
 service:
  type: ClusterIP
  ports:
    postgresql: 5432
 # 보안 설정
 securityContext:
  enabled: true
  fsGroup: 1001
  runAsUser: 1001
@@ -6,4 +6,4 @@ metadata:
 data:
  JPA_DDL_AUTO: update
  JPA_SHOW_SQL: "true"
-  ALLOWED_ORIGINS: "http://lifesub-web"
+  ALLOWED_ORIGINS: "http://localhost*,http://lifesub-web*"
@@ -35,3 +35,22 @@ spec:
                name: common-secret
            - secretRef:
                name: member-secret
          startupProbe:
            httpGet:
              path: /actuator/health
              port: 8081
            initialDelaySeconds: 30
            periodSeconds: 10
            failureThreshold: 30
          readinessProbe:
            httpGet:
              path: /actuator/health/readiness
              port: 8081
            initialDelaySeconds: 10
            periodSeconds: 5
          livenessProbe:
            httpGet:
              path: /actuator/health/liveness
              port: 8081
            initialDelaySeconds: 60
            periodSeconds: 15
@@ -35,21 +35,22 @@ spec:
                name: common-secret
            - secretRef:
                name: mysub-secret
-          #startupProbe:
+          startupProbe:
          #  tcpSocket:
          #    port: 5432
          #  initialDelaySeconds: 30
          #  periodSeconds: 10
          #  failureThreshold: 30
          readinessProbe:
            httpGet:
              path: /actuator/health
              port: 8082
            initialDelaySeconds: 30
            periodSeconds: 10
            failureThreshold: 30
          readinessProbe:
            httpGet:
              path: /actuator/health/readiness
              port: 8082
            initialDelaySeconds: 10
            periodSeconds: 5
          livenessProbe:
            httpGet:
-              path: /actuator/health
+              path: /actuator/health/readiness
              port: 8082
            initialDelaySeconds: 60
            periodSeconds: 15
@@ -35,21 +35,22 @@ spec:
                name: common-secret
            - secretRef:
                name: recommend-secret
-          #startupProbe:
+          startupProbe:
          #  tcpSocket:
          #    port: 5432
          #  initialDelaySeconds: 30
          #  periodSeconds: 10
          #  failureThreshold: 30
          readinessProbe:
            httpGet:
              path: /actuator/health
              port: 8083
            initialDelaySeconds: 30
            periodSeconds: 10
            failureThreshold: 30
          readinessProbe:
            httpGet:
              path: /actuator/health/readiness
              port: 8083
            initialDelaySeconds: 10
            periodSeconds: 5
          livenessProbe:
            httpGet:
-              path: /actuator/health
+              path: /actuator/health/liveness
              port: 8083
            initialDelaySeconds: 60
            periodSeconds: 15
@@ -0,0 +1,34 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: backend-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /$2
    nginx.ingress.kubernetes.io/use-regex: "true"
 spec:
  ingressClassName: nginx
  rules:
    - http:
        paths:
          - path: /member(/|$)(.*)
            pathType: ImplementationSpecific
            backend:
              service:
                name: member
                port:
                  number: 80
          - path: /mysub(/|$)(.*)
            pathType: ImplementationSpecific
            backend:
              service:
                name: mysub
                port:
                  number: 80
          - path: /recommend(/|$)(.*)
            pathType: ImplementationSpecific
            backend:
              service:
                name: recommend
                port:
                  number: 80
@@ -23,6 +23,7 @@ import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import java.util.Arrays;
 import java.util.List;
@Slf4j
@Configuration      //Config 레이어의 클래스임을 나타내며 Bean클래스로 등록되어 실행시 자동으로 객체가 생성됨
@@ -78,40 +79,16 @@ public class SecurityConfig {
    }
    @Bean
-    public CorsConfigurationSource corsConfigurationSource() {
+    protected CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
-
+        //configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));
-        // 허용된 origin 로깅
+        configuration.setAllowedOriginPatterns(Arrays.asList(allowedOrigins.split(",")));
-        log.info("Allowed origins: {}", allowedOrigins);
+        configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
-        String[] origins = allowedOrigins.split(",");
+        configuration.setAllowedHeaders(List.of("*"));
        for (String origin : origins) {
            log.info("Adding allowed origin: {}", origin.trim());
            configuration.addAllowedOrigin(origin.trim());
        }
        // HTTP 메서드 설정
        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
        // 헤더 설정
        configuration.setAllowedHeaders(Arrays.asList(
                "Authorization",
                "Content-Type",
                "X-Requested-With",
                "Accept",
                "Origin",
                "Access-Control-Request-Method",
                "Access-Control-Request-Headers"
        ));
        // 인증 정보 허용
        configuration.setAllowCredentials(true);
        // preflight 요청의 캐시 시간 설정 (1시간)
        configuration.setMaxAge(3600L);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
@@ -63,7 +63,8 @@ public class SecurityConfig {
    @Bean
    protected CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));
+        //configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));
        configuration.setAllowedOriginPatterns(Arrays.asList(allowedOrigins.split(",")));
        configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
        configuration.setAllowedHeaders(List.of("*"));
        configuration.setAllowCredentials(true);
@@ -54,7 +54,8 @@ public class SecurityConfig {
    @Bean
    protected CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));
+        //configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));
        configuration.setAllowedOriginPatterns(Arrays.asList(allowedOrigins.split(",")));
        configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
        configuration.setAllowedHeaders(List.of("*"));
        configuration.setAllowCredentials(true);