Skip to content

feat: EKS 배포용 K8s 매니페스트 전체 구성 #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
suhyenim wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

feat: EKS 배포용 K8s 매니페스트 전체 구성 #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0707f2f
feat: #8 EKS 배포용 K8s 매니페스트 전체 구성
suhyenim Apr 3, 2026
0252de2
chore: gitignore 파일 추가
suhyenim Apr 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ docker-compose.override.yml
k8s/*-secret.yml
k8s/**/secret.yml
k8s/secrets/
k8s/secrets.yml

# =========================
# Terraform (future)
Expand Down
34 changes: 28 additions & 6 deletions k8s/auth-service/deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,24 +19,46 @@ spec:
app.kubernetes.io/part-of: opentraum
app.kubernetes.io/component: auth
spec:
terminationGracePeriodSeconds: 35
imagePullSecrets:
- name: harbor-registry-secret
securityContext:
runAsNonRoot: true
fsGroup: 1000
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app.kubernetes.io/part-of: opentraum
containers:
- name: auth-service
image: opentraum/auth-service:latest
image: amdp-registry.skala-ai.com/skala26a-cloud/opentraum-auth-service:latest
ports:
- containerPort: 8081
protocol: TCP
securityContext:
runAsUser: 1000
allowPrivilegeEscalation: false
envFrom:
- configMapRef:
name: opentraum-config
- secretRef:
name: opentraum-secrets
env:
- name: SPRING_DATASOURCE_URL
value: "jdbc:postgresql://opentraum-postgres:5432/opentraum_auth"
- name: DB_NAME
value: "opentraum_auth"
- name: SPRING_R2DBC_URL
value: "r2dbc:postgresql://opentraum-postgres:5432/opentraum_auth"
- name: JAVA_TOOL_OPTIONS
value: "-XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0"
resources:
requests:
memory: "128Mi"
cpu: "250m"
limits:
memory: "256Mi"
cpu: "150m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
Expand Down
25 changes: 25 additions & 0 deletions k8s/configmap.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,23 @@ data:
SPRING_DATASOURCE_HOST: "opentraum-postgres"
SPRING_DATASOURCE_PORT: "5432"
SPRING_DATASOURCE_USERNAME: "opentraum"
DB_HOST: "opentraum-postgres"
DB_PORT: "5432"
DB_USERNAME: "opentraum"

# ---------------------------------------------------------------------------
# Redis
# ---------------------------------------------------------------------------
SPRING_DATA_REDIS_HOST: "opentraum-redis"
SPRING_DATA_REDIS_PORT: "6379"
REDIS_HOST: "opentraum-redis"
REDIS_PORT: "6379"

# ---------------------------------------------------------------------------
# Kafka
# ---------------------------------------------------------------------------
SPRING_KAFKA_BOOTSTRAP_SERVERS: "opentraum-kafka:9092"
KAFKA_BOOTSTRAP_SERVERS: "opentraum-kafka:9092"

# ---------------------------------------------------------------------------
# Service Discovery (internal K8s DNS)
Expand All @@ -33,6 +39,25 @@ data:
RESERVATION_SERVICE_URL: "http://reservation-service.opentraum.svc.cluster.local:8084"
PAYMENT_SERVICE_URL: "http://payment-service.opentraum.svc.cluster.local:8085"

# ---------------------------------------------------------------------------
# Gateway Route Override (prod profile 보완)
# ---------------------------------------------------------------------------
SPRING_CLOUD_GATEWAY_ROUTES_0_ID: "auth-service"
SPRING_CLOUD_GATEWAY_ROUTES_0_URI: "http://auth-service:8081"
SPRING_CLOUD_GATEWAY_ROUTES_0_PREDICATES_0: "Path=/api/v1/auth/**"
SPRING_CLOUD_GATEWAY_ROUTES_1_ID: "user-service"
SPRING_CLOUD_GATEWAY_ROUTES_1_URI: "http://user-service:8082"
SPRING_CLOUD_GATEWAY_ROUTES_1_PREDICATES_0: "Path=/api/v1/users/**,/api/v1/tenants/**"
SPRING_CLOUD_GATEWAY_ROUTES_2_ID: "event-service"
SPRING_CLOUD_GATEWAY_ROUTES_2_URI: "http://event-service:8083"
SPRING_CLOUD_GATEWAY_ROUTES_2_PREDICATES_0: "Path=/api/v1/concerts/**,/api/v1/schedules/**,/api/v1/admin/**"
SPRING_CLOUD_GATEWAY_ROUTES_3_ID: "reservation-service"
SPRING_CLOUD_GATEWAY_ROUTES_3_URI: "http://reservation-service:8084"
SPRING_CLOUD_GATEWAY_ROUTES_3_PREDICATES_0: "Path=/api/v1/reservations/**,/api/v1/queue/**,/api/v1/live/**,/api/v1/lottery/**"
SPRING_CLOUD_GATEWAY_ROUTES_4_ID: "payment-service"
SPRING_CLOUD_GATEWAY_ROUTES_4_URI: "http://payment-service:8085"
SPRING_CLOUD_GATEWAY_ROUTES_4_PREDICATES_0: "Path=/api/v1/payment/**"

# ---------------------------------------------------------------------------
# Spring Common
# ---------------------------------------------------------------------------
Expand Down
34 changes: 28 additions & 6 deletions k8s/event-service/deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,24 +19,46 @@ spec:
app.kubernetes.io/part-of: opentraum
app.kubernetes.io/component: event
spec:
terminationGracePeriodSeconds: 35
imagePullSecrets:
- name: harbor-registry-secret
securityContext:
runAsNonRoot: true
fsGroup: 1000
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app.kubernetes.io/part-of: opentraum
containers:
- name: event-service
image: opentraum/event-service:latest
image: amdp-registry.skala-ai.com/skala26a-cloud/opentraum-event-service:latest
ports:
- containerPort: 8083
protocol: TCP
securityContext:
runAsUser: 1000
allowPrivilegeEscalation: false
envFrom:
- configMapRef:
name: opentraum-config
- secretRef:
name: opentraum-secrets
env:
- name: SPRING_DATASOURCE_URL
value: "jdbc:postgresql://opentraum-postgres:5432/opentraum_event"
- name: DB_NAME
value: "opentraum_event"
- name: SPRING_R2DBC_URL
value: "r2dbc:postgresql://opentraum-postgres:5432/opentraum_event"
- name: JAVA_TOOL_OPTIONS
value: "-XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0"
resources:
requests:
memory: "128Mi"
cpu: "250m"
limits:
memory: "256Mi"
cpu: "150m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
Expand Down
29 changes: 25 additions & 4 deletions k8s/gateway/deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,21 +19,42 @@ spec:
app.kubernetes.io/part-of: opentraum
app.kubernetes.io/component: gateway
spec:
terminationGracePeriodSeconds: 35
imagePullSecrets:
- name: harbor-registry-secret
securityContext:
runAsNonRoot: true
fsGroup: 1000
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app.kubernetes.io/part-of: opentraum
containers:
- name: gateway
image: opentraum/gateway:latest
image: amdp-registry.skala-ai.com/skala26a-cloud/opentraum-gateway:latest
ports:
- containerPort: 8080
protocol: TCP
securityContext:
runAsUser: 1000
allowPrivilegeEscalation: false
envFrom:
- configMapRef:
name: opentraum-config
- secretRef:
name: opentraum-secrets
env:
- name: JAVA_TOOL_OPTIONS
value: "-XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0"
resources:
requests:
memory: "128Mi"
cpu: "250m"
limits:
memory: "256Mi"
cpu: "150m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
Expand Down
16 changes: 10 additions & 6 deletions k8s/ingress.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,23 +6,27 @@ metadata:
labels:
app.kubernetes.io/part-of: opentraum
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "60"
nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "60"
nginx.ingress.kubernetes.io/rate-limit: "100"
nginx.ingress.kubernetes.io/rate-limit-window: "1m"
spec:
ingressClassName: nginx
rules:
- host: api.opentraum.com
- host: opentraum.52.79.80.47.nip.io
http:
paths:
- path: /
- path: /api
pathType: Prefix
backend:
service:
name: gateway
port:
number: 8080
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 80
18 changes: 18 additions & 0 deletions k8s/kafka/service.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: opentraum-kafka
namespace: opentraum
labels:
app: opentraum-kafka
app.kubernetes.io/part-of: opentraum
app.kubernetes.io/component: messaging
spec:
type: ClusterIP
selector:
app: opentraum-kafka
ports:
- name: client
port: 9092
targetPort: 9092
protocol: TCP
102 changes: 102 additions & 0 deletions k8s/kafka/statefulset.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: opentraum-kafka
namespace: opentraum
labels:
app: opentraum-kafka
app.kubernetes.io/part-of: opentraum
app.kubernetes.io/component: messaging
spec:
serviceName: opentraum-kafka
replicas: 1
selector:
matchLabels:
app: opentraum-kafka
template:
metadata:
labels:
app: opentraum-kafka
app.kubernetes.io/part-of: opentraum
app.kubernetes.io/component: messaging
spec:
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 50
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/component
operator: In
values:
- database
- cache
topologyKey: kubernetes.io/hostname
containers:
- name: kafka
image: apache/kafka:3.7.0
ports:
- containerPort: 9092
name: client
protocol: TCP
env:
- name: KAFKA_NODE_ID
value: "1"
- name: KAFKA_PROCESS_ROLES
value: "broker,controller"
- name: KAFKA_CONTROLLER_QUORUM_VOTERS
value: "1@localhost:9093"
- name: KAFKA_LISTENERS
value: "PLAINTEXT://:9092,CONTROLLER://:9093"
- name: KAFKA_ADVERTISED_LISTENERS
value: "PLAINTEXT://opentraum-kafka:9092"
- name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
value: "CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT"
- name: KAFKA_CONTROLLER_LISTENER_NAMES
value: "CONTROLLER"
- name: KAFKA_INTER_BROKER_LISTENER_NAME
value: "PLAINTEXT"
- name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
value: "1"
- name: KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR
value: "1"
- name: KAFKA_TRANSACTION_STATE_LOG_MIN_ISR
value: "1"
- name: KAFKA_AUTO_CREATE_TOPICS_ENABLE
value: "true"
- name: CLUSTER_ID
value: "MkU3OEVBNTcwNTJENDM2Qk"
resources:
requests:
memory: "384Mi"
cpu: "200m"
limits:
memory: "512Mi"
cpu: "500m"
volumeMounts:
- name: kafka-data
mountPath: /tmp/kraft-combined-logs
livenessProbe:
tcpSocket:
port: 9092
initialDelaySeconds: 60
periodSeconds: 15
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
tcpSocket:
port: 9092
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
volumeClaimTemplates:
- metadata:
name: kafka-data
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: ebs-sc
resources:
requests:
storage: 5Gi
Loading