OpenTraum
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎k8s/auth-service/deployment.yml‎
Lines changed: 28 additions & 6 deletions b/‎k8s/auth-service/deployment.yml‎
Lines changed: 28 additions & 6 deletions
diff --git a/‎k8s/configmap.yml‎
Lines changed: 25 additions & 0 deletions b/‎k8s/configmap.yml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎k8s/event-service/deployment.yml‎
Lines changed: 28 additions & 6 deletions b/‎k8s/event-service/deployment.yml‎
Lines changed: 28 additions & 6 deletions
diff --git a/‎k8s/gateway/deployment.yml‎
Lines changed: 25 additions & 4 deletions b/‎k8s/gateway/deployment.yml‎
Lines changed: 25 additions & 4 deletions
diff --git a/‎k8s/ingress.yml‎
Lines changed: 10 additions & 6 deletions b/‎k8s/ingress.yml‎
Lines changed: 10 additions & 6 deletions
diff --git a/‎k8s/kafka/service.yml‎
Lines changed: 18 additions & 0 deletions b/‎k8s/kafka/service.yml‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎k8s/kafka/statefulset.yml‎
Lines changed: 102 additions & 0 deletions b/‎k8s/kafka/statefulset.yml‎
Lines changed: 102 additions & 0 deletions
@@ -42,6 +42,7 @@ docker-compose.override.yml
 k8s/*-secret.yml
 k8s/**/secret.yml
 k8s/secrets/
+k8s/secrets.yml
 
 # =========================
 # Terraform (future)
 
@@ -19,24 +19,46 @@ spec:
         app.kubernetes.io/part-of: opentraum
         app.kubernetes.io/component: auth
     spec:
+      terminationGracePeriodSeconds: 35
+      imagePullSecrets:
+        - name: harbor-registry-secret
+      securityContext:
+        runAsNonRoot: true
+        fsGroup: 1000
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app.kubernetes.io/part-of: opentraum
       containers:
         - name: auth-service
-          image: opentraum/auth-service:latest
+          image: amdp-registry.skala-ai.com/skala26a-cloud/opentraum-auth-service:latest
           ports:
             - containerPort: 8081
               protocol: TCP
+          securityContext:
+            runAsUser: 1000
+            allowPrivilegeEscalation: false
           envFrom:
             - configMapRef:
                 name: opentraum-config
+            - secretRef:
+                name: opentraum-secrets
           env:
-            - name: SPRING_DATASOURCE_URL
-              value: "jdbc:postgresql://opentraum-postgres:5432/opentraum_auth"
+            - name: DB_NAME
+              value: "opentraum_auth"
+            - name: SPRING_R2DBC_URL
+              value: "r2dbc:postgresql://opentraum-postgres:5432/opentraum_auth"
+            - name: JAVA_TOOL_OPTIONS
+              value: "-XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0"
           resources:
             requests:
-              memory: "128Mi"
-              cpu: "250m"
-            limits:
               memory: "256Mi"
+              cpu: "150m"
+            limits:
+              memory: "512Mi"
               cpu: "500m"
           livenessProbe:
             httpGet:
 
@@ -12,17 +12,23 @@ data:
   SPRING_DATASOURCE_HOST: "opentraum-postgres"
   SPRING_DATASOURCE_PORT: "5432"
   SPRING_DATASOURCE_USERNAME: "opentraum"
+  DB_HOST: "opentraum-postgres"
+  DB_PORT: "5432"
+  DB_USERNAME: "opentraum"
 
   # ---------------------------------------------------------------------------
   # Redis
   # ---------------------------------------------------------------------------
   SPRING_DATA_REDIS_HOST: "opentraum-redis"
   SPRING_DATA_REDIS_PORT: "6379"
+  REDIS_HOST: "opentraum-redis"
+  REDIS_PORT: "6379"
 
   # ---------------------------------------------------------------------------
   # Kafka
   # ---------------------------------------------------------------------------
   SPRING_KAFKA_BOOTSTRAP_SERVERS: "opentraum-kafka:9092"
+  KAFKA_BOOTSTRAP_SERVERS: "opentraum-kafka:9092"
 
   # ---------------------------------------------------------------------------
   # Service Discovery (internal K8s DNS)
@@ -33,6 +39,25 @@ data:
   RESERVATION_SERVICE_URL: "http://reservation-service.opentraum.svc.cluster.local:8084"
   PAYMENT_SERVICE_URL: "http://payment-service.opentraum.svc.cluster.local:8085"
 
+  # ---------------------------------------------------------------------------
+  # Gateway Route Override (prod profile 보완)
+  # ---------------------------------------------------------------------------
+  SPRING_CLOUD_GATEWAY_ROUTES_0_ID: "auth-service"
+  SPRING_CLOUD_GATEWAY_ROUTES_0_URI: "http://auth-service:8081"
+  SPRING_CLOUD_GATEWAY_ROUTES_0_PREDICATES_0: "Path=/api/v1/auth/**"
+  SPRING_CLOUD_GATEWAY_ROUTES_1_ID: "user-service"
+  SPRING_CLOUD_GATEWAY_ROUTES_1_URI: "http://user-service:8082"
+  SPRING_CLOUD_GATEWAY_ROUTES_1_PREDICATES_0: "Path=/api/v1/users/**,/api/v1/tenants/**"
+  SPRING_CLOUD_GATEWAY_ROUTES_2_ID: "event-service"
+  SPRING_CLOUD_GATEWAY_ROUTES_2_URI: "http://event-service:8083"
+  SPRING_CLOUD_GATEWAY_ROUTES_2_PREDICATES_0: "Path=/api/v1/concerts/**,/api/v1/schedules/**,/api/v1/admin/**"
+  SPRING_CLOUD_GATEWAY_ROUTES_3_ID: "reservation-service"
+  SPRING_CLOUD_GATEWAY_ROUTES_3_URI: "http://reservation-service:8084"
+  SPRING_CLOUD_GATEWAY_ROUTES_3_PREDICATES_0: "Path=/api/v1/reservations/**,/api/v1/queue/**,/api/v1/live/**,/api/v1/lottery/**"
+  SPRING_CLOUD_GATEWAY_ROUTES_4_ID: "payment-service"
+  SPRING_CLOUD_GATEWAY_ROUTES_4_URI: "http://payment-service:8085"
+  SPRING_CLOUD_GATEWAY_ROUTES_4_PREDICATES_0: "Path=/api/v1/payment/**"
+
   # ---------------------------------------------------------------------------
   # Spring Common
   # ---------------------------------------------------------------------------
 
@@ -19,24 +19,46 @@ spec:
         app.kubernetes.io/part-of: opentraum
         app.kubernetes.io/component: event
     spec:
+      terminationGracePeriodSeconds: 35
+      imagePullSecrets:
+        - name: harbor-registry-secret
+      securityContext:
+        runAsNonRoot: true
+        fsGroup: 1000
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app.kubernetes.io/part-of: opentraum
       containers:
         - name: event-service
-          image: opentraum/event-service:latest
+          image: amdp-registry.skala-ai.com/skala26a-cloud/opentraum-event-service:latest
           ports:
             - containerPort: 8083
               protocol: TCP
+          securityContext:
+            runAsUser: 1000
+            allowPrivilegeEscalation: false
           envFrom:
             - configMapRef:
                 name: opentraum-config
+            - secretRef:
+                name: opentraum-secrets
           env:
-            - name: SPRING_DATASOURCE_URL
-              value: "jdbc:postgresql://opentraum-postgres:5432/opentraum_event"
+            - name: DB_NAME
+              value: "opentraum_event"
+            - name: SPRING_R2DBC_URL
+              value: "r2dbc:postgresql://opentraum-postgres:5432/opentraum_event"
+            - name: JAVA_TOOL_OPTIONS
+              value: "-XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0"
           resources:
             requests:
-              memory: "128Mi"
-              cpu: "250m"
-            limits:
               memory: "256Mi"
+              cpu: "150m"
+            limits:
+              memory: "512Mi"
               cpu: "500m"
           livenessProbe:
             httpGet:
 
@@ -19,21 +19,42 @@ spec:
         app.kubernetes.io/part-of: opentraum
         app.kubernetes.io/component: gateway
     spec:
+      terminationGracePeriodSeconds: 35
+      imagePullSecrets:
+        - name: harbor-registry-secret
+      securityContext:
+        runAsNonRoot: true
+        fsGroup: 1000
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app.kubernetes.io/part-of: opentraum
       containers:
         - name: gateway
-          image: opentraum/gateway:latest
+          image: amdp-registry.skala-ai.com/skala26a-cloud/opentraum-gateway:latest
           ports:
             - containerPort: 8080
               protocol: TCP
+          securityContext:
+            runAsUser: 1000
+            allowPrivilegeEscalation: false
           envFrom:
             - configMapRef:
                 name: opentraum-config
+            - secretRef:
+                name: opentraum-secrets
+          env:
+            - name: JAVA_TOOL_OPTIONS
+              value: "-XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0"
           resources:
             requests:
-              memory: "128Mi"
-              cpu: "250m"
-            limits:
               memory: "256Mi"
+              cpu: "150m"
+            limits:
+              memory: "512Mi"
               cpu: "500m"
           livenessProbe:
             httpGet:
 
@@ -6,23 +6,27 @@ metadata:
   labels:
     app.kubernetes.io/part-of: opentraum
   annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
     nginx.ingress.kubernetes.io/proxy-body-size: "10m"
     nginx.ingress.kubernetes.io/proxy-connect-timeout: "60"
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "60"
-    nginx.ingress.kubernetes.io/rate-limit: "100"
-    nginx.ingress.kubernetes.io/rate-limit-window: "1m"
 spec:
   ingressClassName: nginx
   rules:
-    - host: api.opentraum.com
+    - host: opentraum.52.79.80.47.nip.io
       http:
         paths:
-          - path: /
+          - path: /api
             pathType: Prefix
             backend:
               service:
                 name: gateway
                 port:
                   number: 8080
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: web
+                port:
+                  number: 80
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: opentraum-kafka
+  namespace: opentraum
+  labels:
+    app: opentraum-kafka
+    app.kubernetes.io/part-of: opentraum
+    app.kubernetes.io/component: messaging
+spec:
+  type: ClusterIP
+  selector:
+    app: opentraum-kafka
+  ports:
+    - name: client
+      port: 9092
+      targetPort: 9092
+      protocol: TCP
@@ -0,0 +1,102 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: opentraum-kafka
+  namespace: opentraum
+  labels:
+    app: opentraum-kafka
+    app.kubernetes.io/part-of: opentraum
+    app.kubernetes.io/component: messaging
+spec:
+  serviceName: opentraum-kafka
+  replicas: 1
+  selector:
+    matchLabels:
+      app: opentraum-kafka
+  template:
+    metadata:
+      labels:
+        app: opentraum-kafka
+        app.kubernetes.io/part-of: opentraum
+        app.kubernetes.io/component: messaging
+    spec:
+      affinity:
+        podAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 50
+              podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                    - key: app.kubernetes.io/component
+                      operator: In
+                      values:
+                        - database
+                        - cache
+                topologyKey: kubernetes.io/hostname
+      containers:
+        - name: kafka
+          image: apache/kafka:3.7.0
+          ports:
+            - containerPort: 9092
+              name: client
+              protocol: TCP
+          env:
+            - name: KAFKA_NODE_ID
+              value: "1"
+            - name: KAFKA_PROCESS_ROLES
+              value: "broker,controller"
+            - name: KAFKA_CONTROLLER_QUORUM_VOTERS
+              value: "1@localhost:9093"
+            - name: KAFKA_LISTENERS
+              value: "PLAINTEXT://:9092,CONTROLLER://:9093"
+            - name: KAFKA_ADVERTISED_LISTENERS
+              value: "PLAINTEXT://opentraum-kafka:9092"
+            - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+              value: "CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT"
+            - name: KAFKA_CONTROLLER_LISTENER_NAMES
+              value: "CONTROLLER"
+            - name: KAFKA_INTER_BROKER_LISTENER_NAME
+              value: "PLAINTEXT"
+            - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
+              value: "1"
+            - name: KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR
+              value: "1"
+            - name: KAFKA_TRANSACTION_STATE_LOG_MIN_ISR
+              value: "1"
+            - name: KAFKA_AUTO_CREATE_TOPICS_ENABLE
+              value: "true"
+            - name: CLUSTER_ID
+              value: "MkU3OEVBNTcwNTJENDM2Qk"
+          resources:
+            requests:
+              memory: "384Mi"
+              cpu: "200m"
+            limits:
+              memory: "512Mi"
+              cpu: "500m"
+          volumeMounts:
+            - name: kafka-data
+              mountPath: /tmp/kraft-combined-logs
+          livenessProbe:
+            tcpSocket:
+              port: 9092
+            initialDelaySeconds: 60
+            periodSeconds: 15
+            timeoutSeconds: 5
+            failureThreshold: 3
+          readinessProbe:
+            tcpSocket:
+              port: 9092
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 3
+  volumeClaimTemplates:
+    - metadata:
+        name: kafka-data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        storageClassName: ebs-sc
+        resources:
+          requests:
+            storage: 5Gi