fix: 서버 k3s/Traefik 인프라에 맞춰 매니페스트 재작성

- image: Gitea registry → 서버 로컬 registry(localhost:5000)로 변경 - Service: ClusterIP + Ingress → NodePort(30200/30201) + Traefik docker dynamic 파일 - deploy/traefik-dynamic.yml: /opt/docker/traefik/dynamic/insurance.yml 배치용 - scripts/deploy-remote.sh: 서버 수동 배포 스크립트 (build→push→k3s apply→traefik 설정) - legacy ingress.yaml / ingressroute-traefik.yaml 제거 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 00:44:05 +09:00
parent f78949c21a
commit ff18784983
8 changed files with 145 additions and 113 deletions
@@ -32,11 +32,9 @@ spec:
      labels:
        app.kubernetes.io/name: insurance-api
    spec:
-      imagePullSecrets:
-        - name: gitea-registry
      containers:
        - name: api
-          image: git.junggomoa.com/chpark/insurance-api:latest
+          image: localhost:5000/insurance/api:latest
          imagePullPolicy: Always
          ports:
            - name: http
@@ -95,36 +93,11 @@ metadata:
  labels:
    app.kubernetes.io/name: insurance-api
 spec:
-  type: ClusterIP
+  type: NodePort
  selector:
    app.kubernetes.io/name: insurance-api
  ports:
    - name: http
      port: 4000
      targetPort: http
---
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: insurance-api
-  namespace: insurance
-  annotations:
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.tls: "true"
-spec:
-  ingressClassName: traefik
-  tls:
-    - hosts:
-        - api.insurance.junggomoa.com
-      secretName: insurance-api-tls
-  rules:
-    - host: api.insurance.junggomoa.com
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: insurance-api
-                port:
-                  number: 4000
+      nodePort: 30201
@@ -5,7 +5,6 @@ metadata:
  namespace: insurance
  labels:
    app.kubernetes.io/name: insurance-web
-    app.kubernetes.io/component: frontend
 spec:
  replicas: 2
  revisionHistoryLimit: 3
@@ -21,19 +20,14 @@ spec:
    metadata:
      labels:
        app.kubernetes.io/name: insurance-web
-      annotations:
-        kubectl.kubernetes.io/restartedAt: "placeholder-will-be-patched-by-ci"
    spec:
-      imagePullSecrets:
-        - name: gitea-registry
      containers:
        - name: web
-          image: git.junggomoa.com/chpark/insurance:latest
+          image: localhost:5000/insurance/web:latest
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 80
-              protocol: TCP
          readinessProbe:
            httpGet:
              path: /health
@@ -53,9 +47,3 @@ spec:
            limits:
              cpu: 300m
              memory: 256Mi
-          securityContext:
-            allowPrivilegeEscalation: false
-            runAsNonRoot: false
-            capabilities:
-              drop: ["ALL"]
-              add: ["CHOWN", "SETGID", "SETUID", "NET_BIND_SERVICE"]
@@ -1,25 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: insurance-web
-  namespace: insurance
-  annotations:
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.tls: "true"
-spec:
-  ingressClassName: traefik
-  tls:
-    - hosts:
-        - insurance.junggomoa.com
-      secretName: insurance-tls
-  rules:
-    - host: insurance.junggomoa.com
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: insurance-web
-                port:
-                  number: 80
@@ -1,43 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: insurance-web
-  namespace: insurance
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`insurance.junggomoa.com`)
-      kind: Rule
-      services:
-        - name: insurance-web
-          port: 80
-  tls:
-    secretName: insurance-tls
---
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: insurance-web-http
-  namespace: insurance
-spec:
-  entryPoints:
-    - web
-  routes:
-    - match: Host(`insurance.junggomoa.com`)
-      kind: Rule
-      middlewares:
-        - name: insurance-redirect-https
-      services:
-        - name: insurance-web
-          port: 80
---
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: insurance-redirect-https
-  namespace: insurance
-spec:
-  redirectScheme:
-    scheme: https
-    permanent: true
@@ -6,11 +6,11 @@ metadata:
  labels:
    app.kubernetes.io/name: insurance-web
 spec:
-  type: ClusterIP
+  type: NodePort
  selector:
    app.kubernetes.io/name: insurance-web
  ports:
    - name: http
      port: 80
      targetPort: http
-      protocol: TCP
+      nodePort: 30200
@@ -0,0 +1,30 @@
+http:
+  routers:
+    insurance-web:
+      rule: "Host(`insurance.junggomoa.com`)"
+      entryPoints:
+        - web
+        - websecure
+      service: insurance-web
+      tls:
+        certResolver: le
+
+    insurance-api:
+      rule: "Host(`api.insurance.junggomoa.com`)"
+      entryPoints:
+        - web
+        - websecure
+      service: insurance-api
+      tls:
+        certResolver: le
+
+  services:
+    insurance-web:
+      loadBalancer:
+        servers:
+          - url: "http://127.0.0.1:30200"
+
+    insurance-api:
+      loadBalancer:
+        servers:
+          - url: "http://127.0.0.1:30201"