fix/feat: nginx port fix, FE service config, and env/deploy sync from mc-admin-cli

.env.setup

@@ -21,6 +21,7 @@ MC_IAM_MANAGER_NGINX_HTTPS_PORT=443
 MC_WEB_CONSOLE_DB_HOST_PORT=15433
 MC_OBSERVABILITY_GRAFANA_PROXY_PORT=3010
 MC_COST_OPTIMIZER_FE_PROXY_PORT=3011
+MC_COST_OPTIMIZER_FE_PORT=7780
 
 # MC-WEB-CONSOLE
 MC_WEB_CONSOLE_POSTGRES_DB=mcwebconsoledbdev
@@ -29,6 +30,7 @@ MC_WEB_CONSOLE_POSTGRES_PASSWORD=mcwebadminpassword!
 
 
 ## MCIAMMANAGER ENV SETUP
+# MC_IAM_MANAGER_DOMAIN: Docker 내부 컨테이너 이름 — 공개 도메인(PUBLIC_DOMAIN)과 다름, 변경 금지
 MC_IAM_MANAGER_DOMAIN=mc-iam-manager
 MC_IAM_MANAGER_PORT=5005
 MC_IAM_MANAGER_HOST=http://${MC_IAM_MANAGER_DOMAIN}:${MC_IAM_MANAGER_PORT}

asset/mcmpapi/mcmp_api.yaml

@@ -54,7 +54,27 @@ services:
     version: 0.3.0
     baseurl: http://mc-data-manager:3300
     auth:
-
+
+  mc-application-manager-fe:
+    version: main
+    baseurl: http://application_manager_fe_url:18084
+    auth:
+
+  mc-workflow-manager-fe:
+    version: main
+    baseurl: http://workflow_manager_fe_url:18083
+    auth:
+
+  mc-data-manager-fe:
+    version: main
+    baseurl: http://data_manager_fe_url:3300
+    auth:
+
+  mc-cost-optimizer-fe:
+    version: main
+    baseurl: http://cost_optimizer_fe_url:7780
+    auth:
+
   # sample:
   #   baseurl: http://localhost:1323/test
   #   auth:

conf/mc-iam-manager/0_preset_dev.sh

@@ -19,18 +19,28 @@ CERT_PARENT_DIR="${PROJECT_ROOT}/container-volume/mc-iam-manager"
 # --- 3. 필요한 디렉토리 생성 (Let's Encrypt 구조와 동일) ---
 echo "Creating necessary directories..."
 
-# dockercontainer-volume 디렉토리 먼저 생성 (sudo 권한으로)
-echo "Creating container-volume directory with proper permissions..."
-
 # 현재 사용자 정보 가져오기
 CURRENT_USER=$(whoami)
-CURRENT_GROUP=$(id -gn)
 
-echo "Current user: ${CURRENT_USER}:${CURRENT_GROUP}"
+echo "Current user: ${CURRENT_USER}"
 
-mkdir -p "${CERT_PARENT_DIR}" || { echo "Error: Failed to create ${CERT_PARENT_DIR}"; exit 1; }
-chown -R "${CURRENT_USER}:${CURRENT_GROUP}" "${CERT_PARENT_DIR}" || { echo "Error: Failed to change ownership of ${CERT_PARENT_DIR}"; exit 1; }
-echo "✓ Container volume directory created and permissions set"
+# 실제 쓰기가 필요한 서브디렉토리만 targeted 생성 (chown -R 없음 — root 소유 Docker 볼륨과 공존)
+for _dir in "${CERT_PARENT_DIR}/certs" "${CERT_PARENT_DIR}/nginx"; do
+    if ! mkdir -p "$_dir" 2>/dev/null; then
+        echo "❌ Error: Cannot create $_dir"
+        echo "   Root-owned files from a previous Docker run may be blocking access."
+        echo "   Clean up with: sudo rm -rf ${CERT_PARENT_DIR}/postgres ${CERT_PARENT_DIR}/keycloak"
+        echo "   Then retry."
+        exit 1
+    fi
+    if [ ! -w "$_dir" ]; then
+        echo "❌ Error: $_dir exists but is not writable by ${CURRENT_USER}."
+        echo "   Clean up with: sudo rm -rf ${CERT_PARENT_DIR}/postgres ${CERT_PARENT_DIR}/keycloak"
+        echo "   Then retry."
+        exit 1
+    fi
+done
+echo "✓ Certificate and nginx directories ready"
 
 
 # 템플릿 파일 경로
@@ -188,6 +198,7 @@ if [ -n "$MC_IAM_MANAGER_PUBLIC_DOMAIN" ] && [ -n "$MC_IAM_MANAGER_KEYCLOAK_PORT
         -e "s/\${MC_IAM_MANAGER_KEYCLOAK_PORT}/$MC_IAM_MANAGER_KEYCLOAK_PORT/g" \
         -e "s/\${MC_OBSERVABILITY_GRAFANA_PROXY_PORT}/$MC_OBSERVABILITY_GRAFANA_PROXY_PORT/g" \
         -e "s/\${MC_COST_OPTIMIZER_FE_PROXY_PORT}/$MC_COST_OPTIMIZER_FE_PROXY_PORT/g" \
+        -e "s/\${MC_COST_OPTIMIZER_FE_PORT}/$MC_COST_OPTIMIZER_FE_PORT/g" \
         -e "s/mciam-manager/mc-iam-manager/g" \
         -e "s/mciam-keycloak/mc-iam-manager-kc/g" \
         "$TEMPLATE_FILE" > "$OUTPUT_FILE"

conf/mc-iam-manager/0_preset_prod.sh

@@ -46,6 +46,7 @@ MC_IAM_MANAGER_KEYCLOAK_DOMAIN=$(grep -m1 "^MC_IAM_MANAGER_KEYCLOAK_DOMAIN=" "$E
 MC_IAM_MANAGER_KEYCLOAK_PORT=$(grep -m1 "^MC_IAM_MANAGER_KEYCLOAK_PORT=" "$ENV_FILE" | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs)
 MC_OBSERVABILITY_GRAFANA_PROXY_PORT=$(grep -m1 "^MC_OBSERVABILITY_GRAFANA_PROXY_PORT=" "$ENV_FILE" | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs)
 MC_COST_OPTIMIZER_FE_PROXY_PORT=$(grep -m1 "^MC_COST_OPTIMIZER_FE_PROXY_PORT=" "$ENV_FILE" | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs)
+MC_COST_OPTIMIZER_FE_PORT=$(grep -m1 "^MC_COST_OPTIMIZER_FE_PORT=" "$ENV_FILE" | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs)
 
 echo "읽어온 환경변수:"
 echo "  MC_IAM_MANAGER_DOMAIN: $MC_IAM_MANAGER_DOMAIN"
@@ -55,6 +56,7 @@ echo "  MC_IAM_MANAGER_KEYCLOAK_DOMAIN: $MC_IAM_MANAGER_KEYCLOAK_DOMAIN"
 echo "  MC_IAM_MANAGER_KEYCLOAK_PORT: $MC_IAM_MANAGER_KEYCLOAK_PORT"
 echo "  MC_OBSERVABILITY_GRAFANA_PROXY_PORT: $MC_OBSERVABILITY_GRAFANA_PROXY_PORT"
 echo "  MC_COST_OPTIMIZER_FE_PROXY_PORT: $MC_COST_OPTIMIZER_FE_PROXY_PORT"
+echo "  MC_COST_OPTIMIZER_FE_PORT: $MC_COST_OPTIMIZER_FE_PORT"
 
 # 템플릿 파일을 복사하고 환경변수 대치
 cp "$TEMPLATE_FILE" "$OUTPUT_FILE"
@@ -101,6 +103,13 @@ else
     echo "경고: MC_COST_OPTIMIZER_FE_PROXY_PORT 환경변수가 설정되지 않았습니다."
 fi
 
+if [ -n "$MC_COST_OPTIMIZER_FE_PORT" ]; then
+    sed -i "s/\${MC_COST_OPTIMIZER_FE_PORT}/$MC_COST_OPTIMIZER_FE_PORT/g" "$OUTPUT_FILE"
+    echo "✓ MC_COST_OPTIMIZER_FE_PORT 대치 완료: $MC_COST_OPTIMIZER_FE_PORT"
+else
+    echo "경고: MC_COST_OPTIMIZER_FE_PORT 환경변수가 설정되지 않았습니다."
+fi
+
 # 컨테이너 이름 치환 (템플릿 내 레거시 이름 정정)
 sed -i "s/mciam-manager/mc-iam-manager/g" "$OUTPUT_FILE"
 sed -i "s/mciam-keycloak/mc-iam-manager-kc/g" "$OUTPUT_FILE"

conf/mc-iam-manager/api.yaml

@@ -46,6 +46,22 @@ services:
     version: 0.3.0
     baseurl: http://mc-data-manager:3300
     auth: null
+  mc-application-manager-fe:
+    version: main
+    baseurl: http://application_manager_fe_url:18084
+    auth: null
+  mc-workflow-manager-fe:
+    version: main
+    baseurl: http://workflow_manager_fe_url:18083
+    auth: null
+  mc-data-manager-fe:
+    version: main
+    baseurl: http://data_manager_fe_url:3300
+    auth: null
+  mc-cost-optimizer-fe:
+    version: main
+    baseurl: http://cost_optimizer_fe_url:7780
+    auth: null
 serviceActions:
   mc-infra-connector:
     Remove-Nodegroup:

conf/mc-iam-manager/docker-post-init.sh

@@ -85,7 +85,32 @@ if [ -f '1_setup_auto.sh' ]; then
   if bash 1_setup_auto.sh; then
     echo 'Script executed successfully with bash 1_setup_auto.sh'
   else
-    echo 'ERROR: 1_setup_auto.sh Script execution failed'
+    cat <<'RECOVERY'
+====================================================================
+ERROR: 1_setup_auto.sh failed.
+
+mc-iam-manager was likely not yet ready when setup ran.
+To recover manually:
+
+1. Wait ~2 minutes for all containers to stabilize.
+
+2. Check service status:
+       docker compose ps
+
+   Confirm mc-iam-manager and mc-infra-manager are both healthy.
+
+3. Re-run the post-init container (idempotent — safe to repeat):
+       docker rm mc-iam-manager-post-initial 2>/dev/null
+       docker compose up -d mc-iam-manager-post-initial
+       docker logs -f mc-iam-manager-post-initial
+
+   Each of the 8 setup steps should finish with ✓.
+
+4. Verify health:
+       curl -s http://localhost:${MC_IAM_MANAGER_PORT}/readyz | jq .
+   Expected: "status": "healthy"
+====================================================================
+RECOVERY
     exit 1
   fi
 else

conf/mc-iam-manager/frameworks.yaml

@@ -25,11 +25,10 @@ frameworks:
     swagger: ../../src/docs/swagger.yaml   # Local path relative to this file
 
   # MC-Observability - Monitoring and Observability
-  # Note: Swagger file path needs to be verified - currently not found in v0.5.0
-  # - name: mc-observability
-  #   version: "0.5.0"                    # Latest release: v0.5.0 (Nov 3, 2025)
-  #   repository: https://github.com/m-cmp/mc-observability
-  #   swagger: https://raw.githubusercontent.com/m-cmp/mc-observability/v0.5.0/swagger/swagger.yaml
+  - name: mc-observability
+    version: "0.5.0"                    # Latest release: v0.5.0 (Nov 3, 2025)
+    repository: https://github.com/m-cmp/mc-observability
+    # swagger: https://raw.githubusercontent.com/m-cmp/mc-observability/v0.5.0/swagger/swagger.yaml  # Note: path needs to be verified
 
   # MC-Application-Manager - Application Deployment Management
   - name: mc-application-manager
@@ -50,35 +49,55 @@ frameworks:
     swagger: https://raw.githubusercontent.com/m-cmp/mc-workflow-manager/v0.5.0/swagger.json
 
   # MC-Infra-Manager - Multi-Cloud Infrastructure Management
-  # Note: No releases found - using main branch
-  # - name: mc-infra-manager
-  #   version: "main"                     # No releases, using main branch
-  #   repository: https://github.com/m-cmp/mc-infra-manager
-  #   swagger: https://raw.githubusercontent.com/m-cmp/mc-infra-manager/main/swagger.yaml
+  - name: mc-infra-manager
+    version: "main"                     # No releases, using main branch
+    repository: https://github.com/m-cmp/mc-infra-manager
+    # swagger: https://raw.githubusercontent.com/m-cmp/mc-infra-manager/main/swagger.yaml
 
   # MC-Infra-Connector - Cloud Infrastructure Connection
-  # Note: No releases found - using main branch
-  # - name: mc-infra-connector
-  #   version: "main"                     # No releases, using main branch
-  #   repository: https://github.com/m-cmp/mc-infra-connector
-  #   swagger: https://raw.githubusercontent.com/m-cmp/mc-infra-connector/main/swagger.yaml
+  - name: mc-infra-connector
+    version: "main"                     # No releases, using main branch
+    repository: https://github.com/m-cmp/mc-infra-connector
+    # swagger: https://raw.githubusercontent.com/m-cmp/mc-infra-connector/main/swagger.yaml
 
   # MC-Data-Manager - Data Management
-  # Note: No releases found - using main branch
-  # - name: mc-data-manager
-  #   version: "main"                     # No releases, using main branch
-  #   repository: https://github.com/m-cmp/mc-data-manager
-  #   swagger: https://raw.githubusercontent.com/m-cmp/mc-data-manager/main/swagger.yaml
+  - name: mc-data-manager
+    version: "main"                     # No releases, using main branch
+    repository: https://github.com/m-cmp/mc-data-manager
+    # swagger: https://raw.githubusercontent.com/m-cmp/mc-data-manager/main/swagger.yaml
 
   # MC-Across-Service-Manager - Cross-Service Management
-  # Note: Latest release is v0.1.0, not v0.5.0 - Swagger file path needs verification
-  # - name: mc-across-service-manager
-  #   version: "0.1.0"                   # Latest release: v0.1.0 (not v0.5.0)
-  #   repository: https://github.com/m-cmp/mc-across-service-manager
-  #   swagger: https://raw.githubusercontent.com/m-cmp/mc-across-service-manager/v0.1.0/swagger.yaml
+  - name: mc-across-service-manager
+    version: "0.1.0"                   # Latest release: v0.1.0
+    repository: https://github.com/m-cmp/mc-across-service-manager
+    # swagger: https://raw.githubusercontent.com/m-cmp/mc-across-service-manager/v0.1.0/swagger.yaml  # Note: path needs verification
 
   # MC-Web-Console - Web Console Interface
-  # - name: mc-web-console
-  #   version: "0.1.0"
-  #   repository: https://github.com/m-cmp/mc-web-console
-  #   swagger: /path/to/swagger.yaml
+  - name: mc-web-console
+    version: "main"
+    repository: https://github.com/m-cmp/mc-web-console
+    # swagger: N/A (path unknown)
+
+  # MC-Application-Manager-FE - Application Manager Frontend
+  - name: mc-application-manager-fe
+    version: "main"
+    baseurl: http://application_manager_fe_url:18084
+    # swagger: N/A (frontend service)
+
+  # MC-Workflow-Manager-FE - Workflow Manager Frontend
+  - name: mc-workflow-manager-fe
+    version: "main"
+    baseurl: http://workflow_manager_fe_url:18083
+    # swagger: N/A (frontend service)
+
+  # MC-Data-Manager-FE - Data Manager Frontend
+  - name: mc-data-manager-fe
+    version: "main"
+    baseurl: http://data_manager_fe_url:3300
+    # swagger: N/A (frontend service)
+
+  # MC-Cost-Optimizer-FE - Cost Optimizer Frontend
+  - name: mc-cost-optimizer-fe
+    version: "main"
+    baseurl: http://cost_optimizer_fe_url:7780
+    # swagger: N/A (frontend service)

conf/mc-iam-manager/nginx.template.conf

@@ -209,7 +209,7 @@ http {
         location / {
             resolver 127.0.0.11 valid=10s;
             set $upstream_cost_fe mc-cost-optimizer-fe;
-            proxy_pass http://$upstream_cost_fe:80;
+            proxy_pass http://$upstream_cost_fe:${MC_COST_OPTIMIZER_FE_PORT};
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";

docker-compose.yaml

@@ -218,8 +218,12 @@ services:
         published: ${MC_IAM_MANAGER_PORT}
         protocol: tcp
     depends_on:
-      - mc-iam-manager-db
-      - mc-iam-manager-kc
+      mc-iam-manager-db:
+        condition: service_healthy
+      mc-iam-manager-kc:
+        condition: service_healthy
+      mc-infra-manager:
+        condition: service_healthy
     environment:
       DATABASE_URL: postgres://${MC_IAM_MANAGER_DATABASE_USER}:${MC_IAM_MANAGER_DATABASE_PASSWORD}@${MC_IAM_MANAGER_DATABASE_HOST}:5432/${MC_IAM_MANAGER_DATABASE_NAME}
       PORT: ${MC_IAM_MANAGER_PORT}

readme.md

@@ -330,6 +330,46 @@ swag init --output ./docs
 - `billadmin`: Cost management permissions
 - `billviewer`: Cost viewing permissions
 
+## Troubleshooting
+
+### `mc-iam-manager` Stays Unhealthy After Install
+
+If `docker compose ps` shows `mc-iam-manager` as **unhealthy** and
+`docker logs mc-iam-manager-post-initial` ends with
+`ERROR: 1_setup_auto.sh failed`, the post-init container ran before
+mc-iam-manager finished its first boot (cold-start timing race).
+
+Recovery:
+
+```bash
+# 1. Confirm all prerequisites are healthy
+docker compose ps
+
+# 2. Remove the exited post-init container, then re-run it
+docker rm mc-iam-manager-post-initial 2>/dev/null
+docker compose up -d mc-iam-manager-post-initial
+docker logs -f mc-iam-manager-post-initial
+# Each of the 8 setup steps should finish with ✓
+
+# 3. Verify
+curl -s http://localhost:${MC_IAM_MANAGER_PORT}/readyz | jq .
+# Expected: "status": "healthy"
+```
+
+> The post-init container is idempotent — it is safe to re-run.
+
+### Directory Permission Error When Running `0_preset_dev.sh`
+
+If `0_preset_dev.sh` fails with `Cannot create ... / is not writable`, root-owned files
+from a previous Docker run are blocking access. Clean them up and retry:
+
+```bash
+sudo rm -rf container-volume/mc-iam-manager/postgres container-volume/mc-iam-manager/keycloak
+./conf/mc-iam-manager/0_preset_dev.sh
+```
+
+---
+
 ## Contributing
 
 - **Report Issues**: [GitHub Issues](https://github.com/m-cmp/mc-iam-manager/issues)

readme_kr.md

@@ -331,6 +331,45 @@ swag init --output ./docs
 - `billadmin`: 비용 관리 권한
 - `billviewer`: 비용 조회 권한
 
+## 트러블슈팅
+
+### 설치 후 `mc-iam-manager`가 unhealthy 상태로 지속될 때
+
+`docker compose ps`에서 `mc-iam-manager`가 **unhealthy** 이고
+`docker logs mc-iam-manager-post-initial` 끝에
+`ERROR: 1_setup_auto.sh failed`가 보이면, post-init 컨테이너가
+mc-iam-manager의 초기 부팅 완료 전에 실행된 것입니다 (cold-start 타이밍 race).
+
+복구 방법:
+
+```bash
+# 1. 모든 사전 조건이 healthy 상태인지 확인
+docker compose ps
+
+# 2. 종료된 post-init 컨테이너를 삭제하고 재실행
+docker rm mc-iam-manager-post-initial 2>/dev/null
+docker compose up -d mc-iam-manager-post-initial
+docker logs -f mc-iam-manager-post-initial
+# 8단계 각각이 ✓ 로 완료되어야 합니다
+
+# 3. 상태 확인
+curl -s http://localhost:${MC_IAM_MANAGER_PORT}/readyz | jq .
+# 예상 결과: "status": "healthy"
+```
+
+> post-init 컨테이너는 멱등(idempotent)하게 설계되어 있어 재실행해도 안전합니다.
+
+### `0_preset_dev.sh` 실행 시 디렉토리 권한 오류
+
+`0_preset_dev.sh`가 `Cannot create ... / is not writable`로 실패하면, 이전 Docker 실행으로 생긴 root 소유 파일이 접근을 막고 있는 것입니다. 아래 명령으로 정리 후 재시도하세요:
+
+```bash
+sudo rm -rf container-volume/mc-iam-manager/postgres container-volume/mc-iam-manager/keycloak
+./conf/mc-iam-manager/0_preset_dev.sh
+```
+
+---
+
 ## 기여하기
 
 - **이슈 보고**: [GitHub Issues](https://github.com/m-cmp/mc-iam-manager/issues)