INIT(repo): apps setup with all user-facing servic

code-server/argocd/code-server.yaml

@@ -0,0 +1,40 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: code-server
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  sources:
+    - repoURL: https://github.com/coder/code-server.git
+      targetRevision: main
+      path: ci/helm-chart
+      helm:
+        valueFiles:
+          - $values/code-server/helm-values/code-server.yaml
+    - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
+      targetRevision: main
+      ref: values
+    - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
+      targetRevision: main
+      path: code-server
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: dev-tools
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m

code-server/helm-values/code-server.yaml

@@ -0,0 +1,69 @@
+fullnameOverride: code-server
+
+image:
+  repository: codercom/code-server
+  tag: 4.104.2
+  pullPolicy: Always
+
+# Persistence configuration for workspace data
+persistence:
+  enabled: true
+  accessMode: ReadWriteOnce
+  size: 20Gi
+  storageClassName: local-path
+
+# Use existing secret for password
+existingSecret: code-server-password
+existingSecretKey: password
+
+# Ingress configuration (will use main ingress)
+ingress:
+  enabled: false
+
+# Service configuration
+service:
+  type: ClusterIP
+  port: 8080
+
+# Resource limits
+resources:
+  requests:
+    cpu: 300m  # Reduced to 30% of original (1000m -> 300m)
+    memory: 4Gi  # 4GB (within available ~15GB)
+
+# Security context
+securityContext:
+  enabled: true
+  fsGroup: 1000
+  runAsUser: 1000
+
+# Volume permissions
+volumePermissions:
+  enabled: true
+
+# Extra arguments for code-server
+extraArgs:
+  - --auth
+  - password
+
+# Extra environment variables
+extraVars:
+  - name: TZ
+    value: "Asia/Seoul"
+
+# Health checks
+livenessProbe:
+  enabled: true
+  httpGet:
+    path: /healthz
+    port: 8080
+  initialDelaySeconds: 30
+  periodSeconds: 10
+
+readinessProbe:
+  enabled: true
+  httpGet:
+    path: /healthz
+    port: 8080
+  initialDelaySeconds: 10
+  periodSeconds: 5

code-server/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  # ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
+  # - argocd/code-server.yaml
+  - vault/code-server-password.yaml

code-server/vault/code-server-password.yaml

@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: code-server-password
+  namespace: dev-tools
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: code-server-password
+    creationPolicy: Owner
+  data:
+    - secretKey: password
+      remoteRef:
+        key: dev-tools/code-server
+        property: PASSWORD