CHORE(goldilocks): disable goldilocks

- and cancel trivy installation
- Comment out goldilocks/argocd.yaml from kustomization
- Comment out trivy/argocd.yaml from kustomization
- Disable autoSync in both applications
- Server overload mitigation

alertmanager/helm-values.yaml

@@ -20,32 +20,53 @@ serviceMonitor:
     release: prometheus
   namespace: prometheus
 
+# SMTP Secret 환경변수 주입
+extraEnv:
+  - name: SMTP_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: alertmanager-smtp
+        key: smtp_auth_password
+
 config:
   global:
     resolve_timeout: 5m
+    smtp_smarthost: "smtp.mail.me.com:587"
+    smtp_from: "bluemayne0213@icloud.com"
+    smtp_auth_username: "bluemayne0213@icloud.com"
+    smtp_auth_password: $(SMTP_PASSWORD)
+    smtp_require_tls: true
   route:
     group_by: ["alertname", "cluster", "service"]
-    group_wait: 10s
+    group_wait: 30s
-    group_interval: 10s
+    group_interval: 5m
-    repeat_interval: 12h
+    repeat_interval: 4h
-    receiver: "default"
+    receiver: "email"
     routes:
+    # Critical - 즉시 전송
     - match:
         severity: critical
-      receiver: "critical"
+      receiver: "email"
-      continue: true
+      group_wait: 10s
+      repeat_interval: 1h
+    # Warning
     - match:
         severity: warning
-      receiver: "warning"
+      receiver: "email"
+      group_wait: 1m
+      repeat_interval: 4h
+    # Watchdog 제외 (항상 firing)
+    - match:
+        alertname: Watchdog
+      receiver: "null"
   receivers:
-  - name: "default"
+  - name: "email"
-    # 기본 수신자 (로그만 남김)
+    email_configs:
-  - name: "critical"
+    - to: "bluemayne0213@icloud.com"
-    # TODO: Slack, Email 등 알림 채널 추가
+      send_resolved: true
-    # webhook_configs:
+      headers:
-    # - url: 'http://your-webhook-url'
+        subject: "[{{ .Status | toUpper }}] {{ .CommonLabels.alertname }}"
-  - name: "warning"
+  - name: "null"
-    # TODO: 경고 알림 채널 추가
   inhibit_rules:
   - source_match:
       severity: "critical"

alertmanager/kustomization.yaml

@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ingress.yaml
+  - vault/alertmanager-secrets.yaml

alertmanager/vault/alertmanager-secrets.yaml

@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: alertmanager-smtp
+  namespace: alertmanager
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: alertmanager-smtp
+    creationPolicy: Owner
+  data:
+    - secretKey: smtp_auth_password
+      remoteRef:
+        key: monitoring/alertmanager
+        property: SMTP_PASSWORD

goldilocks/argocd.yaml

@@ -24,10 +24,7 @@ spec:
     server: https://kubernetes.default.svc
     namespace: goldilocks
   syncPolicy:
-    automated:
+    # automated sync disabled for resource optimization
-      prune: true
-      selfHeal: true
-      allowEmpty: false
     syncOptions:
     - CreateNamespace=true
     - PrunePropagationPolicy=foreground

vpa/argocd.yaml

@@ -21,10 +21,7 @@ spec:
     server: https://kubernetes.default.svc
     namespace: vpa
   syncPolicy:
-    automated:
+    # automated sync disabled for resource optimization
-      prune: true
-      selfHeal: true
-      allowEmpty: false
     syncOptions:
     - CreateNamespace=true
     - PrunePropagationPolicy=foreground