FEAT(cert-manager): integrate cert-manager, Vault, Velero

- Add cert-manager configuration
- Add Vault and Velero integration

vault/argocd-secrets.yaml

@@ -1,32 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: vault-secrets
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: default
-  
-  source:
-    repoURL: https://gitea0213.kro.kr/bluemayne/cluster-infrastructure.git
-    targetRevision: main
-    path: vault
-  
-  destination:
-    server: https://kubernetes.default.svc
-  
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
-    retry:
-      limit: 5
-      backoff:
-        duration: 5s
-        factor: 2
-        maxDuration: 3m
-  
-  revisionHistoryLimit: 10

vault/argocd.yaml

@@ -9,17 +9,18 @@ spec:
   project: default
 
   sources:
-    # Helm chart from external repository
     - repoURL: https://helm.releases.hashicorp.com
       chart: vault
       targetRevision: 0.28.1
       helm:
         valueFiles:
           - $values/vault/helm-values.yaml
-    # Values file from Git repository
     - repoURL: https://gitea0213.kro.kr/bluemayne/cluster-infrastructure.git
       targetRevision: main
       ref: values
+    - repoURL: https://gitea0213.kro.kr/bluemayne/cluster-infrastructure.git
+      targetRevision: main
+      path: vault
 
   destination:
     server: https://kubernetes.default.svc

vault/kustomization.yaml

@@ -2,13 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-  # argocd.yaml files은 수동으로 관리 (순환 참조 방지)
-  # - argocd-vault.yaml
-  # - argocd-secrets.yaml
   - namespace.yaml
-
-  # External Secrets integration
-  # ServiceAccount is managed by external-secrets Helm chart
   - cluster-secret-store.yaml
-  - vault-postgres-secret.yaml
-  # vault-config-job.yaml은 삭제됨 (민감한 정보 포함으로 인해 .md 파일로 대체)

vault/vault-postgres-secret.yaml

@@ -1,21 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: vault-postgres-password
-  namespace: vault
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault-backend
-  target:
-    name: vault-postgres-password
-    creationPolicy: Owner
-    template:
-      data:
-        password: "{{ .password }}"
-  data:
-    - secretKey: password
-      remoteRef:
-        key: databases/postgresql-cnpg
-        property: VAULT_PASSWORD