INIT(repo): cluster infrastructure setup

external-secrets/argocd/external-secrets.yaml

@@ -0,0 +1,46 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: external-secrets
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  sources:
+    # Helm chart from external repository
+    - repoURL: https://charts.external-secrets.io
+      chart: external-secrets
+      targetRevision: 0.10.5
+      helm:
+        valueFiles:
+          - $values/external-secrets/helm-values/external-secrets.yaml
+    # Values file from Git repository
+    - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
+      targetRevision: main
+      ref: values
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: external-secrets
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+
+    syncOptions:
+      - CreateNamespace=true
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
+
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+
+  revisionHistoryLimit: 10

external-secrets/helm-values/external-secrets.yaml

@@ -0,0 +1,40 @@
+# External Secrets Operator Helm Values
+# Chart: https://github.com/external-secrets/external-secrets
+
+# 리소스 제한
+resources:
+  requests:
+    cpu: 20m
+    memory: 64Mi
+  limits:
+    cpu: 200m
+    memory: 256Mi
+
+# Webhook 설정
+webhook:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 32Mi
+    limits:
+      cpu: 100m
+      memory: 128Mi
+
+# CertController 설정
+certController:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 32Mi
+    limits:
+      cpu: 100m
+      memory: 128Mi
+
+# 동시 실행 제한
+concurrent: 3
+
+# 로그 레벨
+logLevel: info
+
+# CRD 자동 설치
+installCRDs: true

external-secrets/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  # ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
+  # - argocd/external-secrets.yaml

vault/argocd/vault-secrets.yaml

@@ -0,0 +1,32 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: vault-secrets
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  
+  source:
+    repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
+    targetRevision: main
+    path: vault
+  
+  destination:
+    server: https://kubernetes.default.svc
+  
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+  
+  revisionHistoryLimit: 10

vault/argocd/vault.yaml

@@ -0,0 +1,46 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: vault
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  sources:
+    # Helm chart from external repository
+    - repoURL: https://helm.releases.hashicorp.com
+      chart: vault
+      targetRevision: 0.28.1
+      helm:
+        valueFiles:
+          - $values/vault/helm-values/vault.yaml
+    # Values file from Git repository
+    - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
+      targetRevision: main
+      ref: values
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: vault
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+
+    syncOptions:
+      - CreateNamespace=true
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
+
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+
+  revisionHistoryLimit: 10

vault/helm-values/vault.yaml

@@ -0,0 +1,55 @@
+# HashiCorp Vault Helm Values
+# Chart: https://github.com/hashicorp/vault-helm
+
+global:
+  enabled: true
+  tlsDisable: true  # 내부 클러스터에서는 TLS 비활성화
+
+server:
+  enabled: true
+  
+  # Dev 모드 (시작하기 쉽게, 나중에 production 모드로 변경 가능)
+  dev:
+    enabled: true
+    devRootToken: "root"  # 초기 root 토큰 (나중에 변경 권장)
+  
+  # 리소스 제한
+  resources:
+    requests:
+      cpu: 50m
+      memory: 128Mi
+    limits:
+      cpu: 500m
+      memory: 512Mi
+  
+  # Ingress 설정
+  ingress:
+    enabled: true
+    ingressClassName: nginx
+    hosts:
+      - host: vault0213.kro.kr
+        paths:
+          - /
+    tls:
+      - secretName: vault-tls
+        hosts:
+          - vault0213.kro.kr
+  
+  # 고가용성 비활성화 (단일 인스턴스)
+  ha:
+    enabled: false
+  
+  # 서비스 타입
+  service:
+    enabled: true
+    type: ClusterIP
+    port: 8200
+
+# UI 활성화
+ui:
+  enabled: true
+  serviceType: ClusterIP
+
+# Injector (나중에 필요하면 활성화)
+injector:
+  enabled: false

vault/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  # ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
+  # - argocd/vault.yaml
+  # - argocd/vault-secrets.yaml