REFACTOR(repo): restructure infra folder structure

- Remove argocd/, helm-values/, ingress/ subdirectories - Move files to parent directory with standardized names - Add namespace.yaml to all apps with Goldilocks labels - Preserve vault/ subdirectories (falco, velero) - Update main kustomization.yaml to reference argocd.yaml files directly - Comment out argocd.yaml in each app's kustomization.yaml to prevent circular reference Applications restructured: - cert-manager (2 ArgoCD apps) - external-secrets - reloader - vault (2 ArgoCD apps) - velero (2 ArgoCD apps) - falco - cnpg - haproxy - metallb - vpa - argocd
2025-12-29 02:21:00 +09:00
parent cedb4ec0d4
commit 34a1c9f783
14 changed files with 29 additions and 8 deletions
--- a/vault/helm-values.yaml
+++ b/vault/helm-values.yaml
@@ -0,0 +1,80 @@
+# HashiCorp Vault Helm Values
+# Chart: https://github.com/hashicorp/vault-helm
+
+global:
+  enabled: true
+  tlsDisable: true  # 내부 클러스터에서는 TLS 비활성화
+
+server:
+  enabled: true
+
+  # Production 모드 - PostgreSQL backend 사용
+  dev:
+    enabled: false
+
+  # Standalone mode with PostgreSQL backend
+  standalone:
+    enabled: true
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+
+      storage "postgresql" {
+      }
+
+      # Optional: Enable Prometheus metrics
+      telemetry {
+        prometheus_retention_time = "30s"
+        disable_hostname = true
+      }
+
+  # Environment variables from secrets
+  extraSecretEnvironmentVars:
+    - envName: VAULT_PG_CONNECTION_URL
+      secretName: vault-pg-connection
+      secretKey: connection_url
+
+  # 리소스 제한
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      memory: 512Mi
+
+  # Ingress 설정
+  ingress:
+    enabled: true
+    ingressClassName: haproxy
+    hosts:
+      - host: vault0213.kro.kr
+        paths:
+          - /
+    tls:
+      - secretName: vault-tls
+        hosts:
+          - vault0213.kro.kr
+
+  # 고가용성 비활성화 (단일 인스턴스)
+  ha:
+    enabled: false
+
+  # 서비스 타입
+  service:
+    enabled: true
+    type: ClusterIP
+    port: 8200
+
+# UI 활성화
+ui:
+  enabled: true
+  serviceType: ClusterIP
+
+# Injector (나중에 필요하면 활성화)
+injector:
+  enabled: false