REFACTOR(postgresql): change vault from dev

- to production mode with P...
- Disabled dev mode
- Added standalone mode with PostgreSQL storage backend
- Connected to postgresql-cnpg cluster (vault database)
- Added environment variable for PostgreSQL password from secret
- Increased resource limits (cpu: 100m, memory: 256Mi)

vault/helm-values/vault.yaml

@@ -8,16 +8,43 @@ global:
 server:
   enabled: true
 
-  # Dev 모드 (시작하기 쉽게, 나중에 production 모드로 변경 가능)
+  # Production 모드 - PostgreSQL backend 사용
   dev:
+    enabled: false
+
+  # Standalone mode with PostgreSQL backend
+  standalone:
     enabled: true
-    devRootToken: "root"  # 초기 root 토큰 (나중에 변경 권장)
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+
+      storage "postgresql" {
+        connection_url = "postgres://vault:${VAULT_POSTGRES_PASSWORD}@postgresql-cnpg-rw.postgresql-cnpg.svc.cluster.local:5432/vault?sslmode=disable"
+      }
+
+      # Optional: Enable Prometheus metrics
+      telemetry {
+        prometheus_retention_time = "30s"
+        disable_hostname = true
+      }
+
+  # Environment variables from secrets
+  extraSecretEnvironmentVars:
+    - envName: VAULT_POSTGRES_PASSWORD
+      secretName: vault-postgres-password
+      secretKey: password
 
   # 리소스 제한
   resources:
     requests:
-      cpu: 50m
+      cpu: 100m
-      memory: 128Mi
+      memory: 256Mi
     limits:
       memory: 512Mi
 

vault/kustomization.yaml

@@ -9,4 +9,5 @@ resources:
   # External Secrets integration
   # ServiceAccount is managed by external-secrets Helm chart
   - cluster-secret-store.yaml
+  - vault-postgres-secret.yaml
   # vault-config-job.yaml은 삭제됨 (민감한 정보 포함으로 인해 .md 파일로 대체)

vault/vault-postgres-secret.yaml

@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: vault-postgres-password
+  namespace: vault
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: vault-postgres-password
+    creationPolicy: Owner
+    template:
+      data:
+        password: "{{ .password }}"
+  data:
+    - secretKey: password
+      remoteRef:
+        key: databases/postgresql-cnpg
+        property: VAULT_PASSWORD