diff --git a/minio/argocd/minio.yaml b/minio/argocd/minio.yaml
new file mode 100644
index 0000000..e4b94cd
--- /dev/null
+++ b/minio/argocd/minio.yaml
@@ -0,0 +1,50 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: minio
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  sources:
+    # Official MinIO Helm chart
+    - repoURL: https://charts.min.io
+      chart: minio
+      targetRevision: 5.2.0
+      helm:
+        valueFiles:
+          - $values/minio/helm-values/minio.yaml
+    # Values file from Git repository
+    - repoURL: https://gitea0213.kro.kr/bluemayne/databases.git
+      targetRevision: main
+      ref: values
+    # Vault secrets from Git repository
+    - repoURL: https://gitea0213.kro.kr/bluemayne/databases.git
+      targetRevision: main
+      path: minio
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: minio
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+
+    syncOptions:
+      - CreateNamespace=true
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
+
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+
+  revisionHistoryLimit: 10
diff --git a/minio/helm-values/minio.yaml b/minio/helm-values/minio.yaml
new file mode 100644
index 0000000..d96ceb4
--- /dev/null
+++ b/minio/helm-values/minio.yaml
@@ -0,0 +1,85 @@
+# MinIO Helm Values
+# Chart: https://github.com/minio/minio/tree/master/helm/minio
+# Mode: Distributed with Erasure Coding (4 drives total)
+#
+# Disk allocation:
+# - master node: 1 x 50GB (1 disk for MinIO, 1 for MariaDB)
+# - worker-1: 2 x 50GB (2 disks for MinIO)
+# - worker-2: 1 x 50GB (1 disk for MinIO)
+# Total: 4 drives for erasure coding
+
+# Use latest MinIO image
+image:
+  repository: quay.io/minio/minio
+  tag: latest
+  pullPolicy: IfNotPresent
+
+# 4 replicas, 1 drive per replica = 4 drives total
+replicas: 4
+
+# Number of drives per node (each pod uses 1 drive)
+drivesPerNode: 1
+
+# Persistence - using dedicated 50GB disks
+persistence:
+  enabled: true
+  size: 45Gi
+  storageClass: minio-local
+
+# Root credentials from SealedSecret
+# Secret contains: root-user and root-password keys
+existingSecret: minio-root-password
+rootUserSecretKey: root-user
+rootPasswordSecretKey: root-password
+
+# Resources
+resources:
+  requests:
+    memory: 512Mi
+    cpu: 30m  # Reduced to 30% of original (100m -> 30m)
+
+# Service
+service:
+  type: ClusterIP
+  port: 9000
+
+# Console service
+consoleService:
+  type: ClusterIP
+  port: 9001
+
+# Environment variables
+environment:
+  MINIO_API_CORS_ALLOW_ORIGIN: "*"
+  MINIO_BROWSER_REDIRECT_URL: "https://minio.minio0213.kro.kr"
+  MINIO_PROMETHEUS_AUTH_TYPE: "public"
+
+# Ingress disabled (managed separately)
+ingress:
+  enabled: false
+
+consoleIngress:
+  enabled: false
+
+# Disable Kubernetes service links to prevent MINIO_SERVICE_PORT conflict
+# This prevents Kubernetes from injecting service-related environment variables
+enableServiceLinks: false
+
+# Use soft anti-affinity since worker-1 needs 2 pods (has 2 disks)
+affinity:
+  podAntiAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+              - key: app
+                operator: In
+                values:
+                  - minio
+          topologyKey: kubernetes.io/hostname
+
+# Prometheus metrics
+metrics:
+  serviceMonitor:
+    enabled: false
diff --git a/minio/kustomization.yaml b/minio/kustomization.yaml
new file mode 100644
index 0000000..53e5466
--- /dev/null
+++ b/minio/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  # ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
+  # - argocd/minio.yaml
+  - vault/minio-root-password.yaml
diff --git a/minio/vault/minio-root-password.yaml b/minio/vault/minio-root-password.yaml
new file mode 100644
index 0000000..e8bb40b
--- /dev/null
+++ b/minio/vault/minio-root-password.yaml
@@ -0,0 +1,30 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: minio-root-password
+  namespace: minio
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: minio-root-password
+    creationPolicy: Owner
+  data:
+    - secretKey: root-user
+      remoteRef:
+        key: minio/root
+        property: ROOT_USER
+    - secretKey: root-password
+      remoteRef:
+        key: minio/root
+        property: ROOT_PASSWORD
+    - secretKey: rootUser
+      remoteRef:
+        key: minio/root
+        property: ROOT_USER
+    - secretKey: rootPassword
+      remoteRef:
+        key: minio/root
+        property: ROOT_PASSWORD
diff --git a/pgweb/argocd/pgweb.yaml b/pgweb/argocd/pgweb.yaml
new file mode 100644
index 0000000..8cb2b1d
--- /dev/null
+++ b/pgweb/argocd/pgweb.yaml
@@ -0,0 +1,31 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: pgweb
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  
+  sources:
+    - repoURL: https://gitea0213.kro.kr/bluemayne/databases.git
+      targetRevision: main
+      path: pgweb
+  
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: pgweb
+  
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
diff --git a/pgweb/deployment.yaml b/pgweb/deployment.yaml
new file mode 100644
index 0000000..43a922f
--- /dev/null
+++ b/pgweb/deployment.yaml
@@ -0,0 +1,78 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: pgweb
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pgweb
+  namespace: pgweb
+  labels:
+    app: pgweb
+  annotations:
+    reloader.stakater.com/auto: "true"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pgweb
+  template:
+    metadata:
+      labels:
+        app: pgweb
+    spec:
+      containers:
+      - name: pgweb
+        image: sosedoff/pgweb:0.17.0
+        ports:
+        - containerPort: 8081
+          name: http
+        env:
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: pgweb-password
+              key: database-url
+        - name: PGWEB_AUTH_USER
+          valueFrom:
+            secretKeyRef:
+              name: pgweb-password
+              key: auth-user
+        - name: PGWEB_AUTH_PASS
+          valueFrom:
+            secretKeyRef:
+              name: pgweb-password
+              key: auth-password
+        args:
+        - "--bind=0.0.0.0"
+        - "--listen=8081"
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "50m"
+        livenessProbe:
+          tcpSocket:
+            port: 8081
+          initialDelaySeconds: 10
+          periodSeconds: 10
+        readinessProbe:
+          tcpSocket:
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 5
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: pgweb
+  namespace: pgweb
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8081
+  selector:
+    app: pgweb
diff --git a/pgweb/kustomization.yaml b/pgweb/kustomization.yaml
new file mode 100644
index 0000000..bc89382
--- /dev/null
+++ b/pgweb/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  # ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
+  # - argocd/pgweb.yaml
+  - deployment.yaml
+  - vault/serviceaccount.yaml
+  - vault/secretstore.yaml
+  - vault/pgweb-secret.yaml
diff --git a/pgweb/vault/pgweb-secret.yaml b/pgweb/vault/pgweb-secret.yaml
new file mode 100644
index 0000000..e7943f7
--- /dev/null
+++ b/pgweb/vault/pgweb-secret.yaml
@@ -0,0 +1,26 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pgweb-secret
+  namespace: pgweb
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: SecretStore
+    name: vault-backend
+  target:
+    name: pgweb-password
+    creationPolicy: Owner
+  data:
+    - secretKey: database-url
+      remoteRef:
+        key: pgweb/dev
+        property: DATABASE_URL
+    - secretKey: auth-user
+      remoteRef:
+        key: pgweb/dev
+        property: AUTH_USER
+    - secretKey: auth-password
+      remoteRef:
+        key: pgweb/dev
+        property: AUTH_PASSWORD
diff --git a/pgweb/vault/secretstore.yaml b/pgweb/vault/secretstore.yaml
new file mode 100644
index 0000000..3a9452e
--- /dev/null
+++ b/pgweb/vault/secretstore.yaml
@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: vault-backend
+  namespace: pgweb
+spec:
+  provider:
+    vault:
+      server: http://vault.vault.svc.cluster.local:8200
+      path: secret
+      version: v2
+      auth:
+        kubernetes:
+          mountPath: kubernetes
+          role: pgweb
+          serviceAccountRef:
+            name: external-secrets
diff --git a/pgweb/vault/serviceaccount.yaml b/pgweb/vault/serviceaccount.yaml
new file mode 100644
index 0000000..94703eb
--- /dev/null
+++ b/pgweb/vault/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-secrets
+  namespace: pgweb