FEAT(minio): add minio and pgweb

- move from applications to databases

pgweb/argocd/pgweb.yaml

@@ -0,0 +1,31 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: pgweb
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  
+  sources:
+    - repoURL: https://gitea0213.kro.kr/bluemayne/databases.git
+      targetRevision: main
+      path: pgweb
+  
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: pgweb
+  
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m

pgweb/deployment.yaml

@@ -0,0 +1,78 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: pgweb
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pgweb
+  namespace: pgweb
+  labels:
+    app: pgweb
+  annotations:
+    reloader.stakater.com/auto: "true"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pgweb
+  template:
+    metadata:
+      labels:
+        app: pgweb
+    spec:
+      containers:
+      - name: pgweb
+        image: sosedoff/pgweb:0.17.0
+        ports:
+        - containerPort: 8081
+          name: http
+        env:
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: pgweb-password
+              key: database-url
+        - name: PGWEB_AUTH_USER
+          valueFrom:
+            secretKeyRef:
+              name: pgweb-password
+              key: auth-user
+        - name: PGWEB_AUTH_PASS
+          valueFrom:
+            secretKeyRef:
+              name: pgweb-password
+              key: auth-password
+        args:
+        - "--bind=0.0.0.0"
+        - "--listen=8081"
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "50m"
+        livenessProbe:
+          tcpSocket:
+            port: 8081
+          initialDelaySeconds: 10
+          periodSeconds: 10
+        readinessProbe:
+          tcpSocket:
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 5
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: pgweb
+  namespace: pgweb
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8081
+  selector:
+    app: pgweb

pgweb/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  # ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
+  # - argocd/pgweb.yaml
+  - deployment.yaml
+  - vault/serviceaccount.yaml
+  - vault/secretstore.yaml
+  - vault/pgweb-secret.yaml

pgweb/vault/pgweb-secret.yaml

@@ -0,0 +1,26 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pgweb-secret
+  namespace: pgweb
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: SecretStore
+    name: vault-backend
+  target:
+    name: pgweb-password
+    creationPolicy: Owner
+  data:
+    - secretKey: database-url
+      remoteRef:
+        key: pgweb/dev
+        property: DATABASE_URL
+    - secretKey: auth-user
+      remoteRef:
+        key: pgweb/dev
+        property: AUTH_USER
+    - secretKey: auth-password
+      remoteRef:
+        key: pgweb/dev
+        property: AUTH_PASSWORD

pgweb/vault/secretstore.yaml

@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: vault-backend
+  namespace: pgweb
+spec:
+  provider:
+    vault:
+      server: http://vault.vault.svc.cluster.local:8200
+      path: secret
+      version: v2
+      auth:
+        kubernetes:
+          mountPath: kubernetes
+          role: pgweb
+          serviceAccountRef:
+            name: external-secrets

pgweb/vault/serviceaccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-secrets
+  namespace: pgweb