REFACTOR(k8s): reorganize to base/overlays pattern

- Add k8s/base/ with deployment and service
- Add k8s/overlays/prod/ with environment config

deploy/argocd/application-prod.yaml

@@ -1,7 +1,7 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: mas
+  name: mas-prod
   namespace: argocd
   finalizers:
     - resources-finalizer.argocd.argoproj.io
@@ -10,7 +10,7 @@ spec:
   source:
     repoURL: https://gitea0213.kro.kr/bluemayne/mas.git
     targetRevision: main
-    path: deploy/k8s
+    path: deploy/k8s/overlays/prod
   destination:
     server: https://kubernetes.default.svc
     namespace: mas

deploy/argocd/kustomization.yaml

@@ -2,9 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-  # App of Apps Application
+  # App of Apps Application (self-managing)
   - application.yaml
   
-  # MAS Application
-  - mas.yaml
+  # Application deployments
+  - application-prod.yaml
 

deploy/k8s/base/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - deployment.yaml
+  - service.yaml
+
+commonLabels:
+  app.kubernetes.io/name: mas
+  app.kubernetes.io/component: platform
+
+images:
+  - name: harbor.mayne.vcn/mas/platform
+    newTag: latest
+

deploy/k8s/kustomization.yaml

@@ -1,14 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-namespace: mas
-
-resources:
-  - namespace.yaml
-  - deployment.yaml
-  - service.yaml
-  - ingress.yaml
-  - mas-api-keys.yaml
-  - mas-postgres.yaml
-  - postgresql-root-password.yaml
-

deploy/k8s/mas-api-keys.yaml

@@ -1,31 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: mas-api-keys
-  namespace: mas
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault-backend
-  target:
-    name: mas-api-keys
-    creationPolicy: Owner
-  data:
-    - secretKey: anthropic-api-key
-      remoteRef:
-        key: mas/api-keys
-        property: ANTHROPIC_API_KEY
-    - secretKey: groq-api-key
-      remoteRef:
-        key: mas/api-keys
-        property: GROQ_API_KEY
-    - secretKey: openai-api-key
-      remoteRef:
-        key: mas/api-keys
-        property: OPENAI_API_KEY
-    - secretKey: google-api-key
-      remoteRef:
-        key: mas/api-keys
-        property: GOOGLE_API_KEY
-

deploy/k8s/mas-postgres.yaml

@@ -1,19 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: mas-postgres
-  namespace: mas
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault-backend
-  target:
-    name: mas-postgres
-    creationPolicy: Owner
-  data:
-    - secretKey: password
-      remoteRef:
-        key: mas/postgres
-        property: PASSWORD
-

deploy/k8s/overlays/prod/externalsecret.yaml

@@ -0,0 +1,66 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mas-api-keys
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: mas-api-keys
+    creationPolicy: Owner
+  data:
+    - secretKey: anthropic-api-key
+      remoteRef:
+        key: mas/api-keys
+        property: ANTHROPIC_API_KEY
+    - secretKey: groq-api-key
+      remoteRef:
+        key: mas/api-keys
+        property: GROQ_API_KEY
+    - secretKey: openai-api-key
+      remoteRef:
+        key: mas/api-keys
+        property: OPENAI_API_KEY
+    - secretKey: google-api-key
+      remoteRef:
+        key: mas/api-keys
+        property: GOOGLE_API_KEY
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mas-postgres
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: mas-postgres
+    creationPolicy: Owner
+  data:
+    - secretKey: password
+      remoteRef:
+        key: mas/postgres
+        property: PASSWORD
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: postgresql-root-password
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: postgresql-root-password
+    creationPolicy: Owner
+  data:
+    - secretKey: password
+      remoteRef:
+        key: databases/postgresql
+        property: PASSWORD
+

deploy/k8s/overlays/prod/kustomization.yaml

@@ -0,0 +1,20 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: mas
+
+resources:
+  - ../../base
+  - namespace.yaml
+  - resourcequota.yaml
+  - externalsecret.yaml
+  - ingress.yaml
+
+commonLabels:
+  environment: production
+
+# 이미지 태그 설정 (ArgoCD Image Updater가 자동으로 업데이트)
+images:
+  - name: harbor.mayne.vcn/mas/platform
+    newTag: latest
+

deploy/k8s/overlays/prod/namespace.yaml

@@ -4,4 +4,5 @@ metadata:
   name: mas
   labels:
     name: mas
+    environment: production
 

deploy/k8s/overlays/prod/resourcequota.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: mas-quota
+spec:
+  hard:
+    requests.cpu: "4"
+    requests.memory: 8Gi
+    limits.cpu: "8"
+    limits.memory: 16Gi
+    persistentvolumeclaims: "5"
+

deploy/k8s/postgresql-root-password.yaml

@@ -1,19 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: postgresql-root-password
-  namespace: mas
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault-backend
-  target:
-    name: postgresql-root-password
-    creationPolicy: Owner
-  data:
-    - secretKey: password
-      remoteRef:
-        key: databases/postgresql
-        property: PASSWORD
-