CHORE(merge): merge branch develop

- Sync main with develop branch
- Apply development changes

.github/workflows/create-sealed-secrets.yml.example

@@ -0,0 +1,89 @@
+name: Create Sealed Secrets (Example)
+
+# 이 워크플로우는 예시입니다. 필요에 따라 수정하여 사용하세요.
+# Secrets를 SealedSecrets로 변환하여 Git에 안전하게 저장합니다.
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Target environment (dev/prod)'
+        required: true
+        type: choice
+        options:
+          - dev
+          - prod
+      secret_name:
+        description: 'Secret name to create'
+        required: true
+        type: string
+
+jobs:
+  create-sealed-secret:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install kubeseal
+        run: |
+          KUBESEAL_VERSION="0.26.2"
+          wget "https://github.com/bitnami-labs/sealed-secrets/releases/download/v${KUBESEAL_VERSION}/kubeseal-${KUBESEAL_VERSION}-linux-amd64.tar.gz"
+          tar xfz "kubeseal-${KUBESEAL_VERSION}-linux-amd64.tar.gz"
+          sudo mv kubeseal /usr/local/bin/
+          kubeseal --version
+
+      - name: Download public certificate
+        run: |
+          # infrastructure 레포에서 public cert 가져오기
+          wget https://raw.githubusercontent.com/Mayne0213/infrastructure/main/sealed-secrets/pub-cert.pem -O /tmp/pub-cert.pem
+
+      - name: Create sealed secret for ArgoCD token
+        if: inputs.secret_name == 'argocd-token'
+        run: |
+          NAMESPACE="portfolio"
+          if [ "${{ inputs.environment }}" = "dev" ]; then
+            NAMESPACE="portfolio-dev"
+          fi
+
+          # GitHub Secret에서 값을 가져와서 SealedSecret 생성
+          kubectl create secret generic argocd-token \
+            --from-literal=token="${{ secrets.ARGOCD_TOKEN }}" \
+            --namespace="$NAMESPACE" \
+            --dry-run=client -o yaml | \
+          kubeseal --format=yaml \
+            --cert=/tmp/pub-cert.pem \
+            --scope=strict \
+            > "deploy/k8s/overlays/${{ inputs.environment }}/sealed-argocd-token.yaml"
+
+      - name: Create generic sealed secret
+        if: inputs.secret_name != 'argocd-token'
+        run: |
+          NAMESPACE="portfolio"
+          if [ "${{ inputs.environment }}" = "dev" ]; then
+            NAMESPACE="portfolio-dev"
+          fi
+
+          # 예시: API_KEY와 DATABASE_URL을 포함하는 앱 시크릿
+          kubectl create secret generic "${{ inputs.secret_name }}" \
+            --from-literal=API_KEY="${{ secrets.API_KEY }}" \
+            --from-literal=DATABASE_URL="${{ secrets.DATABASE_URL }}" \
+            --namespace="$NAMESPACE" \
+            --dry-run=client -o yaml | \
+          kubeseal --format=yaml \
+            --cert=/tmp/pub-cert.pem \
+            --scope=strict \
+            > "deploy/k8s/overlays/${{ inputs.environment }}/sealed-${{ inputs.secret_name }}.yaml"
+
+      - name: Commit and push sealed secret
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+
+          git add "deploy/k8s/overlays/${{ inputs.environment }}/sealed-*.yaml"
+          git commit -m "Add sealed secret ${{ inputs.secret_name }} for ${{ inputs.environment }}"
+          git push
+
+          echo "✅ Sealed secret created and pushed to repository"
+          echo "   ArgoCD will automatically deploy this sealed secret"

deploy/k8s/base/deployment.yaml

@@ -14,6 +14,7 @@ spec:
     rollingUpdate:
       maxUnavailable: 1
       maxSurge: 1
+  revisionHistoryLimit: 1
   template:
     metadata:
       labels:

deploy/k8s/base/kustomization.yaml

@@ -4,6 +4,7 @@ kind: Kustomization
 resources:
   - deployment.yaml
   - service.yaml
+  - sealed-argocd-token.yaml
 
 commonLabels:
   app.kubernetes.io/name: portfolio

deploy/k8s/base/sealed-argocd-token.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: argocd-token
+  namespace: portfolio
+spec:
+  encryptedData:
+    token: AgA6ns/ylNLMLS9mxTuLK77+lRSErBQJD/UTNkVTFEA/DJMWtrttbZ8qbl80P1FEMTrL5t6ZPErxNVc5oeIbpcng6WCR+jTWv6pNsP+YVTCRZarTpn3fIkV5yc1G6YgGIlhVGr3KeNvOhYcKgFg9ivPsZSrDXgixUjppcYLnsdwKJuFZNAQ5KInCDDyK7POhSYMjHbevxS2m+hhApj74g4Ns+RHnS2U5QdLLyXnTsTaj/AeIigGf7rScgMXd2nis3KI4VuZ+YHA/oCC8F+TBM2Qys+oD+MsGgDi+q/Ix+U6GlPy0StXiTNXUytuvfsW0XR8PuXszWMv2o8KXHaFTw3vFSHjcStJzhWbXTNvAJL/dsIWGJiizIfCIvpg3FOh+3rzF21kgNqQczdLXmoLuwR8TRifuWlGmKOwL2Y1Z7njlJuxyhl2LWgjw+Ih9VByWdNi3WzlzAFceslpVYYDdwPv3PwqAz5l5QEEhMpTKsGmPE/gRLRVz1+clymsn28AW3nf4SBPVeu0jsEsdVZOYRmT+AyyIhOonytP7fJ1KhNNmUHJPmPODj83p24PSs3F6NDwbcYYipIA1TcF16VJsjzge7d4EDVAyHo6QHrz17sIt90CBjhYwHDHRJzZciY3U51EmPxeYnMZSlM46uv0ulVs9BXcyz0hDTf0iiTmhfubtLK+lGZI9nM6j4Uwr8z9Ra0aAaaxuI9wJ9FqjboAMQynjvongsQ+5
+  template:
+    metadata:
+      name: argocd-token
+      namespace: portfolio
+    type: Opaque

deploy/k8s/overlays/dev/kustomization.yaml

@@ -14,7 +14,7 @@ commonLabels:
 # 이미지 태그 설정
 images:
   - name: ghcr.io/mayne0213/portfolio
-    newTag: develop-sha-9ac2eca62ac141be49c9a418cdd08ea8222f65c0
+    newTag: develop-sha-5b67e3ecc973bd95ac4fdeedaf4661dc467154df
 
 patchesStrategicMerge:
   - deployment-patch.yaml

deploy/k8s/overlays/prod/kustomization.yaml

@@ -13,7 +13,7 @@ commonLabels:
 # 이미지 태그 설정
 images:
   - name: ghcr.io/mayne0213/portfolio
-    newTag: main-sha-cf3c2d48de27cba154ed4912ff4180e5ab2a57f7
+    newTag: main-sha-f13b149e0e4335558efcadcad66284f3321ec9bd
 
 patchesStrategicMerge:
   - deployment-patch.yaml