REFACTOR(app): migrate to vault secrets

- Migrate from SealedSecret to Vault
- Use ExternalSecrets operator

deploy/k8s/overlays/dev/externalsecret.yaml

@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: todo-secrets
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault-backend
+    kind: SecretStore
+  target:
+    name: todo-secrets
+    creationPolicy: Owner
+  data:
+    - secretKey: database-url
+      remoteRef:
+        key: todo/dev
+        property: DATABASE_URL

deploy/k8s/overlays/dev/kustomization.yaml

@@ -7,7 +7,7 @@ resources:
   - ../../base
   - resourcequota.yaml
   - namespace.yaml
-  - sealed-todo-secrets.yaml
+  - externalsecret.yaml
 
 commonLabels:
   environment: development
@@ -15,7 +15,7 @@ commonLabels:
 # 이미지 태그 설정
 images:
   - name: ghcr.io/mayne0213/todo
-    newTag: develop-sha-489b5be29a98d8ca1fc8b92aba3f0981806cdc8c
+    newTag: develop-sha-741395c60d615ff33f6d36e712090cd9eebb2f01
 
 patchesStrategicMerge:
   - deployment-patch.yaml

deploy/k8s/overlays/prod/externalsecret.yaml

@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: todo-secrets
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault-backend
+    kind: SecretStore
+  target:
+    name: todo-secrets
+    creationPolicy: Owner
+  data:
+    - secretKey: database-url
+      remoteRef:
+        key: todo/prod
+        property: DATABASE_URL

deploy/k8s/overlays/prod/kustomization.yaml

@@ -6,7 +6,7 @@ namespace: todo
 resources:
   - ../../base
   - resourcequota.yaml
-  - sealed-todo-secrets.yaml
+  - externalsecret.yaml
 
 commonLabels:
   environment: production