REFACTOR(repo): simplify project structure

- Move services/nextjs/ to nextjs/
- Move Dockerfile.prod to Dockerfile at root
- Remove deploy/ folder (K8s manifests moved to K3S-HOME/web-apps)
- Remove .gitea/ workflows
- Update GitHub Actions for new structure
- Remove develop branch triggers

.gitea/workflows/build.yml

@@ -1,191 +0,0 @@
-name: Build Docker Image
-
-on:
-  push:
-    branches: [main, develop]
-    tags:
-      - 'v*'
-  workflow_dispatch:
-
-env:
-  REGISTRY: gitea0213.kro.kr
-  IMAGE_NAME: ${{ github.repository }}
-  DOCKER_HOST: tcp://172.17.0.1:2375
-
-jobs:
-  build-and-push:
-    runs-on: ubuntu-24.04-arm
-    permissions:
-      contents: write
-      packages: write
-
-    outputs:
-      image-tag: ${{ steps.meta.outputs.tags }}
-      image-digest: ${{ steps.build.outputs.digest }}
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Log in to Gitea Container Registry
-        run: |
-          echo "${{ secrets.GITEAREGISTRY }}" | docker login ${{ env.REGISTRY }} -u bluemayne --password-stdin
-
-      - name: Lowercase repository name
-        id: lowercase
-        run: |
-          echo "repo=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
-
-      - name: Extract metadata (tags, labels)
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY }}/${{ steps.lowercase.outputs.repo }}
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=sha,prefix={{branch}}-sha-,format=long
-            type=raw,value=latest,enable={{is_default_branch}}
-
-      - name: Build and push Docker image
-        id: build
-        run: |
-          TAGS="${{ steps.meta.outputs.tags }}"
-
-          # Build the image
-          docker build \
-            -t $(echo "$TAGS" | head -n 1) \
-            -f ./deploy/docker/Dockerfile.prod \
-            ./services/nextjs
-
-          # Tag all versions
-          FIRST_TAG=$(echo "$TAGS" | head -n 1)
-          echo "$TAGS" | while read tag; do
-            if [ "$tag" != "$FIRST_TAG" ]; then
-              docker tag "$FIRST_TAG" "$tag"
-            fi
-          done
-
-          # Push all tags
-          echo "$TAGS" | while read tag; do
-            docker push "$tag"
-          done
-
-          # Get digest
-          DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' "$FIRST_TAG" | cut -d'@' -f2)
-          echo "digest=$DIGEST" >> $GITHUB_OUTPUT
-
-      - name: Extract SHA tag
-        id: extract-tag
-        run: |
-          # Extract the SHA-based tag from the tags list
-          TAGS="${{ steps.meta.outputs.tags }}"
-          echo "All tags:"
-          echo "$TAGS"
-          echo "---"
-
-          # Get commit SHA (full 40 characters)
-          COMMIT_SHA="${{ github.sha }}"
-
-          # Get current branch name
-          BRANCH_NAME="${{ github.ref_name }}"
-          echo "Branch: $BRANCH_NAME"
-
-          # Method 1: Extract the full SHA tag from docker/metadata-action output
-          # docker/metadata-action creates: <branch>-sha-<full-40-char-sha>
-          SHA_TAG=$(echo "$TAGS" | grep -oE "${BRANCH_NAME}-sha-[a-f0-9]{40}" | head -n 1)
-
-          # Method 2: If not found, try to extract any branch-sha- tag (fallback)
-          if [ -z "$SHA_TAG" ]; then
-            SHA_TAG=$(echo "$TAGS" | grep -oE "${BRANCH_NAME}-sha-[a-f0-9]+" | head -n 1)
-            if [ -n "$SHA_TAG" ]; then
-              echo "⚠️  Found SHA tag (may not be full 40 chars): $SHA_TAG"
-            fi
-          fi
-
-          # Method 3: Fallback to commit SHA directly (construct the tag)
-          if [ -z "$SHA_TAG" ]; then
-            SHA_TAG="${BRANCH_NAME}-sha-$COMMIT_SHA"
-            echo "⚠️  Could not extract from tags, using commit SHA: $SHA_TAG"
-          fi
-
-          if [ -z "$SHA_TAG" ]; then
-            echo "❌ ERROR: Failed to extract SHA tag"
-            exit 1
-          fi
-
-          echo "sha-tag=$SHA_TAG" >> $GITHUB_OUTPUT
-          echo "✅ Extracted SHA tag: $SHA_TAG"
-
-      - name: Update kustomization with new image tag
-        env:
-          GITEA_TOKEN: ${{ secrets.GITEAREGISTRYTOKEN }}
-        run: |
-          git config --global user.name "gitea-actions[bot]"
-          git config --global user.email "gitea-actions[bot]@users.noreply.gitea.com"
-
-          # Validate that SHA_TAG is not empty
-          SHA_TAG="${{ steps.extract-tag.outputs.sha-tag }}"
-          if [ -z "$SHA_TAG" ]; then
-            echo "❌ ERROR: SHA_TAG is empty, cannot update kustomization"
-            exit 1
-          fi
-
-          # Determine overlay based on branch
-          BRANCH_NAME="${{ github.ref_name }}"
-          if [ "$BRANCH_NAME" = "main" ]; then
-            OVERLAY="prod"
-          elif [ "$BRANCH_NAME" = "develop" ]; then
-            OVERLAY="dev"
-          else
-            echo "⚠️  Unknown branch: $BRANCH_NAME, skipping kustomization update"
-            exit 0
-          fi
-
-          KUSTOMIZATION_FILE="deploy/k8s/overlays/$OVERLAY/kustomization.yaml"
-
-          # Check if kustomization file has images section
-          if grep -q "images:" "$KUSTOMIZATION_FILE"; then
-            echo "📝 Updating $KUSTOMIZATION_FILE with tag: $SHA_TAG"
-
-            # Update kustomization.yaml with new image tag
-            # Handle both cases: newTag: (with value) and newTag: (empty)
-            sed -i.bak "s|newTag:.*|newTag: $SHA_TAG|" "$KUSTOMIZATION_FILE"
-
-            # Verify the update was successful
-            if grep -q "newTag: $SHA_TAG" "$KUSTOMIZATION_FILE"; then
-              echo "✅ Successfully updated kustomization.yaml"
-              rm -f "$KUSTOMIZATION_FILE.bak"
-            else
-              echo "❌ ERROR: Failed to update kustomization.yaml"
-              cat "$KUSTOMIZATION_FILE"
-              exit 1
-            fi
-
-            # Commit and push if there are changes
-            if git diff --quiet; then
-              echo "No changes to commit"
-            else
-              git add "$KUSTOMIZATION_FILE"
-              git commit -m "Update $OVERLAY image to $SHA_TAG"
-              git push
-              echo "✅ Kustomization updated with new image tag: $SHA_TAG"
-            fi
-          else
-            echo "ℹ️  $OVERLAY overlay uses base image (latest tag), skipping kustomization update"
-            echo "   Image built with tag: $SHA_TAG"
-          fi
-
-      - name: Display image information
-        run: |
-          echo "✅ Image built and pushed successfully!"
-          echo "📦 Image tags:"
-          echo "${{ steps.meta.outputs.tags }}"
-          echo "🔖 SHA tag: ${{ steps.extract-tag.outputs.sha-tag }}"
-          echo "🔖 Digest: ${{ steps.build.outputs.digest }}"
-          echo ""
-          echo "🚀 Kustomization updated with new image tag"
-          echo "   ArgoCD will automatically detect and deploy this new image"
-          echo "   Monitor deployment at your ArgoCD dashboard"

.gitea/workflows/ci.yml

@@ -1,45 +0,0 @@
-name: CI
-
-on:
-  push:
-    branches: [main, develop]
-  pull_request:
-    branches: [main, develop]
-
-jobs:
-  lint-and-build:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-          cache: 'npm'
-          cache-dependency-path: services/nextjs/package-lock.json
-
-      - name: Install dependencies
-        working-directory: services/nextjs
-        run: npm ci
-
-      - name: Run ESLint
-        working-directory: services/nextjs
-        run: npm run lint
-
-      - name: Build Next.js application
-        working-directory: services/nextjs
-        run: npm run build
-        env:
-          NEXT_TELEMETRY_DISABLED: 1
-
-      - name: Check build output
-        working-directory: services/nextjs
-        run: |
-          if [ ! -d ".next" ]; then
-            echo "Build failed: .next directory not found"
-            exit 1
-          fi
-          echo "✅ Build completed successfully"

.github/workflows/build.yml

@@ -2,7 +2,7 @@ name: Build Docker Image
 
 on:
   push:
-    branches: [main, develop]
+    branches: [main]
     tags:
       - 'v*'
   workflow_dispatch:
@@ -15,7 +15,7 @@ jobs:
   build-and-push:
     runs-on: ubuntu-24.04-arm
     permissions:
-      contents: write
+      contents: read
       packages: write
 
     outputs:
@@ -47,19 +47,17 @@ jobs:
         with:
           images: ${{ env.REGISTRY }}/${{ steps.lowercase.outputs.repo }}
           tags: |
-            type=ref,event=branch
-            type=ref,event=pr
+            type=sha,prefix=sha-,format=long
+            type=raw,value=latest,enable={{is_default_branch}}
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
-            type=sha,prefix={{branch}}-sha-,format=long
-            type=raw,value=latest,enable={{is_default_branch}}
 
       - name: Build and push Docker image
         id: build
         uses: docker/build-push-action@v5
         with:
-          context: ./services/nextjs
-          file: ./deploy/docker/Dockerfile.prod
+          context: ./nextjs
+          file: ./Dockerfile
           push: true
           platforms: linux/arm64
           tags: ${{ steps.meta.outputs.tags }}
@@ -67,115 +65,9 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-      - name: Extract SHA tag
-        id: extract-tag
-        run: |
-          # Extract the SHA-based tag from the tags list
-          TAGS="${{ steps.meta.outputs.tags }}"
-          echo "All tags:"
-          echo "$TAGS"
-          echo "---"
-
-          # Get commit SHA (full 40 characters)
-          COMMIT_SHA="${{ github.sha }}"
-
-          # Get current branch name
-          BRANCH_NAME="${{ github.ref_name }}"
-          echo "Branch: $BRANCH_NAME"
-
-          # Method 1: Extract the full SHA tag from docker/metadata-action output
-          # docker/metadata-action creates: <branch>-sha-<full-40-char-sha>
-          SHA_TAG=$(echo "$TAGS" | grep -oE "${BRANCH_NAME}-sha-[a-f0-9]{40}" | head -n 1)
-
-          # Method 2: If not found, try to extract any branch-sha- tag (fallback)
-          if [ -z "$SHA_TAG" ]; then
-            SHA_TAG=$(echo "$TAGS" | grep -oE "${BRANCH_NAME}-sha-[a-f0-9]+" | head -n 1)
-            if [ -n "$SHA_TAG" ]; then
-              echo "⚠️  Found SHA tag (may not be full 40 chars): $SHA_TAG"
-            fi
-          fi
-
-          # Method 3: Fallback to commit SHA directly (construct the tag)
-          if [ -z "$SHA_TAG" ]; then
-            SHA_TAG="${BRANCH_NAME}-sha-$COMMIT_SHA"
-            echo "⚠️  Could not extract from tags, using commit SHA: $SHA_TAG"
-          fi
-
-          if [ -z "$SHA_TAG" ]; then
-            echo "❌ ERROR: Failed to extract SHA tag"
-            exit 1
-          fi
-
-          echo "sha-tag=$SHA_TAG" >> $GITHUB_OUTPUT
-          echo "✅ Extracted SHA tag: $SHA_TAG"
-
-      - name: Update kustomization with new image tag
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-
-          # Validate that SHA_TAG is not empty
-          SHA_TAG="${{ steps.extract-tag.outputs.sha-tag }}"
-          if [ -z "$SHA_TAG" ]; then
-            echo "❌ ERROR: SHA_TAG is empty, cannot update kustomization"
-            exit 1
-          fi
-
-          # Determine overlay based on branch
-          BRANCH_NAME="${{ github.ref_name }}"
-          if [ "$BRANCH_NAME" = "main" ]; then
-            OVERLAY="prod"
-          elif [ "$BRANCH_NAME" = "develop" ]; then
-            OVERLAY="dev"
-          else
-            echo "⚠️  Unknown branch: $BRANCH_NAME, skipping kustomization update"
-            exit 0
-          fi
-
-          KUSTOMIZATION_FILE="deploy/k8s/overlays/$OVERLAY/kustomization.yaml"
-
-          # Check if kustomization file has images section
-          if grep -q "images:" "$KUSTOMIZATION_FILE"; then
-            echo "📝 Updating $KUSTOMIZATION_FILE with tag: $SHA_TAG"
-
-            # Update kustomization.yaml with new image tag
-            # Handle both cases: newTag: (with value) and newTag: (empty)
-            sed -i.bak "s|newTag:.*|newTag: $SHA_TAG|" "$KUSTOMIZATION_FILE"
-
-            # Verify the update was successful
-            if grep -q "newTag: $SHA_TAG" "$KUSTOMIZATION_FILE"; then
-              echo "✅ Successfully updated kustomization.yaml"
-              rm -f "$KUSTOMIZATION_FILE.bak"
-            else
-              echo "❌ ERROR: Failed to update kustomization.yaml"
-              cat "$KUSTOMIZATION_FILE"
-              exit 1
-            fi
-
-            # Commit and push if there are changes
-            if git diff --quiet; then
-              echo "No changes to commit"
-            else
-              git add "$KUSTOMIZATION_FILE"
-              git commit -m "Update $OVERLAY image to $SHA_TAG"
-              git push
-              echo "✅ Kustomization updated with new image tag: $SHA_TAG"
-            fi
-          else
-            echo "ℹ️  $OVERLAY overlay uses base image (latest tag), skipping kustomization update"
-            echo "   Image built with tag: $SHA_TAG"
-          fi
-
       - name: Display image information
         run: |
-          echo "✅ Image built and pushed successfully!"
-          echo "📦 Image tags:"
+          echo "Image built and pushed successfully!"
+          echo "Image tags:"
           echo "${{ steps.meta.outputs.tags }}"
-          echo "🔖 SHA tag: ${{ steps.extract-tag.outputs.sha-tag }}"
-          echo "🔖 Digest: ${{ steps.build.outputs.digest }}"
-          echo ""
-          echo "🚀 Kustomization updated with new image tag"
-          echo "   ArgoCD will automatically detect and deploy this new image"
-          echo "   Monitor deployment at your ArgoCD dashboard"
+          echo "Digest: ${{ steps.build.outputs.digest }}"

.github/workflows/ci.yml

@@ -2,9 +2,9 @@ name: CI
 
 on:
   push:
-    branches: [main, develop]
+    branches: [main]
   pull_request:
-    branches: [main, develop]
+    branches: [main]
 
 jobs:
   lint-and-build:
@@ -19,28 +19,27 @@ jobs:
         with:
           node-version: '20'
           cache: 'npm'
-          cache-dependency-path: services/nextjs/package-lock.json
+          cache-dependency-path: nextjs/package-lock.json
 
       - name: Install dependencies
-        working-directory: services/nextjs
+        working-directory: nextjs
         run: npm ci
 
       - name: Run ESLint
-        working-directory: services/nextjs
+        working-directory: nextjs
         run: npm run lint
 
       - name: Build Next.js application
-        working-directory: services/nextjs
+        working-directory: nextjs
         run: npm run build
         env:
           NEXT_TELEMETRY_DISABLED: 1
 
       - name: Check build output
-        working-directory: services/nextjs
+        working-directory: nextjs
         run: |
           if [ ! -d ".next" ]; then
             echo "Build failed: .next directory not found"
             exit 1
           fi
-          echo "✅ Build completed successfully"
-
+          echo "Build completed successfully"

deploy/argocd/application-dev.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: todo-dev
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://github.com/Mayne0213/todo.git
-    targetRevision: develop
-    path: deploy/k8s/overlays/dev
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: todo-dev
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true

deploy/argocd/application-prod.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: todo-prod
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://github.com/Mayne0213/todo.git
-    targetRevision: main
-    path: deploy/k8s/overlays/prod
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: todo
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true

deploy/argocd/application.yaml

@@ -1,36 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: todo
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: default
-
-  source:
-    repoURL: https://github.com/Mayne0213/todo.git
-    targetRevision: main
-    path: deploy/argocd
-
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: argocd
-
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-      allowEmpty: false
-
-    syncOptions:
-      - CreateNamespace=true
-
-    retry:
-      limit: 5
-      backoff:
-        duration: 5s
-        factor: 2
-        maxDuration: 3m
-
-  revisionHistoryLimit: 10

deploy/argocd/kustomization.yaml

@@ -1,10 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  # App of Apps Application (self-managing)
-  - application.yaml
-
-  # Application deployments (prod and dev)
-  - application-dev.yaml
-  - application-prod.yaml

deploy/docker/Dockerfile.dev

@@ -1,30 +0,0 @@
-# trunk-ignore-all(checkov/CKV_DOCKER_3)
-FROM node:20-alpine AS base
-
-# Install dependencies for development
-RUN apk add --no-cache libc6-compat curl
-
-WORKDIR /app
-
-# Copy package files
-COPY package.json package-lock.json* ./
-
-# Install all dependencies (including dev dependencies)
-RUN npm ci
-
-# Copy source code
-COPY . .
-
-# Generate Prisma Client
-RUN npx prisma generate
-
-# Expose port
-EXPOSE 3000
-
-# Health check
-HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
-  CMD curl -f http://localhost:3000/api/health || exit 1
-
-# Default command (can be overridden in docker-compose)
-CMD ["npm", "run", "dev"]
-

deploy/docker/docker-compose.dev.yml

@@ -1,64 +0,0 @@
-services:
-  # Next.js Application (Development) - Using External Database (same as Jotion)
-  app:
-    image: todo-app-dev
-    build:
-      context: ../../services/nextjs
-      dockerfile: ../../deploy/docker/Dockerfile.dev
-    container_name: todo-app-dev
-    restart: unless-stopped
-    labels:
-      kompose.namespace: todo-dev
-    ports:
-      - "3002:3000"
-    env_file:
-      - ../../.env
-    environment:
-      - NODE_ENV=development
-    networks:
-      - todo-network-dev
-    volumes:
-      - ../../services/nextjs:/app
-      - /app/node_modules
-      - /app/.next
-      - app_logs_dev:/app/logs
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-      start_period: 40s
-    command: >
-      sh -lc "npx prisma db push --skip-generate && npm run dev"
-
-  # Prisma Studio - Connects to External Database
-  prisma-studio:
-    image: todo-app-dev
-    container_name: todo-prisma-studio
-    restart: unless-stopped
-    labels:
-      kompose.namespace: todo-dev
-    ports:
-      - "5556:5555"
-    env_file:
-      - ../../.env
-    environment:
-      - NODE_ENV=development
-    networks:
-      - todo-network-dev
-    volumes:
-      - ../../services/nextjs:/app
-      - /app/node_modules
-    command: npx prisma studio --port 5555 --hostname 0.0.0.0
-
-volumes:
-  # Named volumes for data persistence
-  app_logs_dev:
-    driver: local
-
-networks:
-  todo-network-dev:
-    driver: bridge
-    ipam:
-      config:
-        - subnet: 172.22.0.0/16

deploy/docker/docker-compose.yml

@@ -1,41 +0,0 @@
-services:
-  # Next.js Application - Using External Database (same as Jotion)
-  app:
-    image: todo-app
-    build:
-      context: ../../services/nextjs
-      dockerfile: ../../deploy/docker/Dockerfile.prod
-    container_name: todo-app
-    restart: unless-stopped
-    labels:
-      kompose.namespace: todo
-    ports:
-      - 3002:3000
-    env_file:
-      - ../../.env
-    environment:
-      - NODE_ENV=production
-    networks:
-      - todo-network
-    volumes:
-      - app_logs:/app/logs
-    healthcheck:
-      test: [CMD, curl, -f, http://localhost:3000/api/health]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-      start_period: 40s
-    command: >
-      sh -lc "npx prisma db push --skip-generate && node server.js"
-
-volumes:
-  # Named volumes for data persistence
-  app_logs:
-    driver: local
-
-networks:
-  todo-network:
-    driver: bridge
-    ipam:
-      config:
-        - subnet: 172.21.0.0/16

deploy/k8s/base/deployment.yaml

@@ -1,57 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: todo-app
-  labels:
-    app: todo-app
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: todo-app
-  strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 1
-      maxSurge: 1
-  revisionHistoryLimit: 1
-  template:
-    metadata:
-      labels:
-        app: todo-app
-    spec:
-      containers:
-        - name: todo-app
-          image: ghcr.io/mayne0213/todo:latest
-          imagePullPolicy: Always
-          ports:
-            - containerPort: 3000
-              protocol: TCP
-          env:
-            - name: NODE_ENV
-              value: production
-            - name: DATABASE_URL
-              valueFrom:
-                secretKeyRef:
-                  name: todo-secrets
-                  key: database-url
-          resources:
-            requests:
-              memory: "100Mi"
-              cpu: "50m"
-            limits:
-              memory: "200Mi"
-          livenessProbe:
-            httpGet:
-              path: /api/health
-              port: 3000
-            initialDelaySeconds: 30
-            periodSeconds: 10
-          readinessProbe:
-            httpGet:
-              path: /api/health
-              port: 3000
-            initialDelaySeconds: 5
-            periodSeconds: 5
-      restartPolicy: Always
-

deploy/k8s/base/kustomization.yaml

@@ -1,16 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - deployment.yaml
-  - service.yaml
-  - serviceaccount.yaml
-
-commonLabels:
-  app.kubernetes.io/name: todo
-  app.kubernetes.io/component: web
-
-images:
-  - name: gitea0213.kro.kr/bluemayne/todo
-    newTag: latest
-

deploy/k8s/base/service.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: todo-service
-  labels:
-    app: todo-app
-spec:
-  type: ClusterIP
-  ports:
-    - name: http
-      port: 80
-      targetPort: 3000
-      protocol: TCP
-  selector:
-    app: todo-app
-

deploy/k8s/base/serviceaccount.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: external-secrets

deploy/k8s/overlays/dev/deployment-patch.yaml

@@ -1,18 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: todo-app
-  labels:
-    environment: development
-spec:
-  replicas: 1
-  template:
-    spec:
-      containers:
-        - name: todo-app
-          resources:
-            requests:
-              memory: "40Mi"
-              cpu: "15m"
-            limits:
-              memory: "100Mi"

deploy/k8s/overlays/dev/externalsecret.yaml

@@ -1,18 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: todo-secrets
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: vault-backend
-    kind: SecretStore
-  target:
-    name: todo-secrets
-    creationPolicy: Owner
-    deletionPolicy: Retain
-  data:
-    - secretKey: database-url
-      remoteRef:
-        key: todo/dev
-        property: DATABASE_URL

deploy/k8s/overlays/dev/ingress.yaml

@@ -1,23 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: todo-dev-ingress
-  annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-spec:
-  ingressClassName: traefik
-  tls:
-  - hosts:
-    - dev.todo0213.kro.kr
-    secretName: todo-dev-tls
-  rules:
-    - host: dev.todo0213.kro.kr
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: todo-service
-                port:
-                  number: 80

deploy/k8s/overlays/dev/kustomization.yaml

@@ -1,23 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-namespace: todo-dev
-
-resources:
-  - ../../base
-  - resourcequota.yaml
-  - namespace.yaml
-  - secretstore.yaml
-  - externalsecret.yaml
-  - ingress.yaml
-
-commonLabels:
-  environment: development
-
-# 이미지 태그 설정
-images:
-  - name: gitea0213.kro.kr/bluemayne/todo
-    newTag: develop-sha-1a8d8cf79051d01d29c83356d54f318ab20fdc51
-
-patchesStrategicMerge:
-  - deployment-patch.yaml

deploy/k8s/overlays/dev/namespace.yaml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: todo-dev
-  labels:
-    environment: development
-    app: todo

deploy/k8s/overlays/dev/resourcequota.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ResourceQuota
-metadata:
-  name: todo-dev-quota
-  namespace: todo-dev
-spec:
-  hard:
-    requests.memory: "150Mi"
-    requests.cpu: "60m"
-    limits.memory: "300Mi"
-    pods: "6"

deploy/k8s/overlays/dev/secretstore.yaml

@@ -1,16 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: SecretStore
-metadata:
-  name: vault-backend
-spec:
-  provider:
-    vault:
-      server: http://vault.vault.svc.cluster.local:8200
-      path: secret
-      version: v2
-      auth:
-        kubernetes:
-          mountPath: kubernetes
-          role: todo-dev
-          serviceAccountRef:
-            name: external-secrets

deploy/k8s/overlays/prod/deployment-patch.yaml

@@ -1,19 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: todo-app
-  labels:
-    environment: production
-spec:
-  replicas: 2
-  template:
-    spec:
-      containers:
-        - name: todo-app
-          resources:
-            requests:
-              memory: "50Mi"
-              cpu: "20m"
-            limits:
-              memory: "120Mi"
-

deploy/k8s/overlays/prod/externalsecret.yaml

@@ -1,18 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: todo-secrets
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: vault-backend
-    kind: ClusterSecretStore
-  target:
-    name: todo-secrets
-    creationPolicy: Owner
-    deletionPolicy: Retain
-  data:
-    - secretKey: database-url
-      remoteRef:
-        key: todo/prod
-        property: DATABASE_URL

deploy/k8s/overlays/prod/ingress.yaml

@@ -1,39 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: todo-ingress
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    # HTTP를 HTTPS로 자동 리다이렉트
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    # cert-manager가 인증서를 자동으로 발급하도록 설정
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-spec:
-  ingressClassName: traefik
-  # TLS 설정
-  tls:
-  - hosts:
-    - todo0213.kro.kr
-    - www.todo0213.kro.kr
-    secretName: todo-tls
-  rules:
-    - host: todo0213.kro.kr
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: todo-service
-                port:
-                  number: 80
-    - host: www.todo0213.kro.kr
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: todo-service
-                port:
-                  number: 80

deploy/k8s/overlays/prod/kustomization.yaml

@@ -1,21 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-namespace: todo
-
-resources:
-  - ../../base
-  - resourcequota.yaml
-  - externalsecret.yaml
-  - ingress.yaml
-
-commonLabels:
-  environment: production
-
-# 이미지 태그 설정
-images:
-  - name: ghcr.io/mayne0213/todo
-    newTag: main-sha-6e069b27f1f9f196a61ed2f7941157d463edaa12
-
-patchesStrategicMerge:
-  - deployment-patch.yaml

deploy/k8s/overlays/prod/resourcequota.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: ResourceQuota
-metadata:
-  name: todo-quota
-  namespace: todo
-spec:
-  hard:
-    requests.memory: "250Mi"
-    requests.cpu: "100m"
-    limits.memory: "500Mi"
-    pods: "9"
-

deploy/k8s/overlays/prod/secretstore.yaml

@@ -1,16 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: SecretStore
-metadata:
-  name: vault-backend
-spec:
-  provider:
-    vault:
-      server: http://vault.vault.svc.cluster.local:8200
-      path: secret
-      version: v2
-      auth:
-        kubernetes:
-          mountPath: kubernetes
-          role: todo
-          serviceAccountRef:
-            name: external-secrets