PinHouse · doup2001 · Apr 5, 2026 · Apr 5, 2026 · Apr 5, 2026 · Apr 5, 2026
diff --git a/k8s-helm/.gitignore b/k8s-helm/.gitignore
@@ -12,6 +12,12 @@ platform-chart/**/README.md
 releases/**/secrets/*.yaml
 !releases/**/secrets/*.yaml.example
 
+# ========================================
+# ArgoCD
+# ========================================
+releases/argocd/values-*.yaml
+!releases/argocd/*.yaml.example
+
 # ========================================
 # 로컬 오버라이드 파일
 # ========================================

diff --git a/k8s-helm/platform-chart/values-nonprod.yaml.example b/k8s-helm/platform-chart/values-nonprod.yaml.example
@@ -189,10 +189,3 @@ externalSecrets:
               - regexp:
                   source: "^Stg_BE_(.*)$"
                   target: "$1"
-
-argocd:
-  imageUpdater:
-    restartCronJob:
-      enabled: true
-      # ECR 토큰은 12시간마다 만료되므로 6시간마다 재시작
-      schedule: "0 */6 * * *"
diff --git a/k8s-helm/platform-chart/values-prod.yaml.example b/k8s-helm/platform-chart/values-prod.yaml.example
@@ -168,11 +168,3 @@ externalSecrets:
               - regexp:
                   source: "^Prod_BE_(.*)$"
                   target: "$1"
-
-
-# ArgoCD 적용
-argocd:
-  imageUpdater:
-    restartCronJob:
-      enabled: true
-      schedule: "0 */6 * * *"
diff --git a/k8s-helm/platform-chart/values.yaml b/k8s-helm/platform-chart/values.yaml
@@ -112,12 +112,3 @@ externalSecrets:
 
   # ExternalSecret 리소스 목록
   secrets: []
-
-# ArgoCD 설정
-argocd:
-  # ArgoCD Image Updater ECR 토큰 자동 갱신
-  imageUpdater:
-    restartCronJob:
-      enabled: false
-      # 0 */6 * * * = 매 6시간마다 (0시, 6시, 12시, 18시)
-      schedule: "0 */6 * * *"
diff --git a/k8s-helm/releases/argocd/values-image-updater.yaml b/k8s-helm/releases/argocd/values-image-updater.yaml
@@ -0,0 +1,72 @@
+# ArgoCD Image Updater 생성
+
+# 기본 설정
+fullnameOverride: argocd-image-updater
+
+config:
+  # ArgoCD 연결 설정
+  argocd:
+    # ArgoCD가 같은 클러스터에 있으므로 내부 서비스 사용
+    grpcWeb: false
+    serverAddress: "http://argocd-server.argocd.svc.cluster.local"
+    insecure: true
+    plaintext: true
+
+  # Git write-back 설정
+  git:
+    user: argocd-image-updater
+    email: argocd-image-updater@noreply.github.com
+
+  # GCP Artifact Registry 설정
+  registries:
+    - name: GCP Artifact Registry
+      prefix: asia-northeast3-docker.pkg.dev
+      api_url: https://asia-northeast3-docker.pkg.dev
+      credentials: ext:/scripts/gcp-artifact-registry-login.sh
+      credsexpire: 45m
+      default: true
+
+  # 로그 레벨
+  logLevel: info
+
+# GCP Artifact Registry 인증 스크립트
+# self-managed GCE Kubernetes 환경을 전제로, 노드에 연결된 서비스 계정의
+# metadata server access token을 사용합니다.
+# 해당 서비스 계정에는 roles/artifactregistry.reader 권한이 필요합니다.
+authScripts:
+  enabled: true
+  scripts:
+    gcp-artifact-registry-login.sh: |
+      #!/bin/sh
+      set -eu
+
+      METADATA_URL="http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token"
+      TOKEN_RESPONSE="$(wget -qO- --header='Metadata-Flavor: Google' "${METADATA_URL}" | tr -d '\n')"
+      ACCESS_TOKEN="$(printf '%s' "${TOKEN_RESPONSE}" | sed -n 's/.*"access_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"
+
+      if [ -z "${ACCESS_TOKEN}" ]; then
+        echo "failed to fetch Artifact Registry access token from metadata server" >&2
+        exit 1
+      fi
+
+      printf 'oauth2accesstoken:%s\n' "${ACCESS_TOKEN}"
+
+# 리소스 제한
+resources:
+  requests:
+    cpu: 100m
+    memory: 128Mi
+  limits:
+    cpu: 200m
+    memory: 256Mi
+
+# 업데이트 주기
+image:
+  pullPolicy: IfNotPresent
+
+# ServiceAccount 설정
+serviceAccount:
+  create: true
+  name: argocd-image-updater
+
+# Git 환경 변수는 UI에서 주입
diff --git a/k8s-helm/releases/argocd/values-nonprod.yaml.example b/k8s-helm/releases/argocd/values-nonprod.yaml.example
@@ -0,0 +1,19 @@
+# Copy to values-nonprod.yaml and add argo/argo-cd overrides here.
+# Example:
+global:
+  domain: domain
+
+configs:
+  cm:
+    # Git/Helm 변경 감지 주기.
+    timeout.reconciliation: "60s"
+    timeout.reconciliation.jitter: "15s"
+
+  # TLS Termination을 Gateway에서 수행하므로 ArgoCD Server는 insecure 모드로 실행
+  params:
+    server.insecure: "true"
+
+# ArgoCD Server에 --insecure 플래그 추가
+server:
+  extraArgs:
+    - --insecure
diff --git a/k8s-helm/releases/argocd/values-prod.yaml.example b/k8s-helm/releases/argocd/values-prod.yaml.example
@@ -0,0 +1,19 @@
+# Copy to values-nonprod.yaml and add argo/argo-cd overrides here.
+# Example:
+global:
+  domain: domain
+
+configs:
+  cm:
+    # Git/Helm 변경 감지 주기.
+    timeout.reconciliation: "60s"
+    timeout.reconciliation.jitter: "15s"
+
+  # TLS Termination을 Gateway에서 수행하므로 ArgoCD Server는 insecure 모드로 실행
+  params:
+    server.insecure: "true"
+
+# ArgoCD Server에 --insecure 플래그 추가
+server:
+  extraArgs:
+    - --insecure
diff --git a/k8s-kustomize/.gitignore b/k8s-kustomize/.gitignore
@@ -0,0 +1,5 @@
+# ========================================
+# ArgoCD 차트
+# ========================================
+platform/**/secrets/*.yaml
+!platform/**/secrets/*.yaml.example
diff --git a/k8s-kustomize/platform/argocd/base/kustomization.yaml b/k8s-kustomize/platform/argocd/base/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - notifications-cm.yaml