diff --git a/k8s-kustomize/overlays/prod/backend/deployment.yaml b/k8s-kustomize/overlays/prod/backend/deployment.yaml
index 9c50ae5..591a97c 100644
--- a/k8s-kustomize/overlays/prod/backend/deployment.yaml
+++ b/k8s-kustomize/overlays/prod/backend/deployment.yaml
@@ -8,7 +8,7 @@ metadata:
 # 스펙
 spec:
   # Replica 개수
-  replicas: 1
+  replicas: 0
 
   # 라벨
   template:
diff --git a/k8s-kustomize/overlays/prod/frontend/deployment.yaml b/k8s-kustomize/overlays/prod/frontend/deployment.yaml
index 20b05fc..8ac4060 100644
--- a/k8s-kustomize/overlays/prod/frontend/deployment.yaml
+++ b/k8s-kustomize/overlays/prod/frontend/deployment.yaml
@@ -8,7 +8,7 @@ metadata:
 # 스펙
 spec:
   # Replica 개수
-  replicas: 1
+  replicas: 0
 
   # 라벨
   template:
diff --git a/terraform/environments/prod/scripts/k8s-master-init.sh b/terraform/environments/prod/scripts/k8s-master-init.sh
index 306186a..f0417e7 100755
--- a/terraform/environments/prod/scripts/k8s-master-init.sh
+++ b/terraform/environments/prod/scripts/k8s-master-init.sh
@@ -66,6 +66,59 @@ apt-get update -y
 apt-get install -y kubelet kubeadm kubectl
 apt-mark hold kubelet kubeadm kubectl
 
+# ========================================
+# kubelet Artifact Registry credential provider 설정
+# ========================================
+mkdir -p /etc/kubernetes /opt/image-credential-provider
+
+cat <<'PROVIDER_EOF' >/opt/image-credential-provider/gcp-artifact-registry-provider
+#!/usr/bin/env bash
+set -euo pipefail
+
+# kubelet 요청 본문은 현재 인증 계산에 사용하지 않으므로 읽고 종료합니다.
+cat >/dev/null
+
+token_response="$(curl -fsSL -H 'Metadata-Flavor: Google' \
+  http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token)"
+access_token="$(printf '%s' "$${token_response}" | sed -n 's/.*"access_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"
+
+if [ -z "$${access_token}" ]; then
+  echo "메타데이터 서버에서 Artifact Registry access token을 가져오지 못했습니다." >&2
+  exit 1
+fi
+
+cat <<JSON_EOF
+{
+  "apiVersion": "credentialprovider.kubelet.k8s.io/v1",
+  "kind": "CredentialProviderResponse",
+  "cacheKeyType": "Registry",
+  "auth": {
+    "*.pkg.dev": {
+      "username": "oauth2accesstoken",
+      "password": "$${access_token}"
+    }
+  }
+}
+JSON_EOF
+PROVIDER_EOF
+
+chmod 0755 /opt/image-credential-provider/gcp-artifact-registry-provider
+
+cat <<'EOF' >/etc/kubernetes/credential-provider-config.yaml
+apiVersion: kubelet.config.k8s.io/v1
+kind: CredentialProviderConfig
+providers:
+  - name: gcp-artifact-registry-provider
+    apiVersion: credentialprovider.kubelet.k8s.io/v1
+    matchImages:
+      - "*.pkg.dev"
+    defaultCacheDuration: "30m"
+EOF
+
+cat <<'EOF' >/etc/default/kubelet
+KUBELET_EXTRA_ARGS="--image-credential-provider-config=/etc/kubernetes/credential-provider-config.yaml --image-credential-provider-bin-dir=/opt/image-credential-provider"
+EOF
+
 # ========================================
 # 서비스 활성화
 # ========================================
diff --git a/terraform/environments/prod/scripts/k8s-worker-init.sh b/terraform/environments/prod/scripts/k8s-worker-init.sh
index f949efa..372d12e 100755
--- a/terraform/environments/prod/scripts/k8s-worker-init.sh
+++ b/terraform/environments/prod/scripts/k8s-worker-init.sh
@@ -66,6 +66,59 @@ apt-get update -y
 apt-get install -y kubelet kubeadm
 apt-mark hold kubelet kubeadm
 
+# ========================================
+# kubelet Artifact Registry credential provider 설정
+# ========================================
+mkdir -p /etc/kubernetes /opt/image-credential-provider
+
+cat <<'PROVIDER_EOF' >/opt/image-credential-provider/gcp-artifact-registry-provider
+#!/usr/bin/env bash
+set -euo pipefail
+
+# kubelet 요청 본문은 현재 인증 계산에 사용하지 않으므로 읽고 종료합니다.
+cat >/dev/null
+
+token_response="$(curl -fsSL -H 'Metadata-Flavor: Google' \
+  http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token)"
+access_token="$(printf '%s' "${token_response}" | sed -n 's/.*"access_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"
+
+if [ -z "${access_token}" ]; then
+  echo "메타데이터 서버에서 Artifact Registry access token을 가져오지 못했습니다." >&2
+  exit 1
+fi
+
+cat <<JSON_EOF
+{
+  "apiVersion": "credentialprovider.kubelet.k8s.io/v1",
+  "kind": "CredentialProviderResponse",
+  "cacheKeyType": "Registry",
+  "auth": {
+    "*.pkg.dev": {
+      "username": "oauth2accesstoken",
+      "password": "${access_token}"
+    }
+  }
+}
+JSON_EOF
+PROVIDER_EOF
+
+chmod 0755 /opt/image-credential-provider/gcp-artifact-registry-provider
+
+cat <<'EOF' >/etc/kubernetes/credential-provider-config.yaml
+apiVersion: kubelet.config.k8s.io/v1
+kind: CredentialProviderConfig
+providers:
+  - name: gcp-artifact-registry-provider
+    apiVersion: credentialprovider.kubelet.k8s.io/v1
+    matchImages:
+      - "*.pkg.dev"
+    defaultCacheDuration: "30m"
+EOF
+
+cat <<'EOF' >/etc/default/kubelet
+KUBELET_EXTRA_ARGS="--image-credential-provider-config=/etc/kubernetes/credential-provider-config.yaml --image-credential-provider-bin-dir=/opt/image-credential-provider"
+EOF
+
 # ========================================
 # 서비스 활성화
 # ========================================