From 79cecf22976349f48bc2ea4f42d44967ec4763ae Mon Sep 17 00:00:00 2001
From: eedo_y <doup2001@naver.com>
Date: Mon, 6 Apr 2026 16:14:26 +0900
Subject: [PATCH 1/3] =?UTF-8?q?chore:=20GCP=20=EB=A0=88=EC=A7=80=EC=8A=A4?=
 =?UTF-8?q?=ED=8A=B8=EB=A6=AC=20provider=20=EC=8A=A4=ED=81=AC=EB=A6=BD?=
 =?UTF-8?q?=ED=8A=B8=20=EC=B6=94=EA=B0=80=20(#12)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../prod/scripts/k8s-master-init.sh           | 53 +++++++++++++++++++
 .../prod/scripts/k8s-worker-init.sh           | 53 +++++++++++++++++++
 2 files changed, 106 insertions(+)

diff --git a/terraform/environments/prod/scripts/k8s-master-init.sh b/terraform/environments/prod/scripts/k8s-master-init.sh
index 306186a..0f24c37 100755
--- a/terraform/environments/prod/scripts/k8s-master-init.sh
+++ b/terraform/environments/prod/scripts/k8s-master-init.sh
@@ -66,6 +66,59 @@ apt-get update -y
 apt-get install -y kubelet kubeadm kubectl
 apt-mark hold kubelet kubeadm kubectl
 
+# ========================================
+# kubelet Artifact Registry credential provider 설정
+# ========================================
+mkdir -p /etc/kubernetes /opt/image-credential-provider
+
+cat <<'PROVIDER_EOF' >/opt/image-credential-provider/gcp-artifact-registry-provider
+#!/usr/bin/env bash
+set -euo pipefail
+
+# kubelet 요청 본문은 현재 인증 계산에 사용하지 않으므로 읽고 종료합니다.
+cat >/dev/null
+
+token_response="$(curl -fsSL -H 'Metadata-Flavor: Google' \
+  http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token)"
+access_token="$(printf '%s' "${token_response}" | sed -n 's/.*"access_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"
+
+if [ -z "${access_token}" ]; then
+  echo "메타데이터 서버에서 Artifact Registry access token을 가져오지 못했습니다." >&2
+  exit 1
+fi
+
+cat <<JSON_EOF
+{
+  "apiVersion": "credentialprovider.kubelet.k8s.io/v1",
+  "kind": "CredentialProviderResponse",
+  "cacheKeyType": "Registry",
+  "auth": {
+    "*.pkg.dev": {
+      "username": "oauth2accesstoken",
+      "password": "${access_token}"
+    }
+  }
+}
+JSON_EOF
+PROVIDER_EOF
+
+chmod 0755 /opt/image-credential-provider/gcp-artifact-registry-provider
+
+cat <<'EOF' >/etc/kubernetes/credential-provider-config.yaml
+apiVersion: kubelet.config.k8s.io/v1
+kind: CredentialProviderConfig
+providers:
+  - name: gcp-artifact-registry-provider
+    apiVersion: credentialprovider.kubelet.k8s.io/v1
+    matchImages:
+      - "*.pkg.dev"
+    defaultCacheDuration: "30m"
+EOF
+
+cat <<'EOF' >/etc/default/kubelet
+KUBELET_EXTRA_ARGS="--image-credential-provider-config=/etc/kubernetes/credential-provider-config.yaml --image-credential-provider-bin-dir=/opt/image-credential-provider"
+EOF
+
 # ========================================
 # 서비스 활성화
 # ========================================
diff --git a/terraform/environments/prod/scripts/k8s-worker-init.sh b/terraform/environments/prod/scripts/k8s-worker-init.sh
index f949efa..372d12e 100755
--- a/terraform/environments/prod/scripts/k8s-worker-init.sh
+++ b/terraform/environments/prod/scripts/k8s-worker-init.sh
@@ -66,6 +66,59 @@ apt-get update -y
 apt-get install -y kubelet kubeadm
 apt-mark hold kubelet kubeadm
 
+# ========================================
+# kubelet Artifact Registry credential provider 설정
+# ========================================
+mkdir -p /etc/kubernetes /opt/image-credential-provider
+
+cat <<'PROVIDER_EOF' >/opt/image-credential-provider/gcp-artifact-registry-provider
+#!/usr/bin/env bash
+set -euo pipefail
+
+# kubelet 요청 본문은 현재 인증 계산에 사용하지 않으므로 읽고 종료합니다.
+cat >/dev/null
+
+token_response="$(curl -fsSL -H 'Metadata-Flavor: Google' \
+  http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token)"
+access_token="$(printf '%s' "${token_response}" | sed -n 's/.*"access_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"
+
+if [ -z "${access_token}" ]; then
+  echo "메타데이터 서버에서 Artifact Registry access token을 가져오지 못했습니다." >&2
+  exit 1
+fi
+
+cat <<JSON_EOF
+{
+  "apiVersion": "credentialprovider.kubelet.k8s.io/v1",
+  "kind": "CredentialProviderResponse",
+  "cacheKeyType": "Registry",
+  "auth": {
+    "*.pkg.dev": {
+      "username": "oauth2accesstoken",
+      "password": "${access_token}"
+    }
+  }
+}
+JSON_EOF
+PROVIDER_EOF
+
+chmod 0755 /opt/image-credential-provider/gcp-artifact-registry-provider
+
+cat <<'EOF' >/etc/kubernetes/credential-provider-config.yaml
+apiVersion: kubelet.config.k8s.io/v1
+kind: CredentialProviderConfig
+providers:
+  - name: gcp-artifact-registry-provider
+    apiVersion: credentialprovider.kubelet.k8s.io/v1
+    matchImages:
+      - "*.pkg.dev"
+    defaultCacheDuration: "30m"
+EOF
+
+cat <<'EOF' >/etc/default/kubelet
+KUBELET_EXTRA_ARGS="--image-credential-provider-config=/etc/kubernetes/credential-provider-config.yaml --image-credential-provider-bin-dir=/opt/image-credential-provider"
+EOF
+
 # ========================================
 # 서비스 활성화
 # ========================================

From 1615eacbb4e5b6574012dfa00576f66b6530abb1 Mon Sep 17 00:00:00 2001
From: eedo_y <doup2001@naver.com>
Date: Mon, 6 Apr 2026 16:14:57 +0900
Subject: [PATCH 2/3] =?UTF-8?q?fix:=20=EC=9E=84=EC=8B=9C=EB=A1=9C=20?=
 =?UTF-8?q?=EB=A0=88=ED=94=8C=EB=A6=AC=EC=B9=B4=EC=85=8B=20=EA=B0=9C?=
 =?UTF-8?q?=EC=88=98=20=EC=A1=B0=EC=A0=88=20(#12)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 k8s-kustomize/overlays/prod/backend/deployment.yaml  | 2 +-
 k8s-kustomize/overlays/prod/frontend/deployment.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/k8s-kustomize/overlays/prod/backend/deployment.yaml b/k8s-kustomize/overlays/prod/backend/deployment.yaml
index 9c50ae5..591a97c 100644
--- a/k8s-kustomize/overlays/prod/backend/deployment.yaml
+++ b/k8s-kustomize/overlays/prod/backend/deployment.yaml
@@ -8,7 +8,7 @@ metadata:
 # 스펙
 spec:
   # Replica 개수
-  replicas: 1
+  replicas: 0
 
   # 라벨
   template:
diff --git a/k8s-kustomize/overlays/prod/frontend/deployment.yaml b/k8s-kustomize/overlays/prod/frontend/deployment.yaml
index 20b05fc..8ac4060 100644
--- a/k8s-kustomize/overlays/prod/frontend/deployment.yaml
+++ b/k8s-kustomize/overlays/prod/frontend/deployment.yaml
@@ -8,7 +8,7 @@ metadata:
 # 스펙
 spec:
   # Replica 개수
-  replicas: 1
+  replicas: 0
 
   # 라벨
   template:

From fee3b993515bbadd94926cd659eb88696021ab7a Mon Sep 17 00:00:00 2001
From: eedo_y <doup2001@naver.com>
Date: Mon, 6 Apr 2026 16:18:47 +0900
Subject: [PATCH 3/3] =?UTF-8?q?fix:=20=EC=8A=A4=ED=81=AC=EB=A6=BD=ED=8A=B8?=
 =?UTF-8?q?=20=EB=B3=80=EC=88=98=EB=AA=85=20=ED=95=B4=EC=84=9D=20=EB=AC=B8?=
 =?UTF-8?q?=EC=A0=9C=20=EC=88=98=EC=A0=95=20(#12)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 terraform/environments/prod/scripts/k8s-master-init.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/terraform/environments/prod/scripts/k8s-master-init.sh b/terraform/environments/prod/scripts/k8s-master-init.sh
index 0f24c37..f0417e7 100755
--- a/terraform/environments/prod/scripts/k8s-master-init.sh
+++ b/terraform/environments/prod/scripts/k8s-master-init.sh
@@ -80,9 +80,9 @@ cat >/dev/null
 
 token_response="$(curl -fsSL -H 'Metadata-Flavor: Google' \
   http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token)"
-access_token="$(printf '%s' "${token_response}" | sed -n 's/.*"access_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"
+access_token="$(printf '%s' "$${token_response}" | sed -n 's/.*"access_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"
 
-if [ -z "${access_token}" ]; then
+if [ -z "$${access_token}" ]; then
   echo "메타데이터 서버에서 Artifact Registry access token을 가져오지 못했습니다." >&2
   exit 1
 fi
@@ -95,7 +95,7 @@ cat <<JSON_EOF
   "auth": {
     "*.pkg.dev": {
       "username": "oauth2accesstoken",
-      "password": "${access_token}"
+      "password": "$${access_token}"
     }
   }
 }