diff --git a/k8s/awoooi-prod/kustomization.yaml b/k8s/awoooi-prod/kustomization.yaml
index 4c680977..dcba2d1c 100644
--- a/k8s/awoooi-prod/kustomization.yaml
+++ b/k8s/awoooi-prod/kustomization.yaml
@@ -14,28 +14,31 @@ namespace: awoooi-prod
 # 注意: commonLabels 會加到 Deployment selector，不能移除否則會 immutable error
 # NetworkPolicy 的 egress[].to[].podSelector 不受 commonLabels 影響
 commonLabels:
-  system: awoooi
   environment: prod
+  system: awoooi
 
-resources:
-  - 01-namespace-quota.yaml
   # 02-network-policy.yaml 不納入 - commonLabels 會破壞 DNS egress rule
   # 由 CD 單獨 apply: kubectl apply -f k8s/awoooi-prod/02-network-policy.yaml
   # 03-secrets.yaml 不納入，由 CI/CD 單獨處理
-  - 04-configmap.yaml
-  - 05-deployment-web.yaml
-  - 06-deployment-api.yaml
-  - 07-rbac.yaml  # Phase 7: K8sExecutor 最小權限 RBAC
-  - 08-deployment-worker.yaml  # Phase 6.5: Signal Worker
-  - 09-pdb.yaml  # Phase K0.4: PodDisruptionBudget
-  - 13-cronjob-k3s-report.yaml  # Phase 21.2: K3s 每日報告
-  - 14-cronjob-weekly-report.yaml  # Phase 21.3: 週報
+resources:
+- 01-namespace-quota.yaml
+- 04-configmap.yaml
+- 05-deployment-web.yaml
+- 06-deployment-api.yaml
+- 07-rbac.yaml
+- 08-deployment-worker.yaml
+- 09-pdb.yaml
+- 13-cronjob-k3s-report.yaml
+- 14-cronjob-weekly-report.yaml
 
 # 映像配置 (Tag 由 CI 動態注入)
 # Harbor 金庫: 110 主機 (192.168.0.110:5000)
 # ⚠️ 重要: name 必須與 deployment YAML 中的 image 完全匹配 (含 tag)
+    # newName + newTag 由 CI 透過 kustomize edit set image 注入
 images:
-  - name: 192.168.0.110:5000/library/web:IMAGE_TAG_PLACEHOLDER
-    # newName + newTag 由 CI 透過 kustomize edit set image 注入
-  - name: 192.168.0.110:5000/library/api:IMAGE_TAG_PLACEHOLDER
-    # newName + newTag 由 CI 透過 kustomize edit set image 注入
+- name: 192.168.0.110:5000/library/api:IMAGE_TAG_PLACEHOLDER
+  newName: 192.168.0.110:5000/awoooi/api
+  newTag: f3236338a53fee254b5e18f0c0bf6928e24b8300
+- name: 192.168.0.110:5000/library/web:IMAGE_TAG_PLACEHOLDER
+  newName: 192.168.0.110:5000/awoooi/web
+  newTag: f3236338a53fee254b5e18f0c0bf6928e24b8300