From 92d4240eb19a0bb6e42ebaeffbd508489b316520 Mon Sep 17 00:00:00 2001 From: eedo_y Date: Sat, 4 Apr 2026 19:02:12 +0900 Subject: [PATCH 1/3] =?UTF-8?q?refactor:=20NLB=EB=A7=8C=20=EC=A7=80?= =?UTF-8?q?=EC=9B=90=ED=95=98=EB=8F=84=EB=A1=9D=20=EA=B0=84=EB=8B=A8?= =?UTF-8?q?=ED=95=98=EA=B2=8C=20=EC=88=98=EC=A0=95=20(#7)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- terraform/environments/prod/load-balancer.tf | 24 +-- terraform/modules/load-balancer/main.tf | 163 +------------------ terraform/modules/load-balancer/outputs.tf | 52 +----- terraform/modules/load-balancer/variables.tf | 61 ------- 4 files changed, 16 insertions(+), 284 deletions(-) diff --git a/terraform/environments/prod/load-balancer.tf b/terraform/environments/prod/load-balancer.tf index 10638c2..34b4650 100644 --- a/terraform/environments/prod/load-balancer.tf +++ b/terraform/environments/prod/load-balancer.tf @@ -8,12 +8,11 @@ module "load_balancer" { name_prefix = "${var.project}-${var.environment}-nlb" region = var.region - lb_type = var.lb_type # 헬스 체크 설정 create_health_check = true - health_check_protocol = var.lb_type == "NETWORK" ? "TCP" : (var.lb_type == "HTTPS" ? "HTTPS" : "HTTP") - health_check_port = var.lb_type == "HTTPS" ? 443 : 80 + health_check_protocol = "TCP" + health_check_port = 80 health_check_request_path = "/health" health_check_interval = 5 health_check_timeout = 5 @@ -25,23 +24,14 @@ module "load_balancer" { backend_timeout_sec = 30 session_affinity = "CLIENT_IP" backend_groups = var.use_instance_group ? [ - merge( - { - group = module.web_servers.instance_group_instance_group - balancing_mode = var.lb_type == "NETWORK" ? "CONNECTION" : "UTILIZATION" - }, - var.lb_type == "NETWORK" ? {} : { - max_utilization = 0.8 - } - ) + { + group = module.k8s_worker_nodes.instance_group_instance_group + balancing_mode = "CONNECTION" + } ] : [] - ssl_certificates = var.ssl_certificates # 포워딩 규칙 설정 forwarding_rule_ip_protocol = "TCP" - forwarding_rule_port_range = var.lb_type == "HTTPS" ? "443" : "80" + forwarding_rule_port_range = "80" network_tier = "PREMIUM" - - # HTTP(S) 로드 밸런서일 때만 CDN을 활성화합니다. - enable_cdn = var.lb_type == "HTTP" || var.lb_type == "HTTPS" ? true : false } diff --git a/terraform/modules/load-balancer/main.tf b/terraform/modules/load-balancer/main.tf index 907d218..45a57a0 100644 --- a/terraform/modules/load-balancer/main.tf +++ b/terraform/modules/load-balancer/main.tf @@ -1,55 +1,8 @@ -# ======================================== -# 글로벌 헬스 체크 리소스 -# ======================================== -resource "google_compute_health_check" "health_check" { - count = var.create_health_check && var.lb_type != "NETWORK" ? 1 : 0 - - name = "${var.name_prefix}-health-check" - check_interval_sec = var.health_check_interval - timeout_sec = var.health_check_timeout - healthy_threshold = var.health_check_healthy_threshold - unhealthy_threshold = var.health_check_unhealthy_threshold - - # HTTP 헬스 체크 설정입니다. - dynamic "http_health_check" { - for_each = var.health_check_protocol == "HTTP" ? [1] : [] - content { - port = var.health_check_port - request_path = var.health_check_request_path - } - } - - # HTTPS 헬스 체크 설정입니다. - dynamic "https_health_check" { - for_each = var.health_check_protocol == "HTTPS" ? [1] : [] - content { - port = var.health_check_port - request_path = var.health_check_request_path - } - } - - # TCP 헬스 체크 설정입니다. - dynamic "tcp_health_check" { - for_each = var.health_check_protocol == "TCP" ? [1] : [] - content { - port = var.health_check_port - } - } - - # SSL 헬스 체크 설정입니다. - dynamic "ssl_health_check" { - for_each = var.health_check_protocol == "SSL" ? [1] : [] - content { - port = var.health_check_port - } - } -} - # ======================================== # 리전 헬스 체크 리소스 # ======================================== resource "google_compute_region_health_check" "regional_health_check" { - count = var.create_health_check && var.lb_type == "NETWORK" ? 1 : 0 + count = var.create_health_check ? 1 : 0 name = "${var.name_prefix}-health-check" region = var.region @@ -94,15 +47,13 @@ resource "google_compute_region_health_check" "regional_health_check" { } locals { - created_health_check_ids = var.lb_type == "NETWORK" ? google_compute_region_health_check.regional_health_check[*].id : google_compute_health_check.health_check[*].id + created_health_check_ids = google_compute_region_health_check.regional_health_check[*].id } # ======================================== # 네트워크 로드 밸런서 백엔드 서비스 # ======================================== resource "google_compute_region_backend_service" "backend_service" { - count = var.lb_type == "NETWORK" ? 1 : 0 - name = "${var.name_prefix}-backend-service" region = var.region protocol = var.backend_protocol @@ -142,122 +93,14 @@ resource "google_compute_region_backend_service" "backend_service" { # 네트워크 로드 밸런서 포워딩 규칙 # ======================================== resource "google_compute_forwarding_rule" "forwarding_rule" { - count = var.lb_type == "NETWORK" ? 1 : 0 - name = "${var.name_prefix}-forwarding-rule" region = var.region ip_protocol = var.forwarding_rule_ip_protocol load_balancing_scheme = "EXTERNAL" port_range = var.forwarding_rule_port_range - backend_service = google_compute_region_backend_service.backend_service[0].id + backend_service = google_compute_region_backend_service.backend_service.id network_tier = var.network_tier # 필요 시 고정 IP를 연결합니다. ip_address = var.forwarding_rule_ip_address } - -# ======================================== -# HTTP(S) 글로벌 백엔드 서비스 -# ======================================== -resource "google_compute_backend_service" "global_backend_service" { - count = var.lb_type == "HTTP" || var.lb_type == "HTTPS" ? 1 : 0 - - name = "${var.name_prefix}-backend-service" - protocol = var.lb_type - load_balancing_scheme = "EXTERNAL" - timeout_sec = var.backend_timeout_sec - enable_cdn = var.enable_cdn - - # 백엔드 그룹 정의입니다. - dynamic "backend" { - for_each = var.backend_groups - content { - group = backend.value.group - balancing_mode = lookup(backend.value, "balancing_mode", "UTILIZATION") - capacity_scaler = lookup(backend.value, "capacity_scaler", 1.0) - max_utilization = lookup(backend.value, "max_utilization", 0.8) - } - } - - # 생성한 헬스 체크가 있으면 우선 사용합니다. - health_checks = var.create_health_check ? local.created_health_check_ids : var.health_check_ids - - # 세션 어피니티 설정입니다. - session_affinity = var.session_affinity - - # CDN이 활성화된 경우에만 CDN 정책을 추가합니다. - dynamic "cdn_policy" { - for_each = var.enable_cdn ? [1] : [] - content { - cache_mode = var.cdn_cache_mode - default_ttl = var.cdn_default_ttl - max_ttl = var.cdn_max_ttl - client_ttl = var.cdn_client_ttl - negative_caching = var.cdn_negative_caching - serve_while_stale = var.cdn_serve_while_stale - - cache_key_policy { - include_host = true - include_protocol = true - include_query_string = true - } - } - } -} - -# ======================================== -# URL Map 리소스 -# ======================================== -resource "google_compute_url_map" "url_map" { - count = var.lb_type == "HTTP" || var.lb_type == "HTTPS" ? 1 : 0 - - name = "${var.name_prefix}-url-map" - default_service = google_compute_backend_service.global_backend_service[0].id -} - -# ======================================== -# HTTP 프록시 리소스 -# ======================================== -resource "google_compute_target_http_proxy" "http_proxy" { - count = var.lb_type == "HTTP" ? 1 : 0 - - name = "${var.name_prefix}-http-proxy" - url_map = google_compute_url_map.url_map[0].id -} - -# ======================================== -# HTTPS 프록시 리소스 -# ======================================== -resource "google_compute_target_https_proxy" "https_proxy" { - count = var.lb_type == "HTTPS" ? 1 : 0 - - name = "${var.name_prefix}-https-proxy" - url_map = google_compute_url_map.url_map[0].id - ssl_certificates = var.ssl_certificates -} - -# ======================================== -# HTTP 글로벌 포워딩 규칙 -# ======================================== -resource "google_compute_global_forwarding_rule" "http_forwarding_rule" { - count = var.lb_type == "HTTP" ? 1 : 0 - - name = "${var.name_prefix}-http-forwarding-rule" - target = google_compute_target_http_proxy.http_proxy[0].id - port_range = "80" - load_balancing_scheme = "EXTERNAL" - ip_address = var.forwarding_rule_ip_address -} - -# ======================================== -# HTTPS 글로벌 포워딩 규칙 -# ======================================== -resource "google_compute_global_forwarding_rule" "https_forwarding_rule" { - count = var.lb_type == "HTTPS" ? 1 : 0 - - name = "${var.name_prefix}-https-forwarding-rule" - target = google_compute_target_https_proxy.https_proxy[0].id - port_range = "443" - load_balancing_scheme = "EXTERNAL" - ip_address = var.forwarding_rule_ip_address -} diff --git a/terraform/modules/load-balancer/outputs.tf b/terraform/modules/load-balancer/outputs.tf index 273d79c..81c2571 100644 --- a/terraform/modules/load-balancer/outputs.tf +++ b/terraform/modules/load-balancer/outputs.tf @@ -3,16 +3,12 @@ # ======================================== output "health_check_id" { description = "생성된 헬스 체크 ID입니다." - value = var.create_health_check ? ( - var.lb_type == "NETWORK" ? google_compute_region_health_check.regional_health_check[0].id : google_compute_health_check.health_check[0].id - ) : null + value = var.create_health_check ? google_compute_region_health_check.regional_health_check[0].id : null } output "health_check_self_link" { description = "생성된 헬스 체크 self_link입니다." - value = var.create_health_check ? ( - var.lb_type == "NETWORK" ? google_compute_region_health_check.regional_health_check[0].self_link : google_compute_health_check.health_check[0].self_link - ) : null + value = var.create_health_check ? google_compute_region_health_check.regional_health_check[0].self_link : null } # ======================================== @@ -20,25 +16,12 @@ output "health_check_self_link" { # ======================================== output "backend_service_id" { description = "생성된 네트워크 로드 밸런서 백엔드 서비스 ID입니다." - value = var.lb_type == "NETWORK" ? google_compute_region_backend_service.backend_service[0].id : null + value = google_compute_region_backend_service.backend_service.id } output "backend_service_self_link" { description = "생성된 네트워크 로드 밸런서 백엔드 서비스 self_link입니다." - value = var.lb_type == "NETWORK" ? google_compute_region_backend_service.backend_service[0].self_link : null -} - -# ======================================== -# HTTP(S) 로드 밸런서 출력값 -# ======================================== -output "global_backend_service_id" { - description = "생성된 HTTP(S) 글로벌 백엔드 서비스 ID입니다." - value = (var.lb_type == "HTTP" || var.lb_type == "HTTPS") ? google_compute_backend_service.global_backend_service[0].id : null -} - -output "global_backend_service_self_link" { - description = "생성된 HTTP(S) 글로벌 백엔드 서비스 self_link입니다." - value = (var.lb_type == "HTTP" || var.lb_type == "HTTPS") ? google_compute_backend_service.global_backend_service[0].self_link : null + value = google_compute_region_backend_service.backend_service.self_link } # ======================================== @@ -46,33 +29,10 @@ output "global_backend_service_self_link" { # ======================================== output "forwarding_rule_ip_address" { description = "생성된 포워딩 규칙 IP 주소입니다." - value = var.lb_type == "NETWORK" ? google_compute_forwarding_rule.forwarding_rule[0].ip_address : ( - var.lb_type == "HTTP" ? google_compute_global_forwarding_rule.http_forwarding_rule[0].ip_address : ( - var.lb_type == "HTTPS" ? google_compute_global_forwarding_rule.https_forwarding_rule[0].ip_address : null - ) - ) + value = google_compute_forwarding_rule.forwarding_rule.ip_address } output "forwarding_rule_self_link" { description = "생성된 포워딩 규칙 self_link입니다." - value = var.lb_type == "NETWORK" ? google_compute_forwarding_rule.forwarding_rule[0].self_link : ( - var.lb_type == "HTTP" ? google_compute_global_forwarding_rule.http_forwarding_rule[0].self_link : ( - var.lb_type == "HTTPS" ? google_compute_global_forwarding_rule.https_forwarding_rule[0].self_link : null - ) - ) -} - -# ======================================== -# URL Map 및 프록시 출력값 -# ======================================== -output "url_map_id" { - description = "생성된 URL Map ID입니다." - value = (var.lb_type == "HTTP" || var.lb_type == "HTTPS") ? google_compute_url_map.url_map[0].id : null -} - -output "proxy_id" { - description = "생성된 프록시 ID입니다." - value = var.lb_type == "HTTP" ? google_compute_target_http_proxy.http_proxy[0].id : ( - var.lb_type == "HTTPS" ? google_compute_target_https_proxy.https_proxy[0].id : null - ) + value = google_compute_forwarding_rule.forwarding_rule.self_link } diff --git a/terraform/modules/load-balancer/variables.tf b/terraform/modules/load-balancer/variables.tf index 581b1eb..7c33e5b 100644 --- a/terraform/modules/load-balancer/variables.tf +++ b/terraform/modules/load-balancer/variables.tf @@ -12,20 +12,6 @@ variable "region" { default = "asia-northeast3" } -variable "lb_type" { - description = "로드 밸런서 타입입니다. NETWORK, HTTP, HTTPS 중 하나를 사용합니다." - type = string - default = "NETWORK" - - validation { - condition = contains(["NETWORK", "HTTP", "HTTPS"], var.lb_type) - error_message = "lb_type은 NETWORK, HTTP, HTTPS 중 하나여야 합니다." - } -} - -# ======================================== -# 헬스 체크 변수 -# ======================================== variable "create_health_check" { description = "헬스 체크 생성 여부입니다." type = bool @@ -153,50 +139,3 @@ variable "network_tier" { # ======================================== # HTTPS 및 CDN 관련 변수 # ======================================== -variable "ssl_certificates" { - description = "HTTPS 로드 밸런서에 연결할 SSL 인증서 self_link 목록입니다." - type = list(string) - default = [] -} - -variable "enable_cdn" { - description = "CDN 사용 여부입니다." - type = bool - default = false -} - -variable "cdn_cache_mode" { - description = "CDN 캐시 모드입니다. CACHE_ALL_STATIC, USE_ORIGIN_HEADERS, FORCE_CACHE_ALL 중 하나를 사용합니다." - type = string - default = "USE_ORIGIN_HEADERS" -} - -variable "cdn_default_ttl" { - description = "CDN 기본 TTL(초)입니다." - type = number - default = 3600 -} - -variable "cdn_max_ttl" { - description = "CDN 최대 TTL(초)입니다." - type = number - default = 86400 -} - -variable "cdn_client_ttl" { - description = "클라이언트 응답에 사용할 CDN TTL(초)입니다." - type = number - default = 3600 -} - -variable "cdn_negative_caching" { - description = "CDN 네거티브 캐싱 사용 여부입니다." - type = bool - default = false -} - -variable "cdn_serve_while_stale" { - description = "원본 응답 지연 시 오래된 콘텐츠를 유지할 시간(초)입니다." - type = number - default = 86400 -} From a41da822add02411d8e1ea1e91674018eec01214 Mon Sep 17 00:00:00 2001 From: eedo_y Date: Sat, 4 Apr 2026 19:07:09 +0900 Subject: [PATCH 2/3] =?UTF-8?q?feat:=20K8s=20=EC=9D=B8=EC=8A=A4=ED=84=B4?= =?UTF-8?q?=EC=8A=A4=20=EA=B7=B8=EB=A3=B9=20=EC=83=9D=EC=84=B1=20(#7)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- terraform/environments/prod/compute.tf | 80 ++++++++++++++------ terraform/environments/prod/load-balancer.tf | 4 +- terraform/environments/prod/outputs.tf | 27 +++++-- terraform/environments/prod/variables.tf | 60 ++++++--------- terraform/environments/prod/vpc.tf | 5 +- 5 files changed, 105 insertions(+), 71 deletions(-) diff --git a/terraform/environments/prod/compute.tf b/terraform/environments/prod/compute.tf index 9868db6..b7d35e6 100644 --- a/terraform/environments/prod/compute.tf +++ b/terraform/environments/prod/compute.tf @@ -1,49 +1,79 @@ # ======================================== -# 웹 서버 컴퓨트 모듈 +# Kubernetes 마스터 노드 컴퓨트 모듈 # ======================================== -module "web_servers" { +module "k8s_master_nodes" { source = "../../modules/compute" - name_prefix = "${var.project}-${var.environment}-web" + name_prefix = "${var.project}-${var.environment}-k8s-master" + network = module.vpc.vpc_self_link + subnetwork = module.vpc.subnets["app"].self_link + + # 관리형 인스턴스 그룹 설정 + create_instance_template = true + create_instance_group = true + + instance_group_zone = "${var.region}-a" + instance_group_target_size = var.k8s_master_instance_group_size + + # 마스터 노드는 단일 인스턴스로 고정 운영합니다. + enable_autoscaling = false + + # 공통 인스턴스 설정 + machine_type = var.k8s_master_machine_type + source_image = var.k8s_node_source_image + boot_disk_size_gb = var.k8s_node_boot_disk_size_gb + boot_disk_type = "pd-balanced" + enable_external_ip = false + tags = ["k8s-master", var.environment] + + # 태그 + common_tags = merge(var.common_tags, { + Service = "Kubernetes" + Role = "Master" + }) + + # 서비스 계정 설정 + service_account_email = var.service_account_email + service_account_scopes = [ + "https://www.googleapis.com/auth/cloud-platform" + ] +} + +# ======================================== +# Kubernetes 워커 노드 컴퓨트 모듈 +# ======================================== +module "k8s_worker_nodes" { + source = "../../modules/compute" + + name_prefix = "${var.project}-${var.environment}-k8s-worker" network = module.vpc.vpc_self_link subnetwork = module.vpc.subnets["web"].self_link # 관리형 인스턴스 그룹 설정 - create_instance_template = var.use_instance_group - create_instance_group = var.use_instance_group + create_instance_template = true + create_instance_group = true instance_group_zone = "${var.region}-a" - instance_group_target_size = var.instance_group_size + instance_group_target_size = var.k8s_worker_instance_group_size - # 오토스케일링 설정 + # 워커 노드는 비용 절감을 우선하되 필요 시에만 오토스케일링합니다. enable_autoscaling = var.enable_autoscaling autoscaling_min_replicas = var.autoscaling_min_replicas autoscaling_max_replicas = var.autoscaling_max_replicas autoscaling_cpu_target = 0.7 - # 관리형 인스턴스 그룹을 사용하지 않을 때만 개별 인스턴스를 정의합니다. - instances = !var.use_instance_group && var.create_web_instances ? tomap({ - web1 = { - name = "${var.environment}-web-01" - zone = "${var.region}-a" - machine_type = var.web_machine_type - enable_external_ip = false # 프로덕션 환경은 로드 밸런서를 통한 접근만 허용합니다. - tags = ["web-server", var.environment] - deletion_protection = true # 실수로 삭제되지 않도록 보호합니다. - } - }) : tomap({}) - # 공통 인스턴스 설정 - machine_type = var.web_machine_type - source_image = var.web_source_image - boot_disk_size_gb = var.web_machine_ssd - boot_disk_type = "pd-ssd" + machine_type = var.k8s_worker_machine_type + source_image = var.k8s_node_source_image + boot_disk_size_gb = var.k8s_node_boot_disk_size_gb + boot_disk_type = "pd-balanced" enable_external_ip = false - tags = ["web-server", var.environment] + tags = ["k8s-worker", var.environment] # 태그 common_tags = merge(var.common_tags, { - Service = "Backend" + Service = "Kubernetes" + Role = "Worker" }) # 서비스 계정 설정 diff --git a/terraform/environments/prod/load-balancer.tf b/terraform/environments/prod/load-balancer.tf index 34b4650..23fdfd5 100644 --- a/terraform/environments/prod/load-balancer.tf +++ b/terraform/environments/prod/load-balancer.tf @@ -23,12 +23,12 @@ module "load_balancer" { backend_protocol = "TCP" backend_timeout_sec = 30 session_affinity = "CLIENT_IP" - backend_groups = var.use_instance_group ? [ + backend_groups = [ { group = module.k8s_worker_nodes.instance_group_instance_group balancing_mode = "CONNECTION" } - ] : [] + ] # 포워딩 규칙 설정 forwarding_rule_ip_protocol = "TCP" diff --git a/terraform/environments/prod/outputs.tf b/terraform/environments/prod/outputs.tf index 0380c00..693ef74 100644 --- a/terraform/environments/prod/outputs.tf +++ b/terraform/environments/prod/outputs.tf @@ -17,16 +17,31 @@ output "subnets" { } # ======================================== -# 웹 서버 출력값 +# Kubernetes 출력값 # ======================================== -output "web_instances" { - description = "생성된 웹 인스턴스 정보입니다." - value = module.web_servers.instances +output "k8s_master_instances" { + description = "생성된 Kubernetes 마스터 인스턴스 정보입니다." + value = module.k8s_master_nodes.instances +} + +output "k8s_worker_instances" { + description = "생성된 Kubernetes 워커 인스턴스 정보입니다." + value = module.k8s_worker_nodes.instances +} + +output "k8s_master_instance_group_id" { + description = "생성된 Kubernetes 마스터 인스턴스 그룹 ID입니다." + value = module.k8s_master_nodes.instance_group_id +} + +output "k8s_worker_instance_group_id" { + description = "생성된 Kubernetes 워커 인스턴스 그룹 ID입니다." + value = module.k8s_worker_nodes.instance_group_id } output "instance_group_id" { - description = "생성된 인스턴스 그룹 ID입니다." - value = module.web_servers.instance_group_id + description = "생성된 Kubernetes 워커 인스턴스 그룹 ID입니다." + value = module.k8s_worker_nodes.instance_group_id } # ======================================== diff --git a/terraform/environments/prod/variables.tf b/terraform/environments/prod/variables.tf index 3ff61b1..4ef8b07 100644 --- a/terraform/environments/prod/variables.tf +++ b/terraform/environments/prod/variables.tf @@ -37,7 +37,7 @@ variable "vpc_name" { variable "ssh_source_ranges" { description = "SSH 접근을 허용할 CIDR 목록입니다." type = list(string) - default = [] # 운영 환경에서는 반드시 허용 대역을 명시해야 합니다. + default = [] } variable "enable_nat" { @@ -49,22 +49,16 @@ variable "enable_nat" { # ======================================== # 컴퓨트 관련 변수 # ======================================== -variable "use_instance_group" { - description = "관리형 인스턴스 그룹 사용 여부입니다." - type = bool - default = true -} - -variable "create_web_instances" { - description = "개별 웹 인스턴스 생성 여부입니다." - type = bool - default = true +variable "k8s_master_instance_group_size" { + description = "Kubernetes 마스터 관리형 인스턴스 그룹의 목표 인스턴스 수입니다." + type = number + default = 1 } -variable "instance_group_size" { - description = "관리형 인스턴스 그룹의 목표 인스턴스 수입니다." +variable "k8s_worker_instance_group_size" { + description = "Kubernetes 워커 관리형 인스턴스 그룹의 목표 인스턴스 수입니다." type = number - default = 1 + default = 2 } variable "enable_autoscaling" { @@ -85,22 +79,28 @@ variable "autoscaling_max_replicas" { default = 5 } -variable "web_machine_type" { - description = "웹 서버에 사용할 머신 타입입니다." +variable "k8s_master_machine_type" { + description = "Kubernetes 마스터 노드에 사용할 머신 타입입니다." type = string - default = "e2-standard-2" # 운영 환경에 맞춘 고성능 인스턴스입니다. + default = "e2-standard-2" } -variable "web_machine_ssd" { - description = "웹 서버 부팅 디스크 크기(GB)입니다." +variable "k8s_worker_machine_type" { + description = "Kubernetes 워커 노드에 사용할 머신 타입입니다." + type = string + default = "e2-standard-2" +} + +variable "k8s_node_boot_disk_size_gb" { + description = "Kubernetes 노드 부팅 디스크 크기(GB)입니다." type = number default = 50 } -variable "web_source_image" { - description = "웹 서버 부팅 디스크에 사용할 이미지입니다." +variable "k8s_node_source_image" { + description = "Kubernetes 노드 부팅 디스크에 사용할 이미지입니다." type = string - default = "debian-cloud/debian-11" + default = "ubuntu-os-cloud/ubuntu-2204-lts" } variable "service_account_email" { @@ -121,13 +121,13 @@ variable "create_storage_buckets" { variable "storage_location" { description = "스토리지 버킷을 생성할 위치입니다." type = string - default = "ASIA-NORTHEAST3" # 비용 절감을 위해 단일 리전을 기본값으로 사용합니다. + default = "ASIA-NORTHEAST3" } variable "allowed_cors_origins" { description = "정적 자산 버킷에서 허용할 CORS Origin 목록입니다." type = list(string) - default = [] # 실제 서비스 도메인을 명시해야 합니다. + default = [] } # ======================================== @@ -139,18 +139,6 @@ variable "create_load_balancer" { default = true } -variable "lb_type" { - description = "생성할 로드 밸런서 타입입니다. NETWORK, HTTP, HTTPS 중 하나를 사용합니다." - type = string - default = "NETWORK" -} - -variable "ssl_certificates" { - description = "HTTPS 로드 밸런서에 연결할 SSL 인증서 self_link 목록입니다." - type = list(string) - default = [] -} - # ======================================== # 공통 태그 변수 # ======================================== diff --git a/terraform/environments/prod/vpc.tf b/terraform/environments/prod/vpc.tf index a874a2c..fd1cf76 100644 --- a/terraform/environments/prod/vpc.tf +++ b/terraform/environments/prod/vpc.tf @@ -44,7 +44,7 @@ module "vpc" { } ] source_ranges = ["0.0.0.0/0"] - target_tags = ["web-server"] + target_tags = ["k8s-worker"] priority = 1000 } allow_https = { @@ -56,7 +56,7 @@ module "vpc" { } ] source_ranges = ["0.0.0.0/0"] - target_tags = ["web-server"] + target_tags = ["k8s-worker"] priority = 1000 } allow_ssh = { @@ -68,6 +68,7 @@ module "vpc" { } ] source_ranges = var.ssh_source_ranges # 프로덕션에서는 반드시 관리된 IP 대역만 허용해야 합니다. + target_tags = ["k8s-master", "k8s-worker"] priority = 1000 } allow_internal = { From ffb5606d7715e4476e62fe19ac15def3f02b32f3 Mon Sep 17 00:00:00 2001 From: eedo_y Date: Sat, 4 Apr 2026 19:07:24 +0900 Subject: [PATCH 3/3] =?UTF-8?q?style:=20=EB=B2=84=ED=82=B7=EB=AA=85=20?= =?UTF-8?q?=EC=88=98=EC=A0=95=20=EB=B0=8F=20Nat=ED=83=80=EC=9E=85=20?= =?UTF-8?q?=EB=B3=80=EA=B2=BD=20(#7)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- terraform/environments/prod/storage.tf | 2 +- terraform/modules/nat-instance/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/prod/storage.tf b/terraform/environments/prod/storage.tf index 1b125e5..8029c27 100644 --- a/terraform/environments/prod/storage.tf +++ b/terraform/environments/prod/storage.tf @@ -16,7 +16,7 @@ module "storage" { buckets = merge( var.create_storage_buckets ? tomap({ static_assets = { - name = "${var.project_id}-${var.environment}" + name = "${var.project}-${var.environment}" storage_class = "STANDARD" uniform_bucket_level_access = true versioning_enabled = true diff --git a/terraform/modules/nat-instance/variables.tf b/terraform/modules/nat-instance/variables.tf index 06912ea..9af069b 100644 --- a/terraform/modules/nat-instance/variables.tf +++ b/terraform/modules/nat-instance/variables.tf @@ -51,7 +51,7 @@ variable "boot_disk_type" { variable "network_tier" { description = "NAT 인스턴스 외부 IP에 사용할 네트워크 티어입니다." type = string - default = "PREMIUM" + default = "STANDARD" } # ========================================