chore: 단일 로드밸런서 적용 및 Terraform 공통 태그 정리 by doup2001 · Pull Request #8 · PinHouse/PinHouse_CLOUD

doup2001 · 2026-04-04T09:23:19Z

📄 설명

로드밸런서 접근 방식과 컴퓨트 인스턴스 용량을 조정하고, Terraform 코드 내 공통 태그를 일괄 적용하며, 불필요한 로그 버킷 설정을 제거하여 운영 환경을 정리했습니다.
또한 여러 로드밸런서를 단일 로드밸런서로 통합하여 구조를 단순화하고, 관련 브랜치를 통합하는 작업을 수행했습니다.

✅ 작업할 내용

로드밸런서 접근 방식(예: 외부/내부, 프로토콜, 포트 등)을 운영 환경에 맞게 수정
컴퓨트 인스턴스 용량(사양, 개수, 오토스케일링 등)을 실제 트래픽과 비용을 고려해 재조정
Terraform 코드 전반에 공통 태그(예: project, env, owner 등)를 표준화하여 적용
불필요한 로그 버킷 리소스 및 로그 관련 설정을 제거
여러 로드밸런서를 단일 로드밸런서로 통합하여 구성 관리와 모니터링을 단순화

🙋🏻 참고 자료

Terraform에서 공통 태그는 locals 또는 모듈 변수로 정의해 여러 리소스에 일관되게 적용하는 것이 좋습니다.
로드밸런서와 컴퓨트 인스턴스는 트래픽 패턴과 비용을 고려해 적정 용량과 접근 방식을 선택해야 합니다.

# Conflicts: # terraform/environments/prod/compute.tf # terraform/environments/prod/variables.tf

github-actions · 2026-04-04T09:47:45Z

Terraform Plan - `prod` 환경

State 버킷 변수 확인 📦 ✅

초기화 결과 ⚙️ ✅

tfvars 복원 결과 🔐 ✅

포맷 검사 결과 🖌 ✅

유효성 검사 결과 🤖 ✅

Plan 결과 📖 ✅

Plan 상세 보기

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
-/+ destroy and then create replacement
+/- create replacement and then destroy

Terraform will perform the following actions:

  # module.load_balancer[0].google_compute_forwarding_rule.forwarding_rule[0] will be created
  + resource "google_compute_forwarding_rule" "forwarding_rule" {
      + backend_service       = (known after apply)
      + base_forwarding_rule  = (known after apply)
      + creation_timestamp    = (known after apply)
      + effective_labels      = (known after apply)
      + forwarding_rule_id    = (known after apply)
      + id                    = (known after apply)
      + ip_address            = (known after apply)
      + ip_protocol           = "TCP"
      + ip_version            = (known after apply)
      + label_fingerprint     = (known after apply)
      + load_balancing_scheme = "EXTERNAL"
      + name                  = "pinhouse-prod-nlb-forwarding-rule"
      + network               = (known after apply)
      + network_tier          = "PREMIUM"
      + port_range            = "80"
      + project               = "prod-pinhouse"
      + psc_connection_id     = (known after apply)
      + psc_connection_status = (known after apply)
      + recreate_closed_psc   = false
      + region                = "asia-northeast3"
      + self_link             = (known after apply)
      + service_name          = (known after apply)
      + subnetwork            = (known after apply)
      + terraform_labels      = (known after apply)
    }

  # module.load_balancer[0].google_compute_region_backend_service.backend_service[0] will be created
  + resource "google_compute_region_backend_service" "backend_service" {
      + connection_draining_timeout_sec = 0
      + creation_timestamp              = (known after apply)
      + fingerprint                     = (known after apply)
      + generated_id                    = (known after apply)
      + health_checks                   = [
          + "projects/prod-pinhouse/regions/asia-northeast3/healthChecks/pinhouse-prod-nlb-health-check",
        ]
      + id                              = (known after apply)
      + load_balancing_scheme           = "EXTERNAL"
      + name                            = "pinhouse-prod-nlb-backend-service"
      + port_name                       = (known after apply)
      + project                         = "prod-pinhouse"
      + protocol                        = "TCP"
      + region                          = "asia-northeast3"
      + self_link                       = (known after apply)
      + session_affinity                = "CLIENT_IP"
      + timeout_sec                     = 30

      + backend {
          + balancing_mode = "CONNECTION"
          + failover       = (known after apply)
          + group          = "https://www.googleapis.com/compute/v1/projects/prod-pinhouse/zones/asia-northeast3-a/instanceGroups/pinhouse-prod-web-ig"
        }
    }

  # module.storage.google_storage_bucket.buckets["backups"] will be destroyed
  # (because key ["backups"] is not in for_each map)
  - resource "google_storage_bucket" "buckets" {
      - default_event_based_hold    = false -> null
      - effective_labels            = {
          - "environment" = "prod"
          - "managed_by"  = "terraform"
        } -> null
      - enable_object_retention     = false -> null
      - force_destroy               = false -> null
      - id                          = "prod-pinhouse-prod-backups" -> null
      - labels                      = {
          - "environment" = "prod"
          - "managed_by"  = "terraform"
        } -> null
      - location                    = "ASIA" -> null
      - name                        = "prod-pinhouse-prod-backups" -> null
      - project                     = "prod-pinhouse" -> null
      - project_number              = 514165966593 -> null
      - public_access_prevention    = "enforced" -> null
      - requester_pays              = false -> null
      - rpo                         = "DEFAULT" -> null
      - self_link                   = "https://www.googleapis.com/storage/v1/b/prod-pinhouse-prod-backups" -> null
      - storage_class               = "NEARLINE" -> null
      - terraform_labels            = {
          - "environment" = "prod"
          - "managed_by"  = "terraform"
        } -> null
      - uniform_bucket_level_access = true -> null
      - url                         = "gs://prod-pinhouse-prod-backups" -> null

      - lifecycle_rule {
          - action {
              - storage_class = "COLDLINE" -> null
              - type          = "SetStorageClass" -> null
            }
          - condition {
              - age                                     = 90 -> null
              - days_since_custom_time                  = 0 -> null
              - days_since_noncurrent_time              = 0 -> null
              - matches_prefix                          = [] -> null
              - matches_storage_class                   = [] -> null
              - matches_suffix                          = [] -> null
              - no_age                                  = false -> null
              - num_newer_versions                      = 0 -> null
              - send_age_if_zero                        = true -> null
              - send_days_since_custom_time_if_zero     = false -> null
              - send_days_since_noncurrent_time_if_zero = false -> null
              - send_num_newer_versions_if_zero         = false -> null
              - with_state                              = "ANY" -> null
            }
        }
      - lifecycle_rule {
          - action {
              - type = "Delete" -> null
            }
          - condition {
              - age                                     = 365 -> null
              - days_since_custom_time                  = 0 -> null
              - days_since_noncurrent_time              = 0 -> null
              - matches_prefix                          = [] -> null
              - matches_storage_class                   = [] -> null
              - matches_suffix                          = [] -> null
              - no_age                                  = false -> null
              - num_newer_versions                      = 10 -> null
              - send_age_if_zero                        = true -> null
              - send_days_since_custom_time_if_zero     = false -> null
              - send_days_since_noncurrent_time_if_zero = false -> null
              - send_num_newer_versions_if_zero         = false -> null
              - with_state                              = "ANY" -> null
            }
        }

      - soft_delete_policy {
          - effective_time             = "2026-04-04T08:02:21.631Z" -> null
          - retention_duration_seconds = 604800 -> null
        }

      - versioning {
          - enabled = true -> null
        }
    }

  # module.storage.google_storage_bucket.buckets["logs"] will be destroyed
  # (because key ["logs"] is not in for_each map)
  - resource "google_storage_bucket" "buckets" {
      - default_event_based_hold    = false -> null
      - effective_labels            = {
          - "environment" = "prod"
          - "managed_by"  = "terraform"
        } -> null
      - enable_object_retention     = false -> null
      - force_destroy               = false -> null
      - id                          = "prod-pinhouse-prod-logs" -> null
      - labels                      = {
          - "environment" = "prod"
          - "managed_by"  = "terraform"
        } -> null
      - location                    = "ASIA" -> null
      - name                        = "prod-pinhouse-prod-logs" -> null
      - project                     = "prod-pinhouse" -> null
      - project_number              = 514165966593 -> null
      - public_access_prevention    = "enforced" -> null
      - requester_pays              = false -> null
      - rpo                         = "DEFAULT" -> null
      - self_link                   = "https://www.googleapis.com/storage/v1/b/prod-pinhouse-prod-logs" -> null
      - storage_class               = "STANDARD" -> null
      - terraform_labels            = {
          - "environment" = "prod"
          - "managed_by"  = "terraform"
        } -> null
      - uniform_bucket_level_access = true -> null
      - url                         = "gs://prod-pinhouse-prod-logs" -> null

      - lifecycle_rule {
          - action {
              - type = "Delete" -> null
            }
          - condition {
              - age                                     = 30 -> null
              - days_since_custom_time                  = 0 -> null
              - days_since_noncurrent_time              = 0 -> null
              - matches_prefix                          = [] -> null
              - matches_storage_class                   = [] -> null
              - matches_suffix                          = [] -> null
              - no_age                                  = false -> null
              - num_newer_versions                      = 0 -> null
              - send_age_if_zero                        = true -> null
              - send_days_since_custom_time_if_zero     = false -> null
              - send_days_since_noncurrent_time_if_zero = false -> null
              - send_num_newer_versions_if_zero         = false -> null
              - with_state                              = "ANY" -> null
            }
        }

      - soft_delete_policy {
          - effective_time             = "2026-04-04T08:02:21.683Z" -> null
          - retention_duration_seconds = 604800 -> null
        }
    }

  # module.storage.google_storage_bucket.buckets["static_assets"] must be replaced
-/+ resource "google_storage_bucket" "buckets" {
      - default_event_based_hold    = false -> null
      ~ effective_labels            = {
          + "project"     = "pinhouse"
          + "service"     = "storage"
          + "version"     = "v1"
            # (2 unchanged elements hidden)
        }
      - enable_object_retention     = false -> null
      ~ id                          = "prod-pinhouse-prod-static-assets" -> (known after apply)
      ~ labels                      = {
          + "project"     = "pinhouse"
          + "service"     = "storage"
          + "version"     = "v1"
            # (2 unchanged elements hidden)
        }
      ~ name                        = "prod-pinhouse-prod-static-assets" -> "prod-pinhouse-prod" # forces replacement
      ~ project_number              = 514165966593 -> (known after apply)
      - requester_pays              = false -> null
      ~ rpo                         = "DEFAULT" -> (known after apply)
      ~ self_link                   = "https://www.googleapis.com/storage/v1/b/prod-pinhouse-prod-static-assets" -> (known after apply)
      ~ terraform_labels            = {
          + "project"     = "pinhouse"
          + "service"     = "storage"
          + "version"     = "v1"
            # (2 unchanged elements hidden)
        }
      ~ url                         = "gs://prod-pinhouse-prod-static-assets" -> (known after apply)
        # (6 unchanged attributes hidden)

      ~ lifecycle_rule {
          - condition {
              - age                                     = 365 -> null
              - days_since_custom_time                  = 0 -> null
              - days_since_noncurrent_time              = 0 -> null
              - matches_prefix                          = [] -> null
              - matches_storage_class                   = [] -> null
              - matches_suffix                          = [] -> null
              - no_age                                  = false -> null
              - num_newer_versions                      = 0 -> null
              - send_age_if_zero                        = true -> null
              - send_days_since_custom_time_if_zero     = false -> null
              - send_days_since_noncurrent_time_if_zero = false -> null
              - send_num_newer_versions_if_zero         = false -> null
              - with_state                              = "ANY" -> null
            }
          + condition {
              + age                   = 365
              + matches_prefix        = []
              + matches_storage_class = []
              + matches_suffix        = []
              + send_age_if_zero      = true
              + with_state            = (known after apply)
            }

            # (1 unchanged block hidden)
        }

      - soft_delete_policy {
          - effective_time             = "2026-04-04T08:02:20.520Z" -> null
          - retention_duration_seconds = 604800 -> null
        }

        # (2 unchanged blocks hidden)
    }

  # module.vpc.google_compute_firewall.firewall_rules["allow_ssh"] will be updated in-place
  ~ resource "google_compute_firewall" "firewall_rules" {
        id                      = "projects/prod-pinhouse/global/firewalls/prod-vpc-allow-ssh"
        name                    = "prod-vpc-allow-ssh"
      ~ source_ranges           = [
          - "0.0.0.0/0",
        ]
        # (12 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.vpc.google_compute_network.vpc will be updated in-place
  ~ resource "google_compute_network" "vpc" {
        id                                        = "projects/prod-pinhouse/global/networks/pinhouse-prod-vpc"
        name                                      = "pinhouse-prod-vpc"
      ~ routing_mode                              = "GLOBAL" -> "REGIONAL"
        # (9 unchanged attributes hidden)
    }

  # module.web_servers.google_compute_instance_group_manager.instance_group[0] will be updated in-place
  ~ resource "google_compute_instance_group_manager" "instance_group" {
        id                             = "projects/prod-pinhouse/zones/asia-northeast3-a/instanceGroupManagers/pinhouse-prod-web-ig"
        name                           = "pinhouse-prod-web-ig"
        # (13 unchanged attributes hidden)

      ~ version {
          ~ instance_template = "https://www.googleapis.com/compute/v1/projects/prod-pinhouse/global/instanceTemplates/pinhouse-prod-web-template-20260404083122080600000001" -> (known after apply)
        }

        # (2 unchanged blocks hidden)
    }

  # module.web_servers.google_compute_instance_template.template[0] must be replaced
+/- resource "google_compute_instance_template" "template" {
      ~ effective_labels     = { # forces replacement
          + "managed_by"  = "terraform"
          + "project"     = "pinhouse"
          - "role"        = "web" -> null
          + "service"     = "backend"
          + "version"     = "v1"
            # (1 unchanged element hidden)
        }
      ~ id                   = "projects/prod-pinhouse/global/instanceTemplates/pinhouse-prod-web-template-20260404083122080600000001" -> (known after apply)
      ~ labels               = {
          + "managed_by"  = "terraform"
          + "project"     = "pinhouse"
          - "role"        = "web" -> null
          + "service"     = "backend"
          + "version"     = "v1"
            # (1 unchanged element hidden)
        }
      ~ metadata_fingerprint = "-jJkhg6FJzE=" -> (known after apply)
      ~ name                 = "pinhouse-prod-web-template-20260404083122080600000001" -> (known after apply)
      ~ region               = "asia-northeast3" -> (known after apply)
      ~ self_link            = "https://www.googleapis.com/compute/v1/projects/prod-pinhouse/global/instanceTemplates/pinhouse-prod-web-template-20260404083122080600000001" -> (known after apply)
      ~ self_link_unique     = "https://www.googleapis.com/compute/v1/projects/prod-pinhouse/global/instanceTemplates/pinhouse-prod-web-template-20260404083122080600000001?uniqueId=5011540759434588853" -> (known after apply)
        tags                 = [
            "prod",
            "web-server",
        ]
      + tags_fingerprint     = (known after apply)
      ~ terraform_labels     = {
          + "managed_by"  = "terraform"
          + "project"     = "pinhouse"
          - "role"        = "web" -> null
          + "service"     = "backend"
          + "version"     = "v1"
            # (1 unchanged element hidden)
        }
        # (6 unchanged attributes hidden)

      ~ disk {
          ~ device_name           = "persistent-disk-0" -> (known after apply)
          ~ interface             = "SCSI" -> (known after apply)
          - labels                = {} -> null
          ~ mode                  = "READ_WRITE" -> (known after apply)
          ~ provisioned_iops      = 0 -> (known after apply)
          - resource_manager_tags = {} -> null
          - resource_policies     = [] -> null
          ~ source_image          = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2204-lts" -> "ubuntu-os-cloud/ubuntu-2204-lts"
          ~ type                  = "PERSISTENT" -> (known after apply)
            # (4 unchanged attributes hidden)
        }

      ~ network_interface {
          ~ internal_ipv6_prefix_length = 0 -> (known after apply)
          + ipv6_access_type            = (known after apply)
          + ipv6_address                = (known after apply)
          ~ name                        = "nic0" -> (known after apply)
          - queue_count                 = 0 -> null
          + stack_type                  = (known after apply)
          ~ subnetwork_project          = "prod-pinhouse" -> (known after apply)
            # (2 unchanged attributes hidden)
        }

      ~ scheduling {
          - min_node_cpus       = 0 -> null
          ~ provisioning_model  = "STANDARD" -> (known after apply)
            # (3 unchanged attributes hidden)
        }

      ~ service_account {
          ~ email  = "default" -> (known after apply)
            # (1 unchanged attribute hidden)
        }
    }

  # module.web_servers.google_compute_instance_template.template[0] (deposed object 04ea0be8) will be destroyed
  # (left over from a partially-failed replacement of this instance)
  - resource "google_compute_instance_template" "template" {
      - can_ip_forward       = false -> null
      - description          = "Terraform로 관리되는 인스턴스 템플릿" -> null
      - effective_labels     = {
          - "environment" = "prod"
          - "role"        = "web"
        } -> null
      - id                   = "projects/prod-pinhouse/global/instanceTemplates/pinhouse-prod-web-template-20260404075549883800000001" -> null
      - labels               = {
          - "environment" = "prod"
          - "role"        = "web"
        } -> null
      - machine_type         = "e2-standard-2" -> null
      - metadata             = {
          - "enable-oslogin" = "TRUE"
        } -> null
      - metadata_fingerprint = "-jJkhg6FJzE=" -> null
      - name                 = "pinhouse-prod-web-template-20260404075549883800000001" -> null
      - name_prefix          = "pinhouse-prod-web-template-" -> null
      - project              = "prod-pinhouse" -> null
      - region               = "asia-northeast3" -> null
      - self_link            = "https://www.googleapis.com/compute/v1/projects/prod-pinhouse/global/instanceTemplates/pinhouse-prod-web-template-20260404075549883800000001" -> null
      - self_link_unique     = "https://www.googleapis.com/compute/v1/projects/prod-pinhouse/global/instanceTemplates/pinhouse-prod-web-template-20260404075549883800000001?uniqueId=1463940795625994986" -> null
      - tags                 = [
          - "prod",
          - "web-server",
        ] -> null
      - terraform_labels     = {
          - "environment" = "prod"
          - "role"        = "web"
        } -> null

      - disk {
          - auto_delete           = true -> null
          - boot                  = true -> null
          - device_name           = "persistent-disk-0" -> null
          - disk_size_gb          = 50 -> null
          - disk_type             = "pd-ssd" -> null
          - interface             = "SCSI" -> null
          - labels                = {} -> null
          - mode                  = "READ_WRITE" -> null
          - provisioned_iops      = 0 -> null
          - resource_manager_tags = {} -> null
          - resource_policies     = [] -> null
          - source_image          = "projects/debian-cloud/global/images/family/debian-11" -> null
          - type                  = "PERSISTENT" -> null
        }

      - network_interface {
          - internal_ipv6_prefix_length = 0 -> null
          - name                        = "nic0" -> null
          - network                     = "https://www.googleapis.com/compute/v1/projects/prod-pinhouse/global/networks/pinhouse-prod-vpc" -> null
          - queue_count                 = 0 -> null
          - subnetwork                  = "https://www.googleapis.com/compute/v1/projects/prod-pinhouse/regions/asia-northeast3/subnetworks/pinhouse-prod-vpc-web-subnet" -> null
          - subnetwork_project          = "prod-pinhouse" -> null
        }

      - scheduling {
          - automatic_restart   = true -> null
          - min_node_cpus       = 0 -> null
          - on_host_maintenance = "MIGRATE" -> null
          - preemptible         = false -> null
          - provisioning_model  = "STANDARD" -> null
        }

      - service_account {
          - email  = "default" -> null
          - scopes = [
              - "https://www.googleapis.com/auth/cloud-platform",
            ] -> null
        }
    }

Plan: 4 to add, 3 to change, 5 to destroy.

Changes to Outputs:
  ~ bucket_urls       = {
      - backups       = "gs://prod-pinhouse-prod-backups"
      - logs          = "gs://prod-pinhouse-prod-logs"
      ~ static_assets = "gs://prod-pinhouse-prod-static-assets" -> (known after apply)
    }
  + load_balancer_ip  = (known after apply)
  ~ storage_buckets   = {
      - backups       = {
          - location      = "ASIA"
          - name          = "prod-pinhouse-prod-backups"
          - self_link     = "https://www.googleapis.com/storage/v1/b/prod-pinhouse-prod-backups"
          - storage_class = "NEARLINE"
          - url           = "gs://prod-pinhouse-prod-backups"
        }
      - logs          = {
          - location      = "ASIA"
          - name          = "prod-pinhouse-prod-logs"
          - self_link     = "https://www.googleapis.com/storage/v1/b/prod-pinhouse-prod-logs"
          - storage_class = "STANDARD"
          - url           = "gs://prod-pinhouse-prod-logs"
        }
      ~ static_assets = {
          ~ name          = "prod-pinhouse-prod-static-assets" -> "prod-pinhouse-prod"
          ~ self_link     = "https://www.googleapis.com/storage/v1/b/prod-pinhouse-prod-static-assets" -> (known after apply)
          ~ url           = "gs://prod-pinhouse-prod-static-assets" -> (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

실행 사용자: @doup2001, 이벤트: pull_request

doup2001 added 6 commits April 4, 2026 17:42

chore: 로드밸런서 접근방식 및 컴퓨트 용량 수정 (#5)

e59c206

style: 테라폼 공통 태그 적용 (#5)

4f889f7

chore: 단일 로드 밸런서 적용 (#7)

d4f0309

fix: 공통 태그 및 로그 버킷 제거 (#7)

5b5c456

style: 테라폼 공통 태그 적용 (#5)

f8e075d

Merge branch 'chore/#5' into chore/#7

623e835

# Conflicts: # terraform/environments/prod/compute.tf # terraform/environments/prod/variables.tf

doup2001 added this to the [M1] IaC 를 활용한 인프라(VPC, EC2, SG) 변환 milestone Apr 4, 2026

doup2001 self-assigned this Apr 4, 2026

doup2001 added the enhancement 기존 기능의 개선 및 최적화 label Apr 4, 2026

doup2001 linked an issue Apr 4, 2026 that may be closed by this pull request

chore: 핀하우스 운영용 테라폼 작성 #7

Closed

5 tasks

doup2001 added 4 commits April 4, 2026 18:31

fix: PR 파이프라인 스킵되는 문제 수정 (#7)

2931d82

fix: PR 파이프라인 스킵되는 직렬화 문제 수정 (#7)

3a547f2

fix: PR 파이프라인 스킵되는 문제를 위한 디버그 잡 추가 (#7)

2d03cdc

fix: PR 파이프라인 스킵되는 문제 수정 (#7)

90c428f

doup2001 merged commit 5c2f3fc into main Apr 4, 2026
4 checks passed

doup2001 deleted the chore/#7 branch April 4, 2026 09:48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: 단일 로드밸런서 적용 및 Terraform 공통 태그 정리#8

chore: 단일 로드밸런서 적용 및 Terraform 공통 태그 정리#8
doup2001 merged 10 commits intomainfrom
chore/#7

doup2001 commented Apr 4, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Apr 4, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

doup2001 commented Apr 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

📄 설명

✅ 작업할 내용

🙋🏻 참고 자료

Uh oh!

github-actions bot commented Apr 4, 2026

Terraform Plan - prod 환경

State 버킷 변수 확인 📦 ✅

초기화 결과 ⚙️ ✅

tfvars 복원 결과 🔐 ✅

포맷 검사 결과 🖌 ✅

유효성 검사 결과 🤖 ✅

Plan 결과 📖 ✅

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

doup2001 commented Apr 4, 2026 •

edited

Loading

Terraform Plan - `prod` 환경