PinHouse · doup2001 · Apr 5, 2026 · Apr 4, 2026 · Apr 5, 2026 · Apr 5, 2026
diff --git a/k8s-argocd/applications/prod/backend.yaml b/k8s-argocd/applications/prod/backend.yaml
@@ -0,0 +1,68 @@
+# ===================================
+# Prod Backend
+# ===================================
+
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+
+# 기본 정보
+metadata:
+  name: backend-prod
+  namespace: argocd
+
+  # 라벨 추가
+  labels:
+    pinhouse.co.kr/environment: prod
+    pinhouse.co.kr/image-updater: enabled
+  # Finalizers를 설정하면 Application 삭제 시 관련 리소스도 함께 삭제됨
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+
+  # 어노테이션 메타데이터
+  annotations:
+    # ArgoCD Image Updater 설정
+    argocd-image-updater.argoproj.io/image-list: asia-northeast3-docker.pkg.dev/prod-pinhouse/pinhouse-prod-be
+    argocd-image-updater.argoproj.io/backend.update-strategy: newest-build
+    argocd-image-updater.argoproj.io/backend.allow-tags: regexp:^[0-9]{8}_[0-9]{6}-[a-f0-9]{7}$
+    argocd-image-updater.argoproj.io/backend.kustomize.image-name: REPLACE_ME
+    argocd-image-updater.argoproj.io/write-back-method: git
+    argocd-image-updater.argoproj.io/git-branch: main
+
+    # ArgoCD Notifications 설정 (Backend Prod Discord 채널)
+    notifications.argoproj.io/subscribe.on-sync-running.backend-prod: ""
+    notifications.argoproj.io/subscribe.on-deployed.backend-prod: ""
+    notifications.argoproj.io/subscribe.on-sync-failed.backend-prod: ""
+    notifications.argoproj.io/subscribe.on-health-degraded.backend-prod: ""
+
+spec:
+  # ArgoCD 프로젝트 (기본 프로젝트 사용)
+  project: default
+
+  # Kustomize 소스 설정
+  source:
+    # Git 리포지토리 URL (실제 URL로 교체 필요)
+    repoURL: https://github.com/PinHouse/PinHouse_CLOUD
+    # Main 브랜치 참조 (환경은 overlay로 구분)
+    targetRevision: main
+    # Kustomize 오버레이 경로
+    path: k8s-kustomize/overlays/prod/backend
+
+  # 배포 대상 클러스터
+  destination:
+    # 클러스터 URL (현재 클러스터)
+    server: https://kubernetes.default.svc
+    # 네임스페이스
+    namespace: app
+
+  # 동기화 정책
+  syncPolicy:
+    # 자동 동기화 설정
+    automated:
+      # Git에 변경사항이 있으면 자동으로 배포
+      prune: true
+      # 클러스터의 실제 상태가 Git과 다르면 자동으로 수정
+      selfHeal: true
+    # 동기화 옵션
+    syncOptions:
+      # 네임스페이스가 없으면 자동 생성
+      - CreateNamespace=true
diff --git a/k8s-argocd/applications/prod/frontend.yaml b/k8s-argocd/applications/prod/frontend.yaml
@@ -0,0 +1,65 @@
+# ===================================
+# Prod Frontend
+# ===================================
+
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+
+# 기본 정보
+metadata:
+  name: frontend-prod
+  namespace: argocd
+
+  # 라벨 추가
+  labels:
+    pinhouse.co.kr/environment: prod
+    pinhouse.co.kr/image-updater: enabled
+
+  # Finalizers를 설정하면 Application 삭제 시 관련 리소스도 함께 삭제됨
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+
+  # 어노테이션 메타데이터
+  annotations:
+    # ArgoCD Image Updater 설정
+    argocd-image-updater.argoproj.io/image-list: asia-northeast3-docker.pkg.dev/prod-pinhouse/pinhouse-prod-fe
+    argocd-image-updater.argoproj.io/frontend.update-strategy: newest-build
+    argocd-image-updater.argoproj.io/frontend.allow-tags: regexp:^[0-9]{8}_[0-9]{6}-[a-f0-9]{7}$
+    argocd-image-updater.argoproj.io/frontend.kustomize.image-name: REPLACE_ME
+    argocd-image-updater.argoproj.io/write-back-method: git
+    argocd-image-updater.argoproj.io/git-branch: main
+
+    # ArgoCD Notifications 설정 (Frontend Prod Discord 채널)
+    notifications.argoproj.io/subscribe.on-deployed.frontend-prod: ""
+    notifications.argoproj.io/subscribe.on-sync-failed.frontend-prod: ""
+    notifications.argoproj.io/subscribe.on-health-degraded.frontend-prod: ""
+
+# 스펙
+spec:
+  project: default
+
+  # Kustomize 소스 설정
+  source:
+    # GitOps URL
+    repoURL: https://github.com/100-hours-a-week/9-team-Devths-CLOUD
+    # Main 브랜치 참조 (환경은 overlay로 구분)
+    targetRevision: main
+    # Kustomize 오버레이 경로
+    path: k8s-kustomize/overlays/prod/frontend
+
+  # 배포 대상 클러스터
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: app
+
+  # 동기화 정책
+  syncPolicy:
+    # 자동 동기화 설정
+    automated:
+      # GitOps와 다르면, 삭제
+      prune: true
+      # GitOps와 다르면, 자동 수정
+      selfHeal: true
+    # 동기화 옵션
+    syncOptions:
+      - CreateNamespace=true
diff --git a/k8s-argocd/applications/prod/image-updater.yaml b/k8s-argocd/applications/prod/image-updater.yaml
@@ -0,0 +1,23 @@
+# ===================================
+# Image Updator
+# ===================================
+
+apiVersion: argocd-image-updater.argoproj.io/v1alpha1
+kind: ImageUpdater
+
+# 기본 정보
+metadata:
+  name: prod-applications
+  namespace: argocd
+
+spec:
+  # 라벨 기반 어플리케이션 적용
+  applicationRefs:
+    - namePattern: "*"
+
+      # 라벨 추가
+      labelSelectors:
+        matchLabels:
+          pinhouse.co.kr/image-updater: enabled
+          pinhouse.co.kr/environment: prod
+      useAnnotations: true
diff --git a/k8s-argocd/root-apps/root-prod.yaml b/k8s-argocd/root-apps/root-prod.yaml
@@ -0,0 +1,48 @@
+# ===================================
+# App of Apps 패턴
+# Prod 환경의 모든 애플리케이션을 관리
+# ===================================
+
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+
+# 기본 정보
+metadata:
+  name: root-prod
+  namespace: argocd
+  # Finalizers를 설정하면 Application 삭제 시 관련 리소스도 함께 삭제됨
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+
+# 스펙
+spec:
+  project: default
+
+  # GitOps 소 설정
+  source:
+    # Git 리포지토리 URL
+    repoURL: https://github.com/PinHouse/PinHouse_CLOUD
+    # GitOps 기준 브랜치인 main을 참조
+    targetRevision: main
+    # ArgoCD Application 매니페스트가 있는 디렉토리
+    path: k8s-argocd/applications/prod
+    # Directory 설정
+    directory:
+      # 재귀적으로 하위 디렉토리도 포함
+      recurse: false
+
+  # 배포 대상 클러스터
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argocd
+
+  # 동기화 정책
+  syncPolicy:
+    # GitOps 자동 동기화 설정
+    automated:
+      # GitOps와 다르면, 삭제
+      prune: true
+      # GitOps와 다르면, 자동 수정
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/k8s-helm/releases/metrics-server/values-nonprod.yaml b/k8s-helm/releases/metrics-server/values-nonprod.yaml
@@ -0,0 +1,22 @@
+# ========================================
+# Metrics Server 비운영 값
+# ========================================
+replicas: 1
+
+# kubeadm 기반 노드에서 kubelet 메트릭을 안정적으로 수집하기 위한 기본 인자입니다.
+defaultArgs:
+  - --cert-dir=/tmp
+  - --secure-port=10250
+  - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
+  - --kubelet-use-node-status-port
+  - --kubelet-insecure-tls
+  - --metric-resolution=15s
+
+# 기본 클러스터 규모에 맞춘 리소스 요청값입니다.
+resources:
+  requests:
+    cpu: 100m
+    memory: 200Mi
+  limits:
+    cpu: 200m
+    memory: 300Mi
diff --git a/k8s-helm/releases/metrics-server/values-prod.yaml b/k8s-helm/releases/metrics-server/values-prod.yaml
@@ -0,0 +1,22 @@
+# ========================================
+# Metrics Server 운영 값
+# ========================================
+replicas: 2
+
+# kubeadm 기반 노드에서 kubelet 메트릭을 안정적으로 수집하기 위한 기본 인자입니다.
+defaultArgs:
+  - --cert-dir=/tmp
+  - --secure-port=10250
+  - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
+  - --kubelet-use-node-status-port
+  - --kubelet-insecure-tls
+  - --metric-resolution=15s
+
+# 기본 운영 클러스터 규모에 맞춘 리소스 요청값입니다.
+resources:
+  requests:
+    cpu: 100m
+    memory: 200Mi
+  limits:
+    cpu: 200m
+    memory: 300Mi
diff --git a/terraform/environments/prod/artifact-registry.tf b/terraform/environments/prod/artifact-registry.tf
@@ -0,0 +1,14 @@
+# ========================================
+# Artifact Registry 모듈
+# ========================================
+module "artifact_registry" {
+  source = "../../modules/artifact-registry"
+
+  project_id       = var.project_id
+  default_location = var.artifact_registry_location
+  common_tags      = var.common_tags
+
+  repositories            = var.artifact_registry_repositories
+  repository_iam_bindings = var.artifact_registry_repository_iam_bindings
+  repository_iam_members  = var.artifact_registry_repository_iam_members
+}
diff --git a/terraform/environments/prod/outputs.tf b/terraform/environments/prod/outputs.tf
@@ -57,6 +57,19 @@ output "bucket_urls" {
   value       = module.storage.bucket_urls
 }
 
+# ========================================
+# Artifact Registry 출력값
+# ========================================
+output "artifact_registry_repositories" {
+  description = "생성된 Artifact Registry 저장소 정보입니다."
+  value       = module.artifact_registry.repositories
+}
+
+output "artifact_registry_docker_repository_urls" {
+  description = "생성된 Docker Artifact Registry 저장소 URL 목록입니다."
+  value       = module.artifact_registry.docker_repository_urls
+}
+
 # ========================================
 # 로드 밸런서 출력값
 # ========================================
@@ -92,3 +105,17 @@ output "k8s_network_configuration" {
     encapsulation  = "IPIP"
   }
 }
+
+# ========================================
+# Artifact Registry 네트워크 출력값
+# ========================================
+output "artifact_registry_private_access" {
+  description = "Artifact Registry용 Private Google Access 구성 정보입니다."
+  value = {
+    domain_option                  = module.artifact_registry_private_access.google_api_domain_option
+    googleapis_private_zone_name   = module.artifact_registry_private_access.googleapis_private_zone_name
+    pkg_dev_private_zone_name      = module.artifact_registry_private_access.pkg_dev_private_zone_name
+    google_api_route_name          = module.artifact_registry_private_access.google_api_route_name
+    direct_connectivity_route_name = module.artifact_registry_private_access.google_api_direct_connectivity_route_name
+  }
+}
diff --git a/terraform/environments/prod/private-google-access.tf b/terraform/environments/prod/private-google-access.tf
@@ -0,0 +1,11 @@
+# ========================================
+# Artifact Registry Private Google Access 모듈
+# ========================================
+module "artifact_registry_private_access" {
+  source = "../../modules/private-google-access"
+
+  project_id               = var.project_id
+  network_self_link        = module.vpc.vpc_self_link
+  name_prefix              = "${var.environment}-artifact-registry"
+  google_api_domain_option = var.google_api_domain_option
+}
diff --git a/terraform/environments/prod/terraform.tfvars.example b/terraform/environments/prod/terraform.tfvars.example
@@ -24,6 +24,28 @@ iap_ssh_admin_members = ["group:sre-admin@example.com"]
 
 enable_nat = true
 
+# ========================================
+# Artifact Registry 관련 값
+# ========================================
+artifact_registry_location = "asia-northeast3"
+
+artifact_registry_repositories = {
+  fe = {
+    repository_id  = "pinhouse-prod-fe"
+    format         = "DOCKER"
+    description    = "프로덕션 환경용 프런트엔드 이미지 저장소"
+    immutable_tags = false
+  }
+  be = {
+    repository_id  = "pinhouse-prod-be"
+    format         = "DOCKER"
+    description    = "프로덕션 환경용 백엔드 이미지 저장소"
+    immutable_tags = false
+  }
+}
+
+google_api_domain_option = "private.googleapis.com"
+
 # ========================================
 # Kubernetes 컴퓨트 관련 값
 # ========================================
@@ -34,8 +56,8 @@ enable_autoscaling       = true
 autoscaling_min_replicas = 2
 autoscaling_max_replicas = 5
 
-k8s_master_machine_type    = "e2-standard-2"
-k8s_worker_machine_type    = "e2-standard-2"
+k8s_master_machine_type    = "e2-custom-2-4096"
+k8s_worker_machine_type    = "e2-custom-2-4096"
 k8s_node_boot_disk_size_gb = 50
 k8s_node_source_image      = "ubuntu-os-cloud/ubuntu-2204-lts"
 k8s_pod_cidr               = "192.168.0.0/16"