From ee22436cf9c6af0c4e57f1c7f5347d27ea0f860b Mon Sep 17 00:00:00 2001
From: eomkyeongmun <eomkyeongmun@github.com>
Date: Wed, 27 May 2026 15:16:53 +0900
Subject: [PATCH] =?UTF-8?q?feat:=20gp3=20default=20StorageClass=20Terrafor?=
 =?UTF-8?q?m=20=EA=B4=80=EB=A6=AC=20+=20helm/kubernetes=20provider=20?=
 =?UTF-8?q?=ED=99=9C=EC=84=B1=ED=99=94=20(closes=20#45)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- kubernetes provider 추가 + helm provider 주석 해제 (ALB Controller apply의 cluster unreachable 문제 해소)
- gp3 SC 신규(default), gp2의 default annotation 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 terraform/main.tf    | 36 +++++++++++++++++++++++++-----------
 terraform/storage.tf | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+), 11 deletions(-)
 create mode 100644 terraform/storage.tf

diff --git a/terraform/main.tf b/terraform/main.tf
index 4d5dac4..b2a944c 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -22,6 +22,10 @@ terraform {
       source  = "hashicorp/archive"
       version = "~> 2.0"
     }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.30"
+    }
   }
 }
 # backend 설정은 backend.tf 참고
@@ -34,17 +38,27 @@ locals {
   eks_cluster_name = "${var.project_name}-eks"
 }
 
-#provider "helm" {
-#  kubernetes {
-#    host                   = aws_eks_cluster.main.endpoint
-#    cluster_ca_certificate = base64decode(aws_eks_cluster.main.certificate_authority[0].data)
-#    exec {
-#      api_version = "client.authentication.k8s.io/v1beta1"
-#      command     = "aws"
-#      args        = ["eks", "get-token", "--cluster-name", local.eks_cluster_name, "--region", var.aws_region]
-#    }
-#  }
-#}
+provider "helm" {
+  kubernetes {
+    host                   = aws_eks_cluster.main.endpoint
+    cluster_ca_certificate = base64decode(aws_eks_cluster.main.certificate_authority[0].data)
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      args        = ["eks", "get-token", "--cluster-name", local.eks_cluster_name, "--region", var.aws_region]
+    }
+  }
+}
+
+provider "kubernetes" {
+  host                   = aws_eks_cluster.main.endpoint
+  cluster_ca_certificate = base64decode(aws_eks_cluster.main.certificate_authority[0].data)
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    args        = ["eks", "get-token", "--cluster-name", local.eks_cluster_name, "--region", var.aws_region]
+  }
+}
 
 # ──────────────────────────────────────────
 # VPC
diff --git a/terraform/storage.tf b/terraform/storage.tf
new file mode 100644
index 0000000..a964243
--- /dev/null
+++ b/terraform/storage.tf
@@ -0,0 +1,39 @@
+# ──────────────────────────────────────────
+# gp3 StorageClass (default)
+# ──────────────────────────────────────────
+resource "kubernetes_storage_class" "gp3" {
+  metadata {
+    name = "gp3"
+    annotations = {
+      "storageclass.kubernetes.io/is-default-class" = "true"
+    }
+  }
+
+  storage_provisioner    = "ebs.csi.aws.com"
+  reclaim_policy         = "Delete"
+  volume_binding_mode    = "WaitForFirstConsumer"
+  allow_volume_expansion = true
+
+  parameters = {
+    type   = "gp3"
+    fsType = "ext4"
+  }
+
+  depends_on = [aws_eks_addon.ebs_csi]
+}
+
+# ──────────────────────────────────────────
+# 기존 gp2 SC에서 default 표시 제거 (drift 해소)
+# ──────────────────────────────────────────
+resource "kubernetes_annotations" "gp2_not_default" {
+  api_version = "storage.k8s.io/v1"
+  kind        = "StorageClass"
+  metadata {
+    name = "gp2"
+  }
+  annotations = {
+    "storageclass.kubernetes.io/is-default-class" = "false"
+  }
+
+  depends_on = [kubernetes_storage_class.gp3]
+}