dev/terraform-demo
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cowork

Browse Source
This commit is contained in:
Seong-dong
2023-01-11 01:31:56 +09:00
parent f0402956e2
commit c96cac92b9
42 changed files with 746 additions and 265 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
prod-hq-network/.terraform.lock.hcl generated
View File

@ -2,23 +2,9 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "2.70.4"
constraints = "~> 2.0"
version = "3.76.1"
constraints = "~> 3.0"
hashes = [
"h1:0ALZ1dGL41uYi6Ooc0mT52FAcYMEvozpFNx8AQKvatY=",
"zh:45f528103c5580623b15e7ac3986b72baa5d33cabc66c902594d666c7607a8f2",
"zh:538793ad294171370cc0c280c98cb5c8eb77669d0917c2ab727090016ec2626e",
"zh:631d5aea6ec7b13d8973f13fc70dc36ecc5e5614793c5141ccd254773bc4ec36",
"zh:7861c5e12c322717ff9684ac658be590d12906a9549204b6337f3f8d55bf0640",
"zh:8adfe014d0a0552a9a6b358cc0d7e3d0c660bc15aa5524e771525b0e5d14b20f",
"zh:9d81089842c0990d410bffc5702dec719145951c3f5cbc85c3bf8968985d50cc",
"zh:a4b0922e0fddccbb84958d4909896e8009c57885a41cc2e1c37dcdc56e2da796",
"zh:a6dcd0292e807d8d5b8a922d2e0cc3c6949461e18603cb48005c967329abe574",
"zh:ae07e0dae4e700c1f6623bd0b66ab4153d0b498ffd5f6681117101d2020815bc",
"zh:bd07ba17501b8b57d4455329770f4f520e709d12f8b0c364821f39d1b2df1a89",
"zh:ddbf1a0b63ac84462da002b44b249f86180804670f1070109785d00a19f88e16",
"zh:e2291e9efbd0100c555d3bae8f2b2af4d416f80105c250747cb5fd8f0b17062f",
"zh:e5d8e0ad489547118fd76f300d1cb6dd516997cf919dc0bbaedaacb5c91e697a",
"zh:eae90e616cec391546bf4ecf294e8a3ae56ce7c90ac0e1d45ebf2907957b9f16",
"h1:UOk/iZppUGLh2zjmKJKKWCD6e79GsQokO2xfzOcKjxo=",
]
}

118
prod-hq-network/main.tf
View File

@ -1,17 +1,25 @@
// prod - main
provider "aws" {
region = "ap-northeast-2"
region = "ap-northeast-2"
profile = "22shop"
shared_credentials_file = "C:/Users/aa/.aws/credentials"
#2.x버전의 AWS공급자 허용
version = "~> 2.0"
version = "~> 3.0"
}
locals {
region = "ap-northeast-2"
common_tags = {
project = "22shop"
project = "22shop-eks"
owner = "icurfer"
}
cidr = {
vpc = "10.3.0.0/16"
zone_a = "10.3.1.0/24"
zone_c = "10.3.3.0/24"
zone_a_private = "10.3.2.0/24"
zone_c_private = "10.3.4.0/24"
}
tcp_port = {
any_port = 0
@ -45,6 +53,19 @@ locals {
// GET 계정정보
data "aws_caller_identity" "this" {}
// 테라폼클라우드
# data "terraform_remote_state" "hq_vpc_id" {
# backend = "remote"
# config = {
# organization = "22shop"
# workspaces = {
# name = "hq-network"
# }
# }
# }
// eks를 위한 iam역할 생성 데이터 조회
data "aws_iam_policy_document" "eks-assume-role-policy" {
statement {
@ -67,7 +88,7 @@ data "aws_iam_policy_document" "eks_node_group_role" {
}
}
# module "vpc_hq" {
//vpc 생성
module "vpc_hq" {
source = "../modules/vpc"
# source = "github.com/Seong-dong/team_prj/tree/main/modules/vpc"
@ -76,6 +97,7 @@ module "vpc_hq" {
}
//외부통신 gateway
module "vpc_igw" {
source = "../modules/igw"
@ -88,16 +110,36 @@ module "vpc_igw" {
]
}
// public 서브넷 생성
module "subnet_public" {
source = "../modules/vpc-subnet"
vpc_id = module.vpc_hq.vpc_hq_id
subnet-az-list = var.subnet-az-public
subnet-az-list = {
"zone-a" = {
name = "${local.region}a"
cidr = local.cidr.zone_a
}
"zone-c" = {
name = "${local.region}c"
cidr = local.cidr.zone_c
}
}
public_ip_on = true
# vpc_name = "${local.common_tags.project}-public"
#alb-ingress 생성을 위해 지정
k8s_ingress = true
vpc_name = local.eks_ingress_type.public
# vpc_name = local.eks_ingress_type.public
vpc_name = local.eks_ingress_type.private
}
// private외부통신을 위한 nat
module "nat_gw" {
source = "../modules/nat-gateway"
subnet_id = module.subnet_public.subnet.zone-a.id
depends_on = [
module.vpc_igw
]
}
// public route
@ -110,33 +152,59 @@ module "route_public" {
module "route_add" {
source = "../modules/route-add"
route_public_id = module.route_public.route_public_id
route_id = module.route_public.route_id
igw_id = module.vpc_igw.igw_id
gw_type = "igw"
}
module "route_association" {
source = "../modules/route-association"
route_table_id = module.route_public.route_public_id
route_table_id = module.route_public.route_id
association_count = 2
subnet_ids = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id]
}
#----------------------------------------------------------------------------------------------------#
######################################################################################################
#----------------------------------------------------------------------------------------------------#
module "subnet_private" {
source = "../modules/vpc-subnet"
# // private subnet
# module "subnet_private" {
# source = "../modules/vpc-subnet"
vpc_id = module.vpc_hq.vpc_hq_id
subnet-az-list = {
"zone-a" = {
name = "${local.region}a"
cidr = local.cidr.zone_a_private
}
"zone-c" = {
name = "${local.region}c"
cidr = local.cidr.zone_c_private
}
}
public_ip_on = false
# vpc_name = "${local.common_tags.project}-public"
#alb-ingress 생성을 위해 지정
k8s_ingress = false
vpc_name = "null"
}
# vpc_id = module.vpc_hq.vpc_hq_id
# subnet-az-list = var.subnet-az-private
# public_ip_on = false
# k8s_ingress = false
# #alb-ingress 생성을 위해 지정
# vpc_name = local.eks_ingress_type.public
# }
// private route
module "route_private" {
source = "../modules/route-table"
tag_name = "${local.common_tags.project}-private_tbl"
vpc_id = module.vpc_hq.vpc_hq_id
# module "route_private" {
# source = "../modules/route-table"
# tag_name = "${local.common_tags.project}-private_route_table"
# vpc_id = module.vpc_hq.vpc_hq_id
}
module "route_add_nat" {
source = "../modules/route-add"
route_id = module.route_private.route_id
nat_id = module.nat_gw.nat_id
gw_type = "nat"
}
module "route_association_nat" {
source = "../modules/route-association"
route_table_id = module.route_private.route_id
# }
association_count = 2
subnet_ids = [module.subnet_private.subnet.zone-a.id, module.subnet_private.subnet.zone-c.id]
}

13
prod-hq-network/outputs.tf
View File

@ -4,13 +4,24 @@ output "aws_id" {
value = data.aws_caller_identity.this.account_id
}
output "subnet" {
output "public_subnet" {
description = "The name of vpc hq id"
value = module.subnet_public.subnet
}
output "private_subnet" {
description = "The name of vpc hq id"
value = module.subnet_private.subnet
}
output "vpc_id" {
description = "vpc_id"
value = module.vpc_hq.vpc_hq_id
}
output "nat_gw_id" {
description = "vpc_id"
value = module.nat_gw.nat_id
}

4
prod-hq-network/terraform.tf
View File

@ -1,10 +1,10 @@
terraform {
backend "remote"{
hostname = "app.terraform.io"
organization = "icurfer"
organization = "22shop"
workspaces {
name = "tf-cloud-network"
name = "hq-network"
}
}
}

62
prod-hq-network/valiables.tf
View File

@ -10,36 +10,42 @@ variable "prod_name" {
default = "22shop"
}
# variable "nat_id" {
# description = "nat id value"
# type = string
# default = "insert_id"
# }
# variable "igw_id" {
# description = "value"
# type = string
# }
variable "subnet-az-public" {
description = "Subnet available zone & cidr"
type = map(map(string))
default = {
"zone-a" = {
name = "ap-northeast-2a"
cidr = "10.3.1.0/24"
}
"zone-c" = {
name = "ap-northeast-2c"
cidr = "10.3.3.0/24"
}
}
}
variable "subnet-az-private" {
description = "Subnet available zone & cidr"
type = map(map(string))
default = {
"zone-b" = {
name = "ap-northeast-2b"
cidr = "10.3.2.0/24"
}
"zone-d" = {
name = "ap-northeast-2d"
cidr = "10.3.4.0/24"
}
}
}
# variable "subnet-az-public" {
# description = "Subnet available zone & cidr"
# type = map(map(string))
# default = {
# "zone-a" = {
# name = "ap-northeast-2a"
# cidr = "10.3.1.0/24"
# }
# "zone-c" = {
# name = "ap-northeast-2c"
# cidr = "10.3.3.0/24"
# }
# }
# }
# variable "subnet-az-private" {
# description = "Subnet available zone & cidr"
# type = map(map(string))
# default = {
# "zone-b" = {
# name = "ap-northeast-2b"
# cidr = "10.3.2.0/24"
# }
# "zone-d" = {
# name = "ap-northeast-2d"
# cidr = "10.3.4.0/24"
# }
# }
# }