diff --git a/icurfer-hq-network/.terraform.lock.hcl b/icurfer-hq-network/.terraform.lock.hcl deleted file mode 100644 index bb18485..0000000 --- a/icurfer-hq-network/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "2.70.4" - constraints = "~> 2.0" - hashes = [ - "h1:0ALZ1dGL41uYi6Ooc0mT52FAcYMEvozpFNx8AQKvatY=", - "zh:45f528103c5580623b15e7ac3986b72baa5d33cabc66c902594d666c7607a8f2", - "zh:538793ad294171370cc0c280c98cb5c8eb77669d0917c2ab727090016ec2626e", - "zh:631d5aea6ec7b13d8973f13fc70dc36ecc5e5614793c5141ccd254773bc4ec36", - "zh:7861c5e12c322717ff9684ac658be590d12906a9549204b6337f3f8d55bf0640", - "zh:8adfe014d0a0552a9a6b358cc0d7e3d0c660bc15aa5524e771525b0e5d14b20f", - "zh:9d81089842c0990d410bffc5702dec719145951c3f5cbc85c3bf8968985d50cc", - "zh:a4b0922e0fddccbb84958d4909896e8009c57885a41cc2e1c37dcdc56e2da796", - "zh:a6dcd0292e807d8d5b8a922d2e0cc3c6949461e18603cb48005c967329abe574", - "zh:ae07e0dae4e700c1f6623bd0b66ab4153d0b498ffd5f6681117101d2020815bc", - "zh:bd07ba17501b8b57d4455329770f4f520e709d12f8b0c364821f39d1b2df1a89", - "zh:ddbf1a0b63ac84462da002b44b249f86180804670f1070109785d00a19f88e16", - "zh:e2291e9efbd0100c555d3bae8f2b2af4d416f80105c250747cb5fd8f0b17062f", - "zh:e5d8e0ad489547118fd76f300d1cb6dd516997cf919dc0bbaedaacb5c91e697a", - "zh:eae90e616cec391546bf4ecf294e8a3ae56ce7c90ac0e1d45ebf2907957b9f16", - ] -} diff --git a/icurfer-hq-network/main.tf b/icurfer-hq-network/main.tf deleted file mode 100644 index ea280be..0000000 --- a/icurfer-hq-network/main.tf +++ /dev/null @@ -1,142 +0,0 @@ -// prod - main -provider "aws" { - region = "ap-northeast-2" - - #2.x버전의 AWS공급자 허용 - version = "~> 2.0" - -} - -locals { - common_tags = { - project = "22shop" - owner = "icurfer" - - } - tcp_port = { - any_port = 0 - http_port = 80 - https_port = 443 - ssh_port = 22 - dns_port = 53 - django_port = 8000 - mysql_port = 3306 - } - udp_port = { - dns_port = 53 - } - any_protocol = "-1" - tcp_protocol = "tcp" - icmp_protocol = "icmp" - all_ips = ["0.0.0.0/0"] - - node_group_scaling_config = { - desired_size = 2 - max_size = 4 - min_size = 1 - } - - eks_ingress_type = { - public = "kubernetes.io/role/elb" - private = "kubernetes.io/role/internal-elb=1" - } -} - -// GET 계정정보 -data "aws_caller_identity" "this" {} - -// eks를 위한 iam역할 생성 데이터 조회 -data "aws_iam_policy_document" "eks-assume-role-policy" { - statement { - actions = ["sts:AssumeRole"] - - principals { - type = "Service" - identifiers = ["eks.amazonaws.com"] - } - } -} -data "aws_iam_policy_document" "eks_node_group_role" { - statement { - actions = ["sts:AssumeRole"] - - principals { - type = "Service" - identifiers = ["ec2.amazonaws.com"] - } - } -} - -# module "vpc_hq" { -module "vpc_hq" { - source = "../modules/vpc" - # source = "github.com/Seong-dong/team_prj/tree/main/modules/vpc" - tag_name = "${local.common_tags.project}-vpc" - cidr_block = "10.3.0.0/16" - -} - -module "vpc_igw" { - source = "../modules/igw" - - vpc_id = module.vpc_hq.vpc_hq_id - - tag_name = "${local.common_tags.project}-vpc_igw" - - depends_on = [ - module.vpc_hq - ] -} - -module "subnet_public" { - source = "../modules/vpc-subnet" - - vpc_id = module.vpc_hq.vpc_hq_id - subnet-az-list = var.subnet-az-public - public_ip_on = true - # vpc_name = "${local.common_tags.project}-public" - #alb-ingress 생성을 위해 지정 - k8s_ingress = true - vpc_name = local.eks_ingress_type.public -} - -// public route -module "route_public" { - source = "../modules/route-table" - tag_name = "${local.common_tags.project}-route_table" - vpc_id = module.vpc_hq.vpc_hq_id - -} - -module "route_add" { - source = "../modules/route-add" - route_public_id = module.route_public.route_public_id - igw_id = module.vpc_igw.igw_id -} - -module "route_association" { - source = "../modules/route-association" - route_table_id = module.route_public.route_public_id - - association_count = 2 - subnet_ids = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] -} - -# // private subnet -# module "subnet_private" { -# source = "../modules/vpc-subnet" - -# vpc_id = module.vpc_hq.vpc_hq_id -# subnet-az-list = var.subnet-az-private -# public_ip_on = false -# k8s_ingress = false -# #alb-ingress 생성을 위해 지정 -# vpc_name = local.eks_ingress_type.public -# } - -# module "route_private" { -# source = "../modules/route-table" -# tag_name = "${local.common_tags.project}-private_route_table" -# vpc_id = module.vpc_hq.vpc_hq_id - -# } diff --git a/icurfer-hq-network/outputs.tf b/icurfer-hq-network/outputs.tf deleted file mode 100644 index 6174a0a..0000000 --- a/icurfer-hq-network/outputs.tf +++ /dev/null @@ -1,16 +0,0 @@ -//main-outputs -output "aws_id" { - description = "The AWS Account ID." - value = data.aws_caller_identity.this.account_id -} - -output "subnet" { - description = "The name of vpc hq id" - value = module.subnet_public.subnet -} - -output "vpc_id" { - description = "vpc_id" - value = module.vpc_hq.vpc_hq_id - -} \ No newline at end of file diff --git a/icurfer-hq-network/terraform.tf b/icurfer-hq-network/terraform.tf deleted file mode 100644 index fceb229..0000000 --- a/icurfer-hq-network/terraform.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - backend "remote"{ - hostname = "app.terraform.io" - organization = "22shop" - - workspaces { - name = "tf-cloud-network" - } - } -} \ No newline at end of file diff --git a/icurfer-hq-network/valiables.tf b/icurfer-hq-network/valiables.tf deleted file mode 100644 index 3414430..0000000 --- a/icurfer-hq-network/valiables.tf +++ /dev/null @@ -1,45 +0,0 @@ -# variable "cidr_block" { -# type = string -# default = "10.3.0.0/16" - -# } - -variable "prod_name" { - description = "value" - type = string - default = "22shop" -} - -# variable "igw_id" { -# description = "value" -# type = string -# } - -variable "subnet-az-public" { - description = "Subnet available zone & cidr" - type = map(map(string)) - default = { - "zone-a" = { - name = "ap-northeast-2a" - cidr = "10.3.1.0/24" - } - "zone-c" = { - name = "ap-northeast-2c" - cidr = "10.3.3.0/24" - } - } -} -variable "subnet-az-private" { - description = "Subnet available zone & cidr" - type = map(map(string)) - default = { - "zone-b" = { - name = "ap-northeast-2b" - cidr = "10.3.2.0/24" - } - "zone-d" = { - name = "ap-northeast-2d" - cidr = "10.3.4.0/24" - } - } -} \ No newline at end of file diff --git a/modules/cgw/main.tf b/modules/cgw/main.tf new file mode 100644 index 0000000..4e68ec3 --- /dev/null +++ b/modules/cgw/main.tf @@ -0,0 +1,9 @@ +resource "aws_customer_gateway" "main" { + bgp_asn = 65000 + ip_address = var.cgw_ip + type = "ipsec.1" + + tags = { + Name = "cgw" + } +} \ No newline at end of file diff --git a/modules/cgw/outputs.tf b/modules/cgw/outputs.tf new file mode 100644 index 0000000..7223686 --- /dev/null +++ b/modules/cgw/outputs.tf @@ -0,0 +1,3 @@ +output "cgw_id" { + value = aws_customer_gateway.main.id +} \ No newline at end of file diff --git a/modules/cgw/variables.tf b/modules/cgw/variables.tf new file mode 100644 index 0000000..c397f9f --- /dev/null +++ b/modules/cgw/variables.tf @@ -0,0 +1,3 @@ +variable "cgw_ip" { + type = string +} \ No newline at end of file diff --git a/modules/ec2/eks-host.sh b/modules/ec2/eks-host.sh new file mode 100644 index 0000000..db46a2e --- /dev/null +++ b/modules/ec2/eks-host.sh @@ -0,0 +1,11 @@ +curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" +unzip awscliv2.zip +sudo ./aws/install +export PATH=/usr/local/bin:$PATH +source ~/.bash_profile +curl -o /usr/local/bin/kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.23.13/2022-10-31/bin/linux/amd64/kubectl +chmod +x /usr/local/bin/kubectl +yum install -y jq +yum install -y bash-completion +curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp +mv -v /tmp/eksctl /usr/local/bin diff --git a/modules/ec2/main.tf b/modules/ec2/main.tf index 7d34b83..413783e 100644 --- a/modules/ec2/main.tf +++ b/modules/ec2/main.tf @@ -7,11 +7,13 @@ resource "aws_network_interface" "eni" { } } -resource "aws_instance" "ubuntu" { +resource "aws_instance" "ec2" { ami = var.ami_name # "ami-0ab04b3ccbadfae1f" instance_type = var.instance_type # "t2.micro" + + # user_data = var.user_data tags = { Name = "${var.tag_name}" diff --git a/modules/ec2/mariadb.sh b/modules/ec2/mariadb.sh new file mode 100644 index 0000000..ad1bc9c --- /dev/null +++ b/modules/ec2/mariadb.sh @@ -0,0 +1,9 @@ +cat <> /etc/yum.repos.d/MariaDB.repo +[mariadb] +name = MariaDB +baseurl = http://yum.mariadb.org/10.3/centos7-amd64 +gpgkey = https://yum.mariadb.org/RPM-GPG-KEY-MariaDB +gpgcheck = 1 +EOF +yum install mariadb-server -y +systemctl enable --now mariadb \ No newline at end of file diff --git a/modules/ec2/nginx.sh b/modules/ec2/nginx.sh new file mode 100644 index 0000000..5ccba52 --- /dev/null +++ b/modules/ec2/nginx.sh @@ -0,0 +1,3 @@ +yum update -y +amazon-linux-extras install -y nginx1 +systemctl enable --now nginx \ No newline at end of file diff --git a/modules/ec2/outputs.tf b/modules/ec2/outputs.tf index 85283ce..b38d55a 100644 --- a/modules/ec2/outputs.tf +++ b/modules/ec2/outputs.tf @@ -1,10 +1,10 @@ output "ec2_id" { - value = aws_instance.ubuntu.id + value = aws_instance.ec2.id } output "public_ip_associate" { - value = aws_instance.ubuntu.associate_public_ip_address + value = aws_instance.ec2.associate_public_ip_address } diff --git a/modules/ec2/vailables.tf b/modules/ec2/vailables.tf index 28c69c7..d1ac5e0 100644 --- a/modules/ec2/vailables.tf +++ b/modules/ec2/vailables.tf @@ -33,4 +33,5 @@ variable "sg_list" { description = "sg list" type = list(string) -} \ No newline at end of file +} + diff --git a/modules/eks-cluster/main.tf b/modules/eks-cluster/main.tf index 3ac6033..86b9c15 100644 --- a/modules/eks-cluster/main.tf +++ b/modules/eks-cluster/main.tf @@ -2,7 +2,7 @@ resource "aws_eks_cluster" "eks-cluster" { name = "${var.name}" role_arn = var.iam_role_arn - #enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"] + # enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"] vpc_config { security_group_ids = var.sg_list diff --git a/modules/transit-gateway-route-add/main.tf b/modules/transit-gateway-route-add/main.tf new file mode 100644 index 0000000..482ea4b --- /dev/null +++ b/modules/transit-gateway-route-add/main.tf @@ -0,0 +1,5 @@ +resource "aws_ec2_transit_gateway_route" "example" { + destination_cidr_block = var.cidr + transit_gateway_attachment_id = var.attatch_id + transit_gateway_route_table_id = var.route_table_id +} \ No newline at end of file diff --git a/modules/transit-gateway-route-add/outputs.tf b/modules/transit-gateway-route-add/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/modules/transit-gateway-route-add/variables.tf b/modules/transit-gateway-route-add/variables.tf new file mode 100644 index 0000000..1d5f3b1 --- /dev/null +++ b/modules/transit-gateway-route-add/variables.tf @@ -0,0 +1,13 @@ +variable "cidr" { + description = "cidr" + type = string + +} +variable "route_table_id" { + description = "route_table_id" + type = string + +} +variable "attatch_id" { + type = string +} diff --git a/modules/transit-gateway/outputs.tf b/modules/transit-gateway/outputs.tf index 37519a0..ab44d7b 100644 --- a/modules/transit-gateway/outputs.tf +++ b/modules/transit-gateway/outputs.tf @@ -1,3 +1,6 @@ output "tgw_id" { value = aws_ec2_transit_gateway.tgw.id +} +output "tgw_route-table_id" { + value = aws_ec2_transit_gateway.tgw.association_default_route_table_id } \ No newline at end of file diff --git a/modules/transit-gw-vpc-attatch/outputs.tf b/modules/transit-gw-vpc-attatch/outputs.tf index e69de29..ba7668c 100644 --- a/modules/transit-gw-vpc-attatch/outputs.tf +++ b/modules/transit-gw-vpc-attatch/outputs.tf @@ -0,0 +1,4 @@ +output "attach_id" { + value = aws_ec2_transit_gateway_vpc_attachment.tgw-vpc-attatch.id + +} \ No newline at end of file diff --git a/modules/vpn_conn/main.tf b/modules/vpn_conn/main.tf new file mode 100644 index 0000000..cc65d11 --- /dev/null +++ b/modules/vpn_conn/main.tf @@ -0,0 +1,17 @@ +resource "aws_vpn_connection" "example" { + customer_gateway_id = var.cgw_id + + transit_gateway_id = var.tgw_id + + type = "ipsec.1" + + tunnel1_preshared_key = var.preshared_key + tunnel2_preshared_key = var.preshared_key + + static_routes_only = true + tags = { + Name = "terraform_ipsec_vpn_example" + } +} +# outside_ip_address_type = "PrivateIpv4" +# transport_transit_gateway_attachment_id = data.aws_ec2_transit_gateway_dx_gateway_attachment.example.id \ No newline at end of file diff --git a/modules/vpn_conn/outputs.tf b/modules/vpn_conn/outputs.tf new file mode 100644 index 0000000..7e5eda0 --- /dev/null +++ b/modules/vpn_conn/outputs.tf @@ -0,0 +1,10 @@ +output "vpn_conn_tunnel-1_ip" { + value = aws_vpn_connection.example.tunnel1_address +} +output "vpn_conn_tunnel-2_ip" { + value = aws_vpn_connection.example.tunnel2_address +} +output "attach_id" { + value = aws_vpn_connection.example.transit_gateway_attachment_id + +} \ No newline at end of file diff --git a/modules/vpn_conn/variables.tf b/modules/vpn_conn/variables.tf new file mode 100644 index 0000000..3665238 --- /dev/null +++ b/modules/vpn_conn/variables.tf @@ -0,0 +1,13 @@ +variable "cgw_id" { + type = string + +} + +variable "tgw_id" { + type = string + +} +variable "preshared_key" { + type = string + +} \ No newline at end of file diff --git a/pord_hq-ecr/main.tf b/pord_hq-ecr/main.tf index d8be152..43a821b 100644 --- a/pord_hq-ecr/main.tf +++ b/pord_hq-ecr/main.tf @@ -14,6 +14,6 @@ data "aws_caller_identity" "this" {} module "ecr" { source = "../modules/ecr" - names_list = ["app"] + names_list = ["app", "shop"] //names_list = ["web", "nginx", "mariadb"] } diff --git a/prod-hq-bastion/main.tf b/prod-hq-bastion/main.tf index 9c685e7..3ed397a 100644 --- a/prod-hq-bastion/main.tf +++ b/prod-hq-bastion/main.tf @@ -57,7 +57,8 @@ locals { } module "ec2_bastion" { source = "../modules/ec2" - ami_name = "ami-035233c9da2fabf52" //amazon linux + # ami_name = "ami-035233c9da2fabf52" //amazon linux + ami_name = "ami-0ee5d9d505bab04d3" //custom instance_type = "t2.micro" tag_name = "bastion" public_ip_associate = true diff --git a/prod-hq-dns/main.tf b/prod-hq-dns/main.tf index 827904a..8b1f3f2 100644 --- a/prod-hq-dns/main.tf +++ b/prod-hq-dns/main.tf @@ -10,7 +10,6 @@ provider "aws" { locals { - vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id common_tags = { project = "22shop" owner = "icurfer" @@ -70,7 +69,7 @@ resource "aws_route53_record" "www" { type = "A" alias { - name = "k8s-22shopekscluster-42f56c4a0b-271383680.ap-northeast-2.elb.amazonaws.com" + name = "k8s-22shopekscluster-42f56c4a0b-625381113.ap-northeast-2.elb.amazonaws.com" zone_id = "ZWKZPGTI48KDX" //rt53이아니고 로드밸런서 호스팅영역 evaluate_target_health = true } diff --git a/prod-hq-network-tg/main.tf b/prod-hq-network-tg/main.tf index bd9d190..04a3c4b 100644 --- a/prod-hq-network-tg/main.tf +++ b/prod-hq-network-tg/main.tf @@ -80,6 +80,19 @@ data "terraform_remote_state" "hidc_vpc_id" { } } } +// widc-ec2 +data "terraform_remote_state" "widc_ec2" { + backend = "remote" + + config = { + organization = "22shop" + + workspaces = { + name = "widc-ec2-bkkim" + } + } +} + locals { account_id = data.aws_caller_identity.this.account_id @@ -91,6 +104,7 @@ locals { web_subnet = data.terraform_remote_state.web_vpc_id.outputs.private_subnet_tgw hidc_subnet = data.terraform_remote_state.hidc_vpc_id.outputs.private_subnet + cgw_ip = data.terraform_remote_state.widc_ec2.outputs.eip } // tg 생성 @@ -177,3 +191,56 @@ module "route_add_web_private" { module.tgw ] } + + +module "route_add_hidc_public" { + source = "../modules/route-add" + route_id = data.terraform_remote_state.hidc_vpc_id.outputs.route_public_id + tgw_id = module.tgw.tgw_id + gw_type = "tgw" + destination_cidr = "10.0.0.0/8" + + depends_on = [ + module.tgw + ] +} + +module "route_add_hidc_private" { + source = "../modules/route-add" + route_id = data.terraform_remote_state.hidc_vpc_id.outputs.route_private_id + tgw_id = module.tgw.tgw_id + gw_type = "tgw" + destination_cidr = "10.0.0.0/8" + + depends_on = [ + module.tgw + ] +} + +module "cgw" { + source = "../modules/cgw" + cgw_ip = local.cgw_ip +} + +module "vpn_conn" { + source = "../modules/vpn_conn" + cgw_id = module.cgw.cgw_id + tgw_id = module.tgw.tgw_id + preshared_key = "cloudneta" + depends_on = [ + module.tgw, + module.cgw + ] +} + +module "transit-gateway-route-add" { + source = "../modules/transit-gateway-route-add" + cidr = "10.2.0.0/16" + route_table_id = module.tgw.tgw_route-table_id + attatch_id = module.vpn_conn.attach_id + + depends_on = [ + module.tgw, + module.cgw + ] +} diff --git a/prod-hq-network-tg/outputs.tf b/prod-hq-network-tg/outputs.tf index 14d8d1b..e72ca82 100644 --- a/prod-hq-network-tg/outputs.tf +++ b/prod-hq-network-tg/outputs.tf @@ -1 +1,6 @@ -//main-outputs \ No newline at end of file +output "vpn_conn_tunnel-1_ip" { + value = module.vpn_conn.vpn_conn_tunnel-1_ip +} +output "vpn_conn_tunnel-2_ip" { + value = module.vpn_conn.vpn_conn_tunnel-2_ip +} \ No newline at end of file