icurfer/terraform-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

정리

Browse Source
This commit is contained in:
Seong-dong
2023-01-22 03:27:54 +09:00
parent d3f56ecc0c
commit 09e9dcf9b5
28 changed files with 188 additions and 247 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
icurfer-hq-network/.terraform.lock.hcl generated
View File

@ -1,24 +0,0 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "2.70.4"
constraints = "~> 2.0"
hashes = [
"h1:0ALZ1dGL41uYi6Ooc0mT52FAcYMEvozpFNx8AQKvatY=",
"zh:45f528103c5580623b15e7ac3986b72baa5d33cabc66c902594d666c7607a8f2",
"zh:538793ad294171370cc0c280c98cb5c8eb77669d0917c2ab727090016ec2626e",
"zh:631d5aea6ec7b13d8973f13fc70dc36ecc5e5614793c5141ccd254773bc4ec36",
"zh:7861c5e12c322717ff9684ac658be590d12906a9549204b6337f3f8d55bf0640",
"zh:8adfe014d0a0552a9a6b358cc0d7e3d0c660bc15aa5524e771525b0e5d14b20f",
"zh:9d81089842c0990d410bffc5702dec719145951c3f5cbc85c3bf8968985d50cc",
"zh:a4b0922e0fddccbb84958d4909896e8009c57885a41cc2e1c37dcdc56e2da796",
"zh:a6dcd0292e807d8d5b8a922d2e0cc3c6949461e18603cb48005c967329abe574",
"zh:ae07e0dae4e700c1f6623bd0b66ab4153d0b498ffd5f6681117101d2020815bc",
"zh:bd07ba17501b8b57d4455329770f4f520e709d12f8b0c364821f39d1b2df1a89",
"zh:ddbf1a0b63ac84462da002b44b249f86180804670f1070109785d00a19f88e16",
"zh:e2291e9efbd0100c555d3bae8f2b2af4d416f80105c250747cb5fd8f0b17062f",
"zh:e5d8e0ad489547118fd76f300d1cb6dd516997cf919dc0bbaedaacb5c91e697a",
"zh:eae90e616cec391546bf4ecf294e8a3ae56ce7c90ac0e1d45ebf2907957b9f16",
]
}

142
icurfer-hq-network/main.tf
View File

@ -1,142 +0,0 @@
// prod - main
provider "aws" {
region = "ap-northeast-2"
#2.x버전의 AWS공급자 허용
version = "~> 2.0"
}
locals {
common_tags = {
project = "22shop"
owner = "icurfer"
}
tcp_port = {
any_port = 0
http_port = 80
https_port = 443
ssh_port = 22
dns_port = 53
django_port = 8000
mysql_port = 3306
}
udp_port = {
dns_port = 53
}
any_protocol = "-1"
tcp_protocol = "tcp"
icmp_protocol = "icmp"
all_ips = ["0.0.0.0/0"]
node_group_scaling_config = {
desired_size = 2
max_size = 4
min_size = 1
}
eks_ingress_type = {
public = "kubernetes.io/role/elb"
private = "kubernetes.io/role/internal-elb=1"
}
}
// GET 계정정보
data "aws_caller_identity" "this" {}
// eks를 위한 iam역할 생성 데이터 조회
data "aws_iam_policy_document" "eks-assume-role-policy" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["eks.amazonaws.com"]
}
}
}
data "aws_iam_policy_document" "eks_node_group_role" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
# module "vpc_hq" {
module "vpc_hq" {
source = "../modules/vpc"
# source = "github.com/Seong-dong/team_prj/tree/main/modules/vpc"
tag_name = "${local.common_tags.project}-vpc"
cidr_block = "10.3.0.0/16"
}
module "vpc_igw" {
source = "../modules/igw"
vpc_id = module.vpc_hq.vpc_hq_id
tag_name = "${local.common_tags.project}-vpc_igw"
depends_on = [
module.vpc_hq
]
}
module "subnet_public" {
source = "../modules/vpc-subnet"
vpc_id = module.vpc_hq.vpc_hq_id
subnet-az-list = var.subnet-az-public
public_ip_on = true
# vpc_name = "${local.common_tags.project}-public"
#alb-ingress 생성을 위해 지정
k8s_ingress = true
vpc_name = local.eks_ingress_type.public
}
// public route
module "route_public" {
source = "../modules/route-table"
tag_name = "${local.common_tags.project}-route_table"
vpc_id = module.vpc_hq.vpc_hq_id
}
module "route_add" {
source = "../modules/route-add"
route_public_id = module.route_public.route_public_id
igw_id = module.vpc_igw.igw_id
}
module "route_association" {
source = "../modules/route-association"
route_table_id = module.route_public.route_public_id
association_count = 2
subnet_ids = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id]
}
# // private subnet
# module "subnet_private" {
# source = "../modules/vpc-subnet"
# vpc_id = module.vpc_hq.vpc_hq_id
# subnet-az-list = var.subnet-az-private
# public_ip_on = false
# k8s_ingress = false
# #alb-ingress 생성을 위해 지정
# vpc_name = local.eks_ingress_type.public
# }
# module "route_private" {
# source = "../modules/route-table"
# tag_name = "${local.common_tags.project}-private_route_table"
# vpc_id = module.vpc_hq.vpc_hq_id
# }

16
icurfer-hq-network/outputs.tf
View File

@ -1,16 +0,0 @@
//main-outputs
output "aws_id" {
description = "The AWS Account ID."
value = data.aws_caller_identity.this.account_id
}
output "subnet" {
description = "The name of vpc hq id"
value = module.subnet_public.subnet
}
output "vpc_id" {
description = "vpc_id"
value = module.vpc_hq.vpc_hq_id
}

10
icurfer-hq-network/terraform.tf
View File

@ -1,10 +0,0 @@
terraform {
backend "remote"{
hostname = "app.terraform.io"
organization = "22shop"
workspaces {
name = "tf-cloud-network"
}
}
}

45
icurfer-hq-network/valiables.tf
View File

@ -1,45 +0,0 @@
# variable "cidr_block" {
# type = string
# default = "10.3.0.0/16"
# }
variable "prod_name" {
description = "value"
type = string
default = "22shop"
}
# variable "igw_id" {
# description = "value"
# type = string
# }
variable "subnet-az-public" {
description = "Subnet available zone & cidr"
type = map(map(string))
default = {
"zone-a" = {
name = "ap-northeast-2a"
cidr = "10.3.1.0/24"
}
"zone-c" = {
name = "ap-northeast-2c"
cidr = "10.3.3.0/24"
}
}
}
variable "subnet-az-private" {
description = "Subnet available zone & cidr"
type = map(map(string))
default = {
"zone-b" = {
name = "ap-northeast-2b"
cidr = "10.3.2.0/24"
}
"zone-d" = {
name = "ap-northeast-2d"
cidr = "10.3.4.0/24"
}
}
}

9
modules/cgw/main.tf Normal file
View File

@ -0,0 +1,9 @@
resource "aws_customer_gateway" "main" {
bgp_asn = 65000
ip_address = var.cgw_ip
type = "ipsec.1"
tags = {
Name = "cgw"
}
}

3
modules/cgw/outputs.tf Normal file
View File

@ -0,0 +1,3 @@
output "cgw_id" {
value = aws_customer_gateway.main.id
}

3
modules/cgw/variables.tf Normal file
View File

@ -0,0 +1,3 @@
variable "cgw_ip" {
type = string
}

11
modules/ec2/eks-host.sh Normal file
View File

@ -0,0 +1,11 @@
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
export PATH=/usr/local/bin:$PATH
source ~/.bash_profile
curl -o /usr/local/bin/kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.23.13/2022-10-31/bin/linux/amd64/kubectl
chmod +x /usr/local/bin/kubectl
yum install -y jq
yum install -y bash-completion
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
mv -v /tmp/eksctl /usr/local/bin

4
modules/ec2/main.tf
View File

@ -7,12 +7,14 @@ resource "aws_network_interface" "eni" {
} }
} }
resource "aws_instance" "ubuntu" { resource "aws_instance" "ec2" {
ami = var.ami_name ami = var.ami_name
# "ami-0ab04b3ccbadfae1f" # "ami-0ab04b3ccbadfae1f"
instance_type = var.instance_type instance_type = var.instance_type
# "t2.micro" # "t2.micro"
# user_data = var.user_data
tags = { tags = {
Name = "${var.tag_name}" Name = "${var.tag_name}"
} }

9
modules/ec2/mariadb.sh Normal file
View File

@ -0,0 +1,9 @@
cat <<EOF>> /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/centos7-amd64
gpgkey = https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck = 1
EOF
yum install mariadb-server -y
systemctl enable --now mariadb

3
modules/ec2/nginx.sh Normal file
View File

@ -0,0 +1,3 @@
yum update -y
amazon-linux-extras install -y nginx1
systemctl enable --now nginx

4
modules/ec2/outputs.tf
View File

@ -1,10 +1,10 @@
output "ec2_id" { output "ec2_id" {
value = aws_instance.ubuntu.id value = aws_instance.ec2.id
} }
output "public_ip_associate" { output "public_ip_associate" {
value = aws_instance.ubuntu.associate_public_ip_address value = aws_instance.ec2.associate_public_ip_address
} }

1
modules/ec2/vailables.tf
View File

@ -34,3 +34,4 @@ variable "sg_list" {
type = list(string) type = list(string)
} }

2
modules/eks-cluster/main.tf
View File

@ -2,7 +2,7 @@ resource "aws_eks_cluster" "eks-cluster" {
name = "${var.name}" name = "${var.name}"
role_arn = var.iam_role_arn role_arn = var.iam_role_arn
#enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"] # enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
vpc_config { vpc_config {
security_group_ids = var.sg_list security_group_ids = var.sg_list

5
modules/transit-gateway-route-add/main.tf Normal file
View File

@ -0,0 +1,5 @@
resource "aws_ec2_transit_gateway_route" "example" {
destination_cidr_block = var.cidr
transit_gateway_attachment_id = var.attatch_id
transit_gateway_route_table_id = var.route_table_id
}

0
modules/transit-gateway-route-add/outputs.tf Normal file
View File

13
modules/transit-gateway-route-add/variables.tf Normal file
View File

@ -0,0 +1,13 @@
variable "cidr" {
description = "cidr"
type = string
}
variable "route_table_id" {
description = "route_table_id"
type = string
}
variable "attatch_id" {
type = string
}

3
modules/transit-gateway/outputs.tf
View File

@ -1,3 +1,6 @@
output "tgw_id" { output "tgw_id" {
value = aws_ec2_transit_gateway.tgw.id value = aws_ec2_transit_gateway.tgw.id
} }
output "tgw_route-table_id" {
value = aws_ec2_transit_gateway.tgw.association_default_route_table_id
}

4
modules/transit-gw-vpc-attatch/outputs.tf
View File

@ -0,0 +1,4 @@
output "attach_id" {
value = aws_ec2_transit_gateway_vpc_attachment.tgw-vpc-attatch.id
}

17
modules/vpn_conn/main.tf Normal file
View File

@ -0,0 +1,17 @@
resource "aws_vpn_connection" "example" {
customer_gateway_id = var.cgw_id
transit_gateway_id = var.tgw_id
type = "ipsec.1"
tunnel1_preshared_key = var.preshared_key
tunnel2_preshared_key = var.preshared_key
static_routes_only = true
tags = {
Name = "terraform_ipsec_vpn_example"
}
}
# outside_ip_address_type = "PrivateIpv4"
# transport_transit_gateway_attachment_id = data.aws_ec2_transit_gateway_dx_gateway_attachment.example.id

10
modules/vpn_conn/outputs.tf Normal file
View File

@ -0,0 +1,10 @@
output "vpn_conn_tunnel-1_ip" {
value = aws_vpn_connection.example.tunnel1_address
}
output "vpn_conn_tunnel-2_ip" {
value = aws_vpn_connection.example.tunnel2_address
}
output "attach_id" {
value = aws_vpn_connection.example.transit_gateway_attachment_id
}

13
modules/vpn_conn/variables.tf Normal file
View File

@ -0,0 +1,13 @@
variable "cgw_id" {
type = string
}
variable "tgw_id" {
type = string
}
variable "preshared_key" {
type = string
}

2
pord_hq-ecr/main.tf
View File

@ -14,6 +14,6 @@ data "aws_caller_identity" "this" {}
module "ecr" { module "ecr" {
source = "../modules/ecr" source = "../modules/ecr"
names_list = ["app"] names_list = ["app", "shop"]
//names_list = ["web", "nginx", "mariadb"] //names_list = ["web", "nginx", "mariadb"]
} }

3
prod-hq-bastion/main.tf
View File

@ -57,7 +57,8 @@ locals {
} }
module "ec2_bastion" { module "ec2_bastion" {
source = "../modules/ec2" source = "../modules/ec2"
ami_name = "ami-035233c9da2fabf52" //amazon linux # ami_name = "ami-035233c9da2fabf52" //amazon linux
ami_name = "ami-0ee5d9d505bab04d3" //custom
instance_type = "t2.micro" instance_type = "t2.micro"
tag_name = "bastion" tag_name = "bastion"
public_ip_associate = true public_ip_associate = true

3
prod-hq-dns/main.tf
View File

@ -10,7 +10,6 @@ provider "aws" {
locals { locals {
vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id
common_tags = { common_tags = {
project = "22shop" project = "22shop"
owner = "icurfer" owner = "icurfer"
@ -70,7 +69,7 @@ resource "aws_route53_record" "www" {
type = "A" type = "A"
alias { alias {
name = "k8s-22shopekscluster-42f56c4a0b-271383680.ap-northeast-2.elb.amazonaws.com" name = "k8s-22shopekscluster-42f56c4a0b-625381113.ap-northeast-2.elb.amazonaws.com"
zone_id = "ZWKZPGTI48KDX" //rt53이아니고 로드밸런서 호스팅영역 zone_id = "ZWKZPGTI48KDX" //rt53이아니고 로드밸런서 호스팅영역
evaluate_target_health = true evaluate_target_health = true
} }

67
prod-hq-network-tg/main.tf
View File

@ -80,6 +80,19 @@ data "terraform_remote_state" "hidc_vpc_id" {
} }
} }
} }
// widc-ec2
data "terraform_remote_state" "widc_ec2" {
backend = "remote"
config = {
organization = "22shop"
workspaces = {
name = "widc-ec2-bkkim"
}
}
}
locals { locals {
account_id = data.aws_caller_identity.this.account_id account_id = data.aws_caller_identity.this.account_id
@ -91,6 +104,7 @@ locals {
web_subnet = data.terraform_remote_state.web_vpc_id.outputs.private_subnet_tgw web_subnet = data.terraform_remote_state.web_vpc_id.outputs.private_subnet_tgw
hidc_subnet = data.terraform_remote_state.hidc_vpc_id.outputs.private_subnet hidc_subnet = data.terraform_remote_state.hidc_vpc_id.outputs.private_subnet
cgw_ip = data.terraform_remote_state.widc_ec2.outputs.eip
} }
// tg 생성 // tg 생성
@ -177,3 +191,56 @@ module "route_add_web_private" {
module.tgw module.tgw
] ]
} }
module "route_add_hidc_public" {
source = "../modules/route-add"
route_id = data.terraform_remote_state.hidc_vpc_id.outputs.route_public_id
tgw_id = module.tgw.tgw_id
gw_type = "tgw"
destination_cidr = "10.0.0.0/8"
depends_on = [
module.tgw
]
}
module "route_add_hidc_private" {
source = "../modules/route-add"
route_id = data.terraform_remote_state.hidc_vpc_id.outputs.route_private_id
tgw_id = module.tgw.tgw_id
gw_type = "tgw"
destination_cidr = "10.0.0.0/8"
depends_on = [
module.tgw
]
}
module "cgw" {
source = "../modules/cgw"
cgw_ip = local.cgw_ip
}
module "vpn_conn" {
source = "../modules/vpn_conn"
cgw_id = module.cgw.cgw_id
tgw_id = module.tgw.tgw_id
preshared_key = "cloudneta"
depends_on = [
module.tgw,
module.cgw
]
}
module "transit-gateway-route-add" {
source = "../modules/transit-gateway-route-add"
cidr = "10.2.0.0/16"
route_table_id = module.tgw.tgw_route-table_id
attatch_id = module.vpn_conn.attach_id
depends_on = [
module.tgw,
module.cgw
]
}

7
prod-hq-network-tg/outputs.tf
View File

@ -1 +1,6 @@
//main-outputs output "vpn_conn_tunnel-1_ip" {
value = module.vpn_conn.vpn_conn_tunnel-1_ip
}
output "vpn_conn_tunnel-2_ip" {
value = module.vpn_conn.vpn_conn_tunnel-2_ip
}