From 7f4d9b11042071737bf056a420d775611efbf12c Mon Sep 17 00:00:00 2001 From: Seong-dong Date: Sat, 31 Dec 2022 17:52:18 +0900 Subject: [PATCH] =?UTF-8?q?=ED=85=8C=EB=9D=BC=ED=8F=BC=20=ED=99=98?= =?UTF-8?q?=EA=B2=BD=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/cloud9-ec2-env/main.tf | 5 + modules/cloud9-ec2-env/variables.tf | 10 + modules/cloud9-ec2/main.tf | 4 + modules/cloud9-ec2/outputs.tf | 3 + modules/cloud9-ec2/variables.tf | 6 + modules/efs/main.tf | 0 modules/efs/outputs.tf | 0 modules/efs/variables.tf | 0 modules/eks-cluster/main.tf | 17 +- modules/eks-cluster/outputs.tf | 4 + modules/eks-cluster/valiables.tf | 5 + modules/templates/main.tf | 24 --- modules/vpc-subnet/main.tf | 1 + modules/vpc-subnet/valiables.tf | 1 - pord_dev_config/.terraform.lock.hcl | 10 + pord_dev_config/main.tf | 101 ++++++++++ pord_dev_config/outputs.tf | 0 pord_dev_config/terraform.tf | 10 + pord_dev_config/variables.tf | 45 +++++ prod-hq-eks copy/main.tf | 135 +++++++++++++ prod-hq-eks copy/outputs.tf | 10 + .../terraform.tf | 0 {prod-hq => prod-hq-eks copy}/valiables.tf | 0 prod-hq-eks/.terraform.lock.hcl | 25 +++ {prod-hq => prod-hq-eks}/main.tf | 77 ++------ prod-hq-eks/outputs.tf | 13 ++ prod-hq-eks/terraform.tf | 10 + prod-hq-eks/valiables.tf | 45 +++++ prod-hq-network/.terraform.lock.hcl | 10 + prod-hq-network/main.tf | 182 ++++++++++++++++++ {prod-hq => prod-hq-network}/outputs.tf | 6 + prod-hq-network/terraform.tf | 10 + prod-hq-network/valiables.tf | 45 +++++ prod-hq/.terraform.lock.hcl | 20 -- 34 files changed, 732 insertions(+), 102 deletions(-) create mode 100644 modules/cloud9-ec2-env/main.tf create mode 100644 modules/cloud9-ec2-env/variables.tf create mode 100644 modules/cloud9-ec2/main.tf create mode 100644 modules/cloud9-ec2/outputs.tf create mode 100644 modules/cloud9-ec2/variables.tf create mode 100644 modules/efs/main.tf create mode 100644 modules/efs/outputs.tf create mode 100644 modules/efs/variables.tf create mode 100644 pord_dev_config/.terraform.lock.hcl create mode 100644 pord_dev_config/main.tf create mode 100644 pord_dev_config/outputs.tf create mode 100644 pord_dev_config/terraform.tf create mode 100644 pord_dev_config/variables.tf create mode 100644 prod-hq-eks copy/main.tf create mode 100644 prod-hq-eks copy/outputs.tf rename {modules/vpc-subnet => prod-hq-eks copy}/terraform.tf (100%) rename {prod-hq => prod-hq-eks copy}/valiables.tf (100%) create mode 100644 prod-hq-eks/.terraform.lock.hcl rename {prod-hq => prod-hq-eks}/main.tf (76%) create mode 100644 prod-hq-eks/outputs.tf create mode 100644 prod-hq-eks/terraform.tf create mode 100644 prod-hq-eks/valiables.tf create mode 100644 prod-hq-network/.terraform.lock.hcl create mode 100644 prod-hq-network/main.tf rename {prod-hq => prod-hq-network}/outputs.tf (74%) create mode 100644 prod-hq-network/terraform.tf create mode 100644 prod-hq-network/valiables.tf delete mode 100644 prod-hq/.terraform.lock.hcl diff --git a/modules/cloud9-ec2-env/main.tf b/modules/cloud9-ec2-env/main.tf new file mode 100644 index 0000000..cb1e463 --- /dev/null +++ b/modules/cloud9-ec2-env/main.tf @@ -0,0 +1,5 @@ +resource "aws_cloud9_environment_membership" "cloud9-env" { + environment_id = var.cloud9_id + permissions = var.permissions + user_arn = var.user_arn +} \ No newline at end of file diff --git a/modules/cloud9-ec2-env/variables.tf b/modules/cloud9-ec2-env/variables.tf new file mode 100644 index 0000000..7ced9a9 --- /dev/null +++ b/modules/cloud9-ec2-env/variables.tf @@ -0,0 +1,10 @@ +variable "cloud9_id" { + description = "cloud9-ec2" + type = string +} +variable "permissions" { + type = string +} +variable "user_arn" { + type = string +} \ No newline at end of file diff --git a/modules/cloud9-ec2/main.tf b/modules/cloud9-ec2/main.tf new file mode 100644 index 0000000..f4b6db9 --- /dev/null +++ b/modules/cloud9-ec2/main.tf @@ -0,0 +1,4 @@ +resource "aws_cloud9_environment_ec2" "cloud9-dev" { + instance_type = var.instance_type + name = var.name +} \ No newline at end of file diff --git a/modules/cloud9-ec2/outputs.tf b/modules/cloud9-ec2/outputs.tf new file mode 100644 index 0000000..a0db29e --- /dev/null +++ b/modules/cloud9-ec2/outputs.tf @@ -0,0 +1,3 @@ +output "cloud9_id" { + value = aws_cloud9_environment_ec2.cloud9-dev.id +} diff --git a/modules/cloud9-ec2/variables.tf b/modules/cloud9-ec2/variables.tf new file mode 100644 index 0000000..d4e70db --- /dev/null +++ b/modules/cloud9-ec2/variables.tf @@ -0,0 +1,6 @@ +variable "instance_type" { + type = string +} +variable "name" { + type = string +} diff --git a/modules/efs/main.tf b/modules/efs/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/modules/efs/outputs.tf b/modules/efs/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/modules/efs/variables.tf b/modules/efs/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/modules/eks-cluster/main.tf b/modules/eks-cluster/main.tf index b537c12..f75ed48 100644 --- a/modules/eks-cluster/main.tf +++ b/modules/eks-cluster/main.tf @@ -6,10 +6,25 @@ resource "aws_eks_cluster" "eks-cluster" { vpc_config { security_group_ids = var.sg_list - subnet_ids = var.subnet_list + subnet_ids = var.subnet_list #노드그룹 통신을 위한 설정 endpoint_private_access = true endpoint_public_access = true } } + +# //신뢰할수있는 사용자 등록 +# resource "aws_eks_identity_provider_config" "eks-cluster-oidc-provider" { +# cluster_name = aws_eks_cluster.eks-cluster.name + +# oidc { +# client_id = var.client_id +# identity_provider_config_name = "eks-example" +# issuer_url = "${aws_eks_cluster.eks-cluster.identity[0].oidc[0].issuer}" +# } + +# depends_on = [ +# aws_eks_cluster.eks-cluster +# ] +# } diff --git a/modules/eks-cluster/outputs.tf b/modules/eks-cluster/outputs.tf index c6b8840..7fb67ef 100644 --- a/modules/eks-cluster/outputs.tf +++ b/modules/eks-cluster/outputs.tf @@ -9,3 +9,7 @@ output "kubeconfig-certificate-authority-data" { output "cluster_name" { value = aws_eks_cluster.eks-cluster.name } + +output "cluster_oidc" { + value = "${aws_eks_cluster.eks-cluster.identity[0].oidc[0].issuer}" +} \ No newline at end of file diff --git a/modules/eks-cluster/valiables.tf b/modules/eks-cluster/valiables.tf index bba5e49..c4b0b05 100644 --- a/modules/eks-cluster/valiables.tf +++ b/modules/eks-cluster/valiables.tf @@ -12,3 +12,8 @@ variable "subnet_list" { type = list(string) } + +variable "client_id" { + type = string + +} diff --git a/modules/templates/main.tf b/modules/templates/main.tf index 3561969..e69de29 100644 --- a/modules/templates/main.tf +++ b/modules/templates/main.tf @@ -1,24 +0,0 @@ -resource "aws_iam_role" "eks-cluster" { - name = "iam role eks-cluster" - - # Terraform's "jsonencode" function converts a - # Terraform expression result to valid JSON syntax. - assume_role_policy = jsonencode({ - "Version" : "2012-10-17", - "Statement" : [ - { - "Effect" : "Allow", - "Principal" : { - "Service" : [ - "eks.amazonaws.com" - ] - }, - "Action" : "sts:AssumeRole" - } - ] - }) - - tags = { - tag-key = "eks-cluster-rule" - } -} diff --git a/modules/vpc-subnet/main.tf b/modules/vpc-subnet/main.tf index 5a9843a..32a38b5 100644 --- a/modules/vpc-subnet/main.tf +++ b/modules/vpc-subnet/main.tf @@ -10,6 +10,7 @@ resource "aws_subnet" "subnets" { tags = { Name = var.vpc_name + "kubernetes.io/role/elb" = 1 # Name = module.vpc_hq.vpcHq.id } } \ No newline at end of file diff --git a/modules/vpc-subnet/valiables.tf b/modules/vpc-subnet/valiables.tf index d783fde..a9ad426 100644 --- a/modules/vpc-subnet/valiables.tf +++ b/modules/vpc-subnet/valiables.tf @@ -7,7 +7,6 @@ variable "vpc_name" { description = "set vpc name" type = string } - // reference | https://github.com/davidcsi/terraform/blob/master/healthchecks/main.tf variable "subnet-az-list" { description = "Subnet available zone & cidr" diff --git a/pord_dev_config/.terraform.lock.hcl b/pord_dev_config/.terraform.lock.hcl new file mode 100644 index 0000000..e807511 --- /dev/null +++ b/pord_dev_config/.terraform.lock.hcl @@ -0,0 +1,10 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.48.0" + constraints = "~> 4.0" + hashes = [ + "h1:8xLCA04IhQUzGI8/t3ySKNFMyjgGCWiXRUWhWEsYvew=", + ] +} diff --git a/pord_dev_config/main.tf b/pord_dev_config/main.tf new file mode 100644 index 0000000..e2c6984 --- /dev/null +++ b/pord_dev_config/main.tf @@ -0,0 +1,101 @@ +// prod - dev +provider "aws" { + region = "ap-northeast-2" + + #4.x버전의 AWS공급자 허용 + version = "~> 4.0" + +} + +locals { + common_tags = { + project = "22shop_dev" + owner = "icurfer" + + } + tcp_port = { + any_port = 0 + http_port = 80 + https_port = 443 + ssh_port = 22 + dns_port = 53 + django_port = 8000 + mysql_port = 3306 + } + udp_port = { + dns_port = 53 + } + any_protocol = "-1" + tcp_protocol = "tcp" + icmp_protocol = "icmp" + all_ips = ["0.0.0.0/0"] + + iam_name = { + cloud9 = "cloud9" + } + +} + +// GET 계정정보 +data "aws_caller_identity" "this" {} + +// cloud9를 위한 iam역할 생성 데이터 조회 +data "aws_iam_policy_document" "cloud9_role" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + } +} + +# EKS테스트 할때 활성 +module "ecr" { + source = "../modules/ecr" + + names_list = ["web"] + //names_list = ["web", "nginx", "mariadb"] +} + + + +/* +// colud9 생성 및 추가 +module "cloud9_iam" { + source = "../modules/iam" + iam_name = local.iam_name.cloud9 + policy = data.aws_iam_policy_document.cloud9_role.json + tag_name = local.common_tags.project +} +module "cloud9_iam_att_admin_access" { + source = "../modules/iam-policy-attach" + iam_name = local.iam_name.cloud9 + role_name = module.cloud9_iam.iam_name + arn = "arn:aws:iam::aws:policy/AdministratorAccess" + + depends_on = [ + module.cloud9_iam + ] +} + +// cloud9 +module "cloud9_ec2" { + source = "../modules/cloud9-ec2" + name = local.common_tags.project + instance_type = "t2.micro" + +} +module "cloud9_ec2_env" { + source = "../modules/cloud9-ec2-env" + cloud9_id = module.cloud9_ec2.cloud9_id + permissions = "read-only" + user_arn = module.cloud9_iam.iam_arn + + depends_on = [ + module.cloud9_iam, + module.cloud9_ec2 + ] +} +*/ \ No newline at end of file diff --git a/pord_dev_config/outputs.tf b/pord_dev_config/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/pord_dev_config/terraform.tf b/pord_dev_config/terraform.tf new file mode 100644 index 0000000..6682fe3 --- /dev/null +++ b/pord_dev_config/terraform.tf @@ -0,0 +1,10 @@ +terraform { + backend "remote"{ + hostname = "app.terraform.io" + organization = "22shop" + + workspaces { + name = "tf-cloud-dev" + } + } +} \ No newline at end of file diff --git a/pord_dev_config/variables.tf b/pord_dev_config/variables.tf new file mode 100644 index 0000000..2a233e0 --- /dev/null +++ b/pord_dev_config/variables.tf @@ -0,0 +1,45 @@ +# variable "cidr_block" { +# type = string +# default = "10.3.0.0/16" + +# } + +variable "prod_name" { + description = "value" + type = string + default = "22shop" +} + +# variable "igw_id" { +# description = "value" +# type = string +# } + +variable "subnet-az-public" { + description = "Subnet available zone & cidr" + type = map(map(string)) + default = { + "zone-a" = { + name = "ap-northeast-2a" + cidr = "10.10.1.0/24" + } + "zone-c" = { + name = "ap-northeast-2c" + cidr = "10.10.3.0/24" + } + } +} +variable "subnet-az-private" { + description = "Subnet available zone & cidr" + type = map(map(string)) + default = { + "zone-b" = { + name = "ap-northeast-2b" + cidr = "10.10.2.0/24" + } + "zone-d" = { + name = "ap-northeast-2d" + cidr = "10.10.4.0/24" + } + } +} \ No newline at end of file diff --git a/prod-hq-eks copy/main.tf b/prod-hq-eks copy/main.tf new file mode 100644 index 0000000..b01d5c0 --- /dev/null +++ b/prod-hq-eks copy/main.tf @@ -0,0 +1,135 @@ +// prod - main +provider "aws" { + region = "ap-northeast-2" + + #2.x버전의 AWS공급자 허용 + version = "~> 2.0" + +} + +locals { + vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id + public_subnet = data.terraform_remote_state.hq_vpc_id.outputs.subnet + common_tags = { + project = "22shop" + owner = "icurfer" + + } + tcp_port = { + any_port = 0 + http_port = 80 + https_port = 443 + ssh_port = 22 + dns_port = 53 + django_port = 8000 + mysql_port = 3306 + } + udp_port = { + dns_port = 53 + } + any_protocol = "-1" + tcp_protocol = "tcp" + icmp_protocol = "icmp" + all_ips = ["0.0.0.0/0"] + + node_group_scaling_config = { + desired_size = 2 + max_size = 4 + min_size = 1 + } +} + +// GET 계정정보 +data "aws_caller_identity" "this" {} + +// 테라폼클라우드 네트워크 상태파일 조회 +data "terraform_remote_state" "hq-network" { + backend = "remote" + + config = { + organization = "22shop" + + workspaces = { + name = "tf-22shop-network" + } + } +} + +// eks 클러스터 +// 보안그룹 생성 +module "alb_sg" { + source = "../modules/sg" + sg_name = "${local.common_tags.project}-sg" + # vpc_id = module.vpc_hq.vpc_hq_id + vpc_id = local.vpc_id + +} + +module "alb_sg_ingress_http" { + for_each = local.tcp_port + source = "../modules/sg-rule-add" + type = "ingress" + from_port = each.value + to_port = each.value + protocol = local.tcp_protocol + cidr_blocks = local.all_ips + security_group_id = module.eks_sg.sg_id + + tag_name = each.key +} + +module "alb_sg_egress_all" { + source = "../modules/sg-rule-add" + type = "egress" + from_port = local.any_protocol + to_port = local.any_protocol + protocol = local.any_protocol + cidr_blocks = local.all_ips + security_group_id = module.eks_sg.sg_id + + tag_name = "egress-all" +} + +# ALB +resource "aws_alb" "test" { + name = "test-alb" + internal = false + load_balancer_type = "application" + security_groups = [ aws_security_group.alb.id ] + subnets = [ aws_subnet.VPC_HQ_public_1a.id , aws_subnet.VPC_HQ_public_1c.id ] + enable_cross_zone_load_balancing = true +} +resource "aws_alb_target_group" "test" { + name = "tset-alb-tg" + port = 8080 + protocol = "HTTP" + vpc_id = aws_vpc.VPC_HQ.id + health_check { + path = "/" + protocol = "HTTP" + matcher = "200" + interval = 15 + timeout = 3 + healthy_threshold =2 + unhealthy_threshold =2 + } +} +resource "aws_alb_target_group_attachment" "privateInstance01" { + target_group_arn = aws_alb_target_group.test.arn + target_id = aws_instance.testEC201.id + port = 80 +} +resource "aws_alb_target_group_attachment" "privateInstance02" { + target_group_arn = aws_alb_target_group.test.arn + target_id = aws_instance.testEC202.id + port = 80 +} +resource "aws_alb_listener" "test" { + load_balancer_arn = aws_alb.test.arn + port = 80 + protocol = "HTTP" + default_action { + type = "forward" + target_group_arn = aws_alb_target_group.test.arn + } +} \ No newline at end of file diff --git a/prod-hq-eks copy/outputs.tf b/prod-hq-eks copy/outputs.tf new file mode 100644 index 0000000..ae8b469 --- /dev/null +++ b/prod-hq-eks copy/outputs.tf @@ -0,0 +1,10 @@ +//main-outputs +output "aws_id" { + description = "The AWS Account ID." + value = data.aws_caller_identity.this.account_id +} + +# output "subnet" { +# description = "The name of vpc hq id" +# value = module.subnet_public.subnet +# } diff --git a/modules/vpc-subnet/terraform.tf b/prod-hq-eks copy/terraform.tf similarity index 100% rename from modules/vpc-subnet/terraform.tf rename to prod-hq-eks copy/terraform.tf diff --git a/prod-hq/valiables.tf b/prod-hq-eks copy/valiables.tf similarity index 100% rename from prod-hq/valiables.tf rename to prod-hq-eks copy/valiables.tf diff --git a/prod-hq-eks/.terraform.lock.hcl b/prod-hq-eks/.terraform.lock.hcl new file mode 100644 index 0000000..7fe4140 --- /dev/null +++ b/prod-hq-eks/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "3.76.0" + constraints = "~> 3.0" + hashes = [ + "h1:OzcRXMb2MU7LOheOcCX4rMVffltsLIX3ENs84UzB2Kw=", + "zh:144ac5d606a9236564a9e2cfe4fde5f25c56c42d97108b5ef9f4ba68c367c17a", + "zh:1e8f594d094bd83e759aeed1f6b9d83d67bace36bcd0d5ddc48316e9c219d9f8", + "zh:1eb473010b250c083a7370e0ae43f9961f3c83678a4f5782981387d04f5f7491", + "zh:258ff4c1d204876dea485fac0856721cccf15b94361e7d56ea433fc6fbfc7dc6", + "zh:3cf323d1ebc797486c8b995b0e8d1093ec75e832308fe9dd52dccb8507af2b00", + "zh:5108ba908617ed6e89ac15defafbf9bc57b3ff098d0efdd10294bae1a5532daf", + "zh:54bd6fe57680b845bbf3f4f0cc9a20057973defcd7786390f1967bdbf7b58e1f", + "zh:5f1d06843997229616dc56cecae450e4165ecadb2b2f8206eb074babc09e8dbc", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:a6a222eb9ac72ad4efd0f039cac3ffda35d0152e47e573da1aa6da272edb9413", + "zh:ad96cddae3ab78fa85095b7d82e09ed6b25ef099c58d18c1c14c75d5f5f1219c", + "zh:bf18dd6bd6a8eba83f9d55adeeeb14abeb2b63b4a05ac26fc15d1820d34ff9d2", + "zh:cace02539792163c90362998fae484f3b32869d0d148484c809d7c9e8086ac50", + "zh:d527fe5b1fa912a06134fa6be35a044d05ae69973b5ce5c1804466a167b4d3bc", + "zh:fad111579454ec38c3d51ad2422bf43b108f51f17d4db64e81f178b5fbfb2675", + ] +} diff --git a/prod-hq/main.tf b/prod-hq-eks/main.tf similarity index 76% rename from prod-hq/main.tf rename to prod-hq-eks/main.tf index d47a3d8..42cfdc5 100644 --- a/prod-hq/main.tf +++ b/prod-hq-eks/main.tf @@ -3,11 +3,13 @@ provider "aws" { region = "ap-northeast-2" #2.x버전의 AWS공급자 허용 - version = "~> 2.0" + version = "~> 3.0" } locals { + vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id + public_subnet = data.terraform_remote_state.hq_vpc_id.outputs.subnet common_tags = { project = "22shop" owner = "icurfer" @@ -62,56 +64,17 @@ data "aws_iam_policy_document" "eks_node_group_role" { } } -# module "vpc_hq" { -module "vpc_hq" { - source = "../modules/vpc" - # source = "github.com/Seong-dong/team_prj/tree/main/modules/vpc" - tag_name = "${local.common_tags.project}-vpc" - cidr_block = "10.3.0.0/16" +// 테라폼클라우드 +data "terraform_remote_state" "hq_vpc_id" { + backend = "remote" -} + config = { + organization = "22shop" -module "vpc_igw" { - source = "../modules/igw" - - vpc_id = module.vpc_hq.vpc_hq_id - - tag_name = "${local.common_tags.project}-vpc_igw" - - depends_on = [ - module.vpc_hq - ] -} - -module "subnet_public" { - source = "../modules/vpc-subnet" - - vpc_id = module.vpc_hq.vpc_hq_id - subnet-az-list = var.subnet-az-public - public_ip_on = true - vpc_name = "${local.common_tags.project}-public" -} - -// public route -module "route_public" { - source = "../modules/route-table" - tag_name = "${local.common_tags.project}-route_table" - vpc_id = module.vpc_hq.vpc_hq_id - -} - -module "route_add" { - source = "../modules/route-add" - route_public_id = module.route_public.route_public_id - igw_id = module.vpc_igw.igw_id -} - -module "route_association" { - source = "../modules/route-association" - route_table_id = module.route_public.route_public_id - - association_count = 2 - subnet_ids = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] + workspaces = { + name = "tf-22shop-network" + } + } } // eks 클러스터 역할 생성 @@ -186,11 +149,9 @@ module "eks_nodegroup_iam_att_3" { module "eks_sg" { source = "../modules/sg" sg_name = "${local.common_tags.project}-sg" - vpc_id = module.vpc_hq.vpc_hq_id + # vpc_id = module.vpc_hq.vpc_hq_id + vpc_id = local.vpc_id - depends_on = [ - module.vpc_hq - ] } module "eks_sg_ingress_http" { @@ -223,13 +184,16 @@ module "eks_cluster" { name = local.common_tags.project iam_role_arn = module.eks_cluster_iam.iam_arn sg_list = [module.eks_sg.sg_id] - subnet_list = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음. + # subnet_list = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음. + subnet_list = [local.public_subnet.zone-a.id, local.public_subnet.zone-c.id] depends_on = [ module.eks_cluster_iam, module.eks_sg, - module.vpc_hq ] + + client_id = data.aws_caller_identity.this.id + } module "eks_node_group" { @@ -238,7 +202,8 @@ module "eks_node_group" { cluster_name = module.eks_cluster.cluster_name # iam_role_arn = module.eks_nodegroup_iam.iam_arn iam_role_arn = "arn:aws:iam::448559955338:role/eks-nodegroup-test" - subnet_list = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음. + # subnet_list = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음. + subnet_list = [local.public_subnet.zone-a.id, local.public_subnet.zone-c.id] desired_size = local.node_group_scaling_config.desired_size max_size = local.node_group_scaling_config.max_size diff --git a/prod-hq-eks/outputs.tf b/prod-hq-eks/outputs.tf new file mode 100644 index 0000000..d03cd11 --- /dev/null +++ b/prod-hq-eks/outputs.tf @@ -0,0 +1,13 @@ +//main-outputs +output "aws_id" { + description = "The AWS Account ID." + value = data.aws_caller_identity.this.account_id +} +# output "cluster_oidc" { +# description = "eks_cluster_identity" +# value = module.eks_cluster.cluster_oidc +# } +# output "subnet" { +# description = "The name of vpc hq id" +# value = module.subnet_public.subnet +# } diff --git a/prod-hq-eks/terraform.tf b/prod-hq-eks/terraform.tf new file mode 100644 index 0000000..9137da1 --- /dev/null +++ b/prod-hq-eks/terraform.tf @@ -0,0 +1,10 @@ +terraform { + backend "remote"{ + hostname = "app.terraform.io" + organization = "22shop" + + workspaces { + name = "tf-cloud-backend" + } + } +} \ No newline at end of file diff --git a/prod-hq-eks/valiables.tf b/prod-hq-eks/valiables.tf new file mode 100644 index 0000000..3414430 --- /dev/null +++ b/prod-hq-eks/valiables.tf @@ -0,0 +1,45 @@ +# variable "cidr_block" { +# type = string +# default = "10.3.0.0/16" + +# } + +variable "prod_name" { + description = "value" + type = string + default = "22shop" +} + +# variable "igw_id" { +# description = "value" +# type = string +# } + +variable "subnet-az-public" { + description = "Subnet available zone & cidr" + type = map(map(string)) + default = { + "zone-a" = { + name = "ap-northeast-2a" + cidr = "10.3.1.0/24" + } + "zone-c" = { + name = "ap-northeast-2c" + cidr = "10.3.3.0/24" + } + } +} +variable "subnet-az-private" { + description = "Subnet available zone & cidr" + type = map(map(string)) + default = { + "zone-b" = { + name = "ap-northeast-2b" + cidr = "10.3.2.0/24" + } + "zone-d" = { + name = "ap-northeast-2d" + cidr = "10.3.4.0/24" + } + } +} \ No newline at end of file diff --git a/prod-hq-network/.terraform.lock.hcl b/prod-hq-network/.terraform.lock.hcl new file mode 100644 index 0000000..834290a --- /dev/null +++ b/prod-hq-network/.terraform.lock.hcl @@ -0,0 +1,10 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "2.70.1" + constraints = "~> 2.0" + hashes = [ + "h1:SQR8egOmFbwBHOSMzUYg/Mt4e0LsQe91ma9I2Ug3lmY=", + ] +} diff --git a/prod-hq-network/main.tf b/prod-hq-network/main.tf new file mode 100644 index 0000000..5d050bd --- /dev/null +++ b/prod-hq-network/main.tf @@ -0,0 +1,182 @@ +// prod - main +provider "aws" { + region = "ap-northeast-2" + + #2.x버전의 AWS공급자 허용 + version = "~> 2.0" + +} + +locals { + common_tags = { + project = "22shop" + owner = "icurfer" + + } + tcp_port = { + any_port = 0 + http_port = 80 + https_port = 443 + ssh_port = 22 + dns_port = 53 + django_port = 8000 + mysql_port = 3306 + } + udp_port = { + dns_port = 53 + } + any_protocol = "-1" + tcp_protocol = "tcp" + icmp_protocol = "icmp" + all_ips = ["0.0.0.0/0"] + + node_group_scaling_config = { + desired_size = 2 + max_size = 4 + min_size = 1 + } + + eks_ingress_type = { + public = "kubernetes.io/role/elb" + private = "kubernetes.io/role/internal-elb=1" + } +} + +// GET 계정정보 +data "aws_caller_identity" "this" {} + +// eks를 위한 iam역할 생성 데이터 조회 +data "aws_iam_policy_document" "eks-assume-role-policy" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "Service" + identifiers = ["eks.amazonaws.com"] + } + } +} +data "aws_iam_policy_document" "eks_node_group_role" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + } +} + +# module "vpc_hq" { +module "vpc_hq" { + source = "../modules/vpc" + # source = "github.com/Seong-dong/team_prj/tree/main/modules/vpc" + tag_name = "${local.common_tags.project}-vpc" + cidr_block = "10.3.0.0/16" + +} + +module "vpc_igw" { + source = "../modules/igw" + + vpc_id = module.vpc_hq.vpc_hq_id + + tag_name = "${local.common_tags.project}-vpc_igw" + + depends_on = [ + module.vpc_hq + ] +} + +module "subnet_public" { + source = "../modules/vpc-subnet" + + vpc_id = module.vpc_hq.vpc_hq_id + subnet-az-list = var.subnet-az-public + public_ip_on = true + # vpc_name = "${local.common_tags.project}-public" + #alb-ingress 생성을 위해 지정 + vpc_name = local.eks_ingress_type.public +} + +// public route +module "route_public" { + source = "../modules/route-table" + tag_name = "${local.common_tags.project}-route_table" + vpc_id = module.vpc_hq.vpc_hq_id + +} + +module "route_add" { + source = "../modules/route-add" + route_public_id = module.route_public.route_public_id + igw_id = module.vpc_igw.igw_id +} + +module "route_association" { + source = "../modules/route-association" + route_table_id = module.route_public.route_public_id + + association_count = 2 + subnet_ids = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] +} + +# // 보안그룹 생성 +# module "eks_sg" { +# source = "../modules/sg" +# sg_name = "${local.common_tags.project}-sg" +# vpc_id = module.vpc_hq.vpc_hq_id + +# depends_on = [ +# module.vpc_hq +# ] +# } + +# module "eks_sg_ingress_http" { +# for_each = local.tcp_port +# source = "../modules/sg-rule-add" +# type = "ingress" +# from_port = each.value +# to_port = each.value +# protocol = local.tcp_protocol +# cidr_blocks = local.all_ips +# security_group_id = module.eks_sg.sg_id + +# tag_name = each.key +# } + +# module "eks_sg_egress_all" { +# source = "../modules/sg-rule-add" +# type = "egress" +# from_port = local.any_protocol +# to_port = local.any_protocol +# protocol = local.any_protocol +# cidr_blocks = local.all_ips +# security_group_id = module.eks_sg.sg_id + +# tag_name = "egress-all" +# } + +# EKS테스트 할때 활성 +# module "ecr" { +# source = "../modules/ecr" + +# names_list = ["web", "nginx", "mariadb"] +# } + +/* +terraform_remote_state reference method +terraform cloud +*/ +# data "terraform_remote_state" "foo" { +# backend = "remote" + +# config = { +# organization = "company" + +# workspaces = { +# name = "workspace" +# } +# } +# } + diff --git a/prod-hq/outputs.tf b/prod-hq-network/outputs.tf similarity index 74% rename from prod-hq/outputs.tf rename to prod-hq-network/outputs.tf index f55041c..6174a0a 100644 --- a/prod-hq/outputs.tf +++ b/prod-hq-network/outputs.tf @@ -8,3 +8,9 @@ output "subnet" { description = "The name of vpc hq id" value = module.subnet_public.subnet } + +output "vpc_id" { + description = "vpc_id" + value = module.vpc_hq.vpc_hq_id + +} \ No newline at end of file diff --git a/prod-hq-network/terraform.tf b/prod-hq-network/terraform.tf new file mode 100644 index 0000000..b91ab8c --- /dev/null +++ b/prod-hq-network/terraform.tf @@ -0,0 +1,10 @@ +terraform { + backend "remote"{ + hostname = "app.terraform.io" + organization = "22shop" + + workspaces { + name = "tf-22shop-network" + } + } +} \ No newline at end of file diff --git a/prod-hq-network/valiables.tf b/prod-hq-network/valiables.tf new file mode 100644 index 0000000..3414430 --- /dev/null +++ b/prod-hq-network/valiables.tf @@ -0,0 +1,45 @@ +# variable "cidr_block" { +# type = string +# default = "10.3.0.0/16" + +# } + +variable "prod_name" { + description = "value" + type = string + default = "22shop" +} + +# variable "igw_id" { +# description = "value" +# type = string +# } + +variable "subnet-az-public" { + description = "Subnet available zone & cidr" + type = map(map(string)) + default = { + "zone-a" = { + name = "ap-northeast-2a" + cidr = "10.3.1.0/24" + } + "zone-c" = { + name = "ap-northeast-2c" + cidr = "10.3.3.0/24" + } + } +} +variable "subnet-az-private" { + description = "Subnet available zone & cidr" + type = map(map(string)) + default = { + "zone-b" = { + name = "ap-northeast-2b" + cidr = "10.3.2.0/24" + } + "zone-d" = { + name = "ap-northeast-2d" + cidr = "10.3.4.0/24" + } + } +} \ No newline at end of file diff --git a/prod-hq/.terraform.lock.hcl b/prod-hq/.terraform.lock.hcl deleted file mode 100644 index 21e79ab..0000000 --- a/prod-hq/.terraform.lock.hcl +++ /dev/null @@ -1,20 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "2.70.1" - constraints = "~> 2.0" - hashes = [ - "h1:SQR8egOmFbwBHOSMzUYg/Mt4e0LsQe91ma9I2Ug3lmY=", - "zh:04137cdf128cf21dcd190bbba4d4bba43c7868c52ad646b0eaa54a8b8b8160a7", - "zh:30c9f956133a102b4a426d76dd3ef1a42332d9875261a06aa877409aa6b2b556", - "zh:3107a43647454a3d6d847fba6aa593650af0f6a353272c04450408af5f4d353a", - "zh:3f17285478313af822447b453fa4e37f30ef221f0b0e8f2e4655f1ac9f9de1a2", - "zh:5a626f7a3c4a9fea3bdfde63aedbf6eea73760f3b228f776f1132b61d00c7ff2", - "zh:6aafc9dd79b511b9e3d0ec49f7df1d1fd697c3c873d1d70a2be1a12475b50206", - "zh:6fb29b48ccc85f7e9dfde3867ce99d6d65fb76bea68c97d404fae431758a8f03", - "zh:c47be92e1edf2e8675c932030863536c1a79decf85b2baa4232e5936c5f7088f", - "zh:cd0a4b28c5e4b5092043803d17fd1d495ecb926c2688603c4cdab4c20f3a91f4", - "zh:fb0ff763cb5d7a696989e58e0e4b88b1faed2a62b9fb83f4f7c2400ad6fabb84", - ] -}