From 9a60aa0f34c401920b15ec622245cb55a9979d3e Mon Sep 17 00:00:00 2001 From: Seong-dong Date: Fri, 6 Jan 2023 13:29:00 +0900 Subject: [PATCH] test --- modules/efs-fs/main.tf | 24 ++++ modules/efs-fs/outputs.tf | 4 + modules/efs-fs/variables.tf | 10 ++ modules/efs-mnt-tg/main.tf | 6 + modules/{efs => efs-mnt-tg}/outputs.tf | 0 modules/efs-mnt-tg/variables.tf | 14 ++ modules/efs/main.tf | 0 modules/eks-cluster/main.tf | 2 +- modules/eks-node-group/outputs.tf | 5 + pord_dev_config/main.tf | 2 +- prod-hq-bak/.terraform.lock.hcl | 20 --- prod-hq-efs/.terraform.lock.hcl | 10 ++ prod-hq-efs/main.tf | 115 +++++++++++++++ prod-hq-efs/outputs.tf | 3 + .../terraform.tf | 2 +- {modules/efs => prod-hq-efs}/variables.tf | 0 prod-hq-eks/.terraform.lock.hcl | 15 -- prod-hq-eks/main.tf | 49 +++---- prod-hq-eks/outputs.tf | 5 + prod-hq-eks/terraform.tf | 2 +- prod-hq-idc-network/.terraform.lock.hcl | 10 ++ prod-hq-idc-network/main.tf | 117 +++++++++++++++ prod-hq-idc-network/outputs.tf | 16 +++ prod-hq-idc-network/terraform.tf | 10 ++ .../valiables.tf | 28 ++-- test-prod-hq-eks/main.tf | 135 ------------------ test-prod-hq-eks/outputs.tf | 10 -- 27 files changed, 389 insertions(+), 225 deletions(-) create mode 100644 modules/efs-fs/main.tf create mode 100644 modules/efs-fs/outputs.tf create mode 100644 modules/efs-fs/variables.tf create mode 100644 modules/efs-mnt-tg/main.tf rename modules/{efs => efs-mnt-tg}/outputs.tf (100%) create mode 100644 modules/efs-mnt-tg/variables.tf delete mode 100644 modules/efs/main.tf delete mode 100644 prod-hq-bak/.terraform.lock.hcl create mode 100644 prod-hq-efs/.terraform.lock.hcl create mode 100644 prod-hq-efs/main.tf create mode 100644 prod-hq-efs/outputs.tf rename {test-prod-hq-eks => prod-hq-efs}/terraform.tf (79%) rename {modules/efs => prod-hq-efs}/variables.tf (100%) create mode 100644 prod-hq-idc-network/.terraform.lock.hcl create mode 100644 prod-hq-idc-network/main.tf create mode 100644 prod-hq-idc-network/outputs.tf create mode 100644 prod-hq-idc-network/terraform.tf rename {test-prod-hq-eks => prod-hq-idc-network}/valiables.tf (63%) delete mode 100644 test-prod-hq-eks/main.tf delete mode 100644 test-prod-hq-eks/outputs.tf diff --git a/modules/efs-fs/main.tf b/modules/efs-fs/main.tf new file mode 100644 index 0000000..cf96432 --- /dev/null +++ b/modules/efs-fs/main.tf @@ -0,0 +1,24 @@ +# EFS 파일 시스템 생성 +resource "aws_efs_file_system" "efs" { + # 원존 클래스를 이용할 경우 + # availability_zone_name = "ap-northeast-2a" + + # 유휴 시 데이터 암호화 + encrypted = true + # KMS에서 관리형 키를 이용하려면 kms_key_id 속성을 붙여줍니다. + + # 버스팅 처리량 모드 + throughput_mode = "bursting" + + # 성능 모드: generalPurpose(범용 모드), maxIO(최대 IO 모드) + performance_mode = "generalPurpose" + + # 프로비저닝 처리량 모드 + # throughput_mode = "provisioned" + # provisioned_throughput_in_mibps = 100 + + # 수명 주기 관리 + lifecycle_policy { + transition_to_ia = "AFTER_30_DAYS" + } +} \ No newline at end of file diff --git a/modules/efs-fs/outputs.tf b/modules/efs-fs/outputs.tf new file mode 100644 index 0000000..7c44369 --- /dev/null +++ b/modules/efs-fs/outputs.tf @@ -0,0 +1,4 @@ +output "efs_fs_id" { + description = "efs fs id" + value = aws_efs_file_system.efs.id +} \ No newline at end of file diff --git a/modules/efs-fs/variables.tf b/modules/efs-fs/variables.tf new file mode 100644 index 0000000..5cd91e2 --- /dev/null +++ b/modules/efs-fs/variables.tf @@ -0,0 +1,10 @@ +# variable "sg_list" { +# description = "security group list" +# type = list(string) + +# } +# variable "subnet_id" { +# description = "security group list" +# type = string + +# } diff --git a/modules/efs-mnt-tg/main.tf b/modules/efs-mnt-tg/main.tf new file mode 100644 index 0000000..f1ea9a1 --- /dev/null +++ b/modules/efs-mnt-tg/main.tf @@ -0,0 +1,6 @@ +resource "aws_efs_mount_target" "mount" { + file_system_id = var.fs_id + subnet_id = var.subnet_id + + security_groups = var.sg_list +} \ No newline at end of file diff --git a/modules/efs/outputs.tf b/modules/efs-mnt-tg/outputs.tf similarity index 100% rename from modules/efs/outputs.tf rename to modules/efs-mnt-tg/outputs.tf diff --git a/modules/efs-mnt-tg/variables.tf b/modules/efs-mnt-tg/variables.tf new file mode 100644 index 0000000..0640f41 --- /dev/null +++ b/modules/efs-mnt-tg/variables.tf @@ -0,0 +1,14 @@ +variable "fs_id" { + description = "fs_id" + type = string +} +variable "sg_list" { + description = "security group list" + type = list(string) + +} +variable "subnet_id" { + description = "security group list" + type = string + +} \ No newline at end of file diff --git a/modules/efs/main.tf b/modules/efs/main.tf deleted file mode 100644 index e69de29..0000000 diff --git a/modules/eks-cluster/main.tf b/modules/eks-cluster/main.tf index f75ed48..3ac6033 100644 --- a/modules/eks-cluster/main.tf +++ b/modules/eks-cluster/main.tf @@ -1,5 +1,5 @@ resource "aws_eks_cluster" "eks-cluster" { - name = "${var.name}-eks-cluster" + name = "${var.name}" role_arn = var.iam_role_arn #enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"] diff --git a/modules/eks-node-group/outputs.tf b/modules/eks-node-group/outputs.tf index e69de29..1aaa638 100644 --- a/modules/eks-node-group/outputs.tf +++ b/modules/eks-node-group/outputs.tf @@ -0,0 +1,5 @@ +output "ng_sg" { + description = "Identifier of the remote access EC2 Security Group." + value = "${aws_eks_node_group.eks-ng.resources[0].remote_access_security_group_id}" + +} \ No newline at end of file diff --git a/pord_dev_config/main.tf b/pord_dev_config/main.tf index e2c6984..f646bf8 100644 --- a/pord_dev_config/main.tf +++ b/pord_dev_config/main.tf @@ -55,7 +55,7 @@ data "aws_iam_policy_document" "cloud9_role" { module "ecr" { source = "../modules/ecr" - names_list = ["web"] + names_list = ["app"] //names_list = ["web", "nginx", "mariadb"] } diff --git a/prod-hq-bak/.terraform.lock.hcl b/prod-hq-bak/.terraform.lock.hcl deleted file mode 100644 index 21e79ab..0000000 --- a/prod-hq-bak/.terraform.lock.hcl +++ /dev/null @@ -1,20 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "2.70.1" - constraints = "~> 2.0" - hashes = [ - "h1:SQR8egOmFbwBHOSMzUYg/Mt4e0LsQe91ma9I2Ug3lmY=", - "zh:04137cdf128cf21dcd190bbba4d4bba43c7868c52ad646b0eaa54a8b8b8160a7", - "zh:30c9f956133a102b4a426d76dd3ef1a42332d9875261a06aa877409aa6b2b556", - "zh:3107a43647454a3d6d847fba6aa593650af0f6a353272c04450408af5f4d353a", - "zh:3f17285478313af822447b453fa4e37f30ef221f0b0e8f2e4655f1ac9f9de1a2", - "zh:5a626f7a3c4a9fea3bdfde63aedbf6eea73760f3b228f776f1132b61d00c7ff2", - "zh:6aafc9dd79b511b9e3d0ec49f7df1d1fd697c3c873d1d70a2be1a12475b50206", - "zh:6fb29b48ccc85f7e9dfde3867ce99d6d65fb76bea68c97d404fae431758a8f03", - "zh:c47be92e1edf2e8675c932030863536c1a79decf85b2baa4232e5936c5f7088f", - "zh:cd0a4b28c5e4b5092043803d17fd1d495ecb926c2688603c4cdab4c20f3a91f4", - "zh:fb0ff763cb5d7a696989e58e0e4b88b1faed2a62b9fb83f4f7c2400ad6fabb84", - ] -} diff --git a/prod-hq-efs/.terraform.lock.hcl b/prod-hq-efs/.terraform.lock.hcl new file mode 100644 index 0000000..c68417c --- /dev/null +++ b/prod-hq-efs/.terraform.lock.hcl @@ -0,0 +1,10 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "3.76.0" + constraints = "~> 3.0" + hashes = [ + "h1:OzcRXMb2MU7LOheOcCX4rMVffltsLIX3ENs84UzB2Kw=", + ] +} diff --git a/prod-hq-efs/main.tf b/prod-hq-efs/main.tf new file mode 100644 index 0000000..8b88099 --- /dev/null +++ b/prod-hq-efs/main.tf @@ -0,0 +1,115 @@ +// prod-hq-efs - main +provider "aws" { + region = "ap-northeast-2" + + #2.x버전의 AWS공급자 허용 + version = "~> 3.0" + +} + +locals { + // 초기 설정값 + vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id + public_subnet = data.terraform_remote_state.hq_vpc_id.outputs.subnet + common_tags = { + project = "22shop-efs" + owner = "icurfer" + + } + tcp_port = { + http_port = 80 + https_port = 443 + ssh_port = 22 + dns_port = 53 + # django_port = 8000 + # mysql_port = 3306 + nfs_port = 2049 + } +# udp_port = { +# dns_port = 53 +# } + + any_port = 0 + + any_protocol = "-1" + tcp_protocol = "tcp" + icmp_protocol = "icmp" + all_ips = ["0.0.0.0/0"] + +} + +// GET 계정정보 +data "aws_caller_identity" "this" {} + +// 테라폼클라우드 +data "terraform_remote_state" "hq_vpc_id" { + backend = "remote" + + config = { + organization = "22shop" // 초기 설정값 + + workspaces = { + name = "tf-22shop-network" + } + } +} + +// 보안그룹 생성 +module "efs_sg" { + source = "../modules/sg" + sg_name = "${local.common_tags.project}-sg" + vpc_id = local.vpc_id + +} + +module "efs_sg_ingress_http" { + for_each = local.tcp_port + source = "../modules/sg-rule-add" + type = "ingress" + from_port = each.value + to_port = each.value + protocol = local.tcp_protocol + cidr_blocks = local.all_ips + security_group_id = module.efs_sg.sg_id + + tag_name = each.key +} + +module "efs_sg_egress_all" { + source = "../modules/sg-rule-add" + type = "egress" + from_port = local.any_protocol + to_port = local.any_protocol + protocol = local.any_protocol + cidr_blocks = local.all_ips + security_group_id = module.efs_sg.sg_id + + tag_name = "egress-all" +} + +module "efs_fs" { + source = "../modules/efs-fs" + +} + +module "efs-mnt_tg" { + source = "../modules/efs-mnt-tg" + fs_id = module.efs_fs.efs_fs_id + subnet_id = "${local.public_subnet.zone-a.id}" + sg_list = [module.efs_sg.sg_id] + + depends_on = [ + module.efs_fs + ] +} + +module "efs-mnt_t2" { + source = "../modules/efs-mnt-tg" + fs_id = module.efs_fs.efs_fs_id + subnet_id = "${local.public_subnet.zone-c.id}" + sg_list = [module.efs_sg.sg_id] + + depends_on = [ + module.efs_fs + ] +} \ No newline at end of file diff --git a/prod-hq-efs/outputs.tf b/prod-hq-efs/outputs.tf new file mode 100644 index 0000000..9e40709 --- /dev/null +++ b/prod-hq-efs/outputs.tf @@ -0,0 +1,3 @@ +output "efs_fs" { + value = module.efs_fs.efs_fs_id +} \ No newline at end of file diff --git a/test-prod-hq-eks/terraform.tf b/prod-hq-efs/terraform.tf similarity index 79% rename from test-prod-hq-eks/terraform.tf rename to prod-hq-efs/terraform.tf index 9137da1..06b7d67 100644 --- a/test-prod-hq-eks/terraform.tf +++ b/prod-hq-efs/terraform.tf @@ -4,7 +4,7 @@ terraform { organization = "22shop" workspaces { - name = "tf-cloud-backend" + name = "tf-22shop-hq-efs" } } } \ No newline at end of file diff --git a/modules/efs/variables.tf b/prod-hq-efs/variables.tf similarity index 100% rename from modules/efs/variables.tf rename to prod-hq-efs/variables.tf diff --git a/prod-hq-eks/.terraform.lock.hcl b/prod-hq-eks/.terraform.lock.hcl index 7fe4140..c68417c 100644 --- a/prod-hq-eks/.terraform.lock.hcl +++ b/prod-hq-eks/.terraform.lock.hcl @@ -6,20 +6,5 @@ provider "registry.terraform.io/hashicorp/aws" { constraints = "~> 3.0" hashes = [ "h1:OzcRXMb2MU7LOheOcCX4rMVffltsLIX3ENs84UzB2Kw=", - "zh:144ac5d606a9236564a9e2cfe4fde5f25c56c42d97108b5ef9f4ba68c367c17a", - "zh:1e8f594d094bd83e759aeed1f6b9d83d67bace36bcd0d5ddc48316e9c219d9f8", - "zh:1eb473010b250c083a7370e0ae43f9961f3c83678a4f5782981387d04f5f7491", - "zh:258ff4c1d204876dea485fac0856721cccf15b94361e7d56ea433fc6fbfc7dc6", - "zh:3cf323d1ebc797486c8b995b0e8d1093ec75e832308fe9dd52dccb8507af2b00", - "zh:5108ba908617ed6e89ac15defafbf9bc57b3ff098d0efdd10294bae1a5532daf", - "zh:54bd6fe57680b845bbf3f4f0cc9a20057973defcd7786390f1967bdbf7b58e1f", - "zh:5f1d06843997229616dc56cecae450e4165ecadb2b2f8206eb074babc09e8dbc", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a6a222eb9ac72ad4efd0f039cac3ffda35d0152e47e573da1aa6da272edb9413", - "zh:ad96cddae3ab78fa85095b7d82e09ed6b25ef099c58d18c1c14c75d5f5f1219c", - "zh:bf18dd6bd6a8eba83f9d55adeeeb14abeb2b63b4a05ac26fc15d1820d34ff9d2", - "zh:cace02539792163c90362998fae484f3b32869d0d148484c809d7c9e8086ac50", - "zh:d527fe5b1fa912a06134fa6be35a044d05ae69973b5ce5c1804466a167b4d3bc", - "zh:fad111579454ec38c3d51ad2422bf43b108f51f17d4db64e81f178b5fbfb2675", ] } diff --git a/prod-hq-eks/main.tf b/prod-hq-eks/main.tf index 42cfdc5..2c2c649 100644 --- a/prod-hq-eks/main.tf +++ b/prod-hq-eks/main.tf @@ -8,7 +8,7 @@ provider "aws" { } locals { - vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id + vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id public_subnet = data.terraform_remote_state.hq_vpc_id.outputs.subnet common_tags = { project = "22shop" @@ -16,7 +16,7 @@ locals { } tcp_port = { - any_port = 0 + # any_port = 0 http_port = 80 https_port = 443 ssh_port = 22 @@ -185,15 +185,15 @@ module "eks_cluster" { iam_role_arn = module.eks_cluster_iam.iam_arn sg_list = [module.eks_sg.sg_id] # subnet_list = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음. - subnet_list = [local.public_subnet.zone-a.id, local.public_subnet.zone-c.id] + subnet_list = [local.public_subnet.zone-a.id, local.public_subnet.zone-c.id] depends_on = [ module.eks_cluster_iam, module.eks_sg, ] - client_id = data.aws_caller_identity.this.id - + client_id = data.aws_caller_identity.this.id + } module "eks_node_group" { @@ -203,7 +203,7 @@ module "eks_node_group" { # iam_role_arn = module.eks_nodegroup_iam.iam_arn iam_role_arn = "arn:aws:iam::448559955338:role/eks-nodegroup-test" # subnet_list = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음. - subnet_list = [local.public_subnet.zone-a.id, local.public_subnet.zone-c.id] + subnet_list = [local.public_subnet.zone-a.id, local.public_subnet.zone-c.id] desired_size = local.node_group_scaling_config.desired_size max_size = local.node_group_scaling_config.max_size @@ -214,26 +214,21 @@ module "eks_node_group" { module.eks_cluster, ] } -# EKS테스트 할때 활성 -# module "ecr" { -# source = "../modules/ecr" -# names_list = ["web", "nginx", "mariadb"] +# module "ng_sg_ingress_http" { +# # for_each = local.tcp_port +# source = "../modules/sg-rule-add" +# type = "ingress" +# from_port = "8080" +# to_port = "8080" +# protocol = local.tcp_protocol +# cidr_blocks = local.all_ips +# security_group_id = module.eks_node_group.ng_sg + +# tag_name = "test" + +# depends_on = [ +# module.eks_node_group +# ] + # } - -/* -terraform_remote_state reference method -terraform cloud -*/ -# data "terraform_remote_state" "foo" { -# backend = "remote" - -# config = { -# organization = "company" - -# workspaces = { -# name = "workspace" -# } -# } -# } - diff --git a/prod-hq-eks/outputs.tf b/prod-hq-eks/outputs.tf index d03cd11..fe5e39b 100644 --- a/prod-hq-eks/outputs.tf +++ b/prod-hq-eks/outputs.tf @@ -3,6 +3,11 @@ output "aws_id" { description = "The AWS Account ID." value = data.aws_caller_identity.this.account_id } +output "ng_sg" { + description = "Identifier of the remote access EC2 Security Group." + value = module.eks_node_group.ng_sg + +} # output "cluster_oidc" { # description = "eks_cluster_identity" # value = module.eks_cluster.cluster_oidc diff --git a/prod-hq-eks/terraform.tf b/prod-hq-eks/terraform.tf index 9137da1..807b8b4 100644 --- a/prod-hq-eks/terraform.tf +++ b/prod-hq-eks/terraform.tf @@ -4,7 +4,7 @@ terraform { organization = "22shop" workspaces { - name = "tf-cloud-backend" + name = "tf-cloud-eks" } } } \ No newline at end of file diff --git a/prod-hq-idc-network/.terraform.lock.hcl b/prod-hq-idc-network/.terraform.lock.hcl new file mode 100644 index 0000000..c68417c --- /dev/null +++ b/prod-hq-idc-network/.terraform.lock.hcl @@ -0,0 +1,10 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "3.76.0" + constraints = "~> 3.0" + hashes = [ + "h1:OzcRXMb2MU7LOheOcCX4rMVffltsLIX3ENs84UzB2Kw=", + ] +} diff --git a/prod-hq-idc-network/main.tf b/prod-hq-idc-network/main.tf new file mode 100644 index 0000000..9d9ea12 --- /dev/null +++ b/prod-hq-idc-network/main.tf @@ -0,0 +1,117 @@ +// prod - main +provider "aws" { + region = "ap-northeast-2" + + #2.x버전의 AWS공급자 허용 + version = "~> 3.0" + +} + +locals { + region = "ap-northeast-2" + common_tags = { + project = "22shop-hq-idc" + owner = "icurfer" + } + cidr = { + vpc = "10.4.0.0/16" + zone_a = "10.4.1.0/24" + zone_c = "10.4.3.0/24" + } + tcp_port = { + any_port = 0 + http_port = 80 + https_port = 443 + ssh_port = 22 + dns_port = 53 + django_port = 8000 + mysql_port = 3306 + nfs_port = 2049 + } + udp_port = { + dns_port = 53 + } + any_protocol = "-1" + tcp_protocol = "tcp" + icmp_protocol = "icmp" + all_ips = ["0.0.0.0/0"] +} + +// GET 계정정보 +data "aws_caller_identity" "this" {} + +// eks를 위한 iam역할 생성 데이터 조회 +# data "aws_iam_policy_document" "eks-assume-role-policy" { +# statement { +# actions = ["sts:AssumeRole"] + +# principals { +# type = "Service" +# identifiers = ["eks.amazonaws.com"] +# } +# } +# } + +# module "vpc_hq" { +module "vpc_hq" { + source = "../modules/vpc" + # source = "github.com/Seong-dong/team_prj/tree/main/modules/vpc" + tag_name = "${local.common_tags.project}-vpc" + cidr_block = local.cidr.vpc + +} + +module "vpc_igw" { + source = "../modules/igw" + + vpc_id = module.vpc_hq.vpc_hq_id + + tag_name = "${local.common_tags.project}-vpc_igw" + + depends_on = [ + module.vpc_hq + ] +} + +module "subnet_public" { + source = "../modules/vpc-subnet" + + vpc_id = module.vpc_hq.vpc_hq_id + # subnet-az-list = var.subnet-az-public + subnet-az-list = { + "zone-a" = { + name = "${local.region}a" + cidr = local.cidr.zone_a + } + "zone-c" = { + name = "${local.region}c" + cidr = local.cidr.zone_c + } + } + public_ip_on = true + # vpc_name = "${local.common_tags.project}-public" + #alb-ingress 생성을 위해 지정 + vpc_name = "${local.common_tags.project}-vpc" +} + +// public route +module "route_public" { + source = "../modules/route-table" + tag_name = "${local.common_tags.project}-route_table" + vpc_id = module.vpc_hq.vpc_hq_id + +} + +module "route_add" { + source = "../modules/route-add" + route_public_id = module.route_public.route_public_id + igw_id = module.vpc_igw.igw_id +} + +module "route_association" { + source = "../modules/route-association" + route_table_id = module.route_public.route_public_id + + association_count = 2 + subnet_ids = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] +} \ No newline at end of file diff --git a/prod-hq-idc-network/outputs.tf b/prod-hq-idc-network/outputs.tf new file mode 100644 index 0000000..6174a0a --- /dev/null +++ b/prod-hq-idc-network/outputs.tf @@ -0,0 +1,16 @@ +//main-outputs +output "aws_id" { + description = "The AWS Account ID." + value = data.aws_caller_identity.this.account_id +} + +output "subnet" { + description = "The name of vpc hq id" + value = module.subnet_public.subnet +} + +output "vpc_id" { + description = "vpc_id" + value = module.vpc_hq.vpc_hq_id + +} \ No newline at end of file diff --git a/prod-hq-idc-network/terraform.tf b/prod-hq-idc-network/terraform.tf new file mode 100644 index 0000000..a18fd37 --- /dev/null +++ b/prod-hq-idc-network/terraform.tf @@ -0,0 +1,10 @@ +terraform { + backend "remote"{ + hostname = "app.terraform.io" + organization = "22shop" + + workspaces { + name = "tf-22shop-idc-network" + } + } +} \ No newline at end of file diff --git a/test-prod-hq-eks/valiables.tf b/prod-hq-idc-network/valiables.tf similarity index 63% rename from test-prod-hq-eks/valiables.tf rename to prod-hq-idc-network/valiables.tf index 3414430..271fd80 100644 --- a/test-prod-hq-eks/valiables.tf +++ b/prod-hq-idc-network/valiables.tf @@ -15,20 +15,20 @@ variable "prod_name" { # type = string # } -variable "subnet-az-public" { - description = "Subnet available zone & cidr" - type = map(map(string)) - default = { - "zone-a" = { - name = "ap-northeast-2a" - cidr = "10.3.1.0/24" - } - "zone-c" = { - name = "ap-northeast-2c" - cidr = "10.3.3.0/24" - } - } -} +# variable "subnet-az-public" { +# description = "Subnet available zone & cidr" +# type = map(map(string)) +# default = { +# "zone-a" = { +# name = "ap-northeast-2a" +# cidr = "10.3.1.0/24" +# } +# "zone-c" = { +# name = "ap-northeast-2c" +# cidr = "10.3.3.0/24" +# } +# } +# } variable "subnet-az-private" { description = "Subnet available zone & cidr" type = map(map(string)) diff --git a/test-prod-hq-eks/main.tf b/test-prod-hq-eks/main.tf deleted file mode 100644 index b01d5c0..0000000 --- a/test-prod-hq-eks/main.tf +++ /dev/null @@ -1,135 +0,0 @@ -// prod - main -provider "aws" { - region = "ap-northeast-2" - - #2.x버전의 AWS공급자 허용 - version = "~> 2.0" - -} - -locals { - vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id - public_subnet = data.terraform_remote_state.hq_vpc_id.outputs.subnet - common_tags = { - project = "22shop" - owner = "icurfer" - - } - tcp_port = { - any_port = 0 - http_port = 80 - https_port = 443 - ssh_port = 22 - dns_port = 53 - django_port = 8000 - mysql_port = 3306 - } - udp_port = { - dns_port = 53 - } - any_protocol = "-1" - tcp_protocol = "tcp" - icmp_protocol = "icmp" - all_ips = ["0.0.0.0/0"] - - node_group_scaling_config = { - desired_size = 2 - max_size = 4 - min_size = 1 - } -} - -// GET 계정정보 -data "aws_caller_identity" "this" {} - -// 테라폼클라우드 네트워크 상태파일 조회 -data "terraform_remote_state" "hq-network" { - backend = "remote" - - config = { - organization = "22shop" - - workspaces = { - name = "tf-22shop-network" - } - } -} - -// eks 클러스터 -// 보안그룹 생성 -module "alb_sg" { - source = "../modules/sg" - sg_name = "${local.common_tags.project}-sg" - # vpc_id = module.vpc_hq.vpc_hq_id - vpc_id = local.vpc_id - -} - -module "alb_sg_ingress_http" { - for_each = local.tcp_port - source = "../modules/sg-rule-add" - type = "ingress" - from_port = each.value - to_port = each.value - protocol = local.tcp_protocol - cidr_blocks = local.all_ips - security_group_id = module.eks_sg.sg_id - - tag_name = each.key -} - -module "alb_sg_egress_all" { - source = "../modules/sg-rule-add" - type = "egress" - from_port = local.any_protocol - to_port = local.any_protocol - protocol = local.any_protocol - cidr_blocks = local.all_ips - security_group_id = module.eks_sg.sg_id - - tag_name = "egress-all" -} - -# ALB -resource "aws_alb" "test" { - name = "test-alb" - internal = false - load_balancer_type = "application" - security_groups = [ aws_security_group.alb.id ] - subnets = [ aws_subnet.VPC_HQ_public_1a.id , aws_subnet.VPC_HQ_public_1c.id ] - enable_cross_zone_load_balancing = true -} -resource "aws_alb_target_group" "test" { - name = "tset-alb-tg" - port = 8080 - protocol = "HTTP" - vpc_id = aws_vpc.VPC_HQ.id - health_check { - path = "/" - protocol = "HTTP" - matcher = "200" - interval = 15 - timeout = 3 - healthy_threshold =2 - unhealthy_threshold =2 - } -} -resource "aws_alb_target_group_attachment" "privateInstance01" { - target_group_arn = aws_alb_target_group.test.arn - target_id = aws_instance.testEC201.id - port = 80 -} -resource "aws_alb_target_group_attachment" "privateInstance02" { - target_group_arn = aws_alb_target_group.test.arn - target_id = aws_instance.testEC202.id - port = 80 -} -resource "aws_alb_listener" "test" { - load_balancer_arn = aws_alb.test.arn - port = 80 - protocol = "HTTP" - default_action { - type = "forward" - target_group_arn = aws_alb_target_group.test.arn - } -} \ No newline at end of file diff --git a/test-prod-hq-eks/outputs.tf b/test-prod-hq-eks/outputs.tf deleted file mode 100644 index ae8b469..0000000 --- a/test-prod-hq-eks/outputs.tf +++ /dev/null @@ -1,10 +0,0 @@ -//main-outputs -output "aws_id" { - description = "The AWS Account ID." - value = data.aws_caller_identity.this.account_id -} - -# output "subnet" { -# description = "The name of vpc hq id" -# value = module.subnet_public.subnet -# }