3. 테라폼-GCP-모듈

테라폼 사용 시

한 블록을 업데이트해서 다른 블록에 영향을 주지 않도록 필요함.

개발, 스테이징, 프로덕션 구성시 중복 증가할 수 있어, 업데이트 시 문제가 될 수 있다.

모듈 호출할 수 있다.

유용한 모듈 찾는 곳  https://registry.terraform.io/

예 ) AWS VPC 모듈   https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest

<1> 기본 정보 확인

<2> 소스 받기

<3>  변수 값 입력 

<4>  아웃풋 파일

<5>  모듈 만들기

<1> 기본 정보 확인

gcloud auth list

승인

gcloud config list project

<2> 소스 받기

모듈 소스 목록

https://www.terraform.io/language/modules/sources

네트워크 모듈 https://registry.terraform.io/modules/terraform-google-modules/network/google/3.3.0

1

git clone https://github.com/terraform-google-modules/terraform-google-network

cd terraform-google-network

git checkout tags/v3.3.0 -b v3.3.0

cd examples/simple_project

2

프로젝트 id 확인하기

gcloud config list --format 'value(core.project)'

3

$ vi main.tf

provider "google" {

  version = "~> 3.45.0"

}

provider "null" {

  version = "~> 2.1"

}

# [START vpc_custom_create]

module "test-vpc-module" {

  source       = "terraform-google-modules/network/google"

  version      = "~> 3.2.0"

  project_id   = var.project_id # Replace this with your project ID in quotes

  network_name = "my-custom-mode-network"

  mtu          = 1460

  subnets = [

    {

      subnet_name   = "subnet-01"

      subnet_ip     = "10.10.10.0/24"

      subnet_region = "us-west1"

    },

    {

      subnet_name           = "subnet-02"

      subnet_ip             = "10.10.20.0/24"

      subnet_region         = "us-west1"

      subnet_private_access = "true"

      subnet_flow_logs      = "true"

    },

    {

      subnet_name               = "subnet-03"

      subnet_ip                 = "10.10.30.0/24"

      subnet_region             = "us-west1"

      subnet_flow_logs          = "true"

      subnet_flow_logs_interval = "INTERVAL_10_MIN"

      subnet_flow_logs_sampling = 0.7

      subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA"

    }

  ]

}

//  설명

network_name = "my-custom-mode-network"

provider  google

locals  3 subnet

module test-vpc-module

<3>  변수 값 입력 

1

project id  확인?

gcloud config list --format 'value(core.project)'

2

variables.tf.

variable "project_id" {

  description = "The project ID to host the network in"

  default     = "seismic-catbird-358207"

}

variable "network_name" {

  description = "The name of the VPC network being created"

  default     = "tts-vpc"

}

<4>  아웃풋 파일

1

output.tf

output "network_name" {

  value       = module.test-vpc-module.network_name

  description = "The name of the VPC being created"

}

output "network_self_link" {

  value       = module.test-vpc-module.network_self_link

  description = "The URI of the VPC being created"

}

output "project_id" {

  value       = module.test-vpc-module.project_id

  description = "VPC project id"

}

output "subnets_names" {

  value       = module.test-vpc-module.subnets_names

  description = "The names of the subnets being created"

}

output "subnets_ips" {

  value       = module.test-vpc-module.subnets_ips

  description = "The IP and cidrs of the subnets being created"

}

output "subnets_regions" {

  value       = module.test-vpc-module.subnets_regions

  description = "The region where subnets will be created"

}

output "subnets_private_access" {

  value       = module.test-vpc-module.subnets_private_access

  description = "Whether the subnets will have access to Google API's without a public IP"

}

output "subnets_flow_logs" {

  value       = module.test-vpc-module.subnets_flow_logs

  description = "Whether the subnets will have VPC flow logs enabled"

}

output "subnets_secondary_ranges" {

  value       = module.test-vpc-module.subnets_secondary_ranges

  description = "The secondary ranges associated with these subnets"

}

output "route_names" {

  value       = module.test-vpc-module.route_names

  description = "The routes associated with this VPC"

}

<5> 만들기

cd ~/terraform-google-network/examples/simple_project

초기화

terraform init

terraform apply

Enter a value: yes

module.test-vpc-module.module.vpc.google_compute_network.network: Creating...

module.test-vpc-module.module.vpc.google_compute_network.network: Still creating... [10s elapsed]

module.test-vpc-module.module.vpc.google_compute_network.network: Creation complete after 12s [id=projects/seismic-catbird-358207/global/networks/my-custom-mode-network]

module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork["us-west1/subnet-01"]: Creating...

Outputs:

network_name = "my-custom-mode-network"

network_self_link = "https://www.googleapis.com/compute/v1/projects/seismic-catbird-358207/global/networks/my-custom-mode-network"

project_id = "seismic-catbird-358207"

route_names = []

subnets_flow_logs = [

  false,

  true,

  true,

]

subnets_ips = [

  "10.10.10.0/24",

  "10.10.20.0/24",

  "10.10.30.0/24",

]

subnets_names = [

  "subnet-01",

  "subnet-02",

  "subnet-03",

]

subnets_private_access = [

  false,

  true,

  false,

]

subnets_regions = [

  "us-west1",

  "us-west1",

  "us-west1",

]

subnets_secondary_ranges = [

  tolist([]),

  tolist([]),

  tolist([]),

]

2

콘솔에서  vpc 확인

3

삭제

terraform destroy

엔터

엔터

yes

디폴트 네트워크만 남는다.

<6>  모듈 만들기

1

정적 웹사이트를 호스팅 하는 데 사용되는  스토리지 버킷을 관리하는 모듈을 생성한다.

모듈을 만들고 루트에서 가져다 쓴다.

루트 파일

main.tf

variables.tf

outputs.tf

terraform.tfstate    ,  terraform.tfstate.backup  파일에 상태가 포함되어 있다.

2

디렉토리 구조?

main.tf

modules --------gcs-static-website-bucket ------- website.tf / output.tf / variable.tf

3

모듈 만들기.

cd ~

touch main.tf

mkdir -p modules/gcs-static-website-bucket

4

cd modules/gcs-static-website-bucket

touch website.tf variables.tf outputs.tf

tee -a README.md <<EOF

 bucket - static website hosting.

EOF

5

website.tf 

resource "google_storage_bucket" "bucket" {

  name               = var.name

  project            = var.project_id

  location           = var.location

  storage_class      = var.storage_class

  labels             = var.labels

  force_destroy      = var.force_destroy

  uniform_bucket_level_access = true

  versioning {

    enabled = var.versioning

  }

  dynamic "retention_policy" {

    for_each = var.retention_policy == null ? [] : [var.retention_policy]

    content {

      is_locked        = var.retention_policy.is_locked

      retention_period = var.retention_policy.retention_period

    }

  }

  dynamic "encryption" {

    for_each = var.encryption == null ? [] : [var.encryption]

    content {

      default_kms_key_name = var.encryption.default_kms_key_name

    }

  }

  dynamic "lifecycle_rule" {

    for_each = var.lifecycle_rules

    content {

      action {

        type          = lifecycle_rule.value.action.type

        storage_class = lookup(lifecycle_rule.value.action, "storage_class", null)

      }

      condition {

        age                   = lookup(lifecycle_rule.value.condition, "age", null)

        created_before        = lookup(lifecycle_rule.value.condition, "created_before", null)

        with_state            = lookup(lifecycle_rule.value.condition, "with_state", null)

        matches_storage_class = lookup(lifecycle_rule.value.condition, "matches_storage_class", null)

        num_newer_versions    = lookup(lifecycle_rule.value.condition, "num_newer_versions", null)

      }

    }

  }

}

6

modules  디렉토리로 이동  variables.tf 에 다음 코드를 추가한다.

variable "name" {

  description = "The name of the bucket."

  type        = string

}

variable "project_id" {

  description = "The ID of the project to create the bucket in."

  type        = string

}

variable "location" {

  description = "The location of the bucket."

  type        = string

}

variable "storage_class" {

  description = "The Storage Class of the new bucket."

  type        = string

  default     = null

}

variable "labels" {

  description = "A set of key/value label pairs to assign to the bucket."

  type        = map(string)

  default     = null

}

variable "bucket_policy_only" {

  description = "Enables Bucket Policy Only access to a bucket."

  type        = bool

  default     = true

}

variable "versioning" {

  description = "While set to true, versioning is fully enabled for this bucket."

  type        = bool

  default     = true

}

variable "force_destroy" {

  description = "When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects."

  type        = bool

  default     = true

}

variable "iam_members" {

  description = "The list of IAM members to grant permissions on the bucket."

  type = list(object({

    role   = string

    member = string

  }))

  default = []

}

variable "retention_policy" {

  description = "Configuration of the bucket's data retention policy for how long objects in the bucket should be retained."

  type = object({

    is_locked        = bool

    retention_period = number

  })

  default = null

}

variable "encryption" {

  description = "A Cloud KMS key that will be used to encrypt objects inserted into this bucket"

  type = object({

    default_kms_key_name = string

  })

  default = null

}

variable "lifecycle_rules" {

  description = "The bucket's Lifecycle Rules configuration."

  type = list(object({

    # Object with keys:

    # - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.

    # - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.

    action = any

    # Object with keys:

    # - age - (Optional) Minimum age of an object in days to satisfy this condition.

    # - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.

    # - with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY".

    # - matches_storage_class - (Optional) Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.

    # - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.

    condition = any

  }))

  default = []

}

7

출력

 output.tf   모듈 내부의 파일에서 모듈을 출력한다.

output "bucket" {

  description = "The created storage bucket"

  value       = google_storage_bucket.bucket

}

8

루트에서

main. tf로 돌아가서 새 모듈에 대한 참조를 추가한다.

module "gcs-static-website-bucket" {

  source = "./modules/gcs-static-website-bucket"

  name       = var.name

  project_id = var.project_id

  location   = "us-east1"

  lifecycle_rules = [{

    action = {

      type = "Delete"

    }

    condition = {

      age        = 365

      with_state = "ANY"

    }

  }]

}

9

루트에서

cd ~

touch outputs.tf

output "bucket-name" {

  description = "Bucket names."

  value       = "module.gcs-static-website-bucket.bucket"

}

10

루트에서

touch variables.tf

variable "project_id" {

  description = "The ID of the project in which to provision resources."

  type        = string

  default     = "FILL IN YOUR PROJECT ID HERE"

}

variable "name" {

  description = "Name of the buckets to create."

  type        = string

  default     = "FILL IN A (UNIQUE) BUCKET NAME HERE"

}

11

terraform init

terraform apply

12

샘플 다운로드 , 업로드

cd ~

curl https://raw.githubusercontent.com/hashicorp/learn-terraform-modules/master/modules/aws-s3-static-website-bucket/www/index.html > index.html

curl https://raw.githubusercontent.com/hashicorp/learn-terraform-modules/blob/master/modules/aws-s3-static-website-bucket/www/error.html > error.html

gsutil cp *.html gs://YOUR-BUCKET-NAME

버킷에 파일 업로드.

정적 웹 사이트를 만들었다.

13

terraform destroy

https://brunch.co.kr/@topasvga/2419

8탄-(몰아보기) GCP 실습 테라폼

감사합니다.