brunch

You can make anything
by writing

C.S.Lewis

by Master Seo Jan 04. 2024

16탄-2.테라폼-네이버 클라우드 쿠버네티스 네트워크1

테라폼으로 네트워크 VPC 만들어보자.


<1> VPC 1, Pub1 Subnet 1, 기초 VPC와 서버 1대 만들어보자. - 시나리오1

<2> 시나리오1에서 네트워크 구성만 할거라 서버 부분은  삭제하자




<1> VPC 1, Pub1 Subnet 1, 서버 1대 만들어보자. - 시나리오1


1

다운로드


cd


wget  https://github.com/NaverCloudPlatform/terraform-provider-ncloud/archive/refs/heads/master.zip

unzip master.zip



cd /root/terraform-provider-ncloud-main/examples/vpc/scenario01




# ls

main.tf  variables.tf  versions.tf

파일 3개

메인, 변수, 버전



2

포털 > 마이페이지 > 계정 관리 > 인증키 관리에서 키 확인에서  

access_key와 secret_key를 확인해 복사해 놓는다.



3

테라폼 파일 내용 확인





첫번째 파일 ~~~~~~~~


more main.tf


# VPC > User scenario > Scenario 1. Single Public Subnet

# https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html

provider "ncloud" {

  support_vpc = true

  region      = "KR"

  access_key  = var.access_key

  secret_key  = var.secret_key

}

resource "ncloud_login_key" "key_scn_01" {

  key_name = var.name_scn01

}

resource "ncloud_vpc" "vpc_scn_01" {

  name            = var.name_scn01

  ipv4_cidr_block = "10.0.0.0/16"

}

resource "ncloud_subnet" "subnet_scn_01" {

  name           = var.name_scn01

  vpc_no         = ncloud_vpc.vpc_scn_01.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 8, 1)

  // 10.0.1.0/24

  zone           = "KR-2"

  network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

  subnet_type    = "PUBLIC"

  // PUBLIC(Public) | PRIVATE(Private)

}







실행

terraform init

terraform plan

terraform apply -auto-approve



4

변수 파일~~~~

값을 넣어야 한다!!!!


more variables.tf


variable name_scn01 {

  default = "tf-scn01"

}

variable client_ip {

  default = "YOUR_CLIENT_IP"

}

variable access_key {

  default = "YOUR_ACCESS_KEY"

}

variable secret_key {

  default = "YOUR_SECRET_KEY"

}




curl ifconfig.me




5

결과 - 콘솔에서 확인하자.


VPC

tf-scn011

10.0.0.0/16


Subnet

tf-scan01

10.0.1.0/24


서버이름

tf-scn01

10.0.1.6 

공인ip








<2> 시나리오1에서 네트워크 구성만 할거라 서버 부분은  삭제하자


1

[root@sssssss scenario01]# ls

main.tf  variables.tf  versions.tf



[root@sssssss scenario01]# more *.tf



::::::::::::::

main.tf

::::::::::::::

# VPC > User scenario > Scenario 1. Single Public Subnet

# https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html


provider "ncloud" {

  support_vpc = true

  region      = "KR"

  access_key  = var.access_key

  secret_key  = var.secret_key

}


resource "ncloud_login_key" "key_scn_01" {

  key_name = var.name_scn01

}


resource "ncloud_vpc" "vpc_scn_01" {

  name            = var.name_scn01

  ipv4_cidr_block = "10.0.0.0/16"

}


resource "ncloud_subnet" "subnet_scn_01" {

  name           = var.name_scn01

  vpc_no         = ncloud_vpc.vpc_scn_01.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 8, 1)

  // 10.0.1.0/24

  zone           = "KR-2"

  network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

  subnet_type    = "PUBLIC"

  // PUBLIC(Public) | PRIVATE(Private)

}


resource "ncloud_server" "server_scn_01" {

  subnet_no                 = ncloud_subnet.subnet_scn_01.id

  name                      = var.name_scn01

  server_image_product_code = "SW.VSVR.OS.LNX64.CNTOS.0703.B050"

  login_key_name            = ncloud_login_key.key_scn_01.key_name

}


resource "ncloud_public_ip" "public_ip_scn_01" {

  server_instance_no = ncloud_server.server_scn_01.id

  description        = "for ${var.name_scn01}"

}


locals {

  scn01_inbound = [

    [1, "TCP", "0.0.0.0/0", "80", "ALLOW"],

    [2, "TCP", "0.0.0.0/0", "443", "ALLOW"],

    [3, "TCP", "${var.client_ip}/32", "22", "ALLOW"],

    [4, "TCP", "${var.client_ip}/32", "3389", "ALLOW"],

    [5, "TCP", "0.0.0.0/0", "32768-65535", "ALLOW"],

    [197, "TCP", "0.0.0.0/0", "1-65535", "DROP"],

    [198, "UDP", "0.0.0.0/0", "1-65535", "DROP"],

    [199, "ICMP", "0.0.0.0/0", null, "DROP"],

  ]


  scn01_outbound = [

    [1, "TCP", "0.0.0.0/0", "80", "ALLOW"],

    [2, "TCP", "0.0.0.0/0", "443", "ALLOW"],

    [3, "TCP", "${var.client_ip}/32", "1000-65535", "ALLOW"],

    [197, "TCP", "0.0.0.0/0", "1-65535", "DROP"],

    [198, "UDP", "0.0.0.0/0", "1-65535", "DROP"],

    [199, "ICMP", "0.0.0.0/0", null, "DROP"]

  ]

}


resource "ncloud_network_acl_rule" "network_acl_01_rule" {

  network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

  dynamic "inbound" {

    for_each = local.scn01_inbound

    content {

      priority    = inbound.value[0]

      protocol    = inbound.value[1]

      ip_block    = inbound.value[2]

      port_range  = inbound.value[3]

      rule_action = inbound.value[4]

      description = "for ${var.name_scn01}"

    }

  }


  dynamic "outbound" {

    for_each = local.scn01_outbound

    content {

      priority    = outbound.value[0]

      protocol    = outbound.value[1]

      ip_block    = outbound.value[2]

      port_range  = outbound.value[3]

      rule_action = outbound.value[4]

      description = "for ${var.name_scn01}"

    }

  }

}



::::::::::::::

variables.tf

::::::::::::::


variable name_scn01 {

  #default = "tf-scn01"

  default = "pub1"

}



variable client_ip {

  default = "YOUR_CLIENT_IP"

}

variable access_key {

  default = "YOUR_ACCESS_KEY"

}

variable secret_key {

  default = "YOUR_SECRET_KEY"

}



::::::::::::::

versions.tf

::::::::::::::


terraform {

  required_providers {

    ncloud = {

      source = "navercloudplatform/ncloud"

    }

  }

  required_version = ">= 0.13"

}




# IP 확인

curl ifconfig.io



vi  variables.tf

내 서버 ip입력

access키 입력

secret키 입력



#

terraform init

terraform plan

terraform apply -auto-approve


(4분 걸림)

ncloud_server.server_scn_01: Still creating... [3m50s elapsed]

ncloud_server.server_scn_01: Creation complete after 3m57s [id=21859983]

ncloud_public_ip.public_ip_scn_01: Creating...

ncloud_public_ip.public_ip_scn_01: Creation complete after 2s [id=21860051]

Apply complete! Resources: 6 added, 0 changed, 0 destroyed.






2

terraform destroy --auto-approve





3

vi main.tf

서버 부분 삭제

public ip 부분 삭제



terraform apply -auto-approve



(1분)

ncloud_server.server_scn_01: Still destroying... [id=21859983, 1m0s elapsed]


서버 반납중



4

참고 :

plan에서 보면 뭐가 생기는지 미리 알수 있다.


terraform plan


  # ncloud_login_key.key_scn_01 will be created

  + resource "ncloud_login_key" "key_scn_01" {

      + fingerprint = (known after apply)

      + id          = (known after apply)

      + key_name    = "pub1"

      + private_key = (sensitive value)

    }

  # ncloud_subnet.subnet_scn_01 will be created

  + resource "ncloud_subnet" "subnet_scn_01" {

      + id             = (known after apply)

      + name           = "pub1"

      + network_acl_no = (known after apply)

      + subnet         = "10.0.8.0/24"

      + subnet_no      = (known after apply)

      + subnet_type    = "PUBLIC"

      + usage_type     = (known after apply)

      + vpc_no         = (known after apply)

      + zone           = "KR-2"

    }

  # ncloud_vpc.vpc_scn_01 will be created

  + resource "ncloud_vpc" "vpc_scn_01" {

      + default_access_control_group_no = (known after apply)

      + default_network_acl_no          = (known after apply)

      + default_private_route_table_no  = (known after apply)

      + default_public_route_table_no   = (known after apply)

      + id                              = (known after apply)

      + ipv4_cidr_block                 = "10.0.0.0/16"

      + name                            = "pub1"

      + vpc_no                          = (known after apply)

    }





5

삭제

terraform destroy --auto-approve






다음

https://brunch.co.kr/@topasvga/3595


감사합니다.

브런치는 최신 브라우저에 최적화 되어있습니다. IE chrome safari