16탄-2.테라폼-네이버 클라우드 쿠버네티스 네트워크1
네트워크 VPC 만들어보자.
<1> 기초 VPC와 서버 1대 만들어보자.
<2> 네트워크 구성만 할거라 서버 부분은 삭제하자
<3> 시나리오2
<1> 기초 VPC와 서버 1대 만들어보자.
1
다운로드
wget https://github.com/NaverCloudPlatform/terraform-provider-ncloud/archive/refs/heads/master.zip
unzip master.zip
cd /root/terraform-provider-ncloud-main/examples/vpc/scenario01
# ls
main.tf variables.tf versions.tf
2
포털 > 마이페이지 > 계정 관리 > 인증키 관리에서 키 확인에서
access_key와 secret_key를 확인해 복사해 놓는다.
3
테라폼 파일 내용 확인
# ls
main.tf variables.tf versions.tf
[root@sssssss scenario01]# cd /root/terraform-provider-ncloud-main/examples/vpc/scenario01
[root@sssssss scenario01]# ls
main.tf variables.tf versions.tf
실행
terraform init
terraform plan
terraform apply -auto-approve
결과
VPC
pub1
10.0.0.0/16
Subnet
pub1
10.0.1.0/24
서버이름
tf-scn01
10.0.1.6 , 공인ip
<2> 네트워크 구성만 할거라 서버 부분은 삭제하자
0
[root@sssssss scenario01]# ls
main.tf variables.tf versions.tf
[root@sssssss scenario01]# more *.tf
::::::::::::::
main.tf
::::::::::::::
# VPC > User scenario > Scenario 1. Single Public Subnet
# https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html
provider "ncloud" {
support_vpc = true
region = "KR"
access_key = var.access_key
secret_key = var.secret_key
}
resource "ncloud_login_key" "key_scn_01" {
key_name = var.name_scn01
}
resource "ncloud_vpc" "vpc_scn_01" {
name = var.name_scn01
ipv4_cidr_block = "10.0.0.0/16"
}
resource "ncloud_subnet" "subnet_scn_01" {
name = var.name_scn01
vpc_no = ncloud_vpc.vpc_scn_01.id
subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 8, 1)
// 10.0.1.0/24
zone = "KR-2"
network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no
subnet_type = "PUBLIC"
// PUBLIC(Public) | PRIVATE(Private)
}
resource "ncloud_server" "server_scn_01" {
subnet_no = ncloud_subnet.subnet_scn_01.id
name = var.name_scn01
server_image_product_code = "SW.VSVR.OS.LNX64.CNTOS.0703.B050"
login_key_name = ncloud_login_key.key_scn_01.key_name
}
resource "ncloud_public_ip" "public_ip_scn_01" {
server_instance_no = ncloud_server.server_scn_01.id
description = "for ${var.name_scn01}"
}
locals {
scn01_inbound = [
[1, "TCP", "0.0.0.0/0", "80", "ALLOW"],
[2, "TCP", "0.0.0.0/0", "443", "ALLOW"],
[3, "TCP", "${var.client_ip}/32", "22", "ALLOW"],
[4, "TCP", "${var.client_ip}/32", "3389", "ALLOW"],
[5, "TCP", "0.0.0.0/0", "32768-65535", "ALLOW"],
[197, "TCP", "0.0.0.0/0", "1-65535", "DROP"],
[198, "UDP", "0.0.0.0/0", "1-65535", "DROP"],
[199, "ICMP", "0.0.0.0/0", null, "DROP"],
]
scn01_outbound = [
[1, "TCP", "0.0.0.0/0", "80", "ALLOW"],
[2, "TCP", "0.0.0.0/0", "443", "ALLOW"],
[3, "TCP", "${var.client_ip}/32", "1000-65535", "ALLOW"],
[197, "TCP", "0.0.0.0/0", "1-65535", "DROP"],
[198, "UDP", "0.0.0.0/0", "1-65535", "DROP"],
[199, "ICMP", "0.0.0.0/0", null, "DROP"]
]
}
resource "ncloud_network_acl_rule" "network_acl_01_rule" {
network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no
dynamic "inbound" {
for_each = local.scn01_inbound
content {
priority = inbound.value[0]
protocol = inbound.value[1]
ip_block = inbound.value[2]
port_range = inbound.value[3]
rule_action = inbound.value[4]
description = "for ${var.name_scn01}"
}
}
dynamic "outbound" {
for_each = local.scn01_outbound
content {
priority = outbound.value[0]
protocol = outbound.value[1]
ip_block = outbound.value[2]
port_range = outbound.value[3]
rule_action = outbound.value[4]
description = "for ${var.name_scn01}"
}
}
}
::::::::::::::
variables.tf
::::::::::::::
variable name_scn01 {
#default = "tf-scn01"
default = "pub1"
}
variable client_ip {
default = "YOUR_CLIENT_IP"
}
variable access_key {
default = "YOUR_ACCESS_KEY"
}
variable secret_key {
default = "YOUR_SECRET_KEY"
}
::::::::::::::
versions.tf
::::::::::::::
terraform {
required_providers {
ncloud = {
source = "navercloudplatform/ncloud"
}
}
required_version = ">= 0.13"
}
# IP 확인
curl ifconfig.io
vi variables.tf
내 서버 ip입력
access키 입력
secret키 입력
#
terraform init
terraform plan
terraform apply -auto-approve
(4분 걸림)
ncloud_server.server_scn_01: Still creating... [3m50s elapsed]
ncloud_server.server_scn_01: Creation complete after 3m57s [id=21859983]
ncloud_public_ip.public_ip_scn_01: Creating...
ncloud_public_ip.public_ip_scn_01: Creation complete after 2s [id=21860051]
Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
1
vi main.tf
서버 부분 삭제
public ip 부분 삭제
terraform apply -auto-approve
(1분)
ncloud_server.server_scn_01: Still destroying... [id=21859983, 1m0s elapsed]
서버 반납중
2
참고 :
plan에서 보면 뭐가 생기는지 미리 알수 있다.
terraform plan
# ncloud_login_key.key_scn_01 will be created
+ resource "ncloud_login_key" "key_scn_01" {
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "pub1"
+ private_key = (sensitive value)
}
# ncloud_subnet.subnet_scn_01 will be created
+ resource "ncloud_subnet" "subnet_scn_01" {
+ id = (known after apply)
+ name = "pub1"
+ network_acl_no = (known after apply)
+ subnet = "10.0.8.0/24"
+ subnet_no = (known after apply)
+ subnet_type = "PUBLIC"
+ usage_type = (known after apply)
+ vpc_no = (known after apply)
+ zone = "KR-2"
}
# ncloud_vpc.vpc_scn_01 will be created
+ resource "ncloud_vpc" "vpc_scn_01" {
+ default_access_control_group_no = (known after apply)
+ default_network_acl_no = (known after apply)
+ default_private_route_table_no = (known after apply)
+ default_public_route_table_no = (known after apply)
+ id = (known after apply)
+ ipv4_cidr_block = "10.0.0.0/16"
+ name = "pub1"
+ vpc_no = (known after apply)
}
3
삭제
terraform destroy --auto-approve
다음
https://brunch.co.kr/@topasvga/3595
