네이버 클라우드에서 테라폼으로 네이버 클라우드 네트워크를 하나씩 생성해보자.
네트워크를 코드로 관리하는 법을 배워보자.
VPC
서브넷
인터넷 게이트웨이
라우팅 테이블
NACL
보안그룹/ASG
NATGW
LB
PPT첨부
아키텍처
https://www.ncloud.com/intro/architecture
1
테라폼으로 네트워크,서버들을 지속적으로 관리한다.
또는
테라폼으로 네트워크를 1회성으로 생성하는 경우가 있다.
2
네이버 클라우드 vpc와 서브넷을 원하는 데로 만들어보자.
테라폼은 네트워크를 수정하면, 삭제하고 새로 생성하니 주의 바란다.
테라폼 사용을 위한 명령서버 1대 만들기
https://brunch.co.kr/@topasvga/3587
1
다운로드
wget https://github.com/NaverCloudPlatform/terraform-provider-ncloud/archive/refs/heads/master.zip
unzip master.zip
2
cd /root/terraform-provider-ncloud-main/examples/vpc/scenario01
root@sssssss scenario01]# ls
1 main.tf terraform.tfstate terraform.tfstate.backup variables.tf versions.tf
3
내용중 네트워크 부분만 남기고 삭제
terraform init
terraform plan
terraform apply -auto-approve
(4분 걸림)
1
[root@sssssss scenario01]# more *.tf
::::::::::::::
main.tf
::::::::::::::
# VPC > User scenario > Scenario 1. Single Public Subnet
# https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html
provider "ncloud" {
support_vpc = true
region = "KR"
access_key = var.access_key
secret_key = var.secret_key
}
resource "ncloud_login_key" "key_scn_01" {
key_name = var.name_scn01
}
resource "ncloud_vpc" "vpc_scn_01" {
name = var.name_vpc
ipv4_cidr_block = "10.0.0.0/16"
}
resource "ncloud_subnet" "subnet_scn_01" {
name = var.name_subnet
vpc_no = ncloud_vpc.vpc_scn_01.id
subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 8, 8)
// 10.0.1.0/24
zone = "KR-2"
network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no
subnet_type = "PUBLIC"
// PUBLIC(Public) | PRIVATE(Private)
}
# name이라는 변수로 만들어줌~~
::::::::::::::
variables.tf
::::::::::::::
variable name_vpc {
default = "game-vpc"
}
variable name_subnet {
default = "pub1-subnet"
}
variable name_scn01 {
default = "seo1"
}
variable client_ip {
default = "210.1.10.10"
}
variable access_key {
default = "NWGYugiGef"
}
variable secret_key {
default = "vouseDp7Il77CsnM5wY7as"
}
::::::::::::::
versions.tf
::::::::::::::
terraform {
required_providers {
ncloud = {
source = "navercloudplatform/ncloud"
}
}
required_version = ">= 0.13"
}
2
terraform plan 으로 미리 만들어질 리소스를 볼수 있음.
[root@sssssss scenario01]# terraform plan
ncloud_vpc.vpc_scn_01: Refreshing state... [id=53740]
ncloud_login_key.key_scn_01: Refreshing state... [id=pub1]
ncloud_subnet.subnet_scn_01: Refreshing state... [id=123158]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# ncloud_login_key.key_scn_01 must be replaced
-/+ resource "ncloud_login_key" "key_scn_01" {
~ fingerprint = "c0:97:e5:59:05:53:7b:fe:c2:77:fb:07:83:1f:a9:8e" -> (known after apply)
~ id = "pub1" -> (known after apply)
~ key_name = "pub1" -> "seo1" # forces replacement
~ private_key = (sensitive value)
}
# ncloud_subnet.subnet_scn_01 must be replaced
-/+ resource "ncloud_subnet" "subnet_scn_01" {
~ id = "123158" -> (known after apply)
~ name = "pub1" -> "pub1-subnet" # forces replacement
~ network_acl_no = "82047" -> (known after apply)
~ subnet_no = "123158" -> (known after apply)
~ usage_type = "GEN" -> (known after apply)
~ vpc_no = "53740" # forces replacement -> (known after apply) # forces replacement
# (3 unchanged attributes hidden)
}
# ncloud_vpc.vpc_scn_01 must be replaced
-/+ resource "ncloud_vpc" "vpc_scn_01" {
~ default_access_control_group_no = "150991" -> (known after apply)
~ default_network_acl_no = "82047" -> (known after apply)
~ default_private_route_table_no = "114084" -> (known after apply)
~ default_public_route_table_no = "114083" -> (known after apply)
~ id = "53740" -> (known after apply)
~ name = "pub1" -> "game-vpc" # forces replacement
~ vpc_no = "53740" -> (known after apply)
# (1 unchanged attribute hidden)
}
Plan: 3 to add, 0 to change, 3 to destroy.
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
3
terraform init
terraform plan
terraform apply -auto-approve
1
서브넷을 추가하기 위해 main.tf에서 서브넷 내용을 분리하자.
subnet.tf 을 만들자
[root@sssssss scenario01]# more subnet.tf
resource "ncloud_subnet" "subnet_scn_01" {
name = var.name_subnet
vpc_no = ncloud_vpc.vpc_scn_01.id
subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 8, 8)
// 10.0.1.0/24
zone = "KR-2"
network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no
subnet_type = "PUBLIC"
// PUBLIC(Public) | PRIVATE(Private)
}
[root@sssssss scenario01]#
https://brunch.co.kr/@topasvga/3599
감사합니다.