brunch

You can make anything
by writing

C.S.Lewis

by Master Seo Aug 13. 2024

NCP 22탄-3. 테라폼-2024-08

테라폼으로 네트워크 만들자.

테라폼으로 네이버 클라우드 쿠버네티스 생성하자.




환경 세팅하고 테라폼 기초부터 시작한다.


<0> 테라폼으로 생성하려는 네트워크 구성도 , 환경 세팅

<1> VPC , Pub1-IP입력

<2> VPC , Pub1, Pri1, pri-db1, pub-nat1, pub-lb1, pri-lb1-IP입력

<3> VPC , Pub1- 변수처리

<4> VPC , Pub1, Pri1, pri-db1, pub-nat1, pub-lb1, pri-lb1- 변수처리

<5> NAT 생성

<6> 쿠버네티스 생성

<7>  게임 1개 올리기





<0> 테라폼으로 생성하려는 네트워크 구성도 , 환경 세팅



PPT 첨부



0



참고

https://brunch.co.kr/@topasvga/3956




1

콘솔로 public subnet에 명령서버 1대 만든다.

https://console.ncloud.com/




2

환경 세팅


아래 참고 해서 명령서버 1대 만든다. (<3> 개발자 명령서버 만들기)


https://brunch.co.kr/@topasvga/3974




3

#  테라폼 소스 다운로드  - 참고한 소스 


cd

wget  https://github.com/NaverCloudPlatform/terraform-provider-ncloud/archive/refs/heads/master.zip

unzip master.zip



cd /root/terraform-provider-ncloud-main/examples







<2> VPC , Pub1-IP입력



우선, 테라폼으로  VPC 1개와  Public 서브넷 1개 만들어보자.



1

VPC 나 서브넷은 이름이 같으면 안 된다.   


예) 

VPC가 같은 이름이면 오류가 난다.

pub1 등 서브넷이 같은 이름이면 오류가 난다.

 "returnMessage": "Cannot create with duplicate VPC name."




2

cd  /root/terraform-provider-ncloud-main/examples/vpc/scenario01




[root@s22222 scenario01]# cd 1



# 파일은 3개 


[root@s22222 1]# ls *.tf

main.tf  variables.tf  versions.tf




# 파일 내용


[root@s22222 1]# more *.tf

::::::::::::::

main.tf

::::::::::::::

# VPC > User scenario > Scenario 1. Single Public Subnet

# https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html

provider "ncloud" {

  support_vpc = true

  region      = "KR"

  access_key  = var.access_key

  secret_key  = var.secret_key

}

resource "ncloud_login_key" "key_scn_01" {

  key_name = var.name_vpc

}

resource "ncloud_vpc" "vpc_vpc" {

  name            = var.name_vpc

  ipv4_cidr_block = "10.0.0.0/21"

}

resource "ncloud_subnet" "subnet_pub1" {

  name           = var.name_pub1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = "10.0.2.0/24"

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PUBLIC"

  // PUBLIC(Public) | PRIVATE(Private)

}

::::::::::::::

variables.tf

::::::::::::::

variable name_vpc {

  default = "agame-dev-vpc"

}

variable name_pub1 {

  default = "agame-dev-pub1"

}

variable client_ip {

  default = "3.3.3.3"

}

variable access_key {

  default = "ncp_iam_BPAMKR5XsAr52VzPluqr"

}

variable secret_key {

  default = "ncp_iam_BPKMKR1DwyNq8NImKqZpe759MRZ3F6aeKD"

}

::::::::::::::

versions.tf

::::::::::::::

terraform {

  required_providers {

    ncloud = {

      source = "navercloudplatform/ncloud"

    }

  }

  required_version = ">= 0.13"

}

[root@s22222 1]#




4

테라폼으로 네이버 클라우드 네트워크를 생성해 보자


아래 3 과정을 거친다.


terraform init

terraform plan

terraform apply -auto-approve



# 삭제는 아래 - 나중에 다 사용하고는 삭제하자.

terraform destroy --auto-approve







<2> VPC , Pub1, Pri1, pri-db1, pub-nat1, pub-lb1, pri-lb1-IP입력



네이버 클라우드 쿠버네티스에 맞는 서브넷을 만들어보자~


https://brunch.co.kr/@topasvga/3956






root@s22222 2]# clear



[root@s22222 2]# ls *. tf

main.tf  variables.tf  versions.tf




[root@s22222 2]# more *. tf

::::::::::::::

main.tf

::::::::::::::

# VPC > User scenario > Scenario 1. Single Public Subnet

# https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html

provider "ncloud" {

  support_vpc = true

  region      = "KR"

  access_key  = var.access_key

  secret_key  = var.secret_key

}

resource "ncloud_login_key" "key_scn_01" {

  key_name = var.name_scn01

}

resource "ncloud_vpc" "vpc_scn_01" {

  name            = var.name_scn01

  ipv4_cidr_block = "10.0.0.0/21"

}

resource "ncloud_subnet" "subnet_pri1" {

  name           = var.name_pri1

  vpc_no         = ncloud_vpc.vpc_scn_01.id

  subnet         = "10.0.0.0/23"

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

  subnet_type    = "PRIVATE"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub1" {

  name           = var.name_pub1

  vpc_no         = ncloud_vpc.vpc_scn_01.id

  subnet         = "10.0.2.0/24"

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

  subnet_type    = "PUBLIC"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pri-db1" {

  name           = var.name_pri-db1

  vpc_no         = ncloud_vpc.vpc_scn_01.id

  subnet         = "10.0.3.0/24"

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

  subnet_type    = "PRIVATE"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub-nat1" {

  name           = var.name_pub-nat1

  vpc_no         = ncloud_vpc.vpc_scn_01.id

  subnet         = "10.0.4.0/24"

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

  subnet_type    = "PUBLIC"

  usage_type    = "NATGW"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub-lb1" {

  name           = var.name_pub-lb1

  vpc_no         = ncloud_vpc.vpc_scn_01.id

  subnet         = "10.0.5.0/24"

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

  subnet_type    = "PUBLIC"

  usage_type    = "LOADB"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pri-lb1" {

  name           = var.name_pri-lb1

  vpc_no         = ncloud_vpc.vpc_scn_01.id

  subnet         = "10.0.6.0/24"

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

  subnet_type    = "PRIVATE"

  // PUBLIC(Public) | PRIVATE(Private)

  usage_type    = "LOADB"

}

::::::::::::::

variables.tf

::::::::::::::

variable name_scn01 {

  default = "agame-dev-vpc"

}

variable name_pri1 {

  default = "agame-dev-pri1"

}

variable name_pub1 {

  default = "agame-dev-pub1"

}

variable name_pri-db1 {

  default = "agame-dev-pri-db1"

}

variable name_pub-nat1 {

  default = "agame-dev-pub-nat1"

}

variable name_pub-lb1 {

  default = "agame-dev-pub-lb1"

}

variable name_pri-lb1 {

  default = "agame-dev-pri-lb1"

}

variable client_ip {

  default = "3.3.3.3"

}

variable access_key {

  default = "ncp_iam_BPAMKR5XsAr52VzPluqr"

}

variable secret_key {

  default = "ncp_iam_BPKMKR1DwyNq8NImKqZpe759MRZ3F6aeKD"

}

::::::::::::::

versions.tf

::::::::::::::

terraform {

  required_providers {

    ncloud = {

      source = "navercloudplatform/ncloud"

    }

  }

  required_version = ">= 0.13"

}

[root@s22222 2]#







<3> VPC , Pub1- 변수처리



이번엔 vpc와 퍼블릭 서브넷 1개를 변수처리해 만들어보자.

매번 ip를 넣기 보다, 변수로  처리하면 실수를 줄일수 있다.



1

cd  /root/terraform-provider-ncloud-main/examples/vpc/scenario01





2

[root@s22222 scenario01]# cd 3


[root@s22222 3]# ls *.tf

main.tf  variables.tf  versions.tf




3

변수 처리하는데 서브넷 계산법을 알아야 한다.


cidrsubnet(prefix, newbits, netnum) 계산법?


cidrsubnet(prefix, newbits, netnum)

prefix ending in /16 and a newbits value of 4, the resulting subnet address will have length /20.



1)

 ipv4_cidr_block = "10.0.0.0/16"

 subnet         = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 8, 1)


/16에 8을 더해 24비트로 결과가 나온다.

1로 시작한다.

10.0.1.0/24 


16+8 = 24

1로 시작



2)

/21


21 3 2


21+3 = 24

2로 시작


10.0.2.0 /24 로 만들어짐





4

[root@s22222 3]# more *.tf

::::::::::::::

main.tf

::::::::::::::

# VPC > User scenario > Scenario 1. Single Public Subnet

# https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html

provider "ncloud" {

  support_vpc = true

  region      = "KR"

  access_key  = var.access_key

  secret_key  = var.secret_key

}

resource "ncloud_login_key" "key_scn_01" {

  key_name = var.name_vpc

}

resource "ncloud_vpc" "vpc_vpc" {

  name            = var.name_vpc

  ipv4_cidr_block = "10.0.0.0/21"

}

resource "ncloud_subnet" "subnet_pub1" {

  name           = var.name_pub1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 2)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PUBLIC"

  // PUBLIC(Public) | PRIVATE(Private)

}

::::::::::::::

variables.tf

::::::::::::::

variable name_vpc {

  default = "agame-dev-vpc"

}

variable name_pub1 {

  default = "agame-dev-pub1"

}

variable client_ip {

  default = "3.3.3.3"

}

variable access_key {

  default = "ncp_iam_BPAMKR5XsAr52VzPluqr"

}

variable secret_key {

  default = "ncp_iam_BPKMKR1DwyNq8NImKqZpe759MRZ3F6aeKD"

}

::::::::::::::

versions.tf

::::::::::::::

terraform {

  required_providers {

    ncloud = {

      source = "navercloudplatform/ncloud"

    }

  }

  required_version = ">= 0.13"

}

[root@s22222 3]#






<4> VPC , Pub1, Pri1, pri-db1,pub-nat1,pub-lb1,pri-lb1- 변수처리



변수처리로 서브넷 등을 만들어보자.



cd  /root/terraform-provider-ncloud-main/examples/vpc/scenario01





[root@s22222 4]# ls *.tf

main.tf  variables.tf  versions.tf




[root@s22222 4]# more *.tf

::::::::::::::

main.tf

::::::::::::::

# VPC > User scenario > Scenario 1. Single Public Subnet

# https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html

provider "ncloud" {

  support_vpc = true

  region      = "KR"

  access_key  = var.access_key

  secret_key  = var.secret_key

}

resource "ncloud_login_key" "key_vpc" {

  key_name = var.name_vpc

}

resource "ncloud_vpc" "vpc_vpc" {

  name            = var.name_vpc

  ipv4_cidr_block = "10.0.0.0/21"

}

resource "ncloud_subnet" "subnet_pri1" {

  name           = var.name_pri1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,2 ,0 )

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PRIVATE"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub1" {

  name           = var.name_pub1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 2)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PUBLIC"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pri-db1" {

  name           = var.name_pri-db1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 3)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PRIVATE"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub-nat1" {

  name           = var.name_pub-nat1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 4)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PUBLIC"

  usage_type    = "NATGW"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub-lb1" {

  name           = var.name_pub-lb1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 5)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PUBLIC"

  usage_type    = "LOADB"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pri-lb1" {

  name           = var.name_pri-lb1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 6)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PRIVATE"

  // PUBLIC(Public) | PRIVATE(Private)

  usage_type    = "LOADB"

}

::::::::::::::

variables.tf

::::::::::::::

variable name_vpc {

  default = "agame-dev-vpc"

}

variable name_pri1 {

  default = "agame-dev-pri1"

}

variable name_pub1 {

  default = "agame-dev-pub1"

}

variable name_pri-db1 {

  default = "agame-dev-pri-db1"

}

variable name_pub-nat1 {

  default = "agame-dev-pub-nat1"

}

variable name_pub-lb1 {

  default = "agame-dev-pub-lb1"

}

variable name_pri-lb1 {

  default = "agame-dev-pri-lb1"

}

variable client_ip {

  default = "3.3.3.3"

}

variable access_key {

  default = "ncp_iam_BPAMKR5XsAr52VzPluqr"

}

variable secret_key {

  default = "ncp_iam_BPKMKR1DwyNq8NImKqZpe759MRZ3F6aeKD"

}

::::::::::::::

versions.tf

::::::::::::::

terraform {

  required_providers {

    ncloud = {

      source = "navercloudplatform/ncloud"

    }

  }

  required_version = ">= 0.13"

}

[root@s22222 4]#






<5> NAT 생성



[root@s22222 5]# ls *.tf

main.tf  nat1.tf  variables.tf  versions.tf




[root@s22222 5]#

[root@s22222 5]#

[root@s22222 5]# more *.tf

::::::::::::::

main.tf

::::::::::::::

# VPC > User scenario > Scenario 1. Single Public Subnet

# https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html

provider "ncloud" {

  support_vpc = true

  region      = "KR"

  access_key  = var.access_key

  secret_key  = var.secret_key

}

resource "ncloud_login_key" "key_vpc" {

  key_name = var.name_vpc

}

resource "ncloud_vpc" "vpc_vpc" {

  name            = var.name_vpc

  ipv4_cidr_block = "10.0.0.0/21"

}

resource "ncloud_subnet" "subnet_pri1" {

  name           = var.name_pri1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,2 ,0 )

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PRIVATE"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub1" {

  name           = var.name_pub1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 2)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PUBLIC"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pri-db1" {

  name           = var.name_pri-db1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 3)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PRIVATE"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub-nat1" {

  name           = var.name_pub-nat1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 4)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PUBLIC"

  usage_type    = "NATGW"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub-lb1" {

  name           = var.name_pub-lb1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 5)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PUBLIC"

  usage_type    = "LOADB"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pri-lb1" {

  name           = var.name_pri-lb1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 6)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PRIVATE"

  // PUBLIC(Public) | PRIVATE(Private)

  usage_type    = "LOADB"

}

::::::::::::::

nat1.tf

::::::::::::::

# NAT Gateway

resource "ncloud_nat_gateway" "nat_gateway_scn_02" {

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet_no = ncloud_subnet.subnet_pub-nat1.id

  zone      = "KR-1"

  name      = var.name_pub-nat1

}

# Route Table

resource "ncloud_route" "route_scn_02_nat" {

  route_table_no         = ncloud_vpc.vpc_vpc.default_private_route_table_no

  destination_cidr_block = "0.0.0.0/0"

  target_type            = "NATGW"

  // NATGW (NAT Gateway) | VPCPEERING (VPC Peering) | VGW (Virtual Private Gateway).

  target_name            = ncloud_nat_gateway.nat_gateway_scn_02.name

  target_no              = ncloud_nat_gateway.nat_gateway_scn_02.id

}

::::::::::::::

variables.tf

::::::::::::::

variable name_vpc {

  default = "agame-dev-vpc"

}

variable name_pri1 {

  default = "agame-dev-pri1"

}

variable name_pub1 {

  default = "agame-dev-pub1"

}

variable name_pri-db1 {

  default = "agame-dev-pri-db1"

}

variable name_pub-nat1 {

  default = "agame-dev-pub-nat1"

}

variable name_pub-lb1 {

  default = "agame-dev-pub-lb1"

}

variable name_pri-lb1 {

  default = "agame-dev-pri-lb1"

}

variable client_ip {

  default = "3.3.3.3"

}

variable access_key {

  default = "ncp_iam_BPAMKR5XsAr52VzPluqr"

}

variable secret_key {

  default = "ncp_iam_BPKMKR1DwyNq8NImKqZpe759MRZ3F6aeKD"

}

variable nks_version {

  default = "1.28"

}

variable name_scn_02 {

  default = "tf-scn02"

}

::::::::::::::

versions.tf

::::::::::::::

terraform {

  required_providers {

    ncloud = {

      source = "navercloudplatform/ncloud"

    }

  }

  required_version = ">= 0.13"

}

[root@s22222 5]#






<6> 쿠버네티스 생성



1

명령서버에 로그인하기



2


[root@s22222 6]# ls *.tf

main.tf  

nat1.tf  

nks.tf  

variables.tf  

versions.tf





[root@s22222 6]# more *.tf

::::::::::::::

main.tf

::::::::::::::

# VPC > User scenario > Scenario 1. Single Public Subnet

# https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html

provider "ncloud" {

  support_vpc = true

  region      = "KR"

  access_key  = var.access_key

  secret_key  = var.secret_key

}

resource "ncloud_login_key" "key_vpc" {

  key_name = var.name_vpc

}

resource "ncloud_vpc" "vpc_vpc" {

  name            = var.name_vpc

  ipv4_cidr_block = "10.0.0.0/21"

}

resource "ncloud_subnet" "subnet_pri1" {

  name           = var.name_pri1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,2 ,0 )

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PRIVATE"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub1" {

  name           = var.name_pub1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 2)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PUBLIC"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pri-db1" {

  name           = var.name_pri-db1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 3)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PRIVATE"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub-nat1" {

  name           = var.name_pub-nat1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 4)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PUBLIC"

  usage_type    = "NATGW"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub-lb1" {

  name           = var.name_pub-lb1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 5)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PUBLIC"

  usage_type    = "LOADB"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pri-lb1" {

  name           = var.name_pri-lb1

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 6)

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

  subnet_type    = "PRIVATE"

  // PUBLIC(Public) | PRIVATE(Private)

  usage_type    = "LOADB"

}

::::::::::::::

nat1.tf

::::::::::::::

# NAT Gateway

resource "ncloud_nat_gateway" "nat_gateway_scn_02" {

  vpc_no         = ncloud_vpc.vpc_vpc.id

  subnet_no = ncloud_subnet.subnet_pub-nat1.id

  zone      = "KR-1"

  name      = var.name_pub-nat1

}

# Route Table

resource "ncloud_route" "route_scn_02_nat" {

  route_table_no         = ncloud_vpc.vpc_vpc.default_private_route_table_no

  destination_cidr_block = "0.0.0.0/0"

  target_type            = "NATGW"

  // NATGW (NAT Gateway) | VPCPEERING (VPC Peering) | VGW (Virtual Private Gateway).

  target_name            = ncloud_nat_gateway.nat_gateway_scn_02.name

  target_no              = ncloud_nat_gateway.nat_gateway_scn_02.id

}

::::::::::::::

nks.tf

::::::::::::::

resource "ncloud_nks_cluster" "cluster" {

  cluster_type                = "SVR.VNKS.STAND.C002.M008.NET.SSD.B050.G002"

  k8s_version                 = data.ncloud_nks_versions.version.versions.0.value

  login_key_name              = ncloud_login_key.loginkey.key_name

  name                        = "sample-cluster"

  lb_private_subnet_no        = ncloud_subnet.subnet_pri-lb1.id

  lb_public_subnet_no        = ncloud_subnet.subnet_pub-lb1.id

  kube_network_plugin         = "cilium"

  subnet_no_list              = [ ncloud_subnet.subnet_pri1.id ]

  vpc_no                      = ncloud_vpc.vpc_vpc.id

  zone                        = "KR-1"

  log {

    audit = true

  }

}

data "ncloud_nks_server_images" "image"{

  hypervisor_code = "XEN"

  filter {

    name = "label"

    values = ["ubuntu-20.04"]

    regex = true

  }

}

data "ncloud_nks_server_products" "nks_products"{

  software_code = data.ncloud_nks_server_images.image.images[0].value

  zone = "KR-1"

  filter {

    name = "product_type"

    values = [ "STAND"]

  }

  filter {

    name = "cpu_count"

    values = [ "2"]

  }

  filter {

    name = "memory_size"

    values = [ "8GB" ]

  }

}

resource "ncloud_nks_node_pool" "node_pool" {

  cluster_uuid = ncloud_nks_cluster.cluster.uuid

  node_pool_name = "pool1"

  node_count     = 1

  software_code  = data.ncloud_nks_server_images.image.images[0].value

  product_code   = data.ncloud_nks_server_products.nks_products.products[0].value

  subnet_no_list = [ncloud_subnet.subnet_pri1.id]

  autoscale {

    enabled = true

    min = 1

    max = 2

  }

}

data "ncloud_nks_versions" "version" {

  filter {

    name = "value"

    values = [var.nks_version]

    regex = true

  }

}

resource "ncloud_login_key" "loginkey" {

  key_name = var.login_key

}

::::::::::::::

variables.tf

::::::::::::::

variable name_vpc {

  default = "agame-dev-vpc"

}

variable name_pri1 {

  default = "agame-dev-pri1"

}

variable name_pub1 {

  default = "agame-dev-pub1"

}

variable name_pri-db1 {

  default = "agame-dev-pri-db1"

}

variable name_pub-nat1 {

  default = "agame-dev-pub-nat1"

}

variable name_pub-lb1 {

  default = "agame-dev-pub-lb1"

}

variable name_pri-lb1 {

  default = "agame-dev-pri-lb1"

}

variable client_ip {

  default = "3.3.3.3"

}

variable access_key {

  default = "ncp_iam_BPAMKR5XsAr52VzPluqr"

}

variable secret_key {

  default = "ncp_iam_BPKMKR1DwyNq8NImKqZpe759MRZ3F6aeKD"

}

variable nks_version {

  default = "1.28"

}

variable name_scn_02 {

  default = "tf-scn02"

}

variable login_key {

  default = "agame-k8s12"

}

::::::::::::::

versions.tf

::::::::::::::

terraform {

  required_providers {

    ncloud = {

      source = "navercloudplatform/ncloud"

    }

  }

  required_version = ">= 0.13"

}

[root@s22222 6]#




3

cd  /root/terraform-provider-ncloud-main/examples/vpc/scenario01

cd /root/terraform-provider-ncloud-main/examples/vpc/scenario01/6


terraform init

terraform plan

terraform apply -auto-approve





35분 걸림



ncloud_nks_cluster.cluster: Still creating... [16m0s elapsed]

ncloud_nks_cluster.cluster: Creation complete after 16m6s [id=de045da1-80df-4604-bcb1-aa7a378a5b34]

ncloud_nks_node_pool.node_pool: Creating...

ncloud_nks_node_pool.node_pool: Still creating... [10s elapsed]

ncloud_nks_node_pool.node_pool: Still creating... [20s elapsed]

ncloud_nks_node_pool.node_pool: Still creating... [30s elapsed]

:

ncloud_nks_node_pool.node_pool: Still creating... [18m10s elapsed]

ncloud_nks_node_pool.node_pool: Still creating... [18m20s elapsed]

ncloud_nks_node_pool.node_pool: Still creating... [18m30s elapsed]

ncloud_nks_node_pool.node_pool: Still creating... [18m40s elapsed]

ncloud_nks_node_pool.node_pool: Still creating... [18m50s elapsed]

ncloud_nks_node_pool.node_pool: Still creating... [19m0s elapsed]

ncloud_nks_node_pool.node_pool: Creation complete after 19m4s [id=de045da1-80df-4604-bcb1-aa7a378a5b34:pool1]

Apply complete! Resources: 13 added, 0 changed, 0 destroyed.

[root@s22222 6]#


4



5

nks에서 uuid 확인하기



6

iam 인증 하기


cd


ncp-iam-authenticator create-kubeconfig --region KR --clusterUuid   b01xxxxxxxxxx --output kubeconfig.yaml


ncp-iam-authenticator create-kubeconfig --region KR --clusterUuid   de045da1-80df-4604-bcb1-aa7a378a5b34 --output kubeconfig.yaml



7

터미널 하나 더에서 모니터링하기


kw





<7>  게임 1개 올리기




1


cat <<EOF | k create -f -

apiVersion: apps/v1

kind: Deployment

metadata:

  name: deployment-2048

spec:

  selector:

    matchLabels:

      app.kubernetes.io/name: app-2048

  replicas: 2

  template:

    metadata:

      labels:

        app.kubernetes.io/name: app-2048

    spec:

      containers:

      - image: alexwhen/docker-2048

        name: app-2048

        ports:

        - containerPort: 80

EOF


k expose deployment deployment-2048 --port=80 --type=LoadBalancer





2

게임하기









3


NKS 생성 완료



node pool

2개

woker node


terraform destroy --auto-approve






4

참고


cd

wget  https://github.com/NaverCloudPlatform/terraform-provider-ncloud/archive/refs/heads/master.zip

unzip master.zip




만들어진 NACL







다음 - FAQ , 질문 답변


https://brunch.co.kr/@topasvga/3948




모음 


https://brunch.co.kr/@topasvga/3982




감사합니다.





브런치는 최신 브라우저에 최적화 되어있습니다. IE chrome safari