3. 테라폼-네이버 클라우드-실무 네트워크 생성

terraform destroy -auto-approve

<1> pri1 subnet 추가 =10.0.0.0/23

<2> pub lb , pri lb 추가 , vpc 10.0.0.0/20

<3> DB 라우팅 분리-새파일로-nks.tf 삭제-AZ1 네트워크 빠르게 구축하기

<1> pri1 subnet 추가 =10.0.0.0/23

cd /root/terraform-provider-ncloud-main/examples/vpc/scenario01

2

ipv4_cidr_block = "10.0.0.0/16"

subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 8, 1)

/16에 + 8 = /24

10.0.1.0/24 이다.

3

vi main.tf

ipv4_cidr_block = "10.0.0.0/16"

10.0.2.0/24 public

10.0.0.0/23 private

subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 8, 2)

/16에 + 8 = /24

10.0.2.0/24 이다.

C-Class 1개 /24는 8

뒷자리는 시작 블럭

C-Class 2개 /23는 7

뒷자리는 시작 블럭 0 부터 시작

10.0.0.0/23

subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 7, 0)

/16에 + 7 = /23

10 yy

p

4

vi variables.tf

변수 파일

4yy

[root@quick1 scenario01]# more variables.tf

variable pub1 {

default = "pub1"

}

variable pri1 {

default = "pri1"

}

variable name_scn01 {

default = "tf-scn01"

}

5

resource "ncloud_subnet" "pri1" {

name = var.pri1

vpc_no = ncloud_vpc.vpc_scn_01.id

subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 7, 0)

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

subnet_type = "PRIVATE"

// PUBLIC(Public) | PRIVATE(Private)

terraform apply -auto-approve

6

콘솔에서 네트워크 생성 확인

7

삭제

terraform destroy

<2> pub lb , pri lb 추가 , vpc 10.0.0.0/20

ipv4_cidr_block = "10.0.0.0/20"

1

참고 자료

cd /root/terraform-provider-ncloud-main/examples/nks

more main.tf

clear

2

# 현재 소스

::::::::::::::

main.tf

::::::::::::::

# VPC > User scenario > Scenario 1. Single Public Subnet

# https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html

provider "ncloud" {

support_vpc = true

region = "KR"

access_key = var.access_key

secret_key = var.secret_key

}

resource "ncloud_vpc" "vpc" {

name = "vpc"

ipv4_cidr_block = "10.0.0.0/20"

}

resource "ncloud_subnet" "node_subnet" {

vpc_no = ncloud_vpc.vpc.id

subnet = "10.0.1.0/24"

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc.default_network_acl_no

subnet_type = "PRIVATE"

name = "node-subnet"

usage_type = "GEN"

}

#############

ipv4_cidr_block = "10.0.0.0/20"

############################

resource "ncloud_subnet" "lb_subnet" {

vpc_no = ncloud_vpc.vpc_scn_01.id

# subnet = "10.0.100.0/24"

subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 4, 5)

zone = "KR-2"

network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

subnet_type = "PRIVATE"

name = "lb-subnet-pri1"

usage_type = "LOADB"

}

# pri-lb1 4.0

resource "ncloud_subnet" "lb_subnet_pub" {

vpc_no = ncloud_vpc.vpc_scn_01.id

# subnet = "10.0.101.0/24"

subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 4, 4)

zone = "KR-2"

network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

subnet_type = "PUBLIC"

name = "lb-subnet-pub1"

usage_type = "LOADB"

}

################

data "ncloud_nks_versions" "version" {

hypervisor_code = "KVM"

filter {

name = "value"

values = [var.nks_version]

regex = true

}

}

resource "ncloud_login_key" "loginkey" {

key_name = var.login_key

}

resource "ncloud_nks_cluster" "cluster" {

hypervisor_code = "KVM"

cluster_type = "SVR.VNKS.STAND.C002.M008.G003"

k8s_version = data.ncloud_nks_versions.version.versions.0.value

login_key_name = ncloud_login_key.loginkey.key_name

name = "sample-cluster"

lb_private_subnet_no = ncloud_subnet.lb_subnet.id

lb_public_subnet_no = ncloud_subnet.lb_subnet_pub.id

kube_network_plugin = "cilium"

subnet_no_list = [ ncloud_subnet.node_subnet.id ]

vpc_no = ncloud_vpc.vpc.id

public_network = false

zone = "KR-2"

auth_type = "API"

access_entries {

entry = "nrn:PUB:IAM::123456789012:SubAccount/UUID"

policies {

type = "NKSClusterAdminPolicy"

scope = "Cluster"

}

}

}

data "ncloud_nks_server_images" "image"{

hypervisor_code = "KVM"

filter {

name = "label"

values = ["ubuntu-22.04"]

regex = true

}

}

data "ncloud_nks_server_products" "product"{

software_code = data.ncloud_nks_server_images.image.images[0].value

zone = "KR-1"

filter {

name = "product_type"

values = [ "STAND"]

}

filter {

name = "cpu_count"

values = [ "2"]

}

filter {

name = "memory_size"

values = [ "8GB" ]

}

}

resource "ncloud_nks_node_pool" "node_pool" {

cluster_uuid = ncloud_nks_cluster.cluster.uuid

node_pool_name = "pool1"

node_count = 2

software_code = data.ncloud_nks_server_images.image.images[0].value

server_spec_code = data.ncloud_nks_server_products.product.products.0.value

storage_size = 200

autoscale {

enabled = false

min = 0

max = 0

}

label {

key = "foo"

value = "bar"

}

taint {

key = "foo"

value = "bar"

effect = "NoExecute"

}

}

more: cannot open clear: No such file or directory

[root@quick1 nks]#

31 lb-add.txt

9

4

# 에러

[root@quick1 scenario01]# terraform apply -auto-approve

╷

│ Error: Reference to undeclared resource

│

│ on main.tf line 42, in resource "ncloud_subnet" "lb_subnet":

│ 42: vpc_no = ncloud_vpc.vpc.id

│

│ A managed resource "ncloud_vpc" "vpc" has not been declared in the root module.

╵

╷

│ Error: Reference to undeclared resource

│

│ on main.tf line 50, in resource "ncloud_subnet" "lb_subnet":

│ 50: network_acl_no = ncloud_vpc.vpc.default_network_acl_no

│

│ A managed resource "ncloud_vpc" "vpc" has not been declared in the root module.

╵

╷

│ Error: Reference to undeclared resource

│

│ on main.tf line 62, in resource "ncloud_subnet" "lb_subnet_pub":

│ 62: vpc_no = ncloud_vpc.vpc.id

│

│ A managed resource "ncloud_vpc" "vpc" has not been declared in the root module.

╵

╷

│ Error: Reference to undeclared resource

│

│ on main.tf line 70, in resource "ncloud_subnet" "lb_subnet_pub":

│ 70: network_acl_no = ncloud_vpc.vpc.default_network_acl_no

│

│ A managed resource "ncloud_vpc" "vpc" has not been declared in the root module.

vpc 대신

vpc_scn_01 로 교체

30

삭제

terraform destroy

31

참고 자료

[root@ncp-game44-com ~]# more *.tf

::::::::::::::

main.tf

::::::::::::::

provider "ncloud" {

support_vpc = true

region = "KR"

access_key = var.access_key

secret_key = var.secret_key

}

resource "ncloud_login_key" "key_vpc" {

key_name = var.name_vpc

}

resource "ncloud_vpc" "vpc_vpc" {

name = var.name_vpc

ipv4_cidr_block = "10.0.0.0/21"

}

resource "ncloud_subnet" "subnet_pri1" {

name = var.name_pri1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,2 ,0 )

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PRIVATE"

// PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub-lb1" {

name = var.name_pub-lb1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 5)

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PUBLIC"

usage_type = "LOADB"

// PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pri-lb1" {

name = var.name_pri-lb1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 6)

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PRIVATE"

// PUBLIC(Public) | PRIVATE(Private)

usage_type = "LOADB"

}

::::::::::::::

nks.tf

::::::::::::::

resource "ncloud_nks_cluster" "cluster" {

cluster_type = "SVR.VNKS.STAND.C002.M008.NET.SSD.B050.G002"

k8s_version = data.ncloud_nks_versions.version.versions.0.value

login_key_name = ncloud_login_key.loginkey.key_name

name = "sample-cluster"

lb_private_subnet_no = ncloud_subnet.subnet_pri-lb1.id

lb_public_subnet_no = ncloud_subnet.subnet_pub-lb1.id

kube_network_plugin = "cilium"

subnet_no_list = [ ncloud_subnet.subnet_pri1.id ]

vpc_no = ncloud_vpc.vpc_vpc.id

zone = "KR-1"

log {

audit = true

}

}

data "ncloud_nks_server_images" "image"{

hypervisor_code = "XEN"

filter {

name = "label"

values = ["ubuntu-20.04"]

regex = true

}

}

data "ncloud_nks_server_products" "nks_products"{

software_code = data.ncloud_nks_server_images.image.images[0].value

zone = "KR-1"

filter {

name = "product_type"

values = [ "STAND"]

}

filter {

name = "cpu_count"

values = [ "2"]

}

filter {

name = "memory_size"

values = [ "8GB" ]

}

}

resource "ncloud_nks_node_pool" "node_pool" {

cluster_uuid = ncloud_nks_cluster.cluster.uuid

node_pool_name = "pool1"

node_count = 1

software_code = data.ncloud_nks_server_images.image.images[0].value

product_code = data.ncloud_nks_server_products.nks_products.products[0].value

subnet_no_list = [ncloud_subnet.subnet_pri1.id]

autoscale {

enabled = true

min = 1

max = 2

}

}

data "ncloud_nks_versions" "version" {

filter {

name = "value"

values = [var.nks_version]

regex = true

}

}

resource "ncloud_login_key" "loginkey" {

key_name = var.login_key

}

::::::::::::::

variables.tf

::::::::::::::

variable name_vpc {

default = "agame-dev-vpc8"

}

variable name_pub1 {

default = "agame-dev-pub1"

}

variable name_pri1 {

default = "agame-dev-pri1"

}

variable name_pub-lb1 {

default = "agame-dev-pub-lb1"

}

variable name_pri-lb1 {

default = "agame-dev-pri-lb1"

}

variable client_ip {

default = "3.3.3.3"

}

variable access_key {

default = "ncp_iam_BPAMKR4Q5KfFCsZXt2Ng"

}

variable secret_key {

default = "ncp_iam_BPKMKR6EFfmXGEJBcIwkD6gFVJ0mFbGTc5"

}

variable nks_version {

default = "1.29"

}

variable name_scn_02 {

default = "tf-scn02"

}

variable login_key {

default = "agame11"

}

::::::::::::::

versions.tf

::::::::::::::

terraform {

required_providers {

ncloud = {

source = "navercloudplatform/ncloud"

}

}

required_version = ">= 0.13"

}

4-nks-2024-12-27 (1)- 참고자료.txt

<3> DB 라우팅 분리-새파일로-nks.tf 삭제-AZ1 네트워크 빠르게 구축하기

1

mkdir db

cd db

root@quick1 db]# ls

main.tf nat.tf terraform.tfstate terraform.tfstate.backup var.tf ver.tf

rm -rf nks.tf

[root@ngame-web01-dev 6]# more *.tf

::::::::::::::

main.tf

::::::::::::::

provider "ncloud" {

support_vpc = true

region = "KR"

access_key = var.access_key

secret_key = var.secret_key

}

resource "ncloud_login_key" "key_vpc" {

key_name = var.name_vpc

}

resource "ncloud_vpc" "vpc_vpc" {

name = var.name_vpc

ipv4_cidr_block = "10.0.0.0/21"

}

resource "ncloud_subnet" "subnet_pri1" {

name = var.name_pri1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,2 ,0 )

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PRIVATE"

// PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub1" {

name = var.name_pub1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 2)

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PUBLIC"

// PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pri-db1" {

name = var.name_pri-db1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 3)

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PRIVATE"

// PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub-nat1" {

name = var.name_pub-nat1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 4)

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PUBLIC"

usage_type = "NATGW"

// PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub-lb1" {

name = var.name_pub-lb1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 5)

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PUBLIC"

usage_type = "LOADB"

// PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pri-lb1" {

name = var.name_pri-lb1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 , 6)

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PRIVATE"

// PUBLIC(Public) | PRIVATE(Private)

usage_type = "LOADB"

}

::::::::::::::

nat.tf

::::::::::::::

resource "ncloud_route_table" "route_table_pri1" {

name = var.name_pri1

vpc_no = ncloud_vpc.vpc_vpc.id

supported_subnet_type = "PRIVATE"

}

resource "ncloud_route_table_association" "subnet_pri-db1" {

route_table_no = ncloud_route_table.route_table_pri1.id

subnet_no = ncloud_subnet.subnet_pri-db1.id

}

# NAT Gateway

resource "ncloud_nat_gateway" "nat_gateway_scn_02" {

vpc_no = ncloud_vpc.vpc_vpc.id

subnet_no = ncloud_subnet.subnet_pub-nat1.id

zone = "KR-1"

name = var.name_pub-nat1

}

# Route Table

resource "ncloud_route" "route_scn_02_nat" {

route_table_no = ncloud_vpc.vpc_vpc.default_private_route_table_no

#route_table_no = ncloud_route_table.route_table_pri1.id

destination_cidr_block = "0.0.0.0/0"

target_type = "NATGW"

target_name = ncloud_nat_gateway.nat_gateway_scn_02.name

target_no = ncloud_nat_gateway.nat_gateway_scn_02.id

}

::::::::::::::

nks.tf

::::::::::::::

resource "ncloud_nks_cluster" "cluster" {

cluster_type = "SVR.VNKS.STAND.C002.M008.NET.SSD.B050.G002"

k8s_version = data.ncloud_nks_versions.version.versions.0.value

login_key_name = ncloud_login_key.loginkey.key_name

name = "sample-cluster"

lb_private_subnet_no = ncloud_subnet.subnet_pri-lb1.id

lb_public_subnet_no = ncloud_subnet.subnet_pub-lb1.id

kube_network_plugin = "cilium"

subnet_no_list = [ ncloud_subnet.subnet_pri1.id ]

vpc_no = ncloud_vpc.vpc_vpc.id

zone = "KR-1"

log {

audit = true

}

}

data "ncloud_nks_server_images" "image"{

hypervisor_code = "XEN"

filter {

name = "label"

values = ["ubuntu-20.04"]

regex = true

}

}

data "ncloud_nks_server_products" "nks_products"{

software_code = data.ncloud_nks_server_images.image.images[0].value

zone = "KR-1"

filter {

name = "product_type"

values = [ "STAND"]

}

filter {

name = "cpu_count"

values = [ "2"]

}

filter {

name = "memory_size"

values = [ "8GB" ]

}

}

resource "ncloud_nks_node_pool" "node_pool" {

cluster_uuid = ncloud_nks_cluster.cluster.uuid

node_pool_name = "pool1"

node_count = 1

software_code = data.ncloud_nks_server_images.image.images[0].value

product_code = data.ncloud_nks_server_products.nks_products.products[0].value

subnet_no_list = [ncloud_subnet.subnet_pri1.id]

autoscale {

enabled = true

min = 1

max = 2

}

}

data "ncloud_nks_versions" "version" {

filter {

name = "value"

values = [var.nks_version]

regex = true

}

}

resource "ncloud_login_key" "loginkey" {

key_name = var.login_key

}

::::::::::::::

variables.tf

::::::::::::::

variable name_vpc {

default = "agame-dev-vpc8"

}

variable name_pri1 {

default = "agame-dev-pri1"

}

variable name_pub1 {

default = "agame-dev-pub1"

}

variable name_pri-db1 {

default = "agame-dev-pri-db1"

}

variable name_pub-nat1 {

default = "agame-dev-pub-nat1"

}

variable name_pub-lb1 {

default = "agame-dev-pub-lb1"

}

variable name_pri-lb1 {

default = "agame-dev-pri-lb1"

}

variable client_ip {

default = "3.3.3.3"

}

variable access_key {

default = "ncp_iam_BPAqKT6sp5"

}

variable secret_key {

default = "ncp_iam_BPKLNrW50nQ"

}

variable nks_version {

default = "1.28"

}

variable name_scn_02 {

default = "tf-scn02"

}

variable login_key {

default = "agame-k8s12"

}

::::::::::::::

versions.tf

::::::::::::::

terraform {

required_providers {

ncloud = {

source = "navercloudplatform/ncloud"

}

}

required_version = ">= 0.13"

}

20 db-라우팅테이블분리-nks-2024-09-22-2 (2)- 참고.txt

var.tf

access

secret

default = "1.32"

terraform init

terraform plan

terraform apply -auto-approve