From 1e5b0b44879d08f9dfe2a235f2e1793782686d83 Mon Sep 17 00:00:00 2001 From: havelight-ee Date: Thu, 4 May 2023 22:42:49 +0900 Subject: [PATCH] update --- .../k8s-rel-process-c.yaml | 4 +- .../infra_monitoring/.terraform.lock.hcl | 44 +++ aws_instance/infra_monitoring/ec2.tf | 41 ++ aws_instance/infra_monitoring/main.tf | 10 + aws_instance/infra_monitoring/route53.tf | 8 + .../infra_monitoring/security_group.tf | 41 ++ .../infra_monitoring/terraform.tfstate | 9 + .../infra_monitoring/terraform.tfstate.backup | 370 ++++++++++++++++++ aws_instance/infra_monitoring/variables.tf | 39 ++ 9 files changed, 564 insertions(+), 2 deletions(-) create mode 100644 aws_instance/infra_monitoring/.terraform.lock.hcl create mode 100644 aws_instance/infra_monitoring/ec2.tf create mode 100644 aws_instance/infra_monitoring/main.tf create mode 100644 aws_instance/infra_monitoring/route53.tf create mode 100644 aws_instance/infra_monitoring/security_group.tf create mode 100644 aws_instance/infra_monitoring/terraform.tfstate create mode 100644 aws_instance/infra_monitoring/terraform.tfstate.backup create mode 100644 aws_instance/infra_monitoring/variables.tf diff --git a/aws_cluster/aws_kops_prod/instancegroup_backup/k8s-rel-process-c.yaml b/aws_cluster/aws_kops_prod/instancegroup_backup/k8s-rel-process-c.yaml index 68ad384..85b3b1a 100644 --- a/aws_cluster/aws_kops_prod/instancegroup_backup/k8s-rel-process-c.yaml +++ b/aws_cluster/aws_kops_prod/instancegroup_backup/k8s-rel-process-c.yaml @@ -10,8 +10,8 @@ spec: image: ami-0409b7ddbc59e3222 machineType: m5a.xlarge manager: CloudGroup - maxSize: 0 - minSize: 0 + maxSize: 4 + minSize: 4 mixedInstancesPolicy: onDemandAboveBase: 0 onDemandBase: 0 diff --git a/aws_instance/infra_monitoring/.terraform.lock.hcl b/aws_instance/infra_monitoring/.terraform.lock.hcl new file mode 100644 index 0000000..3f4f43d --- /dev/null +++ b/aws_instance/infra_monitoring/.terraform.lock.hcl @@ -0,0 +1,44 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/archive" { + version = "1.3.0" + constraints = "~> 1.3" + hashes = [ + "h1:T3DszgOa/75SiiONgEDRujpN5rSqIw9TvFZXHjpqMB4=", + "zh:115aa6bc7825402a8d4e2e954378a9f48e4fdbeabe081ffd04e0a2f6786159bb", + "zh:21f731ffac20a67615c64a7a8a96949c971ee28ffd5807d8c299faba73b5e273", + "zh:2e81b58e141b175cbf801ade5e87c5db4cb28933216b0547ef32c95500385904", + "zh:3acbb96fd142b4d193dc18861340281249301368029169e346d15410d0572492", + "zh:4346edee0dfe97154b6f28d9ef0fa762131db92b78bbd1b3207945201cb59818", + "zh:93916a84cc6ff6778456dd170a657326c4dd3a86b4434e424a66a87c2535b888", + "zh:ade675c3ac8b9ec91131bac5881fbd4efad46a3683f2fea2efb9493a2c1b9ffb", + "zh:b0a0cb13fc850903aa7a057ae7e06366939b8f347926dce1137cd47b9123ad93", + "zh:d6d838cceffb7f3ff27fb9b51d78fccdef15bd32408f33a726556bfe66315bd3", + "zh:ddc4ac6aea6537f8096ffeb8ff3bca355f0972793184e0f6df120aa6460b4446", + "zh:e0d1213625d40d124bd9570f0d92907416f8d61bc8c389c776e72c0a97020cce", + "zh:eb707b69f9093b97d98e2dece9822852a27849dd1627d35302e8d6b9801407ef", + ] +} + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.65.0" + hashes = [ + "h1:fbSgoS5GLuwKAZlovFvGoYl4B0Bi5T7+MmFiVZL0uOo=", + "zh:0461b8dfc14e94971bfd12783cbd5a5574b9fcfc3694b6afaa8836f90b61c1f9", + "zh:24a27e7b1f6eb33e9da6f2ffaaa6bc48e933a24224c6572d6e588994e5c7130b", + "zh:2ca189d04573414bef4876c17ccb2b76f6e721e0450f6ab3700d94d7c04bec64", + "zh:3fb0654a527677231dab2140e9a55df3b90dba478b3db50001e21a045437a47a", + "zh:4918173d9c7d2735908622c17efd01746a046f0a571690afa7dd0866f22045f7", + "zh:491d259b15166f751076d2bdc443928ca63f6c0a83b02ea75fff8b4224662207", + "zh:4ff8e178f0656f04f88558c295a1d246b1bdcf5ad81d8b3b9ccceaeca2eb7fa8", + "zh:5e4eaf2855a740124f4bbe34ac4bd22c7f320aa3e91d9cef64396ad0a1571544", + "zh:65762c60c4bac2e0d55ed8c2877e455e84465cb12f0c885363a1b561cd4f5f07", + "zh:7c5e4f85eb5f70e6da2d64701dd5551f2bc334dbb9add76bfc6a2bea6acf4483", + "zh:90d32b238113528319d7a5fade97bd8ac9a8b654482fc9056478a43d2e297886", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:e6ed3299516a8fb2292af7e7e123d09817dfd8e039aaf35ad5a276f739668e88", + "zh:eb84fa96c63d836b3b4689835cb7c4487808dfd1ba7ddacf4d8c4c6ff65cdbef", + "zh:ff97d1498193c99c9c35afd9bfcdce011abf460ec041721727d6e542f7a3bedd", + ] +} diff --git a/aws_instance/infra_monitoring/ec2.tf b/aws_instance/infra_monitoring/ec2.tf new file mode 100644 index 0000000..c7147d0 --- /dev/null +++ b/aws_instance/infra_monitoring/ec2.tf @@ -0,0 +1,41 @@ +resource "aws_instance" "monitoring" { + ami = "ami-0409b7ddbc59e3222" + instance_type = "t3.small" + key_name = "kp-jay-bastion-datasaker" + vpc_security_group_ids = [aws_security_group.monitoring-allow-security.id] + availability_zone = "ap-northeast-2c" + subnet_id = var.Public_Subnet_ID_3 + + root_block_device { + delete_on_termination = true + volume_size = 30 + } + + tags = { + Name = "monitoring" + } +} + +resource "aws_eip" "monitoring_eip" { + vpc = true + instance = aws_instance.monitoring.id + + tags = { + Name = "monitoring-eip" + } +} + +resource "aws_ebs_volume" "monitoring_ebs" { + availability_zone = aws_instance.monitoring.availability_zone + size = 100 + + tags = { + Name = "monitoring-ebs" + } +} + +resource "aws_volume_attachment" "monitoring_ebs_attach" { + device_name = "/dev/xvdf" + volume_id = aws_ebs_volume.monitoring_ebs.id + instance_id = aws_instance.monitoring.id +} diff --git a/aws_instance/infra_monitoring/main.tf b/aws_instance/infra_monitoring/main.tf new file mode 100644 index 0000000..dd4bd35 --- /dev/null +++ b/aws_instance/infra_monitoring/main.tf @@ -0,0 +1,10 @@ +provider "aws" { + region = "ap-northeast-2" +} + +terraform { + required_providers { + archive = "~> 1.3" + } +} + diff --git a/aws_instance/infra_monitoring/route53.tf b/aws_instance/infra_monitoring/route53.tf new file mode 100644 index 0000000..cad9c10 --- /dev/null +++ b/aws_instance/infra_monitoring/route53.tf @@ -0,0 +1,8 @@ +resource "aws_route53_record" "monitoring" { + zone_id = "${var.datasaker-io}" + name = "monitoring.kr.datasaker.io" + type = "A" + ttl = "300" + records = [aws_eip.monitoring_eip.public_ip] +} + diff --git a/aws_instance/infra_monitoring/security_group.tf b/aws_instance/infra_monitoring/security_group.tf new file mode 100644 index 0000000..4dc9585 --- /dev/null +++ b/aws_instance/infra_monitoring/security_group.tf @@ -0,0 +1,41 @@ +resource "aws_security_group" "monitoring-allow-security" { + name = "monitoring-allow-security-new" + description = "Allow inbound traffic" + vpc_id = var.VPC_ID + + ingress { + description = "SSH" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["118.223.123.161/32"] + } + + ingress { + description = "TLS from monitoring" + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["118.223.123.161/32"] + } + + ingress { + description = "http fron monitoring" + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["118.223.123.161/32"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] + } + + tags = { + Name = "monitoring-allow-security" + } +} diff --git a/aws_instance/infra_monitoring/terraform.tfstate b/aws_instance/infra_monitoring/terraform.tfstate new file mode 100644 index 0000000..bf02fea --- /dev/null +++ b/aws_instance/infra_monitoring/terraform.tfstate @@ -0,0 +1,9 @@ +{ + "version": 4, + "terraform_version": "1.3.7", + "serial": 14, + "lineage": "b244d6e2-ddf9-06f1-7d1d-36ae5f9e2690", + "outputs": {}, + "resources": [], + "check_results": null +} diff --git a/aws_instance/infra_monitoring/terraform.tfstate.backup b/aws_instance/infra_monitoring/terraform.tfstate.backup new file mode 100644 index 0000000..d1374ed --- /dev/null +++ b/aws_instance/infra_monitoring/terraform.tfstate.backup @@ -0,0 +1,370 @@ +{ + "version": 4, + "terraform_version": "1.3.7", + "serial": 7, + "lineage": "b244d6e2-ddf9-06f1-7d1d-36ae5f9e2690", + "outputs": {}, + "resources": [ + { + "mode": "managed", + "type": "aws_ebs_volume", + "name": "monitoring_ebs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:ec2:ap-northeast-2:508259851457:volume/vol-0a6f71b76b33ec00b", + "availability_zone": "ap-northeast-2c", + "encrypted": false, + "final_snapshot": false, + "id": "vol-0a6f71b76b33ec00b", + "iops": 300, + "kms_key_id": "", + "multi_attach_enabled": false, + "outpost_arn": "", + "size": 100, + "snapshot_id": "", + "tags": { + "Name": "monitoring-ebs" + }, + "tags_all": { + "Name": "monitoring-ebs" + }, + "throughput": 0, + "timeouts": null, + "type": "gp2" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjMwMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_instance.monitoring", + "aws_security_group.monitoring-allow-security" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_eip", + "name": "monitoring_eip", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "address": null, + "allocation_id": "eipalloc-09ba2d1ff002bc87b", + "associate_with_private_ip": null, + "association_id": "eipassoc-0f07cba160cf921d4", + "carrier_ip": "", + "customer_owned_ip": "", + "customer_owned_ipv4_pool": "", + "domain": "vpc", + "id": "eipalloc-09ba2d1ff002bc87b", + "instance": "i-084d54369608ba75d", + "network_border_group": "ap-northeast-2", + "network_interface": "eni-047d040d1d5152d9e", + "private_dns": "ip-172-24-2-44.ap-northeast-2.compute.internal", + "private_ip": "172.24.2.44", + "public_dns": "ec2-15-164-91-52.ap-northeast-2.compute.amazonaws.com", + "public_ip": "15.164.91.52", + "public_ipv4_pool": "amazon", + "tags": { + "Name": "monitoring-eip" + }, + "tags_all": { + "Name": "monitoring-eip" + }, + "timeouts": null, + "vpc": true + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjoxODAwMDAwMDAwMDAsInJlYWQiOjkwMDAwMDAwMDAwMCwidXBkYXRlIjozMDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "aws_instance.monitoring", + "aws_security_group.monitoring-allow-security" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_instance", + "name": "monitoring", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "ami": "ami-0409b7ddbc59e3222", + "arn": "arn:aws:ec2:ap-northeast-2:508259851457:instance/i-084d54369608ba75d", + "associate_public_ip_address": false, + "availability_zone": "ap-northeast-2c", + "capacity_reservation_specification": [ + { + "capacity_reservation_preference": "open", + "capacity_reservation_target": [] + } + ], + "cpu_core_count": 1, + "cpu_threads_per_core": 2, + "credit_specification": [ + { + "cpu_credits": "unlimited" + } + ], + "disable_api_stop": false, + "disable_api_termination": false, + "ebs_block_device": [], + "ebs_optimized": false, + "enclave_options": [ + { + "enabled": false + } + ], + "ephemeral_block_device": [], + "get_password_data": false, + "hibernation": false, + "host_id": "", + "host_resource_group_arn": null, + "iam_instance_profile": "", + "id": "i-084d54369608ba75d", + "instance_initiated_shutdown_behavior": "stop", + "instance_state": "running", + "instance_type": "t3.small", + "ipv6_address_count": 0, + "ipv6_addresses": [], + "key_name": "kp-jay-bastion-datasaker", + "launch_template": [], + "maintenance_options": [ + { + "auto_recovery": "default" + } + ], + "metadata_options": [ + { + "http_endpoint": "enabled", + "http_put_response_hop_limit": 1, + "http_tokens": "optional", + "instance_metadata_tags": "disabled" + } + ], + "monitoring": false, + "network_interface": [], + "outpost_arn": "", + "password_data": "", + "placement_group": "", + "placement_partition_number": 0, + "primary_network_interface_id": "eni-047d040d1d5152d9e", + "private_dns": "i-084d54369608ba75d.ap-northeast-2.compute.internal", + "private_dns_name_options": [ + { + "enable_resource_name_dns_a_record": true, + "enable_resource_name_dns_aaaa_record": false, + "hostname_type": "resource-name" + } + ], + "private_ip": "172.24.2.44", + "public_dns": "", + "public_ip": "", + "root_block_device": [ + { + "delete_on_termination": true, + "device_name": "/dev/sda1", + "encrypted": false, + "iops": 100, + "kms_key_id": "", + "tags": null, + "throughput": 0, + "volume_id": "vol-0e2628f12cc09f442", + "volume_size": 30, + "volume_type": "gp2" + } + ], + "secondary_private_ips": [], + "security_groups": [], + "source_dest_check": true, + "subnet_id": "subnet-0073a61bc56a68a3e", + "tags": { + "Name": "monitoring" + }, + "tags_all": { + "Name": "monitoring" + }, + "tenancy": "default", + "timeouts": null, + "user_data": null, + "user_data_base64": null, + "user_data_replace_on_change": false, + "volume_tags": null, + "vpc_security_group_ids": [ + "sg-0cdf2dd6e68b0c3fe" + ] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMCwidXBkYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_security_group.monitoring-allow-security" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route53_record", + "name": "monitoring", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 2, + "attributes": { + "alias": [], + "allow_overwrite": null, + "cidr_routing_policy": [], + "failover_routing_policy": [], + "fqdn": "testmonitoring.kr.datasaker.io", + "geolocation_routing_policy": [], + "health_check_id": "", + "id": "Z072735718G25WNVKU834_testmonitoring.kr.datasaker.io_A", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": false, + "name": "testmonitoring.kr.datasaker.io", + "records": [ + "15.164.91.52" + ], + "set_identifier": "", + "ttl": 300, + "type": "A", + "weighted_routing_policy": [], + "zone_id": "Z072735718G25WNVKU834" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", + "dependencies": [ + "aws_eip.monitoring_eip", + "aws_instance.monitoring", + "aws_security_group.monitoring-allow-security" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_security_group", + "name": "monitoring-allow-security", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ap-northeast-2:508259851457:security-group/sg-0cdf2dd6e68b0c3fe", + "description": "Allow inbound traffic", + "egress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 0, + "ipv6_cidr_blocks": [ + "::/0" + ], + "prefix_list_ids": [], + "protocol": "-1", + "security_groups": [], + "self": false, + "to_port": 0 + } + ], + "id": "sg-0cdf2dd6e68b0c3fe", + "ingress": [ + { + "cidr_blocks": [ + "118.223.123.161/32" + ], + "description": "SSH", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + }, + { + "cidr_blocks": [ + "118.223.123.161/32" + ], + "description": "TLS from monitoring", + "from_port": 443, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 443 + }, + { + "cidr_blocks": [ + "118.223.123.161/32" + ], + "description": "http fron monitoring", + "from_port": 80, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 80 + } + ], + "name": "monitoring-allow-security-new", + "name_prefix": "", + "owner_id": "508259851457", + "revoke_rules_on_delete": false, + "tags": { + "Name": "monitoring-allow-security" + }, + "tags_all": { + "Name": "monitoring-allow-security" + }, + "timeouts": null, + "vpc_id": "vpc-00ba2b0e9ad59f0ed" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=" + } + ] + }, + { + "mode": "managed", + "type": "aws_volume_attachment", + "name": "monitoring_ebs_attach", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "device_name": "/dev/xvdf", + "force_detach": null, + "id": "vai-652215165", + "instance_id": "i-084d54369608ba75d", + "skip_destroy": null, + "stop_instance_before_detaching": null, + "timeouts": null, + "volume_id": "vol-0a6f71b76b33ec00b" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "aws_ebs_volume.monitoring_ebs", + "aws_instance.monitoring", + "aws_security_group.monitoring-allow-security" + ] + } + ] + } + ], + "check_results": null +} diff --git a/aws_instance/infra_monitoring/variables.tf b/aws_instance/infra_monitoring/variables.tf new file mode 100644 index 0000000..239037b --- /dev/null +++ b/aws_instance/infra_monitoring/variables.tf @@ -0,0 +1,39 @@ +#---------------------------------------------------------------# +# Network ID + +variable "VPC_ID" { + default = "vpc-00ba2b0e9ad59f0ed" +} + +variable "Network_CIDR" { + default = "172.24.0.0/19" +} + +variable "Private_Subnet_ID_1" { + default = "subnet-024f0deda82039fa4" +} + +variable "Private_Subnet_ID_2" { + default = "subnet-050d942fa1c46540a" +} + +variable "Private_Subnet_ID_3" { + default = "subnet-0946eb806af7377be" +} + +variable "Public_Subnet_ID_1" { + default = "subnet-00c363356f133411d" +} + +variable "Public_Subnet_ID_2" { + default = "subnet-07aa5e879a262014d" +} + +variable "Public_Subnet_ID_3" { + default = "subnet-0073a61bc56a68a3e" +} + +variable "datasaker-io" { + default = "Z072735718G25WNVKU834" +} +