aws prod 환경 구축 파일

2022-11-08 12:14:39 +09:00
parent fff9000311
commit 4f3df8d1ca
171 changed files with 37493 additions and 0 deletions
--- a/prod_221108/terraform/.terraform.lock.hcl
+++ b/prod_221108/terraform/.terraform.lock.hcl
@@ -0,0 +1,22 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "4.36.1"
+  constraints = ">= 4.0.0"
+  hashes = [
+    "h1:04NI9x34nwhgghwevSGdsjssqy5zzvMsQg2Qjpmx/n0=",
+    "zh:19b16047b4f15e9b8538a2b925f1e860463984eed7d9bd78e870f3e884e827a7",
+    "zh:3c0db06a9a14b05a77f3fe1fc029a5fb153f4966964790ca8e71ecc3427d83f5",
+    "zh:3c7407a8229005e07bc274cbae6e3a464c441a88810bfc6eceb2414678fd08ae",
+    "zh:3d96fa82c037fafbd3e7f4edc1de32afb029416650f6e392c39182fc74a9e03a",
+    "zh:8f4f540c5f63d847c4b802ca84d148bb6275a3b0723deb09bf933a4800bc7209",
+    "zh:9802cb77472d6bcf24c196ce2ca6d02fac9db91558536325fec85f955b71a8a4",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:a263352433878c89832c2e38f4fd56cf96ae9969c13b5c710d5ba043cbd95743",
+    "zh:aca7954a5f458ceb14bf0c04c961c4e1e9706bf3b854a1e90a97d0b20f0fe6d3",
+    "zh:d78f400332e87a97cce2e080db9d01beb01f38f5402514a6705d6b8167e7730d",
+    "zh:e14bdc49be1d8b7d2543d5c58078c84b76051085e8e6715a895dcfe6034b6098",
+    "zh:f2e400b88c8de170bb5027922226da1e9a6614c03f2a6756c15c3b930c2f460c",
+  ]
+}
--- a/prod_221108/terraform/01_vpc.tf
+++ b/prod_221108/terraform/01_vpc.tf
@@ -0,0 +1,55 @@
+terraform {
+  required_version = ">= 0.15.0"
+  required_providers {
+    aws = {
+      "configuration_aliases" = [aws.files]
+      "source"                = "hashicorp/aws"
+      "version"               = ">= 4.0.0"
+    }
+  }
+}
+
+provider "aws" {
+  alias  = "files"
+  region = "ap-northeast-2"
+}
+
+output "vpc_prod_datasaker_id" {
+  value = aws_vpc.vpc-prod-datasaker.id
+}
+
+output "vpc_prod_datasaker_cidr_block" {
+  value = aws_vpc.vpc-prod-datasaker.cidr_block
+}
+
+
+
+resource "aws_vpc" "vpc-prod-datasaker" {
+  assign_generated_ipv6_cidr_block = true
+  cidr_block                       = "172.24.0.0/19"
+  enable_dns_hostnames             = true
+  enable_dns_support               = true
+  tags = {
+    "Name" = "vpc-prod-datasaker"
+  }
+}
+
+resource "aws_vpc_dhcp_options" "vpc-dhcp-prod-datasaker" {
+  domain_name         = "ap-northeast-2.compute.internal"
+  domain_name_servers = ["AmazonProvidedDNS"]
+  tags = {
+    "Name" = "vpc-dhcp-prod-datasaker"
+  }
+}
+
+resource "aws_vpc_dhcp_options_association" "vpc-dhcp-asso-prod-datasaker" {
+  dhcp_options_id = aws_vpc_dhcp_options.vpc-dhcp-prod-datasaker.id
+  vpc_id          = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_internet_gateway" "igw-prod-datasaker" {
+  tags = {
+    "Name" = "igw-prod-datasaker"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
--- a/prod_221108/terraform/02_dmz_route.tf
+++ b/prod_221108/terraform/02_dmz_route.tf
@@ -0,0 +1,153 @@
+
+
+output "sbn_dmz_prod_a_id" {
+  value = aws_subnet.sbn-prod-dmz-a.id
+}
+
+output "sbn_dmz_prod_b_id" {
+  value = aws_subnet.sbn-prod-dmz-b.id
+}
+
+output "sbn_dmz_prod_c_id" {
+  value = aws_subnet.sbn-prod-dmz-c.id
+}
+
+resource "aws_subnet" "sbn-prod-dmz-a" {
+  availability_zone                           = "ap-northeast-2a"
+  cidr_block                                  = "172.24.0.0/24"
+  enable_resource_name_dns_a_record_on_launch = true
+  private_dns_hostname_type_on_launch         = "resource-name"
+  tags = {
+    "Name"= "sbn-prod-dmz-a.datasaker"
+    "SubnetType"                                    = "Utility"
+    "kubernetes.io/cluster/datasaker"               = "owned"
+    "kubernetes.io/cluster/prod.datasaker.io"  = "shared"
+    "kubernetes.io/role/nlb"                        = "1"
+    "kubernetes.io/role/internal-nlb"               = "1"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_subnet" "sbn-prod-dmz-b" {
+  availability_zone                           = "ap-northeast-2b"
+  cidr_block                                  = "172.24.1.0/24"
+  enable_resource_name_dns_a_record_on_launch = true
+  private_dns_hostname_type_on_launch         = "resource-name"
+  tags = {
+    "Name"                                              = "sbn-prod-dmz-b.datasaker"
+    "SubnetType"                                        = "Utility"
+    "kubernetes.io/cluster/datasaker" 			= "owned"
+    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
+    "kubernetes.io/role/nlb"                            = "1"
+    "kubernetes.io/role/internal-nlb"                   = "1"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_subnet" "sbn-prod-dmz-c" {
+  availability_zone                           = "ap-northeast-2c"
+  cidr_block                                  = "172.24.2.0/24"
+  enable_resource_name_dns_a_record_on_launch = true
+  private_dns_hostname_type_on_launch         = "resource-name"
+  tags = {
+    "Name"                                              = "sbn-prod-dmz-c.datasaker"
+    "SubnetType"                                        = "Utility"
+    "kubernetes.io/cluster/datasaker" 			= "owned"
+    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
+    "kubernetes.io/role/nlb"                            = "1"
+    "kubernetes.io/role/internal-nlb"                   = "1"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_route_table" "rt-prod-datasaker-pub" {
+  tags = {
+    "Name" = "rt-prod-datasaker-pub"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_route" "r-0-0-0-0--0" {
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id = aws_internet_gateway.igw-prod-datasaker.id
+  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
+}
+
+resource "aws_route" "r-__--0" {
+  destination_ipv6_cidr_block = "::/0"
+  gateway_id = aws_internet_gateway.igw-prod-datasaker.id
+  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
+}
+resource "aws_route_table_association" "rta-prod-dmz-a" {
+  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
+  subnet_id      = aws_subnet.sbn-prod-dmz-a.id
+}
+
+resource "aws_route_table_association" "rta-prod-dmz-b" {
+  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
+  subnet_id      = aws_subnet.sbn-prod-dmz-b.id
+}
+
+resource "aws_route_table_association" "rta-prod-dmz-c" {
+  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
+  subnet_id      = aws_subnet.sbn-prod-dmz-c.id
+}
+
+resource "aws_eip" "eip-bastion-prod-datasaker" {
+  vpc      = true
+  tags = {
+    Name    = "eip-bastion-prod-datasaker"
+  }
+}
+
+resource "aws_eip" "eip-natgw-prod-a-datasaker" {
+  vpc      = true
+  tags = {
+    Name    = "eip-natgw-prod-a-datasaker"
+  }
+}
+
+resource "aws_eip" "eip-natgw-prod-b-datasaker" {
+  vpc      = true
+  tags = {
+    Name    = "eip-natgw-prod-b-datasaker"
+  }
+}
+
+resource "aws_eip" "eip-natgw-prod-c-datasaker" {
+  vpc      = true
+  tags = {
+    Name    = "eip-natgw-prod-c-datasaker"
+  }
+}
+
+resource "aws_nat_gateway" "natgw-prod-a-datasaker" {
+  allocation_id = aws_eip.eip-natgw-prod-a-datasaker.id
+  subnet_id     = aws_subnet.sbn-prod-dmz-a.id
+
+  tags = {
+    Name = "natgw-prod-a-datasaker"
+  }
+  depends_on = [aws_internet_gateway.igw-prod-datasaker]
+}
+
+resource "aws_nat_gateway" "natgw-prod-b-datasaker" {
+  allocation_id = aws_eip.eip-natgw-prod-b-datasaker.id
+  subnet_id     = aws_subnet.sbn-prod-dmz-b.id
+
+  tags = {
+    Name = "natgw-prod-b-datasaker"
+  }
+  depends_on = [aws_internet_gateway.igw-prod-datasaker]
+}
+
+resource "aws_nat_gateway" "natgw-prod-c-datasaker" {
+  allocation_id = aws_eip.eip-natgw-prod-c-datasaker.id
+  subnet_id     = aws_subnet.sbn-prod-dmz-c.id
+
+  tags = {
+    Name = "natgw-prod-c-datasaker"
+  }
+  depends_on = [aws_internet_gateway.igw-prod-datasaker]
+}
+
--- a/prod_221108/terraform/03_prod_route.tf
+++ b/prod_221108/terraform/03_prod_route.tf
@@ -0,0 +1,102 @@
+resource "aws_route_table" "private-prod-a-datasaker" {
+  tags = {
+    "Name" = "private-prod-a-datasaker"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_route_table" "private-prod-b-datasaker" {
+  tags = {
+    "Name" = "private-prod-b-datasaker"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_route_table" "private-prod-c-datasaker" {
+  tags = {
+    "Name" = "private-prod-c-datasaker"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_route" "route-private-rt-prod-a-datasaker-0-0-0-0--0" {
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = aws_nat_gateway.natgw-prod-a-datasaker.id
+  route_table_id         = aws_route_table.private-prod-a-datasaker.id
+}
+
+resource "aws_route" "route-private-rt-prod-b-datasaker-0-0-0-0--0" {
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = aws_nat_gateway.natgw-prod-b-datasaker.id
+  route_table_id         = aws_route_table.private-prod-b-datasaker.id
+}
+
+resource "aws_route" "route-private-rt-prod-c-datasaker-0-0-0-0--0" {
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = aws_nat_gateway.natgw-prod-c-datasaker.id
+  route_table_id         = aws_route_table.private-prod-c-datasaker.id
+}
+
+resource "aws_subnet" "sbn-prod-a" {
+  availability_zone                           = "ap-northeast-2a"
+  cidr_block                                  = "172.24.8.0/23"
+  enable_resource_name_dns_a_record_on_launch = true
+  private_dns_hostname_type_on_launch         = "resource-name"
+  tags = {
+    "Name"                                      = "sbn-prod-a-datasaker"
+    "SubnetType"                                = "Private"
+    "kubernetes.io/cluster/datasaker" 		    = "owned"
+    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
+    "kubernetes.io/role/nlb"                    = "1"
+    "kubernetes.io/role/internal-nlb"           = "1"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_subnet" "sbn-prod-b" {
+  availability_zone                           = "ap-northeast-2b"
+  cidr_block                                  = "172.24.10.0/23"
+  enable_resource_name_dns_a_record_on_launch = true
+  private_dns_hostname_type_on_launch         = "resource-name"
+  tags = {
+    "Name"                                      = "sbn-prod-b-datasaker"
+    "SubnetType"                                = "Private"
+    "kubernetes.io/cluster/datasaker" 		    = "owned"
+    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
+    "kubernetes.io/role/nlb"                    = "1"
+    "kubernetes.io/role/internal-nlb"           = "1"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_subnet" "sbn-prod-c" {
+  availability_zone                           = "ap-northeast-2c"
+  cidr_block                                  = "172.24.12.0/23"
+  enable_resource_name_dns_a_record_on_launch = true
+  private_dns_hostname_type_on_launch         = "resource-name"
+  tags = {
+    "Name"                                      = "sbn-prod-c-datasaker"
+    "SubnetType"                                = "Private"
+    "kubernetes.io/cluster/datasaker" 		    = "owned"
+    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
+    "kubernetes.io/role/nlb"                    = "1"
+    "kubernetes.io/role/internal-nlb"           = "1"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+
+resource "aws_route_table_association" "rta-prod-a" {
+  route_table_id = aws_route_table.private-prod-a-datasaker.id
+  subnet_id      = aws_subnet.sbn-prod-a.id
+}
+
+resource "aws_route_table_association" "rta-prod-b" {
+  route_table_id = aws_route_table.private-prod-b-datasaker.id
+  subnet_id      = aws_subnet.sbn-prod-b.id
+}
+
+resource "aws_route_table_association" "rta-prod-c" {
+  route_table_id = aws_route_table.private-prod-c-datasaker.id
+  subnet_id      = aws_subnet.sbn-prod-c.id
+}
--- a/prod_221108/terraform/04_prod_bastion.tf
+++ b/prod_221108/terraform/04_prod_bastion.tf
@@ -0,0 +1,24 @@
+resource "aws_instance" "bastion-k8s-prod-datasaker-io" {
+  ami                         = "ami-0b6591f49cf24e237"
+  instance_type               = "t3.small"
+  count                       = 1
+  key_name                    = "kp-jay-bastion-datasaker"
+  vpc_security_group_ids      = ["${aws_security_group.prod-dmz-sg-datasaker.id}"]
+  subnet_id                   = aws_subnet.sbn-prod-dmz-a.id
+  associate_public_ip_address = true
+
+  root_block_device {
+    delete_on_termination = true
+    encrypted             = false
+    tags = {
+      Name    = "bastion-k8s-prod-datasaker-io"
+    }
+    volume_size = 20
+    volume_type = "gp3"
+    iops        = 3000
+  }  
+
+  tags = {
+    Name = "bastion-k8s-prod-datasaker-io"
+  }
+}
--- a/prod_221108/terraform/05_security_group.tf
+++ b/prod_221108/terraform/05_security_group.tf
@@ -0,0 +1,74 @@
+resource "aws_security_group" "prod-dmz-sg-datasaker" {
+  description = "Security group dmz-datasaker"
+  name        = "prod-dmz-sg-datasaker"
+  tags = {
+    "Name" = "prod-dmz-sg-datasaker"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_security_group_rule" "pub-only-exem" {
+   cidr_blocks       = ["115.178.73.2/32","115.178.73.91/32"]
+   from_port         = 22
+   protocol          = "tcp"
+   security_group_id = aws_security_group.prod-dmz-sg-datasaker.id
+   to_port           = 22
+   type              = "ingress"
+}
+
+resource "aws_security_group_rule" "pub-out-any" {
+  cidr_blocks       = ["0.0.0.0/0"]
+  from_port         = 0
+  protocol          = "tcp"
+  security_group_id = aws_security_group.prod-dmz-sg-datasaker.id
+  to_port           = 65535
+  type              = "egress"
+}
+
+################################################################################
+
+resource "aws_security_group" "prod-priv-sg-datasaker" {
+  description = "Security group prod-datasaker"
+  name        = "prod-priv-sg-datasaker"
+  tags = {
+    "Name" = "prod-priv-sg-datasaker"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+
+resource "aws_security_group_rule" "priv-in-any" {
+  cidr_blocks       = ["0.0.0.0/0"]
+  from_port         = 22
+  protocol          = "tcp"
+  security_group_id = aws_security_group.prod-priv-sg-datasaker.id
+  to_port           = 22
+  type              = "ingress"
+}
+
+resource "aws_security_group_rule" "priv-in-icmp" {
+  cidr_blocks       = ["0.0.0.0/0"]
+  from_port         = 8
+  protocol          = "icmp"
+  security_group_id = aws_security_group.prod-priv-sg-datasaker.id
+  to_port           = 8
+  type              = "ingress"
+}
+
+resource "aws_security_group_rule" "priv-out-icmp" {
+  cidr_blocks       = ["0.0.0.0/0"]
+  from_port         = 8
+  protocol          = "icmp"
+  security_group_id = aws_security_group.prod-priv-sg-datasaker.id
+  to_port           = 8
+  type              = "egress"
+}
+
+resource "aws_security_group_rule" "priv-out-any" {
+  cidr_blocks       = ["0.0.0.0/0"]
+  from_port         = 0
+  protocol          = "tcp"
+  security_group_id = aws_security_group.prod-priv-sg-datasaker.id
+  to_port           = 65535
+  type              = "egress"
+}
--- a/prod_221108/terraform/06_nlb.tf
+++ b/prod_221108/terraform/06_nlb.tf
@@ -0,0 +1,19 @@
+resource "aws_alb" "nlb-prod-kr-ingress" {
+  name               = "nlb-prod-kr-ingress"
+  internal           = false
+  load_balancer_type = "network"
+  subnet_mapping {
+    subnet_id = aws_subnet.sbn-prod-dmz-a.id
+  }
+  subnet_mapping {
+    subnet_id = aws_subnet.sbn-prod-dmz-b.id
+  }
+  subnet_mapping {
+    subnet_id = aws_subnet.sbn-prod-dmz-c.id
+  }
+  enable_deletion_protection = true
+
+  tags = {
+    Environment = "nlb-prod-kr-ingress"
+  }
+}
--- a/prod_221108/terraform/07_nlb_listener.tf
+++ b/prod_221108/terraform/07_nlb_listener.tf
@@ -0,0 +1,21 @@
+resource "aws_alb_listener" "nlb-listener-http-prod" {
+  load_balancer_arn = aws_alb.nlb-prod-kr-ingress.arn
+  port              = "443"
+  protocol          = "TCP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_alb_target_group.tg-prod-kr-tcp-30001.arn
+  }
+}
+
+resource "aws_alb_listener" "nlb-listener-tls-prod" {
+  load_balancer_arn = aws_alb.nlb-prod-kr-ingress.arn
+  port              = "80"
+  protocol          = "TCP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_alb_target_group.tg-prod-kr-tcp-30000.arn
+  }
+}
--- a/prod_221108/terraform/08_nlb_target_group.tf
+++ b/prod_221108/terraform/08_nlb_target_group.tf
@@ -0,0 +1,85 @@
+variable "k8s-prod-master-2a" {
+  default = "i-082bb4e2813521de0"
+}
+
+variable "k8s-prod-master-2b" {
+  default = "i-045a073c83b7f23c2"
+}
+
+variable "k8s-prod-master-2c" {
+  default = "i-049f35ffe56207c62"
+}
+
+##################################################################################
+
+resource "aws_alb_target_group" "tg-prod-kr-tcp-30000" {
+    name      = "tg-prod-kr-tcp-30000"
+    port      = 30000
+    protocol  = "TCP"
+    vpc_id    = aws_vpc.vpc-prod-datasaker.id
+
+
+    health_check {
+        interval            = 30
+        protocol            = "TCP"
+        healthy_threshold   = 3
+        unhealthy_threshold = 3
+    }
+
+}
+
+resource "aws_alb_target_group_attachment" "prod-master-http-2a" {
+  target_group_arn = "${aws_alb_target_group.tg-prod-kr-tcp-30000.arn}"
+  target_id        = "${var.k8s-prod-master-2a}"
+  port             = 30000
+}
+
+resource "aws_alb_target_group_attachment" "prod-master-http-2b" {
+  target_group_arn = "${aws_alb_target_group.tg-prod-kr-tcp-30000.arn}"
+  target_id        = "${var.k8s-prod-master-2b}"
+  port             = 30000
+}
+
+resource "aws_alb_target_group_attachment" "prod-master-http-2c" {
+  target_group_arn = "${aws_alb_target_group.tg-prod-kr-tcp-30000.arn}"
+  target_id        = "${var.k8s-prod-master-2c}"
+  port             = 30000
+}
+
+###############################################################################
+
+resource "aws_alb_target_group" "tg-prod-kr-tcp-30001" {
+    name      = "tg-prod-kr-tcp-30001"
+    port      = 30001
+    protocol  = "TCP"
+    vpc_id    = aws_vpc.vpc-prod-datasaker.id
+
+
+    health_check {
+        interval            = 30
+        protocol            = "TCP"
+        healthy_threshold   = 3
+        unhealthy_threshold = 3
+    }
+
+}
+
+resource "aws_alb_target_group_attachment" "prod-master-tls-2a" {
+  target_group_arn = "${aws_alb_target_group.tg-prod-kr-tcp-30001.arn}"
+  target_id        = "${var.k8s-prod-master-2a}"
+  port             = 30001
+}
+
+resource "aws_alb_target_group_attachment" "prod-master-tls-2b" {
+  target_group_arn = "${aws_alb_target_group.tg-prod-kr-tcp-30001.arn}"
+  target_id        = "${var.k8s-prod-master-2b}"
+  port             = 30001
+}
+
+resource "aws_alb_target_group_attachment" "prod-master-tls-2c" {
+  target_group_arn = "${aws_alb_target_group.tg-prod-kr-tcp-30001.arn}"
+  target_id        = "${var.k8s-prod-master-2c}"
+  port             = 30001
+}
+
+###############################################################################
--- a/prod_221108/terraform/09_route53.tf
+++ b/prod_221108/terraform/09_route53.tf
@@ -0,0 +1,132 @@
+ variable "datasaker-ai" {
+   default = "Z06479772L265DHVJW30F"
+ }
+
+ variable "datasaker-com" {
+   default = "Z0218361HIZ723RV9EX4"
+ }
+
+ variable "datasaker-io" {
+   default = "Z072735718G25WNVKU834"
+ }
+
+ variable "datasaker-co-kr" {
+   default = "Z06528191YJHOMRBYTXXT"
+ }
+
+ variable "datasaker-net" {
+   default = "Z072720912UR7SY03M9F8"
+ }
+
+##############################################################################
+
+resource "aws_route53_record" "prod-dns-krakend" {
+  zone_id = "${var.datasaker-io}"
+  name    = "api.kr.datasaker.io"
+  type    = "A"
+  alias {
+    name    = aws_alb.nlb-prod-kr-ingress.dns_name
+    zone_id = aws_alb.nlb-prod-kr-ingress.zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "prod-dns-keycloak" {
+  zone_id = "${var.datasaker-io}"
+  name    = "auth.kr.datasaker.io"
+  type    = "A"
+  alias {
+    name    = aws_alb.nlb-prod-kr-ingress.dns_name
+    zone_id = aws_alb.nlb-prod-kr-ingress.zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "prod-dns-dsk-agentmanager" {
+  zone_id = "${var.datasaker-io}"
+  name    = "am.kr.datasaker.io"
+  type    = "A"
+  alias {
+    name    = aws_alb.nlb-prod-kr-ingress.dns_name
+    zone_id = aws_alb.nlb-prod-kr-ingress.zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "prod-dns-datagate-metric" {
+  zone_id = "${var.datasaker-io}"
+  name    = "megate.kr.datasaker.io"
+  type    = "A"
+  alias {
+    name    = aws_alb.nlb-prod-kr-ingress.dns_name
+    zone_id = aws_alb.nlb-prod-kr-ingress.zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "prod-dns-datagate-jaeger" {
+  zone_id = "${var.datasaker-io}"
+  name    = "trgate.kr.datasaker.io"
+  type    = "A"
+  alias {
+    name    = aws_alb.nlb-prod-kr-ingress.dns_name
+    zone_id = aws_alb.nlb-prod-kr-ingress.zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "prod-dns-datagate-manifest" {
+  zone_id = "${var.datasaker-io}"
+  name    = "magate.kr.datasaker.io"
+  type    = "A"
+  alias {
+    name    = aws_alb.nlb-prod-kr-ingress.dns_name
+    zone_id = aws_alb.nlb-prod-kr-ingress.zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "prod-dns-loggate" {
+  zone_id = "${var.datasaker-io}"
+  name    = "lgate.kr.datasaker.io"
+  type    = "A"
+  alias {
+    name    = aws_alb.nlb-prod-kr-ingress.dns_name
+    zone_id = aws_alb.nlb-prod-kr-ingress.zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "prod-dns-ui" {
+  zone_id = "${var.datasaker-io}"
+  name    = "app.kr.datasaker.io"
+  type    = "A"
+  alias {
+    name    = aws_alb.nlb-prod-kr-ingress.dns_name
+    zone_id = aws_alb.nlb-prod-kr-ingress.zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "prod-test" {
+  zone_id = "${var.datasaker-io}"
+  name    = "kubedash.kr.datasaker.io"
+  type    = "A"
+  alias {
+    name    = aws_alb.nlb-prod-kr-ingress.dns_name
+    zone_id = aws_alb.nlb-prod-kr-ingress.zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "prod-test2" {
+  zone_id = "${var.datasaker-io}"
+  name    = "jenkins-prod.kr.datasaker.io"
+  type    = "A"
+  alias {
+    name    = aws_alb.nlb-prod-kr-ingress.dns_name
+    zone_id = aws_alb.nlb-prod-kr-ingress.zone_id
+    evaluate_target_health = true
+  }
+}
+
--- a/prod_221108/terraform/10_nlb_internal.tf
+++ b/prod_221108/terraform/10_nlb_internal.tf
@@ -0,0 +1,19 @@
+resource "aws_alb" "nlb-prod-kr-ingress" {
+  name               = "nlb-prod-kr-ingress"
+  internal           = false
+  load_balancer_type = "network"
+  subnet_mapping {
+    subnet_id = aws_subnet.sbn-prod-dmz-a.id
+  }
+  subnet_mapping {
+    subnet_id = aws_subnet.sbn-prod-dmz-b.id
+  }
+  subnet_mapping {
+    subnet_id = aws_subnet.sbn-prod-dmz-c.id
+  }
+  enable_deletion_protection = true
+
+  tags = {
+    Environment = "nlb-prod-kr-ingress"
+  }
+}
--- a/prod_221108/terraform/data.sh
+++ b/prod_221108/terraform/data.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+
+curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+chmod 700 get_helm.sh
+./get_helm.sh
+
+echo "source <(kubectl completion bash)" >> /etc/profile
+echo "alias k=kubectl" >> /etc/profile
+echo "complete -o default -F __start_kubectl k" >> /etc/profile
--- a/prod_221108/terraform/terraform.tfstate
+++ b/prod_221108/terraform/terraform.tfstate
--- a/prod_221108/terraform/terraform.tfstate.backup
+++ b/prod_221108/terraform/terraform.tfstate.backup