prod

2022-11-02 11:18:05 +09:00
parent 2224a6f6e7
commit fff9000311
9 changed files with 4375 additions and 0 deletions
--- a/kops/prod.datasaker.io-20221102.yaml
+++ b/kops/prod.datasaker.io-20221102.yaml
@@ -0,0 +1,411 @@
 apiVersion: kops.k8s.io/v1alpha2
 kind: Cluster
 metadata:
  creationTimestamp: "2022-11-01T05:36:36Z"
  generation: 2
  name: k8s-prod.datasaker.io
 spec:
  api:
    loadBalancer:
      class: Network
      type: Public
  authorization:
    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: s3://clusters.prod.datasaker.io/k8s-prod.datasaker.io
  containerRuntime: containerd
  etcdClusters:
  - cpuRequest: 200m
    etcdMembers:
    - encryptedVolume: true
      instanceGroup: master-ap-northeast-2a
      name: a
    - encryptedVolume: true
      instanceGroup: master-ap-northeast-2b
      name: b
    - encryptedVolume: true
      instanceGroup: master-ap-northeast-2c
      name: c
    memoryRequest: 100Mi
    name: main
  - cpuRequest: 100m
    etcdMembers:
    - encryptedVolume: true
      instanceGroup: master-ap-northeast-2a
      name: a
    - encryptedVolume: true
      instanceGroup: master-ap-northeast-2b
      name: b
    - encryptedVolume: true
      instanceGroup: master-ap-northeast-2c
      name: c
    memoryRequest: 100Mi
    name: events
  iam:
    allowContainerRegistry: true
    legacy: false
  kubelet:
    anonymousAuth: false
  kubernetesApiAccess:
  - 0.0.0.0/0
  - ::/0
  kubernetesVersion: 1.25.2
  masterInternalName: api.internal.k8s-prod.datasaker.io
  masterPublicName: api.k8s-prod.datasaker.io
  networkCIDR: 172.24.0.0/19
  networkID: vpc-00ba2b0e9ad59f0ed
  networking:
    calico: {}
  nonMasqueradeCIDR: 100.64.0.0/10
  sshAccess:
  - 0.0.0.0/0
  - ::/0
  subnets:
  - cidr: 172.24.8.0/23
    id: subnet-024f0deda82039fa4
    name: ap-northeast-2a
    type: Private
    zone: ap-northeast-2a
  - cidr: 172.24.10.0/23
    id: subnet-050d942fa1c46540a
    name: ap-northeast-2b
    type: Private
    zone: ap-northeast-2b
  - cidr: 172.24.12.0/23
    id: subnet-0946eb806af7377be
    name: ap-northeast-2c
    type: Private
    zone: ap-northeast-2c
  - cidr: 172.24.0.0/24
    id: subnet-00c363356f133411d
    name: utility-ap-northeast-2a
    type: Utility
    zone: ap-northeast-2a
  - cidr: 172.24.1.0/24
    id: subnet-07aa5e879a262014d
    name: utility-ap-northeast-2b
    type: Utility
    zone: ap-northeast-2b
  - cidr: 172.24.2.0/24
    id: subnet-0073a61bc56a68a3e
    name: utility-ap-northeast-2c
    type: Utility
    zone: ap-northeast-2c
  topology:
    dns:
      type: Public
    masters: private
    nodes: private
 ---
 apiVersion: kops.k8s.io/v1alpha2
 kind: InstanceGroup
 metadata:
  creationTimestamp: "2022-11-02T01:50:52Z"
  generation: 1
  labels:
    kops.k8s.io/cluster: k8s-prod.datasaker.io
  name: k8s-prod-data-druid-a
 spec:
  image: ami-0abb33b73a78cae31
  kubelet:
    anonymousAuth: false
    nodeLabels:
      node-role.kubernetes.io/node: ""
  machineType: m6i.large
  manager: CloudGroup
  maxSize: 1
  minSize: 1
  nodeLabels:
    datasaker/group: data-druid
    kops.k8s.io/instancegroup: k8s-prod-data-druid-a
  role: Node
  subnets:
  - ap-northeast-2a
  taints:
  - prod/data-druid:NoSchedule
 ---
 apiVersion: kops.k8s.io/v1alpha2
 kind: InstanceGroup
 metadata:
  creationTimestamp: "2022-11-02T01:50:52Z"
  generation: 1
  labels:
    kops.k8s.io/cluster: k8s-prod.datasaker.io
  name: k8s-prod-data-druid-b
 spec:
  image: ami-0abb33b73a78cae31
  kubelet:
    anonymousAuth: false
    nodeLabels:
      node-role.kubernetes.io/node: ""
  machineType: m6i.large
  manager: CloudGroup
  maxSize: 1
  minSize: 1
  nodeLabels:
    datasaker/group: data-druid
    kops.k8s.io/instancegroup: k8s-prod-data-druid-b
  role: Node
  subnets:
  - ap-northeast-2b
  taints:
  - prod/data-druid:NoSchedule
 ---
 apiVersion: kops.k8s.io/v1alpha2
 kind: InstanceGroup
 metadata:
  creationTimestamp: "2022-11-02T01:50:52Z"
  generation: 1
  labels:
    kops.k8s.io/cluster: k8s-prod.datasaker.io
  name: k8s-prod-data-druid-c
 spec:
  image: ami-0abb33b73a78cae31
  kubelet:
    anonymousAuth: false
    nodeLabels:
      node-role.kubernetes.io/node: ""
  machineType: m6i.large
  manager: CloudGroup
  maxSize: 1
  minSize: 1
  nodeLabels:
    datasaker/group: data-druid
    kops.k8s.io/instancegroup: k8s-prod-data-druid-c
  role: Node
  subnets:
  - ap-northeast-2c
  taints:
  - prod/data-druid:NoSchedule
 ---
 apiVersion: kops.k8s.io/v1alpha2
 kind: InstanceGroup
 metadata:
  creationTimestamp: "2022-11-02T01:51:35Z"
  generation: 1
  labels:
    kops.k8s.io/cluster: k8s-prod.datasaker.io
  name: k8s-prod-data-kafka-a
 spec:
  image: ami-0abb33b73a78cae31
  kubelet:
    anonymousAuth: false
    nodeLabels:
      node-role.kubernetes.io/node: ""
  machineType: m6i.large
  manager: CloudGroup
  maxSize: 1
  minSize: 1
  nodeLabels:
    datasaker/group: data-kafka
    kops.k8s.io/instancegroup: k8s-prod-data-kafka-a
  role: Node
  subnets:
  - ap-northeast-2a
  taints:
  - prod/data-kafka:NoSchedule
 ---
 apiVersion: kops.k8s.io/v1alpha2
 kind: InstanceGroup
 metadata:
  creationTimestamp: "2022-11-02T01:51:35Z"
  generation: 1
  labels:
    kops.k8s.io/cluster: k8s-prod.datasaker.io
  name: k8s-prod-data-kafka-b
 spec:
  image: ami-0abb33b73a78cae31
  kubelet:
    anonymousAuth: false
    nodeLabels:
      node-role.kubernetes.io/node: ""
  machineType: m6i.large
  manager: CloudGroup
  maxSize: 1
  minSize: 1
  nodeLabels:
    datasaker/group: data-kafka
    kops.k8s.io/instancegroup: k8s-prod-data-kafka-b
  role: Node
  subnets:
  - ap-northeast-2b
  taints:
  - prod/data-kafka:NoSchedule
 ---
 apiVersion: kops.k8s.io/v1alpha2
 kind: InstanceGroup
 metadata:
  creationTimestamp: "2022-11-02T01:51:35Z"
  generation: 1
  labels:
    kops.k8s.io/cluster: k8s-prod.datasaker.io
  name: k8s-prod-data-kafka-c
 spec:
  image: ami-0abb33b73a78cae31
  kubelet:
    anonymousAuth: false
    nodeLabels:
      node-role.kubernetes.io/node: ""
  machineType: m6i.large
  manager: CloudGroup
  maxSize: 1
  minSize: 1
  nodeLabels:
    datasaker/group: data-kafka
    kops.k8s.io/instancegroup: k8s-prod-data-kafka-c
  role: Node
  subnets:
  - ap-northeast-2c
  taints:
  - prod/data-kafka:NoSchedule
 ---
 apiVersion: kops.k8s.io/v1alpha2
 kind: InstanceGroup
 metadata:
  creationTimestamp: "2022-11-02T01:51:49Z"
  generation: 1
  labels:
    kops.k8s.io/cluster: k8s-prod.datasaker.io
  name: k8s-prod-process-a
 spec:
  image: ami-0abb33b73a78cae31
  machineType: c5.large
  manager: CloudGroup
  maxSize: 1
  minSize: 1
  nodeLabels:
    datasaker/group: process
    kops.k8s.io/instancegroup: k8s-prod-process-a
  role: Node
  rootVolumeSize: 100
  subnets:
  - ap-northeast-2a
 ---
 apiVersion: kops.k8s.io/v1alpha2
 kind: InstanceGroup
 metadata:
  creationTimestamp: "2022-11-02T01:51:49Z"
  generation: 1
  labels:
    kops.k8s.io/cluster: k8s-prod.datasaker.io
  name: k8s-prod-process-b
 spec:
  image: ami-0abb33b73a78cae31
  machineType: c5.large
  manager: CloudGroup
  maxSize: 1
  minSize: 1
  nodeLabels:
    datasaker/group: process
    kops.k8s.io/instancegroup: k8s-prod-process-b
  role: Node
  rootVolumeSize: 100
  subnets:
  - ap-northeast-2b
 ---
 apiVersion: kops.k8s.io/v1alpha2
 kind: InstanceGroup
 metadata:
  creationTimestamp: "2022-11-02T01:51:49Z"
  generation: 1
  labels:
    kops.k8s.io/cluster: k8s-prod.datasaker.io
  name: k8s-prod-process-c
 spec:
  image: ami-0abb33b73a78cae31
  machineType: c5.large
  manager: CloudGroup
  maxSize: 1
  minSize: 1
  nodeLabels:
    datasaker/group: process
    kops.k8s.io/instancegroup: k8s-prod-process-c
  role: Node
  rootVolumeSize: 100
  subnets:
  - ap-northeast-2c
 ---
 apiVersion: kops.k8s.io/v1alpha2
 kind: InstanceGroup
 metadata:
  creationTimestamp: "2022-11-01T05:36:36Z"
  generation: 1
  labels:
    kops.k8s.io/cluster: k8s-prod.datasaker.io
  name: master-ap-northeast-2a
 spec:
  image: ami-0abb33b73a78cae31
  instanceMetadata:
    httpPutResponseHopLimit: 3
    httpTokens: required
  machineType: c5a.large
  maxSize: 1
  minSize: 1
  role: Master
  subnets:
  - ap-northeast-2a
 ---
 apiVersion: kops.k8s.io/v1alpha2
 kind: InstanceGroup
 metadata:
  creationTimestamp: "2022-11-01T05:36:36Z"
  generation: 1
  labels:
    kops.k8s.io/cluster: k8s-prod.datasaker.io
  name: master-ap-northeast-2b
 spec:
  image: ami-0abb33b73a78cae31
  instanceMetadata:
    httpPutResponseHopLimit: 3
    httpTokens: required
  machineType: c5a.large
  maxSize: 1
  minSize: 1
  role: Master
  subnets:
  - ap-northeast-2b
 ---
 apiVersion: kops.k8s.io/v1alpha2
 kind: InstanceGroup
 metadata:
  creationTimestamp: "2022-11-01T05:36:36Z"
  generation: 1
  labels:
    kops.k8s.io/cluster: k8s-prod.datasaker.io
  name: master-ap-northeast-2c
 spec:
  image: ami-0abb33b73a78cae31
  instanceMetadata:
    httpPutResponseHopLimit: 3
    httpTokens: required
  machineType: c5a.large
  maxSize: 1
  minSize: 1
  role: Master
  subnets:
  - ap-northeast-2c
--- a/terraform/tf-prod-cloud-20221102/.terraform.lock.hcl
+++ b/terraform/tf-prod-cloud-20221102/.terraform.lock.hcl
@@ -0,0 +1,22 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 provider "registry.terraform.io/hashicorp/aws" {
  version     = "4.36.1"
  constraints = ">= 4.0.0"
  hashes = [
    "h1:04NI9x34nwhgghwevSGdsjssqy5zzvMsQg2Qjpmx/n0=",
    "zh:19b16047b4f15e9b8538a2b925f1e860463984eed7d9bd78e870f3e884e827a7",
    "zh:3c0db06a9a14b05a77f3fe1fc029a5fb153f4966964790ca8e71ecc3427d83f5",
    "zh:3c7407a8229005e07bc274cbae6e3a464c441a88810bfc6eceb2414678fd08ae",
    "zh:3d96fa82c037fafbd3e7f4edc1de32afb029416650f6e392c39182fc74a9e03a",
    "zh:8f4f540c5f63d847c4b802ca84d148bb6275a3b0723deb09bf933a4800bc7209",
    "zh:9802cb77472d6bcf24c196ce2ca6d02fac9db91558536325fec85f955b71a8a4",
    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
    "zh:a263352433878c89832c2e38f4fd56cf96ae9969c13b5c710d5ba043cbd95743",
    "zh:aca7954a5f458ceb14bf0c04c961c4e1e9706bf3b854a1e90a97d0b20f0fe6d3",
    "zh:d78f400332e87a97cce2e080db9d01beb01f38f5402514a6705d6b8167e7730d",
    "zh:e14bdc49be1d8b7d2543d5c58078c84b76051085e8e6715a895dcfe6034b6098",
    "zh:f2e400b88c8de170bb5027922226da1e9a6614c03f2a6756c15c3b930c2f460c",
  ]
 }
--- a/terraform/tf-prod-cloud-20221102/bastion.tf
+++ b/terraform/tf-prod-cloud-20221102/bastion.tf
@@ -0,0 +1,25 @@
 resource "aws_instance" "bastion-k8s-prod-datasaker-io" {
  ami                         = "ami-0b6591f49cf24e237"
  instance_type               = "t3.small"
  count                       = 1
  key_name                    = "kp-jay-bastion-datasaker"
  vpc_security_group_ids      = ["${aws_security_group.sg-prod-dmz-datasaker.id}"]
  subnet_id                   = aws_subnet.sbn-prod-dmz-a.id
  associate_public_ip_address = true
  user_data                   = "${file("data.sh")}"
  root_block_device {
    delete_on_termination = true
    encrypted             = false
    tags = {
      Name    = "bastion-k8s-prod-datasaker-io"
    }
    volume_size = 20
    volume_type = "gp3"
    iops        = 3000
  }  
  tags = {
    Name = "bastion-k8s-prod-datasaker-io"
  }
 }
--- a/terraform/tf-prod-cloud-20221102/data.sh
+++ b/terraform/tf-prod-cloud-20221102/data.sh
@@ -0,0 +1,8 @@
 #!/bin/bash
 curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
 sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
 curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
 chmod 700 get_helm.sh
 sh get_helm.sh
--- a/terraform/tf-prod-cloud-20221102/dmz.tf
+++ b/terraform/tf-prod-cloud-20221102/dmz.tf
@@ -0,0 +1,189 @@
 output "sbn_dmz_prod_a_id" {
  value = aws_subnet.sbn-prod-dmz-a.id
 }
 output "sbn_dmz_prod_b_id" {
  value = aws_subnet.sbn-prod-dmz-b.id
 }
 output "sbn_dmz_prod_c_id" {
  value = aws_subnet.sbn-prod-dmz-c.id
 }
 resource "aws_subnet" "sbn-prod-dmz-a" {
  availability_zone                           = "ap-northeast-2a"
  cidr_block                                  = "172.24.0.0/24"
  enable_resource_name_dns_a_record_on_launch = true
  private_dns_hostname_type_on_launch         = "resource-name"
  tags = {
    "Name"= "sbn-prod-dmz-a.datasaker"
    "SubnetType"                                    = "Utility"
    "kubernetes.io/cluster/datasaker"               = "owned"
    "kubernetes.io/cluster/prod.datasaker.io"  = "shared"
    "kubernetes.io/role/nlb"                        = "1"
    "kubernetes.io/role/internal-nlb"               = "1"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
 }
 resource "aws_subnet" "sbn-prod-dmz-b" {
  availability_zone                           = "ap-northeast-2b"
  cidr_block                                  = "172.24.1.0/24"
  enable_resource_name_dns_a_record_on_launch = true
  private_dns_hostname_type_on_launch         = "resource-name"
  tags = {
    "Name"                                              = "sbn-prod-dmz-b.datasaker"
    "SubnetType"                                        = "Utility"
    "kubernetes.io/cluster/datasaker" 			= "owned"
    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
    "kubernetes.io/role/nlb"                            = "1"
    "kubernetes.io/role/internal-nlb"                   = "1"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
 }
 resource "aws_subnet" "sbn-prod-dmz-c" {
  availability_zone                           = "ap-northeast-2c"
  cidr_block                                  = "172.24.2.0/24"
  enable_resource_name_dns_a_record_on_launch = true
  private_dns_hostname_type_on_launch         = "resource-name"
  tags = {
    "Name"                                              = "sbn-prod-dmz-c.datasaker"
    "SubnetType"                                        = "Utility"
    "kubernetes.io/cluster/datasaker" 			= "owned"
    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
    "kubernetes.io/role/nlb"                            = "1"
    "kubernetes.io/role/internal-nlb"                   = "1"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
 }
 resource "aws_route_table" "rt-prod-datasaker-pub" {
  tags = {
    "Name" = "rt-prod-datasaker-pub"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
 }
 resource "aws_route" "r-0-0-0-0--0" {
  destination_cidr_block = "0.0.0.0/0"
  gateway_id = aws_internet_gateway.igw-prod-datasaker.id
  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
 }
 resource "aws_route" "r-__--0" {
  destination_ipv6_cidr_block = "::/0"
  gateway_id = aws_internet_gateway.igw-prod-datasaker.id
  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
 }
 resource "aws_route_table_association" "rta-prod-dmz-a" {
  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
  subnet_id      = aws_subnet.sbn-prod-dmz-a.id
 }
 resource "aws_route_table_association" "rta-prod-dmz-b" {
  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
  subnet_id      = aws_subnet.sbn-prod-dmz-b.id
 }
 resource "aws_route_table_association" "rta-prod-dmz-c" {
  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
  subnet_id      = aws_subnet.sbn-prod-dmz-c.id
 }
 resource "aws_security_group" "sg-prod-dmz-datasaker" {
  description = "Security group dmz-datasaker"
  name        = "secg-dmz-datasaker"
  tags = {
    "Name" = "sg-prod-dmz-datasaker"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
 }
 resource "aws_security_group_rule" "sgr-from-115-178-73-2--32-ingress-tcp-22to22-dmz-prod-datasaker-io" {
  cidr_blocks       = ["115.178.73.2/32"]
  from_port         = 22
  protocol          = "tcp"
  security_group_id = aws_security_group.sg-prod-dmz-datasaker.id
  to_port           = 22
  type              = "ingress"
 }
 resource "aws_security_group_rule" "sgr-from-115-178-73-91--32-ingress-tcp-22to22-dmz-prod-datasaker-io" {
  cidr_blocks       = ["115.178.73.91/32"]
  from_port         = 22
  protocol          = "tcp"
  security_group_id = aws_security_group.sg-prod-dmz-datasaker.id
  to_port           = 22
  type              = "ingress"
 }
 resource "aws_security_group_rule" "sgr-from-0-0-0-0--0-engress-tcp-all-dmz-prod-datasaker-io" {
  cidr_blocks       = ["0.0.0.0/0"]
  from_port         = 0
  protocol          = "tcp"
  security_group_id = aws_security_group.sg-prod-dmz-datasaker.id
  to_port           = 65535
  type              = "egress"
 }
 resource "aws_eip" "eip-bastion-prod-datasaker" {
  vpc      = true
  tags = {
    Name    = "eip-bastion-prod-datasaker"
  }
 }
 resource "aws_eip" "eip-natgw-prod-a-datasaker" {
  vpc      = true
  tags = {
    Name    = "eip-natgw-prod-a-datasaker"
  }
 }
 resource "aws_eip" "eip-natgw-prod-b-datasaker" {
  vpc      = true
  tags = {
    Name    = "eip-natgw-prod-b-datasaker"
  }
 }
 resource "aws_eip" "eip-natgw-prod-c-datasaker" {
  vpc      = true
  tags = {
    Name    = "eip-natgw-prod-c-datasaker"
  }
 }
 resource "aws_nat_gateway" "natgw-prod-a-datasaker" {
  allocation_id = aws_eip.eip-natgw-prod-a-datasaker.id
  subnet_id     = aws_subnet.sbn-prod-dmz-a.id
  tags = {
    Name = "natgw-prod-a-datasaker"
  }
  depends_on = [aws_internet_gateway.igw-prod-datasaker]
 }
 resource "aws_nat_gateway" "natgw-prod-b-datasaker" {
  allocation_id = aws_eip.eip-natgw-prod-b-datasaker.id
  subnet_id     = aws_subnet.sbn-prod-dmz-b.id
  tags = {
    Name = "natgw-prod-b-datasaker"
  }
  depends_on = [aws_internet_gateway.igw-prod-datasaker]
 }
 resource "aws_nat_gateway" "natgw-prod-c-datasaker" {
  allocation_id = aws_eip.eip-natgw-prod-c-datasaker.id
  subnet_id     = aws_subnet.sbn-prod-dmz-c.id
  tags = {
    Name = "natgw-prod-c-datasaker"
  }
  depends_on = [aws_internet_gateway.igw-prod-datasaker]
 }
--- a/terraform/tf-prod-cloud-20221102/prod.tf
+++ b/terraform/tf-prod-cloud-20221102/prod.tf
@@ -0,0 +1,148 @@
 resource "aws_route_table" "private-prod-a-datasaker" {
  tags = {
    "Name" = "private-prod-a-datasaker"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
 }
 resource "aws_route_table" "private-prod-b-datasaker" {
  tags = {
    "Name" = "private-prod-b-datasaker"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
 }
 resource "aws_route_table" "private-prod-c-datasaker" {
  tags = {
    "Name" = "private-prod-c-datasaker"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
 }
 resource "aws_route" "route-private-rt-prod-a-datasaker-0-0-0-0--0" {
  destination_cidr_block = "0.0.0.0/0"
  nat_gateway_id         = aws_nat_gateway.natgw-prod-a-datasaker.id
  route_table_id         = aws_route_table.private-prod-a-datasaker.id
 }
 resource "aws_route" "route-private-rt-prod-b-datasaker-0-0-0-0--0" {
  destination_cidr_block = "0.0.0.0/0"
  nat_gateway_id         = aws_nat_gateway.natgw-prod-b-datasaker.id
  route_table_id         = aws_route_table.private-prod-b-datasaker.id
 }
 resource "aws_route" "route-private-rt-prod-c-datasaker-0-0-0-0--0" {
  destination_cidr_block = "0.0.0.0/0"
  nat_gateway_id         = aws_nat_gateway.natgw-prod-c-datasaker.id
  route_table_id         = aws_route_table.private-prod-c-datasaker.id
 }
 resource "aws_subnet" "sbn-prod-a" {
  availability_zone                           = "ap-northeast-2a"
  cidr_block                                  = "172.24.8.0/23"
  enable_resource_name_dns_a_record_on_launch = true
  private_dns_hostname_type_on_launch         = "resource-name"
  tags = {
    "Name"                                      = "sbn-prod-a-datasaker"
    "SubnetType"                                = "Private"
    "kubernetes.io/cluster/datasaker" 		    = "owned"
    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
    "kubernetes.io/role/nlb"                    = "1"
    "kubernetes.io/role/internal-nlb"           = "1"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
 }
 resource "aws_subnet" "sbn-prod-b" {
  availability_zone                           = "ap-northeast-2b"
  cidr_block                                  = "172.24.10.0/23"
  enable_resource_name_dns_a_record_on_launch = true
  private_dns_hostname_type_on_launch         = "resource-name"
  tags = {
    "Name"                                      = "sbn-prod-b-datasaker"
    "SubnetType"                                = "Private"
    "kubernetes.io/cluster/datasaker" 		    = "owned"
    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
    "kubernetes.io/role/nlb"                    = "1"
    "kubernetes.io/role/internal-nlb"           = "1"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
 }
 resource "aws_subnet" "sbn-prod-c" {
  availability_zone                           = "ap-northeast-2c"
  cidr_block                                  = "172.24.12.0/23"
  enable_resource_name_dns_a_record_on_launch = true
  private_dns_hostname_type_on_launch         = "resource-name"
  tags = {
    "Name"                                      = "sbn-prod-c-datasaker"
    "SubnetType"                                = "Private"
    "kubernetes.io/cluster/datasaker" 		    = "owned"
    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
    "kubernetes.io/role/nlb"                    = "1"
    "kubernetes.io/role/internal-nlb"           = "1"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
 }
 resource "aws_route_table_association" "rta-prod-a" {
  route_table_id = aws_route_table.private-prod-a-datasaker.id
  subnet_id      = aws_subnet.sbn-prod-a.id
 }
 resource "aws_route_table_association" "rta-prod-b" {
  route_table_id = aws_route_table.private-prod-b-datasaker.id
  subnet_id      = aws_subnet.sbn-prod-b.id
 }
 resource "aws_route_table_association" "rta-prod-c" {
  route_table_id = aws_route_table.private-prod-c-datasaker.id
  subnet_id      = aws_subnet.sbn-prod-c.id
 }
 resource "aws_security_group" "sg-prod-datasaker" {
  description = "Security group prod-datasaker"
  name        = "secg-prod-datasaker"
  tags = {
    "Name" = "sg-prod-datasaker"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
 }
 resource "aws_security_group_rule" "sgr-from-0-0-0-0--0-ingress-tcp-22to22-prod-datasaker-io" {
  cidr_blocks       = ["0.0.0.0/0"]
  from_port         = 22
  protocol          = "tcp"
  security_group_id = aws_security_group.sg-prod-datasaker.id
  to_port           = 22
  type              = "ingress"
 }
 resource "aws_security_group_rule" "sgr-from-0-0-0-0--0-ingress-icmp-prod-datasaker-io" {
  cidr_blocks       = ["0.0.0.0/0"]
  from_port         = 8
  protocol          = "icmp"
  security_group_id = aws_security_group.sg-prod-datasaker.id
  to_port           = 8
  type              = "ingress"
 }
 resource "aws_security_group_rule" "sgr-to-0-0-0-0--0-egress-icmp-prod-datasaker-io" {
  cidr_blocks       = ["0.0.0.0/0"]
  from_port         = 8
  protocol          = "icmp"
  security_group_id = aws_security_group.sg-prod-datasaker.id
  to_port           = 8
  type              = "egress"
 }
 resource "aws_security_group_rule" "sgr-from-0-0-0-0--0-engress-tcp-all-prod-datasaker-io" {
  cidr_blocks       = ["0.0.0.0/0"]
  from_port         = 0
  protocol          = "tcp"
  security_group_id = aws_security_group.sg-prod-datasaker.id
  to_port           = 65535
  type              = "egress"
 }
--- a/terraform/tf-prod-cloud-20221102/terraform.tfstate
+++ b/terraform/tf-prod-cloud-20221102/terraform.tfstate
--- a/terraform/tf-prod-cloud-20221102/terraform.tfstate.backup
+++ b/terraform/tf-prod-cloud-20221102/terraform.tfstate.backup
--- a/terraform/tf-prod-cloud-20221102/vpc.tf
+++ b/terraform/tf-prod-cloud-20221102/vpc.tf
@@ -0,0 +1,55 @@
 terraform {
  required_version = ">= 0.15.0"
  required_providers {
    aws = {
      "configuration_aliases" = [aws.files]
      "source"                = "hashicorp/aws"
      "version"               = ">= 4.0.0"
    }
  }
 }
 provider "aws" {
  alias  = "files"
  region = "ap-northeast-2"
 }
 output "vpc_prod_datasaker_id" {
  value = aws_vpc.vpc-prod-datasaker.id
 }
 output "vpc_prod_datasaker_cidr_block" {
  value = aws_vpc.vpc-prod-datasaker.cidr_block
 }
 resource "aws_vpc" "vpc-prod-datasaker" {
  assign_generated_ipv6_cidr_block = true
  cidr_block                       = "172.24.0.0/19"
  enable_dns_hostnames             = true
  enable_dns_support               = true
  tags = {
    "Name" = "vpc-prod-datasaker"
  }
 }
 resource "aws_vpc_dhcp_options" "vpc-dhcp-prod-datasaker" {
  domain_name         = "ap-northeast-2.compute.internal"
  domain_name_servers = ["AmazonProvidedDNS"]
  tags = {
    "Name" = "vpc-dhcp-prod-datasaker"
  }
 }
 resource "aws_vpc_dhcp_options_association" "vpc-dhcp-asso-prod-datasaker" {
  dhcp_options_id = aws_vpc_dhcp_options.vpc-dhcp-prod-datasaker.id
  vpc_id          = aws_vpc.vpc-prod-datasaker.id
 }
 resource "aws_internet_gateway" "igw-prod-datasaker" {
  tags = {
    "Name" = "igw-prod-datasaker"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
 }