prod

2022-11-02 11:18:05 +09:00
parent 2224a6f6e7
commit fff9000311
9 changed files with 4375 additions and 0 deletions
--- a/kops/prod.datasaker.io-20221102.yaml
+++ b/kops/prod.datasaker.io-20221102.yaml
@@ -0,0 +1,411 @@
+apiVersion: kops.k8s.io/v1alpha2
+kind: Cluster
+metadata:
+  creationTimestamp: "2022-11-01T05:36:36Z"
+  generation: 2
+  name: k8s-prod.datasaker.io
+spec:
+  api:
+    loadBalancer:
+      class: Network
+      type: Public
+  authorization:
+    rbac: {}
+  channel: stable
+  cloudProvider: aws
+  configBase: s3://clusters.prod.datasaker.io/k8s-prod.datasaker.io
+  containerRuntime: containerd
+  etcdClusters:
+  - cpuRequest: 200m
+    etcdMembers:
+    - encryptedVolume: true
+      instanceGroup: master-ap-northeast-2a
+      name: a
+    - encryptedVolume: true
+      instanceGroup: master-ap-northeast-2b
+      name: b
+    - encryptedVolume: true
+      instanceGroup: master-ap-northeast-2c
+      name: c
+    memoryRequest: 100Mi
+    name: main
+  - cpuRequest: 100m
+    etcdMembers:
+    - encryptedVolume: true
+      instanceGroup: master-ap-northeast-2a
+      name: a
+    - encryptedVolume: true
+      instanceGroup: master-ap-northeast-2b
+      name: b
+    - encryptedVolume: true
+      instanceGroup: master-ap-northeast-2c
+      name: c
+    memoryRequest: 100Mi
+    name: events
+  iam:
+    allowContainerRegistry: true
+    legacy: false
+  kubelet:
+    anonymousAuth: false
+  kubernetesApiAccess:
+  - 0.0.0.0/0
+  - ::/0
+  kubernetesVersion: 1.25.2
+  masterInternalName: api.internal.k8s-prod.datasaker.io
+  masterPublicName: api.k8s-prod.datasaker.io
+  networkCIDR: 172.24.0.0/19
+  networkID: vpc-00ba2b0e9ad59f0ed
+  networking:
+    calico: {}
+  nonMasqueradeCIDR: 100.64.0.0/10
+  sshAccess:
+  - 0.0.0.0/0
+  - ::/0
+  subnets:
+  - cidr: 172.24.8.0/23
+    id: subnet-024f0deda82039fa4
+    name: ap-northeast-2a
+    type: Private
+    zone: ap-northeast-2a
+  - cidr: 172.24.10.0/23
+    id: subnet-050d942fa1c46540a
+    name: ap-northeast-2b
+    type: Private
+    zone: ap-northeast-2b
+  - cidr: 172.24.12.0/23
+    id: subnet-0946eb806af7377be
+    name: ap-northeast-2c
+    type: Private
+    zone: ap-northeast-2c
+  - cidr: 172.24.0.0/24
+    id: subnet-00c363356f133411d
+    name: utility-ap-northeast-2a
+    type: Utility
+    zone: ap-northeast-2a
+  - cidr: 172.24.1.0/24
+    id: subnet-07aa5e879a262014d
+    name: utility-ap-northeast-2b
+    type: Utility
+    zone: ap-northeast-2b
+  - cidr: 172.24.2.0/24
+    id: subnet-0073a61bc56a68a3e
+    name: utility-ap-northeast-2c
+    type: Utility
+    zone: ap-northeast-2c
+  topology:
+    dns:
+      type: Public
+    masters: private
+    nodes: private
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2022-11-02T01:50:52Z"
+  generation: 1
+  labels:
+    kops.k8s.io/cluster: k8s-prod.datasaker.io
+  name: k8s-prod-data-druid-a
+spec:
+  image: ami-0abb33b73a78cae31
+  kubelet:
+    anonymousAuth: false
+    nodeLabels:
+      node-role.kubernetes.io/node: ""
+  machineType: m6i.large
+  manager: CloudGroup
+  maxSize: 1
+  minSize: 1
+  nodeLabels:
+    datasaker/group: data-druid
+    kops.k8s.io/instancegroup: k8s-prod-data-druid-a
+  role: Node
+  subnets:
+  - ap-northeast-2a
+  taints:
+  - prod/data-druid:NoSchedule
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2022-11-02T01:50:52Z"
+  generation: 1
+  labels:
+    kops.k8s.io/cluster: k8s-prod.datasaker.io
+  name: k8s-prod-data-druid-b
+spec:
+  image: ami-0abb33b73a78cae31
+  kubelet:
+    anonymousAuth: false
+    nodeLabels:
+      node-role.kubernetes.io/node: ""
+  machineType: m6i.large
+  manager: CloudGroup
+  maxSize: 1
+  minSize: 1
+  nodeLabels:
+    datasaker/group: data-druid
+    kops.k8s.io/instancegroup: k8s-prod-data-druid-b
+  role: Node
+  subnets:
+  - ap-northeast-2b
+  taints:
+  - prod/data-druid:NoSchedule
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2022-11-02T01:50:52Z"
+  generation: 1
+  labels:
+    kops.k8s.io/cluster: k8s-prod.datasaker.io
+  name: k8s-prod-data-druid-c
+spec:
+  image: ami-0abb33b73a78cae31
+  kubelet:
+    anonymousAuth: false
+    nodeLabels:
+      node-role.kubernetes.io/node: ""
+  machineType: m6i.large
+  manager: CloudGroup
+  maxSize: 1
+  minSize: 1
+  nodeLabels:
+    datasaker/group: data-druid
+    kops.k8s.io/instancegroup: k8s-prod-data-druid-c
+  role: Node
+  subnets:
+  - ap-northeast-2c
+  taints:
+  - prod/data-druid:NoSchedule
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2022-11-02T01:51:35Z"
+  generation: 1
+  labels:
+    kops.k8s.io/cluster: k8s-prod.datasaker.io
+  name: k8s-prod-data-kafka-a
+spec:
+  image: ami-0abb33b73a78cae31
+  kubelet:
+    anonymousAuth: false
+    nodeLabels:
+      node-role.kubernetes.io/node: ""
+  machineType: m6i.large
+  manager: CloudGroup
+  maxSize: 1
+  minSize: 1
+  nodeLabels:
+    datasaker/group: data-kafka
+    kops.k8s.io/instancegroup: k8s-prod-data-kafka-a
+  role: Node
+  subnets:
+  - ap-northeast-2a
+  taints:
+  - prod/data-kafka:NoSchedule
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2022-11-02T01:51:35Z"
+  generation: 1
+  labels:
+    kops.k8s.io/cluster: k8s-prod.datasaker.io
+  name: k8s-prod-data-kafka-b
+spec:
+  image: ami-0abb33b73a78cae31
+  kubelet:
+    anonymousAuth: false
+    nodeLabels:
+      node-role.kubernetes.io/node: ""
+  machineType: m6i.large
+  manager: CloudGroup
+  maxSize: 1
+  minSize: 1
+  nodeLabels:
+    datasaker/group: data-kafka
+    kops.k8s.io/instancegroup: k8s-prod-data-kafka-b
+  role: Node
+  subnets:
+  - ap-northeast-2b
+  taints:
+  - prod/data-kafka:NoSchedule
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2022-11-02T01:51:35Z"
+  generation: 1
+  labels:
+    kops.k8s.io/cluster: k8s-prod.datasaker.io
+  name: k8s-prod-data-kafka-c
+spec:
+  image: ami-0abb33b73a78cae31
+  kubelet:
+    anonymousAuth: false
+    nodeLabels:
+      node-role.kubernetes.io/node: ""
+  machineType: m6i.large
+  manager: CloudGroup
+  maxSize: 1
+  minSize: 1
+  nodeLabels:
+    datasaker/group: data-kafka
+    kops.k8s.io/instancegroup: k8s-prod-data-kafka-c
+  role: Node
+  subnets:
+  - ap-northeast-2c
+  taints:
+  - prod/data-kafka:NoSchedule
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2022-11-02T01:51:49Z"
+  generation: 1
+  labels:
+    kops.k8s.io/cluster: k8s-prod.datasaker.io
+  name: k8s-prod-process-a
+spec:
+  image: ami-0abb33b73a78cae31
+  machineType: c5.large
+  manager: CloudGroup
+  maxSize: 1
+  minSize: 1
+  nodeLabels:
+    datasaker/group: process
+    kops.k8s.io/instancegroup: k8s-prod-process-a
+  role: Node
+  rootVolumeSize: 100
+  subnets:
+  - ap-northeast-2a
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2022-11-02T01:51:49Z"
+  generation: 1
+  labels:
+    kops.k8s.io/cluster: k8s-prod.datasaker.io
+  name: k8s-prod-process-b
+spec:
+  image: ami-0abb33b73a78cae31
+  machineType: c5.large
+  manager: CloudGroup
+  maxSize: 1
+  minSize: 1
+  nodeLabels:
+    datasaker/group: process
+    kops.k8s.io/instancegroup: k8s-prod-process-b
+  role: Node
+  rootVolumeSize: 100
+  subnets:
+  - ap-northeast-2b
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2022-11-02T01:51:49Z"
+  generation: 1
+  labels:
+    kops.k8s.io/cluster: k8s-prod.datasaker.io
+  name: k8s-prod-process-c
+spec:
+  image: ami-0abb33b73a78cae31
+  machineType: c5.large
+  manager: CloudGroup
+  maxSize: 1
+  minSize: 1
+  nodeLabels:
+    datasaker/group: process
+    kops.k8s.io/instancegroup: k8s-prod-process-c
+  role: Node
+  rootVolumeSize: 100
+  subnets:
+  - ap-northeast-2c
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2022-11-01T05:36:36Z"
+  generation: 1
+  labels:
+    kops.k8s.io/cluster: k8s-prod.datasaker.io
+  name: master-ap-northeast-2a
+spec:
+  image: ami-0abb33b73a78cae31
+  instanceMetadata:
+    httpPutResponseHopLimit: 3
+    httpTokens: required
+  machineType: c5a.large
+  maxSize: 1
+  minSize: 1
+  role: Master
+  subnets:
+  - ap-northeast-2a
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2022-11-01T05:36:36Z"
+  generation: 1
+  labels:
+    kops.k8s.io/cluster: k8s-prod.datasaker.io
+  name: master-ap-northeast-2b
+spec:
+  image: ami-0abb33b73a78cae31
+  instanceMetadata:
+    httpPutResponseHopLimit: 3
+    httpTokens: required
+  machineType: c5a.large
+  maxSize: 1
+  minSize: 1
+  role: Master
+  subnets:
+  - ap-northeast-2b
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: "2022-11-01T05:36:36Z"
+  generation: 1
+  labels:
+    kops.k8s.io/cluster: k8s-prod.datasaker.io
+  name: master-ap-northeast-2c
+spec:
+  image: ami-0abb33b73a78cae31
+  instanceMetadata:
+    httpPutResponseHopLimit: 3
+    httpTokens: required
+  machineType: c5a.large
+  maxSize: 1
+  minSize: 1
+  role: Master
+  subnets:
+  - ap-northeast-2c
--- a/terraform/tf-prod-cloud-20221102/.terraform.lock.hcl
+++ b/terraform/tf-prod-cloud-20221102/.terraform.lock.hcl
@@ -0,0 +1,22 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "4.36.1"
+  constraints = ">= 4.0.0"
+  hashes = [
+    "h1:04NI9x34nwhgghwevSGdsjssqy5zzvMsQg2Qjpmx/n0=",
+    "zh:19b16047b4f15e9b8538a2b925f1e860463984eed7d9bd78e870f3e884e827a7",
+    "zh:3c0db06a9a14b05a77f3fe1fc029a5fb153f4966964790ca8e71ecc3427d83f5",
+    "zh:3c7407a8229005e07bc274cbae6e3a464c441a88810bfc6eceb2414678fd08ae",
+    "zh:3d96fa82c037fafbd3e7f4edc1de32afb029416650f6e392c39182fc74a9e03a",
+    "zh:8f4f540c5f63d847c4b802ca84d148bb6275a3b0723deb09bf933a4800bc7209",
+    "zh:9802cb77472d6bcf24c196ce2ca6d02fac9db91558536325fec85f955b71a8a4",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:a263352433878c89832c2e38f4fd56cf96ae9969c13b5c710d5ba043cbd95743",
+    "zh:aca7954a5f458ceb14bf0c04c961c4e1e9706bf3b854a1e90a97d0b20f0fe6d3",
+    "zh:d78f400332e87a97cce2e080db9d01beb01f38f5402514a6705d6b8167e7730d",
+    "zh:e14bdc49be1d8b7d2543d5c58078c84b76051085e8e6715a895dcfe6034b6098",
+    "zh:f2e400b88c8de170bb5027922226da1e9a6614c03f2a6756c15c3b930c2f460c",
+  ]
+}
--- a/terraform/tf-prod-cloud-20221102/bastion.tf
+++ b/terraform/tf-prod-cloud-20221102/bastion.tf
@@ -0,0 +1,25 @@
+resource "aws_instance" "bastion-k8s-prod-datasaker-io" {
+  ami                         = "ami-0b6591f49cf24e237"
+  instance_type               = "t3.small"
+  count                       = 1
+  key_name                    = "kp-jay-bastion-datasaker"
+  vpc_security_group_ids      = ["${aws_security_group.sg-prod-dmz-datasaker.id}"]
+  subnet_id                   = aws_subnet.sbn-prod-dmz-a.id
+  associate_public_ip_address = true
+  user_data                   = "${file("data.sh")}"
+
+  root_block_device {
+    delete_on_termination = true
+    encrypted             = false
+    tags = {
+      Name    = "bastion-k8s-prod-datasaker-io"
+    }
+    volume_size = 20
+    volume_type = "gp3"
+    iops        = 3000
+  }  
+
+  tags = {
+    Name = "bastion-k8s-prod-datasaker-io"
+  }
+}
--- a/terraform/tf-prod-cloud-20221102/data.sh
+++ b/terraform/tf-prod-cloud-20221102/data.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+
+curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+chmod 700 get_helm.sh
+sh get_helm.sh
--- a/terraform/tf-prod-cloud-20221102/dmz.tf
+++ b/terraform/tf-prod-cloud-20221102/dmz.tf
@@ -0,0 +1,189 @@
+
+
+output "sbn_dmz_prod_a_id" {
+  value = aws_subnet.sbn-prod-dmz-a.id
+}
+
+output "sbn_dmz_prod_b_id" {
+  value = aws_subnet.sbn-prod-dmz-b.id
+}
+
+output "sbn_dmz_prod_c_id" {
+  value = aws_subnet.sbn-prod-dmz-c.id
+}
+
+resource "aws_subnet" "sbn-prod-dmz-a" {
+  availability_zone                           = "ap-northeast-2a"
+  cidr_block                                  = "172.24.0.0/24"
+  enable_resource_name_dns_a_record_on_launch = true
+  private_dns_hostname_type_on_launch         = "resource-name"
+  tags = {
+    "Name"= "sbn-prod-dmz-a.datasaker"
+    "SubnetType"                                    = "Utility"
+    "kubernetes.io/cluster/datasaker"               = "owned"
+    "kubernetes.io/cluster/prod.datasaker.io"  = "shared"
+    "kubernetes.io/role/nlb"                        = "1"
+    "kubernetes.io/role/internal-nlb"               = "1"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_subnet" "sbn-prod-dmz-b" {
+  availability_zone                           = "ap-northeast-2b"
+  cidr_block                                  = "172.24.1.0/24"
+  enable_resource_name_dns_a_record_on_launch = true
+  private_dns_hostname_type_on_launch         = "resource-name"
+  tags = {
+    "Name"                                              = "sbn-prod-dmz-b.datasaker"
+    "SubnetType"                                        = "Utility"
+    "kubernetes.io/cluster/datasaker" 			= "owned"
+    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
+    "kubernetes.io/role/nlb"                            = "1"
+    "kubernetes.io/role/internal-nlb"                   = "1"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_subnet" "sbn-prod-dmz-c" {
+  availability_zone                           = "ap-northeast-2c"
+  cidr_block                                  = "172.24.2.0/24"
+  enable_resource_name_dns_a_record_on_launch = true
+  private_dns_hostname_type_on_launch         = "resource-name"
+  tags = {
+    "Name"                                              = "sbn-prod-dmz-c.datasaker"
+    "SubnetType"                                        = "Utility"
+    "kubernetes.io/cluster/datasaker" 			= "owned"
+    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
+    "kubernetes.io/role/nlb"                            = "1"
+    "kubernetes.io/role/internal-nlb"                   = "1"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_route_table" "rt-prod-datasaker-pub" {
+  tags = {
+    "Name" = "rt-prod-datasaker-pub"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_route" "r-0-0-0-0--0" {
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id = aws_internet_gateway.igw-prod-datasaker.id
+  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
+}
+
+resource "aws_route" "r-__--0" {
+  destination_ipv6_cidr_block = "::/0"
+  gateway_id = aws_internet_gateway.igw-prod-datasaker.id
+  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
+}
+resource "aws_route_table_association" "rta-prod-dmz-a" {
+  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
+  subnet_id      = aws_subnet.sbn-prod-dmz-a.id
+}
+
+resource "aws_route_table_association" "rta-prod-dmz-b" {
+  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
+  subnet_id      = aws_subnet.sbn-prod-dmz-b.id
+}
+
+resource "aws_route_table_association" "rta-prod-dmz-c" {
+  route_table_id = aws_route_table.rt-prod-datasaker-pub.id
+  subnet_id      = aws_subnet.sbn-prod-dmz-c.id
+}
+
+resource "aws_security_group" "sg-prod-dmz-datasaker" {
+  description = "Security group dmz-datasaker"
+  name        = "secg-dmz-datasaker"
+  tags = {
+    "Name" = "sg-prod-dmz-datasaker"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_security_group_rule" "sgr-from-115-178-73-2--32-ingress-tcp-22to22-dmz-prod-datasaker-io" {
+  cidr_blocks       = ["115.178.73.2/32"]
+  from_port         = 22
+  protocol          = "tcp"
+  security_group_id = aws_security_group.sg-prod-dmz-datasaker.id
+  to_port           = 22
+  type              = "ingress"
+}
+
+resource "aws_security_group_rule" "sgr-from-115-178-73-91--32-ingress-tcp-22to22-dmz-prod-datasaker-io" {
+  cidr_blocks       = ["115.178.73.91/32"]
+  from_port         = 22
+  protocol          = "tcp"
+  security_group_id = aws_security_group.sg-prod-dmz-datasaker.id
+  to_port           = 22
+  type              = "ingress"
+}
+
+resource "aws_security_group_rule" "sgr-from-0-0-0-0--0-engress-tcp-all-dmz-prod-datasaker-io" {
+  cidr_blocks       = ["0.0.0.0/0"]
+  from_port         = 0
+  protocol          = "tcp"
+  security_group_id = aws_security_group.sg-prod-dmz-datasaker.id
+  to_port           = 65535
+  type              = "egress"
+}
+
+resource "aws_eip" "eip-bastion-prod-datasaker" {
+  vpc      = true
+  tags = {
+    Name    = "eip-bastion-prod-datasaker"
+  }
+}
+
+resource "aws_eip" "eip-natgw-prod-a-datasaker" {
+  vpc      = true
+  tags = {
+    Name    = "eip-natgw-prod-a-datasaker"
+  }
+}
+
+resource "aws_eip" "eip-natgw-prod-b-datasaker" {
+  vpc      = true
+  tags = {
+    Name    = "eip-natgw-prod-b-datasaker"
+  }
+}
+
+resource "aws_eip" "eip-natgw-prod-c-datasaker" {
+  vpc      = true
+  tags = {
+    Name    = "eip-natgw-prod-c-datasaker"
+  }
+}
+
+resource "aws_nat_gateway" "natgw-prod-a-datasaker" {
+  allocation_id = aws_eip.eip-natgw-prod-a-datasaker.id
+  subnet_id     = aws_subnet.sbn-prod-dmz-a.id
+
+  tags = {
+    Name = "natgw-prod-a-datasaker"
+  }
+  depends_on = [aws_internet_gateway.igw-prod-datasaker]
+}
+
+resource "aws_nat_gateway" "natgw-prod-b-datasaker" {
+  allocation_id = aws_eip.eip-natgw-prod-b-datasaker.id
+  subnet_id     = aws_subnet.sbn-prod-dmz-b.id
+
+  tags = {
+    Name = "natgw-prod-b-datasaker"
+  }
+  depends_on = [aws_internet_gateway.igw-prod-datasaker]
+}
+
+resource "aws_nat_gateway" "natgw-prod-c-datasaker" {
+  allocation_id = aws_eip.eip-natgw-prod-c-datasaker.id
+  subnet_id     = aws_subnet.sbn-prod-dmz-c.id
+
+  tags = {
+    Name = "natgw-prod-c-datasaker"
+  }
+  depends_on = [aws_internet_gateway.igw-prod-datasaker]
+}
+
--- a/terraform/tf-prod-cloud-20221102/prod.tf
+++ b/terraform/tf-prod-cloud-20221102/prod.tf
@@ -0,0 +1,148 @@
+resource "aws_route_table" "private-prod-a-datasaker" {
+  tags = {
+    "Name" = "private-prod-a-datasaker"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_route_table" "private-prod-b-datasaker" {
+  tags = {
+    "Name" = "private-prod-b-datasaker"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_route_table" "private-prod-c-datasaker" {
+  tags = {
+    "Name" = "private-prod-c-datasaker"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_route" "route-private-rt-prod-a-datasaker-0-0-0-0--0" {
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = aws_nat_gateway.natgw-prod-a-datasaker.id
+  route_table_id         = aws_route_table.private-prod-a-datasaker.id
+}
+
+resource "aws_route" "route-private-rt-prod-b-datasaker-0-0-0-0--0" {
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = aws_nat_gateway.natgw-prod-b-datasaker.id
+  route_table_id         = aws_route_table.private-prod-b-datasaker.id
+}
+
+resource "aws_route" "route-private-rt-prod-c-datasaker-0-0-0-0--0" {
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = aws_nat_gateway.natgw-prod-c-datasaker.id
+  route_table_id         = aws_route_table.private-prod-c-datasaker.id
+}
+
+resource "aws_subnet" "sbn-prod-a" {
+  availability_zone                           = "ap-northeast-2a"
+  cidr_block                                  = "172.24.8.0/23"
+  enable_resource_name_dns_a_record_on_launch = true
+  private_dns_hostname_type_on_launch         = "resource-name"
+  tags = {
+    "Name"                                      = "sbn-prod-a-datasaker"
+    "SubnetType"                                = "Private"
+    "kubernetes.io/cluster/datasaker" 		    = "owned"
+    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
+    "kubernetes.io/role/nlb"                    = "1"
+    "kubernetes.io/role/internal-nlb"           = "1"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_subnet" "sbn-prod-b" {
+  availability_zone                           = "ap-northeast-2b"
+  cidr_block                                  = "172.24.10.0/23"
+  enable_resource_name_dns_a_record_on_launch = true
+  private_dns_hostname_type_on_launch         = "resource-name"
+  tags = {
+    "Name"                                      = "sbn-prod-b-datasaker"
+    "SubnetType"                                = "Private"
+    "kubernetes.io/cluster/datasaker" 		    = "owned"
+    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
+    "kubernetes.io/role/nlb"                    = "1"
+    "kubernetes.io/role/internal-nlb"           = "1"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_subnet" "sbn-prod-c" {
+  availability_zone                           = "ap-northeast-2c"
+  cidr_block                                  = "172.24.12.0/23"
+  enable_resource_name_dns_a_record_on_launch = true
+  private_dns_hostname_type_on_launch         = "resource-name"
+  tags = {
+    "Name"                                      = "sbn-prod-c-datasaker"
+    "SubnetType"                                = "Private"
+    "kubernetes.io/cluster/datasaker" 		    = "owned"
+    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
+    "kubernetes.io/role/nlb"                    = "1"
+    "kubernetes.io/role/internal-nlb"           = "1"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+
+resource "aws_route_table_association" "rta-prod-a" {
+  route_table_id = aws_route_table.private-prod-a-datasaker.id
+  subnet_id      = aws_subnet.sbn-prod-a.id
+}
+
+resource "aws_route_table_association" "rta-prod-b" {
+  route_table_id = aws_route_table.private-prod-b-datasaker.id
+  subnet_id      = aws_subnet.sbn-prod-b.id
+}
+
+resource "aws_route_table_association" "rta-prod-c" {
+  route_table_id = aws_route_table.private-prod-c-datasaker.id
+  subnet_id      = aws_subnet.sbn-prod-c.id
+}
+
+resource "aws_security_group" "sg-prod-datasaker" {
+  description = "Security group prod-datasaker"
+  name        = "secg-prod-datasaker"
+  tags = {
+    "Name" = "sg-prod-datasaker"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}
+
+
+resource "aws_security_group_rule" "sgr-from-0-0-0-0--0-ingress-tcp-22to22-prod-datasaker-io" {
+  cidr_blocks       = ["0.0.0.0/0"]
+  from_port         = 22
+  protocol          = "tcp"
+  security_group_id = aws_security_group.sg-prod-datasaker.id
+  to_port           = 22
+  type              = "ingress"
+}
+
+resource "aws_security_group_rule" "sgr-from-0-0-0-0--0-ingress-icmp-prod-datasaker-io" {
+  cidr_blocks       = ["0.0.0.0/0"]
+  from_port         = 8
+  protocol          = "icmp"
+  security_group_id = aws_security_group.sg-prod-datasaker.id
+  to_port           = 8
+  type              = "ingress"
+}
+
+resource "aws_security_group_rule" "sgr-to-0-0-0-0--0-egress-icmp-prod-datasaker-io" {
+  cidr_blocks       = ["0.0.0.0/0"]
+  from_port         = 8
+  protocol          = "icmp"
+  security_group_id = aws_security_group.sg-prod-datasaker.id
+  to_port           = 8
+  type              = "egress"
+}
+
+resource "aws_security_group_rule" "sgr-from-0-0-0-0--0-engress-tcp-all-prod-datasaker-io" {
+  cidr_blocks       = ["0.0.0.0/0"]
+  from_port         = 0
+  protocol          = "tcp"
+  security_group_id = aws_security_group.sg-prod-datasaker.id
+  to_port           = 65535
+  type              = "egress"
+}
--- a/terraform/tf-prod-cloud-20221102/terraform.tfstate
+++ b/terraform/tf-prod-cloud-20221102/terraform.tfstate
--- a/terraform/tf-prod-cloud-20221102/terraform.tfstate.backup
+++ b/terraform/tf-prod-cloud-20221102/terraform.tfstate.backup
--- a/terraform/tf-prod-cloud-20221102/vpc.tf
+++ b/terraform/tf-prod-cloud-20221102/vpc.tf
@@ -0,0 +1,55 @@
+terraform {
+  required_version = ">= 0.15.0"
+  required_providers {
+    aws = {
+      "configuration_aliases" = [aws.files]
+      "source"                = "hashicorp/aws"
+      "version"               = ">= 4.0.0"
+    }
+  }
+}
+
+provider "aws" {
+  alias  = "files"
+  region = "ap-northeast-2"
+}
+
+output "vpc_prod_datasaker_id" {
+  value = aws_vpc.vpc-prod-datasaker.id
+}
+
+output "vpc_prod_datasaker_cidr_block" {
+  value = aws_vpc.vpc-prod-datasaker.cidr_block
+}
+
+
+
+resource "aws_vpc" "vpc-prod-datasaker" {
+  assign_generated_ipv6_cidr_block = true
+  cidr_block                       = "172.24.0.0/19"
+  enable_dns_hostnames             = true
+  enable_dns_support               = true
+  tags = {
+    "Name" = "vpc-prod-datasaker"
+  }
+}
+
+resource "aws_vpc_dhcp_options" "vpc-dhcp-prod-datasaker" {
+  domain_name         = "ap-northeast-2.compute.internal"
+  domain_name_servers = ["AmazonProvidedDNS"]
+  tags = {
+    "Name" = "vpc-dhcp-prod-datasaker"
+  }
+}
+
+resource "aws_vpc_dhcp_options_association" "vpc-dhcp-asso-prod-datasaker" {
+  dhcp_options_id = aws_vpc_dhcp_options.vpc-dhcp-prod-datasaker.id
+  vpc_id          = aws_vpc.vpc-prod-datasaker.id
+}
+
+resource "aws_internet_gateway" "igw-prod-datasaker" {
+  tags = {
+    "Name" = "igw-prod-datasaker"
+  }
+  vpc_id = aws_vpc.vpc-prod-datasaker.id
+}