Week4: Terraform으로 AWS 인프라 프로비저닝 (VPC, EKS, ECR)#4
Merged
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- versions.tf: aws provider ~> 6.0, terraform >= 1.11.0 - backend.tf: S3 remote state (nurihaus-terraform-state/devopsim) - variables.tf: region, project, environment, VPC, EKS variables - main.tf: module wiring (vpc, ecr, eks) - outputs.tf: vpc_id, subnet_ids, cluster_name, kubeconfig command Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- VPC 10.0.0.0/16, 2 AZ (us-east-2a/b) - Public subnets: 10.0.0.0/24, 10.0.1.0/24 - Private subnets: 10.0.10.0/24, 10.0.11.0/24 - Internet Gateway, NAT Gateway (1개, 비용 절감) - Public/Private Route Table - VPC Endpoints: S3(Gateway), ECR API/DKR, STS, CloudWatch Logs - kubernetes.io/role/elb, internal-elb 태그 (ALB Controller용) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- EKS Cluster (Kubernetes 1.35, public+private endpoint) - Managed Node Group: t3.medium, desired 2 / min 1 / max 3 - IAM Roles: cluster, node group - OIDC Provider for IRSA - EBS CSI Driver addon + IRSA (StatefulSet PVC 지원) - ALB Controller IRSA (Helm 설치는 week5) - External Secrets IRSA (Helm 설치는 week5) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ECR repository: devopsim/api - scan_on_push: true (CVE 스캔) - Lifecycle policy: 최근 10개 이미지만 유지 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- main.tf: Cluster, Node Group, IAM Roles - irsa.tf: OIDC Provider, EBS CSI/ALB Controller/External Secrets IRSA - addons.tf: EBS CSI Driver addon - Remove week-specific comments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Interface Endpoints cost ~$14/month each (AZ x $0.01/h). For a learning project with low traffic, NAT Gateway data processing is cheaper. S3 Gateway Endpoint is free and reduces NAT costs for ECR image layer pulls. Also add docs/terraform.md with full infrastructure notes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- db statefulset: add PGDATA subdir to avoid lost+found conflict on EBS - api values-production.yaml: ECR image, ALB ingress, resources - ALB: internet-facing, target-type ip Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.gitignore추가Test plan
terraform plan오류 없음 확인aws eks update-kubeconfig)kubectl get nodesReady 상태 확인/health,/ready응답 확인🤖 Generated with Claude Code