From f256ae916e1ecdb182e66f2773ce3f18922f00d1 Mon Sep 17 00:00:00 2001
From: belljun3395 <195850@jnu.ac.kr>
Date: Thu, 6 Jun 2024 14:20:13 +0900
Subject: [PATCH] =?UTF-8?q?feat:=20NCP=20=EC=9D=B8=ED=94=84=EB=9D=BC?=
 =?UTF-8?q?=EB=A5=BC=20=ED=85=8C=EB=9D=BC=ED=8F=BC=EC=9D=84=20=ED=99=9C?=
 =?UTF-8?q?=EC=9A=A9=ED=95=98=EC=97=AC=20=EA=B5=AC=EC=84=B1=ED=95=A9?=
 =?UTF-8?q?=EB=8B=88=EB=8B=A4=20(#9)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: 인프라 구성에 필요한 변수 선언

* feat: NCP 인프라 구성에 필요한 변수 선언

* feat: NCP main 구성

* feat: NCP ACG 구성

* feat: NCP DB 구성

* feat: NCP Load Balancer 구성

* feat: NCP Network Interface 구성

* feat: NCP Route Table 구성

* feat: NCP Server 구성

* feat: NCP Subnet 구성

* feat: NCP Target Group 구성

* feat: NCP VPC 구성

* feat: NCP 모듈을 포함한 main 구성

* feat: NCP 인프라 구성 실행 액션 추가

* fix: github.ref 값을 main -> infra/main 으로 수정

* fix: 노출된 access, secret key 삭제
---
 .github/workflows/terrafrom_ncp_iac.yml | 43 ++++++++++++
 infra/terraform/main.tf                 | 21 ++++++
 infra/terraform/ncp/acg.tf              | 66 +++++++++++++++++++
 infra/terraform/ncp/db.tf               | 15 +++++
 infra/terraform/ncp/lb.tf               | 15 +++++
 infra/terraform/ncp/main.tf             | 15 +++++
 infra/terraform/ncp/nic.tf              |  7 ++
 infra/terraform/ncp/rt.tf               | 21 ++++++
 infra/terraform/ncp/server.tf           | 88 +++++++++++++++++++++++++
 infra/terraform/ncp/subnet.tf           | 31 +++++++++
 infra/terraform/ncp/tg.tf               | 25 +++++++
 infra/terraform/ncp/variable.tf         | 36 ++++++++++
 infra/terraform/ncp/vpc.tf              |  5 ++
 infra/terraform/variable.tf             | 36 ++++++++++
 14 files changed, 424 insertions(+)
 create mode 100644 .github/workflows/terrafrom_ncp_iac.yml
 create mode 100644 infra/terraform/main.tf
 create mode 100644 infra/terraform/ncp/acg.tf
 create mode 100644 infra/terraform/ncp/db.tf
 create mode 100644 infra/terraform/ncp/lb.tf
 create mode 100644 infra/terraform/ncp/main.tf
 create mode 100644 infra/terraform/ncp/nic.tf
 create mode 100644 infra/terraform/ncp/rt.tf
 create mode 100644 infra/terraform/ncp/server.tf
 create mode 100644 infra/terraform/ncp/subnet.tf
 create mode 100644 infra/terraform/ncp/tg.tf
 create mode 100644 infra/terraform/ncp/variable.tf
 create mode 100644 infra/terraform/ncp/vpc.tf
 create mode 100644 infra/terraform/variable.tf

diff --git a/.github/workflows/terrafrom_ncp_iac.yml b/.github/workflows/terrafrom_ncp_iac.yml
new file mode 100644
index 000000000..a7292b09a
--- /dev/null
+++ b/.github/workflows/terrafrom_ncp_iac.yml
@@ -0,0 +1,43 @@
+name: NCP IaC
+
+on:
+  push:
+    branches:
+      - infra/main
+  workflow_dispatch:
+
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    env:
+      working-directory: ./infra/terraform
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Terraform Setup
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.8.2
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+      - name: Terraform Init
+        working-directory: ${{ env.working-directory }}
+        run: terraform init
+
+      - name: Terraform Format
+        working-directory: ${{ env.working-directory }}
+        run: terraform fmt -check
+
+      - name: Terraform Plan
+        working-directory: ${{ env.working-directory }}
+        run: terraform plan -var=ncp_access_key=${{ secrets.NCP_ACCESS_KEY_ID }} -var=ncp_secret_key=${{ secrets.NCP_SECRET_ACCESS_KEY }} -input=false
+
+      - name: Terraform Apply
+        working-directory: ${{ env.working-directory }}
+        if: github.ref == 'refs/heads/infra/main' && github.event_name == 'push'
+        run: terraform apply -auto-approve -var=ncp_access_key=${{ secrets.NCP_ACCESS_KEY_ID }} -var=ncp_secret_key=${{ secrets.NCP_SECRET_ACCESS_KEY }} -input=false
diff --git a/infra/terraform/main.tf b/infra/terraform/main.tf
new file mode 100644
index 000000000..14fee3df1
--- /dev/null
+++ b/infra/terraform/main.tf
@@ -0,0 +1,21 @@
+# Cloud
+terraform {
+  cloud {
+    organization = "few-org"
+    hostname     = "app.terraform.io"
+    workspaces {
+      name = "few-org-work"
+    }
+  }
+}
+
+# NCP Provider
+module "ncp" {
+  source       = "./ncp"
+  prefix       = var.prefix
+  region       = var.ncp_region
+  access_key   = var.ncp_access_key
+  secret_key   = var.ncp_secret_key
+  rds_username = var.ncp_rds_username
+  rds_password = var.ncp_rds_password
+}
diff --git a/infra/terraform/ncp/acg.tf b/infra/terraform/ncp/acg.tf
new file mode 100644
index 000000000..64fbeca43
--- /dev/null
+++ b/infra/terraform/ncp/acg.tf
@@ -0,0 +1,66 @@
+# ACG 생성
+resource "ncloud_access_control_group" "be_server" {
+  name        = "${var.prefix}-be-server-acg"
+  description = "Backend Server Access Control Group"
+  vpc_no      = ncloud_vpc.vpc.id
+}
+
+# ACG Rule 생성
+## Backend Server ACG Rule
+resource "ncloud_access_control_group_rule" "be_server_rule" {
+  access_control_group_no = ncloud_access_control_group.be_server.id
+
+  inbound {
+    protocol    = "TCP"
+    ip_block    = "0.0.0.0/0"
+    port_range  = "22"
+    description = "accept 22 port"
+  }
+
+  inbound {
+    protocol    = "TCP"
+    ip_block    = "0.0.0.0/0"
+    port_range  = "1-65535"
+    description = "accept 1-65535 port"
+  }
+
+  outbound {
+    protocol    = "TCP"
+    ip_block    = "0.0.0.0/0"
+    port_range  = "1-65535"
+    description = "accept 1-65535 port"
+  }
+}
+
+## Database Server ACG Rule
+resource "ncloud_access_control_group_rule" "db_server_rule" {
+  access_control_group_no = ncloud_mysql.mysql.access_control_group_no_list[0]
+
+  inbound {
+    protocol                       = "TCP"
+    port_range                     = "3306"
+    source_access_control_group_no = ncloud_access_control_group.be_server.id
+    description                    = "accept 3306 port"
+  }
+
+  inbound {
+    protocol    = "TCP"
+    ip_block    = ncloud_subnet.public_a.subnet
+    port_range  = "3306"
+    description = "accept 3306 port"
+  }
+
+  inbound {
+    protocol    = "TCP"
+    ip_block    = "0.0.0.0/0"
+    port_range  = "3306"
+    description = "accept 3306 port"
+  }
+
+  outbound {
+    protocol    = "TCP"
+    ip_block    = "0.0.0.0/0"
+    port_range  = "1-65535"
+    description = "accept 1-65535 port"
+  }
+}
diff --git a/infra/terraform/ncp/db.tf b/infra/terraform/ncp/db.tf
new file mode 100644
index 000000000..e2c3ed040
--- /dev/null
+++ b/infra/terraform/ncp/db.tf
@@ -0,0 +1,15 @@
+# MySQL 생성
+resource "ncloud_mysql" "mysql" {
+  user_name          = var.rds_username
+  user_password      = var.rds_password
+  host_ip            = ncloud_public_ip.be_public_ip.public_ip
+  database_name      = "${var.prefix}-db"
+  service_name       = "mysql"
+  server_name_prefix = "${var.prefix}-db"
+  subnet_no          = ncloud_subnet.db_a.id
+  data_storage_type  = "SSD"
+  is_ha              = false
+  is_backup          = false
+  port               = 3306
+}
+
diff --git a/infra/terraform/ncp/lb.tf b/infra/terraform/ncp/lb.tf
new file mode 100644
index 000000000..f30664f8c
--- /dev/null
+++ b/infra/terraform/ncp/lb.tf
@@ -0,0 +1,15 @@
+# Load Balancer 생성
+resource "ncloud_lb" "be_lb" {
+  name           = "${var.prefix}-lb"
+  network_type   = "PUBLIC"
+  type           = "APPLICATION"
+  subnet_no_list = [ncloud_subnet.lb_a.subnet_no]
+}
+
+# Load Balancer Target Group 설정
+resource "ncloud_lb_listener" "be_lb_listener" {
+  load_balancer_no = ncloud_lb.be_lb.load_balancer_no
+  protocol         = "HTTP"
+  port             = 80
+  target_group_no  = ncloud_lb_target_group.be_tg.target_group_no
+}
diff --git a/infra/terraform/ncp/main.tf b/infra/terraform/ncp/main.tf
new file mode 100644
index 000000000..d4c4dc70d
--- /dev/null
+++ b/infra/terraform/ncp/main.tf
@@ -0,0 +1,15 @@
+terraform {
+  required_providers {
+    ncloud = {
+      source = "NaverCloudPlatform/ncloud"
+    }
+  }
+  required_version = ">= 0.13"
+}
+
+provider "ncloud" {
+  support_vpc = true // VPC 사용
+  access_key  = var.access_key
+  secret_key  = var.secret_key
+  region      = var.region
+}
diff --git a/infra/terraform/ncp/nic.tf b/infra/terraform/ncp/nic.tf
new file mode 100644
index 000000000..a3b826450
--- /dev/null
+++ b/infra/terraform/ncp/nic.tf
@@ -0,0 +1,7 @@
+# Network Interface 생성
+resource "ncloud_network_interface" "be_server_nic" {
+  name                  = "${var.prefix}-be-server-nic"
+  description           = "Backend NIC"
+  subnet_no             = ncloud_subnet.public_a.subnet_no
+  access_control_groups = [ncloud_access_control_group.be_server.id]
+}
diff --git a/infra/terraform/ncp/rt.tf b/infra/terraform/ncp/rt.tf
new file mode 100644
index 000000000..9016f6b72
--- /dev/null
+++ b/infra/terraform/ncp/rt.tf
@@ -0,0 +1,21 @@
+# Route Table 생성
+## Public RT 생성
+resource "ncloud_route_table" "public_rt" {
+  vpc_no                = ncloud_vpc.vpc.id
+  supported_subnet_type = "PUBLIC"
+  name                  = "${var.prefix}-public-rt"
+}
+
+## Private RT 생성
+resource "ncloud_route_table" "private_rt" {
+  vpc_no                = ncloud_vpc.vpc.id
+  supported_subnet_type = "PRIVATE"
+  name                  = "${var.prefix}-private-rt"
+}
+
+# Route Table Association 생성
+## Public RT & Public Subnet A 연결
+resource "ncloud_route_table_association" "public_a" {
+  route_table_no = ncloud_route_table.public_rt.id
+  subnet_no      = ncloud_subnet.public_a.id
+}
diff --git a/infra/terraform/ncp/server.tf b/infra/terraform/ncp/server.tf
new file mode 100644
index 000000000..b95d52be5
--- /dev/null
+++ b/infra/terraform/ncp/server.tf
@@ -0,0 +1,88 @@
+# SSH Key 생성
+resource "ncloud_login_key" "be_key" {
+  key_name = "${var.prefix}-be-key"
+}
+
+# SSH Key 파일 생성
+resource "local_file" "be_key" {
+  filename = "${var.prefix}_be.pem"
+  content  = ncloud_login_key.be_key.private_key
+}
+
+# Server 생성
+resource "ncloud_server" "be_server" {
+  subnet_no                 = ncloud_subnet.public_a.id
+  name                      = "${var.prefix}-be-server"
+  server_image_product_code = data.ncloud_server_image.image.product_code
+  server_product_code       = data.ncloud_server_product.product.product_code
+  login_key_name            = ncloud_login_key.be_key.key_name
+  network_interface {
+    order                = 0
+    network_interface_no = ncloud_network_interface.be_server_nic.id
+  }
+}
+
+# Server에 public ip 할당
+resource "ncloud_public_ip" "be_public_ip" {
+  server_instance_no = ncloud_server.be_server.id
+}
+
+# ubuntu 20.04 이미지 정보
+data "ncloud_server_image" "image" {
+  product_code = "SW.VSVR.OS.LNX64.UBNTU.SVR2004.B050"
+}
+
+# Server 스펙 정보
+data "ncloud_server_product" "product" {
+  server_image_product_code = data.ncloud_server_image.image.product_code
+  filter {
+    name   = "product_code"
+    values = ["SSD"]
+    regex  = true
+  }
+
+  filter {
+    name   = "cpu_count"
+    values = ["2"]
+  }
+
+  filter {
+    name   = "memory_size"
+    values = ["8GB"]
+  }
+
+  filter {
+    name   = "base_block_storage_size"
+    values = ["50GB"]
+  }
+
+  filter {
+    name   = "product_type"
+    values = ["STAND"]
+  }
+}
+
+# Server root password 정보
+data "ncloud_root_password" "be_root_password" {
+  server_instance_no = ncloud_server.be_server.id
+  private_key        = ncloud_login_key.be_key.private_key
+}
+
+resource "local_file" "be_root_password" {
+  filename = "${var.prefix}_be_root_password.txt"
+  content  = data.ncloud_root_password.be_root_password.root_password
+}
+
+# Server init script
+## 임시 init script / nginx 설치 및 실행
+resource "ncloud_init_script" "be_init_script" {
+  name    = "${var.prefix}-be-init-script"
+  content = <<EOF
+#!/bin/bash
+apt update -y
+apt install docker.io -y
+systemctl enable docker
+systemctl start docker
+docker run -d -p 8080:80 --name nginx nginx
+EOF
+}
diff --git a/infra/terraform/ncp/subnet.tf b/infra/terraform/ncp/subnet.tf
new file mode 100644
index 000000000..5a605ffac
--- /dev/null
+++ b/infra/terraform/ncp/subnet.tf
@@ -0,0 +1,31 @@
+# Subnet 생성
+## Load Balancer Subnet 생성
+resource "ncloud_subnet" "lb_a" {
+  vpc_no         = ncloud_vpc.vpc.id
+  subnet         = "10.0.0.0/24"
+  zone           = "KR-1"
+  network_acl_no = ncloud_vpc.vpc.default_network_acl_no
+  subnet_type    = "PUBLIC"
+  name           = "${var.prefix}-lb-a"
+  usage_type     = "LOADB"
+}
+
+## Public Subnet A 생성
+resource "ncloud_subnet" "public_a" {
+  vpc_no         = ncloud_vpc.vpc.id
+  subnet         = "10.0.10.0/24"
+  zone           = "KR-1"
+  network_acl_no = ncloud_vpc.vpc.default_network_acl_no
+  subnet_type    = "PUBLIC"
+  name           = "${var.prefix}-public-a"
+}
+
+## Database Subnet A 생성
+resource "ncloud_subnet" "db_a" {
+  vpc_no         = ncloud_vpc.vpc.id
+  subnet         = "10.0.100.0/24"
+  zone           = "KR-1"
+  network_acl_no = ncloud_vpc.vpc.default_network_acl_no
+  subnet_type    = "PUBLIC"
+  name           = "${var.prefix}-db-a"
+}
diff --git a/infra/terraform/ncp/tg.tf b/infra/terraform/ncp/tg.tf
new file mode 100644
index 000000000..bba199581
--- /dev/null
+++ b/infra/terraform/ncp/tg.tf
@@ -0,0 +1,25 @@
+# Target Group 생성
+resource "ncloud_lb_target_group" "be_tg" {
+  vpc_no      = ncloud_vpc.vpc.id
+  protocol    = "HTTP"
+  target_type = "VSVR"
+  port        = 8080
+  description = "target group for ncp"
+  health_check {
+    protocol       = "HTTP"
+    http_method    = "GET"
+    port           = 8080
+    url_path       = "/" // todo fix
+    cycle          = 30
+    up_threshold   = 2
+    down_threshold = 2
+  }
+
+  algorithm_type = "RR"
+}
+
+# Target Group Attachment 설정
+resource "ncloud_lb_target_group_attachment" "be_tg_attachment" {
+  target_group_no = ncloud_lb_target_group.be_tg.target_group_no
+  target_no_list  = [ncloud_server.be_server.id]
+}
diff --git a/infra/terraform/ncp/variable.tf b/infra/terraform/ncp/variable.tf
new file mode 100644
index 000000000..34ec13086
--- /dev/null
+++ b/infra/terraform/ncp/variable.tf
@@ -0,0 +1,36 @@
+variable "prefix" {
+  type        = string
+  default     = "few"
+  description = "The prefix to use for all resources"
+}
+
+
+variable "access_key" {
+  type        = string
+  sensitive   = true
+  description = "The access key for the IAM root user"
+}
+
+variable "secret_key" {
+  type        = string
+  sensitive   = true
+  description = "The secret key for the IAM root user"
+}
+
+variable "region" {
+  type        = string
+  description = "The region where the resources will be created"
+  default     = "KR"
+}
+
+variable "rds_username" {
+  type        = string
+  default     = "thisisrdsroot"
+  description = "The username for the RDS instance"
+}
+
+variable "rds_password" {
+  type        = string
+  default     = "thisisrdspassword@1"
+  description = "The password for the RDS instance"
+}
diff --git a/infra/terraform/ncp/vpc.tf b/infra/terraform/ncp/vpc.tf
new file mode 100644
index 000000000..76966fb1c
--- /dev/null
+++ b/infra/terraform/ncp/vpc.tf
@@ -0,0 +1,5 @@
+# VPC 생성
+resource "ncloud_vpc" "vpc" {
+  name            = "${var.prefix}-vpc"
+  ipv4_cidr_block = "10.0.0.0/16"
+}
diff --git a/infra/terraform/variable.tf b/infra/terraform/variable.tf
new file mode 100644
index 000000000..b891fc57a
--- /dev/null
+++ b/infra/terraform/variable.tf
@@ -0,0 +1,36 @@
+variable "prefix" {
+  type        = string
+  default     = "few"
+  description = "The prefix to use for all resources"
+}
+
+
+variable "ncp_access_key" {
+  type        = string
+  sensitive   = true
+  description = "The access key for the IAM root user"
+}
+
+variable "ncp_secret_key" {
+  type        = string
+  sensitive   = true
+  description = "The secret key for the IAM root user"
+}
+
+variable "ncp_region" {
+  type        = string
+  description = "The region where the resources will be created"
+  default     = "KR"
+}
+
+variable "ncp_rds_username" {
+  type        = string
+  default     = "thisisrdsroot"
+  description = "The username for the RDS instance"
+}
+
+variable "ncp_rds_password" {
+  type        = string
+  default     = "thisisrdspassword@1"
+  description = "The password for the RDS instance"
+}