Terraform on Naver Cloud - Setting Up Infrastructure in NCP Environment

In this week’s lab, the goal is to set up the infrastructure environment as provided in the NCP (Network Cloud Platform) setup. I’ll walk through the flow of the assignment and the architecture of the setup.

Architecture

The architecture for the lab consists of the following structure: Internet Gateway: The Internet Gateway is connected to the Public Subnet, which allows direct communication with the internet. Private Subnet: The resources in the Private Subnet communicate with the outside world via a NAT Gateway. NAT Gateway: The NAT Gateway enables outbound internet access for instances in the Private Subnet while keeping them inaccessible from external sources. Load Balancer: The Load Balancer distributes traffic across multiple servers to ensure load balancing and high availability. Before we proceed with building this infrastructure, let’s review some key concepts and terms.

Key Terms

VPC (Virtual Private Cloud)

A VPC is a service that allows users to create logically isolated networks within a cloud environment. With VPC, users can control IP address ranges, subnets, routing tables, and network gateways. In this lab, we’ll divide the network into Private and Public Subnets and control network traffic via security groups.

Subnet

A subnet is a smaller subdivision of a VPC’s IP address range. Subnets can be public or private. The Public Subnet communicates directly with the internet through the Internet Gateway, while the Private Subnet accesses the internet via a NAT Gateway. Subnets allow fine-grained control over network traffic and security policies.

Internet Gateway

An Internet Gateway is a router that allows communication between a VPC and the internet. It routes traffic between resources in the Public Subnet and the internet. Resources in the Public Subnet can access the internet through the Internet Gateway, while resources in the Private Subnet access the internet through a NAT Gateway.

NAT Gateway

The NAT Gateway enables instances in the Private Subnet to access the internet, but it prevents external sources from directly accessing those instances. The NAT Gateway performs Network Address Translation (NAT), converting private IP addresses to public ones for outgoing traffic.

Load Balancer

A Load Balancer distributes incoming network traffic across multiple server instances to ensure no single server becomes overloaded. It also improves application availability and fault tolerance by redirecting traffic to healthy servers in case of failure.

Lab Steps

1. Setting Up the VPC Navigate to Service → Networking → VPC

and create a new VPC with a specified IP range.

1. Creating Subnets Within the VPC, create the necessary Subnets (Public and Private) based on the required architecture. These subnets will be used for resources such as servers and databases.

2. Network Access Control Use the default Access Control Groups (ACGs) for network access settings. These default settings help manage traffic and enforce security policies.

3. Creating Servers Go to Compute → Server to create new servers, similar to EC2 instances in AWS. Use the previously created ACL and select the appropriate Gateway (Public for the Public Subnet). Select the KR1 availability zone for the initial setup, and KR2 for redundancy.

4. Server Access After creating the servers, log in using the administrator password and test connectivity between the Public and Private servers. Ensure that you can access the private server from the public server.

5. Setting Up the NAT Gateway As seen in the previous concept, the NAT Gateway allows outbound internet access for instances in the Private Subnet. Start by creating a new subnet for the NAT Gateway and configure it accordingly.

After setting up the NAT Gateway, ensure the route table is updated to route traffic through the NAT Gateway for outbound access. To test, you can try pinging an external destination like Google to confirm the NAT Gateway is working.

1. Load Balancer Setup in KR2 For high availability, create an additional server in the KR2 zone and replicate the setup process.

→ You can create a new subnet in KR2 just like you did before.

Since you need to perform the same steps as the previous private server, it’s possible to easily replicate the existing server by creating an image. After replicating the server setup, create a Load Balancer and set up the necessary Target Groups to manage traffic between the two private servers.

1. Health Check Configuration Configure health checks to ensure the Load Balancer routes traffic only to healthy servers. Create a load balancer like the one below and check the connection information. Currently, a 503 error is displayed. Let’s add an inbound rule.

Set the success threshold to 2 successful checks and the failure threshold accordingly.

1. Inbound Rules Configuration To ensure proper traffic flow, modify the inbound rules of the Load Balancer to allow traffic on port 80 (HTTP). After updating the rules, test the Load Balancer by accessing the server’s application (e.g., Nginx page) through the Load Balancer’s IP.

2. Verify Load Balancer Status Check the status of the Load Balancer’s target group to ensure it is correctly routing traffic and that all instances are healthy.

Conclusion

This lab walk-through demonstrates how to set up a secure and scalable network infrastructure using VPCs, subnets, NAT Gateways, and Load Balancers in the NCP environment. By following the steps, we can create a robust environment where internal servers in the Private Subnet are securely accessed, and external traffic is efficiently managed by the Load Balancer. This architecture ensures high availability, security, and scalability for web applications.