Auto-sync: 2026-04-29 00:02
This commit is contained in:
100
wiki/concepts/VPC-自动化供给.md
Normal file
100
wiki/concepts/VPC-自动化供给.md
Normal file
@@ -0,0 +1,100 @@
|
||||
---
|
||||
title: "VPC-自动化供给"
|
||||
type: concept
|
||||
tags: [AWS, VPC, IaC, Automation, IPAM]
|
||||
sources:
|
||||
- ctp-topic-45-automatic-ip-address-allocation-with-ipam
|
||||
- ctp-topic-61-workload-vpc-provision-with-ipam-automation
|
||||
last_updated: 2026-04-24
|
||||
---
|
||||
|
||||
## VPC-自动化供给
|
||||
|
||||
通过声明式配置文件自动完成 AWS VPC 创建的自动化流程,IP 地址分配完全由 IPAM 系统驱动,无需人工介入。VPC 自动化供给是 Cloud Transformation Programme 中网络层自动化的核心组件。
|
||||
|
||||
## Traditional Workflow(传统流程)
|
||||
|
||||
```
|
||||
业务单元(BU)
|
||||
↓ 提出 IP 地址需求
|
||||
SRE 团队
|
||||
↓ 向网络团队发起申请
|
||||
网络团队
|
||||
↓ 计算最优 CIDR 范围
|
||||
↓ 更新电子表格
|
||||
SRE 团队
|
||||
↓ 准备 YAML 配置文件(硬编码 CIDR)
|
||||
↓ 执行 Terraform/Terragrunt
|
||||
```
|
||||
|
||||
**问题**:
|
||||
- 多次手工交接,效率低下
|
||||
- 手工规划易产生 IP 地址重叠
|
||||
- 电子表格难以维护,缺乏版本控制
|
||||
- 自动化程度低,变更缓慢
|
||||
|
||||
## Automated Workflow(自动化流程)
|
||||
|
||||
```
|
||||
用户
|
||||
↓ 填写 YAML(业务联系人 + 工程联系人 + 期望子网大小)
|
||||
Terragrunt
|
||||
↓ 调用 IPAM API(Infoblox NIOS)
|
||||
Infoblox Grid
|
||||
↓ 自动分配下一可用 IP 地址块
|
||||
Terragrunt
|
||||
↓ 执行 VPC 创建
|
||||
AWS
|
||||
↓ VPC + Subnets 创建完成
|
||||
Infoblox Grid
|
||||
↓ 记录分配结果
|
||||
```
|
||||
|
||||
**优势**:
|
||||
- 无需手工申请 IP 地址
|
||||
- 单一可信数据源(IPAM)
|
||||
- 版本控制友好的 YAML 配置
|
||||
- 销毁时自动回收 IP 地址
|
||||
- 向后兼容旧配置
|
||||
|
||||
## YAML Configuration
|
||||
|
||||
新格式 YAML 配置文件(对比传统 network.yml):
|
||||
|
||||
```yaml
|
||||
infoblox:
|
||||
business_contact: "bu@example.com"
|
||||
engineering_contact: "sre@example.com"
|
||||
date: "2026-04-14"
|
||||
subnet_size: "/22" # 期望子网大小(非硬编码 CIDR)
|
||||
parent_cidr: "10.1.0.0/16" # 区域常量父 CIDR
|
||||
vpc_name: "my-vpc" # VPC 名称(支持多 VPC)
|
||||
availability_zone_ids: # 可选:指定 AZ ID
|
||||
- "ap-southeast-1a"
|
||||
- "ap-southeast-1b"
|
||||
```
|
||||
|
||||
## CIDR Approval Workflow
|
||||
|
||||
| CIDR 大小 | 流程 |
|
||||
|-----------|------|
|
||||
| /22 或更大 | **自动批准**,无需人工介入 |
|
||||
| /24 或更小 | **需提交理由**,网络团队审批 |
|
||||
|
||||
## Key Concepts
|
||||
|
||||
- [[IPAM]]:驱动自动化供给的核心系统
|
||||
- [[Infoblox-NIOS]]:IPAM 的技术实现
|
||||
- [[CIDR-审批流程]]:基于 CIDR 大小的差异化审批规则
|
||||
|
||||
## Connections
|
||||
|
||||
- [[ctp-topic-45-automatic-ip-address-allocation-with-ipam]] ← 介绍 VPC 自动化供给机制
|
||||
- [[ctp-topic-61-workload-vpc-provision-with-ipam-automation]] ← 展示完整应用案例
|
||||
- [[ctp-topic-31-network-segregation-and-secure-access]] ← VPC 自动化是网络分段的基础
|
||||
|
||||
## Aliases
|
||||
|
||||
- VPC Provisioning
|
||||
- VPC 自动供给
|
||||
- Automated VPC Creation
|
||||
Reference in New Issue
Block a user