Terraform 是 HashiCorp 开源的 Infrastructure as Code (基础设施即代码IaC) 工具,帮助开发者自动化地创建、更新和阿里云基础设施资源,并进行版本管理。
Cloud Shell 默认安装配置了 Terraform 和阿里云账号信息,无需任何额外配置。如果您不使用Cloud Shell,需要满足以下前提条件:
安装 Terraform。请确认erraform 版本不低于 v0.12.28,可通过terraform --version命令查看。
terraform 指令。brew install terraform。choco install terraform。配置阿里云账号信息。创建环境变量,用于存放身份认证信息。
export ALICLOUD_ACCESS_KEY="************"
export ALICLOUD_SECRET_KEY="************"
export ALICLOUD_REGION="cn-beijing"
说明 为提高权限管理的灵活性和安全性,建议您创建名为Terraform的RAM用户,并为该用户创建AccessKey和授权。具体步骤请参见创建RAM用户和为RAM用户授权。
1、创建一个工作目录,并且在下面创建如下 main.tf 描述文件。
该文件描述了如下的Terraform配置:
provider "alicloud" {
}
variable "k8s_name_prefix" {
description = "The name prefix used to create managed kubernetes cluster."
default = "tf-ack"
}
resource "random_uuid" "this" {}
# 默认资源名称
locals {
k8s_name = substr(join("-", [var.k8s_name_prefix, random_uuid.this.result]), 0, 63)
new_vpc_name = "vpc-for-${local.k8s_name}"
new_vsw_name = "vsw-for-${local.k8s_name}"
log_project_name = "log-for-${local.k8s_name}"
}
# 节点ECS实例配置
data "alicloud_instance_types" "default" {
cpu_core_count = 4
memory_size = 8
kubernetes_node_role = "Worker"
}
// 满足实例规格的AZ
data "alicloud_zones" "default" {
available_instance_type = data.alicloud_instance_types.default.instance_types[0].id
}
# 专有网络
resource "alicloud_vpc" "default" {
name = local.new_vpc_name
cidr_block = "10.1.0.0/21"
}
# 交换机
resource "alicloud_vswitch" "vswitches" {
name = local.new_vsw_name
vpc_id = alicloud_vpc.default.id
cidr_block = "10.1.1.0/24"
availability_zone = data.alicloud_zones.default.zones[0].id
}
# 日志服务
resource "alicloud_log_project" "log" {
name = local.log_project_name
description = "created by terraform for managedkubernetes cluster"
}
# kubernetes托管版
resource "alicloud_cs_managed_kubernetes" "default" {
# kubernetes集群名称
name = local.k8s_name
# 新的kubernetes集群将位于的vswitch。指定一个或多个vswitch的ID。它必须在availability_zone指定的区域中
worker_vswitch_ids = split(",", join(",", alicloud_vswitch.vswitches.*.id))
# 是否在创建kubernetes集群时创建新的nat网关。默认为true。
new_nat_gateway = true
# 节点的ECS实例类型。
worker_instance_types = [data.alicloud_instance_types.default.instance_types[0].id]
# kubernetes群集的总工作节点数。默认值为3。最大限制为50。
worker_number = 2
# ssh登录群集节点的密码。
password = "Yourpassword1234"
# pod网络的CIDR块。当cluster_network_type设置为flannel,你必须设定该参数。它不能与VPC CIDR相同,并且不能与VPC中的Kubernetes群集使用的CIDR相同,也不能在创建后进行修改。群集中允许的最大主机数量:256。
pod_cidr = "172.20.0.0/16"
# 服务网络的CIDR块。它不能与VPC CIDR相同,不能与VPC中的Kubernetes群集使用的CIDR相同,也不能在创建后进行修改。
service_cidr = "172.21.0.0/20"
# 是否为kubernetes的节点安装云监控。
install_cloud_monitor = true
# 是否为API Server创建Internet负载均衡。默认为false。
slb_internet_enabled = true
# 节点的系统磁盘类别。其有效值为cloud_ssd和cloud_efficiency。默认为cloud_efficiency。
worker_disk_category = "cloud_efficiency"
# 节点的数据磁盘类别。其有效值为cloud_ssd和cloud_efficiency,如果未设置,将不会创建数据磁盘。
worker_data_disk_category = "cloud_ssd"
# 节点的数据磁盘大小。有效值范围[20〜32768],以GB为单位。当worker_data_disk_category被呈现,则默认为40。
worker_data_disk_size = 200
# 日志配置
addons {
name = "logtail-ds"
config = "{\"IngressDashboardEnabled\":\"true\",\"sls_project_name\":alicloud_log_project.log.name}"
}
}
2、初始化Terraform运行环境。
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "alicloud" (hashicorp/alicloud) 1.90.1...
...
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
3、生成资源规划。
$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
...
Plan: 5 to add, 0 to change, 0 to destroy.
...
4、创建资源。
$ terraform apply
...
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
...
alicloud_cs_managed_kubernetes.default: Creation complete after 8m26s [id=************]
Apply complete! Resources: 5 added, 0 changed, 0 destroyed.
5、测试集群。
删除资源,包含K8s集群和相关的VPC等资源。
$ terraform destroy
...
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
...
Destroy complete! Resources: 5 destroyed.