使用Terraform創(chuàng)建托管版Kubernetes
更新時間:
在容器服務(wù)控制臺,我們?yōu)槟峁┝吮憬菔褂玫目梢暯缑妫徊揭徊揭龑?dǎo)式地創(chuàng)建該類型集群。但當(dāng)您需要反復(fù)創(chuàng)建托管版集群、大批量創(chuàng)建集群,使用控制臺操作就顯得繁瑣了, 使用Terraform將會幫您解決這些問題。本文將介紹如何使用Terraform快速部署一個托管版的Kubernetes集群。
說明
本教程所含示例代碼支持一鍵運(yùn)行,您可以直接運(yùn)行代碼。一鍵運(yùn)行
創(chuàng)建托管版 Kubernetes 集群
在阿里云托管版Kubernetes Terraform資源文檔 alicloud_cs_managed_kubernetes中,可以看到該資源提供的參數(shù)列表。參數(shù)分為入?yún)rgument和出參Attributes。入?yún)⒘斜韮?nèi)包含了必填參數(shù)以及可選參數(shù),例如name和name_prefix就是一對必填參數(shù),但它們互斥,即不能同時填寫。如果填了name,集群名就是name的值,如果填了name_prefix,集群名會以name_prefix開頭自動生成一個。在創(chuàng)建具備伸縮功能的節(jié)點池前,要為賬號賦予相應(yīng)權(quán)限,具體可參考 通過Terraform創(chuàng)建具備自動伸縮功能的節(jié)點池。
對照文檔中的入?yún)⒘斜鞟rgument Reference,先編寫出一個集群的描述,代碼如下:
說明當(dāng)前示例代碼支持一鍵運(yùn)行,您可以直接運(yùn)行代碼。一鍵運(yùn)行
provider "alicloud" { region = var.region } variable "region" { default = "cn-zhangjiakou" } # 默認(rèn)資源名稱 variable "name" { default = "my-first-kubernetes-demo" } # 日志服務(wù)項目名稱 variable "log_project_name" { default = "my-first-kubernetes-sls-demo" } # 可用區(qū) data "alicloud_zones" "default" { available_resource_creation = "VSwitch" } # 節(jié)點ECS實例配置 data "alicloud_instance_types" "default" { availability_zone = data.alicloud_zones.default.zones[0].id cpu_core_count = 2 memory_size = 4 kubernetes_node_role = "Worker" } # 專有網(wǎng)絡(luò) resource "alicloud_vpc" "default" { vpc_name = var.name cidr_block = "10.1.0.0/21" } # 交換機(jī) resource "alicloud_vswitch" "default" { vswitch_name = var.name vpc_id = alicloud_vpc.default.id cidr_block = "10.1.1.0/24" zone_id = data.alicloud_zones.default.zones[0].id } # kubernetes托管版 resource "alicloud_cs_managed_kubernetes" "default" { worker_vswitch_ids = [alicloud_vswitch.default.id] # kubernetes集群名稱的前綴。與name沖突。如果指定,terraform將使用它來構(gòu)建唯一的集群名稱。默認(rèn)為“ Terraform-Creation”。 name_prefix = var.name # 是否在創(chuàng)建kubernetes集群時創(chuàng)建新的nat網(wǎng)關(guān)。默認(rèn)為true。 new_nat_gateway = true # pod網(wǎng)絡(luò)的CIDR塊。當(dāng)cluster_network_type設(shè)置為flannel,你必須設(shè)定該參數(shù)。它不能與VPC CIDR相同,并且不能與VPC中的Kubernetes集群使用的CIDR相同,也不能在創(chuàng)建后進(jìn)行修改。集群中允許的最大主機(jī)數(shù)量:256。 pod_cidr = "172.20.0.0/16" # 服務(wù)網(wǎng)絡(luò)的CIDR塊。它不能與VPC CIDR相同,不能與VPC中的Kubernetes集群使用的CIDR相同,也不能在創(chuàng)建后進(jìn)行修改。 service_cidr = "172.21.0.0/20" # 是否為API Server創(chuàng)建Internet負(fù)載均衡。默認(rèn)為false。 slb_internet_enabled = true } resource "alicloud_cs_kubernetes_node_pool" "default" { node_pool_name = var.name cluster_id = alicloud_cs_managed_kubernetes.default.id vswitch_ids = [alicloud_vswitch.default.id] # ssh登錄集群節(jié)點的密碼。您必須指定password或key_name kms_encrypted_password字段。 password = "Yourpassword1234" # kubernetes集群的總工作節(jié)點數(shù)。 desired_size = 2 # 是否為kubernetes的節(jié)點安裝云監(jiān)控。 install_cloud_monitor = true # 節(jié)點的ECS實例類型。為單個AZ集群指定一種類型,為MultiAZ集群指定三種類型。您可以通過數(shù)據(jù)源instance_types獲得可用的kubernetes主節(jié)點實例類型 instance_types = ["ecs.n4.large"] # 節(jié)點的系統(tǒng)磁盤類別。其有效值為cloud_ssd和cloud_efficiency。默認(rèn)為cloud_efficiency。 system_disk_category = "cloud_efficiency" system_disk_size = 40 data_disks { category = "cloud_ssd" size = "100" } }將以上的配置保存為一個main.tf描述文件,在該文件的當(dāng)前目錄下執(zhí)行terraform init和terraform apply。
執(zhí)行terraform apply命令創(chuàng)建資源。
$ terraform apply data.alicloud_zones.default: Reading... data.alicloud_zones.default: Read complete after 1s [id=2604238681] data.alicloud_instance_types.default: Reading... data.alicloud_instance_types.default: Read complete after 1s [id=1017980362] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # alicloud_cs_kubernetes_node_pool.default will be created + resource "alicloud_cs_kubernetes_node_pool" "default" { + cluster_id = (known after apply) + deployment_set_id = (known after apply) + desired_size = 2 + format_disk = (known after apply) + id = (known after apply) + image_id = (known after apply) + image_type = (known after apply) + install_cloud_monitor = true + instance_charge_type = "PostPaid" + instance_types = [ + "ecs.n4.large", ] + internet_charge_type = (known after apply) + internet_max_bandwidth_out = (known after apply) + keep_instance_name = (known after apply) + name = "my-first-kubernetes-demo" + node_count = (known after apply) + node_name_mode = (known after apply) + password = (sensitive value) + platform = (known after apply) + resource_group_id = (known after apply) + runtime_name = (known after apply) + runtime_version = (known after apply) + scaling_group_id = (known after apply) + scaling_policy = (known after apply) + security_group_id = (known after apply) + security_group_ids = (known after apply) + spot_strategy = (known after apply) + system_disk_category = "cloud_efficiency" + system_disk_size = 40 + unschedulable = false + vpc_id = (known after apply) + vswitch_ids = (known after apply) + data_disks { + category = "cloud_ssd" + size = 100 } } # alicloud_cs_managed_kubernetes.default will be created + resource "alicloud_cs_managed_kubernetes" "default" { + availability_zone = (known after apply) + certificate_authority = (known after apply) + cluster_domain = "cluster.local" + cluster_spec = (known after apply) + connections = (known after apply) + control_plane_log_project = (known after apply) + control_plane_log_ttl = (known after apply) + deletion_protection = false + id = (known after apply) + install_cloud_monitor = (known after apply) + is_enterprise_security_group = (known after apply) + load_balancer_spec = "slb.s1.small" + name = (known after apply) + name_prefix = "my-first-kubernetes-demo" + nat_gateway_id = (known after apply) + new_nat_gateway = true + node_cidr_mask = 24 + node_port_range = (known after apply) + os_type = "Linux" + platform = (known after apply) + pod_cidr = "172.20.0.0/16" + proxy_mode = "ipvs" + resource_group_id = (known after apply) + rrsa_metadata = (known after apply) + security_group_id = (known after apply) + service_cidr = "172.21.0.0/20" + slb_id = (known after apply) + slb_internet = (known after apply) + slb_internet_enabled = true + slb_intranet = (known after apply) + version = (known after apply) + vpc_id = (known after apply) + worker_auto_renew_period = (known after apply) + worker_disk_size = (known after apply) + worker_instance_charge_type = (known after apply) + worker_period = (known after apply) + worker_period_unit = (known after apply) + worker_ram_role_name = (known after apply) + worker_vswitch_ids = (known after apply) } # alicloud_vpc.default will be created + resource "alicloud_vpc" "default" { + cidr_block = "10.1.0.0/21" + create_time = (known after apply) + id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_blocks = (known after apply) + name = (known after apply) + resource_group_id = (known after apply) + route_table_id = (known after apply) + router_id = (known after apply) + router_table_id = (known after apply) + secondary_cidr_blocks = (known after apply) + status = (known after apply) + user_cidrs = (known after apply) + vpc_name = "my-first-kubernetes-demo" } # alicloud_vswitch.default will be created + resource "alicloud_vswitch" "default" { + availability_zone = (known after apply) + cidr_block = "10.1.1.0/24" + create_time = (known after apply) + id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_block_mask = (known after apply) + name = (known after apply) + status = (known after apply) + vpc_id = (known after apply) + vswitch_name = "my-first-kubernetes-demo" + zone_id = "cn-zhangjiakou-a" } Plan: 4 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:
terraform init命令會把我們用到的Provider插件下載好,terraform apply命令會根據(jù)我們的main.tf描述文件計算出需要執(zhí)行的操作。上述日志中顯示將會創(chuàng)建一個alicloud_cs_managed_kubernetes.default的資源,需要我們輸入yes來確認(rèn)創(chuàng)建。確認(rèn)創(chuàng)建后,創(chuàng)建大約會耗時五分鐘,terraform會輸出類似下面的日志。
Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_vpc.default: Creating... alicloud_vpc.default: Creation complete after 4s [id=vpc-8vbkpc7n9gp5mft7kxh7t] alicloud_vswitch.default: Creating... alicloud_vswitch.default: Creation complete after 3s [id=vsw-8vbkdhovthzlwirs4et9c] alicloud_cs_managed_kubernetes.default: Creating... alicloud_cs_managed_kubernetes.default: Still creating... [10s elapsed] ...... alicloud_cs_managed_kubernetes.default: Still creating... [3m40s elapsed] alicloud_cs_managed_kubernetes.default: Creation complete after 3m42s [id=cfd0a48c499804b94b59a4f6da963f6d5] alicloud_cs_kubernetes_node_pool.default: Creating... alicloud_cs_kubernetes_node_pool.default: Still creating... [10s elapsed] alicloud_cs_kubernetes_node_pool.default: Still creating... [20s elapsed] alicloud_cs_kubernetes_node_pool.default: Still creating... [30s elapsed] alicloud_cs_kubernetes_node_pool.default: Creation complete after 33s [id=cfd0a48c499804b94b59a4f6da963f6d5:np378764a2c81d4a8eb85bad53cf3ccf5c] Apply complete! Resources: 4 added, 0 changed, 0 destroyed.當(dāng)出現(xiàn)
Apply complete! Resources: 4 added字樣的時候,集群已經(jīng)成功創(chuàng)建,此時我們也可以登錄控制臺在集群列表中查看此集群。
修改托管版Kubernetes集群
在Terraform Provider中,我們提供了一部分參數(shù)的修改能力,一般情況下,所有非Force New Resource(強(qiáng)制新建資源)的參數(shù)都可以被修改。
下面我們修改部分參數(shù),以下內(nèi)容為修改后的模板。
說明當(dāng)前示例代碼支持一鍵運(yùn)行,您可以直接運(yùn)行代碼。一鍵運(yùn)行
provider "alicloud" { region = var.region } variable "region" { default = "cn-zhangjiakou" } # 默認(rèn)資源名稱 variable "name" { default = "my-first-kubernetes-demo" } # 日志服務(wù)項目名稱 variable "log_project_name" { default = "my-first-kubernetes-sls-demo" } # 可用區(qū) data "alicloud_zones" "default" { available_resource_creation = "VSwitch" } # 節(jié)點ECS實例配置 data "alicloud_instance_types" "default" { availability_zone = data.alicloud_zones.default.zones[0].id cpu_core_count = 2 memory_size = 4 kubernetes_node_role = "Worker" } # 專有網(wǎng)絡(luò) resource "alicloud_vpc" "default" { vpc_name = var.name cidr_block = "10.1.0.0/21" } # 交換機(jī) resource "alicloud_vswitch" "default" { vswitch_name = var.name vpc_id = alicloud_vpc.default.id cidr_block = "10.1.1.0/24" zone_id = data.alicloud_zones.default.zones[0].id } # kubernetes托管版 resource "alicloud_cs_managed_kubernetes" "default" { worker_vswitch_ids = [alicloud_vswitch.default.id] # kubernetes集群名稱的前綴。與name沖突。如果指定,terraform將使用它來構(gòu)建唯一的集群名稱。默認(rèn)為“ Terraform-Creation”。 name_prefix = var.name # 是否在創(chuàng)建kubernetes集群時創(chuàng)建新的nat網(wǎng)關(guān)。默認(rèn)為true。 new_nat_gateway = true # pod網(wǎng)絡(luò)的CIDR塊。當(dāng)cluster_network_type設(shè)置為flannel,你必須設(shè)定該參數(shù)。它不能與VPC CIDR相同,并且不能與VPC中的Kubernetes集群使用的CIDR相同,也不能在創(chuàng)建后進(jìn)行修改。集群中允許的最大主機(jī)數(shù)量:256。 pod_cidr = "172.20.0.0/16" # 服務(wù)網(wǎng)絡(luò)的CIDR塊。它不能與VPC CIDR相同,不能與VPC中的Kubernetes集群使用的CIDR相同,也不能在創(chuàng)建后進(jìn)行修改。 service_cidr = "172.21.0.0/20" # 是否為API Server創(chuàng)建Internet負(fù)載均衡。默認(rèn)為false。 slb_internet_enabled = true # 導(dǎo)出集群的證書相關(guān)文件到 /tmp 目錄,下同 client_cert = "/tmp/client-cert.pem" client_key = "/tmp/client-key.pem" cluster_ca_cert = "/tmp/cluster-ca-cert.pem" } resource "alicloud_cs_kubernetes_node_pool" "default" { node_pool_name = var.name cluster_id = alicloud_cs_managed_kubernetes.default.id vswitch_ids = [alicloud_vswitch.default.id] # ssh登錄集群節(jié)點的密碼。您必須指定password或key_name kms_encrypted_password字段。 password = "Yourpassword1234" # kubernetes集群的總工作節(jié)點數(shù)。 desired_size = 3 # 是否為kubernetes的節(jié)點安裝云監(jiān)控。 install_cloud_monitor = true # 節(jié)點的ECS實例類型。為單個AZ集群指定一種類型,為MultiAZ集群指定三種類型。您可以通過數(shù)據(jù)源instance_types獲得可用的kubernetes主節(jié)點實例類型 instance_types = ["ecs.n4.large"] # 節(jié)點的系統(tǒng)磁盤類別。其有效值為cloud_ssd和cloud_efficiency。默認(rèn)為cloud_efficiency。 system_disk_category = "cloud_efficiency" system_disk_size = 40 data_disks { category = "cloud_ssd" size = "100" } } data "alicloud_cs_cluster_credential" "auth" { cluster_id = alicloud_cs_managed_kubernetes.default.id temporary_duration_minutes = 60 output_file = "/tmp/config" }和創(chuàng)建集群一樣,修改集群時使用的命令也是terraform apply。執(zhí)行后我們得到以下日志輸出,輸入yes并回車,我們就可以把該集群的名稱改為test-managed-kubernetes-updated,worker節(jié)點擴(kuò)容至3節(jié)點,同時將導(dǎo)出證書和連接文件到本機(jī)的/tmp 目錄。
terraform apply data.alicloud_zones.default: Reading... alicloud_vpc.default: Refreshing state... [id=vpc-8vbr6t6i2xl49hjzald45] data.alicloud_zones.default: Read complete after 0s [id=2604238681] data.alicloud_instance_types.default: Reading... alicloud_vswitch.default: Refreshing state... [id=vsw-8vbkp6rcqkn4ljf1a7tb3] alicloud_cs_managed_kubernetes.default: Refreshing state... [id=cdfe383b2114c40f582270860c39cb3cb] data.alicloud_instance_types.default: Read complete after 1s [id=3527274229] alicloud_cs_kubernetes_node_pool.default: Refreshing state... [id=cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place <= read (data resources) Terraform will perform the following actions: # data.alicloud_cs_cluster_credential.auth will be read during apply # (depends on a resource or a module with changes pending) <= data "alicloud_cs_cluster_credential" "auth" { + certificate_authority = (known after apply) + cluster_id = "cdfe383b2114c40f582270860c39cb3cb" + cluster_name = (known after apply) + expiration = (known after apply) + id = (known after apply) + kube_config = (sensitive value) + output_file = "/tmp/config" + temporary_duration_minutes = 60 } # alicloud_cs_kubernetes_node_pool.default will be updated in-place ~ resource "alicloud_cs_kubernetes_node_pool" "default" { ~ desired_size = 2 -> 3 id = "cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8" ~ instance_types = [ - "ecs.n1.medium", + "ecs.sn1.medium", ] name = "my-first-kubernetes-demo" tags = {} # (26 unchanged attributes hidden) # (1 unchanged block hidden) } # alicloud_cs_managed_kubernetes.default will be updated in-place ~ resource "alicloud_cs_managed_kubernetes" "default" { + client_cert = "/tmp/client-cert.pem" + client_key = "/tmp/client-key.pem" + cluster_ca_cert = "/tmp/cluster-ca-cert.pem" id = "cdfe383b2114c40f582270860c39cb3cb" name = "my-first-kubernetes-demo20240116105632726000000002" tags = {} # (28 unchanged attributes hidden) # (1 unchanged block hidden) } Plan: 0 to add, 2 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_cs_managed_kubernetes.default: Modifying... [id=cdfe383b2114c40f582270860c39cb3cb] alicloud_cs_managed_kubernetes.default: Modifications complete after 3s [id=cdfe383b2114c40f582270860c39cb3cb] data.alicloud_cs_cluster_credential.auth: Reading... alicloud_cs_kubernetes_node_pool.default: Modifying... [id=cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8] data.alicloud_cs_cluster_credential.auth: Read complete after 0s [id=87210520] alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8, 10s elapsed] alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8, 20s elapsed] alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8, 30s elapsed] alicloud_cs_kubernetes_node_pool.default: Modifications complete after 35s [id=cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8] Apply complete! Resources: 0 added, 2 changed, 0 destroyed.Terraform apply運(yùn)行成功后,控制臺中顯示的集群信息已經(jīng)表明現(xiàn)在集群已經(jīng)變成了我們期望的狀態(tài)。在本機(jī)上,我們也通過導(dǎo)出的連接文件,用kubectl連接到集群。
文檔內(nèi)容是否對您有幫助?