使用Terraform創建托管版Kubernetes
更新時間:
在容器服務控制臺,我們為您提供了便捷使用的可視界面,一步一步引導式地創建該類型集群。但當您需要反復創建托管版集群、大批量創建集群,使用控制臺操作就顯得繁瑣了, 使用Terraform將會幫您解決這些問題。本文將介紹如何使用Terraform快速部署一個托管版的Kubernetes集群。
說明
本教程所含示例代碼支持一鍵運行,您可以直接運行代碼。一鍵運行
創建托管版 Kubernetes 集群
在阿里云托管版Kubernetes Terraform資源文檔 alicloud_cs_managed_kubernetes中,可以看到該資源提供的參數列表。參數分為入參Argument和出參Attributes。入參列表內包含了必填參數以及可選參數,例如name和name_prefix就是一對必填參數,但它們互斥,即不能同時填寫。如果填了name,集群名就是name的值,如果填了name_prefix,集群名會以name_prefix開頭自動生成一個。在創建具備伸縮功能的節點池前,要為賬號賦予相應權限,具體可參考 使用Terraform創建具備自動伸縮功能的節點池。
對照文檔中的入參列表Argument Reference,先編寫出一個集群的描述,代碼如下:
說明當前示例代碼支持一鍵運行,您可以直接運行代碼。一鍵運行
provider "alicloud" { region = var.region } variable "region" { default = "cn-zhangjiakou" } # 默認資源名稱 variable "name" { default = "my-first-kubernetes-demo" } # 日志服務項目名稱 variable "log_project_name" { default = "my-first-kubernetes-sls-demo" } # 可用區 data "alicloud_zones" "default" { available_resource_creation = "VSwitch" } # 節點ECS實例配置 data "alicloud_instance_types" "default" { availability_zone = data.alicloud_zones.default.zones[0].id cpu_core_count = 2 memory_size = 4 kubernetes_node_role = "Worker" } # 專有網絡 resource "alicloud_vpc" "default" { vpc_name = var.name cidr_block = "10.1.0.0/21" } # 交換機 resource "alicloud_vswitch" "default" { vswitch_name = var.name vpc_id = alicloud_vpc.default.id cidr_block = "10.1.1.0/24" zone_id = data.alicloud_zones.default.zones[0].id } # kubernetes托管版 resource "alicloud_cs_managed_kubernetes" "default" { worker_vswitch_ids = [alicloud_vswitch.default.id] # kubernetes集群名稱的前綴。與name沖突。如果指定,terraform將使用它來構建唯一的集群名稱。默認為“ Terraform-Creation”。 name_prefix = var.name # 是否在創建kubernetes集群時創建新的nat網關。默認為true。 new_nat_gateway = true # pod網絡的CIDR塊。當cluster_network_type設置為flannel,你必須設定該參數。它不能與VPC CIDR相同,并且不能與VPC中的Kubernetes集群使用的CIDR相同,也不能在創建后進行修改。集群中允許的最大主機數量:256。 pod_cidr = "172.20.0.0/16" # 服務網絡的CIDR塊。它不能與VPC CIDR相同,不能與VPC中的Kubernetes集群使用的CIDR相同,也不能在創建后進行修改。 service_cidr = "172.21.0.0/20" # 是否為API Server創建Internet負載均衡。默認為false。 slb_internet_enabled = true } resource "alicloud_cs_kubernetes_node_pool" "default" { node_pool_name = var.name cluster_id = alicloud_cs_managed_kubernetes.default.id vswitch_ids = [alicloud_vswitch.default.id] # ssh登錄集群節點的密碼。您必須指定password或key_name kms_encrypted_password字段。 password = "Yourpassword1234" # kubernetes集群的總工作節點數。 desired_size = 2 # 是否為kubernetes的節點安裝云監控。 install_cloud_monitor = true # 節點的ECS實例類型。為單個AZ集群指定一種類型,為MultiAZ集群指定三種類型。您可以通過數據源instance_types獲得可用的kubernetes主節點實例類型 instance_types = ["ecs.n4.large"] # 節點的系統磁盤類別。其有效值為cloud_ssd和cloud_efficiency。默認為cloud_efficiency。 system_disk_category = "cloud_efficiency" system_disk_size = 40 data_disks { category = "cloud_ssd" size = "100" } }將以上的配置保存為一個main.tf描述文件,在該文件的當前目錄下執行terraform init和terraform apply。
執行terraform apply命令創建資源。
$ terraform apply data.alicloud_zones.default: Reading... data.alicloud_zones.default: Read complete after 1s [id=2604238681] data.alicloud_instance_types.default: Reading... data.alicloud_instance_types.default: Read complete after 1s [id=1017980362] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # alicloud_cs_kubernetes_node_pool.default will be created + resource "alicloud_cs_kubernetes_node_pool" "default" { + cluster_id = (known after apply) + deployment_set_id = (known after apply) + desired_size = 2 + format_disk = (known after apply) + id = (known after apply) + image_id = (known after apply) + image_type = (known after apply) + install_cloud_monitor = true + instance_charge_type = "PostPaid" + instance_types = [ + "ecs.n4.large", ] + internet_charge_type = (known after apply) + internet_max_bandwidth_out = (known after apply) + keep_instance_name = (known after apply) + name = "my-first-kubernetes-demo" + node_count = (known after apply) + node_name_mode = (known after apply) + password = (sensitive value) + platform = (known after apply) + resource_group_id = (known after apply) + runtime_name = (known after apply) + runtime_version = (known after apply) + scaling_group_id = (known after apply) + scaling_policy = (known after apply) + security_group_id = (known after apply) + security_group_ids = (known after apply) + spot_strategy = (known after apply) + system_disk_category = "cloud_efficiency" + system_disk_size = 40 + unschedulable = false + vpc_id = (known after apply) + vswitch_ids = (known after apply) + data_disks { + category = "cloud_ssd" + size = 100 } } # alicloud_cs_managed_kubernetes.default will be created + resource "alicloud_cs_managed_kubernetes" "default" { + availability_zone = (known after apply) + certificate_authority = (known after apply) + cluster_domain = "cluster.local" + cluster_spec = (known after apply) + connections = (known after apply) + control_plane_log_project = (known after apply) + control_plane_log_ttl = (known after apply) + deletion_protection = false + id = (known after apply) + install_cloud_monitor = (known after apply) + is_enterprise_security_group = (known after apply) + load_balancer_spec = "slb.s1.small" + name = (known after apply) + name_prefix = "my-first-kubernetes-demo" + nat_gateway_id = (known after apply) + new_nat_gateway = true + node_cidr_mask = 24 + node_port_range = (known after apply) + os_type = "Linux" + platform = (known after apply) + pod_cidr = "172.20.0.0/16" + proxy_mode = "ipvs" + resource_group_id = (known after apply) + rrsa_metadata = (known after apply) + security_group_id = (known after apply) + service_cidr = "172.21.0.0/20" + slb_id = (known after apply) + slb_internet = (known after apply) + slb_internet_enabled = true + slb_intranet = (known after apply) + version = (known after apply) + vpc_id = (known after apply) + worker_auto_renew_period = (known after apply) + worker_disk_size = (known after apply) + worker_instance_charge_type = (known after apply) + worker_period = (known after apply) + worker_period_unit = (known after apply) + worker_ram_role_name = (known after apply) + worker_vswitch_ids = (known after apply) } # alicloud_vpc.default will be created + resource "alicloud_vpc" "default" { + cidr_block = "10.1.0.0/21" + create_time = (known after apply) + id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_blocks = (known after apply) + name = (known after apply) + resource_group_id = (known after apply) + route_table_id = (known after apply) + router_id = (known after apply) + router_table_id = (known after apply) + secondary_cidr_blocks = (known after apply) + status = (known after apply) + user_cidrs = (known after apply) + vpc_name = "my-first-kubernetes-demo" } # alicloud_vswitch.default will be created + resource "alicloud_vswitch" "default" { + availability_zone = (known after apply) + cidr_block = "10.1.1.0/24" + create_time = (known after apply) + id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_block_mask = (known after apply) + name = (known after apply) + status = (known after apply) + vpc_id = (known after apply) + vswitch_name = "my-first-kubernetes-demo" + zone_id = "cn-zhangjiakou-a" } Plan: 4 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:
terraform init命令會把我們用到的Provider插件下載好,terraform apply命令會根據我們的main.tf描述文件計算出需要執行的操作。上述日志中顯示將會創建一個alicloud_cs_managed_kubernetes.default的資源,需要我們輸入yes來確認創建。確認創建后,創建大約會耗時五分鐘,terraform會輸出類似下面的日志。
Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_vpc.default: Creating... alicloud_vpc.default: Creation complete after 4s [id=vpc-8vbkpc7n9gp5mft7kxh7t] alicloud_vswitch.default: Creating... alicloud_vswitch.default: Creation complete after 3s [id=vsw-8vbkdhovthzlwirs4et9c] alicloud_cs_managed_kubernetes.default: Creating... alicloud_cs_managed_kubernetes.default: Still creating... [10s elapsed] ...... alicloud_cs_managed_kubernetes.default: Still creating... [3m40s elapsed] alicloud_cs_managed_kubernetes.default: Creation complete after 3m42s [id=cfd0a48c499804b94b59a4f6da963f6d5] alicloud_cs_kubernetes_node_pool.default: Creating... alicloud_cs_kubernetes_node_pool.default: Still creating... [10s elapsed] alicloud_cs_kubernetes_node_pool.default: Still creating... [20s elapsed] alicloud_cs_kubernetes_node_pool.default: Still creating... [30s elapsed] alicloud_cs_kubernetes_node_pool.default: Creation complete after 33s [id=cfd0a48c499804b94b59a4f6da963f6d5:np378764a2c81d4a8eb85bad53cf3ccf5c] Apply complete! Resources: 4 added, 0 changed, 0 destroyed.當出現
Apply complete! Resources: 4 added字樣的時候,集群已經成功創建,此時我們也可以登錄控制臺在集群列表中查看此集群。
修改托管版Kubernetes集群
在Terraform Provider中,我們提供了一部分參數的修改能力,一般情況下,所有非Force New Resource(強制新建資源)的參數都可以被修改。
下面我們修改部分參數,以下內容為修改后的模板。
說明當前示例代碼支持一鍵運行,您可以直接運行代碼。一鍵運行
provider "alicloud" { region = var.region } variable "region" { default = "cn-zhangjiakou" } # 默認資源名稱 variable "name" { default = "my-first-kubernetes-demo" } # 日志服務項目名稱 variable "log_project_name" { default = "my-first-kubernetes-sls-demo" } # 可用區 data "alicloud_zones" "default" { available_resource_creation = "VSwitch" } # 節點ECS實例配置 data "alicloud_instance_types" "default" { availability_zone = data.alicloud_zones.default.zones[0].id cpu_core_count = 2 memory_size = 4 kubernetes_node_role = "Worker" } # 專有網絡 resource "alicloud_vpc" "default" { vpc_name = var.name cidr_block = "10.1.0.0/21" } # 交換機 resource "alicloud_vswitch" "default" { vswitch_name = var.name vpc_id = alicloud_vpc.default.id cidr_block = "10.1.1.0/24" zone_id = data.alicloud_zones.default.zones[0].id } # kubernetes托管版 resource "alicloud_cs_managed_kubernetes" "default" { worker_vswitch_ids = [alicloud_vswitch.default.id] # kubernetes集群名稱的前綴。與name沖突。如果指定,terraform將使用它來構建唯一的集群名稱。默認為“ Terraform-Creation”。 name_prefix = var.name # 是否在創建kubernetes集群時創建新的nat網關。默認為true。 new_nat_gateway = true # pod網絡的CIDR塊。當cluster_network_type設置為flannel,你必須設定該參數。它不能與VPC CIDR相同,并且不能與VPC中的Kubernetes集群使用的CIDR相同,也不能在創建后進行修改。集群中允許的最大主機數量:256。 pod_cidr = "172.20.0.0/16" # 服務網絡的CIDR塊。它不能與VPC CIDR相同,不能與VPC中的Kubernetes集群使用的CIDR相同,也不能在創建后進行修改。 service_cidr = "172.21.0.0/20" # 是否為API Server創建Internet負載均衡。默認為false。 slb_internet_enabled = true # 導出集群的證書相關文件到 /tmp 目錄,下同 client_cert = "/tmp/client-cert.pem" client_key = "/tmp/client-key.pem" cluster_ca_cert = "/tmp/cluster-ca-cert.pem" } resource "alicloud_cs_kubernetes_node_pool" "default" { node_pool_name = var.name cluster_id = alicloud_cs_managed_kubernetes.default.id vswitch_ids = [alicloud_vswitch.default.id] # ssh登錄集群節點的密碼。您必須指定password或key_name kms_encrypted_password字段。 password = "Yourpassword1234" # kubernetes集群的總工作節點數。 desired_size = 3 # 是否為kubernetes的節點安裝云監控。 install_cloud_monitor = true # 節點的ECS實例類型。為單個AZ集群指定一種類型,為MultiAZ集群指定三種類型。您可以通過數據源instance_types獲得可用的kubernetes主節點實例類型 instance_types = ["ecs.n4.large"] # 節點的系統磁盤類別。其有效值為cloud_ssd和cloud_efficiency。默認為cloud_efficiency。 system_disk_category = "cloud_efficiency" system_disk_size = 40 data_disks { category = "cloud_ssd" size = "100" } } data "alicloud_cs_cluster_credential" "auth" { cluster_id = alicloud_cs_managed_kubernetes.default.id temporary_duration_minutes = 60 output_file = "/tmp/config" }和創建集群一樣,修改集群時使用的命令也是terraform apply。執行后我們得到以下日志輸出,輸入yes并回車,我們就可以把該集群的名稱改為test-managed-kubernetes-updated,worker節點擴容至3節點,同時將導出證書和連接文件到本機的/tmp 目錄。
terraform apply data.alicloud_zones.default: Reading... alicloud_vpc.default: Refreshing state... [id=vpc-8vbr6t6i2xl49hjzald45] data.alicloud_zones.default: Read complete after 0s [id=2604238681] data.alicloud_instance_types.default: Reading... alicloud_vswitch.default: Refreshing state... [id=vsw-8vbkp6rcqkn4ljf1a7tb3] alicloud_cs_managed_kubernetes.default: Refreshing state... [id=cdfe383b2114c40f582270860c39cb3cb] data.alicloud_instance_types.default: Read complete after 1s [id=3527274229] alicloud_cs_kubernetes_node_pool.default: Refreshing state... [id=cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place <= read (data resources) Terraform will perform the following actions: # data.alicloud_cs_cluster_credential.auth will be read during apply # (depends on a resource or a module with changes pending) <= data "alicloud_cs_cluster_credential" "auth" { + certificate_authority = (known after apply) + cluster_id = "cdfe383b2114c40f582270860c39cb3cb" + cluster_name = (known after apply) + expiration = (known after apply) + id = (known after apply) + kube_config = (sensitive value) + output_file = "/tmp/config" + temporary_duration_minutes = 60 } # alicloud_cs_kubernetes_node_pool.default will be updated in-place ~ resource "alicloud_cs_kubernetes_node_pool" "default" { ~ desired_size = 2 -> 3 id = "cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8" ~ instance_types = [ - "ecs.n1.medium", + "ecs.sn1.medium", ] name = "my-first-kubernetes-demo" tags = {} # (26 unchanged attributes hidden) # (1 unchanged block hidden) } # alicloud_cs_managed_kubernetes.default will be updated in-place ~ resource "alicloud_cs_managed_kubernetes" "default" { + client_cert = "/tmp/client-cert.pem" + client_key = "/tmp/client-key.pem" + cluster_ca_cert = "/tmp/cluster-ca-cert.pem" id = "cdfe383b2114c40f582270860c39cb3cb" name = "my-first-kubernetes-demo20240116105632726000000002" tags = {} # (28 unchanged attributes hidden) # (1 unchanged block hidden) } Plan: 0 to add, 2 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_cs_managed_kubernetes.default: Modifying... [id=cdfe383b2114c40f582270860c39cb3cb] alicloud_cs_managed_kubernetes.default: Modifications complete after 3s [id=cdfe383b2114c40f582270860c39cb3cb] data.alicloud_cs_cluster_credential.auth: Reading... alicloud_cs_kubernetes_node_pool.default: Modifying... [id=cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8] data.alicloud_cs_cluster_credential.auth: Read complete after 0s [id=87210520] alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8, 10s elapsed] alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8, 20s elapsed] alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8, 30s elapsed] alicloud_cs_kubernetes_node_pool.default: Modifications complete after 35s [id=cdfe383b2114c40f582270860c39cb3cb:npf17c80f735d645e88b4ea61b689e15b8] Apply complete! Resources: 0 added, 2 changed, 0 destroyed.Terraform apply運行成功后,控制臺中顯示的集群信息已經表明現在集群已經變成了我們期望的狀態。在本機上,我們也通過導出的連接文件,用kubectl連接到集群。
文檔內容是否對您有幫助?