使用Terraform管理已創(chuàng)建的集群
更新時(shí)間:
Terraform支持導(dǎo)入和管理ACK的存量資源,例如集群、節(jié)點(diǎn)池等。本文介紹如何通過Terraform管理存量ACK托管版集群。
前提條件
已創(chuàng)建ACK托管版集群,其中包含一個(gè)有兩個(gè)節(jié)點(diǎn)的節(jié)點(diǎn)池。具體操作,請(qǐng)參見創(chuàng)建ACK托管版集群。
已安裝Terraform。
說明請(qǐng)確認(rèn)Terraform版本不低于v0.12.28,可通過terraform --version命令查看Terraform版本。
Cloud Shell默認(rèn)安裝配置了Terraform和阿里云賬號(hào)信息,無需任何額外配置。
如果您不使用Cloud Shell,關(guān)于安裝Terraform的方式,請(qǐng)參見在本地安裝和配置Terraform。
配置阿里云賬號(hào)信息。
執(zhí)行如下命令,創(chuàng)建環(huán)境變量,用于存放身份認(rèn)證信息。
Linux 環(huán)境
export ALICLOUD_ACCESS_KEY="************" #替換為阿里云賬號(hào)的AK信息。 export ALICLOUD_SECRET_KEY="************" #替換為阿里云賬號(hào)的SK信息。 export ALICLOUD_REGION="cn-beijing" #替換為您集群所在的地域。Windows 環(huán)境
set ALICLOUD_ACCESS_KEY="************" #替換為阿里云賬號(hào)的AK信息。 set ALICLOUD_SECRET_KEY="************" #替換為阿里云賬號(hào)的SK信息。 set ALICLOUD_REGION="cn-beijing" #替換為您集群所在的地域。
說明為提高權(quán)限管理的靈活性和安全性,建議您創(chuàng)建名為Terraform的RAM用戶,并為該RAM用戶創(chuàng)建AccessKey和授權(quán)。具體操作,請(qǐng)參見創(chuàng)建RAM用戶和為RAM用戶授權(quán)。
操作步驟
創(chuàng)建一個(gè)工作目錄,并在工作目錄中創(chuàng)建名為main.tf的配置文件。
provider "alicloud" { }執(zhí)行以下命令,初始化Terraform運(yùn)行環(huán)境。
terraform init返回信息如下,Terraform初始化成功。
Initializing the backend... Initializing provider plugins... - Checking for available provider plugins... - Downloading plugin for provider "alicloud" (hashicorp/alicloud) 1.90.1... ... You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.導(dǎo)入集群。
將集群的資源添加到main.tf文件中。
# Kubernetes托管版。 resource "alicloud_cs_managed_kubernetes" "default" { }執(zhí)行以下命令,導(dǎo)入集群。
其中,
<Cluster-ID>為待導(dǎo)入集群的ID。terraform import alicloud_cs_managed_kubernetes.default <Cluster-ID>預(yù)期輸出:
alicloud_cs_managed_kubernetes.default: Importing from ID "c338cf0f4496a4dc1936a9e314162****"... alicloud_cs_managed_kubernetes.default: Import complete! Imported alicloud_cs_managed_kubernetes alicloud_cs_managed_kubernetes.default: Refreshing state... [id=c338cf0f4496a4dc1936a9e314162****] Import successful! The resources that were imported are shown above. These resources are now in your Terraform state and will henceforth be managed by Terraform.此時(shí),在terraform.tfstate文件中會(huì)顯示類似如下導(dǎo)入的集群信息:
{ "mode": "managed", "type": "alicloud_cs_managed_kubernetes", "name": "default", "provider": "provider.alicloud", "instances": [ { "mode": "managed", "type": "alicloud_cs_managed_kubernetes", "name": "default", "provider": "provider.alicloud", "instances": [ ........ ] } ] }執(zhí)行如下命令,查看本地資源與集群的差異。
terraform plan返回信息如下,請(qǐng)將如下代碼中,狀態(tài)即將變換的字段補(bǔ)充至
main.tf文件中。alicloud_cs_managed_kubernetes.default: Refreshing state.. erraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: -/+ destroy and then create replacement Terraform will perform the following actions: # 請(qǐng)將如下代碼中,狀態(tài)即將變換的字段補(bǔ)充至main.tf文件中。 # alicloud_cs_managed_kubernetes.default must be replaced -/+ resource "alicloud_cs_managed_kubernetes" "default" { + availability_zone = (known after apply) ~ certificate_authority = {.....} ~ control_plane_log_ttl = "30" -> (known after apply) ~ deletion_protection = true -> false - enable_rrsa = false -> null ~ id = "cc7c582b0b2b546dcb80ae118eef0cb12" -> (known after apply) + install_cloud_monitor = (known after apply) + is_enterprise_security_group = (known after apply) ~ name = "TFCESHI" -> (known after apply) + name_prefix = "Terraform-Creation" ~ nat_gateway_id = "ngw-wz9njmq9pf8k9gj042vbi" -> (known after apply) + new_nat_gateway = true ~ node_cidr_mask = 25 -> 24 # forces replacement + node_port_range = (known after apply) ~ platform = "CentOS" -> (known after apply) ~ resource_group_id = "rg-acfmwqnwhqohesq" -> (known after apply) } } Plan: 1 to add, 0 to change, 1 to destroy.執(zhí)行如下命令,將上一步中補(bǔ)充的字段導(dǎo)入至本地集群。
terraform apply返回信息如下,字段導(dǎo)入成功。
alicloud_cs_kubernetes_node_pool.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009] alicloud_cs_managed_kubernetes.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: ............ # (2 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy.
導(dǎo)入節(jié)點(diǎn)池。
將集群的節(jié)點(diǎn)資源添加到
main.tf文件中。# Kubernetes托管版。 resource "alicloud_cs_kubernetes_node_pool" "default" { }執(zhí)行以下命令,導(dǎo)入節(jié)點(diǎn)池。
其中,
<Cluster-ID>為待導(dǎo)入集群的ID,此處為上一步中導(dǎo)入集群的ID,<Nodepool-ID>為待導(dǎo)入節(jié)點(diǎn)池的ID,兩者通過英文半角冒號(hào)(:)分隔。terraform import alicloud_cs_kubernetes_node_pool.default <Cluster-ID>:<Nodepool-ID>預(yù)期輸出:
alicloud_cs_kubernetes_node_pool.default: Importing from ID "c338cf0f4496a4dc1936a9e314162****:np0f8f2193384045d4aa503c3d24ca****"... alicloud_cs_kubernetes_node_pool.default: Import complete! Imported alicloud_cs_kubernetes_node_pool alicloud_cs_kubernetes_node_pool.default: Refreshing state... [id=c338cf0f4496a4dc1936a9e314162****:np0f8f2193384045d4aa503c3d24ca****] Import successful! The resources that were imported are shown above. These resources are now in your Terraform state and will henceforth be managed by Terraform.此時(shí),在terraform.tfstate文件中會(huì)顯示如下導(dǎo)入的節(jié)點(diǎn)池信息:
..... "resources": [ { "mode": "managed", "type": "alicloud_cs_kubernetes_node_pool", "name": "default", "provider": "provider.alicloud", "instances": [ ..... ] } ]執(zhí)行如下命令,查看本地資源與集群的差異。
terraform plan返回信息如下,請(qǐng)將如下代碼中,狀態(tài)即將變換的字段補(bǔ)充至
main.tf文件中。alicloud_cs_managed_kubernetes.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12] alicloud_cs_kubernetes_node_pool.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # 請(qǐng)將如下代碼中,狀態(tài)即將變換的字段補(bǔ)充至main.tf文件中。 # alicloud_cs_kubernetes_node_pool.default will be updated in-place ~ resource "alicloud_cs_kubernetes_node_pool" "default" { ~ name = "default-nodepool" -> "default" ~ system_disk_size = 120 -> 40 tags = {} # (27 unchanged attributes hidden) - management { - auto_repair = true -> null - auto_upgrade = false -> null - max_unavailable = 0 -> null - surge = 0 -> null - surge_percentage = 0 -> null } # (1 unchanged block hidden) } Plan: 0 to add, 1 to change, 0 to destroy.執(zhí)行如下命令,將上一步中補(bǔ)充的字段導(dǎo)入至本地集群。
terraform apply返回信息如下,字段導(dǎo)入成功。
alicloud_cs_kubernetes_node_pool.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009] alicloud_cs_managed_kubernetes.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: ............ # (2 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy.
集群導(dǎo)入完成后,您就可以通過main.tf文件對(duì)集群或節(jié)點(diǎn)池進(jìn)行操作。
驗(yàn)證節(jié)點(diǎn)池的擴(kuò)容操作。
通過main.tf驗(yàn)證節(jié)點(diǎn)池的擴(kuò)容操作。
比如給剛導(dǎo)入的節(jié)點(diǎn)池?cái)U(kuò)容1個(gè)節(jié)點(diǎn),需要將main.tf文件修改為:
...... # Kubernetes托管版。 resource "alicloud_cs_kubernetes_node_pool" "default" { ..... # 節(jié)點(diǎn)池期望節(jié)點(diǎn)數(shù)為3。 desired_size = 3 } .....執(zhí)行以下命令,完成變更操作。
terraform apply返回信息如下,輸入
yes,按Enter鍵,等待變更結(jié)束。alicloud_cs_kubernetes_node_pool.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009] alicloud_cs_managed_kubernetes.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # alicloud_cs_kubernetes_node_pool.default will be updated in-place ~ resource "alicloud_cs_kubernetes_node_pool" "default" { ~ desired_size = 2 -> 3 # (2 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_cs_kubernetes_node_pool.default: Modifying... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009] alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009, 10s elapsed] alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009, 20s elapsed] alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009, 30s elapsed] alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009, 40s elapsed] alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009, 50s elapsed] alicloud_cs_kubernetes_node_pool.default: Modifications complete after 1m0s [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009] Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
您可以登錄容器服務(wù)管理控制臺(tái)的節(jié)點(diǎn)池列表頁面,查看到節(jié)點(diǎn)池中已成功擴(kuò)容一個(gè)節(jié)點(diǎn)。
文檔內(nèi)容是否對(duì)您有幫助?