【实践文档】Terraform自动化开通阿里云ACK/ASK服务
[x] 账户余额>=100元;
参考文档:
https://registry.terraform.io/providers/hashicorp/kubernetes/2.12.1 Kubernetes Provider
https://registry.terraform.io/providers/aliyun/alicloud/1.177.0 Alicloud Provider
实验代码库:
https://github.com/terraform-group/terraform-aliyun-ack
首先根据web页面了解创建ACK集群所需要的参数,然后再写TF代码;
image.png
1. 初始化
provider: alicloud / kubernetes
配置RAM
export ALICLOUD_ACCESS_KEY="L2Nx"
export ALICLOUD_SECRET_KEY="nAjce5FTE"
2. 申请网络资源
resource "alicloud_vpc" "vpc" {
vpc_name = "k8s_vpc"
cidr_block = "172.16.0.0/12"
}
resource "alicloud_vswitch" "vsw" {
vpc_id = alicloud_vpc.vpc.id
cidr_block = "172.16.0.0/16"
zone_id = "cn-zhangjiakou-a"
}vpc 
vswitch
3. 申请ACK集群
locals {
cluster_version = "1.20.11-aliyun.1"
service_cidr = "192.168.0.0/16"
pod_cidr = "10.81.0.0/16"
}
resource "alicloud_cs_managed_kubernetes" "k8s" {
name = var.cluster_name
version = local.cluster_version
cluster_spec = "ack.standard"
availability_zone = "cn-zhangjiakou-a"
service_cidr = local.service_cidr
pod_cidr = local.pod_cidr
new_nat_gateway = true
load_balancer_spec = "slb.s1.small"
slb_internet_enabled = true
password = "Password123.com"
node_port_range = "30000-32767"
os_type = "Linux"
platform = "CentOS"
worker_number = 1
worker_instance_types = ["ecs.g6.xlarge"]
worker_vswitch_ids = [alicloud_vswitch.vsw.id]
worker_disk_category = "cloud_efficiency"
worker_disk_size = 40
dynamic "addons" {
for_each = var.cluster_addons
content {
name = lookup(addons.value, "name", var.cluster_addons)
config = lookup(addons.value, "config", var.cluster_addons)
}
}
runtime = {
name = "docker"
version = "19.03.5"
}
}terraform fmt
terraform validate
terraform plan
terraform apply
terraform apply -auto-approve截图:
4. 部署K8s资源
resource "kubernetes_deployment_v1" "jenkins" {
provider = kubernetes.clustera
metadata {
name = "jenkins"
labels = {
app = "jenkins"
}
namespace = kubernetes_namespace.jenkins.id
}
spec {
replicas = 1
selector {
match_labels = {
app = "jenkins"
}
}
template {
metadata {
labels = {
app = "jenkins"
}
}
spec {
container {
image = "jenkins/jenkins:2.332.2-centos7-jdk8"
name = "jenkins"
image_pull_policy = "IfNotPresent"
port {
container_port = 8080
}
resources {
limits = {
cpu = "1000m"
memory = "4096Mi"
}
requests = {
cpu = "250m"
memory = "1024Mi"
}
}
# liveness_probe {
# http_get {
# path = "/"
# port = 8080
# }
# initial_delay_seconds = 30
# period_seconds = 3
# }
}
}
}
}
}
resource "kubernetes_service_v1" "jenkins" {
provider = kubernetes.clustera
metadata {
name = "jenkins-service"
namespace = kubernetes_namespace.jenkins.id
}
spec {
selector = {
app = kubernetes_deployment_v1.jenkins.metadata[0].labels.app
}
port {
port = 8080
target_port = 8080
}
type = "ClusterIP"
}
}
resource "kubernetes_ingress_v1" "jenkins_ingress" {
provider = kubernetes.clustera
metadata {
name = "jenkins-ingress"
namespace = kubernetes_namespace.jenkins.id
}
spec {
rule {
host = "jenkins.zeyang.site"
http {
path {
backend {
service {
name = kubernetes_service_v1.jenkins.metadata[0].name
port {
number = 8080
}
}
}
path_type = "Prefix"
path = "/"
}
}
}
}
}provider "kubernetes" {
# Configuration options
config_path = "../config/clustera.config"
config_context = "kubernetes-admin-cf1aa641cfb1942c693960bca49925eb7"
alias = "clustera"
insecure = true
}
resource "kubernetes_namespace" "jenkins" {
provider = kubernetes.clustera
metadata {
name = "devops"
}
}resource "alicloud_dns_record" "record" {
name = "zeyang.site"
host_record = "jenkins"
type = "A"
value = kubernetes_ingress_v1.jenkins_ingress.status[0].load_balancer[0].ingress[0].ip
}实验截图:
image.png
5. 销毁资源
cd devops
terraform destroy
cd ..
cd infra
terraform destroy
ASK扩展
手动在web控制台创建一个ASK集群:
导入到本地参考文档:https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/cs_serverless_kubernetes#import
首先,定义一个空的资源
resource "alicloud_cs_serverless_kubernetes" "main" {
}导入资源,替换集群的ID
terraform import alicloud_cs_serverless_kubernetes.main c995c50e1efa54eb9a1b03c8e41df22e5
写入Terraform代码中
terraform state list
alicloud_cs_serverless_kubernetes.main
terraform state show alicloud_cs_serverless_kubernetes.main
image.png
resource "alicloud_vpc" "vpc" {
vpc_name = "k8s_vpc"
cidr_block = "172.16.0.0/12"
}
resource "alicloud_vswitch" "vsw" {
vpc_id = alicloud_vpc.vpc.id
cidr_block = "172.16.0.0/16"
zone_id = "cn-zhangjiakou-c"
}
resource "alicloud_cs_serverless_kubernetes" "main" {
cluster_spec = "ack.standard"
deletion_protection = false
load_balancer_spec = "slb.s2.small"
logging_type = "SLS"
name = "k8s"
tags = {}
version = "1.22.10-aliyun.1"
vpc_id = alicloud_vpc.vpc.id
vswitch_ids = [alicloud_vswitch.vsw.id]
new_nat_gateway = true
endpoint_public_access_enabled = true
time_zone = "Asia/Shanghai"
service_cidr = "192.168.0.0/16"
service_discovery_types = ["CoreDNS"]
timeouts {}
addons {
# SLB Ingress
name = "alb-ingress-controller"
config = "{\"IngressSlbNetworkType\":\"internet\",\"IngressSlbSpec\":\"slb.s2.small\"}"
}
addons {
name = "metrics-server"
}
# addons {
# name = "knative"
# }
}删除集群报错:是需要手动先去删除ECI容器后再删除集群:
[
{
"instanceId":"eci-8vb2yx0ikaafizuhtin1",
"resource_type":"ALIYUN::ECI::ContainerGroup",
"dependencies":[
{
"cluster_id":"c995c50e1efa54eb9a1b03c8e41df22e5",
"instance_id":"eci-8vb2yx0ikaafizuhtin1",
"resource_type":"ALIYUN::ECI::ContainerGroup",
"resource_info":"",
"created":"0001-01-01T00:00:00Z",
"auto_create":0,
"state":""
}
]
},
{
"instanceId":"eci-8vb58w1ymcng876cbd8o",
"resource_type":"ALIYUN::ECI::ContainerGroup",
"dependencies":[
{
"cluster_id":"c995c50e1efa54eb9a1b03c8e41df22e5",
"instance_id":"eci-8vb58w1ymcng876cbd8o",
"resource_type":"ALIYUN::ECI::ContainerGroup",
"resource_info":"",
"created":"0001-01-01T00:00:00Z",
"auto_create":0,
"state":""
}
]
},
{
"instanceId":"eci-8vbhhxj8vesgv9tv6ooa",
"resource_type":"ALIYUN::ECI::ContainerGroup",
"dependencies":[
{
"cluster_id":"c995c50e1efa54eb9a1b03c8e41df22e5",
"instance_id":"eci-8vbhhxj8vesgv9tv6ooa",
"resource_type":"ALIYUN::ECI::ContainerGroup",
"resource_info":"",
"created":"0001-01-01T00:00:00Z",
"auto_create":0,
"state":""
}
]
},
{
"instanceId":"eci-8vbi7fptgy6ir4ua3gn1",
"resource_type":"ALIYUN::ECI::ContainerGroup",
"dependencies":[
{
"cluster_id":"c995c50e1efa54eb9a1b03c8e41df22e5",
"instance_id":"eci-8vbi7fptgy6ir4ua3gn1",
"resource_type":"ALIYUN::ECI::ContainerGroup",
"resource_info":"",
"created":"0001-01-01T00:00:00Z",
"auto_create":0,
"state":""
}
]
},
{
"instanceId":"eci-8vb9vrtvpldaxrh3m62d",
"resource_type":"ALIYUN::ECI::ContainerGroup",
"dependencies":[
{
"cluster_id":"c995c50e1efa54eb9a1b03c8e41df22e5",
"instance_id":"eci-8vb9vrtvpldaxrh3m62d",
"resource_type":"ALIYUN::ECI::ContainerGroup",
"resource_info":"",
"created":"0001-01-01T00:00:00Z",
"auto_create":0,
"state":""
}
]
},
{
"instanceId":"eci-8vb2yx0ikaafizuhtin0",
"resource_type":"ALIYUN::ECI::ContainerGroup",
"dependencies":[
{
"cluster_id":"c995c50e1efa54eb9a1b03c8e41df22e5",
"instance_id":"eci-8vb2yx0ikaafizuhtin0",
"resource_type":"ALIYUN::ECI::ContainerGroup",
"resource_info":"",
"created":"0001-01-01T00:00:00Z",
"auto_create":0,
"state":""
}
]
}
]感谢“大可不加冰”老师的建议,后续可以将kubeconfig文件不要存储在本地,有时候配置和terraform不一定在同一台机器中。可以通过output或者remote_state的方式获取。
视频回放参考
