在容器服务控制台,我们为您提供了便捷使用的可视界面,一步一步引导式地创建该类型集群。但当您需要反复创建托管版集群、大批量创建集群,使用控制台操作就显得繁琐了, 使用Terrafrom将会帮您解决这些问题。本文将介绍如何使用Terraform快速部署一个托管版的Kubernetes集群。
创建托管版 Kubernetes 集群
在阿里云托管版Kubernetes Terraform资源文档 alicloud_cs_managed_kubernetes中,可以看到该资源提供的参数列表。参数分为入参Argument和出参Attributes。入参列表内包含了必填参数以及可选参数,例如name和name_prefix就是一对必填参数,但它们互斥,即不能同时填写。如果填了name,集群名就是name的值,如果填了name_prefix,集群名会以name_prefix开头自动生成一个。
- 对照文档中的入参列表Argument Reference,先编写出一个集群的描述,代码如下:
provider "alicloud" { } # 默认资源名称 variable "name" { default = "my-first-kubernetes-demo" } # 日志服务项目名称 variable "log_project_name" { default = "my-first-kubernetes-sls-demo" } # 可用区 data "alicloud_zones" default { available_resource_creation = "VSwitch" } # 节点ECS实例配置 data "alicloud_instance_types" "default" { availability_zone = data.alicloud_zones.default.zones[0].id cpu_core_count = 2 memory_size = 4 kubernetes_node_role = "Worker" } # 专有网络 resource "alicloud_vpc" "default" { name = var.name cidr_block = "10.1.0.0/21" } # 交换机 resource "alicloud_vswitch" "default" { name = var.name vpc_id = alicloud_vpc.default.id cidr_block = "10.1.1.0/24" availability_zone = data.alicloud_zones.default.zones[0].id } # 日志服务 resource "alicloud_log_project" "log" { name = var.log_project_name description = "created by terraform for managedkubernetes cluster" } # kubernetes托管版 resource "alicloud_cs_managed_kubernetes" "default" { # kubernetes集群名称的前缀。与name冲突。如果指定,terraform将使用它来构建唯一的集群名称。默认为“ Terraform-Creation”。 name_prefix = var.name # 新的kubernetes集群将位于的区域。 availability_zone = data.alicloud_zones.default.zones[0].id # 新的kubernetes集群将位于的vswitch。指定一个或多个vswitch的ID。它必须在availability_zone指定的区域中 vswitch_ids = [alicloud_vswitch.default.id] # 是否在创建kubernetes集群时创建新的nat网关。默认为true。 new_nat_gateway = true # 节点的ECS实例类型。为单个AZ集群指定一种类型,为MultiAZ集群指定三种类型。您可以通过数据源instance_types获得可用的kubernetes主节点实例类型 worker_instance_types = [data.alicloud_instance_types.default.instance_types[0].id] # kubernetes集群的总工作节点数。默认值为3。最大限制为50。 worker_number = 2 # ssh登录集群节点的密码。您必须指定password或key_name kms_encrypted_password字段。 password = "Yourpassword1234" # pod网络的CIDR块。当cluster_network_type设置为flannel,你必须设定该参数。它不能与VPC CIDR相同,并且不能与VPC中的Kubernetes集群使用的CIDR相同,也不能在创建后进行修改。集群中允许的最大主机数量:256。 pod_cidr = "172.20.0.0/16" # 服务网络的CIDR块。它不能与VPC CIDR相同,不能与VPC中的Kubernetes集群使用的CIDR相同,也不能在创建后进行修改。 service_cidr = "172.21.0.0/20" # 是否为kubernetes的节点安装云监控。 install_cloud_monitor = true # 是否为API Server创建Internet负载均衡。默认为false。 slb_internet_enabled = true # 节点的系统磁盘类别。其有效值为cloud_ssd和cloud_efficiency。默认为cloud_efficiency。 worker_disk_category = "cloud_efficiency" # 节点的数据磁盘类别。其有效值为cloud_ssd和cloud_efficiency,如果未设置,将不会创建数据磁盘。 worker_data_disk_category = "cloud_ssd" # 节点的数据磁盘大小。有效值范围[20〜32768],以GB为单位。当worker_data_disk_category被呈现,则默认为40。 worker_data_disk_size = 200 # 日志配置 log_config { # 收集日志的类型,目前仅支持SLS。 type = "SLS" # 日志服务项目名称,集群日志将输出到该项目 project = alicloud_log_project.log.name } } - 将以上的配置保存为一个main.tf描述文件,在该文件的当前目录下执行terraform init和terraform apply。
- 执行terrafrom init命令初始化。
$ terraform init Initializing provider plugins... - Checking for available provider plugins on https://releases.hashicorp.com... - Downloading plugin for provider "alicloud" (1.26.0)... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. - 执行terrafrom apply命令创建资源。
$ terraform apply An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # alicloud_cs_managed_kubernetes.default will be created + resource "alicloud_cs_managed_kubernetes" "default" { + availability_zone = "cn-hangzhou-b" + force_update = false + id = (known after apply) + install_cloud_monitor = true + name = (known after apply) + name_prefix = "my-first-kubernetes-demo" + new_nat_gateway = true + password = (sensitive value) + pod_cidr = "172.20.0.0/16" + security_group_id = (known after apply) + service_cidr = "172.21.0.0/20" + slb_internet_enabled = true + vpc_id = (known after apply) + vswitch_ids = (known after apply) + worker_data_disk_category = "cloud_ssd" + worker_data_disk_size = 200 + worker_disk_category = "cloud_efficiency" + worker_disk_size = 40 + worker_instance_charge_type = "PostPaid" + worker_instance_types = [ + "ecs.n1.medium", ] + worker_nodes = (known after apply) + worker_number = 2 + log_config { + project = "my-first-kubernetes-sls-demo" + type = "SLS" } } # alicloud_log_project.log will be created + resource "alicloud_log_project" "log" { + description = "created by terraform for managedkubernetes cluster" + id = (known after apply) + name = "my-first-kubernetes-sls-demo" } # alicloud_vpc.default will be created + resource "alicloud_vpc" "default" { + cidr_block = "10.1.0.0/21" + id = (known after apply) + name = "my-first-kubernetes-demo" + resource_group_id = (known after apply) + route_table_id = (known after apply) + router_id = (known after apply) + router_table_id = (known after apply) } # alicloud_vswitch.default will be created + resource "alicloud_vswitch" "default" { + availability_zone = "cn-hangzhou-b" + cidr_block = "10.1.1.0/24" + id = (known after apply) + name = "my-first-kubernetes-demo" + vpc_id = (known after apply) } Plan: 4 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:
- 执行terrafrom init命令初始化。
- terraform init命令会把我们用到的Provider插件下载好,terraform apply命令会根据我们的main.tf描述文件计算出需要执行的操作。上述日志中显示将会创建一个alicloud_cs_managed_kubernetes.k8s的资源,需要我们输入yes来确认创建。确认创建后,创建大约会耗时五分钟,terraform会输出类似下面的日志。
Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_vpc.default: Creating... alicloud_log_project.log: Creating... alicloud_log_project.log: Creation complete after 1s [id=my-first-kubernetes-sls-demo] alicloud_vpc.default: Creation complete after 6s [id=vpc-bp1830x557ktabq******] alicloud_vswitch.default: Creating... alicloud_vswitch.default: Creation complete after 5s [id=vsw-bp1vb35pc7bvc0e*****] alicloud_cs_managed_kubernetes.default: Creating... alicloud_cs_managed_kubernetes.default: Still creating... [10s elapsed] alicloud_cs_managed_kubernetes.default: Still creating... [20s elapsed] alicloud_cs_managed_kubernetes.default: Still creating... [30s elapsed] alicloud_cs_managed_kubernetes.default: Still creating... [40s elapsed] alicloud_cs_managed_kubernetes.default: Still creating... [50s elapsed] ...... alicloud_cs_managed_kubernetes.k8s: Creation complete after 6m5s (ID: cc54df7d990a24ed18c1e0ebacd36418c) Apply complete! Resources: 4 added, 0 changed, 0 destroyed. - 当出现
Apply complete! Resources: 4 added字样的时候,集群已经成功创建,此时我们也可以登录控制台在集群列表中查看此集群。
修改托管版Kubernetes集群
在Terraform Provider中,我们提供了一部分参数的修改能力,一般情况下,所有非Force New Resouce(强制新建资源)的参数都可以被修改。
- 下面我们修改部分参数,注释内容为更新的项目。
resource "alicloud_cs_managed_kubernetes" "default" { # 更换集群的名称为 test-managed-kubernetes-updated name = "test-managed-kubernetes-updated" availability_zone = data.alicloud_zones.default.zones[0].id vswitch_ids = [alicloud_vswitch.default.id] new_nat_gateway = true worker_instance_types = [data.alicloud_instance_types.default.instance_types[0].id] # 修改 worker_numbers 为 3,可以扩容一个 worker 节点 worker_number = 3 password = "Yourpassword1234" pod_cidr = "172.20.0.0/16" service_cidr = "172.21.0.0/20" install_cloud_monitor = true slb_internet_enabled = true worker_disk_category = "cloud_efficiency" worker_data_disk_category = "cloud_ssd" worker_data_disk_size = 200 log_config { type = "SLS" project = alicloud_log_project.log.name } # 导出集群的连接配置文件到 /tmp 目录 kube_config = "/tmp/config" # 导出集群的证书相关文件到 /tmp 目录,下同 client_cert = "/tmp/client-cert.pem" client_key = "/tmp/client-key.pem" cluster_ca_cert = "/tmp/cluster-ca-cert.pem" } - 和创建集群一样,修改集群时使用的命令也是terraform apply。执行后我们得到以下日志输出,输入yes并回车,我们就可以把该集群的名称改为test-managed-kubernetes-updated,worker节点扩容至3节点,同时将导出证书和连接文件到本机的/tmp 目录。
$ terraform apply alicloud_cs_managed_kubernetes.k8s: Refreshing state... (ID: cc54df7d990a24ed18c1e0ebacd36418c) An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: ~ alicloud_cs_managed_kubernetes.k8s client_cert: "" => "/tmp/client-cert.pem" client_key: "" => "/tmp/client-key.pem" cluster_ca_cert: "" => "/tmp/cluster-ca-cert.pem" kube_config: "" => "/tmp/config" name: "test-managed-kubernetes" => "test-managed-kubernetes-updated" worker_numbers.0: "2" => "3" Plan: 0 to add, 1 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_cs_managed_kubernetes.k8s: Modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c) client_cert: "" => "/tmp/client-cert.pem" client_key: "" => "/tmp/client-key.pem" cluster_ca_cert: "" => "/tmp/cluster-ca-cert.pem" kube_config: "" => "/tmp/config" name: "test-managed-kubernetes" => "test-managed-kubernetes-updated" worker_numbers.0: "2" => "3" alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 10s elapsed) alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 20s elapsed) alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 30s elapsed) ...... alicloud_cs_managed_kubernetes.k8s: Modifications complete after 4m4s (ID: cc54df7d990a24ed18c1e0ebacd36418c) Apply complete! Resources: 0 added, 1 changed, 0 destroyed. - Terraform apply运行成功后,控制台中显示的集群信息已经表明现在集群已经变成了我们期望的状态。在本机上,我们也通过导出的连接文件,用kubectl连接到集群。
