Create an ACK Edge cluster using Terraform-Container Service for Kubernetes(ACK)-阿里云帮助中心

Terraform is an open-source Infrastructure as Code (IaC) tool that allows you to safely and efficiently preview, provision, and manage cloud infrastructure and resources. This topic describes how to use Terraform to create an ACK Edge cluster.

Note

The sample code in this topic supports one-click deployment. You can run the code in Terraform Explorer.

Prerequisites

You have activated ACK Edge.
Your Alibaba Cloud account must have full permissions on all resources. If the credentials of your Alibaba Cloud account are leaked, you may face significant security risks. We recommend that you use a Resource Access Management (RAM) user and create an AccessKey for the RAM user. For more information, see Create a RAM user and Create an AccessKey.

Attach the following least privilege policy to the RAM user that you use to run Terraform commands. This policy grants the RAM user permissions to manage the resources in this example. For more information, see Manage RAM user permissions.

This policy allows the RAM user to create, view, and delete VPCs, vSwitches, and ACK clusters.

{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "vpc:CreateVpc",
                "vpc:CreateVSwitch",
                "cs:CreateCluster",
                "vpc:DescribeVpcAttribute",
                "vpc:DescribeVSwitchAttributes",
                "vpc:DescribeRouteTableList",
                "vpc:DescribeNatGateways",
                "cs:DescribeTaskInfo",
                "cs:DescribeClusterDetail",
                "cs:GetClusterCerts",
                "cs:CheckControlPlaneLogEnable",
                "cs:CreateClusterNodePool",
                "cs:DescribeClusterNodePoolDetail",
                "cs:DescribeClusterNodePools",
                "cs:ScaleOutCluster",
                "cs:DescribeClusterNodes",
                "vpc:DeleteVpc",
                "vpc:DeleteVSwitch",
                "cs:DeleteCluster",
                "cs:DeleteClusterNodepool"
            ],
            "Resource": "*"
        }
    ]
}

Prepare a Terraform environment. You can use one of the following methods to run Terraform.
- Use Terraform in Terraform Explorer: Alibaba Cloud provides an online environment to run Terraform. You do not need to install Terraform. You can log on to use and try Terraform online. This method is suitable for scenarios where you want to try and debug Terraform quickly and conveniently at no cost.
- Cloud Shell: Alibaba Cloud Cloud Shell has Terraform components pre-installed and identity credentials configured. You can run Terraform commands directly in Cloud Shell. This method is suitable for scenarios where you want to access and use Terraform quickly and conveniently at a low cost.
- Install and configure Terraform on your local machine: This method is suitable for scenarios with poor network connectivity or when you need a custom development environment.
Important
Ensure your Terraform version is v0.12.28 or later. You can run the terraform --version command to check the version.

Resources

Note

Some resources created in this topic are billed on a pay-as-you-go basis. Release the resources when they are no longer needed to avoid unexpected charges.

alicloud_zones: Queries availability zones.
alicloud_instance_types: Queries ECS instance types that meet specified criteria.
alicloud_vpc: Creates a virtual private cloud (VPC).
alicloud_vswitch: Creates a vSwitch to define a subnet in a VPC.
alicloud_cs_edge_kubernetes: Creates an ACK Edge cluster.
alicloud_cs_kubernetes_node_pool: Creates a node pool for an ACK managed cluster.

Create an ACK Edge cluster

Create a working directory and a configuration file named main.tf in the directory.

The main.tf file defines the following Terraform configuration:

Creates a VPC and a vSwitch in the VPC.
Creates an ACK Edge cluster.
Creates a node pool that contains two nodes.

provider "alicloud" {
  region = var.region_id
}
variable "region_id" {
  default = "cn-hangzhou"
}
variable "k8s_name_edge" {
  type        = string
  description = "The name used to create edge kubernetes cluster."
  default     = "edge-example"
}
variable "new_vpc_name" {
  type        = string
  description = "The name used to create vpc."
  default     = "tf-vpc-172-16"
}
variable "new_vsw_name" {
  type        = string
  description = "The name used to create vSwitch."
  default     = "tf-vswitch-172-16-0"
}
variable "nodepool_name" {
  type        = string
  description = "The name used to create node pool."
  default     = "edge-nodepool-1"
}
variable "k8s_login_password" {
  type    = string
  default = "Test123456"
}
variable "k8s_version" {
  type        = string
  description = "Kubernetes version"
  default     = "1.28.9-aliyun.1"
}
variable "containerd_runtime_version" {
  type    = string
  default = "1.6.34"
}
variable "cluster_spec" {
  type        = string
  description = "The cluster specifications of kubernetes cluster,which can be empty. Valid values:ack.standard : Standard managed clusters; ack.pro.small : Professional managed clusters."
  default     = "ack.pro.small"
}
data "alicloud_zones" "default" {
  available_resource_creation = "VSwitch"
  available_disk_category     = "cloud_efficiency"
}
data "alicloud_instance_types" "default" {
  availability_zone    = data.alicloud_zones.default.zones.0.id
  cpu_core_count       = 4
  memory_size          = 8
  kubernetes_node_role = "Worker"
}
resource "alicloud_vpc" "vpc" {
  vpc_name   = var.new_vpc_name
  cidr_block = "172.16.0.0/12"
}
resource "alicloud_vswitch" "vsw" {
  vswitch_name = var.new_vsw_name
  vpc_id       = alicloud_vpc.vpc.id
  cidr_block   = cidrsubnet(alicloud_vpc.vpc.cidr_block, 8, 8)
  zone_id      = data.alicloud_zones.default.zones.0.id
}
resource "alicloud_cs_edge_kubernetes" "edge" {
  name                  = var.k8s_name_edge
  version               = var.k8s_version
  cluster_spec          = var.cluster_spec
  worker_vswitch_ids    = split(",", join(",", alicloud_vswitch.vsw.*.id))
  worker_instance_types = [data.alicloud_instance_types.default.instance_types.0.id]
  password              = var.k8s_login_password
  new_nat_gateway       = true
  pod_cidr              = "10.10.0.0/16"
  service_cidr          = "10.12.0.0/16"
  load_balancer_spec    = "slb.s2.small"
  worker_number         = 1
  node_cidr_mask        = 24
  # The container runtime.
  runtime = {
    name    = "containerd"
    version = var.containerd_runtime_version
  }
}
# The node pool.
resource "alicloud_cs_kubernetes_node_pool" "nodepool" {
  # The ID of the Kubernetes cluster.
  cluster_id = alicloud_cs_edge_kubernetes.edge.id
  # The name of the node pool.
  node_pool_name = var.nodepool_name
  # The vSwitches for the new Kubernetes cluster. Specify the IDs of one or more vSwitches. The vSwitches must be in the zone specified by availability_zone.
  vswitch_ids = split(",", join(",", alicloud_vswitch.vsw.*.id))
  # The ECS instance types and billing method.
  instance_types       = [data.alicloud_instance_types.default.instance_types.0.id]
  instance_charge_type = "PostPaid"
  # Optional. A custom instance name.
  # node_name_mode      = "customized,edge-shenzhen,ip,default"
  # The container runtime.
  runtime_name    = "containerd"
  runtime_version = var.containerd_runtime_version
  # The expected number of nodes in the node pool.
  desired_size = 2
  # The password used to log on to the cluster nodes by using SSH.
  password = var.k8s_login_password
  # Specifies whether to install CloudMonitor on the Kubernetes nodes.
  install_cloud_monitor = true
  # The category of the system disk for nodes. Valid values: cloud_ssd and cloud_efficiency. Default value: cloud_efficiency.
  system_disk_category = "cloud_efficiency"
  system_disk_size     = 100
  # The OS type.
  image_type = "AliyunLinux"
  # The data disk configurations of nodes.
  data_disks {
    # The category of the data disk.
    category = "cloud_efficiency"
    # The size of the data disk.
    size = 120
  }
  lifecycle {
    ignore_changes = [
      labels
    ]
  }
}

Run the following command to initialize the Terraform working directory.

terraform init

A successful initialization produces the following output.

Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Run the following command to create an execution plan and preview the changes.

terraform plan

The following output indicates that the execution plan was created successfully.

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
...
Plan: 4 to add, 0 to change, 0 to destroy.
...

Run the following command to apply the configuration and create the ACK Edge cluster.

terraform apply

When prompted, type yes and press Enter. Wait for the command to complete. The cluster is created successfully when the following output appears.

...
Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.
  Enter a value: yes
...
alicloud_cs_edge_kubernetes.edge: Creation complete after 8m26s [id=************]
Apply complete! Resources: 4 added, 0 changed, 0 destroyed.

Verify the result

Terraform show

Run the following command to view details about the resources created by Terraform.

terraform show

The command returns output similar to the following:

# alicloud_cs_edge_kubernetes.edge:
resource "alicloud_cs_edge_kubernetes" "edge" {
    certificate_authority = {}
    cluster_spec          = "ack.pro.small"
    connections           = {
        "api_server_internet" = "https://121.43.224.65:6443"
        "api_server_intranet" = "https://172.16.143.180:6443"
        "master_public_ip"    = "12xxx5"
    }
    deletion_protection   = false
    force_update          = false
    id                    = "c8cfixxx691"
    install_cloud_monitor = true
    load_balancer_spec    = "slb.s2.small"
    name                  = "edge-example-edge"
    name_prefix           = "Terraform-Creation"
    nat_gateway_id        = "ngw-bp1xxxoy"
    new_nat_gateway       = true
    node_cidr_mask        = 24
    password              = (sensitive value)
    pod_cidr              = "10.10.0.0/16"
    proxy_mode            = "ipvs"
    resource_group_id     = "rg-aekzxxxxxxxx"
    runtime               = {
        "name"    = "containerd"
        "version" = "1.6.28"
    }
}

ACK console

Log on to the ACK console to view the created cluster. On the details page of the cluster, click the Basic Information tab to view its basic information and network configurations. The basic information includes details such as the cluster name (edge-example), region (China (Hangzhou)), cluster status (Running), cluster type (ACK Edge Pro), Kubernetes version (1.28.9-aliyun.1), and deletion protection (Disabled). The network configurations include the network plug-in (Flannel), service proxy mode (IPVS), internal and public API server endpoints, and the Service CIDR (10.12.0.0/16).

Clean up resources

To release the resources created in this topic, run the terraform destroy command. For more information about terraform destroy, see Common commands.

terraform destroy

Complete example

Note

The sample code in this topic supports one-click deployment. You can run the code in Terraform Explorer.

Sample code

provider "alicloud" {
  region = var.region_id
}
variable "region_id" {
  default = "cn-hangzhou"
}
variable "k8s_name_edge" {
  type        = string
  description = "The name used to create edge kubernetes cluster."
  default     = "edge-example"
}
variable "new_vpc_name" {
  type        = string
  description = "The name used to create vpc."
  default     = "tf-vpc-172-16"
}
variable "new_vsw_name" {
  type        = string
  description = "The name used to create vSwitch."
  default     = "tf-vswitch-172-16-0"
}
variable "nodepool_name" {
  type        = string
  description = "The name used to create node pool."
  default     = "edge-nodepool-1"
}
variable "k8s_login_password" {
  type    = string
  default = "Test123456"
}
variable "k8s_version" {
  type        = string
  description = "Kubernetes version"
  default     = "1.28.9-aliyun.1"
}
variable "containerd_runtime_version" {
  type    = string
  default = "1.6.34"
}
variable "cluster_spec" {
  type        = string
  description = "The cluster specifications of kubernetes cluster,which can be empty. Valid values:ack.standard : Standard managed clusters; ack.pro.small : Professional managed clusters."
  default     = "ack.pro.small"
}
data "alicloud_zones" "default" {
  available_resource_creation = "VSwitch"
  available_disk_category     = "cloud_efficiency"
}
data "alicloud_instance_types" "default" {
  availability_zone    = data.alicloud_zones.default.zones.0.id
  cpu_core_count       = 4
  memory_size          = 8
  kubernetes_node_role = "Worker"
}
resource "alicloud_vpc" "vpc" {
  vpc_name   = var.new_vpc_name
  cidr_block = "172.16.0.0/12"
}
resource "alicloud_vswitch" "vsw" {
  vswitch_name = var.new_vsw_name
  vpc_id       = alicloud_vpc.vpc.id
  cidr_block   = cidrsubnet(alicloud_vpc.vpc.cidr_block, 8, 8)
  zone_id      = data.alicloud_zones.default.zones.0.id
}
resource "alicloud_cs_edge_kubernetes" "edge" {
  name                  = var.k8s_name_edge
  version               = var.k8s_version
  cluster_spec          = var.cluster_spec
  worker_vswitch_ids    = split(",", join(",", alicloud_vswitch.vsw.*.id))
  worker_instance_types = [data.alicloud_instance_types.default.instance_types.0.id]
  password              = var.k8s_login_password
  new_nat_gateway       = true
  pod_cidr              = "10.10.0.0/16"
  service_cidr          = "10.12.0.0/16"
  load_balancer_spec    = "slb.s2.small"
  worker_number         = 1
  node_cidr_mask        = 24
  # The container runtime.
  runtime = {
    name    = "containerd"
    version = var.containerd_runtime_version
  }
}
# The node pool.
resource "alicloud_cs_kubernetes_node_pool" "nodepool" {
  # The ID of the Kubernetes cluster.
  cluster_id = alicloud_cs_edge_kubernetes.edge.id
  # The name of the node pool.
  node_pool_name = var.nodepool_name
  # The vSwitches for the new Kubernetes cluster. Specify the IDs of one or more vSwitches. The vSwitches must be in the zone specified by availability_zone.
  vswitch_ids = split(",", join(",", alicloud_vswitch.vsw.*.id))
  # The ECS instance types and billing method.
  instance_types       = [data.alicloud_instance_types.default.instance_types.0.id]
  instance_charge_type = "PostPaid"
  # Optional. A custom instance name.
  # node_name_mode      = "customized,edge-shenzhen,ip,default"
  # The container runtime.
  runtime_name    = "containerd"
  runtime_version = var.containerd_runtime_version
  # The expected number of nodes in the node pool.
  desired_size = 2
  # The password used to log on to the cluster nodes by using SSH.
  password = var.k8s_login_password
  # Specifies whether to install CloudMonitor on the Kubernetes nodes.
  install_cloud_monitor = true
  # The category of the system disk for nodes. Valid values: cloud_ssd and cloud_efficiency. Default value: cloud_efficiency.
  system_disk_category = "cloud_efficiency"
  system_disk_size     = 100
  # The OS type.
  image_type = "AliyunLinux"
  # The data disk configurations of nodes.
  data_disks {
    # The category of the data disk.
    category = "cloud_efficiency"
    # The size of the data disk.
    size = 120
  }
  lifecycle {
    ignore_changes = [
      labels
    ]
  }
}