使用Terraform创建ACK_容器服务 Kubernetes 版 ACK(ACK)-阿里云帮助中心

Terraform是HashiCorp公司提供的一种开源工具，用于安全高效地预览、配置和管理云基础架构和资源，帮助开发者自动化地创建、更新阿里云基础设施资源，并进行版本管理。本文介绍如何使用Terraform创建ACK专有版集群。

前提条件

已安装Terraform。
说明
请确认Terraform版本不低于v0.12.28，可通过terraform --version命令查看Terraform版本。
- Cloud Shell默认安装配置了Terraform和阿里云账号信息，无需任何额外配置。
- 如果您不使用Cloud Shell，关于安装Terraform的方式，请参见在本地安装和配置Terraform。

配置阿里云账号信息。

执行如下命令，创建环境变量，用于存放身份认证信息。

Linux 环境

export ALICLOUD_ACCESS_KEY="************"   #替换为阿里云账号的AK信息。
export ALICLOUD_SECRET_KEY="************"   #替换为阿里云账号的SK信息。
export ALICLOUD_REGION="cn-beijing"         #替换为您集群所在的地域。

Windows 环境

set ALICLOUD_ACCESS_KEY="************"   #替换为阿里云账号的AK信息。
set ALICLOUD_SECRET_KEY="************"   #替换为阿里云账号的SK信息。
set ALICLOUD_REGION="cn-beijing"         #替换为您集群所在的地域。

说明

为提高权限管理的灵活性和安全性，建议您创建名为Terraform的RAM用户，并为该RAM用户创建AccessKey和授权。具体操作，请参见创建RAM用户和为RAM用户授权。

已开通容器服务ACK。
说明
若您需要使用Terraform开通，请参考使用Terraform开通容器服务ACK。

创建工作目录，并且在工作目录中创建variable.tf配置文件，

展开查看本文用到的variable.tf文件

variable "name" {
  default = "tf-example"
}

# leave it to empty would create a new one
variable "vpc_id" {
  description = "Existing vpc id used to create several vswitches and other resources."
  default     = ""
}

variable "vpc_cidr" {
  description = "The cidr block used to launch a new vpc when 'vpc_id' is not specified."
  default     = "10.0.0.0/8"
}

# leave it to empty then terraform will create several vswitches
variable "vswitch_ids" {
  description = "List of existing vswitch id."
  type        = list(string)
  default     = []
}


variable "vswitch_cidrs" {
  description = "List of cidr blocks used to create several new vswitches when 'vswitch_ids' is not specified."
  type        = list(string)
  default     = ["10.1.0.0/16", "10.2.0.0/16", "10.3.0.0/16"]
}

variable "terway_vswitch_ids" {
  description = "List of existing vswitch ids for terway."
  type        = list(string)
  default     = []
}

variable "terway_vswitch_cidrs" {
  description = "List of cidr blocks used to create several new vswitches when 'terway_vswitch_cidrs' is not specified."
  type        = list(string)
  default     = ["10.4.0.0/16", "10.5.0.0/16", "10.6.0.0/16"]
}

variable "cluster_addons" {
  type = list(object({
    name   = string
    config = string
  }))

  default = [
    {
      "name"   = "terway-eniip",
      "config" = "",
    },
    {
      "name"   = "csi-plugin",
      "config" = "",
    },
    {
      "name"   = "csi-provisioner",
      "config" = "",
    },
    {
      "name"   = "logtail-ds",
      "config" = "\"IngressDashboardEnabled\":\"true\"",
    },
    {
      "name"   = "nginx-ingress-controller",
      "config" = "\"IngressSlbNetworkType\":\"internet\"",
    },
    {
      "name"   = "arms-prometheus",
      "config" = "",
    },
    {
      "name"   = "ack-node-problem-detector",
      "config" = "\"sls_project_name\":\"\"",
    }
  ]
}

说明

variable.tf配置中的地域请与下文main.tf配置文件保持一致。

alicloud_cs_kubernetes

使用Terraform创建ACK专有版集群（Terway）

在前提条件中创建的工作目录中创建以下名为main.tf的配置文件。

main.tf配置文件描述了以下的Terraform配置：

创建1个新的VPC，并创建3个该VPC下的vSwitch、3个Pod vSwitch。
创建1个专有版ACK专有版集群。
创建1个包含2个节点的节点池。
创建1个自动伸缩节点池。

展开查看main.tf文件

data "alicloud_enhanced_nat_available_zones" "enhanced" {}

# If there is not specifying vpc_id, the module will launch a new vpc
resource "alicloud_vpc" "vpc" {
  count      = var.vpc_id == "" ? 1 : 0
  cidr_block = var.vpc_cidr
}

# According to the vswitch cidr blocks to launch several vswitches
resource "alicloud_vswitch" "vswitches" {
  count      = length(var.vswitch_ids) > 0 ? 0 : length(var.vswitch_cidrs)
  vpc_id     = var.vpc_id == "" ? join("", alicloud_vpc.vpc.*.id) : var.vpc_id
  cidr_block = element(var.vswitch_cidrs, count.index)
  zone_id    = data.alicloud_enhanced_nat_available_zones.enhanced.zones[count.index].zone_id
}

# According to the vswitch cidr blocks to launch several vswitches
resource "alicloud_vswitch" "terway_vswitches" {
  count      = length(var.terway_vswitch_ids) > 0 ? 0 : length(var.terway_vswitch_cidrs)
  vpc_id     = var.vpc_id == "" ? join("", alicloud_vpc.vpc.*.id) : var.vpc_id
  cidr_block = element(var.terway_vswitch_cidrs, count.index)
  zone_id    = data.alicloud_enhanced_nat_available_zones.enhanced.zones[count.index].zone_id
}

data "alicloud_resource_manager_resource_groups" "default" {
  status = "OK"
}

data "alicloud_instance_types" "default" {
  count                = 3
  availability_zone    = data.alicloud_enhanced_nat_available_zones.enhanced.zones[0].zone_id
  cpu_core_count       = 4
  memory_size          = 8
}

resource "alicloud_cs_kubernetes" "default" {
  master_vswitch_ids    = length(var.vswitch_ids) > 0 ? split(",", join(",", var.vswitch_ids)) : length(var.vswitch_cidrs) < 1 ? [] : split(",", join(",", alicloud_vswitch.vswitches.*.id))
  pod_vswitch_ids       = length(var.terway_vswitch_ids) > 0 ? split(",", join(",", var.terway_vswitch_ids)) : length(var.terway_vswitch_cidrs) < 1 ? [] : split(",", join(",", alicloud_vswitch.terway_vswitches.*.id))
  master_instance_types = [data.alicloud_instance_types.default.0.instance_types.0.id, data.alicloud_instance_types.default.1.instance_types.0.id, data.alicloud_instance_types.default.2.instance_types.0.id]
  master_disk_category  = "cloud_ssd"
  password              = "Yourpassword1234"
  service_cidr          = "172.18.0.0/16"
  load_balancer_spec    = "slb.s1.small"
  install_cloud_monitor = "true"
  resource_group_id     = data.alicloud_resource_manager_resource_groups.default.groups.0.id
  deletion_protection   = "false"
  timezone              = "Asia/Shanghai"
  os_type               = "Linux"
  platform              = "AliyunLinux3"
  cluster_domain        = "cluster.local"
  proxy_mode            = "ipvs"
  custom_san            = "www.terraform.io"
  new_nat_gateway       = "true"
  dynamic "addons" {
    for_each = var.cluster_addons
    content {
      name   = lookup(addons.value, "name", var.cluster_addons)
      config = lookup(addons.value, "config", var.cluster_addons)
    }
  }
}

执行以下命令，初始化Terraform运行环境。

terraform init

返回信息如下，Terraform初始化成功。

Initializing the backend...

Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "alicloud" (hashicorp/alicloud) 1.90.1...
...

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

执行以下命令，生成资源规划。

terraform plan

返回信息如下，资源规划生成成功。

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
...
Plan: 7 to add, 0 to change, 0 to destroy.
...

执行以下命令，创建集群。

terraform apply

返回信息如下，输入yes，按Enter键，集群创建成功。

...
Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes
...
alicloud_cs_managed_kubernetes.default: Creation complete after 8m26s [id=************]

Apply complete! Resources: 7 added, 0 changed, 1 destroyed.

使用Terraform删除ACK专有版集群

您可以执行以下命令，删除通过Terraform创建的集群。

terraform destroy

返回信息如下，输入yes，按Enter键，集群删除成功。

...
Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes
...
Destroy complete! Resources: 7 destroyed.