写点什么

使用 Terraform 部署华为云和 kubernetes 资源

  • 2024-01-09
    广东
  • 本文字数:3545 字

    阅读完需:约 12 分钟

使用Terraform部署华为云和kubernetes资源

本文分享自华为云社区《使用Terraform部署华为云和kubernetes资源》,作者: 可以交个朋友。

Terraform 概述


Terraform 是由 HashiCorp 创建的开源“基础架构即代码”工具。


作为一种声明式编码工具,Terraform 使开发人员能够使用一种称为 HCL(HashiCorp 配置语言)的高级配置语言来描述运行应用程序所需的“最终状态”云或本地基础设施。然后,它会生成一个达到该最终状态的计划,并执行该计划来供应基础设施。



terraform 通过 provider 调用云厂商的 API 进行资源管理

安装 terraform


Terraform 是以二进制可执行文件发布,您只需下载 terraform 二进制文件,然后将 terraform 可执行文件添加到系统环境变量 PATH 中即可。


wget https://releases.hashicorp.com/terraform/1.6.6/terraform_1.6.6_linux_amd64.zipunzip terraform_1.6.6_linux_amd64.zipmv terraform /usr/local/bin/terraform -version
复制代码

配置认证


Terraform 支持编排华为云上的各种云资源,使用 Terraform 管理华为云资源前,您需要获取 AK/SK,并在 Terraform 上进行配置,从而认证鉴权。您可以使用如下两种方式配置 Terraform


在 Terraform 配置文件中添加 AK/SK 信息


provider "huaweicloud" {  region     = "cn-north-1"  access_key = "my-access-key"  secret_key = "my-secret-key"}
复制代码


region:区域,即需要创建管理哪个区域的资源。您可以在这里查询华为云支持的区域。


access_key:密钥 ID,即 AK。查询方法请参见访问密钥


secret_key:访问密钥,即 SK。查询方法请参见访问密钥


在系统环境变量中添加 AK/SK 信息


export HW_REGION_NAME="cn-north-1"export HW_ACCESS_KEY="my-access-key"export HW_SECRET_KEY="my-secret-key"
复制代码


更多配置参数请参考:https://registry.terraform.io/providers/huaweicloud/huaweicloud/latest/docs

安装华为云 provider


下载华为云 provider:https://github.com/huaweicloud/terraform-provider-huaweicloud/releases


如何加速下载华为云 provider:https://support.huaweicloud.com/terraform_faq/index.html

准备 terraform 配置文件


准备 provider 的 version 文件,huaweicloud 为本地安装,kubernetes 在线安装


terraform {  required_version = ">= 0.13"
required_providers { huaweicloud = { source = "local-registry/huaweicloud/huaweicloud" version = ">= 1.60.1" } kubernetes = { source = "hashicorp/kubernetes" version = ">= 2.24.0" } }}
复制代码


准备 provider 需要的 auth 文件,mycluster 是资源名称,请替换为实际值


provider "huaweicloud" {  region        = "cn-north-4"  access_key     = "***"   #AK  secret_key     = "***"   #SK}
provider "kubernetes" { host = huaweicloud_cce_cluster.mycluster.certificate_clusters[0].server cluster_ca_certificate = "${base64decode(huaweicloud_cce_cluster.mycluster.certificate_clusters[0].certificate_authority_data)}" client_key = "${base64decode(huaweicloud_cce_cluster.mycluster.certificate_users[0].client_key_data)}" client_certificate = "${base64decode(huaweicloud_cce_cluster.mycluster.certificate_users[0].client_certificate_data)}"}
复制代码


准备需要创建的 CCE 资源文件


variable cce_node_password {  description = "node password"  type = string  nullable = "false"  sensitive = "true"  #不显示输入的密码}//创建vpcresource "huaweicloud_vpc" "myvpc" {  name = "vpc"  cidr = "172.16.0.0/16"}
//创建子网resource "huaweicloud_vpc_subnet" "mysubnet" { name = "subnet" cidr = "172.16.0.0/16" gateway_ip = "172.16.0.1"
//设置VPC的DNS信息 primary_dns = "100.125.1.250" secondary_dns = "100.125.21.250" vpc_id = huaweicloud_vpc.myvpc.id}
//创建CCE集群resource "huaweicloud_cce_cluster" "mycluster" { name = "terraform-cce" flavor_id = "cce.s1.small" vpc_id = huaweicloud_vpc.myvpc.id subnet_id = huaweicloud_vpc_subnet.mysubnet.id container_network_type = "vpc-router" container_network_cidr = "10.128.0.0/10" kube_proxy_mode = "iptables"}
//创建节点池resource "huaweicloud_cce_node_pool" "node_pool" { cluster_id = huaweicloud_cce_cluster.mycluster.id name = "test-pool" subnet_id = huaweicloud_vpc_subnet.mysubnet.id os = "Huawei Cloud EulerOS 2.0" initial_node_count = 2 #节点池初始节点数 flavor_id = "c7.large.2" availability_zone = "cn-north-4a" password = var.cce_node_password scall_enable = true #开启弹性伸缩 min_node_count = 1 max_node_count = 10 scale_down_cooldown_time = 100 priority = 1 type = "vm"
root_volume { size = 40 volumetype = "SAS" } data_volumes { size = 100 volumetype = "SAS" } labels = { //key = value test = "test" }
taints { key = "test" value = "test" effect = "NoSchedule" }
}
data "huaweicloud_cce_addon_template" "metrics-server" { name = "metrics-server" cluster_id = huaweicloud_cce_cluster.mycluster.id version = "1.3.12"}
//安装CCE插件metric-serverresource "huaweicloud_cce_addon" "metrics-server" { cluster_id = huaweicloud_cce_cluster.mycluster.id template_name = "metrics-server" version = "1.3.12" values { basic = jsondecode(data.huaweicloud_cce_addon_template.metrics-server.spec).basic custom_json = jsonencode( { tolerations = [{ key = "test" operator = "Exists" }] }) flavor_json = jsonencode({ replicas = 1 resources = [{ limitsCpu = "1000m" limitsMem = "1000Mi" requestsCpu = "200m" requestsMem = "400Mi" }] }) }}
复制代码


准备需要创建的 kubernetes 资源文件


resource "kubernetes_deployment_v1" "example" {  metadata {    name = "terraform-example"    labels = {      test = "MyExampleApp"    }  }
spec { replicas = 1
selector { match_labels = { test = "MyExampleApp" } }
template { metadata { labels = { test = "MyExampleApp" } }
spec { container { image = "nginx:1.17.4" name = "example"
resources { limits = { cpu = "0.5" memory = "512Mi" } requests = { cpu = "250m" memory = "50Mi" } }
liveness_probe { http_get { path = "/" port = 80 } } } toleration { key = "test" operator = "Exists" } } } }}resource "kubernetes_service_v1" "example" { metadata { name = "terraform-example" } spec { selector = { test = "MyExampleApp" } port { port = 80 target_port = 80 }
type = "ClusterIP" }}
复制代码


使用命令创建以上资源


terraform init   #初始化providerterraform plan   #查看计划terraform apply -auto-approve  #执行计划
复制代码

效果展示


集群信息展示




节点池展示




CCE 插件展示



kubernetes 资源展示




点击关注,第一时间了解华为云新鲜技术~

发布于: 刚刚阅读数: 3
用户头像

提供全面深入的云计算技术干货 2020-07-14 加入

生于云,长于云,让开发者成为决定性力量

评论

发布
暂无评论
使用Terraform部署华为云和kubernetes资源_开发_华为云开发者联盟_InfoQ写作社区