本文分享自华为云社区《使用Terraform部署华为云和kubernetes资源》,作者: 可以交个朋友。
Terraform 概述
Terraform 是由 HashiCorp 创建的开源“基础架构即代码”工具。
作为一种声明式编码工具,Terraform 使开发人员能够使用一种称为 HCL(HashiCorp 配置语言)的高级配置语言来描述运行应用程序所需的“最终状态”云或本地基础设施。然后,它会生成一个达到该最终状态的计划,并执行该计划来供应基础设施。
terraform 通过 provider 调用云厂商的 API 进行资源管理
安装 terraform
Terraform 是以二进制可执行文件发布,您只需下载 terraform 二进制文件,然后将 terraform 可执行文件添加到系统环境变量 PATH 中即可。
wget https://releases.hashicorp.com/terraform/1.6.6/terraform_1.6.6_linux_amd64.zipunzip terraform_1.6.6_linux_amd64.zipmv terraform /usr/local/bin/terraform -version
复制代码
配置认证
Terraform 支持编排华为云上的各种云资源,使用 Terraform 管理华为云资源前,您需要获取 AK/SK,并在 Terraform 上进行配置,从而认证鉴权。您可以使用如下两种方式配置 Terraform
在 Terraform 配置文件中添加 AK/SK 信息
provider "huaweicloud" { region = "cn-north-1" access_key = "my-access-key" secret_key = "my-secret-key"}
复制代码
region:区域,即需要创建管理哪个区域的资源。您可以在这里查询华为云支持的区域。
access_key:密钥 ID,即 AK。查询方法请参见访问密钥。
secret_key:访问密钥,即 SK。查询方法请参见访问密钥。
在系统环境变量中添加 AK/SK 信息
export HW_REGION_NAME="cn-north-1"export HW_ACCESS_KEY="my-access-key"export HW_SECRET_KEY="my-secret-key"
复制代码
更多配置参数请参考:https://registry.terraform.io/providers/huaweicloud/huaweicloud/latest/docs
安装华为云 provider
下载华为云 provider:https://github.com/huaweicloud/terraform-provider-huaweicloud/releases
如何加速下载华为云 provider:https://support.huaweicloud.com/terraform_faq/index.html
准备 terraform 配置文件
准备 provider 的 version 文件,huaweicloud 为本地安装,kubernetes 在线安装
terraform { required_version = ">= 0.13"
required_providers { huaweicloud = { source = "local-registry/huaweicloud/huaweicloud" version = ">= 1.60.1" } kubernetes = { source = "hashicorp/kubernetes" version = ">= 2.24.0" } }}
复制代码
准备 provider 需要的 auth 文件,mycluster 是资源名称,请替换为实际值
provider "huaweicloud" { region = "cn-north-4" access_key = "***" #AK secret_key = "***" #SK}
provider "kubernetes" { host = huaweicloud_cce_cluster.mycluster.certificate_clusters[0].server cluster_ca_certificate = "${base64decode(huaweicloud_cce_cluster.mycluster.certificate_clusters[0].certificate_authority_data)}" client_key = "${base64decode(huaweicloud_cce_cluster.mycluster.certificate_users[0].client_key_data)}" client_certificate = "${base64decode(huaweicloud_cce_cluster.mycluster.certificate_users[0].client_certificate_data)}"}
复制代码
准备需要创建的 CCE 资源文件
variable cce_node_password { description = "node password" type = string nullable = "false" sensitive = "true" #不显示输入的密码}//创建vpcresource "huaweicloud_vpc" "myvpc" { name = "vpc" cidr = "172.16.0.0/16"}
//创建子网resource "huaweicloud_vpc_subnet" "mysubnet" { name = "subnet" cidr = "172.16.0.0/16" gateway_ip = "172.16.0.1"
//设置VPC的DNS信息 primary_dns = "100.125.1.250" secondary_dns = "100.125.21.250" vpc_id = huaweicloud_vpc.myvpc.id}
//创建CCE集群resource "huaweicloud_cce_cluster" "mycluster" { name = "terraform-cce" flavor_id = "cce.s1.small" vpc_id = huaweicloud_vpc.myvpc.id subnet_id = huaweicloud_vpc_subnet.mysubnet.id container_network_type = "vpc-router" container_network_cidr = "10.128.0.0/10" kube_proxy_mode = "iptables"}
//创建节点池resource "huaweicloud_cce_node_pool" "node_pool" { cluster_id = huaweicloud_cce_cluster.mycluster.id name = "test-pool" subnet_id = huaweicloud_vpc_subnet.mysubnet.id os = "Huawei Cloud EulerOS 2.0" initial_node_count = 2 #节点池初始节点数 flavor_id = "c7.large.2" availability_zone = "cn-north-4a" password = var.cce_node_password scall_enable = true #开启弹性伸缩 min_node_count = 1 max_node_count = 10 scale_down_cooldown_time = 100 priority = 1 type = "vm"
root_volume { size = 40 volumetype = "SAS" } data_volumes { size = 100 volumetype = "SAS" } labels = { //key = value test = "test" }
taints { key = "test" value = "test" effect = "NoSchedule" }
}
data "huaweicloud_cce_addon_template" "metrics-server" { name = "metrics-server" cluster_id = huaweicloud_cce_cluster.mycluster.id version = "1.3.12"}
//安装CCE插件metric-serverresource "huaweicloud_cce_addon" "metrics-server" { cluster_id = huaweicloud_cce_cluster.mycluster.id template_name = "metrics-server" version = "1.3.12" values { basic = jsondecode(data.huaweicloud_cce_addon_template.metrics-server.spec).basic custom_json = jsonencode( { tolerations = [{ key = "test" operator = "Exists" }] }) flavor_json = jsonencode({ replicas = 1 resources = [{ limitsCpu = "1000m" limitsMem = "1000Mi" requestsCpu = "200m" requestsMem = "400Mi" }] }) }}
复制代码
准备需要创建的 kubernetes 资源文件
resource "kubernetes_deployment_v1" "example" { metadata { name = "terraform-example" labels = { test = "MyExampleApp" } }
spec { replicas = 1
selector { match_labels = { test = "MyExampleApp" } }
template { metadata { labels = { test = "MyExampleApp" } }
spec { container { image = "nginx:1.17.4" name = "example"
resources { limits = { cpu = "0.5" memory = "512Mi" } requests = { cpu = "250m" memory = "50Mi" } }
liveness_probe { http_get { path = "/" port = 80 } } } toleration { key = "test" operator = "Exists" } } } }}resource "kubernetes_service_v1" "example" { metadata { name = "terraform-example" } spec { selector = { test = "MyExampleApp" } port { port = 80 target_port = 80 }
type = "ClusterIP" }}
复制代码
使用命令创建以上资源
terraform init #初始化providerterraform plan #查看计划terraform apply -auto-approve #执行计划
复制代码
效果展示
集群信息展示
节点池展示
CCE 插件展示
kubernetes 资源展示
点击关注,第一时间了解华为云新鲜技术~
评论