使用Terraform建立託管版Kubernetes

時間 2019-11-09

標籤使用 terraform 建立託管 kubernetes 简体版

原文原文鏈接

目前，阿里雲容器服務已經能夠建立託管版Kubernetes集羣了。相比於默認的Kubernetes集羣，託管版本會主動替您運維一套高可用的Master組件，免去了默認版本集羣中三個節點，從而節約所需的資金成本及維護時的人力成本。在容器服務控制檯，咱們爲您提供了便捷使用的可視界面一步一步引導式地建立該類型集羣。但當您須要反覆建立託管版集羣，大批量建立集羣，或者您就是天生抗拒控制檯手工操做的那一類人，能夠了解並嘗試使用一下Terraform了。html

Terraform是一款Infrastructure做爲Code的工具，能夠將雲端資源代碼化。關於Terraform的基本介紹本文再也不贅述，有興趣的同窗能夠參考「雲生態下的基礎架構資源管理利器Terraform」等雲棲社區的優秀文章。目前咱們一直在支持阿里雲Terraform Provider，已經實現了阿里雲上面絕大部分的雲產品的對接。node

在2018年聖誕節來臨以前，阿里雲Terraform Provider已經發布v1.26.0版本，其中已經支持了建立託管版Kubernetes集羣，下面咱們來一塊兒看下如何實現命令行快速部署一個這樣的集羣。git

建立託管版Kubernetes集羣

首先咱們打開「阿里雲Terraform Provider文檔 - 託管版Kubernetes」的幫助文檔，能夠看到該資源資源提供的參數列表。參數分參入參數和出參屬性。入參列表內包含了必填參數以及可選參數，例如name和name_prefix就是一對必填參寫，但它們互斥，即不能同時填寫。若是填了名，集羣名就是名的值，若是填了name_prefix，集羣名會以name_prefix開頭自動生成一個。咱們對照文檔中的參數列表Argument Reference，先草擬出一個集羣的描述，爲了方便起見，我把填寫每一個參數的理由都註釋在代碼中。github

# 引入阿里雲 Terraform Provider
provider "alicloud" {
  # 填入您的帳號 Access Key
  access_key = "FOO"
  # 填入您的帳號 Secret Key
  secret_key = "BAR"
  # 填入想建立的 Region
  region     = "cn-hangzhou"
  # 可選參數，默認不填就使用最新版本
  version    = "v1.26.0"
}

# 必要的資源標識
# alicloud_cs_managed_kubernetes 代表是託管版 Kubernetes 集羣
# k8s 表明該資源實例的名稱
resource "alicloud_cs_managed_kubernetes" "k8s" {
  # 集羣名稱，能夠帶中劃線，一個帳戶內的集羣名稱不能相同
  name = "test-managed-kubernetes"
  # 能夠從 ECS 控制檯上面查詢到可用區信息，以及對應的 ECS 實例類型庫存
  # 如下表明 Worker 節點將部署在 cn-hangzhou-h 這個可用區，採用 ecs.c5.xlarge 這個機型。
  availability_zone = "cn-hangzhou-h"
  worker_instance_types = ["ecs.c5.xlarge"]
  # 配置該集羣 Worker 節點數爲 2 個，該數字後續能夠再擴容
  worker_numbers = [2]
  # Worker 節點使用高效雲盤
  worker_disk_category  = "cloud_efficiency"
  # 默認爲 true，會在 VPC 內建立一個 Nat 網關用於 ECS 連上互聯網
  new_nat_gateway = true
  # 配置全部 ECS 的默認 Root 密碼，此處也能夠用密鑰對 key_name 代替，但須要提早建立
  password = "Test12345"
  # Kubernetes 集羣內全部 Pod 使用的子網網段，不能與 service_cidr 和 ECS 所在網段衝突
  # 默認建立的 VPC 是 192.168.0.0/16 這個網段內的，因此 pod_cidr 和 service_cidr 可使用 172 網段
  # 請參考 VPC下 Kubernetes 的網絡地址段規劃
  pod_cidr = "172.20.0.0/16"
  service_cidr = "172.21.0.0/20"
  # 安裝雲監控插件
  install_cloud_monitor = true
}

咱們能夠將以上的配置保存爲一個main.tf描述文件，在該文件的當前目錄下執行terraform init和terraform apply。網絡

xh4n3@xh4n3:~/ops/terraform-example% terraform init --get-plugins=true -upgrade

Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
- Downloading plugin for provider "alicloud" (1.26.0)...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

xh4n3@xh4n3:~/ops/terraform-example% terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + alicloud_cs_managed_kubernetes.k8s
      id:                          <computed>
      availability_zone:           "cn-hangzhou-h"
      install_cloud_monitor:       "true"
      name:                        "test-managed-kubernetes"
      name_prefix:                 "Terraform-Creation"
      new_nat_gateway:             "true"
      password:                    <sensitive>
      pod_cidr:                    "172.20.0.0/16"
      security_group_id:           <computed>
      service_cidr:                "172.21.0.0/20"
      vpc_id:                      <computed>
      vswitch_ids.#:               <computed>
      worker_disk_category:        "cloud_efficiency"
      worker_disk_size:            "40"
      worker_instance_charge_type: "PostPaid"
      worker_instance_types.#:     "1"
      worker_instance_types.0:     "ecs.c5.xlarge"
      worker_nodes.#:              <computed>
      worker_numbers.#:            "1"
      worker_numbers.0:            "2"

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value:

從上述日誌中能夠看到，terraform init會把咱們用到的提供者插件下載好，terraform apply會根據咱們的main.tf描述文件計算出須要執行的操做，上述顯示將會建立一個alicloud_cs_managed_kubernetes.k8s的資源，須要咱們輸入是來確認建立。確認建立後，建立大約會耗時五分鐘，terraform會輸出相似下面的日誌。架構

# 以上省略
Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

alicloud_cs_managed_kubernetes.k8s: Creating...
  availability_zone:           "" => "cn-hangzhou-h"
  install_cloud_monitor:       "" => "true"
  name:                        "" => "test-managed-kubernetes"
  name_prefix:                 "" => "Terraform-Creation"
  new_nat_gateway:             "" => "true"
  password:                    "<sensitive>" => "<sensitive>"
  pod_cidr:                    "" => "172.20.0.0/16"
  security_group_id:           "" => "<computed>"
  service_cidr:                "" => "172.21.0.0/20"
  vpc_id:                      "" => "<computed>"
  vswitch_ids.#:               "" => "<computed>"
  worker_disk_category:        "" => "cloud_efficiency"
  worker_disk_size:            "" => "40"
  worker_instance_charge_type: "" => "PostPaid"
  worker_instance_types.#:     "" => "1"
  worker_instance_types.0:     "" => "ecs.c5.xlarge"
  worker_nodes.#:              "" => "<computed>"
  worker_numbers.#:            "" => "1"
  worker_numbers.0:            "" => "2"
alicloud_cs_managed_kubernetes.k8s: Still creating... (10s elapsed)
alicloud_cs_managed_kubernetes.k8s: Still creating... (20s elapsed)
alicloud_cs_managed_kubernetes.k8s: Still creating... (30s elapsed)
# 以上省略
alicloud_cs_managed_kubernetes.k8s: Creation complete after 6m5s (ID: cc54df7d990a24ed18c1e0ebacd36418c)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

當出現申請完成！資源：1添加字樣的時候，集羣已經成功建立，此時咱們也能夠登陸控制檯後在控集羣列表中看到集羣。app

修改託管版Kubernetes集羣

在Terraform Provider中，咱們提供了一部分參數的修改能力，通常狀況下，全部非Force New Resouce（強制新建資源）的參數均可以被修改。下面咱們修改部分參數，註釋內容爲更新的項目。運維

provider "alicloud" {
  access_key = "FOO"
  secret_key = "BAR"
  region     = "cn-hangzhou"
  version    = "v1.26.0"
}

resource "alicloud_cs_managed_kubernetes" "k8s" {
  # 更換集羣的名稱爲 test-managed-kubernetes-updated
  name = "test-managed-kubernetes-updated"
  availability_zone = "cn-hangzhou-h"
  worker_instance_types = ["ecs.c5.xlarge"]
  # 修改 worker_numbers 爲 3，能夠擴容一個 worker 節點
  worker_numbers = [3]
  worker_disk_category  = "cloud_efficiency"
  new_nat_gateway = true
  password = "Test12345"
  pod_cidr = "172.20.0.0/16"
  service_cidr = "172.21.0.0/20"
  install_cloud_monitor = true
  # 導出集羣的鏈接配置文件到 /tmp 目錄
  kube_config = "/tmp/config"
  # 導出集羣的證書相關文件到 /tmp 目錄，下同
  client_cert = "/tmp/client-cert.pem"
  client_key = "/tmp/client-key.pem"
  cluster_ca_cert = "/tmp/cluster-ca-cert.pem"
}

同建立集羣同樣，修改集羣時使用的命令也是terraform apply。執行後咱們獲得如下日誌輸出，輸入是並回車，咱們就能夠把該集羣的名稱改成test-managed-kubernetes-updated，worker節點擴容至3節點，同時將導出證書和鏈接文件到本機的/ tmp目錄。ide

xh4n3@xh4n3:~/ops/terraform-example% terraform apply
alicloud_cs_managed_kubernetes.k8s: Refreshing state... (ID: cc54df7d990a24ed18c1e0ebacd36418c)

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ~ alicloud_cs_managed_kubernetes.k8s
      client_cert:      "" => "/tmp/client-cert.pem"
      client_key:       "" => "/tmp/client-key.pem"
      cluster_ca_cert:  "" => "/tmp/cluster-ca-cert.pem"
      kube_config:      "" => "/tmp/config"
      name:             "test-managed-kubernetes" => "test-managed-kubernetes-updated"
      worker_numbers.0: "2" => "3"

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

alicloud_cs_managed_kubernetes.k8s: Modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c)
  client_cert:      "" => "/tmp/client-cert.pem"
  client_key:       "" => "/tmp/client-key.pem"
  cluster_ca_cert:  "" => "/tmp/cluster-ca-cert.pem"
  kube_config:      "" => "/tmp/config"
  name:             "test-managed-kubernetes" => "test-managed-kubernetes-updated"
  worker_numbers.0: "2" => "3"
alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 10s elapsed)
alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 20s elapsed)
alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 30s elapsed)
# 以上省略
alicloud_cs_managed_kubernetes.k8s: Modifications complete after 4m4s (ID: cc54df7d990a24ed18c1e0ebacd36418c)

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Terraform適用於運行成功後，控制檯中顯示的集羣信息已經代表如今集羣已經變成了咱們指望的狀態。在本機上，咱們也經過導出的鏈接文件，用kubectl鏈接到集羣。工具