CodeSample小助手 2020-01-09
我们参考阿里云托管版Kubernetes Terraform资源文档 alicloud_cs_managed_kubernetes,可以看到该资源Resource提供的参数列表。参数分为入参Argument和出参Attributes。入参列表内包含了必填参数以及可选参数,例如name和name_prefix就是一对必填参数,但它们互斥,即不能同时填写。如果填了name,集群名就是name的值,如果填了name_prefix,集群名会以name_prefix开头自动生成一个。
provider "alicloud" {
}
# 默认资源名称
variable "name" {
default = "my-first-kubernetes-demo"
}
# 日志服务项目名称
variable "log_project_name" {
default = "my-first-kubernetes-sls-demo"
}
# 可用区
data "alicloud_zones" default {
available_resource_creation = "VSwitch"
}
# 节点ECS实例配置
data "alicloud_instance_types" "default" {
availability_zone = data.alicloud_zones.default.zones[0].id
cpu_core_count = 2
memory_size = 4
kubernetes_node_role = "Worker"
}
# 专有网络
resource "alicloud_vpc" "default" {
name = var.name
cidr_block = "10.1.0.0/21"
}
# 交换机
resource "alicloud_vswitch" "default" {
name = var.name
vpc_id = alicloud_vpc.default.id
cidr_block = "10.1.1.0/24"
availability_zone = data.alicloud_zones.default.zones[0].id
}
# 日志服务
resource "alicloud_log_project" "log" {
name = var.log_project_name
description = "created by terraform for managedkubernetes cluster"
}
# kubernetes托管版
resource "alicloud_cs_managed_kubernetes" "default" {
# kubernetes集群名称的前缀。与name冲突。如果指定,terraform将使用它来构建唯一的集群名称。默认为“ Terraform-Creation”。
name_prefix = var.name
# 新的kubernetes集群将位于的区域。
availability_zone = data.alicloud_zones.default.zones[0].id
# 新的kubernetes集群将位于的vswitch。指定一个或多个vswitch的ID。它必须在availability_zone指定的区域中
vswitch_ids = [alicloud_vswitch.default.id]
# 是否在创建kubernetes集群时创建新的nat网关。默认为true。
new_nat_gateway = true
# 节点的ECS实例类型。为单个AZ集群指定一种类型,为MultiAZ集群指定三种类型。您可以通过数据源instance_types获得可用的kubernetes主节点实例类型
worker_instance_types = [data.alicloud_instance_types.default.instance_types[0].id]
# kubernetes群集的总工作节点数。默认值为3。最大限制为50。
worker_number = 2
# ssh登录群集节点的密码。您必须指定一个password key_name kms_encrypted_password字段。
password = "Yourpassword1234"
# pod网络的CIDR块。当cluster_network_type设置为flanne,你必须设定值这一申请。它无法与VPC CIDR复制,并且不能与VPC中的Kubernetes群集使用的CIDR相同,也不能在创建后进行修改。群集中允许的最大主机数量:256。
pod_cidr = "172.20.0.0/16"
# 服务网络的CIDR块。它不能与VPC CIDR相同,不能与VPC中的Kubernetes群集使用的CIDR相同,也不能在创建后进行修改。
service_cidr = "172.21.0.0/20"
# 是否为kubernetes的节点安装云监控。
install_cloud_monitor = true
# 是否为API Server创建Internet负载均衡。默认为false。
slb_internet_enabled = true
# 节点的系统磁盘类别。其有效值为cloud_ssd和cloud_efficiency。默认为cloud_efficiency。
worker_disk_category = "cloud_efficiency"
# 节点的数据磁盘类别。其有效值为cloud_ssd和cloud_efficiency,如果未设置,将不会创建数据磁盘。
worker_data_disk_category = "cloud_ssd"
# 节点的数据磁盘大小。有效值范围[20〜32768],以GB为单位。当worker_data_disk_category被呈现,则默认为40。
worker_data_disk_size = 200
# 日志配置
log_config {
# 收集日志的类型,目前仅支持SLS。
type = "SLS"
# 日志服务项目名称,群集日志将输出到该项目
project = alicloud_log_project.log.name
}
}
$ terraform init
Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
- Downloading plugin for provider "alicloud" (1.26.0)...
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# alicloud_cs_managed_kubernetes.default will be created
+ resource "alicloud_cs_managed_kubernetes" "default" {
+ availability_zone = "cn-hangzhou-b"
+ force_update = false
+ id = (known after apply)
+ install_cloud_monitor = true
+ name = (known after apply)
+ name_prefix = "my-first-kubernetes-demo"
+ new_nat_gateway = true
+ password = (sensitive value)
+ pod_cidr = "172.20.0.0/16"
+ security_group_id = (known after apply)
+ service_cidr = "172.21.0.0/20"
+ slb_internet_enabled = true
+ vpc_id = (known after apply)
+ vswitch_ids = (known after apply)
+ worker_data_disk_category = "cloud_ssd"
+ worker_data_disk_size = 200
+ worker_disk_category = "cloud_efficiency"
+ worker_disk_size = 40
+ worker_instance_charge_type = "PostPaid"
+ worker_instance_types = [
+ "ecs.n1.medium",
]
+ worker_nodes = (known after apply)
+ worker_number = 2
+ log_config {
+ project = "my-first-kubernetes-sls-demo"
+ type = "SLS"
}
}
# alicloud_log_project.log will be created
+ resource "alicloud_log_project" "log" {
+ description = "created by terraform for managedkubernetes cluster"
+ id = (known after apply)
+ name = "my-first-kubernetes-sls-demo"
}
# alicloud_vpc.default will be created
+ resource "alicloud_vpc" "default" {
+ cidr_block = "10.1.0.0/21"
+ id = (known after apply)
+ name = "my-first-kubernetes-demo"
+ resource_group_id = (known after apply)
+ route_table_id = (known after apply)
+ router_id = (known after apply)
+ router_table_id = (known after apply)
}
# alicloud_vswitch.default will be created
+ resource "alicloud_vswitch" "default" {
+ availability_zone = "cn-hangzhou-b"
+ cidr_block = "10.1.1.0/24"
+ id = (known after apply)
+ name = "my-first-kubernetes-demo"
+ vpc_id = (known after apply)
}
Plan: 4 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
alicloud_vpc.default: Creating...
alicloud_log_project.log: Creating...
alicloud_log_project.log: Creation complete after 1s [id=my-first-kubernetes-sls-demo]
alicloud_vpc.default: Creation complete after 6s [id=vpc-bp1830x557ktabq******]
alicloud_vswitch.default: Creating...
alicloud_vswitch.default: Creation complete after 5s [id=vsw-bp1vb35pc7bvc0e*****]
alicloud_cs_managed_kubernetes.default: Creating...
alicloud_cs_managed_kubernetes.default: Still creating... [10s elapsed]
alicloud_cs_managed_kubernetes.default: Still creating... [20s elapsed]
alicloud_cs_managed_kubernetes.default: Still creating... [30s elapsed]
alicloud_cs_managed_kubernetes.default: Still creating... [40s elapsed]
alicloud_cs_managed_kubernetes.default: Still creating... [50s elapsed]
......
alicloud_cs_managed_kubernetes.k8s: Creation complete after 6m5s (ID: cc54df7d990a24ed18c1e0ebacd36418c)
Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
Apply complete! Resources: 4 added
字样的时候,集群已经成功创建,此时我们也可以登录控制台后在控集群列表中看到集群。
在Terraform Provider中,我们提供了一部分参数的修改能力,一般情况下,所有非Force New Resouce(强制新建资源)的参数都可以被修改。
resource "alicloud_cs_managed_kubernetes" "default" {
# 更换集群的名称为 test-managed-kubernetes-updated
name = "test-managed-kubernetes-updated"
availability_zone = data.alicloud_zones.default.zones[0].id
vswitch_ids = [alicloud_vswitch.default.id]
new_nat_gateway = true
worker_instance_types = [data.alicloud_instance_types.default.instance_types[0].id]
# 修改 worker_numbers 为 3,可以扩容一个 worker 节点
worker_number = 3
password = "Yourpassword1234"
pod_cidr = "172.20.0.0/16"
service_cidr = "172.21.0.0/20"
install_cloud_monitor = true
slb_internet_enabled = true
worker_disk_category = "cloud_efficiency"
worker_data_disk_category = "cloud_ssd"
worker_data_disk_size = 200
log_config {
type = "SLS"
project = alicloud_log_project.log.name
}
# 导出集群的连接配置文件到 /tmp 目录
kube_config = "/tmp/config"
# 导出集群的证书相关文件到 /tmp 目录,下同
client_cert = "/tmp/client-cert.pem"
client_key = "/tmp/client-key.pem"
cluster_ca_cert = "/tmp/cluster-ca-cert.pem"
}
$ terraform apply
alicloud_cs_managed_kubernetes.k8s: Refreshing state... (ID: cc54df7d990a24ed18c1e0ebacd36418c)
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
~ alicloud_cs_managed_kubernetes.k8s
client_cert: "" => "/tmp/client-cert.pem"
client_key: "" => "/tmp/client-key.pem"
cluster_ca_cert: "" => "/tmp/cluster-ca-cert.pem"
kube_config: "" => "/tmp/config"
name: "test-managed-kubernetes" => "test-managed-kubernetes-updated"
worker_numbers.0: "2" => "3"
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
alicloud_cs_managed_kubernetes.k8s: Modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c)
client_cert: "" => "/tmp/client-cert.pem"
client_key: "" => "/tmp/client-key.pem"
cluster_ca_cert: "" => "/tmp/cluster-ca-cert.pem"
kube_config: "" => "/tmp/config"
name: "test-managed-kubernetes" => "test-managed-kubernetes-updated"
worker_numbers.0: "2" => "3"
alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 10s elapsed)
alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 20s elapsed)
alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 30s elapsed)
......
alicloud_cs_managed_kubernetes.k8s: Modifications complete after 4m4s (ID: cc54df7d990a24ed18c1e0ebacd36418c)
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.