使用Terraform建立托管版Kubernetes
目前,阿里云容器服务已经能够建立托管版Kubernetes集群了。相比于默认的Kubernetes集群,托管版本会主动替您运维一套高可用的Master组件,免去了默认版本集群中三个节点,从而节约所需的资金成本及维护时的人力成本。在容器服务控制台,咱们为您提供了便捷使用的可视界面一步一步引导式地建立该类型集群。但当您须要反复建立托管版集群,大批量建立集群,或者您就是天生抗拒控制台手工操做的那一类人,能够了解并尝试使用一下Terraform了。html
Terraform是一款Infrastructure做为Code的工具,能够将云端资源代码化。关于Terraform的基本介绍本文再也不赘述,有兴趣的同窗能够参考“云生态下的基础架构资源管理利器Terraform”等云栖社区的优秀文章。目前咱们一直在支持阿里云Terraform Provider,已经实现了阿里云上面绝大部分的云产品的对接。node
在2018年圣诞节来临以前,阿里云Terraform Provider已经发布v1.26.0版本,其中已经支持了建立托管版Kubernetes集群,下面咱们来一块儿看下如何实现命令行快速部署一个这样的集群。git
建立托管版Kubernetes集群
首先咱们打开“阿里云Terraform Provider文档 - 托管版Kubernetes”的帮助文档,能够看到该资源资源提供的参数列表。参数分参入参数和出参属性。入参列表内包含了必填参数以及可选参数,例如name和name_prefix就是一对必填参写,但它们互斥,即不能同时填写。若是填了名,集群名就是名的值,若是填了name_prefix,集群名会以name_prefix开头自动生成一个。咱们对照文档中的参数列表Argument Reference,先草拟出一个集群的描述,为了方便起见,我把填写每一个参数的理由都注释在代码中。github
# 引入阿里云 Terraform Provider
provider "alicloud" {
# 填入您的帐号 Access Key
access_key = "FOO"
# 填入您的帐号 Secret Key
secret_key = "BAR"
# 填入想建立的 Region
region = "cn-hangzhou"
# 可选参数,默认不填就使用最新版本
version = "v1.26.0"
}
# 必要的资源标识
# alicloud_cs_managed_kubernetes 代表是托管版 Kubernetes 集群
# k8s 表明该资源实例的名称
resource "alicloud_cs_managed_kubernetes" "k8s" {
# 集群名称,能够带中划线,一个帐户内的集群名称不能相同
name = "test-managed-kubernetes"
# 能够从 ECS 控制台上面查询到可用区信息,以及对应的 ECS 实例类型库存
# 如下表明 Worker 节点将部署在 cn-hangzhou-h 这个可用区,采用 ecs.c5.xlarge 这个机型。
availability_zone = "cn-hangzhou-h"
worker_instance_types = ["ecs.c5.xlarge"]
# 配置该集群 Worker 节点数为 2 个,该数字后续能够再扩容
worker_numbers = [2]
# Worker 节点使用高效云盘
worker_disk_category = "cloud_efficiency"
# 默认为 true,会在 VPC 内建立一个 Nat 网关用于 ECS 连上互联网
new_nat_gateway = true
# 配置全部 ECS 的默认 Root 密码,此处也能够用密钥对 key_name 代替,但须要提早建立
password = "Test12345"
# Kubernetes 集群内全部 Pod 使用的子网网段,不能与 service_cidr 和 ECS 所在网段冲突
# 默认建立的 VPC 是 192.168.0.0/16 这个网段内的,因此 pod_cidr 和 service_cidr 可使用 172 网段
# 请参考 VPC下 Kubernetes 的网络地址段规划
pod_cidr = "172.20.0.0/16"
service_cidr = "172.21.0.0/20"
# 安装云监控插件
install_cloud_monitor = true
}
咱们能够将以上的配置保存为一个main.tf描述文件,在该文件的当前目录下执行terraform init和terraform apply。网络
xh4n3@xh4n3:~/ops/terraform-example% terraform init --get-plugins=true -upgrade
Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
- Downloading plugin for provider "alicloud" (1.26.0)...
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
xh4n3@xh4n3:~/ops/terraform-example% terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ alicloud_cs_managed_kubernetes.k8s
id: <computed>
availability_zone: "cn-hangzhou-h"
install_cloud_monitor: "true"
name: "test-managed-kubernetes"
name_prefix: "Terraform-Creation"
new_nat_gateway: "true"
password: <sensitive>
pod_cidr: "172.20.0.0/16"
security_group_id: <computed>
service_cidr: "172.21.0.0/20"
vpc_id: <computed>
vswitch_ids.#: <computed>
worker_disk_category: "cloud_efficiency"
worker_disk_size: "40"
worker_instance_charge_type: "PostPaid"
worker_instance_types.#: "1"
worker_instance_types.0: "ecs.c5.xlarge"
worker_nodes.#: <computed>
worker_numbers.#: "1"
worker_numbers.0: "2"
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:
从上述日志中能够看到,terraform init会把咱们用到的提供者插件下载好,terraform apply会根据咱们的main.tf描述文件计算出须要执行的操做,上述显示将会建立一个alicloud_cs_managed_kubernetes.k8s的资源,须要咱们输入是来确认建立。确认建立后,建立大约会耗时五分钟,terraform会输出相似下面的日志。架构
# 以上省略 Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_cs_managed_kubernetes.k8s: Creating... availability_zone: "" => "cn-hangzhou-h" install_cloud_monitor: "" => "true" name: "" => "test-managed-kubernetes" name_prefix: "" => "Terraform-Creation" new_nat_gateway: "" => "true" password: "<sensitive>" => "<sensitive>" pod_cidr: "" => "172.20.0.0/16" security_group_id: "" => "<computed>" service_cidr: "" => "172.21.0.0/20" vpc_id: "" => "<computed>" vswitch_ids.#: "" => "<computed>" worker_disk_category: "" => "cloud_efficiency" worker_disk_size: "" => "40" worker_instance_charge_type: "" => "PostPaid" worker_instance_types.#: "" => "1" worker_instance_types.0: "" => "ecs.c5.xlarge" worker_nodes.#: "" => "<computed>" worker_numbers.#: "" => "1" worker_numbers.0: "" => "2" alicloud_cs_managed_kubernetes.k8s: Still creating... (10s elapsed) alicloud_cs_managed_kubernetes.k8s: Still creating... (20s elapsed) alicloud_cs_managed_kubernetes.k8s: Still creating... (30s elapsed) # 以上省略 alicloud_cs_managed_kubernetes.k8s: Creation complete after 6m5s (ID: cc54df7d990a24ed18c1e0ebacd36418c) Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
当出现申请完成!资源:1添加字样的时候,集群已经成功建立,此时咱们也能够登陆控制台后在控集群列表中看到集群。app
修改托管版Kubernetes集群
在Terraform Provider中,咱们提供了一部分参数的修改能力,通常状况下,全部非Force New Resouce(强制新建资源)的参数均可以被修改。下面咱们修改部分参数,注释内容为更新的项目。运维
provider "alicloud" {
access_key = "FOO"
secret_key = "BAR"
region = "cn-hangzhou"
version = "v1.26.0"
}
resource "alicloud_cs_managed_kubernetes" "k8s" {
# 更换集群的名称为 test-managed-kubernetes-updated
name = "test-managed-kubernetes-updated"
availability_zone = "cn-hangzhou-h"
worker_instance_types = ["ecs.c5.xlarge"]
# 修改 worker_numbers 为 3,能够扩容一个 worker 节点
worker_numbers = [3]
worker_disk_category = "cloud_efficiency"
new_nat_gateway = true
password = "Test12345"
pod_cidr = "172.20.0.0/16"
service_cidr = "172.21.0.0/20"
install_cloud_monitor = true
# 导出集群的链接配置文件到 /tmp 目录
kube_config = "/tmp/config"
# 导出集群的证书相关文件到 /tmp 目录,下同
client_cert = "/tmp/client-cert.pem"
client_key = "/tmp/client-key.pem"
cluster_ca_cert = "/tmp/cluster-ca-cert.pem"
}
同建立集群同样,修改集群时使用的命令也是terraform apply。执行后咱们获得如下日志输出,输入是并回车,咱们就能够把该集群的名称改成test-managed-kubernetes-updated,worker节点扩容至3节点,同时将导出证书和链接文件到本机的/ tmp目录。ide
xh4n3@xh4n3:~/ops/terraform-example% terraform apply
alicloud_cs_managed_kubernetes.k8s: Refreshing state... (ID: cc54df7d990a24ed18c1e0ebacd36418c)
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
~ alicloud_cs_managed_kubernetes.k8s
client_cert: "" => "/tmp/client-cert.pem"
client_key: "" => "/tmp/client-key.pem"
cluster_ca_cert: "" => "/tmp/cluster-ca-cert.pem"
kube_config: "" => "/tmp/config"
name: "test-managed-kubernetes" => "test-managed-kubernetes-updated"
worker_numbers.0: "2" => "3"
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
alicloud_cs_managed_kubernetes.k8s: Modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c)
client_cert: "" => "/tmp/client-cert.pem"
client_key: "" => "/tmp/client-key.pem"
cluster_ca_cert: "" => "/tmp/cluster-ca-cert.pem"
kube_config: "" => "/tmp/config"
name: "test-managed-kubernetes" => "test-managed-kubernetes-updated"
worker_numbers.0: "2" => "3"
alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 10s elapsed)
alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 20s elapsed)
alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 30s elapsed)
# 以上省略
alicloud_cs_managed_kubernetes.k8s: Modifications complete after 4m4s (ID: cc54df7d990a24ed18c1e0ebacd36418c)
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Terraform适用于运行成功后,控制台中显示的集群信息已经代表如今集群已经变成了咱们指望的状态。在本机上,咱们也经过导出的链接文件,用kubectl链接到集群。工具
附录
控制台建立托管版Kubernetes集群帮助文档
https://help.aliyun.com/document_detail/95108.html
云生态下的基础架构资源管理利器Terraform
https://yq.aliyun.com/articles/215592
阿里云Terraform提供者代码库
https://github.com/terraform-providers/terraform-provider-alicloud
阿里云Terraform提供商文档
https://www.terraform.io/docs/providers/alicloud/index.html
阿里云Terraform Provider文档 -托管版Kubernetes
https://www.terraform.io/docs/providers/alicloud/r/cs_managed_kubernetes.html
VPC下Kubernetes的网络地址段规划
https://help.aliyun.com/document_detail/86500.html
Terraform部署容器服务Kubernetes集群及WordPress的应用
https://yq.aliyun.com/articles/641627
本文做者:予栖.
本文为云栖社区原创内容,未经容许不得转载。
- 1. 使用 Terraform 创建托管版 Kubernetes
- 2. Terraform与Kubernetes
- 3. 建立SVN代码托管
- 4. Docker Kubernetes 建立管理 Deployment
- 5. 托管Kubernetes平台综述
- 6. electron 建立托盘应用
- 7. ubuntu kubernetes中使用NFS建立pv_pvc
- 8. 使用Kubernetes和Jenkins建立CI/CD pipeline
- 9. 121. kubernetes中使用NFS建立pv_pvc
- 10. 使用kubeadm建立Kubernetes集群
- 更多相关文章...
- • SVN 创建版本库 - SVN 教程
- • TortoiseSVN 使用教程 - SVN 教程
- • 委托模式
- • Composer 安装与使用
-
每一个你不满意的现在,都有一个你没有努力的曾经。