阿里云容器服务ACK使用Terraform创建ACK Serverless集群-云淘科技

前提条件

• 已安装Terraform。

  说明

  请确认Terraform版本不低于v0.12.28，可通过terraform –version命令查看Terraform版本。

  • Cloud Shell默认安装配置了Terraform和阿里云账号信息，无需任何额外配置。

  • 如果您不使用Cloud Shell，关于安装Terraform的方式，请参见在本地安装和配置Terraform。

• 配置阿里云账号信息。

  创建环境变量，用于存放身份认证信息。

  export ALICLOUD_ACCESS_KEY="************"   #替换为阿里云账号的AK信息。
  export ALICLOUD_SECRET_KEY="************"   #替换为阿里云账号的SK信息。
  export ALICLOUD_REGION="cn-beijing"         #替换为您集群所在的地域。

  说明

  为提高权限管理的灵活性和安全性，建议您创建名为Terraform的RAM用户，并为该RAM用户创建AccessKey和授权。具体操作，请参见创建RAM用户和为RAM用户授权。

使用Terraform创建ACK Serverless集群

1. 创建一个工作目录，并且在工作目录中创建以下名为main.tf的配置文件。

   main.tf文件描述了以下Terraform配置：

   • 创建一个新的VPC，并创建一个该VPC下的vSwitch。

   • 创建一个ACK Serverless集群。

   provider "alicloud" {
   }
   
   variable "k8s_name_prefix" {
     description = "The name prefix used to create ASK cluster."
     default     = "ask-example"
   }
   
   resource "random_uuid" "this" {}
   # 默认资源名称。
   locals {
     k8s_name_ask = substr(join("-", [var.k8s_name_prefix,"ask"]), 0, 63)
     new_vpc_name = "tf-vpc-172-16"
     new_vsw_name = "tf-vswitch-172-16-0"
   }
   
   data "alicloud_eci_zones" "default" {}
   
   resource "alicloud_vpc" "vpc" {
     vpc_name   = local.new_vpc_name
     cidr_block = "172.16.0.0/12"
   }
   
   resource "alicloud_vswitch" "vsw" {
     vswitch_name      = local.new_vsw_name
       vpc_id          = alicloud_vpc.vpc.id
       cidr_block      = cidrsubnet(alicloud_vpc.vpc.cidr_block, 8, 8)
   }
   
   
   resource "alicloud_cs_serverless_kubernetes" "serverless" {
     name                           = local.k8s_name_ask
     version                        = "1.22.10-aliyun.1"    #替换为您所需创建的集群版本。
     cluster_spec                   = "ack.pro.small"
     vpc_id                         = alicloud_vpc.vpc.id
     vswitch_ids                    = split(",", join(",", alicloud_vswitch.vsw.*.id))
     new_nat_gateway                = true
     endpoint_public_access_enabled = true
     deletion_protection            = false
   
     # 通过RRSA配置ServiceAccount。
     enable_rrsa                    = true
   
     load_balancer_spec             = "slb.s2.small"
     time_zone                      = "Asia/Shanghai"
     service_cidr                   = "10.13.0.0/16"
     service_discovery_types        = ["CoreDNS"]
   
     # 开启日志服务, 会自动创建一个名为k8s-log-{ClusterID} 的Project。
     logging_type                   = "SLS"
     # 选择已有的SLS Project。
     # sls_project_name             = ""
   
     # tags
   
   
     # addons
   
     addons {
     name   = "nginx-ingress-controller"
     # 使用Internet。
     config = "{\"IngressSlbNetworkType\":\"internet\",\"IngressSlbSpec\":\"slb.s2.small\"}"
     # 如果使用Intranet, 配置如下。
     # config = "{\"IngressSlbNetworkType\":\"intranet\",\"IngressSlbSpec\":\"slb.s2.small\"}"
   }
   
     addons {
       name = "metrics-server"
     }
     addons {
       name = "knative"
     }
   }

2. 执行以下命令初始化Terraform运行环境。

   terraform init

   预期输出：

   Initializing the backend...
   
   Initializing provider plugins...
   - Checking for available provider plugins...
   - Downloading plugin for provider "alicloud" (hashicorp/alicloud) 1.184.0...
   ...
   
   You may now begin working with Terraform. Try running "terraform plan" to see
   any changes that are required for your infrastructure. All Terraform commands
   should now work.
   
   If you ever set or change modules or backend configuration for Terraform,
   rerun this command to reinitialize your working directory. If you forget, other
   commands will detect it and remind you to do so if necessary.

3. 执行以下命令生成资源规划。

   terraform plan

   预期输出：

   Refreshing Terraform state in-memory prior to plan...
   The refreshed state will be used to calculate this plan, but will not be
   persisted to local or remote state storage.
   ...
   Plan: 4 to add, 0 to change, 0 to destroy. 
   ...

4. 执行以下命令创建集群。

   terraform apply

   预期输出：

   ...
   Do you want to perform these actions?
     Terraform will perform the actions described above.
     Only 'yes' will be accepted to approve.
   
     Enter a value: yes
   ...
   alicloud_cs_serverless_kubernetes.serverless: Creation complete after 8m26s [id=************]
   
   Apply complete! Resources: 4 added, 0 changed, 0 destroyed.

使用Terraform删除ACK Serverless集群

您可以通过执行以下命令，删除通过Terraform创建的ACK Serverless集群。

terraform destroy

预期输出：

...
Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes
...
Destroy complete! Resources: 4 destroyed.

相关文档

• OpenAPI开发者门户

• 阿里云容器服务Terraform资源

• 阿里云Terraform Provider