使用Terraform部署华为云和kubernetes资源

举报
可以交个朋友 发表于 2024/01/05 10:17:58 2024/01/05
【摘要】 使用terraform创建华为云CCE资源

Terraform概述

Terraform 是由 HashiCorp 创建的开源“基础架构即代码”工具。

作为一种声明式编码工具,Terraform 使开发人员能够使用一种称为 HCL(HashiCorp 配置语言)的高级配置语言来描述运行应用程序所需的“最终状态”云或本地基础设施。然后,它会生成一个达到该最终状态的计划,并执行该计划来供应基础设施。
image.png
terraform通过provider调用云厂商的API进行资源管理

安装terraform

Terraform是以二进制可执行文件发布,您只需下载terraform二进制文件,然后将terraform可执行文件添加到系统环境变量PATH中即可。下载连接

wget https://releases.hashicorp.com/terraform/1.6.6/terraform_1.6.6_linux_amd64.zip
unzip terraform_1.6.6_linux_amd64.zip
mv terraform /usr/local/bin/
terraform -version

配置认证

Terraform支持编排华为云上的各种云资源,使用Terraform管理华为云资源前,您需要获取AK/SK,并在Terraform上进行配置,从而认证鉴权。
您可以使用如下两种方式配置Terraform

  1. 在Terraform配置文件中添加AK/SK信息

    provider "huaweicloud" {
      region     = "cn-north-1"
      access_key = "my-access-key"
      secret_key = "my-secret-key"
    }
    

    region:区域,即需要创建管理哪个区域的资源。您可以在这里查询华为云支持的区域
    access_key:密钥ID,即AK。查询方法请参见访问密钥
    secret_key:访问密钥,即SK。查询方法请参见访问密钥

  2. 在系统环境变量中添加AK/SK信息

    export HW_REGION_NAME="cn-north-1"
    export HW_ACCESS_KEY="my-access-key"
    export HW_SECRET_KEY="my-secret-key"
    

更多配置参数请参考:https://registry.terraform.io/providers/huaweicloud/huaweicloud/latest/docs

安装华为云provider

下载华为云provider:https://github.com/huaweicloud/terraform-provider-huaweicloud/releases
如何加速下载华为云 provider:https://support.huaweicloud.cn/terraform_faq/index.html

准备terraform配置文件

  1. 准备provider的version文件,huaweicloud为本地安装,kubernetes在线安装
    terraform {
      required_version = ">= 0.13"
    
      required_providers {
        huaweicloud = {
          source = "local-registry/huaweicloud/huaweicloud"
          version = ">= 1.60.1"
        }
        kubernetes = {
          source = "hashicorp/kubernetes"
          version = ">= 2.24.0"
        }
      }
    }
    
  2. 准备provider需要的auth文件,mycluster是资源名称,请替换为实际值
    provider "huaweicloud" {
      region        = "cn-north-4"
      access_key     = "***"   #AK
      secret_key     = "***"   #SK
    }
    
    provider "kubernetes" {
      host                   = huaweicloud_cce_cluster.mycluster.certificate_clusters[0].server
      cluster_ca_certificate = "${base64decode(huaweicloud_cce_cluster.mycluster.certificate_clusters[0].certificate_authority_data)}"
      client_key             = "${base64decode(huaweicloud_cce_cluster.mycluster.certificate_users[0].client_key_data)}"
      client_certificate     = "${base64decode(huaweicloud_cce_cluster.mycluster.certificate_users[0].client_certificate_data)}"
    }
    
  3. 准备需要创建的CCE资源文件
    variable cce_node_password {
      description = "node password"
      type = string
      nullable = "false"
      sensitive = "true"  #不显示输入的密码
    }
    
    
    //创建vpc
    resource "huaweicloud_vpc" "myvpc" {
      name = "vpc"
      cidr = "172.16.0.0/16"
    }
    
    //创建子网
    resource "huaweicloud_vpc_subnet" "mysubnet" {
      name       = "subnet"
      cidr       = "172.16.0.0/16"
      gateway_ip = "172.16.0.1"
    
      //设置VPC的DNS信息
      primary_dns   = "100.125.1.250"
      secondary_dns = "100.125.21.250"
      vpc_id        = huaweicloud_vpc.myvpc.id
    }
    
    //创建CCE集群
    resource "huaweicloud_cce_cluster" "mycluster" {
      name                   = "terraform-cce"
      flavor_id              = "cce.s1.small"
      vpc_id                 = huaweicloud_vpc.myvpc.id
      subnet_id              = huaweicloud_vpc_subnet.mysubnet.id
      container_network_type = "vpc-router"
      container_network_cidr = "10.128.0.0/10"
      kube_proxy_mode        = "iptables"
    }
    
    //创建节点池
    resource "huaweicloud_cce_node_pool" "node_pool" {
      cluster_id               = huaweicloud_cce_cluster.mycluster.id
      name                     = "test-pool"
      subnet_id                = huaweicloud_vpc_subnet.mysubnet.id
      os                       = "Huawei Cloud EulerOS 2.0"
      initial_node_count       = 2    #节点池初始节点数
      flavor_id                = "c7.large.2"
      availability_zone        = "cn-north-4a"
      password                 = var.cce_node_password
      scall_enable             = true  #开启弹性伸缩
      min_node_count           = 1
      max_node_count           = 10
      scale_down_cooldown_time = 100
      priority                 = 1
      type                     = "vm"
    
      root_volume {
        size       = 40
        volumetype = "SAS"
      }
      data_volumes {
        size       = 100
        volumetype = "SAS"
      }
      labels = {
      //key         = value
        test        = "test"
      }
    
      taints {
        key = "test"
        value = "test"
        effect = "NoSchedule"
      }
    
    }
    
    data "huaweicloud_cce_addon_template" "metrics-server" {
      name = "metrics-server"
      cluster_id = huaweicloud_cce_cluster.mycluster.id
      version = "1.3.12"
    }
    
    //安装CCE插件metric-server
    resource "huaweicloud_cce_addon" "metrics-server" {
        cluster_id = huaweicloud_cce_cluster.mycluster.id
        template_name = "metrics-server"
        version = "1.3.12"
        values {
           basic  = jsondecode(data.huaweicloud_cce_addon_template.metrics-server.spec).basic
           custom_json = jsonencode(
                            {
                                tolerations = [{
                                    key      = "test"
                                    operator = "Exists"
                                }]
                            })
           flavor_json = jsonencode({
                             replicas = 1
                             resources = [{
                                 limitsCpu = "1000m"
                                 limitsMem = "1000Mi"
                                 requestsCpu = "200m"
                                 requestsMem = "400Mi"
                             }]
                         })
        }
    }
    
  4. 准备需要创建的kubernetes资源文件
    resource "kubernetes_deployment_v1" "example" {
      metadata {
        name = "terraform-example"
        labels = {
          test = "MyExampleApp"
        }
      }
    
      spec {
        replicas = 1
    
        selector {
          match_labels = {
            test = "MyExampleApp"
          }
        }
    
        template {
          metadata {
            labels = {
              test = "MyExampleApp"
            }
          }
    
          spec {
            container {
              image = "nginx:1.17.4"
              name  = "example"
    
              resources {
                limits = {
                  cpu    = "0.5"
                  memory = "512Mi"
                }
                requests = {
                  cpu    = "250m"
                  memory = "50Mi"
                }
              }
    
              liveness_probe {
                http_get {
                  path = "/"
                  port = 80
                }
              }
            }
            toleration {
              key      = "test"
              operator = "Exists"
            }
          }
        }
      }
    }
    
    
    resource "kubernetes_service_v1" "example" {
      metadata {
        name = "terraform-example"
      }
      spec {
        selector = {
          test = "MyExampleApp"
        }
        port {
          port        = 80
          target_port = 80
        }
    
        type = "ClusterIP"
      }
    }
    
  5. 使用命令创建以上资源
    terraform init   #初始化provider
    terraform plan   #查看计划
    terraform apply -auto-approve  #执行计划
    

效果展示

  1. 集群信息展示
    image.png
    image.png

  2. 节点池展示
    image.png
    image.png

  3. CCE插件展示
    image.png

  4. kubernetes资源展示
    image.png
    image.png

【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱: cloudbbs@huaweicloud.com
  • 点赞
  • 收藏
  • 关注作者

评论(0

0/1000
抱歉,系统识别当前为高风险访问,暂不支持该操作

全部回复

上滑加载中

设置昵称

在此一键设置昵称,即可参与社区互动!

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。