IaC基础设施即代码:Terraform 创建ACK集群 与部署应用
发布时间:2024年01月23日
目录
?
?
?
?一、实验
1.环境
(1)主机
表1-1 主机
| 主机 | 系统 | 软件 | 工具 | 备注 |
| jia | Windows? | Terraform 1.6.6 | VS Code、?PowerShell、?Chocolatey | ? |
?
2.Terraform 创建网络资源
(1)查看项目
(2)网络配置文件
network.tf?
//VPC 专有网络
resource "alicloud_vpc" "vpc" {
vpc_name = "k8s_vpc"
cidr_block = "172.16.0.0/12"
}
//switch 交换机
resource "alicloud_vswitch" "vsw" {
vpc_id = alicloud_vpc.vpc.id
cidr_block = "172.16.0.0/16"
zone_id = "cn-hangzhou-j"
}?
(3) 版本配置文件
versions.tf
terraform {
required_providers {
alicloud = {
source = "aliyun/alicloud"
version = "1.214.1"
}
}
}
# Configure the Alicloud Provider 默认供应商
provider "alicloud" {
access_key = var.access_key
secret_key = var.secret_key
region = "cn-hangzhou"
}
(4)变量配置文件
variables.tf
variable "access_key" {
description = "access_key"
}
variable "secret_key" {
description = "secret_key"
}
?
(5) 密钥配置文件
terraform.tfvars
?
(6)初始化
terraform init?
(7)格式化代码
terraform fmt?
(8)验证代码
terraform validate?
(9)计划与预览
terraform plan
?
(10)申请资源
terraform apply
?
(11)登录阿里云系统查看VPC
VPC已新增1个 (cn-hangzhou)
?
交换机已新增1个 (cn-hangzhou)
?
?
3. 阿里云给RAM添加权限
(1)AliyunCSFullAcess
(2)AliyunApiGatewayFullAcess
(3)NATGatewayFullAcess
?
4.Terraform 创建 ACK集群
(1)查看alicloud provider 示例
托管版K8S 示例
……
resource "alicloud_cs_managed_kubernetes" "k8s" {
name = var.name
cluster_spec = "ack.pro.small"
# version can not be defined in variables.tf.
version = "1.26.3-aliyun.1"
worker_vswitch_ids = length(var.vswitch_ids) > 0 ? split(",", join(",", var.vswitch_ids)) : length(var.vswitch_cidrs) < 1 ? [] : split(",", join(",", alicloud_vswitch.vswitches.*.id))
pod_vswitch_ids = length(var.terway_vswitch_ids) > 0 ? split(",", join(",", var.terway_vswitch_ids)) : length(var.terway_vswitch_cidrs) < 1 ? [] : split(",", join(",", alicloud_vswitch.terway_vswitches.*.id))
new_nat_gateway = true
node_cidr_mask = var.node_cidr_mask
proxy_mode = var.proxy_mode
service_cidr = var.service_cidr
dynamic "addons" {
for_each = var.cluster_addons
content {
name = lookup(addons.value, "name", var.cluster_addons)
config = lookup(addons.value, "config", var.cluster_addons)
}
}
}
(2) 修改主配置文件
main.tf
locals {
cluster_version = "1.26.3-aliyun.1"
service_cidr = "192.168.0.0/16"
pod_cidr = "10.212.0.0/16"
}
resource "alicloud_cs_managed_kubernetes" "k8s" {
name = var.cluster_name
version = local.cluster_version
cluster_spec = "ack.standard"
worker_vswitch_ids = [alicloud_vswitch.vsw.id]
new_nat_gateway = true
pod_cidr = local.service_cidr
service_cidr = local.pod_cidr
load_balancer_spec = "slb.s1.small"
slb_internet_enabled = true
dynamic "addons" {
for_each = var.cluster_addons
content {
name = lookup(addons.value, "name", var.cluster_addons)
config = lookup(addons.value, "config", var.cluster_addons)
}
}
}
resource "alicloud_cs_kubernetes_node_pool" "default" {
name = var.nodepool_name
cluster_id = alicloud_cs_managed_kubernetes.k8s.id
vswitch_ids = [alicloud_vswitch.vsw.id]
instance_types = ["ecs.g6.xlarge"]
system_disk_category = "cloud_efficiency"
system_disk_size = 40
desired_size = 1
password = "Admin@123"
runtime_name = "containerd"
runtime_version = "1.6.20"
}
(3) 修改变量配置文件
variables.tf
variable "access_key" {
description = "access_key"
}
variable "secret_key" {
description = "secret_key"
}
variable "cluster_name" {
default = "k8s_cluster_01"
}
variable "nodepool_name" {
default = "k8s-nodepool"
}
variable "cluster_addons" {
type = list(object({
name = string
config = string
}))
default = [
{
"name" = "flannel",
"config" = "",
},
{
"name" = "csi-plugin",
"config" = "",
},
{
"name" = "csi-provisioner",
"config" = "",
},
{
"name" = "logtail-ds",
"config" = "{'IngressDashboardEnabled':'true'}",
},
{
"name" = "nginx-ingress-controller",
"config" = "{'IngressSlbNetworkType':'internet'}",
},
{
"name" = "arms-prometheus",
"config" = "",
},
{
"name" = "ack-node-problem-detector",
"config" = "{'sls_project_name':''}",
}
]
}
(4)??验证代码
terraform validate?
(5)?计划与预览
terraform plan?
(6)申请资源
terraform apply
yes ,用时大约6分钟
?
(7) 登录阿里云系统查看ACK集群
初始化中
运行中
(8)查看节点池
节点池
伸缩活动
(9)查看命名空间
(10)查看网络
服务 service
?
5.在ACK集群中部署应用
(1)查看目录
(2)Terraform模板(docker)
USE?PROVIDER
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.25.2"
}
}
}
provider "kubernetes" {
# Configuration options
}
(3)下载软件包
https://github.com/hashicorp/terraform-provider-kubernetes/releases
(3)修改K8S集群配置文件
阿里云系统查看连接集群信息
?
复制上面的连接集群信息到clustera.config
?
(5)修改主配置文件
provider "kubernetes" {
# Configuration options
config_path = "../config/clustera.config"
config_context = "kubernetes-admin-c718a5ce282f94d539ee5ce1986370194"
alias = "clustera"
insecure = true
}
resource "kubernetes_namespace" "jenkins" {
provider = kubernetes.clustera
metadata {
name = "devops"
}
}
?
(6)修改版本配置文件
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.25.2"
}
}
}
provider "kubernetes" {
# Configuration options
}
(7)修改输出配置文件
output "service_name" {
value = kubernetes_service_v1.jenkins.metadata[0].name
}
(8)修改服务配置文件
jenkins.tf
resource "kubernetes_deployment_v1" "jenkins" {
provider = kubernetes.clustera
metadata {
name = "jenkins"
labels = {
app = "jenkins"
}
namespace = kubernetes_namespace.jenkins.id
}
spec {
replicas = 1
selector {
match_labels = {
app = "jenkins"
}
}
template {
metadata {
labels = {
app = "jenkins"
}
}
spec {
container {
image = "jenkins/jenkins:latest"
name = "jenkins"
image_pull_policy = "IfNotPresent"
port {
container_port = 8080
}
resources {
limits = {
cpu = "1000m"
memory = "4096Mi"
}
requests = {
cpu = "250m"
memory = "1024Mi"
}
}
# liveness_probe {
# http_get {
# path = "/"
# port = 8080
# }
# initial_delay_seconds = 30
# period_seconds = 3
# }
}
}
}
}
}
resource "kubernetes_service_v1" "jenkins" {
provider = kubernetes.clustera
metadata {
name = "jenkins-service"
namespace = kubernetes_namespace.jenkins.id
}
spec {
selector = {
app = kubernetes_deployment_v1.jenkins.metadata[0].labels.app
}
port {
port = 8080
target_port = 8080
}
type = "ClusterIP"
}
}
resource "kubernetes_ingress_v1" "jenkins_ingress" {
provider = kubernetes.clustera
metadata {
name = "jenkins-ingress"
namespace = kubernetes_namespace.jenkins.id
}
spec {
rule {
host = "jenkins.maojing.site"
http {
path {
backend {
service {
name = kubernetes_service_v1.jenkins.metadata[0].name
port {
number = 8080
}
}
}
path_type = "Prefix"
path = "/"
}
}
}
}
}
(9)初始化
terraform init
?
(10)格式化代码
terraform fmt
?
(11)验证代码
terraform validate
?
(12)计划与预览
terraform plan
(13)?申请资源
terraform apply
yes , 4个资源将被添加
(14)登录阿里云系统查看
命名空间新增1个 devops
工作负载(无状态deployment)新增1个jenkins
进入jenkins,状态为running
服务service
service关联路由
?
(15)修改输出配置文件
outputs.tf,添加如下代码
output "ingress_ip" {
value = kubernetes_ingress_v1.jenkins_ingress.status[0].load_balancer[0].ingress[0].ip
}
(16)计划与预览
terraform plan成功拿到ingress的ip
?
(17)添加DNS配置文件
dns.tf
# DNS
resource "alicloud_dns_record" "record" {
name = "maojing.site"
host_record = "jenkins"
type = "A"
value = kubernetes_ingress_v1.jenkins_ingress.status[0].load_balancer[0].ingress[0].ip
}
(18) 添加变量配置文件
variables.tf
variable "access_key" {
description = "access_key"
}
variable "secret_key" {
description = "secret_key"
}
(19) 修改版本配置文件
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.25.2"
}
alicloud = {
source = "aliyun/alicloud"
version = "1.214.1"
}
}
}
provider "kubernetes" {
# Configuration options
}
# Configure the Alicloud Provider 默认供应商
provider "alicloud" {
access_key = var.access_key
secret_key = var.secret_key
region = "cn-hangzhou"
}
(20)初始化
terraform init
(21)格式化代码
terraform fmt
(22)验证代码
terraform validate
(23)计划与预览
terraform plan
(24)申请资源
terraform apply
yes
(25)阿里云系统查看
域名解析已新增
(26)dig测试DNS
dig jenkins.maojing.site
(27) 浏览器测试
显示Jenkins安装界面
(28) 查看集群监控
?
6.销毁资源
(1)销毁服务资源
terraform destroy
yes
(2)登录阿里云系统
DNS解析已删除
devops命名空间已删除
?
(3)销毁集群资源
terraform destroy
yes ,用时大约5分钟
(4)登录阿里云系统查看集群
删除中
已删除
二、问题
1.Terraform 验证失败
(1)报错
?
│ Error: "availability_zone": [REMOVED] Field 'availability_zone' has been removed from provider version 1.212.0.
│
│ with alicloud_cs_managed_kubernetes.k8s,
│ on main.tf line 7, in resource "alicloud_cs_managed_kubernetes" "k8s":
│ 7: resource "alicloud_cs_managed_kubernetes" "k8s" {
│ Error: "availability_zone": [REMOVED] Field 'availability_zone' has been removed from provider version 1.212.0.
│
│ with alicloud_cs_managed_kubernetes.k8s,
│ on main.tf line 7, in resource "alicloud_cs_managed_kubernetes" "k8s":
│ 7: resource "alicloud_cs_managed_kubernetes" "k8s" {
│ Error: "runtime": [REMOVED] Field 'runtime' has been removed from provider version 1.212.0. Please use resource 'alicloud_cs_kubernetes_node_pool' to manage cluster nodes, by using field 'runtime_name' and 'runtime_version' to replace it.
│
│ with alicloud_cs_managed_kubernetes.k8s,
│ on main.tf line 7, in resource "alicloud_cs_managed_kubernetes" "k8s":
│ 7: resource "alicloud_cs_managed_kubernetes" "k8s" {
(2)原因分析
从1.212版本开始,部分关键地段被移除,推荐使用alicloud_cs_kubernetes_node_pool 管理工作节点。
From version 1.212.0, runtime,enable_ssh,rds_instances,exclude_autoscaler_nodes,worker_number,worker_instance_types,password,key_name,kms_encrypted_password,kms_encryption_context,worker_instance_charge_type,worker_period,worker_period_unit,worker_auto_renew,worker_auto_renew_period,worker_disk_category,worker_disk_size,worker_data_disks,node_name_mode,node_port_range,os_type,platform,image_id,cpu_policy,user_data,taints,worker_disk_performance_level,worker_disk_snapshot_policy_id,install_cloud_monitor,kube_config,availability_zone are removed. Please use resource alicloud_cs_kubernetes_node_pool to manage your cluster worker nodes.
(3)解决方法
修改配置文件。
?
2.Terraform申请资源失败
(1)报错
Error: [ERROR] terraform-provider-alicloud/alicloud/resource_alicloud_cs_kubernetes.go:1230: Resource c28e6d5ac0cf64922a476e6963f1239b8 DescribeNatGateways Failed!!! [SDK alibaba-cloud-sdk-go ERROR]:
│ SDK.ServerError
│ ErrorCode: Forbidden.RAM
│ Recommend: https://api.aliyun.com/troubleshoot?q=Forbidden.RAM&product=Vpc&requestId=0254494A-FE5F-51C9-96DA-394123C37E13
│ RequestId: 0254494A-FE5F-51C9-96DA-394123C37E13
│ Message: User not authorized to operate on the specified resource, or this API doesn't support RAM.
│ RespHeaders: map[Access-Control-Allow-Origin:[*] Access-Control-Expose-Headers:[*] Connection:[keep-alive] Content-Length:[568] Content-Type:[application/json;charset=utf-8] Date:[Tue, 23 Jan 2024 05:11:28 GMT] Keep-Alive:[timeout=25] X-Acs-Request-Id:[0254494A-FE5F-51C9-96DA-394123C37E13] X-Acs-Trace-Id:[740d51a284c42eb37e67556a9d62faa6]]
│ AccessDeniedDetail: map[AuthPrincipalDisplayName:205814005146961779 AuthPrincipalOwnerId:1889388625243280 AuthPrincipalType:SubUser EncodedDiagnosticMessage:AQEAAAAAZa9KgzAyNTQ0OTRBLUZFNUYtNTFDOS05NkRBLTM5NDEyM0MzN0UxMw==]
│
│ with alicloud_cs_managed_kubernetes.k8s,
│ on main.tf line 7, in resource "alicloud_cs_managed_kubernetes" "k8s":
│ 7: resource "alicloud_cs_managed_kubernetes" "k8s" {
(2)原因分析
RAM缺少NATGatewayFullAcess权限
(3)解决方法
RAM添加NATGatewayFullAcess权限。
重新申请资源
yes,先删除旧的实例
开始创建新实例
?
?
文章来源:https://blog.csdn.net/cronaldo91/article/details/135764873
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:chenni525@qq.com进行投诉反馈,一经查实,立即删除!
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:chenni525@qq.com进行投诉反馈,一经查实,立即删除!
最新文章
- Python教程
- 深入理解 MySQL 中的 HAVING 关键字和聚合函数
- Qt之QChar编码(1)
- MyBatis入门基础篇
- 用Python脚本实现FFmpeg批量转换
- vue多tab页面全部关闭后自动退出登录
- C语言函数名替换
- 133 二叉树中的最大路径和
- 关于Spring源码学习 这里是一些建议
- springboot注解
- 在进行自动化测试,遇到验证码的问题,怎么办?
- 面试了上百位性能测试后,我发现了一个令人不安的事实
- PostgresSQL数据库中分区和分表的区别以及PostgresSQL创建表分区分表示例
- MongoDB聚合:$set
- 使用paramiko从远程服务器下载文件和文件夹