目前，阿里云容器服務(wù)已經(jīng)可以創(chuàng)建托管版 Kubernetes 集群了。相比于默認(rèn)的 Kubernetes 集群，托管版本會(huì)主動(dòng)替您運(yùn)維一套高可用的 Master 組件，免去了默認(rèn)版本集群中三個(gè) Master ECS 節(jié)點(diǎn)，從而節(jié)約所需的資金成本及維護(hù)時(shí)的人力成本。在容器服務(wù)控制臺(tái)，我們?yōu)槟峁┝吮憬菔褂玫目梢暯缑嬉徊揭徊揭龑?dǎo)式地創(chuàng)建該類(lèi)型集群。但當(dāng)您需要反復(fù)創(chuàng)建托管版集群、大批量創(chuàng)建集群，或者您就是天生抗拒控制臺(tái)手工操作的那一類(lèi)人，可以了解并嘗試使用一下 Terraform 了。

Terraform 是一款 Infrastructure as Code 的工具，可以將云端資源代碼化。關(guān)于 Terraform 的基本介紹本文不再贅述，有興趣的同學(xué)可以參考 《云生態(tài)下的基礎(chǔ)架構(gòu)資源管理利器Terraform》 等云棲社區(qū)的優(yōu)秀文章。目前我們一直在支持阿里云 Terraform Provider，已經(jīng)實(shí)現(xiàn)了阿里云上面絕大部分的云產(chǎn)品的對(duì)接。

在 2018 年圣誕節(jié)來(lái)臨之前，阿里云 Terraform Provider 已經(jīng)發(fā)布 v1.26.0 版本，其中已經(jīng)支持了創(chuàng)建托管版Kubernetes 集群，下面我們來(lái)一起看下如何實(shí)現(xiàn)命令行快速部署一個(gè)這樣的集群。

創(chuàng)建托管版 Kubernetes 集群

首先我們打開(kāi)《阿里云 Terraform Provider 文檔 - 托管版 Kubernetes》的幫助文檔，可以看到該資源 Resource 提供的參數(shù)列表。參數(shù)分為入?yún)?Argument 和出參 Attributes。入?yún)⒘斜韮?nèi)包含了必填參數(shù)以及可選參數(shù)，例如 name 和 name_prefix 就是一對(duì)必填參數(shù)，但它們互斥，即不能同時(shí)填寫(xiě)。如果填了 name，集群名就是 name 的值，如果填了 name_prefix，集群名會(huì)以 name_prefix 開(kāi)頭自動(dòng)生成一個(gè)。我們對(duì)照文檔中的參數(shù)列表 Argument Reference，先草擬出一個(gè)集群的描述，為了方便起見(jiàn)，我把填寫(xiě)每個(gè)參數(shù)的理由都注釋在代碼中。

# 引入阿里云 Terraform Provider provider "alicloud" {# 填入您的賬號(hào) Access Keyaccess_key = "FOO"# 填入您的賬號(hào) Secret Keysecret_key = "BAR"# 填入想創(chuàng)建的 Regionregion = "cn-hangzhou"# 可選參數(shù)，默認(rèn)不填就使用最新版本version = "v1.26.0" }# 必要的資源標(biāo)識(shí) # alicloud_cs_managed_kubernetes 表明是托管版 Kubernetes 集群 # k8s 代表該資源實(shí)例的名稱(chēng) resource "alicloud_cs_managed_kubernetes" "k8s" {# 集群名稱(chēng)，可以帶中劃線，一個(gè)賬戶(hù)內(nèi)的集群名稱(chēng)不能相同name = "test-managed-kubernetes"# 可以從 ECS 控制臺(tái)上面查詢(xún)到可用區(qū)信息，以及對(duì)應(yīng)的 ECS 實(shí)例類(lèi)型庫(kù)存# 以下代表 Worker 節(jié)點(diǎn)將部署在 cn-hangzhou-h 這個(gè)可用區(qū)，采用 ecs.c5.xlarge 這個(gè)機(jī)型。availability_zone = "cn-hangzhou-h"worker_instance_types = ["ecs.c5.xlarge"]# 配置該集群 Worker 節(jié)點(diǎn)數(shù)為 2 個(gè)，該數(shù)字后續(xù)可以再擴(kuò)容worker_numbers = [2]# Worker 節(jié)點(diǎn)使用高效云盤(pán)worker_disk_category = "cloud_efficiency"# 默認(rèn)為 true，會(huì)在 VPC 內(nèi)創(chuàng)建一個(gè) Nat 網(wǎng)關(guān)用于 ECS 連上互聯(lián)網(wǎng)new_nat_gateway = true# 配置所有 ECS 的默認(rèn) Root 密碼，此處也可以用密鑰對(duì) key_name 代替，但需要提前創(chuàng)建password = "Test12345"# Kubernetes 集群內(nèi)所有 Pod 使用的子網(wǎng)網(wǎng)段，不能與 service_cidr 和 ECS 所在網(wǎng)段沖突# 默認(rèn)創(chuàng)建的 VPC 是 192.168.0.0/16 這個(gè)網(wǎng)段內(nèi)的，所以 pod_cidr 和 service_cidr 可以使用 172 網(wǎng)段# 請(qǐng)參考 VPC下 Kubernetes 的網(wǎng)絡(luò)地址段規(guī)劃pod_cidr = "172.20.0.0/16"service_cidr = "172.21.0.0/20"# 安裝云監(jiān)控插件install_cloud_monitor = true }

我們可以將以上的配置保存為一個(gè) main.tf 描述文件，在該文件的當(dāng)前目錄下執(zhí)行 terraform init 和 terraform apply。

xh4n3@xh4n3:~/ops/terraform-example% terraform init --get-plugins=true -upgradeInitializing provider plugins... - Checking for available provider plugins on https://releases.hashicorp.com... - Downloading plugin for provider "alicloud" (1.26.0)...Terraform has been successfully initialized!You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work.xh4n3@xh4n3:~/ops/terraform-example% terraform applyAn execution plan has been generated and is shown below. Resource actions are indicated with the following symbols:+ createTerraform will perform the following actions:+ alicloud_cs_managed_kubernetes.k8sid: <computed>availability_zone: "cn-hangzhou-h"install_cloud_monitor: "true"name: "test-managed-kubernetes"name_prefix: "Terraform-Creation"new_nat_gateway: "true"password: <sensitive>pod_cidr: "172.20.0.0/16"security_group_id: <computed>service_cidr: "172.21.0.0/20"vpc_id: <computed>vswitch_ids.#: <computed>worker_disk_category: "cloud_efficiency"worker_disk_size: "40"worker_instance_charge_type: "PostPaid"worker_instance_types.#: "1"worker_instance_types.0: "ecs.c5.xlarge"worker_nodes.#: <computed>worker_numbers.#: "1"worker_numbers.0: "2"Plan: 1 to add, 0 to change, 0 to destroy.Do you want to perform these actions?Terraform will perform the actions described above.Only 'yes' will be accepted to approve.Enter a value:

從上述日志中可以看到，terraform init 會(huì)把我們用到的 Provider 插件下載好，terraform apply 會(huì)根據(jù)我們的 main.tf 描述文件計(jì)算出需要執(zhí)行的操作，上述顯示將會(huì)創(chuàng)建一個(gè) alicloud_cs_managed_kubernetes.k8s 的資源，需要我們輸入 yes 來(lái)確認(rèn)創(chuàng)建。確認(rèn)創(chuàng)建后，創(chuàng)建大約會(huì)耗時(shí)五分鐘，terraform 會(huì)輸出類(lèi)似下面的日志。

# 以上省略 Do you want to perform these actions?Terraform will perform the actions described above.Only 'yes' will be accepted to approve.Enter a value: yesalicloud_cs_managed_kubernetes.k8s: Creating...availability_zone: "" => "cn-hangzhou-h"install_cloud_monitor: "" => "true"name: "" => "test-managed-kubernetes"name_prefix: "" => "Terraform-Creation"new_nat_gateway: "" => "true"password: "<sensitive>" => "<sensitive>"pod_cidr: "" => "172.20.0.0/16"security_group_id: "" => "<computed>"service_cidr: "" => "172.21.0.0/20"vpc_id: "" => "<computed>"vswitch_ids.#: "" => "<computed>"worker_disk_category: "" => "cloud_efficiency"worker_disk_size: "" => "40"worker_instance_charge_type: "" => "PostPaid"worker_instance_types.#: "" => "1"worker_instance_types.0: "" => "ecs.c5.xlarge"worker_nodes.#: "" => "<computed>"worker_numbers.#: "" => "1"worker_numbers.0: "" => "2" alicloud_cs_managed_kubernetes.k8s: Still creating... (10s elapsed) alicloud_cs_managed_kubernetes.k8s: Still creating... (20s elapsed) alicloud_cs_managed_kubernetes.k8s: Still creating... (30s elapsed) # 以上省略 alicloud_cs_managed_kubernetes.k8s: Creation complete after 6m5s (ID: cc54df7d990a24ed18c1e0ebacd36418c)Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

當(dāng)出現(xiàn) Apply complete! Resources: 1 added 字樣的時(shí)候，集群已經(jīng)成功創(chuàng)建，此時(shí)我們也可以登錄控制臺(tái)后在控集群列表中看到集群。

修改托管版 Kubernetes 集群

在 Terraform Provider 中，我們提供了一部分參數(shù)的修改能力，一般情況下，所有非 Force New Resouce（強(qiáng)制新建資源）的參數(shù)都可以被修改。下面我們修改部分參數(shù)，注釋內(nèi)容為更新的項(xiàng)目。

provider "alicloud" {access_key = "FOO"secret_key = "BAR"region = "cn-hangzhou"version = "v1.26.0" }resource "alicloud_cs_managed_kubernetes" "k8s" {# 更換集群的名稱(chēng)為 test-managed-kubernetes-updatedname = "test-managed-kubernetes-updated"availability_zone = "cn-hangzhou-h"worker_instance_types = ["ecs.c5.xlarge"]# 修改 worker_numbers 為 3，可以擴(kuò)容一個(gè) worker 節(jié)點(diǎn)worker_numbers = [3]worker_disk_category = "cloud_efficiency"new_nat_gateway = truepassword = "Test12345"pod_cidr = "172.20.0.0/16"service_cidr = "172.21.0.0/20"install_cloud_monitor = true# 導(dǎo)出集群的連接配置文件到 /tmp 目錄kube_config = "/tmp/config"# 導(dǎo)出集群的證書(shū)相關(guān)文件到 /tmp 目錄，下同client_cert = "/tmp/client-cert.pem"client_key = "/tmp/client-key.pem"cluster_ca_cert = "/tmp/cluster-ca-cert.pem" }

同創(chuàng)建集群一樣，修改集群時(shí)使用的命令也是 terraform apply。執(zhí)行后我們得到以下日志輸出，輸入 yes 并回車(chē)，我們就可以把該集群的名稱(chēng)改為 test-managed-kubernetes-updated，worker 節(jié)點(diǎn)擴(kuò)容至 3 節(jié)點(diǎn)，同時(shí)將導(dǎo)出證書(shū)和連接文件到本機(jī)的 /tmp 目錄。

xh4n3@xh4n3:~/ops/terraform-example% terraform apply alicloud_cs_managed_kubernetes.k8s: Refreshing state... (ID: cc54df7d990a24ed18c1e0ebacd36418c)An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols:~ update in-placeTerraform will perform the following actions:~ alicloud_cs_managed_kubernetes.k8sclient_cert: "" => "/tmp/client-cert.pem"client_key: "" => "/tmp/client-key.pem"cluster_ca_cert: "" => "/tmp/cluster-ca-cert.pem"kube_config: "" => "/tmp/config"name: "test-managed-kubernetes" => "test-managed-kubernetes-updated"worker_numbers.0: "2" => "3"Plan: 0 to add, 1 to change, 0 to destroy.Do you want to perform these actions?Terraform will perform the actions described above.Only 'yes' will be accepted to approve.Enter a value: yesalicloud_cs_managed_kubernetes.k8s: Modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c)client_cert: "" => "/tmp/client-cert.pem"client_key: "" => "/tmp/client-key.pem"cluster_ca_cert: "" => "/tmp/cluster-ca-cert.pem"kube_config: "" => "/tmp/config"name: "test-managed-kubernetes" => "test-managed-kubernetes-updated"worker_numbers.0: "2" => "3" alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 10s elapsed) alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 20s elapsed) alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 30s elapsed) # 以上省略 alicloud_cs_managed_kubernetes.k8s: Modifications complete after 4m4s (ID: cc54df7d990a24ed18c1e0ebacd36418c)Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Terraform apply 運(yùn)行成功后，控制臺(tái)中顯示的集群信息已經(jīng)表明現(xiàn)在集群已經(jīng)變成了我們期望的狀態(tài)。在本機(jī)上，我們也通過(guò)導(dǎo)出的連接文件，用 kubectl 連接到集群。

?

附錄

控制臺(tái)創(chuàng)建托管版 Kubernetes 集群幫助文檔
https://help.aliyun.com/document_detail/95108.html
云生態(tài)下的基礎(chǔ)架構(gòu)資源管理利器Terraform
https://yq.aliyun.com/articles/215592
阿里云 Terraform Provider 代碼庫(kù)
https://github.com/terraform-providers/terraform-provider-alicloud
阿里云 Terraform Provider 文檔
https://www.terraform.io/docs/providers/alicloud/index.html
阿里云 Terraform Provider 文檔 - 托管版 Kubernetes
https://www.terraform.io/docs/providers/alicloud/r/cs_managed_kubernetes.html
VPC下 Kubernetes 的網(wǎng)絡(luò)地址段規(guī)劃
https://help.aliyun.com/document_detail/86500.html
Terraform 部署容器服務(wù)Kubernetes集群及Wordpress應(yīng)用
https://yq.aliyun.com/articles/641627

?

原文鏈接
本文為云棲社區(qū)原創(chuàng)內(nèi)容，未經(jīng)允許不得轉(zhuǎn)載。

總結(jié)

以上是生活随笔為你收集整理的使用Terraform创建托管版Kubernetes的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。