本文主要介绍使用 Terraform 创建无云服务器(ECS)类型节点的容器服务(VKE)集群的方法。
使用 Terraform 创建无 ECS 节点的集群前,您需要参考如下步骤安装 Terraform。
注意
确保下载安装的 Terraform 版本不低于 v0.13。您可以通过terraform version命令查看版本信息。
参数说明如下表所示。export VOLCENGINE_ACCESS_KEY="AK************" export VOLCENGINE_SECRET_KEY="************" export VOLCENGINE_REGION="cn-beijing"
| 参数 | 说明 |
|---|---|
| VOLCENGINE_ACCESS_KEY | 您火山引擎账号的 AccessKey ID(AK)。获取方式,请参见 访问密钥使用指南。 |
| VOLCENGINE_SECRET_KEY | 您火山引擎账号的 Secret Access Key(SK)。获取方式,请参见 访问密钥使用指南。 |
| VOLCENGINE_REGION | 您容器服务业务所在的地域。容器服务支持的地域(Region)和 RegionID,请参见 地域和可用区。 |
参数说明如下表所示。provider "volcengine" { access_key = "AK************" secret_key = "************" session_token = "sts token" region = "cn-beijing" }
| 参数 | 说明 |
|---|---|
| access_key | 您火山引擎账号的 AccessKey ID(AK)。获取方式,请参见 访问密钥使用指南。 |
| secret_key | 您火山引擎账号的 Secret Access Key(SK)。获取方式,请参见 访问密钥使用指南。 |
| session_token | 可选参数。角色扮演的安全令牌,可调用 AssumeRole 接口获取。 |
| region | 您容器服务业务所在的地域。与上一步中的 VOLCENGINE_REGION 参数值保持一致。 |
main.tf的配置文件。terraform { required_providers { volcengine = { source = "volcengine/volcengine" version = "0.0.140" # version 信息请从 Terraform 官网(https://registry.terraform.io/providers/volcengine/volcengine/latest)获取。 } } } provider "volcengine" { access_key = "**********" # 火山引擎账号的 Access Key ID。 secret_key = "**********" # 火山引擎账号的 Secret Access Key。 region = "cn-beijing" # 容器服务业务所在的地域。 } #创建 VPC resource "volcengine_vpc" "vke-tf-vpc" { vpc_name = "vke-tf-vpc" # 私有网络名称。 cidr_block = "172.16.0.0/16" # 私有网络子网网段。 } #创建 Virtual Switch(VSW) resource "volcengine_subnet" "vke-tf-vsw" { subnet_name = "vke-tf-vsw-1" # VSW 子网名称。 cidr_block = "172.16.0.0/24" # VSW 子网网段。 zone_id = "cn-beijing-a" # VSW 可用区。 vpc_id = volcengine_vpc.vke-tf-vpc.id # VSW 所属私有网络 ID。 } #创建 VKE 集群 resource "volcengine_vke_cluster" "vke-tf-test" { name = "tf-created-vke-serverless" # 集群名称。 kubernetes_version = "1.26" # 集群的 Kubernetes 版本。当前仅支持写 x.y 版本号,不支持写 x.y.z 版本号。 # VKE 支持的 Kubernetes 版本请参见 https://www.volcengine.com/docs/6460/108841 。 description = "vke-serverless created by tf" # 集群描述。 delete_protection_enabled = true # 集群删除保护。true:开启,false:关闭。 cluster_config { subnet_ids = [volcengine_subnet.vke-tf-vsw.id] # 集群子网 ID。 api_server_public_access_enabled = true # 开启 API Server 公网访问。true:开启,false:不开启。 #配置 API Server 公网 EIP 计费模式及带宽 api_server_public_access_config { public_access_network_config { billing_type = "PostPaidByTraffic" # EIP 计费模式。PostPaidByTraffic:按量计费-按实际流量计费,PostPaidByBandwidth:按量计费-按带宽上限计费。 bandwidth = 10 # EIP 带宽峰值。PostPaidByTraffic 计费模式下取值范围为 1~200,PostPaidByBandwidth 计费模式下取值范围为 1~500。 } } resource_public_access_default_enabled = true # 开启公网访问。true:开启,false:不开启。 } pods_config { pod_network_mode = "VpcCniShared" # 容器网络模型。VpcCniShared:VPC-CNI 网络模型,Flannel:Flannel 网络模型。 #当网络模型为 Flannel 时 flannel_config 生效 flannel_config { pod_cidrs = ["192.168.0.0/20"] # Flannel 模型容器网络的 Pod CIDR。 max_pods_per_node = 64 # Flannel 模型容器网络的单节点 Pod 实例数量上限。取值有 64、16、32、128、256。 } #当网络模型为 VpcCniShared 时 vpc_cni_config 生效 vpc_cni_config { subnet_ids = [volcengine_subnet.vke-tf-vsw.id] # VPC-CNI 模型容器网络的 Pod 子网 ID。 } } #配置集群 service CIDR services_config { service_cidrsv4 = ["192.168.16.0/24"] # 集群内服务使用的 CIDR。 } } resource "volcengine_vke_addon" "fo1" { cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 vci-virtual-kubelet 组件,必装。 name = "vci-virtual-kubelet" deploy_node_type = "VirtualNode" } resource "volcengine_vke_addon" "fo2" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 core-dns 组件,必装。 name = "core-dns" deploy_node_type = "VirtualNode" } resource "volcengine_vke_addon" "fo3" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 metrics-server 组件, 必装。 name = "metrics-server" deploy_node_type = "VirtualNode" } resource "volcengine_vke_addon" "fo4" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 csi-ebs 组件。 name = "csi-ebs" deploy_node_type = "VirtualNode" } resource "volcengine_vke_addon" "fo5" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 csi-nas 组件。 name = "csi-nas" deploy_node_type = "VirtualNode" } resource "volcengine_vke_addon" "fo6" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 csi-ebs 组件。 name = "dns-autoscaler" deploy_node_type = "VirtualNode" } resource "volcengine_vke_addon" "fo7" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 snapshot-controller 组件。 name = "snapshot-controller" deploy_node_type = "VirtualNode" } resource "volcengine_vke_addon" "fo8" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 apig-controller 组件。 name = "apig-controller" deploy_node_type = "VirtualNode" } resource "volcengine_vke_addon" "fo9" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 application-inspector 组件。 name = "application-inspector" deploy_node_type = "VirtualNode" } resource "volcengine_vke_addon" "fo10" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 application-inspector 组件。 name = "application-inspector" deploy_node_type = "VirtualNode" } resource "volcengine_vke_addon" "fo11" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 cronhpa 组件。 name = "cronhpa" deploy_node_type = "VirtualNode" } resource "volcengine_vke_addon" "fo12" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 image-accelerator 组件。 name = "image-accelerator" deploy_node_type = "VirtualNode" } resource "volcengine_vke_addon" "fo13" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 prometheus-agent 组件。 name = "prometheus-agent" deploy_node_type = "VirtualNode" config = "{\"NodeExporterDisabled\":false,\"AutoScalingEnabled\":false,\"VmAgent\":{\"InitShards\":1,\"Requests\":{\"Cpu\":\"2\",\"Memory\":\"2Gi\"},\"Limits\":{\"Cpu\":\"4\",\"Memory\":\"4Gi\"}},\"KubeStateMetrics\":{\"InitShards\":1,\"Requests\":{\"Cpu\":\"0.2\",\"Memory\":\"512Mi\"},\"Limits\":{\"Cpu\":\"0.8\",\"Memory\":\"2Gi\"}}}" } resource "volcengine_vke_addon" "fo14" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 cr-credential-controller 组件。 name = "cr-credential-controller" deploy_node_type = "VirtualNode" deploy_mode = "Unmanaged" config = "{\"CrConfigmapData\":{\"Namespace\":\"*\",\"ServiceAccount\":\"*\",\"Registries\":[{\"Instance\":\"helm-cr\",\"Region\":\"cn-beijing\"}]}}" } resource "volcengine_vke_addon" "fo15" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 event-collector 组件。 name = "event-collector" deploy_node_type = "VirtualNode" config = "{\"TopicId\":\"f48b51d8-a6f7-4c26-b2ae-c1de96******\",\"ProjectId\":\"145749e8-b46d-424e-8c8a-a7d401******\",\"AccessKeyId\":\"AK***********\",\"AccessKeySecret\":\"******************==\"}" deploy_mode = "Unmanaged" } resource "volcengine_vke_addon" "fo16" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 ingress-nginx 组件。 name = "ingress-nginx" deploy_node_type = "VirtualNode" config = "{\"Replicas\":2,\"Resources\":{\"Requests\":{\"Cpu\":\"0.1\",\"Memory\":\"250Mi\"},\"Limits\":{\"Cpu\":\"0.5\",\"Memory\":\"1024Mi\"}},\"PrivateNetwork\":{\"SubnetId\":\"subnet-rrfr1oopsg00v0x57******\",\"IpFamily\":\"ipv4\"}}" deploy_mode = "Unmanaged" } resource "volcengine_vke_addon" "fo17" { depends_on = [volcengine_vke_addon.fo1] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 load-balancer-controller 组件。 name = "load-balancer-controller" deploy_node_type = "VirtualNode" config = "{\"IsSharedMode\":false,\"Resources\":{\"Requests\":{\"Cpu\":\"0.25\",\"Memory\":\"128Mi\"},\"Limits\":{\"Cpu\":\"1\",\"Memory\":\"512Mi\"}},\"PlbConfig\":{\"Enabled\":true,\"AccessKeyId\":\"AK************\",\"AccessKeySecret\":\"************==\",\"ServiceId\":\"syssrv-111\"},\"ClbConfig\":{\"Enabled\":false}}" deploy_mode = "Unmanaged" } resource "volcengine_vke_addon" "fo18" { depends_on = [volcengine_vke_addon.fo1, volcengine_vke_addon.fo5] cluster_id = volcengine_vke_cluster.vke-tf-test.id # 安装 p2p-accelerator 组件。请确保关联的镜像仓库实例已开启 P2P 加速能力。 name = "p2p-accelerator" deploy_node_type = "VirtualNode" config = "{\"Region\":\"cn-beijing\",\"VpcId\":\"vpc-min4y8zya1a******\",\"Registry\":\"helm-cr\",\"NydusEnabled\":false,\"DaemonProxyReplicas\":3,\"AccessKeyId\":\"AK************\",\"AccessKeySecret\":\"************==\",\"DeployNodeType\":\"VirtualNode\"}" deploy_mode = "Unmanaged" }
说明
预期执行结果如下所示。terraform init
Initializing the backend... Initializing provider plugins... - Finding volcengine/volcengine versions matching "0.0.140"... - Installing volcengine/volcengine v0.0.140... ... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
预期执行结果如下所示。terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: ... Plan: 3 to add, 0 to change, 0 to destroy.
预期执行结果如下所示。terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # volcengine_vke_cluster.foo will be created + resource "volcengine_vke_cluster" "foo" { + delete_protection_enabled = false + description = "created by terraform" + eip_allocation_id = (known after apply) + id = (known after apply) + kubeconfig_private = (known after apply) + kubeconfig_public = (known after apply) + kubernetes_version = (known after apply) + name = "tf-created-vke-serverless" + cluster_config { + api_server_public_access_enabled = true + ip_family = (known after apply) + resource_public_access_default_enabled = true + subnet_ids = [ + "subnet-13fxz9n6n********", + "subnet-mis6wmt********", ] + api_server_public_access_config { + public_access_network_config { + bandwidth = 1 + billing_type = "PostPaidByBandwidth" } } } + pods_config { + pod_network_mode = "VpcCniShared" + vpc_cni_config { + subnet_ids = [ + "subnet-13fxz9qbltgcg3n6n********", + "subnet-mis6wd60ohz45smt********", ] } } + services_config { + service_cidrsv4 = [ + "172.30.0.0/18", ] } + tags { + key = "tf-k1" + value = "tf-v1" } } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes volcengine_vke_cluster.foo: Creating... volcengine_vke_cluster.foo: Still creating... [10s elapsed] volcengine_vke_cluster.foo: Still creating... [20s elapsed] volcengine_vke_cluster.foo: Still creating... [30s elapsed] volcengine_vke_cluster.foo: Still creating... [40s elapsed] volcengine_vke_cluster.foo: Still creating... [50s elapsed] volcengine_vke_cluster.foo: Still creating... [1m0s elapsed] volcengine_vke_cluster.foo: Still creating... [1m10s elapsed] volcengine_vke_cluster.foo: Still creating... [1m20s elapsed] volcengine_vke_cluster.foo: Still creating... [1m30s elapsed] volcengine_vke_cluster.foo: Still creating... [1m40s elapsed] volcengine_vke_cluster.foo: Still creating... [1m50s elapsed] volcengine_vke_cluster.foo: Still creating... [2m0s elapsed] volcengine_vke_cluster.foo: Still creating... [2m10s elapsed] volcengine_vke_cluster.foo: Still creating... [2m20s elapsed] volcengine_vke_cluster.foo: Still creating... [2m30s elapsed] volcengine_vke_cluster.foo: Still creating... [2m40s elapsed] volcengine_vke_cluster.foo: Still creating... [2m50s elapsed] volcengine_vke_cluster.foo: Still creating... [3m0s elapsed] volcengine_vke_cluster.foo: Still creating... [3m10s elapsed] volcengine_vke_cluster.foo: Still creating... [3m20s elapsed] volcengine_vke_cluster.foo: Still creating... [3m30s elapsed] volcengine_vke_cluster.foo: Still creating... [3m40s elapsed] volcengine_vke_cluster.foo: Still creating... [3m50s elapsed] volcengine_vke_cluster.foo: Still creating... [4m0s elapsed] volcengine_vke_cluster.foo: Still creating... [4m10s elapsed] volcengine_vke_cluster.foo: Still creating... [4m20s elapsed] volcengine_vke_cluster.foo: Still creating... [4m30s elapsed] volcengine_vke_cluster.foo: Still creating... [4m40s elapsed] volcengine_vke_cluster.foo: Still creating... [4m50s elapsed] volcengine_vke_cluster.foo: Still creating... [5m0s elapsed] volcengine_vke_cluster.foo: Still creating... [5m10s elapsed] volcengine_vke_cluster.foo: Still creating... [5m20s elapsed] volcengine_vke_cluster.foo: Still creating... [5m30s elapsed] volcengine_vke_cluster.foo: Still creating... [5m40s elapsed] volcengine_vke_cluster.foo: Creation complete after 5m49s [id=ccnisgn536u6sdg******]