本文主要介绍使用 Terraform 创建集群并管理此类集群的方法。
使用 Terraform 管理容器服务集群前,您需要参考如下步骤安装 Terraform。
注意
确保下载安装的 Terraform 版本不低于 v0.13。您可以通过terraform version
命令查看版本信息。
参数说明如下表所示。export VOLCENGINE_ACCESS_KEY="AK************" export VOLCENGINE_SECRET_KEY="************" export VOLCENGINE_REGION="cn-beijing"
参数 | 说明 |
---|---|
VOLCENGINE_ACCESS_KEY | 您火山引擎账号的 AccessKey ID(AK)。获取方式,请参见 访问密钥使用指南。 |
VOLCENGINE_SECRET_KEY | 您火山引擎账号的 Secret Access Key(SK)。获取方式,请参见 访问密钥使用指南。 |
VOLCENGINE_REGION | 您容器服务业务所在的地域。容器服务支持的地域(Region)和 RegionID,请参见 地域和可用区。 |
参数说明如下表所示。provider "volcengine" { access_key = "AK************" secret_key = "************" session_token = "sts token" region = "cn-beijing" }
参数 | 说明 |
---|---|
access_key | 您火山引擎账号的 AccessKey ID(AK)。获取方式,请参见 访问密钥使用指南。 |
secret_key | 您火山引擎账号的 Secret Access Key(SK)。获取方式,请参见 访问密钥使用指南。 |
session_token | 可选参数。角色扮演的安全令牌,可调用 AssumeRole 接口获取。 |
region | 您容器服务业务所在的地域。与上一步中的 VOLCENGINE_REGION 参数值保持一致。 |
main.tf
的配置文件。terraform { required_providers { volcengine = { source = "volcengine/volcengine" version = "0.0.140" # version 信息请从 Terraform 官网(https://registry.terraform.io/providers/volcengine/volcengine/latest)获取。 } } } provider "volcengine" { access_key = "**********" # 火山引擎账号的 Access Key ID。 secret_key = "**********" # 火山引擎账号的 Secret Access Key。 region = "cn-beijing" # 容器服务业务所在的地域。 } #创建 VPC resource "volcengine_vpc" "vke-tf-vpc" { vpc_name = "vke-tf-vpc" # 私有网络名称。 cidr_block = "172.16.0.0/16" # 私有网络子网网段。 } #创建 Virtual Switch(VSW) resource "volcengine_subnet" "vke-tf-vsw" { subnet_name = "vke-tf-vsw-1" # VSW 子网名称。 cidr_block = "172.16.0.0/24" # VSW 子网网段。 zone_id = "cn-beijing-a" # VSW 可用区。 vpc_id = volcengine_vpc.vke-tf-vpc.id # VSW 所属私有网络 ID。 } #创建 VKE 集群 resource "volcengine_vke_cluster" "vke-tf-test" { name = "tf-created-vke" # 集群名称。 kubernetes_version = "1.24" # 集群的 Kubernetes 版本。当前仅支持写 x.y 版本号,不支持写 x.y.z 版本号。 # VKE 支持的 Kubernetes 版本请参见 https://www.volcengine.com/docs/6460/108841 。 description = "vke created by tf" # 集群描述。 delete_protection_enabled = true # 集群删除保护。true:开启,false:关闭。 cluster_config { subnet_ids = [volcengine_subnet.vke-tf-vsw.id] # 集群子网 ID。 api_server_public_access_enabled = true # 开启 API Server 公网访问。true:开启,false:不开启。 #配置 API Server 公网 EIP 计费模式及带宽 api_server_public_access_config { public_access_network_config { billing_type = "PostPaidByTraffic" # EIP 计费模式。PostPaidByTraffic:按量计费-按实际流量计费,PostPaidByBandwidth:按量计费-按带宽上限计费。 bandwidth = 10 # EIP 带宽峰值。PostPaidByTraffic 计费模式下取值范围为 1~200,PostPaidByBandwidth 计费模式下取值范围为 1~500。 } } resource_public_access_default_enabled = true # 开启公网访问。true:开启,false:不开启。 } pods_config { pod_network_mode = "VpcCniShared" # 容器网络模型。VpcCniShared:VPC-CNI 网络模型,Flannel:Flannel 网络模型。 #当网络模型为 Flannel 时 flannel_config 生效 flannel_config { pod_cidrs = ["192.168.0.0/20"] # Flannel 模型容器网络的 Pod CIDR。 max_pods_per_node = 64 # Flannel 模型容器网络的单节点 Pod 实例数量上限。取值有 64、16、32、128、256。 } #当网络模型为 VpcCniShared 时 vpc_cni_config 生效 vpc_cni_config { subnet_ids = [volcengine_subnet.vke-tf-vsw.id] # VPC-CNI 模型容器网络的 Pod 子网 ID。 } } #配置集群 service CIDR services_config { service_cidrsv4 = ["192.168.16.0/24"] # 集群内服务使用的 CIDR。 } }
预期执行结果如下所示。terraform init
Initializing the backend... Initializing provider plugins... - Finding volcengine/volcengine versions matching "0.0.140"... - Installing volcengine/volcengine v0.0.140... ... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
预期执行结果如下所示。terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: ... Plan: 3 to add, 0 to change, 0 to destroy.
预期执行结果如下所示。terraform apply
您也可以登录 容器服务控制台,查看新建的集群。Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: ... Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes volcengine_vpc.vke-tf-vpc: Creating... ... Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
使用 Terraform 更新通过 Terraform 创建的集群时,请按照如下步骤操作。
main.tf
文件,将文件中的 delete_protection_enabled 字段设置为 false,关闭集群删除保护。... description = "vke created by tf" delete_protection_enabled = false cluster_config { ...
说明
由于更新集群配置的字段为非 ForceNew 字段,因此不会删除资源进行重建。
预期执行结果如下所示。terraform apply
... Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: ... Plan: 0 to add, 1 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes ... Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
使用 Terraform 删除通过 Terraform 创建的集群时,请按照如下步骤操作。
注意
使用 Terraform 删除集群时,会自动释放除包年包月 Worker 节点之外的所有集群关联资源,不支持保留,请谨慎操作。
main.tf
文件,将文件中的 delete_protection_enabled 字段设置为 false,关闭集群删除保护。... description = "vke created by tf" delete_protection_enabled = false cluster_config { ...
预期执行结果如下所示。terraform destroy
... Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: ... Do you really want to destroy all resources? Terraform will destroy all your managed infrastructure, as shown above. There is no undo. Only 'yes' will be accepted to confirm. Enter a value: yes ... Destroy complete! Resources: 3 destroyed.