Terraform概述

Terraform 是由 HashiCorp 创建的开源“基础架构即代码”工具。

作为一种声明式编码工具，Terraform 使开发人员能够使用一种称为 HCL（HashiCorp 配置语言）的高级配置语言来描述运行应用程序所需的“最终状态”云或本地基础设施。然后，它会生成一个达到该最终状态的计划，并执行该计划来供应基础设施。

terraform通过provider调用云厂商的API进行资源管理

安装terraform

Terraform是以二进制可执行文件发布，您只需下载terraform二进制文件，然后将terraform可执行文件添加到系统环境变量PATH中即可。

wget https://releases.hashicorp.com/terraform/1.6.6/terraform_1.6.6_linux_amd64.zip unzip terraform_1.6.6_linux_amd64.zip mv terraform /usr/local/bin/ terraform -version

配置认证

Terraform支持编排华为云上的各种云资源，使用Terraform管理华为云资源前，您需要获取AK/SK，并在Terraform上进行配置，从而认证鉴权。
您可以使用如下两种方式配置Terraform

在Terraform配置文件中添加AK/SK信息

provider "huaweicloud" { region = "cn-north-1" access_key = "my-access-key" secret_key = "my-secret-key" }

region：区域，即需要创建管理哪个区域的资源。您可以在这里查询华为云支持的区域

access_key：密钥ID，即AK。查询方法请参见访问密钥。

secret_key：访问密钥，即SK。查询方法请参见访问密钥。

在系统环境变量中添加AK/SK信息

export HW_REGION_NAME="cn-north-1" export HW_ACCESS_KEY="my-access-key" export HW_SECRET_KEY="my-secret-key"

更多配置参数请参考：https://registry.terraform.io/providers/huaweicloud/huaweicloud/latest/docs

安装华为云provider

下载华为云provider：https://github.com/huaweicloud/terraform-provider-huaweicloud/releases

如何加速下载华为云 provider：https://support.huaweicloud.com/terraform_faq/index.html

准备terraform配置文件

准备provider的version文件，huaweicloud为本地安装，kubernetes在线安装

terraform { required_version = ">= 0.13" required_providers { huaweicloud = { source = "local-registry/huaweicloud/huaweicloud" version = ">= 1.60.1" } kubernetes = { source = "hashicorp/kubernetes" version = ">= 2.24.0" } } }

准备provider需要的auth文件，mycluster是资源名称，请替换为实际值

provider "huaweicloud" { region = "cn-north-4" access_key = "***" #AK secret_key = "***" #SK } provider "kubernetes" { host = huaweicloud_cce_cluster.mycluster.certificate_clusters[0].server cluster_ca_certificate = "${base64decode(huaweicloud_cce_cluster.mycluster.certificate_clusters[0].certificate_authority_data)}" client_key = "${base64decode(huaweicloud_cce_cluster.mycluster.certificate_users[0].client_key_data)}" client_certificate = "${base64decode(huaweicloud_cce_cluster.mycluster.certificate_users[0].client_certificate_data)}" }

准备需要创建的CCE资源文件

variable cce_node_password { description = "node password" type = string nullable = "false" sensitive = "true" #不显示输入的密码 } //创建vpc resource "huaweicloud_vpc" "myvpc" { name = "vpc" cidr = "172.16.0.0/16" } //创建子网 resource "huaweicloud_vpc_subnet" "mysubnet" { name = "subnet" cidr = "172.16.0.0/16" gateway_ip = "172.16.0.1" //设置VPC的DNS信息 primary_dns = "100.125.1.250" secondary_dns = "100.125.21.250" vpc_id = huaweicloud_vpc.myvpc.id } //创建CCE集群 resource "huaweicloud_cce_cluster" "mycluster" { name = "terraform-cce" flavor_id = "cce.s1.small" vpc_id = huaweicloud_vpc.myvpc.id subnet_id = huaweicloud_vpc_subnet.mysubnet.id container_network_type = "vpc-router" container_network_cidr = "10.128.0.0/10" kube_proxy_mode = "iptables" } //创建节点池 resource "huaweicloud_cce_node_pool" "node_pool" { cluster_id = huaweicloud_cce_cluster.mycluster.id name = "test-pool" subnet_id = huaweicloud_vpc_subnet.mysubnet.id os = "Huawei Cloud EulerOS 2.0" initial_node_count = 2 #节点池初始节点数 flavor_id = "c7.large.2" availability_zone = "cn-north-4a" password = var.cce_node_password scall_enable = true #开启弹性伸缩 min_node_count = 1 max_node_count = 10 scale_down_cooldown_time = 100 priority = 1 type = "vm" root_volume { size = 40 volumetype = "SAS" } data_volumes { size = 100 volumetype = "SAS" } labels = { //key = value test = "test" } taints { key = "test" value = "test" effect = "NoSchedule" } } data "huaweicloud_cce_addon_template" "metrics-server" { name = "metrics-server" cluster_id = huaweicloud_cce_cluster.mycluster.id version = "1.3.12" } //安装CCE插件metric-server resource "huaweicloud_cce_addon" "metrics-server" { cluster_id = huaweicloud_cce_cluster.mycluster.id template_name = "metrics-server" version = "1.3.12" values { basic = jsondecode(data.huaweicloud_cce_addon_template.metrics-server.spec).basic custom_json = jsonencode( { tolerations = [{ key = "test" operator = "Exists" }] }) flavor_json = jsonencode({ replicas = 1 resources = [{ limitsCpu = "1000m" limitsMem = "1000Mi" requestsCpu = "200m" requestsMem = "400Mi" }] }) } }

准备需要创建的kubernetes资源文件

resource "kubernetes_deployment_v1" "example" { metadata { name = "terraform-example" labels = { test = "MyExampleApp" } } spec { replicas = 1 selector { match_labels = { test = "MyExampleApp" } } template { metadata { labels = { test = "MyExampleApp" } } spec { container { image = "nginx:1.17.4" name = "example" resources { limits = { cpu = "0.5" memory = "512Mi" } requests = { cpu = "250m" memory = "50Mi" } } liveness_probe { http_get { path = "/" port = 80 } } } toleration { key = "test" operator = "Exists" } } } } } resource "kubernetes_service_v1" "example" { metadata { name = "terraform-example" } spec { selector = { test = "MyExampleApp" } port { port = 80 target_port = 80 } type = "ClusterIP" } }

使用命令创建以上资源

terraform init #初始化provider terraform plan #查看计划 terraform apply -auto-approve #执行计划

效果展示

集群信息展示

节点池展示

CCE插件展示

kubernetes资源展示