目前，阿里云容器服務已經可以創建托管版 Kubernetes 集群了。相比于默認的 Kubernetes 集群，托管版本會主動替您運維一套高可用的 Master 組件，免去了默認版本集群中三個 Master ECS 節點，從而節約所需的資金成本及維護時的人力成本。在容器服務控制臺，我們為您提供了便捷使用的可視界面一步一步引導式地創建該類型集群。但當您需要反復創建托管版集群、大批量創建集群，或者您就是天生抗拒控制臺手工操作的那一類人，可以了解并嘗試使用一下 Terraform 了。

Terraform 是一款 Infrastructure as Code 的工具，可以將云端資源代碼化。關于 Terraform 的基本介紹本文不再贅述，有興趣的同學可以參考 《云生態下的基礎架構資源管理利器Terraform》 等云棲社區的優秀文章。目前我們一直在支持阿里云 Terraform Provider，已經實現了阿里云上面絕大部分的云產品的對接。

在 2018 年圣誕節來臨之前，阿里云 Terraform Provider 已經發布 v1.26.0 版本，其中已經支持了創建托管版Kubernetes 集群，下面我們來一起看下如何實現命令行快速部署一個這樣的集群。

創建托管版 Kubernetes 集群

首先我們打開《阿里云 Terraform Provider 文檔 - 托管版 Kubernetes》的幫助文檔，可以看到該資源 Resource 提供的參數列表。參數分為入參 Argument 和出參 Attributes。入參列表內包含了必填參數以及可選參數，例如 name 和 name_prefix 就是一對必填參數，但它們互斥，即不能同時填寫。如果填了 name，集群名就是 name 的值，如果填了 name_prefix，集群名會以 name_prefix 開頭自動生成一個。我們對照文檔中的參數列表 Argument Reference，先草擬出一個集群的描述，為了方便起見，我把填寫每個參數的理由都注釋在代碼中。

# 引入阿里云 Terraform Provider provider "alicloud" {# 填入您的賬號 Access Keyaccess_key = "FOO"# 填入您的賬號 Secret Keysecret_key = "BAR"# 填入想創建的 Regionregion = "cn-hangzhou"# 可選參數，默認不填就使用最新版本version = "v1.26.0" }# 必要的資源標識 # alicloud_cs_managed_kubernetes 表明是托管版 Kubernetes 集群 # k8s 代表該資源實例的名稱 resource "alicloud_cs_managed_kubernetes" "k8s" {# 集群名稱，可以帶中劃線，一個賬戶內的集群名稱不能相同name = "test-managed-kubernetes"# 可以從 ECS 控制臺上面查詢到可用區信息，以及對應的 ECS 實例類型庫存# 以下代表 Worker 節點將部署在 cn-hangzhou-h 這個可用區，采用 ecs.c5.xlarge 這個機型。availability_zone = "cn-hangzhou-h"worker_instance_types = ["ecs.c5.xlarge"]# 配置該集群 Worker 節點數為 2 個，該數字后續可以再擴容worker_numbers = [2]# Worker 節點使用高效云盤worker_disk_category = "cloud_efficiency"# 默認為 true，會在 VPC 內創建一個 Nat 網關用于 ECS 連上互聯網new_nat_gateway = true# 配置所有 ECS 的默認 Root 密碼，此處也可以用密鑰對 key_name 代替，但需要提前創建password = "Test12345"# Kubernetes 集群內所有 Pod 使用的子網網段，不能與 service_cidr 和 ECS 所在網段沖突# 默認創建的 VPC 是 192.168.0.0/16 這個網段內的，所以 pod_cidr 和 service_cidr 可以使用 172 網段# 請參考 VPC下 Kubernetes 的網絡地址段規劃pod_cidr = "172.20.0.0/16"service_cidr = "172.21.0.0/20"# 安裝云監控插件install_cloud_monitor = true }

我們可以將以上的配置保存為一個 main.tf 描述文件，在該文件的當前目錄下執行 terraform init 和 terraform apply。

xh4n3@xh4n3:~/ops/terraform-example% terraform init --get-plugins=true -upgradeInitializing provider plugins... - Checking for available provider plugins on https://releases.hashicorp.com... - Downloading plugin for provider "alicloud" (1.26.0)...Terraform has been successfully initialized!You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work.xh4n3@xh4n3:~/ops/terraform-example% terraform applyAn execution plan has been generated and is shown below. Resource actions are indicated with the following symbols:+ createTerraform will perform the following actions:+ alicloud_cs_managed_kubernetes.k8sid: <computed>availability_zone: "cn-hangzhou-h"install_cloud_monitor: "true"name: "test-managed-kubernetes"name_prefix: "Terraform-Creation"new_nat_gateway: "true"password: <sensitive>pod_cidr: "172.20.0.0/16"security_group_id: <computed>service_cidr: "172.21.0.0/20"vpc_id: <computed>vswitch_ids.#: <computed>worker_disk_category: "cloud_efficiency"worker_disk_size: "40"worker_instance_charge_type: "PostPaid"worker_instance_types.#: "1"worker_instance_types.0: "ecs.c5.xlarge"worker_nodes.#: <computed>worker_numbers.#: "1"worker_numbers.0: "2"Plan: 1 to add, 0 to change, 0 to destroy.Do you want to perform these actions?Terraform will perform the actions described above.Only 'yes' will be accepted to approve.Enter a value:

從上述日志中可以看到，terraform init 會把我們用到的 Provider 插件下載好，terraform apply 會根據我們的 main.tf 描述文件計算出需要執行的操作，上述顯示將會創建一個 alicloud_cs_managed_kubernetes.k8s 的資源，需要我們輸入 yes 來確認創建。確認創建后，創建大約會耗時五分鐘，terraform 會輸出類似下面的日志。

# 以上省略 Do you want to perform these actions?Terraform will perform the actions described above.Only 'yes' will be accepted to approve.Enter a value: yesalicloud_cs_managed_kubernetes.k8s: Creating...availability_zone: "" => "cn-hangzhou-h"install_cloud_monitor: "" => "true"name: "" => "test-managed-kubernetes"name_prefix: "" => "Terraform-Creation"new_nat_gateway: "" => "true"password: "<sensitive>" => "<sensitive>"pod_cidr: "" => "172.20.0.0/16"security_group_id: "" => "<computed>"service_cidr: "" => "172.21.0.0/20"vpc_id: "" => "<computed>"vswitch_ids.#: "" => "<computed>"worker_disk_category: "" => "cloud_efficiency"worker_disk_size: "" => "40"worker_instance_charge_type: "" => "PostPaid"worker_instance_types.#: "" => "1"worker_instance_types.0: "" => "ecs.c5.xlarge"worker_nodes.#: "" => "<computed>"worker_numbers.#: "" => "1"worker_numbers.0: "" => "2" alicloud_cs_managed_kubernetes.k8s: Still creating... (10s elapsed) alicloud_cs_managed_kubernetes.k8s: Still creating... (20s elapsed) alicloud_cs_managed_kubernetes.k8s: Still creating... (30s elapsed) # 以上省略 alicloud_cs_managed_kubernetes.k8s: Creation complete after 6m5s (ID: cc54df7d990a24ed18c1e0ebacd36418c)Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

當出現 Apply complete! Resources: 1 added 字樣的時候，集群已經成功創建，此時我們也可以登錄控制臺后在控集群列表中看到集群。

修改托管版 Kubernetes 集群

在 Terraform Provider 中，我們提供了一部分參數的修改能力，一般情況下，所有非 Force New Resouce（強制新建資源）的參數都可以被修改。下面我們修改部分參數，注釋內容為更新的項目。

provider "alicloud" {access_key = "FOO"secret_key = "BAR"region = "cn-hangzhou"version = "v1.26.0" }resource "alicloud_cs_managed_kubernetes" "k8s" {# 更換集群的名稱為 test-managed-kubernetes-updatedname = "test-managed-kubernetes-updated"availability_zone = "cn-hangzhou-h"worker_instance_types = ["ecs.c5.xlarge"]# 修改 worker_numbers 為 3，可以擴容一個 worker 節點worker_numbers = [3]worker_disk_category = "cloud_efficiency"new_nat_gateway = truepassword = "Test12345"pod_cidr = "172.20.0.0/16"service_cidr = "172.21.0.0/20"install_cloud_monitor = true# 導出集群的連接配置文件到 /tmp 目錄kube_config = "/tmp/config"# 導出集群的證書相關文件到 /tmp 目錄，下同client_cert = "/tmp/client-cert.pem"client_key = "/tmp/client-key.pem"cluster_ca_cert = "/tmp/cluster-ca-cert.pem" }

同創建集群一樣，修改集群時使用的命令也是 terraform apply。執行后我們得到以下日志輸出，輸入 yes 并回車，我們就可以把該集群的名稱改為 test-managed-kubernetes-updated，worker 節點擴容至 3 節點，同時將導出證書和連接文件到本機的 /tmp 目錄。

xh4n3@xh4n3:~/ops/terraform-example% terraform apply alicloud_cs_managed_kubernetes.k8s: Refreshing state... (ID: cc54df7d990a24ed18c1e0ebacd36418c)An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols:~ update in-placeTerraform will perform the following actions:~ alicloud_cs_managed_kubernetes.k8sclient_cert: "" => "/tmp/client-cert.pem"client_key: "" => "/tmp/client-key.pem"cluster_ca_cert: "" => "/tmp/cluster-ca-cert.pem"kube_config: "" => "/tmp/config"name: "test-managed-kubernetes" => "test-managed-kubernetes-updated"worker_numbers.0: "2" => "3"Plan: 0 to add, 1 to change, 0 to destroy.Do you want to perform these actions?Terraform will perform the actions described above.Only 'yes' will be accepted to approve.Enter a value: yesalicloud_cs_managed_kubernetes.k8s: Modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c)client_cert: "" => "/tmp/client-cert.pem"client_key: "" => "/tmp/client-key.pem"cluster_ca_cert: "" => "/tmp/cluster-ca-cert.pem"kube_config: "" => "/tmp/config"name: "test-managed-kubernetes" => "test-managed-kubernetes-updated"worker_numbers.0: "2" => "3" alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 10s elapsed) alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 20s elapsed) alicloud_cs_managed_kubernetes.k8s: Still modifying... (ID: cc54df7d990a24ed18c1e0ebacd36418c, 30s elapsed) # 以上省略 alicloud_cs_managed_kubernetes.k8s: Modifications complete after 4m4s (ID: cc54df7d990a24ed18c1e0ebacd36418c)Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Terraform apply 運行成功后，控制臺中顯示的集群信息已經表明現在集群已經變成了我們期望的狀態。在本機上，我們也通過導出的連接文件，用 kubectl 連接到集群。

?

附錄

控制臺創建托管版 Kubernetes 集群幫助文檔
https://help.aliyun.com/document_detail/95108.html
云生態下的基礎架構資源管理利器Terraform
https://yq.aliyun.com/articles/215592
阿里云 Terraform Provider 代碼庫
https://github.com/terraform-providers/terraform-provider-alicloud
阿里云 Terraform Provider 文檔
https://www.terraform.io/docs/providers/alicloud/index.html
阿里云 Terraform Provider 文檔 - 托管版 Kubernetes
https://www.terraform.io/docs/providers/alicloud/r/cs_managed_kubernetes.html
VPC下 Kubernetes 的網絡地址段規劃
https://help.aliyun.com/document_detail/86500.html
Terraform 部署容器服務Kubernetes集群及Wordpress應用
https://yq.aliyun.com/articles/641627

?

原文鏈接
本文為云棲社區原創內容，未經允許不得轉載。

總結

以上是生活随笔為你收集整理的使用Terraform创建托管版Kubernetes的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。