×
Community Blog Utilize Terraform to Install Alibaba Cloud Container for Kubernetes (ACK)

Utilize Terraform to Install Alibaba Cloud Container for Kubernetes (ACK)

This step-by-step tutorial introduces how to utilize Terraform to install Alibaba Cloud Container Service for Kubernetes (ACK).

By Muchlis Insani, Solutions Architect, Alibaba Cloud Indonesia, and Darlin Valentine, Channel Development Ecosystem, Alibaba Cloud Indonesia

Terraform which is a resource O&M tool that runs an open source DevOps architecture. Terraform enables you to securely and efficiently build and change various service resources on Alibaba Cloud.

Alibaba Cloud Container Service for Kubernetes (ACK) is a managed service that helps manage containers to ensure high performance. It is one of the first container services that pass the Certified Kubernetes Conformance Program in the world. You can use ACK to manage the lifecycle of enterprise-level Kubernetes containerized applications. This allows you to run Kubernetes containerized applications on the cloud in an efficient and simple manner.

Getting Started

If you don't have Alibaba Cloud account you can register first after that you can purchase ACK product. To execute Terraform CLI you can use your personal computer with Linux based OS. For Windows the differences only the installation part but for the commands are similar.

Step 1 – Install Terraform

First of all, you need to update the source list on your Linux and install Terraform through apt install.

wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform 

Step 2 – Create an AccessKey

Login to your Alibaba Cloud Account, hover your cursor on avatar, choose AccessKey Management.

1

Click Create AccessKey. After AccessKey has been created successfully, AccessKeyID and AccessKeySecret are displayed. AccessKeySecret is only displayed once. Click Download CSV File to save the AccessKeySecret.

2

Step 3 – Create Resources

Create a folder which will contain the configuration of a service that you want to create and get inside the folder. If you want to have multiple services you can create a folder which contains multiple folders inside.

mkdir tf-service-name && cd tf-service-name

Create a file which will contain Terraform provider file configuration.

vi provider.tf

Inside the file editor, you can use this template and replace YOUR—ACCESS-KEY and YOUR-ACCESS-SECRET text with the previous AccessKey ID and AccessKey Secret values. Make sure the provider name is alicloud.

provider "alicloud" {
  access_key = "YOUR—ACCESS-KEY"
  secret_key = "YOUR-ACCESS-SECRET"
  region     = "us-west-1"
}

Create a file which will contain VPC file configuration.

vi vpc.tf

You can define the configuration like VPC, CIDR Block, VSwitches, Zones, etc. For more details what are the configuration supported and examples you can see in this github repository link or you can follow this configuration sample.

variable "vpc_id" {
  default = ""
}

variable "vpc_cidr" {
  default = "192.168.0.0/16"
}

variable "vswitch_ids" {
  default = []
}

variable "vswitch_cidrs" {
  default = ["192.168.1.0/24", "192.168.2.0/24"]
}

variable "zone_id" {
  default = ["us-west-1a", "us-west-1b"]
}

# If there is not specifying vpc_id, the module will launch a new vpc
resource "alicloud_vpc" "vpc" {
  vpc_name   = "sample_vpc"
  count      = var.vpc_id == "" ? 1 : 0
  cidr_block = var.vpc_cidr
}

# According to the vswitch cidr blocks to launch several vswitches
resource "alicloud_vswitch" "vswitches" {
  count             = length(var.vswitch_ids) > 0 ? 0 : length(var.vswitch_cidrs)
  vpc_id            = var.vpc_id == "" ? join("", alicloud_vpc.vpc.*.id) : var.vpc_id
  cidr_block        = element(var.vswitch_cidrs, count.index)
  zone_id           = element(var.zone_id, count.index)
}

Create a file which will contain Alibaba Cloud Container for Kubernetes (ACK) file configuration.

vi ack.tf

You can define the configuration like Kubernetes number, Service CIDR, Pod CIDR, Instance type, Node Pool configuration etc. For more details what are the configuration supported and examples you can see in this github repository link or you can follow this configuration sample.

variable "k8s_number" {
  default = "1"
}

variable "node_cidr_mask" {
  default = "24"
}

variable "proxy_mode" {
  default = "ipvs"
}

variable "service_cidr" {
  default = "172.16.0.0/16"
}

variable "pod_cidr" {
  default = "10.67.0.0/16"
}

variable "cluster_addons" {
  description = "Addon components in kubernetes cluster"

  type = list(object({
    name      = string
    config    = string
  }))

  default = [
    {
      "name"     = "flannel",
      "config"   = "",
    }
  ]
}

data "alicloud_zones" default {
    available_resource_creation = "VSwitch"
  }

data "alicloud_instance_types" "default" {
    availability_zone    = data.alicloud_zones.default.zones.0.id
    cpu_core_count       = 4
    memory_size          = 8
    kubernetes_node_role = "Worker"
}

variable "name" {
    default = "tf-test"
}

resource "alicloud_key_pair" "default" {
    key_pair_name = var.name
}

resource "alicloud_cs_managed_kubernetes" "k8s" {
  count              = var.k8s_number
  name_prefix        = "TestTF-"
  # version can not be defined in variables.tf.
  version            = "1.24.6-aliyun.1"
  worker_vswitch_ids = length(var.vswitch_ids) > 0 ? split(",", join(",", var.vswitch_ids)): length(var.vswitch_cidrs) < 1 ? [] : split(",", join(",", alicloud_vswitch.vswitches.*.id))
  new_nat_gateway    = true
  node_cidr_mask     = var.node_cidr_mask
  proxy_mode         = var.proxy_mode
  service_cidr       = var.service_cidr
  pod_cidr           = var.pod_cidr

  dynamic "addons" {
      for_each = var.cluster_addons
      content {
        name   = lookup(addons.value, "name", var.cluster_addons)
        config = lookup(addons.value, "config", var.cluster_addons)
      }
  }

}

resource "alicloud_cs_kubernetes_node_pool" "default1" {
  name           = "default_pool1"
  cluster_id     = alicloud_cs_managed_kubernetes.k8s.0.id
  vswitch_ids    = [alicloud_vswitch.vswitches.0.id]
  instance_types = [data.alicloud_instance_types.default.instance_types.0.id]

  system_disk_category = "cloud_efficiency"
  system_disk_size     = 40
  # key_name             = alicloud_key_pair.default.key_name

  # you need to specify the number of nodes in the node pool, which can be 0
  desired_size = 1
}

resource "alicloud_cs_kubernetes_node_pool" "default2" {
    name           = "default_pool2"
    cluster_id     = alicloud_cs_managed_kubernetes.k8s.0.id
    vswitch_ids    = [alicloud_vswitch.vswitches.1.id]
    instance_types = [data.alicloud_instance_types.default.instance_types.0.id]

    system_disk_category = "cloud_efficiency"
    system_disk_size     = 40
    # key_name             = alicloud_key_pair.default.key_name

    # you need to specify the number of nodes in the node pool, which can be 0
    desired_size = 2
  }

output "cluster_id" {
  value = alicloud_cs_managed_kubernetes.k8s[0].id
}

Enter this command to prepare your working directory for other commands

terraform init

3

Enter the following command to generate a plan based on the configuration file just created, listing the resources to be created.

terraform plan

4

Enter the following command to create resources according to the plan.

terraform apply

5

It is estimated that it will take about 15 minutes to create the resource. Please wait patiently. Sometimes during the resource creation process, the creation may be interrupted due to network timeout, but it does not matter. You can execute the terraform apply command again to continue creating the resource.

6

After the creation is complete the cluster_id information will be shown.

7

Step 4 – Access the Service

Go back to the Alibaba Cloud Container Service console.

8

We can see that a Kubernetes cluster has been created

9

Check the node information, from the intranet address of the node, it can be seen that the node belongs to different switches and is in different available zones. It is the same as ours in the terraform configuration.

10

Step 5 – Release Resources

Return to the command line of your personal laptop and run the following command to automatically release all the resources that you just created:

terraform destroy

11

Enter Yes to confirm.

The release process may take 5 minutes. Sometimes an error may be reported during the resource release process due to network failures, but it does not matter, just execute the terraform destroy command again to continue the release.

12

The following image shows the message after the resources are successfully released.

13

14

Overall, the ACK Cloud Fighter event provided a valuable platform for cloud professionals to deepen their understanding of acknowledgment mechanisms and exchange insights on maximizing the efficiency and reliability of cloud computing systems. Through our monthly cloud fighters, partners are able to increase their skills and experience Alibaba Cloud ACK with our hands-on-lab.

0 1 0
Share on

Alibaba Cloud Indonesia

100 posts | 17 followers

You may also like

Comments

Alibaba Cloud Indonesia

100 posts | 17 followers

Related Products