By Muchlis Insani, Solutions Architect, Alibaba Cloud Indonesia, and Darlin Valentine, Channel Development Ecosystem, Alibaba Cloud Indonesia
Terraform which is a resource O&M tool that runs an open source DevOps architecture. Terraform enables you to securely and efficiently build and change various service resources on Alibaba Cloud.
Alibaba Cloud Container Service for Kubernetes (ACK) is a managed service that helps manage containers to ensure high performance. It is one of the first container services that pass the Certified Kubernetes Conformance Program in the world. You can use ACK to manage the lifecycle of enterprise-level Kubernetes containerized applications. This allows you to run Kubernetes containerized applications on the cloud in an efficient and simple manner.
If you don't have Alibaba Cloud account you can register first after that you can purchase ACK product. To execute Terraform CLI you can use your personal computer with Linux based OS. For Windows the differences only the installation part but for the commands are similar.
First of all, you need to update the source list on your Linux and install Terraform through apt install.
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform
Login to your Alibaba Cloud Account, hover your cursor on avatar, choose AccessKey Management.
Click Create AccessKey. After AccessKey has been created successfully, AccessKeyID and AccessKeySecret are displayed. AccessKeySecret is only displayed once. Click Download CSV File to save the AccessKeySecret.
Create a folder which will contain the configuration of a service that you want to create and get inside the folder. If you want to have multiple services you can create a folder which contains multiple folders inside.
mkdir tf-service-name && cd tf-service-name
Create a file which will contain Terraform provider file configuration.
vi provider.tf
Inside the file editor, you can use this template and replace YOUR—ACCESS-KEY and YOUR-ACCESS-SECRET text with the previous AccessKey ID and AccessKey Secret values. Make sure the provider name is alicloud.
provider "alicloud" {
access_key = "YOUR—ACCESS-KEY"
secret_key = "YOUR-ACCESS-SECRET"
region = "us-west-1"
}
Create a file which will contain VPC file configuration.
vi vpc.tf
You can define the configuration like VPC, CIDR Block, VSwitches, Zones, etc. For more details what are the configuration supported and examples you can see in this github repository link or you can follow this configuration sample.
variable "vpc_id" {
default = ""
}
variable "vpc_cidr" {
default = "192.168.0.0/16"
}
variable "vswitch_ids" {
default = []
}
variable "vswitch_cidrs" {
default = ["192.168.1.0/24", "192.168.2.0/24"]
}
variable "zone_id" {
default = ["us-west-1a", "us-west-1b"]
}
# If there is not specifying vpc_id, the module will launch a new vpc
resource "alicloud_vpc" "vpc" {
vpc_name = "sample_vpc"
count = var.vpc_id == "" ? 1 : 0
cidr_block = var.vpc_cidr
}
# According to the vswitch cidr blocks to launch several vswitches
resource "alicloud_vswitch" "vswitches" {
count = length(var.vswitch_ids) > 0 ? 0 : length(var.vswitch_cidrs)
vpc_id = var.vpc_id == "" ? join("", alicloud_vpc.vpc.*.id) : var.vpc_id
cidr_block = element(var.vswitch_cidrs, count.index)
zone_id = element(var.zone_id, count.index)
}
Create a file which will contain Alibaba Cloud Container for Kubernetes (ACK) file configuration.
vi ack.tf
You can define the configuration like Kubernetes number, Service CIDR, Pod CIDR, Instance type, Node Pool configuration etc. For more details what are the configuration supported and examples you can see in this github repository link or you can follow this configuration sample.
variable "k8s_number" {
default = "1"
}
variable "node_cidr_mask" {
default = "24"
}
variable "proxy_mode" {
default = "ipvs"
}
variable "service_cidr" {
default = "172.16.0.0/16"
}
variable "pod_cidr" {
default = "10.67.0.0/16"
}
variable "cluster_addons" {
description = "Addon components in kubernetes cluster"
type = list(object({
name = string
config = string
}))
default = [
{
"name" = "flannel",
"config" = "",
}
]
}
data "alicloud_zones" default {
available_resource_creation = "VSwitch"
}
data "alicloud_instance_types" "default" {
availability_zone = data.alicloud_zones.default.zones.0.id
cpu_core_count = 4
memory_size = 8
kubernetes_node_role = "Worker"
}
variable "name" {
default = "tf-test"
}
resource "alicloud_key_pair" "default" {
key_pair_name = var.name
}
resource "alicloud_cs_managed_kubernetes" "k8s" {
count = var.k8s_number
name_prefix = "TestTF-"
# version can not be defined in variables.tf.
version = "1.24.6-aliyun.1"
worker_vswitch_ids = length(var.vswitch_ids) > 0 ? split(",", join(",", var.vswitch_ids)): length(var.vswitch_cidrs) < 1 ? [] : split(",", join(",", alicloud_vswitch.vswitches.*.id))
new_nat_gateway = true
node_cidr_mask = var.node_cidr_mask
proxy_mode = var.proxy_mode
service_cidr = var.service_cidr
pod_cidr = var.pod_cidr
dynamic "addons" {
for_each = var.cluster_addons
content {
name = lookup(addons.value, "name", var.cluster_addons)
config = lookup(addons.value, "config", var.cluster_addons)
}
}
}
resource "alicloud_cs_kubernetes_node_pool" "default1" {
name = "default_pool1"
cluster_id = alicloud_cs_managed_kubernetes.k8s.0.id
vswitch_ids = [alicloud_vswitch.vswitches.0.id]
instance_types = [data.alicloud_instance_types.default.instance_types.0.id]
system_disk_category = "cloud_efficiency"
system_disk_size = 40
# key_name = alicloud_key_pair.default.key_name
# you need to specify the number of nodes in the node pool, which can be 0
desired_size = 1
}
resource "alicloud_cs_kubernetes_node_pool" "default2" {
name = "default_pool2"
cluster_id = alicloud_cs_managed_kubernetes.k8s.0.id
vswitch_ids = [alicloud_vswitch.vswitches.1.id]
instance_types = [data.alicloud_instance_types.default.instance_types.0.id]
system_disk_category = "cloud_efficiency"
system_disk_size = 40
# key_name = alicloud_key_pair.default.key_name
# you need to specify the number of nodes in the node pool, which can be 0
desired_size = 2
}
output "cluster_id" {
value = alicloud_cs_managed_kubernetes.k8s[0].id
}
Enter this command to prepare your working directory for other commands
terraform init
Enter the following command to generate a plan based on the configuration file just created, listing the resources to be created.
terraform plan
Enter the following command to create resources according to the plan.
terraform apply
It is estimated that it will take about 15 minutes to create the resource. Please wait patiently. Sometimes during the resource creation process, the creation may be interrupted due to network timeout, but it does not matter. You can execute the terraform apply
command again to continue creating the resource.
After the creation is complete the cluster_id
information will be shown.
Go back to the Alibaba Cloud Container Service console.
We can see that a Kubernetes cluster has been created
Check the node information, from the intranet address of the node, it can be seen that the node belongs to different switches and is in different available zones. It is the same as ours in the terraform configuration.
Return to the command line of your personal laptop and run the following command to automatically release all the resources that you just created:
terraform destroy
Enter Yes to confirm.
The release process may take 5 minutes. Sometimes an error may be reported during the resource release process due to network failures, but it does not matter, just execute the terraform destroy command again to continue the release.
The following image shows the message after the resources are successfully released.
Overall, the ACK Cloud Fighter event provided a valuable platform for cloud professionals to deepen their understanding of acknowledgment mechanisms and exchange insights on maximizing the efficiency and reliability of cloud computing systems. Through our monthly cloud fighters, partners are able to increase their skills and experience Alibaba Cloud ACK with our hands-on-lab.
Optimize Global Application Performance with Intelligent DNS and GTM Integration
100 posts | 17 followers
FollowAlibaba Clouder - February 22, 2019
Alibaba Clouder - July 2, 2020
Alibaba Clouder - January 13, 2021
Alibaba Clouder - September 10, 2020
Alibaba Clouder - September 1, 2020
Alibaba Cloud Community - July 18, 2022
100 posts | 17 followers
FollowProvides a control plane to allow users to manage Kubernetes clusters that run based on different infrastructure resources
Learn MoreAlibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.
Learn MoreAccelerate and secure the development, deployment, and management of containerized applications cost-effectively.
Learn MoreAccelerate software development and delivery by integrating DevOps with the cloud
Learn MoreMore Posts by Alibaba Cloud Indonesia