Use Terraform to associate a deployment set with a node pool - Container Service for Kubernetes

Deployment sets are used to manage the distribution of Elastic Compute Service (ECS) instances. ECS instances in a deployment set are distributed across multiple physical servers for high redundancy. This improves the availability of your applications and implements disaster recovery. A node pool that is associated with a deployment set contains ECS nodes that are distributed across multiple physical servers. You can configure pod affinity to deploy your application pods to different ECS nodes. This way, disaster recovery is implemented and the availability of your applications is improved. This topic describes how to use Terraform to associate a deployment set with a node pool.

Prerequisites

Terraform is installed.
Note
You must install Terraform v0.12.28 or later. You can run the terraform --version command to query the Terraform version.
- By default, Cloud Shell is preinstalled with Terraform and your account information is also specified. You do not need to modify the configurations.
- If you do not use Cloud Shell, you can directly install Terraform. For more information, see Install and configure Terraform in the local PC.
Create a cluster. For information about how to use Terraform to create a Container Service for Kubernetes (ACK) cluster, see Create an ACK managed cluster.
Auto Scaling is activated and the default role for Auto Scaling is assigned to your account before you enable auto scaling for nodes. For more information, see Activate Auto Scaling.
A deployment set is created. For more information, see Create a deployment set.
The ECS quota of the deployment set is sufficient and sufficient ECS instances of the specified instance types are available. By default, each deployment set can contain up to 20 ECS instances in each zone. For more information, see View and increase resource quotas.

Your account information is configured.

Run the following commands to create environment variables to store identity authentication information.

Linux environment

export ALICLOUD_ACCESS_KEY="************"   # Replace the value with the AccessKey ID of your Alibaba Cloud account. 
export ALICLOUD_SECRET_KEY="************"   # Replace the value with the AccessKey secret of your Alibaba Cloud account. 
export ALICLOUD_REGION="cn-beijing"         # Replace the value with the ID of the region in which your cluster resides.

Windows environment

set ALICLOUD_ACCESS_KEY="************"   # Replace the value with the AccessKey ID of your Alibaba Cloud account. 
set ALICLOUD_SECRET_KEY="************"   # Replace the value with the AccessKey secret of your Alibaba Cloud account. 
set ALICLOUD_REGION="cn-beijing"         # Replace the value with the ID of the region in which your cluster resides.

Note

To improve the flexibility and security of permission management, we recommend that you create a Resource Access Management (RAM) user named Terraform. Then, create an AccessKey pair for the RAM user and grant permissions to the RAM user. For more information, see Create a RAM user and Grant permissions to RAM users.

Background Information

To ensure the high availability of your application in a zone, you must deploy your application across multiple hosts. However, when a physical server is down, all application pods are affected. To resolve this issue, you can use deployment sets that are provided by ECS. The ECS instances that are contained in a deployment set are distributed across multiple physical servers and are isolated from each other. This helps prevent service disruptions that are caused by single points of failure. For more information about deployment sets, see Overview.

Limits

Cluster feature usage guidelines

Deployment sets are supported by ACK dedicated clusters and ACK managed clusters.
You can associate a deployment set with a node pool only when you create the node pool. Existing node pools cannot have deployment sets enabled. You can associate only one deployment set with each node pool and you cannot change the deployment sets that are associated with node pools.
You cannot manually add ECS instances to or remove ECS instances from deployment sets. If you want to change the number of ECS instances in a deployment set, you can scale the node pool with which the deployment set is associated. For more information, see Create a node pool.
After you associate a deployment set with a node pool, the node pool does not support preemptible instances.

Deployment set quotas and specifications limits

By default, node pool deployment sets are implemented based on a high-availability strategy. In a deployment set that adopts the high availability strategy, you can create up to 20 ECS instances per zone. You can use the following formula to calculate the maximum number of ECS instances that you can create in a deployment set within an Alibaba Cloud region: 20 × Number of zones within the region. For more information, see Overview.
You cannot increase the number of ECS instances in a deployment set. However, if you want to increase the maximum number of deployment sets that your Alibaba Cloud account can have, request a quota increase in the Quota Center console. For more information about the limits and quotas of deployment sets, see Deployment set limits.

Instance families that support different deployment strategies:

Specific instance families support only specific deployment strategies. The following table describes the instance families that support different deployment strategies.

Note

You can also call the DescribeDeploymentSetSupportedInstanceTypeFamily operation to query instance families that support a specific deployment strategy.

Deployment strategy

Instance families that support the deployment strategy

High availability strategy or high availability group strategy

g8a, g8i, g8y, g7se, g7a, g7, g7h, g7t, g7ne, g7nex, g6, g6e, g6a, g5, g5ne, sn2ne, sn2, and sn1
c8a, c8i, c8y, c7se, c7, c7t, c7nex, c7a, c6, c6a, c6e, c5, ic5, and sn1ne
r8a, r8i, r8y, r7, r7se, r7t, r7a, r6, r6e, r6a, re6, re6p, r5, re4, se1ne, and se1
hfc8i, hfg8i, hfr8i, hfc7, hfg7, hfr7, hfc6, hfg6, hfr6, hfc5, and hfg5
d3c, d2s, d2c, d1, d1ne, d1-c14d3, and d1-c8d3
i3g, i3, i2, i2g, i2ne, i2gne, and i1
ebmg5, ebmc7, ebmg7, ebmr7, sccgn6, scch5, scch5s, sccg5, and sccg5s
e, t6, xn4, mn4, n4, e4, n2, and n1
gn6i

Low latency strategy

g8a, g8i, g8ae, and g8y
c8a, c8i, c8ae, and c8y
r8a, r8i, r8ae, and r8y
ebmc7, ebmg7, and ebmr7

Insufficient instance resources within the region may result in a failure to create ECS instances or start pay-as-you-go instances that were stopped in economical mode in a deployment set. Wait for a while and then try to create or start the instances again.

Use Terraform to create a node pool and associate it with a deployment set

Use the following YAML template to create a node pool and associate a deployment set with the node pool.

provider "alicloud" {
}

resource "alicloud_cs_kubernetes_node_pool" "default" {
  name                          = "tf-deploymentset"
  cluster_id                    = "c51a1ae4fcd754d4f9bc3b1****"
  vswitch_ids                   = ["vsw-bp1kh6qfb83vt****","vsw-bp13d9ojhwiimya****","vsw-bp1eyw8wt9k1d1l****","vsw-bp1nftkf9sk3fz****"] #Specify vSwitches that are deployed in different zones. This way, nodes that are added by Auto Scaling are evenly distributed across multiple zones. 
  instance_types                = ["ecs.c6.xlarge","ecs.c5.2xlarge","ecs.g5.2xlarge","ecs.i2g.2xlarge"]  #Specify instance types. 
  system_disk_category          = "cloud_ssd"
  system_disk_size              = 120

  # Specify the ID of the deployment set. 
  deployment_set_id             = "ds-bp1e19mmbsv3jf64****"

  instance_charge_type          = "PostPaid"
  security_group_ids            = ["sg-bp1ewlqw7ajyaqaz****"]
  install_cloud_monitor         = true

  image_type                    = "AliyunLinux3"
  image_id                      = "aliyun_3_x64_20G_alibase_20240528.vhd"

  password                      = "Hello1234"

  desired_size                  = 3
}

Run the following command to create the node pool:

terraform apply

If the following information is returned, the node pool is associated with the deployment set.

alicloud_cs_kubernetes_node_pool.default: Refreshing state... [id=c51a1ae4fcd754d4f9bc3b1****:np651662dfc3e4440d9979360b24b1****]
alicloud_cs_managed_kubernetes.default: Refreshing state... [id=c51a1ae4fcd754d4f9bc3b1****]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ............
alicloud_cs_kubernetes_node_pool.default: Still creating... [50s elapsed]
alicloud_cs_kubernetes_node_pool.default: Still creating... [1m0s elapsed]
alicloud_cs_kubernetes_node_pool.default: Creation complete after 1m1s [id=c51a1ae4fcd754d4f9bc3b1****:np651662dfc3e4440d9979360b24b1****]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Results

After the node pool is created, you can use one of the following methods to verify the result.

You can find the node pool that you created on the Node Pools page in the ACK console. You can click Edit in the Actions column to view the associated deployment set.
You can find the deployment_set_id field below the node pool definition in the terraform.tfstate file.
```
"deployment_set_id": "ds-bp1e19mmbsv3jf64****"
```

References

Best practices for associating deployment sets with node pools