This topic describes how to use Terraform to add associated clusters to a Fleet instance.
Prerequisites
An AccessKey pair is created for the Resource Access Management (RAM) user you log on as.
NoteBy default, an Alibaba Cloud account has full permissions on all resources that belong to this account. We recommend using a RAM account, as it provides limited resource permissions, minimizing potential security risks in case your credentials are compromised.
The following policy is attached to the RAM user that you use to run commands in Terraform. The policy includes the minimum permissions required to run commands in Terraform. For more information, see Grant permissions to a RAM user.
This policy grants RAM users permissions to create, list, and delete RAM roles, and to modify policies associated with these roles.
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "ram:GetRole", "ram:ListRoles", "ram:AttachPolicyToRole", "ram:ListPoliciesForRole", "ram:CreateRole", "ram:DetachPolicyFromRole", "ram:DeleteRole" ], "Resource": "*" } ] }The Terraform environment is available. You can use Terraform in the following ways:
Use Terraform in Terraform Explorer: Alibaba Cloud provides an online runtime environment for Terraform. You can log on to the environment and use Terraform without needing to install it. Suitable for scenarios where you need to use and debug Terraform in a low-cost, efficient, and convenient manner.
Use Terraform in Cloud Shell: Cloud Shell is preinstalled with Terraform and configured with your identity credentials. You can run Terraform commands in Cloud Shell. Suitable for scenarios where you need to use and access Terraform in a low-cost, efficient, and convenient manner.
Install and configure Terraform on your on-premises machine: Suitable for scenarios where network connections are unstable or a custom development environment is needed.
An ACK cluster must exist under the current account to create a Fleet instance.
Used resources
alicloud_zones: queries available zones.
alicloud_instance_types: queries Elastic Compute Service (ECS) instance types that meet specified conditions.
alicloud_vpc: creates virtual private clouds (VPCs).
alicloud_vswitch: creates vSwitches to divide a VPC into one or more subnets.
alicloud_cs_managed_kubernetes: creates Container Service for Kubernetes (ACK) managed clusters.
alicloud_cs_kubernetes_node_pool: creates node pools for an ACK managed cluster.
alicloud_ack_one_cluster: creates Distributed Cloud Container Platform for Kubernetes (ACK One) Fleet instances.
alicloud_ack_one_membership_attachment: associates ACK managed clusters to a Fleet instance.
Associate an ACK managed cluster with an ACK One Fleet instance using Terraform
This example creates an ACK managed cluster and an ACK One Fleet instance, then associates the ACK managed cluster with the ACK One Fleet instance.
Create a working directory and add a configuration file named
main.tfin it. Then, copy the following code intomain.tf:provider "alicloud" { region = "cn-hangzhou" } # Specify an available zone. variable "name" { default = "terraform-example" } variable "key_name" { default = "%s" } data "alicloud_enhanced_nat_available_zones" "enhanced" { } # Query ECS instance types that meet specified conditions. data "alicloud_instance_types" "cloud_efficiency" { availability_zone = data.alicloud_enhanced_nat_available_zones.enhanced.zones.0.zone_id cpu_core_count = 4 memory_size = 8 kubernetes_node_role = "Worker" system_disk_category = "cloud_efficiency" } # Create a VPC. resource "alicloud_vpc" "default" { cidr_block = "10.4.0.0/16" } # Create a vSwitch. resource "alicloud_vswitch" "default" { cidr_block = "10.4.0.0/24" vpc_id = alicloud_vpc.default.id zone_id = data.alicloud_enhanced_nat_available_zones.enhanced.zones.0.zone_id } # Create an ACK managed cluster. resource "alicloud_cs_managed_kubernetes" "default" { cluster_spec = "ack.pro.small" vswitch_ids = [alicloud_vswitch.default.id] new_nat_gateway = true pod_cidr = cidrsubnet("10.0.0.0/8", 8, 36) service_cidr = cidrsubnet("172.16.0.0/16", 4, 7) slb_internet_enabled = true is_enterprise_security_group = true } resource "alicloud_key_pair" "default" { key_pair_name = var.key_name } # Create a node pool for the ACK managed cluster. resource "alicloud_cs_kubernetes_node_pool" "default" { node_pool_name = var.name cluster_id = alicloud_cs_managed_kubernetes.default.id vswitch_ids = [alicloud_vswitch.default.id] instance_types = [data.alicloud_instance_types.cloud_efficiency.instance_types.0.id] system_disk_category = "cloud_efficiency" system_disk_size = 40 key_name = alicloud_key_pair.default.key_pair_name desired_size = 1 } # Create an ACK One Fleet instance. resource "alicloud_ack_one_cluster" "default" { depends_on = [alicloud_cs_managed_kubernetes.default] network { vpc_id = alicloud_vpc.default.id vswitches = [alicloud_vswitch.default.id] } argocd_enabled = false } # Associate the ACK managed cluster with the Fleet instance. resource "alicloud_ack_one_membership_attachment" "default" { cluster_id = alicloud_ack_one_cluster.default.id sub_cluster_id = alicloud_cs_managed_kubernetes.default.id }Run the following command to initialize the runtime environment for Terraform:
terraform initRun the following command to create and preview an execution plan:
terraform planRun the following command to create the resources:
terraform applyDuring the execution, enter
yesas prompted and press Enter. Wait for the command to complete. If the following message appears, the creation is successful.Apply complete! Resources: 7 added, 0 changed, 0 destroyed.Run the following command to verify the result. You can also log on to the ACK One console to view the created Fleet information.
terraform show
Clear resources
If you no longer need the resources created by Terraform, run the following command to release them.
The argocd_enabled parameter in the Fleet instance must be set to false before releasing resources.
terraform destroy