Background: Terraform experienced the basic operation of Tencent Cloud’S CVM. The normal process is to experience the integration of other basic components such as database redis and other basic components, as well as the import of existing resources. Reasonable configuration of configuration files and so on…. Take a look at the Kubernetes experience at…… After all, my main working environment is Kubernetes! There is also a tke. Can you also experience the integration of TKE? Now try kubernetes in its native form.

Terraform and Kubernetes experience

A quick guide to Documentation

I glanced at the official documentsRegistry. Terraform. IO/will/h…. At first glance I found my focus:Guides(Guide, which should include how to connect to the Kubernetes cluster),Several commonly used apis: apps/v1.core/v1.networking/v1,rbac/v1!

2. Terraform connects to kubernetes cluster and simple operation

1. Terraform connection kubernetes cluster initialization is related

1. Specify required_providers

Take a look at the Guides:Registry. Terraform. IO/will/h…The first is specifying the plug-in version (as of now: the latest document is 2.9.0, but version 2.10.0 was downloaded without the added version number)

2. Terraform connects to the Kubernetes cluster in two ways

With reference to the official document: registry. Terraform. IO/will/h… , take a look at two ways to connect terraform Kubernetes:

  1. kubeconfig path
  2. Host and TLS certificates

It’s up to you. I chose the first connection!

Initialize the TerraForm and create a namespace

1. Create a working directory

[root@k8s-master-01 ~]# mkdir terraform-k8s
[root@k8s-master-01 ~]# cd terraform-k8s/
Copy the code

2. Create the provider. Tf

[root@k8s-master-01 terraform-k8s]# cat provider.tf

Terraform {required_providers {kubernetes = {source = "hashicorp/kubernetes" version = ">= 2.10.0"}} provider "kubernetes" { config_path = "~/.kube/config" config_context = "kubernetes-admin@kubernetes" } resource "kubernetes_namespace" "zhangpeng" { metadata { name = "zhangpeng" } }Copy the code

3. terraform init

root@k8s-master-01 terraform-k8s]# terraform init

Copy the code

Note: the official documentation appears to be currently 2.9.0, but I didn’t update it to show 2.10.0 so I wrote 2.10.0 instead

4. terraform plan and terraform apply

[root@k8s-master-01 terraform-k8s]# terraform plan

Copy the code

5. Verify the creation of the namespace

[root@k8s-master-01 terraform-k8s]# kubectl get ns

Copy the code

2. Terraform creates a deployments? And bind an ingress and print out information about it?

I took a look at the official document and got a little sadRegistry. Terraform. IO/will/h…. Deployment has two related documents, Deployment and deployment_v1. I can only see the difference under resource. Is it all V1 in Deployment now? Let’s use a v1 configuration file.

Create a Deployment application for nginx

Refer to official documentation. Only namespace qualifiers added! cat nginx.tf

resource "kubernetes_deployment_v1" "example" { metadata { name = "terraform-example" namespace = "zhangpeng" labels = {  test = "MyExampleApp" } } spec { replicas = 3 selector { match_labels = { test = "MyExampleApp" } } template { metadata Labels = {test = "MyExampleApp"}} spec {container {image = "nginx:1.21.6" name = "example" resources {limits = {CPU = "0.5" memory = "512Mi"} requests = {CPU = "250m" memory = "50Mi"}} liveness_probe {http_get {path = "/" port = 80 http_header { name = "X-Custom-Header" value = "Awesome" } } initial_delay_seconds = 3 period_seconds = 3 } } }}}}Copy the code
[root@k8s-master-01 terraform-k8s]# terraform plan
Copy the code

[root@k8s-master-01 terraform-k8s]# terraform apply
Copy the code

Enter a value Enter yes!

[root@k8s-master-01 terraform-k8s]# kubectl get pods -n zhangpeng
Copy the code

View livenessProbe initialDelaySeconds periodSeconds Settings!

[root@k8s-master-01 terraform-k8s]# kubectl get all -n zhangpeng
NAME                                     READY   STATUS    RESTARTS   AGE
pod/terraform-example-78ff4f86d7-bxfwj   1/1     Running   0          6m26s
pod/terraform-example-78ff4f86d7-vb2p7   1/1     Running   0          6m26s
pod/terraform-example-78ff4f86d7-vqm6b   1/1     Running   0          6m26s

NAME                                READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/terraform-example   3/3     3            3           6m26s

NAME                                           DESIRED   CURRENT   READY   AGE
replicaset.apps/terraform-example-78ff4f86d7   3         3         3       6m26s

Copy the code

2. Bind the Sevice configuration to Deployment

Service documentation is in core/v1, right? Check it out. The search bar is still useful cat service.tf

resource "kubernetes_service" "terraform-example-service" {
  metadata {
    name      = "terraform-example-service"
    namespace = kubernetes_namespace.zhangpeng.metadata.0.name
  }
  spec {
    selector = {
      test = kubernetes_deployment_v1.example.spec.0.template.0.metadata.0.labels.test
    }
    session_affinity = "ClientIP"
    port {
      port        = 80
      target_port = 80
    }
   type = "ClusterIP"
  }
}
Copy the code

Note: Tag matching: selector tag, whether the version of namespace Deployment has V1. Session_affinity and type are the base of Kubernetes. The three modes of type are set according to your environment requirements. terraform plan and terraform apply

[root@k8s-master-01 terraform-k8s]# terraform plan
[root@k8s-master-01 terraform-k8s]# terraform apply

Copy the code

[root@k8s-master-01 terraform-k8s]# kubectl get svc -n zhangpeng NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE Terraform-example -service ClusterIP 172.19.253.9 <none> 80/TCP 30sCopy the code

3. Bind the Ingress to a ClusterIP address

Corresponding official document:Registry. Terraform. IO/will/h… I kuberntes environment v1.21.3.ingress using traefik proxy method can be usedNetworking/v1 ingressThere are traefikingressroute There aregateway api? I don’t want to read about Traefik. Ingress Networking /v1: ingress Networking /v1: ingress networking/v1: ingress networking/v1cat ingress.tf

resource "kubernetes_ingress_v1" "nginx_ingress_test" { metadata { name = "nginx-ingress-test" namespace = kubernetes_namespace.zhangpeng.metadata.0.name annotations = { "kubernetes.io/ingress.class" = "traefik" "traefik.ingress.kubernetes.io/router.entrypoints" = "web" } } spec { rule { host = "nginx-ingress-test.xxxx.com" http {  path { path = "/" backend { service { name = "terraform-example-service" port { number = 80 } } } } } } } }Copy the code

Note: this is intended to set pathType, but setting it will cause an error. I want to see what the default is! terraform plan and terraform apply

[root@k8s-master-01 terraform-k8s]# terraform plan
[root@k8s-master-01 terraform-k8s]# terraform apply

Copy the code

pathType: ImplementationSpecific!Take a look at this sometime ImplementationSpecific

Web access test:

About my Ingress Traefik clear reference:Kubernetes 1.20.5 Traefik installation in Tencent cloud practiceStorage here is not suitable to do. Rbac doesn’t want too many demos either!

3. Take a look at the documentation of TKE in Tencent Cloud

Look at theTke related documentsYou don’t want to see anything too deep, like CBS Quick storage CLB integration?See ali cloud is similar to everyone is similar

To summarize

  1. Terraform does a lot of things that many of today’s major platforms can do
  2. Terraform is often not optimal, not the best of everything. Managing Kubernetes is not as easy as other tools like Spinnaker anyway
  3. Just want to experience the kubernetes integration ahead of time. Terraform is still managing my infrastructure. Kubernetes is still not managing me using Terraform