我最新最全的文章都在 南瓜慢说 www.pkslow.com ，欢送大家来喝茶！

1 简介

最近工作中用到了Terraform，权当学习记录一下，心愿能帮忙到其它人。

Terraform系列文章如下：

Terraform入门教程，示例展现治理Docker和Kubernetes资源

Terraform插件Provider治理，搜寻、定义、下载

Terraform状态State治理，让变更有记录

Terraform模块Module治理，聚合资源的抽取与复用

Terraform常用命令

Terraform是一个可疾速部署、方便管理IT基础架构配置的工具，它的理念是Infrastructure as Code，所有资源都是代码。如虚拟机、网络、DNS等，这些都通过代码来治理部署，而不是人工手动的去创立、删除等。它能大大减少人为操作的危险，能疾速部署多套环境，适应多种硬件资源，特地适宜云环境：AWS、GCP、Azure、阿里云等。

它通过丰盛的Providers来治理多种类型的资源，就像是插件一样，如GCP、Docker、Kubernetes等。

本文将通过演示解说如何部署Docker/Kubernetes资源。

2 装置

到官网下载界面对应的二进制文件，我通过命令操作，我抉择的是Mac的版本：

# 创立目录$ mkdir terraform$ cd terraform/# 下载安装包$ wget https://releases.hashicorp.com/terraform/0.15.4/terraform_0.15.4_darwin_amd64.zip# 解压$ unzip terraform_0.15.4_darwin_amd64.zip# 查看版本，显示装置胜利$ ./terraform --versionTerraform v0.15.4on darwin_amd64

胜利显示了版本，咱们把它增加到环境变量中去即可。

3 部署Docker资源

创立个目录：

$ mkdir terraform-docker-demo && cd $_

创立一个main.tf文件，写入以下内容：

terraform {  required_providers {    docker = {      source = "kreuzwerker/docker"    }  }}provider "docker" {}resource "docker_image" "nginx" {  name         = "nginx:latest"  keep_locally = false}resource "docker_container" "nginx" {  image = docker_image.nginx.latest  name  = "tutorial"  ports {    internal = 80    external = 8000  }}

依据main.tf初始化我的项目：

$ terraform initInitializing the backend...Initializing provider plugins...- Finding latest version of kreuzwerker/docker...- Installing kreuzwerker/docker v2.12.2...- Installed kreuzwerker/docker v2.12.2 (self-signed, key ID 24E54F214569A8A5)Partner and community providers are signed by their developers.If you'd like to know more about provider signing, you can read about it here:https://www.terraform.io/docs/cli/plugins/signing.htmlTerraform has created a lock file .terraform.lock.hcl to record the providerselections it made above. Include this file in your version control repositoryso that Terraform can guarantee to make the same selections by default whenyou run "terraform init" in the future.Terraform has been successfully initialized!You may now begin working with Terraform. Try running "terraform plan" to seeany changes that are required for your infrastructure. All Terraform commandsshould now work.If you ever set or change modules or backend configuration for Terraform,rerun this command to reinitialize your working directory. If you forget, othercommands will detect it and remind you to do so if necessary.

咱们先执行plan来看看它将会有什么变更：

$ terraform planTerraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:  + createTerraform will perform the following actions:  # docker_container.nginx will be created  + resource "docker_container" "nginx" {      + attach           = false      + bridge           = (known after apply)      + command          = (known after apply)      + container_logs   = (known after apply)      + entrypoint       = (known after apply)      + env              = (known after apply)      + exit_code        = (known after apply)      + gateway          = (known after apply)      + hostname         = (known after apply)      + id               = (known after apply)      + image            = (known after apply)      + init             = (known after apply)      + ip_address       = (known after apply)      + ip_prefix_length = (known after apply)      + ipc_mode         = (known after apply)      + log_driver       = "json-file"      + logs             = false      + must_run         = true      + name             = "tutorial"      + network_data     = (known after apply)      + read_only        = false      + remove_volumes   = true      + restart          = "no"      + rm               = false      + security_opts    = (known after apply)      + shm_size         = (known after apply)      + start            = true      + stdin_open       = false      + tty              = false      + healthcheck {          + interval     = (known after apply)          + retries      = (known after apply)          + start_period = (known after apply)          + test         = (known after apply)          + timeout      = (known after apply)        }      + labels {          + label = (known after apply)          + value = (known after apply)        }      + ports {          + external = 8000          + internal = 80          + ip       = "0.0.0.0"          + protocol = "tcp"        }    }  # docker_image.nginx will be created  + resource "docker_image" "nginx" {      + id           = (known after apply)      + keep_locally = false      + latest       = (known after apply)      + name         = "nginx:latest"      + output       = (known after apply)    }Plan: 2 to add, 0 to change, 0 to destroy.

执行变更：

$ terraform applydocker_image.nginx: Creating...docker_image.nginx: Still creating... [10s elapsed]docker_image.nginx: Still creating... [20s elapsed]docker_image.nginx: Creation complete after 28s [id=sha256:d1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdeenginx:latest]docker_container.nginx: Creating...docker_container.nginx: Creation complete after 1s [id=0dac86e383366959bd976cc843c88395a17c5734d729f62f07106caf604b466f]

它主动帮咱们下载了镜像和启动了容器。通过以下命令查看nginx的主页：

$ curl http://localhost:8000

当初我不想要这些资源了，通过以下命令删除：

$ terraform destroydocker_container.nginx: Destroying... [id=0dac86e383366959bd976cc843c88395a17c5734d729f62f07106caf604b466f]docker_container.nginx: Destruction complete after 0sdocker_image.nginx: Destroying... [id=sha256:d1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdeenginx:latest]docker_image.nginx: Destruction complete after 1s

4 部署Kubernetes资源

创立目录：

$ mkdir terraform-kubernetes-demo && cd $_

创立main.tf文件：

terraform {  required_providers {    kubernetes = {      source  = "hashicorp/kubernetes"      version = ">= 2.0.0"    }  }}provider "kubernetes" {  config_path = "~/.kube/config"}resource "kubernetes_namespace" "test" {  metadata {    name = "nginx"  }}resource "kubernetes_deployment" "test" {  metadata {    name      = "nginx"    namespace = kubernetes_namespace.test.metadata.0.name  }  spec {    replicas = 2    selector {      match_labels = {        app = "MyTestApp"      }    }    template {      metadata {        labels = {          app = "MyTestApp"        }      }      spec {        container {          image = "nginx"          name  = "nginx-container"          port {            container_port = 80          }        }      }    }  }}resource "kubernetes_service" "test" {  metadata {    name      = "nginx"    namespace = kubernetes_namespace.test.metadata.0.name  }  spec {    selector = {      app = kubernetes_deployment.test.spec.0.template.0.metadata.0.labels.app    }    type = "NodePort"    port {      node_port   = 30201      port        = 80      target_port = 80    }  }}

间接执行：

terraform initterraform apply

查看后果：

$ kubectl -n nginx get deploymentNAME    READY   UP-TO-DATE   AVAILABLE   AGEnginx   2/2     2            2           2m$ kubectl -n nginx get serviceNAME    TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGEnginx   NodePort   10.98.213.164   <none>        80:30201/TCP   71s$ curl http://localhost:30201

测试实现，删除：

terraform destroy

5 总结

Terraform在云计算畛域还是有本人的一席之地的，值得理解学习。

代码请查看：https://github.com/LarryDpk/p...

欢送关注微信公众号<南瓜慢说>，将继续为你更新...

多读书，多分享；多写作，多整顿。