背景:
Terraform体验了腾讯云的CVM的基本操作。失常流程要去体验一下其余根底组件的整合比方数据库redis等根底组件,还有现有资源的导入。配置文件的合理配置等等等....先插播一下kubernetes的体验吧......毕竟我次要的工作环境是Kubernetes!也有tke。其实也能够体验下tke的整合?当初先独自体验下原生的kubernetes吧!
Terraform与Kubernetes的体验
1.对于Documentation的疾速导读
扫了一眼官网文档https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs。第一眼上来我就找到了我的关注点: Guides(指南,应该包含如何连贯kubernetes集群),几个罕用的api: apps/v1,core/v1,networking/v1,rbac/v1!
2.terraform 连贯kubernetes集群以及简略操作
1. terraform 连贯kubernetes集群初始化相干
1. 指定required_providers
看一眼Guides:
https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/guides/v2-upgrade-guide#using-required_providers-to-test-the-update
首先是插件版本的指定(截至以后:最新文档是2.9.0,然而没有加版本号下载的版本是2.10.0)
2. terraform连贯kubernetes集群的两种形式
参照官网文档:https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/guides/getting-started#provider-setup,看一眼连贯terraform kubernetes的两种形式:
- kubeconfig path
- host and tls证书
看集体爱好了。我是抉择了第一种连贯形式!
3. 创立工作目录初始化terraform并顺便创立一个namespace
1. 创立工作目录
[root@k8s-master-01 ~]# mkdir terraform-k8s[root@k8s-master-01 ~]# cd terraform-k8s/2. 创立provider.tf
[root@k8s-master-01 terraform-k8s]# cat provider.tf
terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" version = ">= 2.10.0" }} }provider "kubernetes" { config_path = "~/.kube/config" config_context = "kubernetes-admin@kubernetes"}resource "kubernetes_namespace" "zhangpeng" { metadata { name = "zhangpeng" }}3. terraform init
root@k8s-master-01 terraform-k8s]# terraform init
留神: 官网文档貌似当初最新是2.9.0,然而开始我没有加版本好显示有2.10.0就间接写2.10.0了
4. terraform plan and terraform apply
[root@k8s-master-01 terraform-k8s]# terraform plan5. 验证namespace的创立
[root@k8s-master-01 terraform-k8s]# kubectl get ns2. terraform 创立一个deployments? and 绑定一个ingress并打印出相干信息?
看了一眼官网文档有点难过https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment_v1#import。deployment有两个相干文档deployment and deployment_v1。目测了一眼只有resource下的区别。当初deployment应该都是v1吧?就用个v1的配置文件吧!
1. 创立一个nginx的deployment利用
参照官网文档。只减少了namespace的限定!
cat nginx.tf
resource "kubernetes_deployment_v1" "example" { metadata { name = "terraform-example" namespace = "zhangpeng" labels = { test = "MyExampleApp" } } spec { replicas = 3 selector { match_labels = { test = "MyExampleApp" } } template { metadata { labels = { test = "MyExampleApp" } } spec { container { image = "nginx:1.21.6" name = "example" resources { limits = { cpu = "0.5" memory = "512Mi" } requests = { cpu = "250m" memory = "50Mi" } } liveness_probe { http_get { path = "/" port = 80 http_header { name = "X-Custom-Header" value = "Awesome" } } initial_delay_seconds = 3 period_seconds = 3 } } } } }}[root@k8s-master-01 terraform-k8s]# terraform plan[root@k8s-master-01 terraform-k8s]# terraform apply
enter a value 输出yes!
[root@k8s-master-01 terraform-k8s]# kubectl get pods -n zhangpeng恩这一步等了良久 差不多两分钟具体起因查看livenessProbe initialDelaySeconds periodSeconds相干设置!
[root@k8s-master-01 terraform-k8s]# kubectl get all -n zhangpengNAME READY STATUS RESTARTS AGEpod/terraform-example-78ff4f86d7-bxfwj 1/1 Running 0 6m26spod/terraform-example-78ff4f86d7-vb2p7 1/1 Running 0 6m26spod/terraform-example-78ff4f86d7-vqm6b 1/1 Running 0 6m26sNAME READY UP-TO-DATE AVAILABLE AGEdeployment.apps/terraform-example 3/3 3 3 6m26sNAME DESIRED CURRENT READY AGEreplicaset.apps/terraform-example-78ff4f86d7 3 3 3 6m26s2. 创立sevice相干配置绑定deployment
service相干文档应该是在core/v1吧?查看一下,搜寻栏还是很有用的
cat service.tf
resource "kubernetes_service" "terraform-example-service" { metadata { name = "terraform-example-service" namespace = kubernetes_namespace.zhangpeng.metadata.0.name } spec { selector = { test = kubernetes_deployment_v1.example.spec.0.template.0.metadata.0.labels.test } session_affinity = "ClientIP" port { port = 80 target_port = 80 } type = "ClusterIP" }}留神:标签的匹配:selector的标签,namespace deployment的版本是否带v1。session_affinity还有type都是kubernetes的根底自行脑补!type的三种形式依照本人环境需要自行设置。
terraform plan and terraform apply
[root@k8s-master-01 terraform-k8s]# terraform plan[root@k8s-master-01 terraform-k8s]# terraform apply[root@k8s-master-01 terraform-k8s]# kubectl get svc -n zhangpengNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEterraform-example-service ClusterIP 172.19.253.9 <none> 80/TCP 30s3. 创立ingress绑定clusterip
对应官网文档:
https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_v1
自己kuberntes环境v1.21.3.ingress应用的traefik代理形式能够应用networking/v1的ingress还有traefik 的ingressroute 还有gateway api?这里懒得去看traefik相干了(traefik貌似也没有官网的。搜到一个1.17版本的非官方的) 间接依照networking/v1的ingress networking/v1的模板去写tf配置文件了:
cat ingress.tf
resource "kubernetes_ingress_v1" "nginx_ingress_test" { metadata { name = "nginx-ingress-test" namespace = kubernetes_namespace.zhangpeng.metadata.0.name annotations = { "kubernetes.io/ingress.class" = "traefik" "traefik.ingress.kubernetes.io/router.entrypoints" = "web" }} spec { rule { host = "nginx-ingress-test.xxxx.com" http { path { path = "/" backend { service { name = "terraform-example-service" port { number = 80 } } } } } } }}强调一下:这里原本想设置pathType,然而设置了就有报错。我想看一下默认的是什么!
terraform plan and terraform apply
[root@k8s-master-01 terraform-k8s]# terraform plan[root@k8s-master-01 terraform-k8s]# terraform apply
pathType: ImplementationSpecific!抽时间看一下这个 ImplementationSpecific
web拜访测试一下:
对于我的ingress traefik 清参照:Kubernetes 1.20.5 装置traefik在腾讯云下的实际
storage这里看了下不太适合去做。rbac也不想太多的演示了!
3. 顺便看一下腾讯云的tke的文档
看了一眼tke相干文档也没有什么太深刻想看的,比方cbs快存储 clb整合之类的?
看了阿里云的也是相似大家都差不多
总结一下
- terraform能实现很多工作,当初的很多支流的平台都能满足
- terraform很多时候并不是最优的,不是万能最佳。治理kubernetes反正我感觉就没有用spinnaker等其余的工具简略
- 只是提前想体验一下kubernetes的整合。前面terraform还是停留在治理我的基础设施下面.kubernetes治理我还是不会用terraform的