the site subtitle

terraform provider Kubernetes 入门

2018.09.17

下载

初始化

terraform 扩展主要靠的就是provider,所以在使用之前需要准备好或者下载对应的provider。至于你需要什么provider,需要在main.tf指定,如下所示。

如果可以联网的话,貌似会从fastly的CDN上下载,默认放在~/.terraform/plugins目录,离线安装或者自己build的话也可以放在对应的目录即可。

terraform默认会读取kubeconfig的默认配置,有点绕口,也可以自己配置对应的证书或者basic auth,这一点可以去看官方文档,我配置的就是读取默认配置。然后就就可以初始化去下载k8s的provider了。

cat main.tf
provider "kubernetes" {}
# 初始化
terraform init

Initializing the backend...

Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "kubernetes" (hashicorp/kubernetes) 1.9.0...

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.

* provider.kubernetes: version = "~> 1.9"

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
# 默认provider的下载路径
ls ~/.terraform/plugins/linux_amd64/
lock.json  terraform-provider-kubernetes_v1.9.0_x4

发布

terraform默认读取的是当前文件目录所有的.tf的文件,首先我们创建一个nginx的pod,如下所示,定义一些必要的参数,然后就可以发布到k8s上面了。

cat nginx.tf
resource "kubernetes_pod" "nginx" {
  metadata {
    name = "nginx-example"
    labels = {
      App = "nginx"
    }
  }
  spec {
    container {
      image = "nginx:1.1"
      name  = "example"

      port {
        container_port = 80
      }
    }
  }
}

# 发布
terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:
# 省略
Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: # 这里会二次确认一下
  
kubernetes_pod.nginx: Creating...
kubernetes_pod.nginx: Creation complete after 4s [id=default/nginx-example]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.  

# 验证
$ kubectl get po
NAME            READY   STATUS    RESTARTS   AGE
nginx-example   1/1     Running   0          18h

更新

接着我们来试一下更新镜像,也就是发布流程,修改nginx.tf的镜像名字,然后运行terraform plan就能看到这一次涉及到的更改,如下所示:

terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

kubernetes_pod.nginx: Refreshing state... [id=default/nginx-example]

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # kubernetes_pod.nginx will be updated in-place
# 略
          ~ container {
                args                     = []
                command                  = []
              ~ image                    = "nginx:alpine" -> "nginx:1.1"
                image_pull_policy        = "IfNotPresent"
                name                     = "example"
                stdin                    = false
                stdin_once               = false
                termination_message_path = "/dev/termination-log"
                tty                      = false

                port {
                    container_port = 80
                    host_port      = 0
                    protocol       = "TCP"
                }

                resources {
                }
            }
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

和kubectl的区别?kubectl提供了diff 的子命令,可以对比与正在运行的pod的区别,如下所示:

kubectl diff -f nginxpod.yaml
diff -u -N /tmp/LIVE-346592871/v1.Pod.default.nginx-example /tmp/MERGED-289406106/v1.Pod.default.nginx-example
--- /tmp/LIVE-346592871/v1.Pod.default.nginx-example    2019-09-07 18:48:06.963341550 +0800
+++ /tmp/MERGED-289406106/v1.Pod.default.nginx-example  2019-09-07 18:48:06.967341550 +0800
@@ -12,7 +12,7 @@
 spec:
   automountServiceAccountToken: false
   containers:
-  - image: nginx:alpine
+  - image: nginx:1.1
     imagePullPolicy: IfNotPresent
     name: example
     ports:
exit status 1

其他?

本文也只是对terraform的简单使用,最多算一个入门而已,至于terraform的精华,可能还未涉及到。

思考

  • 多环境支持?
  • 多应用维护?

Ref

Getting Started with Kubernetes provider

https://www.terraform.io/docs/providers/kubernetes/guides/getting-started.html