Terraform:使用一个应用启动 GKE 集群和 Ingress 应用程序
Terraform: starting a GKE cluster and Ingress app with one apply
我对 Terraform 还很陌生,我正在尝试设置 GCP GKE 集群,然后将其连接到 Ingress 应用程序。按照本教程,我能够成功地做到这一点:https://www.youtube.com/watch?v=Vcv6GapxUCI. Here is a link to the Github repo from the tutorial if you would like to see how the main.tf file is structured: https://github.com/alexandarp/terraform-gke.
但是,此方法涉及先使用 Terraform 创建 GKE 集群,然后单独使用 gcloud 命令行命令获取集群凭据,然后 运行 多个“kubectl apply”命令从中创建 Ingress 应用程序一组 .yaml 文件。所以基本上,它变成了创建GKE集群然后单独创建Ingress应用程序的两步过程。
我的问题是:是否可以仅使用一个“terraform apply”命令来执行这两个步骤?也就是说,是否有一个 Terraform 文件既可以创建 GKE 集群又可以创建 Ingress 应用程序?同样,我对 Terraform 还很陌生,所以如果这超出了它的能力范围,我理解!任何关于如何解决这个问题的方向将不胜感激!
是,使用provider "kubernetes" {}
请参阅下面的工作示例以供参考。在此示例中,我使用 resource "kubernetes_namespace" "example" {}.
创建示例命名空间
您将使用 resource "kubernetes_deployment" "example" {} 和 resource "kubernetes_service" "example" {}。有关详细信息,请参阅文档 here。
main.tf
provider "google" {
credentials = file("account.json")
project = "my-project-id"
region = "us-central1"
}
# Create GKE Cluster
resource "google_container_cluster" "primary" {
name = "marcellus-wallace"
location = "us-central1-a"
initial_node_count = 1
master_auth {
username = ""
password = ""
client_certificate_config {
issue_client_certificate = false
}
}
node_config {
oauth_scopes = [
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]
metadata = {
disable-legacy-endpoints = "true"
}
labels = {
foo = "bar"
}
tags = ["foo", "bar"]
}
timeouts {
create = "30m"
update = "40m"
}
}
data "google_client_config" "default" {}
data "google_container_cluster" "my_cluster" {
name = "${google_container_cluster.primary.name}"
location = "us-central1-a"
}
# Kubernetes Provider
provider "kubernetes" {
config_context_cluster = "${google_container_cluster.primary.name}"
load_config_file = false
host = "https://${data.google_container_cluster.my_cluster.endpoint}"
token = "${data.google_client_config.default.access_token}"
cluster_ca_certificate = "${base64decode(data.google_container_cluster.my_cluster.master_auth.0.cluster_ca_certificate)}"
}
# Deploy resources on GKE
resource "kubernetes_namespace" "example" {
metadata {
annotations = {
name = "example-annotation"
}
labels = {
mylabel = "label-value"
}
name = "terraform-example-namespace"
}
}
我对 Terraform 还很陌生,我正在尝试设置 GCP GKE 集群,然后将其连接到 Ingress 应用程序。按照本教程,我能够成功地做到这一点:https://www.youtube.com/watch?v=Vcv6GapxUCI. Here is a link to the Github repo from the tutorial if you would like to see how the main.tf file is structured: https://github.com/alexandarp/terraform-gke.
但是,此方法涉及先使用 Terraform 创建 GKE 集群,然后单独使用 gcloud 命令行命令获取集群凭据,然后 运行 多个“kubectl apply”命令从中创建 Ingress 应用程序一组 .yaml 文件。所以基本上,它变成了创建GKE集群然后单独创建Ingress应用程序的两步过程。
我的问题是:是否可以仅使用一个“terraform apply”命令来执行这两个步骤?也就是说,是否有一个 Terraform 文件既可以创建 GKE 集群又可以创建 Ingress 应用程序?同样,我对 Terraform 还很陌生,所以如果这超出了它的能力范围,我理解!任何关于如何解决这个问题的方向将不胜感激!
是,使用provider "kubernetes" {}
请参阅下面的工作示例以供参考。在此示例中,我使用 resource "kubernetes_namespace" "example" {}.
您将使用 resource "kubernetes_deployment" "example" {} 和 resource "kubernetes_service" "example" {}。有关详细信息,请参阅文档 here。
main.tf
provider "google" {
credentials = file("account.json")
project = "my-project-id"
region = "us-central1"
}
# Create GKE Cluster
resource "google_container_cluster" "primary" {
name = "marcellus-wallace"
location = "us-central1-a"
initial_node_count = 1
master_auth {
username = ""
password = ""
client_certificate_config {
issue_client_certificate = false
}
}
node_config {
oauth_scopes = [
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]
metadata = {
disable-legacy-endpoints = "true"
}
labels = {
foo = "bar"
}
tags = ["foo", "bar"]
}
timeouts {
create = "30m"
update = "40m"
}
}
data "google_client_config" "default" {}
data "google_container_cluster" "my_cluster" {
name = "${google_container_cluster.primary.name}"
location = "us-central1-a"
}
# Kubernetes Provider
provider "kubernetes" {
config_context_cluster = "${google_container_cluster.primary.name}"
load_config_file = false
host = "https://${data.google_container_cluster.my_cluster.endpoint}"
token = "${data.google_client_config.default.access_token}"
cluster_ca_certificate = "${base64decode(data.google_container_cluster.my_cluster.master_auth.0.cluster_ca_certificate)}"
}
# Deploy resources on GKE
resource "kubernetes_namespace" "example" {
metadata {
annotations = {
name = "example-annotation"
}
labels = {
mylabel = "label-value"
}
name = "terraform-example-namespace"
}
}