This resource will help you to manage a Edge Kubernetes Cluster in Alibaba Cloud Kubernetes Service, see What is edge kubernetes.
Basic Usage
variable "name" {
default = "tf-example-basic-edge"
}
data "alicloud_zones" "default" {
available_resource_creation = "VSwitch"
}
data "alicloud_instance_types" "default" {
availability_zone = data.alicloud_zones.default.zones.0.id
cpu_core_count = 4
memory_size = 8
kubernetes_node_role = "Master"
}
resource "alicloud_vpc" "default" {
vpc_name = var.name
cidr_block = "10.4.0.0/16"
}
resource "alicloud_vswitch" "default" {
vswitch_name = var.name
cidr_block = "10.4.0.0/24"
vpc_id = alicloud_vpc.default.id
zone_id = data.alicloud_zones.default.zones.0.id
}
resource "alicloud_cs_edge_kubernetes" "default" {
name = var.name
worker_vswitch_ids = [alicloud_vswitch.default.id]
worker_instance_types = [data.alicloud_instance_types.default.instance_types.0.id]
worker_number = "1"
password = "Test12345"
pod_cidr = "10.99.0.0/16"
service_cidr = "172.16.0.0/16"
worker_instance_charge_type = "PostPaid"
new_nat_gateway = "true"
node_cidr_mask = "24"
install_cloud_monitor = "true"
slb_internet_enabled = "true"
is_enterprise_security_group = "true"
worker_data_disks {
category = "cloud_ssd"
size = "200"
encrypted = "false"
}
}
You could create a professional kubernetes edge cluster now.
variable "name" {
default = "tf_example"
}
data "alicloud_zones" "default" {
available_resource_creation = "VSwitch"
}
data "alicloud_instance_types" "default" {
availability_zone = data.alicloud_zones.default.zones.0.id
cpu_core_count = 4
memory_size = 8
kubernetes_node_role = "Master"
}
resource "alicloud_vpc" "default" {
vpc_name = var.name
cidr_block = "10.4.0.0/16"
}
resource "alicloud_vswitch" "default" {
vswitch_name = var.name
cidr_block = "10.4.0.0/24"
vpc_id = alicloud_vpc.default.id
zone_id = data.alicloud_zones.default.zones.0.id
}
resource "alicloud_cs_edge_kubernetes" "default" {
name = var.name
worker_vswitch_ids = [alicloud_vswitch.default.id]
worker_instance_types = [data.alicloud_instance_types.default.instance_types.0.id]
cluster_spec = "ack.pro.small"
worker_number = "1"
password = "Test12345"
pod_cidr = "10.99.0.0/16"
service_cidr = "172.16.0.0/16"
worker_instance_charge_type = "PostPaid"
new_nat_gateway = "true"
node_cidr_mask = "24"
load_balancer_spec = "slb.s2.small"
install_cloud_monitor = "true"
slb_internet_enabled = "true"
is_enterprise_security_group = "true"
worker_data_disks {
category = "cloud_ssd"
size = "200"
encrypted = "false"
}
}
Global params
name
- (Optional) The kubernetes cluster's name. It is unique in one Alicloud account.name_prefix
- (Optional) The kubernetes cluster name's prefix. It is conflict with name
. If it is specified, terraform will using it to build the only cluster name. Default to "Terraform-Creation".version
- (Optional) Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.security_group_id
- (Optional) The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.is_enterprise_security_group
- (Optional) Enable to create advanced security group. default: false. See Advanced security group.addons
- (Optional) The addon you want to install in cluster. See addons
below.rds_instances
- (Optional, Available since v1.103.2) RDS instance list, You can choose which RDS instances whitelist to add instances to.resource_group_id
- (Optional, Available since v1.103.2) The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.deletion_protection
- (Optional, Available since v1.103.2) Whether to enable cluster deletion protection.force_update
- (Optional, ForceNew, Available since v1.113.0) Default false, when you want to change vpc_id
, you have to set this field to true, then the cluster will be recreated.tags
- (Optional, Available since v1.120.0) Default nil, A map of tags assigned to the kubernetes cluster and work node.retain_resources
- (Optional, Available since v1.141.0) Resources that are automatically created during cluster creation, including NAT gateways, SNAT rules, SLB instances, and RAM Role, will be deleted. Resources that are manually created after you create the cluster, such as SLB instances for Services, will also be deleted. If you need to retain resources, please configure with retain_resources
. There are several aspects to pay attention to when using retain_resources
to retain resources. After configuring retain_resources
into the terraform configuration manifest file, you first need to run terraform apply
.Then execute terraform destroy
.cluster_spec
- (Optional, Available since v1.185.0) The cluster specifications of kubernetes cluster,which can be empty. Valid values:
runtime
- (Optional, Available since v1.185.0) The runtime of containers. If you select another container runtime, see Comparison of Docker, containerd, and Sandboxed-Container. Detailed below.availability_zone
- (Optional) The ID of availability zone.connections
- (Map) Map of kubernetes cluster connection information.
api_server_internet
- API Server Internet endpoint.api_server_intranet
- API Server Intranet endpoint.master_public_ip
- Master node SSH IP address.service_domain
- Service Access Domain.certificate_authority
- (Map, Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
cluster_cert
- The base64 encoded cluster certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.client_cert
- The base64 encoded client certificate data required to communicate with your cluster. Add this to the client-certificate-data section of the kubeconfig file for your cluster.client_key
- The base64 encoded client key data required to communicate with your cluster. Add this to the client-key-data section of the kubeconfig file for your cluster.Network params
pod_cidr
- (Optional) [Flannel Specific] The CIDR block for the pod network when using Flannel.new_nat_gateway
- (Optional) Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice.service_cidr
- (Optional) The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.node_cidr_mask
- (Optional) The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24slb_internet_enabled
- (Optional) Whether to create internet load balancer for API Server. Default to true.load_balancer_spec
- (Optional, Available since v1.185.0) The cluster api server load balance instance specification. For more information on how to select a LB instance specification, see SLB instance overview.
->NOTE: If you want to use Flannel
as CNI network plugin, You need to specific the pod_cidr
field and addons with flannel
.Worker params
password
- (Optional, Sensitive) The password of ssh login cluster node. You have to specify one of password
, key_name
kms_encrypted_password
fields.key_name
- (Optional) The keypair of ssh login cluster node, you have to create it first. You have to specify one of password
key_name
kms_encrypted_password
fields.worker_number
- (Required) The cloud worker node number of the edge kubernetes cluster. Default to 1. It is limited up to 50 and if you want to enlarge it, please apply white list or contact with us.worker_vswitch_ids
- (Required) The vswitches used by workers.worker_instance_charge_type
- (Optional) Worker payment type, its valid value is PostPaid
. Defaults to PostPaid
. More charge details in ACK@edge charge.worker_instance_types
- (Required) The instance types of worker node, you can set multiple types to avoid NoStock of a certain type.worker_disk_category
- (Optional) The system disk category of worker node. Its valid value are cloud_efficiency
, cloud_ssd
and cloud_essd
and . Default to cloud_efficiency
.worker_disk_size
- (Optional) The system disk size of worker node. Its valid value range [20~32768] in GB. Default to 40.worker_data_disks
- (Optional) The data disk configurations of worker nodes, such as the disk type and disk size. See worker_data_disks
below.install_cloud_monitor
- (Optional) Install cloud monitor agent on ECS. default: true
.proxy_mode
- (Optional) Proxy mode is option of kube-proxy. options: iptables|ipvs. default: ipvs.user_data
- (Optional) Windows instances support batch and PowerShell scripts. If your script file is larger than 1 KB, we recommend that you upload the script to Object Storage Service (OSS) and pull it through the internal endpoint of your OSS bucket.worker_disk_performance_level
- (Optional, Available since v1.120.0) Worker node system disk performance level, when worker_disk_category
values cloud_essd
, the optional values are PL0
, PL1
, PL2
or PL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default is PL1
.worker_disk_snapshot_policy_id
- (Optional, Available since v1.120.0) Worker node system disk auto snapshot policy.Computed params
You can set some file paths to save kube_config information, but this way is cumbersome. Since version 1.105.0, we've written it to tf state file. About its useļ¼see export attribute certificate_authority. From version 1.187.0+, new DataSource alicloud_cs_cluster_credential
is recommended to manage cluster's kube_config.
kube_config
- (Optional, Deprecated from v1.187.0) The path of kube config, like ~/.kube/config
.client_cert
- (Optional) The path of client certificate, like ~/.kube/client-cert.pem
.client_key
- (Optional) The path of client key, like ~/.kube/client-key.pem
.cluster_ca_cert
- (Optional) The path of cluster ca certificate, like ~/.kube/cluster-ca-cert.pem
Removed params
log_config
- (Optional, Deprecated) A list of one element containing information about the associated log store. See log_config
below.addons
The addons supports the following:
name
- (Optional) Name of the ACK add-on. The name must match one of the names returned by DescribeAddons.config
- (Optional) The ACK add-on configurations. For more config information, see cs_kubernetes_addon_metadata.version
- (Optional) It specifies the version of the component.disabled
- (Optional) Disables the automatic installation of a component. Default is false
.The following example is the definition of addons block, The type of this field is list:
# install nginx ingress, conflict with SLB ingress
addons {
name = "nginx-ingress-controller"
# use internet
config = "{\"IngressSlbNetworkType\":\"internet",\"IngressSlbSpec\":\"slb.s2.small\"}"
# if use intranet, detail below.
# config = "{\"IngressSlbNetworkType\":\"intranet",\"IngressSlbSpec\":\"slb.s2.small\"}"
}
worker_data_disks
The worker_data_disks supports the following:
category
- (Optional) The type of the data disks. Valid values: cloud
, cloud_efficiency
, cloud_ssd
and cloud_essd
. Default to cloud_efficiency
.size
- (Optional) The size of a data disk, at least 40. Unit: GiB.encrypted
- (Optional) Specifies whether to encrypt data disks. Valid values: true and false. Default is false
.performance_level
- (Optional, Available since v1.120.0) Worker node data disk performance level, when category
values cloud_essd
, the optional values are PL0
, PL1
, PL2
or PL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default is PL1
.auto_snapshot_policy_id
- (Optional, Available since v1.120.0) Worker node data disk auto snapshot policy.snapshot_id
- (Optional) The id of snapshot.kms_key_id
- (Optional) The id of the kms key.name
- (Optional) The name of the data disks.device
- (Optional) The device of the data disks.log_config
The log_config supports the following:
type
- (Required) Type of collecting logs, only SLS
are supported currently.project
- (Optional) Log Service project name, cluster logs will output to this project.The following attributes are exported:
id
- The ID of the container cluster.vpc_id
- The ID of VPC where the current cluster is located.slb_intranet
- The ID of private load balancer where the current cluster master node is located.slb_internet
- The public ip of load balancer.nat_gateway_id
- The ID of nat gateway used to launch kubernetes cluster.worker_nodes
- List of cluster worker nodes.
id
- ID of the node.name
- Node name.private_ip
- The private IP address of node.worker_ram_role_name
- The RamRole Name attached to worker node. The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 60 mins) Used when creating the kubernetes cluster (until it reaches the initial running
status). update
- (Defaults to 60 mins) Used when activating the kubernetes cluster when necessary during update.delete
- (Defaults to 60 mins) Used when terminating the kubernetes cluster. Kubernetes edge cluster can be imported using the id, e.g. Then complete the main.tf accords to the result of terraform plan
.
$ terraform import alicloud_cs_edge_kubernetes.main cluster-id