Go to the Terraform official website and use the command line to install Terraform directly or download the binary installation package file. Verification and Authentication
Obtaining credentials
Before using Terraform for the first time, go to the TencentCloud API Key page to apply for SecretId
and SecretKey
. If you already have them, skip this step. 1. Log in to the CAM console and select Access Key > Manage API Key in the left sidebar. 2. On the Manage API Key page, click Create Key to create a pair of SecretId/SecretKey
.
Authentication
Method 1: (Recommended) Inject access key for the account with environment variables
Add the following content to the environment variables:
export TENCENTCLOUD_SECRET_ID="xxx"
export TENCENTCLOUD_SECRET_KEY="xxx"
Create a provider.tf
file under the user directory and enter the following content:
Note
Please ensure the security of the access key in the configuration file.
provider "tencentcloud" {
secret_id = "xxx"
secret_key = "xxx"
}
1. Create a working directory. Then create a Terraform configuration file named main.tf
under it.
Notes
The main.tf
file describes the following Terraform configurations:
Create a VPC, and create a subnet in the VPC.
Create a managed TKE cluster.
Create a node pool in the cluster.
The content of the main.tf
file is as follows:
terraform {
required_providers {
tencentcloud = {
source = "tencentcloudstack/tencentcloud"
}
}
}
locals {
region = "xxx"
zone1 = "xxx"
vpc_name = "xxx"
vpc_cidr_block = "xxx"
subnet1_name = "xxx"
subnet1_cidr_block = "xxx"
cluster_name = "xxx"
network_type = "xxx"
cluster_cidr = "xxx"
cluster_version = "xxx"
}
provider "tencentcloud" {
region = local.region
}
resource "tencentcloud_vpc" "vpc_example" {
name = local.vpc_name
cidr_block = local.vpc_cidr_block
}
resource "tencentcloud_subnet" "subnet_example" {
availability_zone = local.zone1
cidr_block = local.subnet1_cidr_block
name = local.subnet1_name
vpc_id = tencentcloud_vpc.vpc_example.id
}
resource "tencentcloud_kubernetes_cluster" "managed_cluster_example" {
vpc_id = tencentcloud_vpc.vpc_example.id
cluster_name = local.cluster_name
network_type = local.network_type
cluster_cidr = local.cluster_cidr
cluster_version = local.cluster_version
}
2. (Optional) If you use Tencent Cloud TKE for the first time, please grant TKE permissions to access other cloud service resources. If you have granted permissions, skip this step.
You can also grant permissions in the Terraform configuration file. To do this, please create a cam.tf
file with the following content under the working directory.
resource "tencentcloud_cam_role" "TKE_QCSRole" {
name = "TKE_QCSRole"
document = <<EOF
{
"statement": [
{
"action":"name/sts:AssumeRole",
"effect":"allow",
"principal":{
"service":"ccs.qcloud.com"
}
}
],
"version":"2.0"
}
EOF
description = "The current role is the Tencent Cloud TKE service role, and it will access your other Tencent Cloud resources within the permissions granted by the associated policies."
}
data "tencentcloud_cam_policies" "qca" {
name = "QcloudAccessForTKERole"
}
data "tencentcloud_cam_policies" "ops_mgr" {
name = "QcloudAccessForTKERoleInOpsManagement"
}
resource "tencentcloud_cam_role_policy_attachment" "QCS_QCA" {
role_id = lookup(tencentcloud_cam_role.TKE_QCSRole, "id")
policy_id = data.tencentcloud_cam_policies.qca.policy_list.0.policy_id
}
resource "tencentcloud_cam_role_policy_attachment" "QCS_OpsMgr" {
role_id = lookup(tencentcloud_cam_role.TKE_QCSRole, "id")
policy_id = data.tencentcloud_cam_policies.ops_mgr.policy_list.0.policy_id
}
resource "tencentcloud_cam_role" "IPAMDofTKE_QCSRole" {
name = "IPAMDofTKE_QCSRole"
document = <<EOF
{
"statement": [
{
"action":"name/sts:AssumeRole",
"effect":"allow",
"principal":{
"service":"ccs.qcloud.com"
}
}
],
"version":"2.0"
}
EOF
description = "The current role is the IPAMD service role, and it will access your other Tencent Cloud resources within the permissions granted by the associated policies."
}
data "tencentcloud_cam_policies" "qcs_ipamd" {
name = "QcloudAccessForIPAMDofTKERole"
}
resource "tencentcloud_cam_role_policy_attachment" "QCS_Ipamd" {
role_id = lookup(tencentcloud_cam_role.IPAMDofTKE_QCSRole, "id")
policy_id = data.tencentcloud_cam_policies.qcs_ipamd.policy_list.0.policy_id
}
resource "tencentcloud_cam_service_linked_role" "service_linked_role" {
qcs_service_name = ["cvm.qcloud.com", "ekslog.tke.cloud.tencent.com"]
description = "tke log role created by terraform"
tags = {
"createdBy" = "terraform"
}
}
3. Run the following command to initialize the environment for Terraform.
The returned information is as follows:
Initializing the backend...
Initializing provider plugins...
- Finding tencentcloudstack/tencentcloud versions matching "~> 1.78.13"...
- Installing tencentcloudstack/tencentcloud v1.78.13...
...
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
...
4. Run the following command to view the resource plan generated by Terraform based on the configuration file.
The returned information is as follows:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
...
Plan: 3 to add, 0 to change, 0 to destroy.
...
5. Run the following command to create the resource.
The returned information is as follows:
...
Plan: 3 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:
Enter yes
as prompted to create the resource. The following information is returned:
...
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
You have completed the creation of the VPC, subnet and managed TKE cluster. You can view these resources in Tencent Cloud console.
1. Create a working directory, under which create a Terraform configuration file named nodepool.tf
.
The content of the nodepool.tf
file is as follows:
locals {
node_pool_name = "xxx"
max_node_size = xxx
min_node_size = xxx
cvm_instance_type = "xxx"
cvm_pass_word = "xxx"
security_group_ids = ["sg-xxx", "sg-xxx"]
}
resource "tencentcloud_kubernetes_node_pool" "example_node_pool" {
cluster_id = tencentcloud_kubernetes_cluster.managed_cluster_example.id
delete_keep_instance = false
max_size = local.max_node_size
min_size = local.min_node_size
name = local.node_pool_name
vpc_id = tencentcloud_vpc.vpc_example.id
subnet_ids = [tencentcloud_subnet.subnet_example.id]
auto_scaling_config {
instance_type = local.cvm_instance_type
password = local.cvm_pass_word
security_group_ids = local.security_group_ids
}
}
2. Run the following command to view the resource plan generated by Terraform based on the configuration file.
The returned information is as follows:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
...
Plan: 1 to add, 0 to change, 0 to destroy.
...
3. Run the following command to create the resource.
The returned information is as follows:
...
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:
Enter yes
as prompted to create the resource. The following information is returned:
...
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
You have completed the creation of the node pool. You can view the resources you have created in Tencent Cloud console.
You can run the following command to delete the VPCs, subnets and managed TKE clusters you have created.
The returned information is as follows:
...
Plan: 0 to add, 0 to change, 3 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value:
Enter yes
as prompted to confirm the deletion. The following information is returned:
...
Destroy complete! Resources: 3 destroyed.
References
Was this page helpful?