tf-tke-example
。目录创建后,按照以下步骤声明腾讯云资源。# Networksvariable "vpc_name" {default = "example-vpc"}variable "subnet_name" {default = "example-subnet"}variable "security_group_name" {default = "example-security-group"}variable "network_cidr" {default = "10.0.0.0/16"}variable "security_ingress_rules" {default = ["ACCEPT#10.0.0.0/16#ALL#ALL","ACCEPT#172.16.0.0/22#ALL#ALL","DROP#0.0.0.0/0#ALL#ALL"]}resource "tencentcloud_vpc" "vpc" {cidr_block = var.network_cidrname = var.vpc_nametags = var.tags}resource "tencentcloud_subnet" "subnet" {availability_zone = var.available_zonecidr_block = var.network_cidrname = var.subnet_namevpc_id = tencentcloud_vpc.vpc.idtags = var.tags}resource "tencentcloud_security_group" "sg" {name = var.security_group_namedescription = "example security groups for kubernetes networks"tags = var.tags}resource "tencentcloud_security_group_lite_rule" "sg_rules" {security_group_id = tencentcloud_security_group.sg.idingress = var.security_ingress_rulesegress = ["ACCEPT#0.0.0.0/0#ALL#ALL"]}
# TKEvariable "cluster_name" {default = "example-cluster"}variable "cluster_version" {default = "1.22.5"}variable "cluster_cidr" {default = "172.16.0.0/22"}variable "cluster_os" {default = "tlinux2.2(tkernel3)x86_64"}variable "cluster_public_access" {default = true}variable "cluster_private_access" {default = true}variable "worker_count" {default = 1}variable "worker_instance_type" {default = "S5.MEDIUM2"}variable "available_zone" {default = "ap-guangzhou-3"}variable "tags" {default = {terraform = "example"}}resource "random_password" "worker_pwd" {length = 12min_numeric = 1min_special = 1min_upper = 1override_special = "!#$%&*()-_=+[]{}<>:?"}resource "tencentcloud_kubernetes_cluster" "cluster" {cluster_name = var.cluster_namecluster_version = var.cluster_versioncluster_cidr = var.cluster_cidrcluster_os = var.cluster_oscluster_internet = var.cluster_public_accesscluster_internet_security_group = var.cluster_public_access ? tencentcloud_security_group.sg.id : nullcluster_intranet = var.cluster_private_accesscluster_intranet_subnet_id = var.cluster_private_access ? tencentcloud_subnet.subnet.id : nullvpc_id = tencentcloud_vpc.vpc.idworker_config {availability_zone = var.available_zonecount = var.worker_countinstance_type = var.worker_instance_typesubnet_id = tencentcloud_subnet.subnet.idsecurity_group_ids = [tencentcloud_security_group.sg.id]password = random_password.worker_pwd.result}tags = var.tags}
TKE_QCSRole
角色并授予其预设策略 TF_QcloudAccessForTKERole
,TF_QcloudAccessForTKERoleInOpsManagement
。resource "tencentcloud_cam_role" "TKE_QCSRole" {name = "TKE_QCSRole"document = <<EOF{"statement": [{"action":"name/sts:AssumeRole","effect":"allow","principal":{"service":"ccs.qcloud.com"}}],"version":"2.0"}EOFdescription = "The TKE service role."}data "tencentcloud_cam_policies" "ops_mgr" {name = "QcloudAccessForTKERoleInOpsManagement"}data "tencentcloud_cam_policies" "qca" {name = "QcloudAccessForTKERole"}locals {ops_policy_id = data.tencentcloud_cam_policies.ops_mgr.policy_list.0.policy_idqca_policy_id = data.tencentcloud_cam_policies.qca.policy_list.0.policy_id}resource "tencentcloud_cam_role_policy_attachment" "QCS_OpsMgr" {role_id = lookup(tencentcloud_cam_role.TKE_QCSRole, "id")policy_id = local.ops_policy_id}resource "tencentcloud_cam_role_policy_attachment" "QCS_QCA" {role_id = lookup(tencentcloud_cam_role.TKE_QCSRole, "id")policy_id = local.qca_policy_id}
terraform {required_providers {kubernetes = {source = "hashicorp/kubernetes"version = ">= 2.0.0"}tencentcloud = {source = "tencentcloudstack/tencentcloud"version = ">=1.77.7"}}}provider "tencentcloud" {region = "ap-hongkong"}module "tencentcloud_tke" {source = "github.com/terraform-tencentcloud-modules/terraform-tencentcloud-tke"available_zone = "ap-hongkong-3" # Available zone must belongs to the region.}provider "kubernetes" {host = module.tencentcloud_tke.cluster_endpointcluster_ca_certificate = module.tencentcloud_tke.cluster_ca_certificateclient_key = base64decode(module.tencentcloud_tke.client_key)client_certificate = base64decode(module.tencentcloud_tke.client_certificate)}
10.0.0.0/16
、172.16.0.0/22
网段,如要测试集群的外网访问,您需要额外添加期望放通的规则。 module
块,传入指定的规则。代码如下:module "tencentcloud_tke" {source = "../../"available_zone = var.available_zone # Available zone must belongs to the region.create_cam_strategy = falsesecurity_ingress_rules = ["ACCEPT#10.0.0.0/16#ALL#ALL","ACCEPT#172.16.0.0/22#ALL#ALL","ACCEPT#(改成你的 IP 地址,括号去掉)#ALL#ALL","DROP#0.0.0.0/0#ALL#ALL"]}
resource "kubernetes_namespace" "test" {metadata {name = "nginx"}}resource "kubernetes_deployment" "test" {metadata {name = "nginx"namespace = kubernetes_namespace.test.metadata.0.name}spec {replicas = 2selector {match_labels = {app = "MyTestApp"}}template {metadata {labels = {app = "MyTestApp"}}spec {container {image = "nginx"name = "nginx-container"port {container_port = 80}}}}}}resource "kubernetes_service" "test" {metadata {name = "nginx"namespace = kubernetes_namespace.test.metadata.0.name}spec {selector = {app = kubernetes_deployment.test.spec.0.template.0.metadata.0.labels.app}type = "NodePort"port {node_port = 30201port = 80target_port = 80}}}
locals {lb_vpc = module.tencentcloud_tke.vpc_idlb_sg = module.tencentcloud_tke.security_group_id}resource "tencentcloud_clb_instance" "ingress-lb" {address_ip_version = "ipv4"clb_name = "example-lb"internet_bandwidth_max_out = 1internet_charge_type = "BANDWIDTH_POSTPAID_BY_HOUR"load_balancer_pass_to_target = truenetwork_type = "OPEN"security_groups = [local.lb_sg]vpc_id = local.lb_vpc}
resource "kubernetes_ingress_v1" "test" {metadata {name = "test-ingress"namespace = "nginx"annotations = {"ingress.cloud.tencent.com/direct-access" = "false""kubernetes.io/ingress.class" = "qcloud""kubernetes.io/ingress.existLbId" = tencentcloud_clb_instance.ingress-lb.id"kubernetes.io/ingress.extensiveParameters" = "{\\"AddressIPVersion\\": \\"IPV4\\"}""kubernetes.io/ingress.http-rules" = "[{\\"path\\":\\"/\\",\\"backend\\":{\\"serviceName\\":\\"nginx\\",\\"servicePort\\":\\"80\\"}}]""kubernetes.io/ingress.https-rules" = "null""kubernetes.io/ingress.qcloud-loadbalance-id" = tencentcloud_clb_instance.ingress-lb.id"kubernetes.io/ingress.rule-mix" = "false"}}spec {rule {http {path {backend {service {name = kubernetes_service.test.metadata.0.nameport {number = 80}}}path = "/"}}}}}
output "load_balancer_ip" {value = kubernetes_ingress_v1.test.status.0.load_balancer.0.ingress.0.ip}
$ terraform init$ terraform plan$ terraform apply
Apply complete! Resources: 16 added, 0 changed, 0 destroyed.Outputs:load_balancer_ip = "xxx.xxx.xxx.xxx"
load_balancer_ip
显示的地址,页面显示 Welcome To Nginx 则说明应用部署成功!
本页内容是否解决了您的问题?