Use Terraform To Install Alibaba Cloud Kubernetes Container Service

1. Experiment

1.1 Knowledge points

This experiment uses Terraform, which is a resource O&M tool that runs an open source DevOps architecture. Terraform enables you to securely and efficiently build and change various service resources from multiple cloud vendors. This experiment shows how to deploy a Kubernetes cluster by using Terraform to orchestrate Container Service for Kubernetes of Alibaba Cloud through configuration files.

1.2 Experiment process

• Install Terraform
• Access the service
• Release resources

1.3 Scene architecture diagram

1.4 Cloud resources required

• ECS
• CS

1.5 Prerequisites

• If you’re using your own Alibaba Cloud account instead of the account provided by this lab to operate the experiment, please note that you’ll need to choose the same Ubuntu 16.04 operating system for your ECS in order to run the experiment smoothly.
• Before starting the experiment, please confirm that the previous experiment has been closed normally and exited.

2. Start the experiment environment

Click Start Lab in the upper right corner of the page to start the experiment.

.

After the experiment environment is successfully started, the system has deployed resources required by this experiment in the background, including the ECS instance, RDS instance, Server Load Balancer instance, and OSS bucket. An account consisting of the username and password for logging on to the Web console of Alibaba Cloud is also provided.

After the experiment environment is started and related resources are properly deployed, the experiment starts a countdown. You have two hours to perform experimental operations. After the countdown ends, the experiment stops, and related resources are released. During the experiment, pay attention to the remaining time and arrange your time wisely. Next, use the username and password provided by the system to log on to the Web console of Alibaba Cloud and view related resources:

Go to the logon page of Alibaba Cloud console.

Fill in the sub-user account and click Next.

Fill in the sub-user password and click Log on.

After you successfully log on to the console, the following page is displayed.

3. Install Terraform

3.1 Log in to ECS

Click Elastic Compute Service, as shown in the following figure.

We can see one running ECS instance in Silicon Valley region.

Copy this ECS instance’s Internet IP address and remotely log on to this ECS (Ubuntu system) instance. For details of remote login, refer to login。

The default account name and password of the ECS instance:

Account name: root

Password: nkYHG890..

3.2 Download the installation package

Run the following command to update the apt installation source:

apt update

Run the following command to install the unpacking tool:

apt install -y unzip zip

Run the following command to download the Terraform installation package:

wget http://labex-ali-data.oss-us-west-1.aliyuncs.com/terraform/terraform_0.14.6_linux_amd64.zip

Run the following command to unpack the Terraform installation package to /usr/local/bin:

unzip terraform_0.14.6_linux_amd64.zip -d /usr/local/bin/

3.3 Create an AccessKey

Refer back to the user’s home directory as shown below, click AccessKey Management.

Click Create AccessKey. After AccessKey has been created successfully, AccessKeyID and AccessKeySecret are displayed. AccessKeySecret is only displayed once. Click Download CSV FIle to save the AccessKeySecret

3.4 Create Resources

Enter the following command to create the “terraform” directory and enter.

mkdir terraform && cd terraform

Enter the command: vim provider.tf, create a “provider.tf” configuration file, copy the following content to the file, save and exit. Please pay attention to replace “YOUR-ACCESS-KEY” and “YOUR-ACCESS-SECRET” with The AccessKey created by the user in Section 3.3.

provider "alicloud" {
  access_key = "YOUR—ACCESS-KEY"
  secret_key = "YOUR-ACCESS-SECRET"
  region     = "us-west-1"
}

Enter the command: vim vpc.tf, create a “vpc.tf” configuration file, copy the following content to the file, save and exit.

variable "vpc_id" {
  default = ""
}

variable "vpc_cidr" {
  default = "192.168.0.0/16"
}

variable "vswitch_ids" {
  default = []
}

variable "vswitch_cidrs" {
  default = ["192.168.1.0/24", "192.168.2.0/24"]
}

variable "zone_id" {
  default = ["us-west-1a", "us-west-1b"]
}

# If there is not specifying vpc_id, the module will launch a new vpc
resource "alicloud_vpc" "vpc" {
  vpc_name   = "labex_vpc"
  count      = var.vpc_id == "" ? 1 : 0
  cidr_block = var.vpc_cidr
}

# According to the vswitch cidr blocks to launch several vswitches
resource "alicloud_vswitch" "vswitches" {
  count             = length(var.vswitch_ids) > 0 ? 0 : length(var.vswitch_cidrs)
  vpc_id            = var.vpc_id == "" ? join("", alicloud_vpc.vpc.*.id) : var.vpc_id
  cidr_block        = element(var.vswitch_cidrs, count.index)
  zone_id           = element(var.zone_id, count.index)
}

Enter the command vim cs.tf to create a “cs.tf” configuration file, copy the following content to the file, save and exit.

variable "worker_instance_types" {
  default = ["ecs.hfc6.large", "ecs.c6.large"]
}

variable "worker_number" {
  default = "3"
}

variable "node_cidr_mask" {
  default = "24"
}

variable "enable_ssh" {
  default = "false"
}

variable "install_cloud_monitor" {
  default = "true"
}

variable "cpu_policy" {
  default = "none"
}

variable "proxy_mode" {
  default = "ipvs"
}

variable "password" {
  default = "Aliyun-test"
}

variable "service_cidr" {
  default = "172.16.0.0/16"
}

variable "pod_cidr" {
  default = "10.67.0.0/16"
}

variable "cluster_addons" {
  description = "Addon components in kubernetes cluster"

  type = list(object({
    name      = string
    config    = string
  }))

  default = [
    {
      "name"     = "flannel",
      "config"   = "",
    }
  ]
}

resource "alicloud_cs_managed_kubernetes" "k8s" {
  name_prefix           = "LabEx-"
  # version can not be defined in variables.tf. Options: 1.22.3-aliyun.1|1.20.11-aliyun.1
  version               = "1.22.3-aliyun.1"
  worker_vswitch_ids    = length(var.vswitch_ids) > 0 ? split(",", join(",", var.vswitch_ids)): length(var.vswitch_cidrs) < 1 ? [] : split(",", join(",", alicloud_vswitch.vswitches.*.id))
  worker_instance_types = var.worker_instance_types
  worker_number         = var.worker_number
  node_cidr_mask        = var.node_cidr_mask
  enable_ssh            = var.enable_ssh
  install_cloud_monitor = var.install_cloud_monitor
  cpu_policy            = var.cpu_policy
  proxy_mode            = var.proxy_mode
  password              = var.password
  service_cidr          = var.service_cidr
  pod_cidr              = var.pod_cidr

  dynamic "addons" {
      for_each = var.cluster_addons
      content {
        name                    = lookup(addons.value, "name", var.cluster_addons)
        config                  = lookup(addons.value, "config", var.cluster_addons)
      }
  }
  runtime = {
    name    = "docker"
    version = "19.03.5"
  }
}

output "cluster_id" {
  value = alicloud_cs_managed_kubernetes.k8s.id
}

Enter the following command to initialize the directory and download the latest provider of Alibaba Cloud.

terraform init

Enter the following command to generate a plan based on the configuration file just created, listing the resources to be created.

terraform plan

Enter the following command to create resources according to the plan.

terraform apply

It is estimated that it will take about 15 minutes to create the resource. Please wait patiently.Sometimes during the resource creation process, the creation may be interrupted due to network timeout, but it does not matter. You can execute the terraform apply command again to continue creating the resource.

The creation is complete.

<font color='red'>The user can cut off the above result picture when doing the experiment and send it to the teacher, indicating that the part of the current chapter has been completed.</font>

4. Access the service

Go back to the Alibaba Cloud Container Service console.

We can see that a Kubernetes cluster has been created.

Click the cluster name to enter the detailed information page.

Check the node information, from the intranet address of the node, it can be seen that the node belongs to different switches and is in different available zones. It is the same as ours in the terraform configuration.

5. Release resources

Return to the command line of the ECS instance and run the following command to automatically release all the resources that you just created:

terraform destroy

Enter Yes to confirm.

The release process may take 5 minutes. Sometimes an error may be reported during the resource release process due to network failures, but it does not matter, just execute the terraform destroy command again to continue the release.

The following image shows the message after the resources are successfully released.

<font color='red'>Users can cut off the above result picture when they are doing the experiment and send it to the teacher, indicating that the current experiment has been completed.</font>

Reminder:
Before you leave this lab, remember to log out your Alibaba RAM account before you click the ‘stop’ button of your lab. Otherwise you’ll encounter some issue when opening a new lab session in the same browser:

6. Experiment summary

In this experiment, we used Terraform to deploy a Kubernetes cluster across multiple zones on Alibaba Cloud. Terraform defines all the resource types, quantities, specifications, and dependencies in the configuration file, and supports the creation and destruction of resources with one click. It is an excellent automatization tool for improving the productivity of O&M.