• Terraform入门教程,示例展示管理Docker和Kubernetes资源


    我最新最全的文章都在 南瓜慢说 www.pkslow.com ,欢迎大家来喝茶!

    1 简介

    最近工作中用到了Terraform,权当学习记录一下,希望能帮助到其它人。

    Terraform系列文章如下:

    Terraform入门教程,示例展示管理Docker和Kubernetes资源

    Terraform插件Provider管理,搜索、定义、下载

    Terraform状态State管理,让变更有记录

    Terraform模块Module管理,聚合资源的抽取与复用

    Terraform常用命令

    Terraform是一个可快速部署、方便管理IT基础架构配置的工具,它的理念是Infrastructure as Code,一切资源都是代码。如虚拟机、网络、DNS等,这些都通过代码来管理部署,而不是人工手动的去创建、删除等。它能大大减少人为操作的风险,能快速部署多套环境,适应多种硬件资源,特别适合云环境:AWS、GCP、Azure、阿里云等。

    它通过丰富的Providers来管理多种类型的资源,就像是插件一样,如GCP、Docker、Kubernetes等。

    本文将通过演示讲解如何部署Docker/Kubernetes资源。

    2 安装

    到官方下载界面对应的二进制文件,我通过命令操作,我选择的是Mac的版本:

    # 创建目录
    $ mkdir terraform
    $ cd terraform/
    # 下载安装包
    $ wget https://releases.hashicorp.com/terraform/0.15.4/terraform_0.15.4_darwin_amd64.zip
    # 解压
    $ unzip terraform_0.15.4_darwin_amd64.zip
    # 查看版本,显示安装成功
    $ ./terraform --version
    Terraform v0.15.4
    on darwin_amd64
    

    成功显示了版本,我们把它添加到环境变量中去即可。

    3 部署Docker资源

    创建个目录:

    $ mkdir terraform-docker-demo && cd $_
    

    创建一个main.tf文件,写入以下内容:

    terraform {
      required_providers {
        docker = {
          source = "kreuzwerker/docker"
        }
      }
    }
    
    provider "docker" {}
    
    resource "docker_image" "nginx" {
      name         = "nginx:latest"
      keep_locally = false
    }
    
    resource "docker_container" "nginx" {
      image = docker_image.nginx.latest
      name  = "tutorial"
      ports {
        internal = 80
        external = 8000
      }
    }
    

    根据main.tf初始化项目:

    $ terraform init
    
    Initializing the backend...
    
    Initializing provider plugins...
    - Finding latest version of kreuzwerker/docker...
    - Installing kreuzwerker/docker v2.12.2...
    - Installed kreuzwerker/docker v2.12.2 (self-signed, key ID 24E54F214569A8A5)
    
    Partner and community providers are signed by their developers.
    If you'd like to know more about provider signing, you can read about it here:
    https://www.terraform.io/docs/cli/plugins/signing.html
    
    Terraform has created a lock file .terraform.lock.hcl to record the provider
    selections it made above. Include this file in your version control repository
    so that Terraform can guarantee to make the same selections by default when
    you run "terraform init" in the future.
    
    Terraform has been successfully initialized!
    
    You may now begin working with Terraform. Try running "terraform plan" to see
    any changes that are required for your infrastructure. All Terraform commands
    should now work.
    
    If you ever set or change modules or backend configuration for Terraform,
    rerun this command to reinitialize your working directory. If you forget, other
    commands will detect it and remind you to do so if necessary.
    

    我们先执行plan来看看它将会有什么变更:

    $ terraform plan
    
    Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
      + create
    
    Terraform will perform the following actions:
    
      # docker_container.nginx will be created
      + resource "docker_container" "nginx" {
          + attach           = false
          + bridge           = (known after apply)
          + command          = (known after apply)
          + container_logs   = (known after apply)
          + entrypoint       = (known after apply)
          + env              = (known after apply)
          + exit_code        = (known after apply)
          + gateway          = (known after apply)
          + hostname         = (known after apply)
          + id               = (known after apply)
          + image            = (known after apply)
          + init             = (known after apply)
          + ip_address       = (known after apply)
          + ip_prefix_length = (known after apply)
          + ipc_mode         = (known after apply)
          + log_driver       = "json-file"
          + logs             = false
          + must_run         = true
          + name             = "tutorial"
          + network_data     = (known after apply)
          + read_only        = false
          + remove_volumes   = true
          + restart          = "no"
          + rm               = false
          + security_opts    = (known after apply)
          + shm_size         = (known after apply)
          + start            = true
          + stdin_open       = false
          + tty              = false
    
          + healthcheck {
              + interval     = (known after apply)
              + retries      = (known after apply)
              + start_period = (known after apply)
              + test         = (known after apply)
              + timeout      = (known after apply)
            }
    
          + labels {
              + label = (known after apply)
              + value = (known after apply)
            }
    
          + ports {
              + external = 8000
              + internal = 80
              + ip       = "0.0.0.0"
              + protocol = "tcp"
            }
        }
    
      # docker_image.nginx will be created
      + resource "docker_image" "nginx" {
          + id           = (known after apply)
          + keep_locally = false
          + latest       = (known after apply)
          + name         = "nginx:latest"
          + output       = (known after apply)
        }
    
    Plan: 2 to add, 0 to change, 0 to destroy.
    

    执行变更:

    $ terraform apply
    docker_image.nginx: Creating...
    docker_image.nginx: Still creating... [10s elapsed]
    docker_image.nginx: Still creating... [20s elapsed]
    docker_image.nginx: Creation complete after 28s [id=sha256:d1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdeenginx:latest]
    docker_container.nginx: Creating...
    docker_container.nginx: Creation complete after 1s [id=0dac86e383366959bd976cc843c88395a17c5734d729f62f07106caf604b466f]
    

    它自动帮我们下载了镜像和启动了容器。通过以下命令查看nginx的主页:

    $ curl http://localhost:8000
    

    现在我不想要这些资源了,通过以下命令删除:

    $ terraform destroy
    docker_container.nginx: Destroying... [id=0dac86e383366959bd976cc843c88395a17c5734d729f62f07106caf604b466f]
    docker_container.nginx: Destruction complete after 0s
    docker_image.nginx: Destroying... [id=sha256:d1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdeenginx:latest]
    docker_image.nginx: Destruction complete after 1s
    

    4 部署Kubernetes资源

    创建目录:

    $ mkdir terraform-kubernetes-demo && cd $_
    

    创建main.tf文件:

    terraform {
      required_providers {
        kubernetes = {
          source  = "hashicorp/kubernetes"
          version = ">= 2.0.0"
        }
      }
    }
    provider "kubernetes" {
      config_path = "~/.kube/config"
    }
    resource "kubernetes_namespace" "test" {
      metadata {
        name = "nginx"
      }
    }
    resource "kubernetes_deployment" "test" {
      metadata {
        name      = "nginx"
        namespace = kubernetes_namespace.test.metadata.0.name
      }
      spec {
        replicas = 2
        selector {
          match_labels = {
            app = "MyTestApp"
          }
        }
        template {
          metadata {
            labels = {
              app = "MyTestApp"
            }
          }
          spec {
            container {
              image = "nginx"
              name  = "nginx-container"
              port {
                container_port = 80
              }
            }
          }
        }
      }
    }
    resource "kubernetes_service" "test" {
      metadata {
        name      = "nginx"
        namespace = kubernetes_namespace.test.metadata.0.name
      }
      spec {
        selector = {
          app = kubernetes_deployment.test.spec.0.template.0.metadata.0.labels.app
        }
        type = "NodePort"
        port {
          node_port   = 30201
          port        = 80
          target_port = 80
        }
      }
    }
    

    直接执行:

    terraform init
    terraform apply
    

    检查结果:

    $ kubectl -n nginx get deployment
    NAME    READY   UP-TO-DATE   AVAILABLE   AGE
    nginx   2/2     2            2           2m
    
    $ kubectl -n nginx get service
    NAME    TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
    nginx   NodePort   10.98.213.164   <none>        80:30201/TCP   71s
    
    $ curl http://localhost:30201
    

    测试完成,删除:

    terraform destroy
    

    5 总结

    Terraform在云计算领域还是有自己的一席之地的,值得了解学习。

    代码请查看:https://github.com/LarryDpk/pkslow-samples


    欢迎关注微信公众号<南瓜慢说>,将持续为你更新...

    多读书,多分享;多写作,多整理。

  • 相关阅读:
    msp430入门编程25
    msp430入门编程24
    msp430入门编程23
    msp430入门编程22
    msp430入门编程21
    msp430入门编程20
    msp430入门编程16
    msp430入门编程15
    msp430入门编程14
    msp430入门编程13
  • 原文地址:https://www.cnblogs.com/larrydpk/p/14961722.html
Copyright © 2020-2023  润新知