使用Terraform创建GKE集群和名称空间 [英] Create GKE cluster and namespace with Terraform
问题描述
我需要创建GKE集群,然后创建名称空间,并通过头盔将db安装到该名称空间.现在我有gke-cluster.tf,它使用节点池和helm.tf创建集群,该集群具有kubernetes提供程序和helm_release资源.它首先创建集群,但随后尝试安装db,但命名空间尚不存在,因此我必须再次运行terraform apply,它才能工作.我想避免使用多个文件夹的情况,并且只运行一次terraform apply.这样的现场调查有什么好的做法?感谢您的回答.
I need to create GKE cluster and then create namespace and install db through helm to that namespace. Now I have gke-cluster.tf that creates cluster with node pool and helm.tf, that has kubernetes provider and helm_release resource. It first creates cluster, but then tries to install db but namespace doesn't exist yet, so I have to run terraform apply again and it works. I want to avoid scenario with multiple folder and run terraform apply only once. What's the good practice for situaction like this? Thanks for the answers.
推荐答案
用户adp发布的解决方案是正确的,但是我想就运行单的这个特定示例,提供更多关于使用Terraform的见解. >命令:
The solution posted by user adp is correct but I wanted to give more insight on using Terraform for this particular example in regards of running single commmand:
-
$ terraform apply --auto-approve.
基于以下评论:
可以告诉您如何创建名称空间吗? kubernetes提供者吗? -戴维德·克鲁克(Dawid Kruk)
Can you tell how are you creating your namespace? Is it with kubernetes provider? - Dawid Kruk
资源"kubernetes_namespace"; -约瑟夫·弗拉纳(Jozef Vrana)
resource "kubernetes_namespace" - Jozef Vrana
此设置需要特定的执行顺序.首先是集群,然后是资源.默认情况下,Terraform将尝试同时创建所有资源.使用参数depends_on = [VALUE]至关重要.
This setup needs specific order of execution. First the cluster, then the resources. By default Terraform will try to create all of the resources at the same time. It is crucial to use a parameter depends_on = [VALUE].
下一个问题是kubernetes提供程序将尝试在过程开始时从~/.kube/config获取凭据.它不会等待群集配置获取实际凭据.它可以:
The next issue is that the kubernetes provider will try to fetch the credentials at the start of the process from ~/.kube/config. It will not wait for the cluster provisioning to get the actual credentials. It could:
- 没有
.kube/config时失败
- 获取错误群集的凭据.
- fail when there is no
.kube/config - fetch credentials for the wrong cluster.
有持续的功能请求来解决这种用例(也有一些解决方法):
There is ongoing feature request to resolve this kind of use case (also there are some workarounds):
例如:
# Create cluster
resource "google_container_cluster" "gke-terraform" {
project = "PROJECT_ID"
name = "gke-terraform"
location = var.zone
initial_node_count = 1
}
# Get the credentials
resource "null_resource" "get-credentials" {
depends_on = [google_container_cluster.gke-terraform]
provisioner "local-exec" {
command = "gcloud container clusters get-credentials ${google_container_cluster.gke-terraform.name} --zone=europe-west3-c"
}
}
# Create a namespace
resource "kubernetes_namespace" "awesome-namespace" {
depends_on = [null_resource.get-credentials]
metadata {
name = "awesome-namespace"
}
}
假设您之前配置了集群以供使用,而您没有将其删除:
Assuming that you had earlier configured cluster to work on and you didn't delete it:
-
已获取Kubernetes集群的凭据.
Credentials for Kubernetes cluster are fetched.
Terraform将创建一个名为gke-terraform
Terraform will create a cluster named gke-terraform
Terraform将运行本地命令以获取gke-terraform群集的凭据
Terraform will run a local command to get the credentials for gke-terraform cluster
Terraform将创建一个名称空间(使用旧信息):
Terraform will create a namespace (using old information):
- 如果在
.kube/config中配置了另一个集群,它将在该集群中创建一个命名空间(以前的集群) - 如果您删除了先前的群集,它将尝试在该群集中创建一个命名空间,并且会失败(上一个)
- 如果没有
.kube/config,它将在开始时失败
- if you had another cluster in
.kube/configconfigured, it will create a namespace in that cluster (previous one) - if you deleted your previous cluster, it will try to create a namespace in that cluster and fail (previous one)
- if you had no
.kube/configit will fail on the start
重要!
使用"helm_release"资源似乎在配置资源时获得凭据,而不是在一开始!
Using "helm_release" resource seems to get the credentials when provisioning the resources, not at the start!
如前所述,您可以使用helm provider来配置群集上的资源,从而避免上述问题.
As said you can use helm provider to provision the resources on your cluster to avoid the issues I described above.
运行单个命令以创建集群并在其上配置资源的示例:
Example on running a single command for creating a cluster and provisioning resources on it:
variable zone {
type = string
default = "europe-west3-c"
}
resource "google_container_cluster" "gke-terraform" {
project = "PROJECT_ID"
name = "gke-terraform"
location = var.zone
initial_node_count = 1
}
data "google_container_cluster" "gke-terraform" {
project = "PROJECT_ID"
name = "gke-terraform"
location = var.zone
}
resource "null_resource" "get-credentials" {
# do not start before resource gke-terraform is provisioned
depends_on = [google_container_cluster.gke-terraform]
provisioner "local-exec" {
command = "gcloud container clusters get-credentials ${google_container_cluster.gke-terraform.name} --zone=${var.zone}"
}
}
resource "helm_release" "mydatabase" {
name = "mydatabase"
chart = "stable/mariadb"
# do not start before the get-credentials resource is run
depends_on = [null_resource.get-credentials]
set {
name = "mariadbUser"
value = "foo"
}
set {
name = "mariadbPassword"
value = "qux"
}
}
使用上述配置将产生:
data.google_container_cluster.gke-terraform: Refreshing state...
google_container_cluster.gke-terraform: Creating...
google_container_cluster.gke-terraform: Still creating... [10s elapsed]
<--OMITTED-->
google_container_cluster.gke-terraform: Still creating... [2m30s elapsed]
google_container_cluster.gke-terraform: Creation complete after 2m38s [id=projects/PROJECT_ID/locations/europe-west3-c/clusters/gke-terraform]
null_resource.get-credentials: Creating...
null_resource.get-credentials: Provisioning with 'local-exec'...
null_resource.get-credentials (local-exec): Executing: ["/bin/sh" "-c" "gcloud container clusters get-credentials gke-terraform --zone=europe-west3-c"]
null_resource.get-credentials (local-exec): Fetching cluster endpoint and auth data.
null_resource.get-credentials (local-exec): kubeconfig entry generated for gke-terraform.
null_resource.get-credentials: Creation complete after 1s [id=4191245626158601026]
helm_release.mydatabase: Creating...
helm_release.mydatabase: Still creating... [10s elapsed]
<--OMITTED-->
helm_release.mydatabase: Still creating... [1m40s elapsed]
helm_release.mydatabase: Creation complete after 1m44s [id=mydatabase]
这篇关于使用Terraform创建GKE集群和名称空间的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
