Sethule umhlinzeki osemthethweni we-Terraform ozosebenzisana no-Selectel. Lo mkhiqizo uvumela abasebenzisi ukuthi basebenzise ngokugcwele ukuphathwa kwensiza ngokusebenzisa indlela yeNgqalasizinda njengekhodi.
Umhlinzeki okwamanje usekela ukuphathwa kwensiza yesevisi (ngemuva kwalokhu kubizwa nge-VPC). Ngokuzayo, sihlela ukungeza ukuphathwa kwensiza kwezinye izinsiza ezihlinzekwa yi-Selectel.
Njengoba wazi kakade, isevisi ye-VPC yakhelwe ku-OpenStack. Kodwa-ke, ngenxa yokuthi i-OpenStack ayinikezi ngamathuluzi omdabu okusebenzela ifu lomphakathi, sisebenzise umsebenzi ongekho kusethi yama-API angeziwe enza ukuphatha izinto eziyinkimbinkimbi futhi enze umsebenzi ube lula. Okunye ukusebenza okutholakala ku-OpenStack kuvaliwe ekusetshenzisweni okuqondile, kodwa kutholakala nge .
Umhlinzeki we-Selectel Terraform manje uhlanganisa ikhono lokuphatha izinsiza ezilandelayo ze-VPC:
- amaphrojekthi kanye nezabelo zawo;
- abasebenzisi, izindima zabo namathokheni;
- ama-subnet omphakathi, okuhlanganisa izindawo ezinqamula izifunda kanye ne-VRRP;
- amalayisensi esofthiwe.
Umhlinzeki usebenzisa ilabhulali yethu ye-Go yomphakathi ukuze asebenze ne-VPC API. Kokubili umtapo wezincwadi kanye nomhlinzeki ngokwawo bangumthombo ovulekile, ukuthuthukiswa kwabo kwenziwa ku-Github:
- inqolobane yomtapo wolwazi ,
- inqolobane yomhlinzeki .
Ukuphatha ezinye izinsiza zamafu, njengemishini ebonakalayo, amadiski, amaqoqo e-Kubernetes, ungasebenzisa umhlinzeki we-OpenStack Terraform. Amadokhumenti asemthethweni abo bobabili abahlinzeki ayatholakala kulezi zixhumanisi ezilandelayo:
- Amadokhumenti ensiza ye-Selectel: ,
- Amadokhumenti esisetshenziswa se-OpenStack: .
Ukuqalisa
Ukuze uqalise, udinga ukufaka i-Terraform (imiyalo nezixhumanisi zamaphakheji wokufaka zingatholakala ku- ).
Ukuze isebenze, umhlinzeki udinga ukhiye we-Selectel API, odalwe ngo .
Ama-manifest okusebenza nge-Selectel adalwa kusetshenziswa i-Terraform noma kusetshenziswa isethi yezibonelo esezilungile ezitholakala endaweni yethu yokugcina ye-Github: .
Inqolobane enezibonelo ihlukaniswe yaba izinkomba ezimbili:
- modules, equkethe amamojula amancane angasetshenziswa kabusha athatha isethi yemingcele njengokufaka futhi aphathe isethi encane yezinsiza;
- izibonelo, equkethe izibonelo zesethi ephelele yamamojula axhumene.
Ngemva kokufaka i-Terraform, ukudala ukhiye we-Selectel API nokuzijwayeza ngezibonelo, ake siqhubekele ezibonelweni ezisebenzayo.
Isibonelo sokudala iseva ngediski yendawo
Ake sibheke isibonelo sokudala iphrojekthi, umsebenzisi onendima kanye nomshini obonakalayo onediski yendawo: .
Kufayela i-vars.tf wonke amapharamitha azosetshenziswa lapho kuchazwa amamojula okushaya ucingo. Ezinye zazo zinamanani azenzakalelayo, isibonelo, iseva izodalwa endaweni ru-3a ngokucushwa okulandelayo:
variable "server_vcpus" {
default = 4
}
variable "server_ram_mb" {
default = 8192
}
variable "server_root_disk_gb" {
default = 8
}
variable "server_image_name" {
default = "Ubuntu 18.04 LTS 64-bit"
}
Kufayela main.tf Umhlinzeki we-Selectel uqalisiwe:
provider "selectel" {
token = "${var.sel_token}"
}
Leli fayela futhi liqukethe inani elizenzakalelayo lokhiye we-SSH ozofakwa kuseva:
module "server_local_root_disk" {
...
server_ssh_key = "${file("~/.ssh/id_rsa.pub")}"
}
Uma kudingeka, ungacacisa ukhiye osesidlangalaleni ohlukile. Ukhiye akudingeki ucaciswe njengendlela yefayela; ungakwazi futhi ukwengeza inani njengeyunithi yezinhlamvu.
Ngaphezu kwalokho kuleli fayela kwethulwa amamojula iphrojekthi_nomsebenzisi и server_local_root_disk, elawula izinsiza ezidingekayo.
Ake sibheke la mamojuli ngokuningiliziwe.
Ukudala iphrojekthi nomsebenzisi onendima
Imojula yokuqala idala iphrojekthi nomsebenzisi onendima kuleyo phrojekthi: .
Umsebenzisi odaliwe uzokwazi ukungena ku-OpenStack futhi aphathe izinsiza zayo. Imojula ilula futhi ilawula izinhlangano ezintathu kuphela:
- khetha_vpc_project_v2,
- khetha_vpc_umsebenzisi_v2,
- khetha_vpc_indima_v2.
Ukudala iseva ebonakalayo ngediski yasendaweni
Imojula yesibili iphathelene nokuphatha izinto ze-OpenStack, ezidingekayo ukuze udale iseva ngediski yendawo.
Kufanele unake amanye ama-agumenti acaciswe kule mojula yesisetshenziswa Openstack_compute_instance_v2:
resource "openstack_compute_instance_v2" "instance_1" {
...
lifecycle {
ignore_changes = ["image_id"]
}
vendor_options {
ignore_resize_confirmation = true
}
}
Ukuphikisana zinganaki_izinguquko ikuvumela ukuthi uzibe izinguquko zesibaluli id esithombeni esisetshenziswe ukudala umshini obonakalayo. Enkonzweni ye-VPC, izithombe eziningi ezisesidlangalaleni zibuyekezwa ngokuzenzakalelayo kanye ngesonto futhi ngesikhathi esifanayo zazo id futhi iyashintsha. Lokhu kungenxa yezinto ezingavamile zengxenye ye-OpenStack - Glance, lapho izithombe zibhekwa njengezinhlangano ezingenakuguquleka.
Uma udala noma ulungisa iseva ekhona noma idiski enengxabano image_id isetshenzisiwe id isithombe esisesidlangalaleni, ngemva kokuba leso sithombe sesibuyekeziwe, ukusebenzisa i-manifest ye-Terraform futhi kuzodala kabusha iseva noma idiski. Ukusebenzisa ingxabano zinganaki_izinguquko ikuvumela ukuba ugweme isimo esinjalo.
Qaphela: ukungqubuzana zinganaki_izinguquko yavela ku-Terraform kudala kakhulu: .
Ukuphikisana indiva_resize_confirmation okudingekayo ukuze ushintshe usayizi wediski wendawo ngempumelelo, ama-cores, noma imemori yeseva. Izinguquko ezinjalo zenziwa ngengxenye ye-OpenStack Nova kusetshenziswa isicelo shintsha. Okuzenzakalelayo kwe-Nova ngemva kwesicelo shintsha ibeka iseva esimweni qinisekisa_shintsha usayizi futhi ilinde ukuqinisekiswa okwengeziwe okuvela kumsebenzisi. Nokho, lokhu kuziphatha kungashintshwa ukuze uNova angalindi izenzo ezengeziwe ezivela kumsebenzisi.
I-agumenti eshiwo ivumela i-Terraform ukuthi ingalindi isimo qinisekisa_shintsha usayizi ukuze iseva futhi ilungiselelwe ukuthi iseva ibe sesimweni esisebenzayo ngemva kokushintsha imingcele yayo. I-agumenti iyatholakala kunguqulo 1.10.0 yomhlinzeki we-OpenStack Terraform: .
Ukudala Izinsiza
Ngaphambi kokusebenzisa i-manifest, sicela uqaphele ukuthi esibonelweni sethu, abahlinzeki ababili abahlukene bethulwa, futhi umhlinzeki we-OpenStack uncike kuzinsiza zomhlinzeki we-Selectel, ngoba ngaphandle kokudala umsebenzisi kuphrojekthi, akunakwenzeka ukuphatha izinto ezingezayo. . Ngeshwa, ngesizathu esifanayo asikwazi nje ukusebenzisa umyalo i-terraform iyasebenza ngaphakathi kwesibonelo sethu. Okokuqala kudingeka sikwenze isicelo okwemojuli iphrojekthi_nomsebenzisi futhi emva kwalokho kukho konke okunye.
Qaphela: Lolu daba alukaxazululwa nge-Terraform, ungalandela ingxoxo ku-Github ku- и .
Ukuze udale izinsiza, yiya kuhla lwemibhalo , okuqukethwe kwayo kufanele kube kanje:
$ ls
README.md main.tf vars.tf
Siqala amamojula sisebenzisa umyalo:
$ terraform init
Okukhiphayo kubonisa ukuthi i-Terraform ilanda izinguqulo zakamuva zabahlinzeki ezisebenzisayo futhi ihlola wonke amamojula achazwe esibonelweni.
Okokuqala masisebenzise imojula iphrojekthi_nomsebenzisi. Lokhu kudinga amanani adlulayo mathupha eziguquguqukayo ezingasethiwe:
- sel_akhawunti ngenombolo ye-akhawunti yakho ye-Selectel;
- sel_token ngokhiye wakho we-Selectel API;
- igama_lomsebenzisi nephasiwedi yomsebenzisi we-OpenStack.
Amanani okuguquguqukayo okubili kokuqala kufanele athathwe kuwo .
Okwehlukile kokugcina, ungathola noma iyiphi iphasiwedi.
Ukuze usebenzise imojuli udinga ukushintsha amanani SEL_ACCOUNT, SEL_TOKEN и USER_PASSWORD sebenzisa umyalo:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply -target=module.project_with_user
Ngemva kokusebenzisa umyalo, i-Terraform izobonisa ukuthi yiziphi izinsiza efuna ukuzenza futhi icele ukuqinisekiswa:
Plan: 3 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
Uma iphrojekthi, umsebenzisi neqhaza selidaliwe, ungaqala ukudala izinsiza ezisele:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply
Lapho udala izinsiza, naka okukhiphayo kwe-Terraform ngekheli le-IP langaphandle lapho iseva edaliwe izofinyeleleka khona:
module.server_local_root_disk.openstack_networking_floatingip_associate_v2.association_1: Creating...
floating_ip: "" => "x.x.x.x"
Ungasebenza ngomshini obonakalayo odaliwe nge-SSH usebenzisa i-IP eshiwo.
Izinsiza zokuhlela
Ngokungeziwe ekudaleni izinsiza ngokusebenzisa i-Terraform, zingabuye zilungiswe.
Isibonelo, ake sikhulise inani lama-cores nememori yeseva yethu ngokushintsha amanani wamapharamitha. iseva_vcpus и iseva_ram_mb kufayela izibonelo/vpc/server_local_root_disk/main.tf:
- server_vcpus = "${var.server_vcpus}"
- server_ram_mb = "${var.server_ram_mb}"
+ server_vcpus = 8
+ server_ram_mb = 10240
Ngemuva kwalokhu, sibheka ukuthi yiziphi izinguquko lokhu okuzoholela ekusebenziseni umyalo olandelayo:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform plan
Ngenxa yalokho, iTerraform yenza ushintsho lwensiza Openstack_compute_instance_v2 и openstack_compute_flavor_v2.
Sicela uqaphele ukuthi lokhu kuzobandakanya ukuqalisa kabusha umshini obonakalayo odaliwe.
Ukuze usebenzise ukucushwa komshini omusha we-virtual, sebenzisa umyalo i-terraform iyasebenza, esesivele sethule ngaphambilini.
Zonke izinto ezidaliwe zizoboniswa ku :
Kuwethu Ungabona futhi izibonisi zokudala imishini ebonakalayo enamadrayivu enethiwekhi.
Isibonelo sokudala iqoqo le-Kubernetes
Ngaphambi kokuthi sidlulele esibonelweni esilandelayo, sizohlanza izinsiza esizidale ngaphambilini. Ukwenza lokhu kumpande yephrojekthi Masisebenzise umyalo wokususa izinto ze-OpenStack:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform destroy -target=module.server_local_root_disk
Bese ugijima umyalo wokusula izinto ze-Selectel VPC API:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform destroy -target=module.project_with_user
Kuzo zombili izimo, uzodinga ukuqinisekisa ukususwa kwazo zonke izinto:
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
Isibonelo esilandelayo sikuhla lwemibhalo .
Lesi sibonelo sidala iphrojekthi, umsebenzisi oneqhaza kuphrojekthi, futhi siphakamisa iqoqo elilodwa le-Kubernetes. Kufayela i-vars.tf ungabona amanani azenzakalelayo, njengenombolo yamanodi, izici zawo, inguqulo ye-Kubernetes, njll.
Ukwakha izinsiza ezifana nesibonelo sokuqala, okokuqala sizoqala ukuqalisa amamojula nokudala izinsiza zamamojula iphrojekthi_nomsebenzisibese udala konke okunye:
$ terraform init
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply -target=module.project_with_user
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply
Sizodlulisela ukudalwa nokuphathwa kwamaqoqo e-Kubernetes sisebenzisa ingxenye ye-OpenStack Magnum. Ungathola okwengeziwe mayelana nendlela yokusebenza neqoqo kwelinye lethu , kanye naku .
Lapho ulungiselela iqoqo, amadiski kanye nemishini ebonakalayo izokwakhiwa futhi zonke izingxenye ezidingekayo zizofakwa. Ukulungiselela kuthatha cishe imizuzu emi-4, phakathi nalesi sikhathi i-Terraform izobonisa imilayezo efana nalena:
module.kubernetes_cluster.openstack_containerinfra_cluster_v1.cluster_1: Still creating... (3m0s elapsed)
Uma ukufakwa sekuqediwe, i-Terraform izokhombisa ukuthi iqoqo selilungile futhi libonise i-ID yalo:
module.kubernetes_cluster.openstack_containerinfra_cluster_v1.cluster_1: Creation complete after 4m20s (ID: 3c8...)
Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
Ukuphatha iqoqo le-Kubernetes elidaliwe ngokusebenzisa insiza kubctl udinga ukuthola ifayela lokufinyelela leqoqo. Ukuze wenze lokhu, iya kuphrojekthi edalwe nge-Terraform ohlwini lwamaphrojekthi ku-akhawunti yakho:
Okulandelayo, landela isixhumanisi njengo elivela ngezansi kwegama lephrojekthi:
Ukuze uthole imininingwane yokungena, sebenzisa igama lomsebenzisi nephasiwedi oyidalile nge-Terraform. Uma ungazange ukhohlise i-vars.tf noma main.tf ngokwesibonelo sethu, umsebenzisi uzoba negama tf_umsebenzisi. Kufanele usebenzise inani lokuguquguquka njengephasiwedi TF_VAR_user_password, eshiwo ekuqaleni i-terraform iyasebenza ngaphambili.
Ngaphakathi kwephrojekthi udinga ukuya kuthebhu Kubernetes:
Yilapho iqoqo elidalwe nge-Terraform litholakala khona. Landa ifayela le kubctl ungakwazi kuthebhu "Finyelela":
Imiyalo yokufaka itholakala kuthebhu efanayo. kubctl kanye nokusetshenziswa okulandiwe config.yaml.
Ngemuva kokwethulwa kubctl kanye nokusetha ukuguquguquka kwemvelo KUBECONFIG ungasebenzisa i-Kubernetes:
$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-9578f5c87-g6bjf 1/1 Running 0 8m
kube-system coredns-9578f5c87-rvkgd 1/1 Running 0 6m
kube-system heapster-866fcbc879-b6998 1/1 Running 0 8m
kube-system kube-dns-autoscaler-689688988f-8cxhf 1/1 Running 0 8m
kube-system kubernetes-dashboard-7bdb5d4cd7-jcjq9 1/1 Running 0 8m
kube-system monitoring-grafana-84c97bb64d-tc64b 1/1 Running 0 8m
kube-system monitoring-influxdb-7c8ccc75c6-dzk5f 1/1 Running 0 8m
kube-system node-exporter-tf-cluster-rz6nggvs4va7-minion-0 1/1 Running 0 8m
kube-system node-exporter-tf-cluster-rz6nggvs4va7-minion-1 1/1 Running 0 8m
kube-system openstack-cloud-controller-manager-8vrmp 1/1 Running 3 8m
prometeus-monitoring grafana-76bcb7ffb8-4tm7t 1/1 Running 0 8m
prometeus-monitoring prometheus-75cdd77c5c-w29gb 1/1 Running 0 8m
Inombolo yama-cluster node ingashintshwa kalula nge-Terraform.
Kufayela main.tf inani elilandelayo licacisiwe:
cluster_node_count = "${var.cluster_node_count}"
Leli nani lithathelwe indawo elithi i-vars.tf:
variable "cluster_node_count" {
default = 2
}
Ungashintsha noma ivelu ezenzakalelayo ku i-vars.tf, noma ucacise inani elidingekayo ngokuqondile main.tf:
- cluster_node_count = "${var.cluster_node_count}"
+ cluster_node_count = 3
Ukusebenzisa izinguquko, njengasendabeni yesibonelo sokuqala, sebenzisa umyalo i-terraform iyasebenza:
$ env
TF_VAR_sel_account=SEL_ACCOUNT
TF_VAR_sel_token=SEL_TOKEN
TF_VAR_user_password=USER_PASSWORD
terraform apply
Lapho inani lamanodi lishintsha, iqoqo lizohlala litholakala. Ngemuva kokungeza i-node nge-Terraform, ungayisebenzisa ngaphandle kokucushwa okwengeziwe:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
tf-cluster-rz6nggvs4va7-master-0 Ready,SchedulingDisabled master 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-0 Ready <none> 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-1 Ready <none> 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-2 Ready <none> 3m v1.12.4
isiphetho
Kulesi sihloko siye sajwayelana nezindlela eziyinhloko zokusebenza ngokusebenzisa Terraform. Sizojabula uma usebenzisa umhlinzeki osemthethweni we-Selectel Terraform futhi unikeze impendulo.
Noma yiziphi iziphazamisi ezitholakala kumhlinzeki we-Selectel Terraform zingabikwa nge .
Source: www.habr.com