\u5728\u6784\u5efaGKE\u65f6\uff0c\u6211\u4eec\u60f3\u8981\u7ba1\u7406\u5b9e\u9645\u5e94\u7528\u7684\u8bbe\u7f6e\uff0c\u56e0\u6b64\u6211\u4eec\u5c06\u4f7f\u7528Terraform\u6765\u6784\u5efaGKE\u3002
\nTerraform\u63d0\u4f9b\u4e86GKE\u6a21\u5757\uff0c\u4f46\u8fd9\u6b21\u6211\u4eec\u5c06\u4f7f\u7528\u539f\u59cb\u7684Terraform\u8fdb\u884c\u6784\u5efa\u3002<\/p>\n
\u5728\u64b0\u5199\u672c\u6587\u7ae0\u65f6\uff0c\u6211\u4eec\u53c2\u8003\u4e86\u5728JapanContainerDays v18.12\u4e0a\u63d0\u51fa\u7684”showKs” Terraform\u7684\u5b58\u50a8\u5e93\u3002\u975e\u5e38\u611f\u8c22\u4f60\u4eec\u3002<\/p>\n
GitHub – containerdaysjp\/showks-terraform: \u7528\u4e8e\u914d\u7f6eshowk\u73af\u5883\u7684Terraform\u914d\u7f6e\u3002<\/p>\n
\u6211\u8ba4\u4e3a\u8fd8\u6709\u5176\u4ed6\u5145\u6ee1\u4e91\u539f\u751f\u5143\u7d20\u7684\u5b58\u50a8\u5e93\uff0c\u975e\u5e38\u503c\u5f97\u53c2\u8003\u3002<\/p>\n
\u65e5\u672c\u96c6\u88c5\u7bb1\u5929- GitHub<\/p>\n
\u90a3\u4e48\uff0c\u8ba9\u6211\u4eec\u8bd5\u7740\u4f7f\u7528 Teraform \u6765\u6784\u5efa GKE \u5e76\u90e8\u7f72 Guestbook \u5e94\u7528\u7a0b\u5e8f\uff0c\u5e76\u8fdb\u884c\u64cd\u4f5c\u786e\u8ba4\u3002<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
\u8bf7\u53c2\u8003\u4e0b\u9762\u7684\u6587\u6863\uff0c\u5b89\u88c5 Google Cloud SDK \u5e76\u8fdb\u884c\u9879\u76ee\u8bbe\u7f6e\u3002
\nGoogle Cloud SDK \u6587\u6863<\/p>\n
\u542f\u7528\u4ee5\u4e0b\u7684 API\u3002<\/p>\n
\u4f7f\u7528\u4e0b\u5217\u6307\u4ee4\u5c06API\u542f\u7528\u3002<\/p>\n
$ <\/span>gcloud services enable<\/span> \\<\/span>\r\n container.googleapis.com\r\n<\/code><\/pre>\n\u5b89\u88c5 Terraform<\/h1>\n
\u6211\u5011\u5c07\u5b89\u88dd Terraform\u3002
\n\u9019\u6b21\u6211\u5011\u5c07\u5728 Mac \u74b0\u5883\u4e2d\u4f7f\u7528 Homebrew \u9032\u884c\u5b89\u88dd\u3002<\/p>\n
$ <\/span>brew install <\/span>terraform\r\n<\/code><\/pre>\n\u521b\u5efa Terraform \u670d\u52a1\u5e10\u6237<\/h1>\n
\u521b\u5efa\u7528\u4e8e Terraform \u4f7f\u7528\u7684\u670d\u52a1\u5e10\u53f7\u3002<\/p>\n
$ GCP_PROJECT<\/span>=<\/span>$(<\/span>gcloud info --format<\/span>=<\/span>'value(config.project)'<\/span>)<\/span>\r\n$ TERRAFORM_SA<\/span>=<\/span>terraform-service-account\r\n\r\n$ <\/span>gcloud iam service-accounts create $TERRAFORM_SA<\/span> \\<\/span>\r\n --project<\/span>=<\/span>$GCP_PROJECT<\/span> \\<\/span>\r\n --display-name<\/span> $TERRAFORM_SA<\/span>\r\n<\/code><\/pre>\n\u7ed9\u521b\u5efa\u7684 Terraform \u670d\u52a1\u5e10\u6237\u5206\u914d\u4ee5\u4e0b\u89d2\u8272\u3002<\/p>\n
\n- \n
roles\/iam.serviceAccountUser<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
roles\/compute.admin<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
roles\/storage.admin<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
roles\/container.clusterAdmin<\/ul>\n
$ TERRAFORM_SA_EMAIL<\/span>=<\/span>$(<\/span>gcloud iam service-accounts list \\<\/span>\r\n --project<\/span>=<\/span>$GCP_PROJECT<\/span> \\<\/span>\r\n --filter<\/span>=<\/span>\"displayName:<\/span>$TERRAFORM_SA<\/span>\"<\/span> \\<\/span>\r\n --format<\/span>=<\/span>'value(email)'<\/span>)<\/span>\r\n\r\n$ <\/span>gcloud projects add-iam-policy-binding $GCP_PROJECT<\/span> \\<\/span>\r\n --role<\/span> roles\/iam.serviceAccountUser \\<\/span>\r\n --member<\/span> serviceAccount:$TERRAFORM_SA_EMAIL<\/span>\r\n\r\n$ <\/span>gcloud projects add-iam-policy-binding $GCP_PROJECT<\/span> \\<\/span>\r\n --role<\/span> roles\/compute.admin \\<\/span>\r\n --member<\/span> serviceAccount:$TERRAFORM_SA_EMAIL<\/span>\r\n\r\n$ <\/span>gcloud projects add-iam-policy-binding $GCP_PROJECT<\/span> \\<\/span>\r\n --role<\/span> roles\/storage.admin \\<\/span>\r\n --member<\/span> serviceAccount:$TERRAFORM_SA_EMAIL<\/span>\r\n\r\n$ <\/span>gcloud projects add-iam-policy-binding $GCP_PROJECT<\/span> \\<\/span>\r\n --role<\/span> roles\/container.clusterAdmin \\<\/span>\r\n --member<\/span> serviceAccount:$TERRAFORM_SA_EMAIL<\/span>\r\n<\/code><\/pre>\n\u521b\u5efa\u4e00\u4e2a\u7528\u4e8e\u7ba1\u7406.tfstate\u6587\u4ef6\u7684Google Cloud Storage\u5b58\u50a8\u6876\u3002<\/h1>\n
\u5728Terraform\u4e2d\uff0c\u6211\u4eec\u4f7f\u7528\u6269\u5c55\u540d\u4e3a.tfstate\u7684\u6587\u4ef6\u6765\u7ba1\u7406\u6240\u7ba1\u7406\u8d44\u6e90\u7684\u72b6\u6001\u3002
\n\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8fd9\u4e9b\u6587\u4ef6\u4fdd\u5b58\u5728\u672c\u5730\uff0c\u4f46\u7531\u4e8e\u65e0\u6cd5\u5171\u4eab\uff0c\u6240\u4ee5\u6211\u4eec\u5c06\u5176\u4fdd\u5b58\u5728\u8fdc\u7a0b\u3002
\n\u672c\u6b21\u6211\u4eec\u5c06\u4f7f\u7528Google Cloud Storage\uff08GCS\uff09\u4f5c\u4e3a\u8fdc\u7a0b\u5b58\u50a8\u5e93\u6765\u7ba1\u7406.tfstate\u6587\u4ef6\u3002
\n\u8bf7\u6ce8\u610f\uff0c\u5b58\u50a8\u6876\u540d\u79f0\u5fc5\u987b\u5728\u6574\u4e2aGCS\u4e2d\u662f\u552f\u4e00\u7684\u3002
\n\u6211\u4eec\u793a\u4f8b\u4e2d\u4f7f\u7528\u4e86tf-state-prod\u4f5c\u4e3a\u5b58\u50a8\u6876\u540d\u79f0\u3002<\/p>\n
$ GCS_CLASS<\/span>=<\/span>multi_regional\r\n$ GCS_BUCKET<\/span>=<\/span>tf-state-prod\r\n\r\n$ <\/span>gsutil mb -p<\/span> $GCP_PROJECT<\/span> -c<\/span> $GCS_CLASS<\/span> -l<\/span> asia gs:\/\/$GCS_BUCKET<\/span>\/\r\n<\/code><\/pre>\n\u521b\u5efa.tf\u6587\u4ef6<\/h1>\n\u58f0\u660e\u53d8\u91cf<\/h2>\n
\u521b\u5efa variables.tf \u6587\u4ef6\u6765\u5b9a\u4e49\u5728\u5404\u4e2a\u8d44\u6e90\u4e2d\u6240\u9700\u7684\u53d8\u91cf\u3002
\n\u4f7f\u7528 GKE \u7684\u7248\u672c\u662f\u5728\u64b0\u5199\u65f6\uff082019\/03\uff09\u7684\u6700\u65b0\u7248\u672c 1.12.6-gke.7\u3002<\/p>\n
variable<\/span> \"project\"<\/span> {}<\/span>\r\n\r\nvariable<\/span> \"cluster_name\"<\/span> {<\/span>\r\n default<\/span> =<\/span> \"cluster\"<\/span>\r\n}<\/span>\r\n\r\nvariable<\/span> \"location\"<\/span> {<\/span>\r\n default<\/span> =<\/span> \"asia-northeast1-a\"<\/span>\r\n}<\/span>\r\n\r\nvariable<\/span> \"network\"<\/span> {<\/span>\r\n default<\/span> =<\/span> \"default\"<\/span>\r\n}<\/span>\r\n\r\nvariable<\/span> \"primary_node_count\"<\/span> {<\/span>\r\n default<\/span> =<\/span> \"3\"<\/span>\r\n}<\/span>\r\n\r\nvariable<\/span> \"machine_type\"<\/span> {<\/span>\r\n default<\/span> =<\/span> \"n1-standard-1\"<\/span>\r\n}<\/span>\r\n\r\nvariable<\/span> \"min_master_version\"<\/span> {<\/span>\r\n default<\/span> =<\/span> \"1.12.6-gke.7\"<\/span>\r\n}<\/span>\r\n\r\nvariable<\/span> \"node_version\"<\/span> {<\/span>\r\n default<\/span> =<\/span> \"1.12.6-gke.7\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u5b9a\u4e49GCP\u7684\u63d0\u4f9b\u5546\u4fe1\u606f<\/h2>\n
\u5728\u4f7f\u7528GCP\u63d0\u4f9b\u5546\u65f6\uff0c\u6211\u4eec\u9700\u8981\u521b\u5efa\u4e00\u4e2aprovider.tf\u6587\u4ef6\u3002<\/p>\n
provider<\/span> \"google\"<\/span> {<\/span>\r\n project<\/span> =<\/span> \"${var.project}\"<\/span>\r\n region<\/span> =<\/span> \"${var.location}\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u5b9a\u4e49\u540e\u7aef<\/h2>\n
\u521b\u5efa\u4e00\u4e2a\u540d\u4e3abackend.tf\u7684\u6587\u4ef6\u6765\u5b9a\u4e49\u7ba1\u7406.tfstate\u6587\u4ef6\u7684\u540e\u7aef\u3002\u5728\u672c\u4f8b\u4e2d\uff0c\u5c06\u4f7f\u7528GCS\u4f5c\u4e3a\u540e\u7aef\u3002
\n\u8bf7\u6307\u5b9a\u4e00\u4e2a\u4e8b\u5148\u521b\u5efa\u7684GCS\u5b58\u50a8\u6876\u7684\u540d\u79f0\u4f5c\u4e3abucket_name\u3002<\/p>\n
terraform<\/span> {<\/span>\r\n backend<\/span> \"gcs\"<\/span> {<\/span>\r\n bucket<\/span> =<\/span> \"tf-state-prod\"<\/span>\r\n prefix<\/span> =<\/span> \"terraform\/state\"<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u5b9a\u4e49GKE<\/h2>\n
\u6211\u4eec\u6765\u521b\u5efa\u4e00\u4e2a\u7528\u4e8e\u5b9a\u4e49GKE\u7684gke.tf\u6587\u4ef6\u3002<\/p>\n
resource<\/span> \"google_container_cluster\"<\/span> \"primary\"<\/span> {<\/span>\r\n name<\/span> =<\/span> \"primary-${var.cluster_name}\"<\/span>\r\n location<\/span> =<\/span> \"${var.location}\"<\/span>\r\n\r\n remove_default_node_pool<\/span> =<\/span> true<\/span>\r\n initial_node_count<\/span> =<\/span> 1<\/span>\r\n\r\n network<\/span> =<\/span> \"${var.network}\"<\/span>\r\n\r\n min_master_version<\/span> =<\/span> \"${var.min_master_version}\"<\/span>\r\n node_version<\/span> =<\/span> \"${var.node_version}\"<\/span>\r\n\r\n master_auth<\/span> {<\/span>\r\n username<\/span> =<\/span> \"\"<\/span>\r\n password<\/span> =<\/span> \"\"<\/span>\r\n\r\n client_certificate_config<\/span> {<\/span>\r\n issue_client_certificate<\/span> =<\/span> false<\/span>\r\n }<\/span>\r\n }<\/span>\r\n}<\/span>\r\n\r\nresource<\/span> \"google_container_node_pool\"<\/span> \"primary_nodes\"<\/span> {<\/span>\r\n name<\/span> =<\/span> \"primary-${var.cluster_name}-nodes\"<\/span>\r\n location<\/span> =<\/span> \"${var.location}\"<\/span>\r\n cluster<\/span> =<\/span> \"${google_container_cluster.primary.name}\"<\/span>\r\n node_count<\/span> =<\/span> \"${var.primary_node_count}\"<\/span>\r\n\r\n management<\/span> {<\/span>\r\n auto_repair<\/span> =<\/span> true<\/span>\r\n }<\/span>\r\n\r\n node_config<\/span>