我最新最全的文章都在南瓜慢说 www.pkslow.com,欢迎大家来喝茶!

1 简介

最近工作中用到了Terraform,权当学习记录一下,希望能帮助到其它人。

Terraform系列文章如下:

Terraform入门教程,示例展示管理Docker和Kubernetes资源

Terraform插件Provider管理,搜索、定义、下载

Terraform状态State管理,让变更有记录

Terraform模块Module管理,聚合资源的抽取与复用

Terraform常用命令

Terraform是一个可快速部署、方便管理IT基础架构配置的工具,它的理念是Infrastructure as Code,一切资源都是代码。如虚拟机、网络、DNS等,这些都通过代码来管理部署,而不是人工手动的去创建、删除等。它能大大减少人为操作的风险,能快速部署多套环境,适应多种硬件资源,特别适合云环境:AWS、GCP、Azure、阿里云等。

它通过丰富的Providers来管理多种类型的资源,就像是插件一样,如GCP、Docker、Kubernetes等。

本文将通过演示讲解如何部署Docker/Kubernetes资源。

2 安装

到官方下载界面对应的二进制文件,我通过命令操作,我选择的是Mac的版本:

# 创建目录

$ mkdir terraform

$ cd terraform/

# 下载安装包

$ wget https://releases.hashicorp.com/terraform/0.15.4/terraform_0.15.4_darwin_amd64.zip

# 解压

$ unzip terraform_0.15.4_darwin_amd64.zip

# 查看版本,显示安装成功

$ ./terraform --version

Terraform v0.15.4

on darwin_amd64

成功显示了版本,我们把它添加到环境变量中去即可。

3 部署Docker资源

创建个目录:

$ mkdir terraform-docker-demo && cd $_

创建一个main.tf文件,写入以下内容:

terraform {

  required_providers {

    docker = {

      source = "kreuzwerker/docker"

    }

  }

}

provider "docker" {}

resource "docker_image" "nginx" {

  name         = "nginx:latest"

  keep_locally = false

}

resource "docker_container" "nginx" {

  image = docker_image.nginx.latest

  name  = "tutorial"

  ports {

    internal = 80

    external = 8000

  }

}

根据main.tf初始化项目:

$ terraform init

Initializing the backend...

Initializing provider plugins...

- Finding latest version of kreuzwerker/docker...

- Installing kreuzwerker/docker v2.12.2...

- Installed kreuzwerker/docker v2.12.2 (self-signed, key ID 24E54F214569A8A5)

Partner and community providers are signed by their developers.

If you'd like to know more about provider signing, you can read about it here:

https://www.terraform.io/docs/cli/plugins/signing.html

Terraform has created a lock file .terraform.lock.hcl to record the provider

selections it made above. Include this file in your version control repository

so that Terraform can guarantee to make the same selections by default when

you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see

any changes that are required for your infrastructure. All Terraform commands

should now work.

If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other

commands will detect it and remind you to do so if necessary.

我们先执行plan来看看它将会有什么变更:

$ terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

  + create

Terraform will perform the following actions:

  # docker_container.nginx will be created

  + resource "docker_container" "nginx" {

      + attach           = false

      + bridge           = (known after apply)

      + command          = (known after apply)

      + container_logs   = (known after apply)

      + entrypoint       = (known after apply)

      + env              = (known after apply)

      + exit_code        = (known after apply)

      + gateway          = (known after apply)

      + hostname         = (known after apply)

      + id               = (known after apply)

      + image            = (known after apply)

      + init             = (known after apply)

      + ip_address       = (known after apply)

      + ip_prefix_length = (known after apply)

      + ipc_mode         = (known after apply)

      + log_driver       = "json-file"

      + logs             = false

      + must_run         = true

      + name             = "tutorial"

      + network_data     = (known after apply)

      + read_only        = false

      + remove_volumes   = true

      + restart          = "no"

      + rm               = false

      + security_opts    = (known after apply)

      + shm_size         = (known after apply)

      + start            = true

      + stdin_open       = false

      + tty              = false

      + healthcheck {

          + interval     = (known after apply)

          + retries      = (known after apply)

          + start_period = (known after apply)

          + test         = (known after apply)

          + timeout      = (known after apply)

        }

      + labels {

          + label = (known after apply)

          + value = (known after apply)

        }

      + ports {

          + external = 8000

          + internal = 80

          + ip       = "0.0.0.0"

          + protocol = "tcp"

        }

    }

  # docker_image.nginx will be created

  + resource "docker_image" "nginx" {

      + id           = (known after apply)

      + keep_locally = false

      + latest       = (known after apply)

      + name         = "nginx:latest"

      + output       = (known after apply)

    }

Plan: 2 to add, 0 to change, 0 to destroy.

执行变更:

$ terraform apply

docker_image.nginx: Creating...

docker_image.nginx: Still creating... [10s elapsed]

docker_image.nginx: Still creating... [20s elapsed]

docker_image.nginx: Creation complete after 28s [id=sha256:d1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdeenginx:latest]

docker_container.nginx: Creating...

docker_container.nginx: Creation complete after 1s [id=0dac86e383366959bd976cc843c88395a17c5734d729f62f07106caf604b466f]

它自动帮我们下载了镜像和启动了容器。通过以下命令查看nginx的主页:

$ curl http://localhost:8000

现在我不想要这些资源了,通过以下命令删除:

$ terraform destroy

docker_container.nginx: Destroying... [id=0dac86e383366959bd976cc843c88395a17c5734d729f62f07106caf604b466f]

docker_container.nginx: Destruction complete after 0s

docker_image.nginx: Destroying... [id=sha256:d1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdeenginx:latest]

docker_image.nginx: Destruction complete after 1s

4 部署Kubernetes资源

创建目录:

$ mkdir terraform-kubernetes-demo && cd $_

创建main.tf文件:

terraform {

  required_providers {

    kubernetes = {

      source  = "hashicorp/kubernetes"

      version = ">= 2.0.0"

    }

  }

}

provider "kubernetes" {

  config_path = "~/.kube/config"

}

resource "kubernetes_namespace" "test" {

  metadata {

    name = "nginx"

  }

}

resource "kubernetes_deployment" "test" {

  metadata {

    name      = "nginx"

    namespace = kubernetes_namespace.test.metadata.0.name

  }

  spec {

    replicas = 2

    selector {

      match_labels = {

        app = "MyTestApp"

      }

    }

    template {

      metadata {

        labels = {

          app = "MyTestApp"

        }

      }

      spec {

        container {

          image = "nginx"

          name  = "nginx-container"

          port {

            container_port = 80

          }

        }

      }

    }

  }

}

resource "kubernetes_service" "test" {

  metadata {

    name      = "nginx"

    namespace = kubernetes_namespace.test.metadata.0.name

  }

  spec {

    selector = {

      app = kubernetes_deployment.test.spec.0.template.0.metadata.0.labels.app

    }

    type = "NodePort"

    port {

      node_port   = 30201

      port        = 80

      target_port = 80

    }

  }

}

直接执行:

terraform init

terraform apply

检查结果:

$ kubectl -n nginx get deployment

NAME    READY   UP-TO-DATE   AVAILABLE   AGE

nginx   2/2     2            2           2m

$ kubectl -n nginx get service

NAME    TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE

nginx   NodePort   10.98.213.164   <none>        80:30201/TCP   71s

$ curl http://localhost:30201

测试完成,删除:

terraform destroy

5 总结

Terraform在云计算领域还是有自己的一席之地的,值得了解学习。

代码请查看:https://github.com/LarryDpk/pkslow-samples

欢迎关注微信公众号<南瓜慢说>,将持续为你更新...

多读书,多分享;多写作,多整理。

Terraform入门教程,示例展示管理Docker和Kubernetes资源的更多相关文章

  1. Docker入门教程(七)Docker API

    Docker入门教程(七)Docker API [编者的话]DockerOne组织翻译了Flux7的Docker入门教程,本文是系列入门教程的第七篇,重点介绍了Docker Registry API和 ...

  2. Docker入门教程(五)Docker安全

    Docker入门教程(五)Docker安全 [编者的话]DockOne组织翻译了Flux7的Docker入门教程,本文是系列入门教程的第五篇,介绍了Docker的安全问题,依然是老话重谈,入门者可以通 ...

  3. Docker入门教程(八)Docker Remote API

    Docker入门教程(八)Docker Remote API [编者的话]DockerOne组织翻译了Flux7的Docker入门教程,本文是系列入门教程的第八篇,重点介绍了Docker Remote ...

  4. Docker入门教程(四)Docker Registry

    Docker入门教程(四)Docker Registry [编者的话]DockerOne组织翻译了Flux7的Docker入门教程,本文是系列入门教程的第四篇,介绍了Docker Registry,它 ...

  5. Spring MVC 入门教程示例 (一)

    今天和大家分享下  Spring MVC  入门教程 首先还是从 HelloWorld  web 工程开始 -------------------------- 1.首先创建一个Maven Web工程 ...

  6. ABP入门教程9 - 展示层实现增删改查-视图模型

    点这里进入ABP入门教程目录 创建视图模型 在展示层(即JD.CRS.Web.Mvc)的Models下新建文件夹Course //用以存放Course相关视图模型 在JD.CRS.Web.Mvc/Mo ...

  7. ABP入门教程10 - 展示层实现增删改查-控制器

    点这里进入ABP入门教程目录 创建控制器 在展示层(即JD.CRS.Web.Mvc)的Controllers下新建一个控制器CourseController.cs using Abp.Applicat ...

  8. ABP入门教程11 - 展示层实现增删改查-视图

    点这里进入ABP入门教程目录 创建目录 在展示层(即JD.CRS.Web.Mvc)的Views下新建文件夹Course //用以存放Course相关视图 创建视图 在JD.CRS.Web.Mvc/Vi ...

  9. ABP入门教程12 - 展示层实现增删改查-脚本

    点这里进入ABP入门教程目录 创建目录 在展示层(即JD.CRS.Web.Mvc)的\wwwroot\view-resources\Views\下新建文件夹Course //用以存放Course相关脚 ...

随机推荐

  1. .Net Core with 微服务 - 架构图

    上一次我们简单介绍了什么是微服务(.NET Core with 微服务 - 什么是微服务 ).介绍了微服务的来龙去脉,一些基础性的概念.有大佬在评论区指出说这根本不是微服务.由于本人的能力有限,大概也 ...

  2. CSS filter 有哪些神奇用途

    背景 基本概念 CSS filter 属性将模糊或颜色偏移等图形效果应用于元素形成滤镜,滤镜通常用于调整图像,背景和边框的渲染.它的值可以为 filter 函数 <filter-function ...

  3. sed -i '14s/yes/no/' tftp

    修改tftp 内容 # cd /etc/xinetd.d/[root@localhost xinetd.d]# cp tftp tftp.bak[root@localhost xinetd.d]# c ...

  4. python-cmdb资产管理项目4-资产入库处理以及资产变更记录处理

    一 资产入库处理 1.1 连接数据库 在192.168.100.101安装数据库,并给总控机授权可以操作,并创建一个autoserver的数据库,密码123456 settiing.py 配置数据库连 ...

  5. AD命令获取计算机、用户相关信息

    1. 获取AD用户相关信息(用户名.创建日期.最后修改密码日期.最后登录日期) Get AD users, Name/Created Date/Last change passwd Date/Last ...

  6. MyBatis 全局配置文件详解(七)

    MyBatis 配置文件作用 MyBatis配置文件包含影响 MyBatis 框架正常使用的功能设置和属性信息.它的作用好比手机里的设置图标,点击这个图标就可以帮助我们查看手机的属性信息和设置功能.其 ...

  7. 7.json&pickle及软件目录结构规范

    json(可以序列化简单数据类型,用于不同语言之间的数据交换传输)import jsonjson.dumps() 写入json.loads() 读取json.dump(info,f) == f.wri ...

  8. Oracle和MySQL差异总结

    常用功能差异 锁差异: • Oracle锁加在数据块上 • InnoDB 是在索引上加锁,所以MySQL锁的粒度没有Oracle 精细. 导入导出: • Oracle采用EXP /IMP ,EXPDP ...

  9. idea 使用Springboot 编译报错

    报错信息如下 Argument for @NotNull parameter 'url' of org/jetbrains/jps/model/impl/JpsUrlListImpl.addUrl m ...

  10. 游刃于私有网络与公共网络之间的NAT

    网络地址转化技术NAT 1. 应用场景 2. NAT 2.1 静态NAT 2.2 动态NAT 2.3 NAPT 2.4 EASY IP 3. NAT配置 3.1 静态NAT 3.2 动态NAT 3.3 ...