云原生之旅 - 4）基础设施即代码使用 Terraform 创建 Kubernetes _生活百科

前言上一篇文章我们已经简单的入门Terraform，本篇介绍如何使用Terraform在GCP和AWS 创建Kubernetes 资源。
Kubernetes 在云原生时代的重要性不言而喻，等于这个时代的操作系统，基本上只需要建这个资源，就可以将绝大多数的应用跑在上面，包括数据库，甚至很多团队的大数据处理例如 Spark, Flink 都跑在Kubernetes上。

GCP Kubernetes = GKE
AWS Kubernetes = EKS
Azure Kubernetes = AKS

本篇文章主要介绍前两者的Terraform 代码实现，现在使用官方的 module 要比以前方便太多了，哪怕是新手都可以很快的将资源建起来，当然如果要更多的了解，还是需要慢慢下功夫的。
关键词：IaC, Infrastructure as Code, Terraform, 基础设施即代码，使用Terraform创建GKE，使用Terraform创建EKS
环境信息:
* Terraform 1.2.9* Google Cloud SDK 397.0.0* aws-cli 2.7.7 使用Terraform创建GKE准备一个GCS bucket
# valid LOCATION values are `asia`, `eu` or `us`gsutil mb -l $LOCATION gs://$BUCKET_NAMEgsutil versioning set on gs://$BUCKET_NAME准备如下tf文件
backend.tfterraform {backend "gcs" {bucket = "sre-dev-terraform-test"prefix = "demo/state"}}providers.tf
terraform {required_version = ">= 1.2.9"required_providers {google = {source= "hashicorp/google"version = "~> 4.0"}google-beta = {source= "hashicorp/google-beta"version = "~> 4.0"}}}provider "google" {project = local.project.project_idregion= local.project.region}provider "google-beta" {project = local.project.project_idregion= local.project.region}
使用 terraform google module 事半功倍，代码如下
gke-cluster.tf
data "google_compute_zones" "available" {region = "us-central1"status = "UP"}resource "google_compute_network" "default" {project= local.project.project_idname= local.project.network_nameauto_create_subnetworks = falserouting_mode= "GLOBAL"}resource "google_compute_subnetwork" "wade-gke" {project= local.project.project_idnetwork= google_compute_network.default.namename= local.wade_cluster.subnet_nameip_cidr_range = local.wade_cluster.subnet_rangeregion= local.wade_cluster.regionsecondary_ip_range {range_name= format("%s-secondary1", local.wade_cluster.cluster_name)ip_cidr_range = local.wade_cluster.secondary_ip_range_pods}secondary_ip_range {range_name= format("%s-secondary2", local.wade_cluster.cluster_name)ip_cidr_range = local.wade_cluster.secondary_ip_range_services}private_ip_google_access = true}resource "google_service_account" "sa-wade-test" {account_id= "sa-wade-test"display_name = "sa-wade-test"}module "wade-gke" {source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster"version = "23.1.0"project_id = local.project.project_idname= local.wade_cluster.cluster_namekubernetes_version= local.wade_cluster.cluster_versionregion= local.wade_cluster.regionnetwork= google_compute_network.default.namesubnetwork= google_compute_subnetwork.wade-gke.namemaster_ipv4_cidr_block = "10.1.0.0/28"ip_range_pods= google_compute_subnetwork.wade-gke.secondary_ip_range.0.range_nameip_range_services= google_compute_subnetwork.wade-gke.secondary_ip_range.1.range_nameservice_account= google_service_account.sa-wade-test.emailmaster_authorized_networks= local.wade_cluster.master_authorized_networksmaster_global_access_enabled= falseistio= falseissue_client_certificate= falseenable_private_endpoint= falseenable_private_nodes= trueremove_default_node_pool= trueenable_shielded_nodes= falseidentity_namespace= "enabled"node_metadata= "https://www.huyubaike.com/biancheng/GKE_METADATA"horizontal_pod_autoscaling= trueenable_vertical_pod_autoscaling = falsenode_pools= local.wade_cluster.node_poolsnode_pools_oauth_scopes = local.wade_cluster.oauth_scopesnode_pools_labels= local.wade_cluster.node_pools_labelsnode_pools_metadata= https://www.huyubaike.com/biancheng/local.wade_cluster.node_pools_metadatanode_pools_taints= local.wade_cluster.node_pools_taintsnode_pools_tags= local.wade_cluster.node_pools_tags}