tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Kubernetes Engine
    Documentation
    Download PDF

    Managing TKE Clusters and Node Pools with Terraform

    Last updated: 2023-09-05 09:40:15
    Download PDF

      Installing Terraform

      Go to the Terraform official website and use the command line to install Terraform directly or download the binary installation package file.

      Verification and Authentication

      Obtaining credentials

      Before using Terraform for the first time, go to the TencentCloud API Key page to apply for SecretId and SecretKey. If you already have them, skip this step.
      1. Log in to the CAM console and select Access Key > Manage API Key in the left sidebar.
      2. On the Manage API Key page, click Create Key to create a pair of SecretId/SecretKey.

      Authentication

      Method 1: (Recommended) Inject access key for the account with environment variables

      Add the following content to the environment variables:
      export TENCENTCLOUD_SECRET_ID="xxx"			# Replace it with the `SecretId` of the access key
      export TENCENTCLOUD_SECRET_KEY="xxx"		# Replace it with the `SecretKey` of the access key

      Method 2: Enter the access key for the account in the provider block of the Terraform configuration file

      Create a provider.tf file under the user directory and enter the following content:
      Note
      Please ensure the security of the access key in the configuration file.
      provider "tencentcloud" {
        secret_id = "xxx"											# Replace it with the `SecretId` of the access key
        secret_key = "xxx"										# Replace it with the SecretKey` of the access key
      }

      Creating a TKE Cluster with Terraform

      1. Create a working directory. Then create a Terraform configuration file named main.tf under it.
      Notes
      The main.tf file describes the following Terraform configurations:
      Create a VPC, and create a subnet in the VPC.
      Create a managed TKE cluster.
      Create a node pool in the cluster.
      The content of the main.tf file is as follows:
         # Identify the use of Tencent Cloud Terraform Provider
         terraform {
           required_providers {
             tencentcloud = {
               source = "tencentcloudstack/tencentcloud"
             }
           }
         }
      
         # Define local variables and modify the values as needed when using them in subsequent code blocks.
         locals {
             region = "xxx"								# Region, such as `ap-beijing`, i.e. Beijing
             zone1 = "xxx"									# An AZ in the region, such as `ap-beijing-1`, i.e. Beijing Zone 1
             vpc_name = "xxx"							# Set the VPC name, such as `tke-tf-demo`
             vpc_cidr_block = "xxx"				# CIDR block of the VPC, such as `10.0.0.0/16`	
             subnet1_name = "xxx"					# Name of subnet 1, such as `tke-tf-demo-sub1`
             subnet1_cidr_block = "xxx"		# CIDR block of subnet 1, such as `10.0.1.0/24`
             cluster_name = "xxx"					# TKE cluster name, such as `tke-tf-demo-cluster`
             network_type = "xxx"					# Network mode of the managed TKE cluster, such as `GR`, which indicates Global Route
             cluster_cidr = "xxx"					# Container network of the cluster, such as `172.26.0.0/20`. It cannot conflict with the VPC CIDR and other cluster CIDRs in the same VPC.
             cluster_version = "xxx"				# Kubernetes version of the TKE cluster, such as `1.22.5`
         }
      
      
         # Basic configuration of the Tencent Cloud `provider`
         provider "tencentcloud" {
             # Enter the `SecretId` and `SecretKey` if you use the configuration file. It is recommended to inject the key with environment variables.
             # secret_id  = "xxx"
             # secret_key = "xxx"
           region = local.region 			
         }
      
         # Declare VPC resources
         resource "tencentcloud_vpc" "vpc_example" {
           name = local.vpc_name
           cidr_block   = local.vpc_cidr_block
         }
      
         # Declare subnet resources
         resource "tencentcloud_subnet" "subnet_example" {
           availability_zone = local.zone1
           cidr_block        = local.subnet1_cidr_block
           name              = local.subnet1_name
           vpc_id            = tencentcloud_vpc.vpc_example.id			# The VPC ID of the specified subnet resource is the ID of the above VPC.
         }
      
         # Declare TKE cluster resources and create a cluster with the network set as Global Route
         resource "tencentcloud_kubernetes_cluster" "managed_cluster_example" {
           vpc_id = tencentcloud_vpc.vpc_example.id 								# Reference the VPC ID created above
           cluster_name = local.cluster_name
           network_type = local.network_type
           cluster_cidr = local.cluster_cidr
           cluster_version = local.cluster_version
         }
      
      
         # You can use the following declaration to create a cluster in VPC-CNI mode.
         # resource "tencentcloud_kubernetes_cluster" "managed_cluster_example" {
         #   vpc_id = tencentcloud_vpc.vpc_example.id 								# Reference the VPC ID created above
         #   cluster_name = local.cluster_name
         #   network_type = "VPC-CNI"
         #   eni_subnet_ids = [tencentcloud_subnet.subnet_example.id]
         #   service_cidr = "172.16.0.0/24" 
         #   cluster_version = local.cluster_version
         # }
      2. (Optional) If you use Tencent Cloud TKE for the first time, please grant TKE permissions to access other cloud service resources. If you have granted permissions, skip this step.
      When you log in to the TKE console for the first time, you need to grant TKE permissions to access CVMs, CLBs, CBS, and other cloud resources. For more information, see Description of Role Permissions Related to Service Authorization.
      You can also grant permissions in the Terraform configuration file. To do this, please create a cam.tf file with the following content under the working directory.
      ########################### Please add declaration configuration in the Terraform configuration file as needed. You do not need to add it for roles that have obtained permissions in the console. #############
      
      # Create the preset role `TKE_QCSRole` for the service
      resource "tencentcloud_cam_role" "TKE_QCSRole" {
       name        = "TKE_QCSRole"
       document    = <<EOF
      {
       "statement": [
      {
        "action":"name/sts:AssumeRole",
        "effect":"allow",
        "principal":{
          "service":"ccs.qcloud.com"
        }
      }
       ],
       "version":"2.0"
      }
      EOF
       description = "The current role is the Tencent Cloud TKE service role, and it will access your other Tencent Cloud resources within the permissions granted by the associated policies."
      }
      
      # Preset policy `QcloudAccessForTKERole`
      data "tencentcloud_cam_policies" "qca" {
       name = "QcloudAccessForTKERole"
      }
      
      # Preset policy `QcloudAccessForTKERoleInOpsManagement`
      data "tencentcloud_cam_policies" "ops_mgr" {
       name = "QcloudAccessForTKERoleInOpsManagement"
      }
      
      # Associate the policy `QcloudAccessForTKERole` with the role `TKE_QCSRole`
      resource "tencentcloud_cam_role_policy_attachment" "QCS_QCA" {
       role_id   = lookup(tencentcloud_cam_role.TKE_QCSRole, "id")
       policy_id = data.tencentcloud_cam_policies.qca.policy_list.0.policy_id
      }
      
      # Associate the policy `QcloudAccessForTKERoleInOpsManagement` with the role `TKE_QCSRole`
      resource "tencentcloud_cam_role_policy_attachment" "QCS_OpsMgr" {
       role_id   = lookup(tencentcloud_cam_role.TKE_QCSRole, "id")
       policy_id = data.tencentcloud_cam_policies.ops_mgr.policy_list.0.policy_id
      }
      
      ########################### Create the role `TKE_QCSRole` and grant permissions to it with the above declaration ###########################
      ########################### Create the role `IPAMDofTKE_QCSRole` and grant permissions to it with the below declaration ###########################
      
      
      # Create the preset role `IPAMDofTKE_QCSRole` for the service
      resource "tencentcloud_cam_role" "IPAMDofTKE_QCSRole" {
       name = "IPAMDofTKE_QCSRole"
       document    = <<EOF
      {
       "statement": [
      {
        "action":"name/sts:AssumeRole",
        "effect":"allow",
        "principal":{
          "service":"ccs.qcloud.com"
        }
      }
       ],
       "version":"2.0"
      }
      EOF
       description = "The current role is the IPAMD service role, and it will access your other Tencent Cloud resources within the permissions granted by the associated policies."
      }
      
      # Preset policy `QcloudAccessForIPAMDofTKERole`
      data "tencentcloud_cam_policies" "qcs_ipamd" {
       name = "QcloudAccessForIPAMDofTKERole"
      }
      
      # Associate the policy `QcloudAccessForIPAMDofTKERole` with the role `IPAMDofTKE_QCSRole`
      resource "tencentcloud_cam_role_policy_attachment" "QCS_Ipamd" {
       role_id   = lookup(tencentcloud_cam_role.IPAMDofTKE_QCSRole, "id")
       policy_id = data.tencentcloud_cam_policies.qcs_ipamd.policy_list.0.policy_id
      }
      ########################### Create the role `IPAMDofTKE_QCSRole` and grant permissions to it with the above declaration ###########################
      ########################### Create the role `TKE_QCSLinkedRoleInEKSLog` and grant permissions to it with the below declaration ###########################
      # To enable log collection for super nodes, create the preset role `TKE_QCSLinkedRoleInEKSLog` for the service.
      resource "tencentcloud_cam_service_linked_role" "service_linked_role" {
        qcs_service_name = ["cvm.qcloud.com", "ekslog.tke.cloud.tencent.com"]
        description      = "tke log role created by terraform"
        tags = {
          "createdBy" = "terraform"
        }
      }
      3. Run the following command to initialize the environment for Terraform.
      terraform init
      The returned information is as follows:
      Initializing the backend...
      
      Initializing provider plugins...
      - Finding tencentcloudstack/tencentcloud versions matching "~> 1.78.13"...
      - Installing tencentcloudstack/tencentcloud v1.78.13...
      ...
      
      You may now begin working with Terraform. Try running "terraform plan" to see
      any changes that are required for your infrastructure. All Terraform commands
      should now work.
      
      ...
      4. Run the following command to view the resource plan generated by Terraform based on the configuration file.
      terraform plan
      The returned information is as follows:
      Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
        + create
      
      Terraform will perform the following actions:
      ...
      
      Plan: 3 to add, 0 to change, 0 to destroy.
      ...
      5. Run the following command to create the resource.
      terraform apply
      The returned information is as follows:
      ...
      Plan: 3 to add, 0 to change, 0 to destroy.
      
      Do you want to perform these actions?
        Terraform will perform the actions described above.
        Only 'yes' will be accepted to approve.
      
        Enter a value:
      Enter yes as prompted to create the resource. The following information is returned:
      ...
      Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
      You have completed the creation of the VPC, subnet and managed TKE cluster. You can view these resources in Tencent Cloud console.

      Creating a TKE Node Pool with Terraform

      1. Create a working directory, under which create a Terraform configuration file named nodepool.tf. The content of the nodepool.tf file is as follows:
      # Define local variables and modify the values as needed when using them in subsequent code blocks.
      # You can also reference Terraform related resource instance (such as `tencentcloud_kubernetes_cluster`) to obtain the desired values.
      locals {
          node_pool_name = "xxx"				# Node pool name, such as `tke-tf-demo-node-pool`
          max_node_size = xxx						# Max number of nodes in the node pool
          min_node_size = xxx						# Min number of nodes in the node pool
          cvm_instance_type = "xxx"			# CVM instance in the node pool. For valid values, see https://cloud.tencent.com/document/api/213/15749
          cvm_pass_word = "xxx"					# Login password for the CVM instance in the node pool. Password length: 8-16 characters.
          security_group_ids = ["sg-xxx", "sg-xxx"] 						# Array of IDs of security groups associated with the node pool
      }
      
      # Declare TKE node pool resources
      resource "tencentcloud_kubernetes_node_pool" "example_node_pool" {
        cluster_id = tencentcloud_kubernetes_cluster.managed_cluster_example.id # Associate the node pool with the cluster created above
        delete_keep_instance = false                   # Set it to `false`, which indicates the associated CVM instance is deleted when you delete the node pool.
        max_size   = local.max_node_size
        min_size   = local.min_node_size
        name       = local.node_pool_name
        vpc_id     = tencentcloud_vpc.vpc_example.id
        subnet_ids = [tencentcloud_subnet.subnet_example.id] # Array of IDs of subnets associated with the node pool
        auto_scaling_config {
          instance_type = local.cvm_instance_type
          # key_ids = ["xxx"]                                # Set the login key for the CVM instance in the node pool
          password = local.cvm_pass_word                     # Set the login password for the CVM instance in the node pool
          security_group_ids = local.security_group_ids
        }
      }
      2. Run the following command to view the resource plan generated by Terraform based on the configuration file.
      terraform plan
      The returned information is as follows:
      Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
        + create
      
      Terraform will perform the following actions:
      ...
      
      Plan: 1 to add, 0 to change, 0 to destroy.
      ...
      3. Run the following command to create the resource.
      terraform apply
      The returned information is as follows:
      ...
      Plan: 1 to add, 0 to change, 0 to destroy.
      
      Do you want to perform these actions?
        Terraform will perform the actions described above.
        Only 'yes' will be accepted to approve.
      
        Enter a value:
      Enter yes as prompted to create the resource. The following information is returned:
      ...
      Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
      You have completed the creation of the node pool. You can view the resources you have created in Tencent Cloud console.

      Cleaning up Resources with Terraform

      You can run the following command to delete the VPCs, subnets and managed TKE clusters you have created.
      terraform destroy
      The returned information is as follows:
      ...
      Plan: 0 to add, 0 to change, 3 to destroy.
      
      Do you really want to destroy all resources?
        Terraform will destroy all your managed infrastructure, as shown above.
        There is no undo. Only 'yes' will be accepted to confirm.
      
        Enter a value:
      Enter yes as prompted to confirm the deletion. The following information is returned:
      ...
      Destroy complete! Resources: 3 destroyed.

      References

      Terraform documentation
      Tencent Cloud Terraform Provider
      Tencent Cloud General TKE cluster
      Tencent Cloud TKE Node Pool
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy