产品动态
公告
产品发布记录
export TENCENTCLOUD_SECRET_ID="xxx" # 替换为账号访问密钥的SecretIdexport TENCENTCLOUD_SECRET_KEY="xxx" # 替换为账号访问密钥的SecretKey
provider.tf 文件,输入如下内容:provider "tencentcloud" {secret_id = "xxx" # 替换为账号访问密钥的SecretIdsecret_key = "xxx" # 替换为账号访问密钥的SecretKey}
main.tf 的 Terraform 配置文件。main.tf 文件描述的是以下 Terraform 配置:main.tf 文件内容如下:# 标识使用腾讯云的Terraform Providerterraform {required_providers {tencentcloud = {source = "tencentcloudstack/tencentcloud"}}}# 定义本地变量,实际使用时按需修改下列变量实际值。后面各代码块中会引用下列变量的值。locals {region = "xxx" # 使用的地域,如ap-beijing,即北京zone1 = "xxx" # 地域下的一个可用区,如ap-beijing-1,即北京一区vpc_name = "xxx" # 设置VPC的名字,如tke-tf-demovpc_cidr_block = "xxx" # VPC的CIDR设置,如10.0.0.0/16subnet1_name = "xxx" # 子网1的名字,如tke-tf-demo-sub1subnet1_cidr_block = "xxx" # 子网1的CIDR设置,如10.0.1.0/24cluster_name = "xxx" # TKE集群的name,如tke-tf-demo-clusternetwork_type = "xxx" # TKE托管集群的网络模式,如GR,表示使用Global Routecluster_cidr = "xxx" # 集群的容器网络,不能与网络冲突,如172.26.0.0/20cluster_version = "xxx" # TKE集群的Kubernetes版本,如1.22.5}# 腾讯云provider的基本配置provider "tencentcloud" {# 如果使用配置文件中写入密钥的方式,在此处写入SecretId和SecretKey。但更推荐使用环境变量注入的方式。# secret_id = "xxx"# secret_key = "xxx"region = local.region}# 声明VPC资源resource "tencentcloud_vpc" "vpc_example" {name = local.vpc_namecidr_block = local.vpc_cidr_block}# 声明子网资源resource "tencentcloud_subnet" "subnet_example" {availability_zone = local.zone1cidr_block = local.subnet1_cidr_blockname = local.subnet1_namevpc_id = tencentcloud_vpc.vpc_example.id # 指定子网资源所属VPC为前面创建的}# 声明TKE集群资源,将创建网络为Global Route的集群resource "tencentcloud_kubernetes_cluster" "managed_cluster_example" {vpc_id = tencentcloud_vpc.vpc_example.id # 引用前面创建获得的VPC Idcluster_name = local.cluster_namenetwork_type = local.network_typecluster_cidr = local.cluster_cidrcluster_version = local.cluster_version}# 如果需要创建VPC-CNI模式的集群,可以用下面的声明# resource "tencentcloud_kubernetes_cluster" "managed_cluster_example" {# vpc_id = tencentcloud_vpc.vpc_example.id # 引用前面创建获得的VPC Id# cluster_name = local.cluster_name# network_type = "VPC-CNI"# eni_subnet_ids = [tencentcloud_subnet.subnet_example.id]# service_cidr = "172.16.0.0/24"# cluster_version = local.cluster_version# }
cam.tf 文件,文件内容如下:########################### 请按需在Terraform配置文件中添加声明配置,已在控制台完成授权的角色,则不需要再添加 ############## 创建服务预设角色TKE_QCSRoleresource "tencentcloud_cam_role" "TKE_QCSRole" {name = "TKE_QCSRole"document = <<EOF{"statement": [{"action":"name/sts:AssumeRole","effect":"allow","principal":{"service":"ccs.qcloud.com"}}],"version":"2.0"}EOFdescription = "当前角色为 腾讯云容器服务 服务角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。"}# 预设策略 QcloudAccessForTKERoledata "tencentcloud_cam_policies" "qca" {name = "QcloudAccessForTKERole"}# 预设策略 QcloudAccessForTKERoleInOpsManagementdata "tencentcloud_cam_policies" "ops_mgr" {name = "QcloudAccessForTKERoleInOpsManagement"}# 角色TKE_QCSRole关联QcloudAccessForTKERole策略resource "tencentcloud_cam_role_policy_attachment" "QCS_QCA" {role_id = lookup(tencentcloud_cam_role.TKE_QCSRole, "id")policy_id = data.tencentcloud_cam_policies.qca.policy_list.0.policy_id}# 角色TKE_QCSRole关联策略QcloudAccessForTKERoleInOpsManagementresource "tencentcloud_cam_role_policy_attachment" "QCS_OpsMgr" {role_id = lookup(tencentcloud_cam_role.TKE_QCSRole, "id")policy_id = data.tencentcloud_cam_policies.ops_mgr.policy_list.0.policy_id}########################### 上述声明完成TKE_QCSRole角色的创建和授权 ###################################################### 下列声明完成IPAMDofTKE_QCSRole角色的创建和授权 ##################### 创建服务预设角色IPAMDofTKE_QCSRoleresource "tencentcloud_cam_role" "IPAMDofTKE_QCSRole" {name = "IPAMDofTKE_QCSRole"document = <<EOF{"statement": [{"action":"name/sts:AssumeRole","effect":"allow","principal":{"service":"ccs.qcloud.com"}}],"version":"2.0"}EOFdescription = "当前角色为 容器服务IPAMD支持 服务角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。"}# 预设策略 QcloudAccessForIPAMDofTKERoledata "tencentcloud_cam_policies" "qcs_ipamd" {name = "QcloudAccessForIPAMDofTKERole"}# 角色IPAMDofTKE_QCSRole关联策略QcloudAccessForIPAMDofTKERoleresource "tencentcloud_cam_role_policy_attachment" "QCS_Ipamd" {role_id = lookup(tencentcloud_cam_role.IPAMDofTKE_QCSRole, "id")policy_id = data.tencentcloud_cam_policies.qcs_ipamd.policy_list.0.policy_id}########################### 上述声明完成IPAMDofTKE_QCSRole角色的创建和授权 ###################################################### 下列声明完成TKE_QCSLinkedRoleInEKSLog角色的创建和授权 ##################### 创建服务预设角色TKE_QCSLinkedRoleInEKSLog,如需开启日志采集使用。resource "tencentcloud_cam_service_linked_role" "service_linked_role" {qcs_service_name = ["cvm.qcloud.com", "ekslog.tke.cloud.tencent.com"]description = "tke log role created by terraform"tags = {"createdBy" = "terraform"}}
terraform init
Initializing the backend...Initializing provider plugins...- Finding tencentcloudstack/tencentcloud versions matching "~> 1.78.13"...- Installing tencentcloudstack/tencentcloud v1.78.13......You may now begin working with Terraform. Try running "terraform plan" to seeany changes that are required for your infrastructure. All Terraform commandsshould now work....
terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:+ createTerraform will perform the following actions:...Plan: 3 to add, 0 to change, 0 to destroy....
terraform apply
...Plan: 3 to add, 0 to change, 0 to destroy.Do you want to perform these actions?Terraform will perform the actions described above.Only 'yes' will be accepted to approve.Enter a value:
yes 创建资源,返回信息如下所示: ...Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
nodepool.tf 的 Terraform 配置文件。
nodepool.tf 文件内容如下:# 定义本地变量,实际使用时按需修改下列变量实际值。后面各代码块中会引用下列变量的值。# 实际使用时您也可以通过引用Terraform相关resource实例(如集群tencentcloud_kubernetes_cluster)的方式获取需要的值。locals {node_pool_name = "xxx" # 节点池名称,如tke-tf-demo-node-poolmax_node_size = xxx # 节点池最大节点数量min_node_size = xxx # 节点池最小节点数量cvm_instance_type = "xxx" # 节点池CVM机型,可选值参考https://cloud.tencent.com/document/api/213/15749获取cvm_pass_word = "xxx" # 节点池CVM机器登录密码,请注意密码安全性,8-16位security_group_ids = ["sg-xxx", "sg-xxx"] # 节点池关联的安全组Id数组}# 声明TKE节点池资源resource "tencentcloud_kubernetes_node_pool" "example_node_pool" {cluster_id = tencentcloud_kubernetes_cluster.managed_cluster_example.id # 节点池关联前面创建的集群delete_keep_instance = false # 设置为false,表明删除节点池时删除关联的CVM实例max_size = local.max_node_sizemin_size = local.min_node_sizename = local.node_pool_namevpc_id = tencentcloud_vpc.vpc_example.idsubnet_ids = [tencentcloud_subnet.subnet_example.id] # 节点池关联的子网Id数组auto_scaling_config {instance_type = local.cvm_instance_type# key_ids = ["xxx"] # 设置节点池CVM机器登录密钥password = local.cvm_pass_word # 设置节点池CVM机器登录密码,请注意密码安全性security_group_ids = local.security_group_ids}}
terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:+ createTerraform will perform the following actions:...Plan: 1 to add, 0 to change, 0 to destroy....
terraform apply
...Plan: 1 to add, 0 to change, 0 to destroy.Do you want to perform these actions?Terraform will perform the actions described above.Only 'yes' will be accepted to approve.Enter a value:
yes 创建资源,返回信息如下所示: ...Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
terraform destroy
...Plan: 0 to add, 0 to change, 3 to destroy.Do you really want to destroy all resources?Terraform will destroy all your managed infrastructure, as shown above.There is no undo. Only 'yes' will be accepted to confirm.Enter a value:
yes 确认执行计划,返回信息如下所示: ...Destroy complete! Resources: 3 destroyed.
文档反馈