Terraform is an open source tool provided by HashiCorp for cloud resource orchestration. Terraform allows you to securely and efficiently preview, configure, and manage cloud infrastructures and resources. You can use Terraform to automatically create and update resources on the Alibaba Cloud infrastructure. This topic describes how to create and delete a Service Mesh (ASM) instance by using Terraform.
Prerequisites
Terraform is installed and configured on your machine. For more information, see Install and configure Terraform in the local PC.
Your Alibaba Cloud account is configured. Environment variables are created to specify your authentication credentials and region information.
export ALICLOUD_ACCESS_KEY="************" #Replace the value with your AccessKey ID. export ALICLOUD_SECRET_KEY="************" #Replace the value with your AccessKey secret. export ALICLOUD_REGION="cn-beijing" #Replace the value with the ID of the region in which your ASM instance resides.
NoteTo improve the flexibility and security of permission management, we recommend that you create a Resource Access Management (RAM) user named Terraform. Then, create an AccessKey pair for the RAM user and grant permissions to the RAM user. For more information, see Create a RAM user and Grant permissions to the RAM user.
Background information
For more information about Terraform, visit the official website of Terraform.
Create an ASM instance
Create a configuration file named main.tf on your machine.
If you do not have a virtual private cloud (VPC) or a vSwitch, create a main.tf file that contains the following content:
terraform { required_providers { alicloud = { source = "aliyun/alicloud" version = "1.186.0" } } } variable "k8s_name_prefix" { description = "The name prefix used to create Alibaba Cloud Service Mesh (ASM)." default = "tf-asm" } resource "random_uuid" "this" {} # The default resource names and configurations. locals { # The name of the ASM instance. mesh_name = substr(join("-", [var.k8s_name_prefix, random_uuid.this.result]), 0, 63) # The edition of the ASM instance. Valid values: enterprise and ultimate, which indicate Enterprise Edition and Ultimate Edition. mesh_spec = "enterprise" # The name of the VPC to be created. new_vpc_name = "vpc-for-${local.mesh_name}" # The name of the vSwitch to be created. new_vsw_name = "vsw-for-${local.mesh_name}" } # The zone in which you can create a vSwitch. data "alicloud_zones" "default" { available_resource_creation = "VSwitch" } # The VPC. resource "alicloud_vpc" "default" { vpc_name = local.new_vpc_name } # The vSwitch. resource "alicloud_vswitch" "default" { vpc_id = alicloud_vpc.default.id cidr_block = cidrsubnet(alicloud_vpc.default.cidr_block, 8, 2) zone_id = data.alicloud_zones.default.zones.0.id vswitch_name = local.new_vsw_name } # Query the ASM editions available for creating the ASM instance. data "alicloud_service_mesh_versions" "default" { edition = local.mesh_spec == "standard" ? "Default" : "Pro" } # Select the first available edition to create the ASM instance. locals { mesh_version = split(":", data.alicloud_service_mesh_versions.default.ids[0])[1] } # The ASM instance. resource "alicloud_service_mesh_service_mesh" "default" { # The name of the ASM instance. service_mesh_name = local.mesh_name # The network configurations of the ASM instance. network { # The ID of the VPC. vpc_id = alicloud_vpc.default.id # The ID of the vSwitch. vswitche_list = [alicloud_vswitch.default.id] } # The edition of the ASM instance. version = local.mesh_version # The load balancer for exposing the API server and Istio Pilot of the ASM instance. load_balancer { # Specify whether to expose the API server of the ASM instance by using an EIP. api_server_public_eip = true } # Configure the ASM instance by defining Mesh Config options. mesh_config { # Collect access logs to Alibaba Cloud Log Service. access_log { enabled = true } # Enable the collection of control plane logs. To enable this feature, make sure that you have enabled Log Service. control_plane_log { enabled = true } # Enable Tracing Analysis in Application Real-Time Monitoring Service (ARMS). tracing = true # If Tracing Analysis is enabled, set the sampling percentage. pilot { trace_sampling = 100 } Enable Prometheus monitoring. telemetry = true # Enable Mesh Topology. To enable Mesh Topology, make sure that you have enabled Prometheus monitoring. kiali { enabled = true } # Enable the mesh audit feature. To enable this feature, make sure that you have enabled Log Service. audit { enabled = true } } # The edition of the ASM instance. Valid values: enterprise and ultimate, which indicate Enterprise Edition and Ultimate Edition. cluster_spec = local.mesh_spec }
Set the parameters described in the following table in the main.tf file based on your business requirements. Terraform automatically calls relevant API operations to obtain the values of the other parameters.
Parameter
Description
mesh_name
The custom name of the ASM instance.
mesh_spec
The edition of the ASM instance. Valid values:
enterprise: Enterprise Edition
ultimate: Ultimate Edition
new_vpc_name
The custom name of the VPC.
new_vsw_name
The custom name of the vSwitch.
api_server_public_eip
Optional. Specifies whether to expose the API server of the ASM instance by using an EIP. Valid values:
true: exposes the API server of the ASM instance by using an EIP.
false: does not expose the API server of the ASM instance by using an EIP.
If you have created a VPC and a vSwitch, create a main.tf file that contains the following content:
ImportantThe VPC and vSwitch must belong to the region that you specified in the ALICLOUD_REGION environment variable when you configured Terraform. Otherwise, Terraform cannot recognize the VPC or vSwitch.
terraform { required_providers { alicloud = { source = "aliyun/alicloud" version = "1.186.0" } } } variable "asm_name_prefix" { description = "The name prefix used to create Alibaba Cloud Service Mesh (ASM)." default = "tf-asm" } resource "random_uuid" "this" {} # The default resource names and configurations. locals { # The name of the ASM instance. mesh_name = substr(join("-", [var.asm_name_prefix, random_uuid.this.result]), 0, 63) # The edition of the ASM instance. Valid values: enterprise and ultimate, which indicate Enterprise Edition and Ultimate Edition. mesh_spec = "enterprise" # The name of the created VPC. vpc_name = "vpc-luying-hangzhou1" # The name of the created vSwitch. vsw_name = "vsw-luying-hangzhou1" } # The VPC. data "alicloud_vpcs" "default" { name_regex = local.vpc_name # The name of the created VPC. } # The vSwitch. data "alicloud_vswitches" "default" { vpc_id = data.alicloud_vpcs.default.ids[0] } locals { exist_vswitch_ids = [for vsw in data.alicloud_vswitches.default.vswitches : vsw.id if vsw.name == local.vsw_name] } # Query the ASM editions available for creating the ASM instance. data "alicloud_service_mesh_versions" "default" { edition = local.mesh_spec == "standard" ? "Default" : "Pro" } # Select the first available edition to create the ASM instance. locals { mesh_version = split(":", data.alicloud_service_mesh_versions.default.ids[0])[1] } # The ASM instance. resource "alicloud_service_mesh_service_mesh" "default" { # The name of the ASM instance. service_mesh_name = local.mesh_name # The network configurations of the ASM instance. network { # The ID of the VPC. vpc_id = data.alicloud_vpcs.default.ids[0] # The ID of the vSwitch. vswitche_list = [local.exist_vswitch_ids[0]] } # The edition of the ASM instance. version = local.mesh_version # The load balancer for exposing the API server and Istio Pilot of the ASM instance. load_balancer { # Specify whether to expose the API server of the ASM instance by using an EIP. api_server_public_eip = true } # Configure the ASM instance by defining Mesh Config options. mesh_config { # Collect access logs to Alibaba Cloud Log Service. access_log { enabled = true } # Enable the collection of control plane logs. To enable this feature, make sure that you have enabled Log Service. control_plane_log { enabled = true } # Enable Tracing Analysis in ARMS. tracing = true # If Tracing Analysis is enabled, set the sampling percentage. pilot { trace_sampling = 100 } Enable Prometheus monitoring. telemetry = true # Enable Mesh Topology. To enable Mesh Topology, make sure that you have enabled Prometheus monitoring. kiali { enabled = true } # Enable the mesh audit feature. To enable this feature, make sure that you have enabled Log Service. audit { enabled = true } } # The edition of the ASM instance. Valid values: enterprise and ultimate, which indicate Enterprise Edition and Ultimate Edition. cluster_spec = local.mesh_spec }
Set the parameters described in the following table in the main.tf file based on your business requirements. Terraform automatically calls relevant API operations to obtain the values of the other parameters.
Parameter
Description
mesh_name
The custom name of the ASM instance.
mesh_spec
The edition of the ASM instance. Valid values:
enterprise: Enterprise Edition
ultimate: Ultimate Edition
vpc_name
The name of the created VPC.
vsw_name
The name of the created vSwitch.
api_server_public_eip
Optional. Specifies whether to expose the API server of the ASM instance by using an EIP. Valid values:
true: exposes the API server of the ASM instance by using an EIP.
false: does not expose the API server of the ASM instance by using an EIP.
Run the following command to initialize the runtime environment for Terraform:
terraform init
Expected output:
Initializing the backend... Initializing provider plugins... - Finding aliyun/alicloud versions matching "1.166.0"... - Finding latest version of hashicorp/random... ... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
Run the following command to create an execution plan for Terraform:
terraform plan
Expected output:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: ... Plan: 2 to add, 0 to change, 0 to destroy.
Run the following command to create an ASM instance by using the main.tf file:
terraform apply
Expected output:
alicloud_service_mesh_service_mesh.example: Refreshing state... ... Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:
Enter yes on the right side of Enter a value. Expected output:
... alicloud_service_mesh_service_mesh.default: Creating... alicloud_service_mesh_service_mesh.default: Still creating... [10s elapsed] ... alicloud_service_mesh_service_mesh.example: Creation complete after 2m42s [id=**********] Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Delete an ASM instance
To run the destroy command in Terraform to delete an ASM instance, you must go to the directory in which the main.tf file resides.
Go to the directory in which the main.tf file resides and run the following command to delete an ASM instance:
terraform destroy
Expected output:
...
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value:
Enter yes on the right side of Enter a value. Expected output:
...
Destroy complete! Resources: 2 destroyed.
Terraform resources and data sources
The following table describes the Terraform resources and data sources that can be used to manage ASM resources.
Type | Name | Description |
Resources | Manages ASM instances. | |
Configures permissions on ASM instances. | ||
Data Sources | Queries all ASM instances. | |
Queries all available ASM editions. |