All Products
Search
Document Center

Alibaba Cloud Service Mesh:Use Terraform to manage ASM instances

Last Updated:Jun 05, 2023

Terraform is an open source tool provided by HashiCorp for cloud resource orchestration. Terraform allows you to securely and efficiently preview, configure, and manage cloud infrastructures and resources. You can use Terraform to automatically create and update resources on the Alibaba Cloud infrastructure. This topic describes how to create and delete a Service Mesh (ASM) instance by using Terraform.

Prerequisites

  • Terraform is installed and configured on your machine. For more information, see Install and configure Terraform in the local PC.

  • Your Alibaba Cloud account is configured. Environment variables are created to specify your authentication credentials and region information.

    export ALICLOUD_ACCESS_KEY="************" #Replace the value with your AccessKey ID. 
    export ALICLOUD_SECRET_KEY="************" #Replace the value with your AccessKey secret. 
    export ALICLOUD_REGION="cn-beijing"         #Replace the value with the ID of the region in which your ASM instance resides. 
    Note

    To improve the flexibility and security of permission management, we recommend that you create a Resource Access Management (RAM) user named Terraform. Then, create an AccessKey pair for the RAM user and grant permissions to the RAM user. For more information, see Create a RAM user and Grant permissions to the RAM user.

Background information

For more information about Terraform, visit the official website of Terraform.

Create an ASM instance

  1. Create a configuration file named main.tf on your machine.

    • If you do not have a virtual private cloud (VPC) or a vSwitch, create a main.tf file that contains the following content:

      terraform {
        required_providers {
          alicloud = {
            source = "aliyun/alicloud"
            version = "1.186.0"
          }
        }
      }
      
      variable "k8s_name_prefix" {
        description = "The name prefix used to create Alibaba Cloud Service Mesh (ASM)."
        default     = "tf-asm"
      }
      
      resource "random_uuid" "this" {}
      
      # The default resource names and configurations. 
      locals {
        # The name of the ASM instance. 
        mesh_name = substr(join("-", [var.k8s_name_prefix, random_uuid.this.result]), 0, 63)
        # The edition of the ASM instance. Valid values: enterprise and ultimate, which indicate Enterprise Edition and Ultimate Edition. 
        mesh_spec = "enterprise"
        # The name of the VPC to be created. 
        new_vpc_name = "vpc-for-${local.mesh_name}"
        # The name of the vSwitch to be created. 
        new_vsw_name = "vsw-for-${local.mesh_name}"
      }
      
      # The zone in which you can create a vSwitch. 
      data "alicloud_zones" "default" {
        available_resource_creation = "VSwitch"
      }
      # The VPC. 
      resource "alicloud_vpc" "default" {
        vpc_name = local.new_vpc_name
      }
      # The vSwitch. 
      resource "alicloud_vswitch" "default" {
        vpc_id       = alicloud_vpc.default.id
        cidr_block   = cidrsubnet(alicloud_vpc.default.cidr_block, 8, 2)
        zone_id      = data.alicloud_zones.default.zones.0.id
        vswitch_name = local.new_vsw_name
      }
      # Query the ASM editions available for creating the ASM instance. 
      data "alicloud_service_mesh_versions" "default" {
        edition = local.mesh_spec == "standard" ? "Default" : "Pro"
      }
      # Select the first available edition to create the ASM instance. 
      locals {
        mesh_version = split(":", data.alicloud_service_mesh_versions.default.ids[0])[1]
      }
      # The ASM instance. 
      resource "alicloud_service_mesh_service_mesh" "default" {
        # The name of the ASM instance. 
        service_mesh_name = local.mesh_name
        # The network configurations of the ASM instance. 
        network {
          # The ID of the VPC. 
          vpc_id        = alicloud_vpc.default.id
          # The ID of the vSwitch. 
          vswitche_list = [alicloud_vswitch.default.id]
        }
        # The edition of the ASM instance. 
        version = local.mesh_version
        # The load balancer for exposing the API server and Istio Pilot of the ASM instance. 
        load_balancer {
          # Specify whether to expose the API server of the ASM instance by using an EIP. 
          api_server_public_eip = true
        }
      
        # Configure the ASM instance by defining Mesh Config options. 
        mesh_config {
          # Collect access logs to Alibaba Cloud Log Service. 
          access_log {
            enabled = true
          }
      
          # Enable the collection of control plane logs. To enable this feature, make sure that you have enabled Log Service. 
          control_plane_log {
            enabled = true
          }
      
          # Enable Tracing Analysis in Application Real-Time Monitoring Service (ARMS). 
          tracing = true
      
          # If Tracing Analysis is enabled, set the sampling percentage. 
          pilot {
            trace_sampling = 100
          }
      
          Enable Prometheus monitoring. 
          telemetry = true
      
          # Enable Mesh Topology. To enable Mesh Topology, make sure that you have enabled Prometheus monitoring. 
          kiali {
            enabled = true
          }
      
          # Enable the mesh audit feature. To enable this feature, make sure that you have enabled Log Service. 
          audit {
            enabled = true
          }
        }
        # The edition of the ASM instance. Valid values: enterprise and ultimate, which indicate Enterprise Edition and Ultimate Edition. 
        cluster_spec = local.mesh_spec
      }

      Set the parameters described in the following table in the main.tf file based on your business requirements. Terraform automatically calls relevant API operations to obtain the values of the other parameters.

      Parameter

      Description

      mesh_name

      The custom name of the ASM instance.

      mesh_spec

      The edition of the ASM instance. Valid values:

      • enterprise: Enterprise Edition

      • ultimate: Ultimate Edition

      new_vpc_name

      The custom name of the VPC.

      new_vsw_name

      The custom name of the vSwitch.

      api_server_public_eip

      Optional. Specifies whether to expose the API server of the ASM instance by using an EIP. Valid values:

      • true: exposes the API server of the ASM instance by using an EIP.

      • false: does not expose the API server of the ASM instance by using an EIP.

    • If you have created a VPC and a vSwitch, create a main.tf file that contains the following content:

      Important

      The VPC and vSwitch must belong to the region that you specified in the ALICLOUD_REGION environment variable when you configured Terraform. Otherwise, Terraform cannot recognize the VPC or vSwitch.

      terraform {
        required_providers {
          alicloud = {
            source = "aliyun/alicloud"
            version = "1.186.0"
          }
        }
      }
      
      variable "asm_name_prefix" {
        description = "The name prefix used to create Alibaba Cloud Service Mesh (ASM)."
        default     = "tf-asm"
      }
      
      resource "random_uuid" "this" {}
      
      # The default resource names and configurations. 
      locals {
        # The name of the ASM instance. 
        mesh_name = substr(join("-", [var.asm_name_prefix, random_uuid.this.result]), 0, 63)
        # The edition of the ASM instance. Valid values: enterprise and ultimate, which indicate Enterprise Edition and Ultimate Edition. 
        mesh_spec = "enterprise"
        # The name of the created VPC. 
        vpc_name = "vpc-luying-hangzhou1"
        # The name of the created vSwitch. 
        vsw_name = "vsw-luying-hangzhou1"
      }
      
      # The VPC. 
      data "alicloud_vpcs" "default" {
        name_regex = local.vpc_name # The name of the created VPC. 
      }
      # The vSwitch. 
      data "alicloud_vswitches" "default" {
        vpc_id = data.alicloud_vpcs.default.ids[0]
      }
      locals {
        exist_vswitch_ids = [for vsw in data.alicloud_vswitches.default.vswitches : vsw.id if vsw.name == local.vsw_name]
      }
      # Query the ASM editions available for creating the ASM instance. 
      data "alicloud_service_mesh_versions" "default" {
        edition = local.mesh_spec == "standard" ? "Default" : "Pro"
      }
      # Select the first available edition to create the ASM instance. 
      locals {
        mesh_version = split(":", data.alicloud_service_mesh_versions.default.ids[0])[1]
      }
      # The ASM instance. 
      resource "alicloud_service_mesh_service_mesh" "default" {
        # The name of the ASM instance. 
        service_mesh_name = local.mesh_name
        # The network configurations of the ASM instance. 
        network {
          # The ID of the VPC. 
          vpc_id        =  data.alicloud_vpcs.default.ids[0]
          # The ID of the vSwitch. 
          vswitche_list = [local.exist_vswitch_ids[0]]
        }
        # The edition of the ASM instance. 
        version = local.mesh_version
        # The load balancer for exposing the API server and Istio Pilot of the ASM instance. 
        load_balancer {
          # Specify whether to expose the API server of the ASM instance by using an EIP. 
          api_server_public_eip = true
        }
      
        # Configure the ASM instance by defining Mesh Config options. 
        mesh_config {
          # Collect access logs to Alibaba Cloud Log Service. 
          access_log {
            enabled = true
          }
      
          # Enable the collection of control plane logs. To enable this feature, make sure that you have enabled Log Service. 
          control_plane_log {
            enabled = true
          }
      
          # Enable Tracing Analysis in ARMS. 
          tracing = true
      
          # If Tracing Analysis is enabled, set the sampling percentage. 
          pilot {
            trace_sampling = 100
          }
      
          Enable Prometheus monitoring. 
          telemetry = true
      
          # Enable Mesh Topology. To enable Mesh Topology, make sure that you have enabled Prometheus monitoring. 
          kiali {
            enabled = true
          }
      
          # Enable the mesh audit feature. To enable this feature, make sure that you have enabled Log Service. 
          audit {
            enabled = true
          }
        }
        # The edition of the ASM instance. Valid values: enterprise and ultimate, which indicate Enterprise Edition and Ultimate Edition. 
        cluster_spec = local.mesh_spec
      }

      Set the parameters described in the following table in the main.tf file based on your business requirements. Terraform automatically calls relevant API operations to obtain the values of the other parameters.

      Parameter

      Description

      mesh_name

      The custom name of the ASM instance.

      mesh_spec

      The edition of the ASM instance. Valid values:

      • enterprise: Enterprise Edition

      • ultimate: Ultimate Edition

      vpc_name

      The name of the created VPC.

      vsw_name

      The name of the created vSwitch.

      api_server_public_eip

      Optional. Specifies whether to expose the API server of the ASM instance by using an EIP. Valid values:

      • true: exposes the API server of the ASM instance by using an EIP.

      • false: does not expose the API server of the ASM instance by using an EIP.

  2. Run the following command to initialize the runtime environment for Terraform:

    terraform init

    Expected output:

    Initializing the backend...
    
    Initializing provider plugins...
    - Finding aliyun/alicloud versions matching "1.166.0"...
    - Finding latest version of hashicorp/random...
    ...
    
    Terraform has been successfully initialized!
    
    You may now begin working with Terraform. Try running "terraform plan" to see
    any changes that are required for your infrastructure. All Terraform commands
    should now work.
    
    If you ever set or change modules or backend configuration for Terraform,
    rerun this command to reinitialize your working directory. If you forget, other
    commands will detect it and remind you to do so if necessary.
  3. Run the following command to create an execution plan for Terraform:

    terraform plan

    Expected output:

    Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
      + create
    
    Terraform will perform the following actions:
    ...
    Plan: 2 to add, 0 to change, 0 to destroy.
  4. Run the following command to create an ASM instance by using the main.tf file:

    terraform apply

    Expected output:

    alicloud_service_mesh_service_mesh.example: Refreshing state...
    ...
    Do you want to perform these actions?
      Terraform will perform the actions described above.
      Only 'yes' will be accepted to approve.
    
      Enter a value:                    

    Enter yes on the right side of Enter a value. Expected output:

    ...
    alicloud_service_mesh_service_mesh.default: Creating...
    alicloud_service_mesh_service_mesh.default: Still creating... [10s elapsed]
    ...
    alicloud_service_mesh_service_mesh.example: Creation complete after 2m42s [id=**********]
    
    Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

Delete an ASM instance

To run the destroy command in Terraform to delete an ASM instance, you must go to the directory in which the main.tf file resides.

Go to the directory in which the main.tf file resides and run the following command to delete an ASM instance:

terraform destroy

Expected output:

...
Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: 

Enter yes on the right side of Enter a value. Expected output:

...
Destroy complete! Resources: 2 destroyed.

Terraform resources and data sources

The following table describes the Terraform resources and data sources that can be used to manage ASM resources.

Type

Name

Description

Resources

alicloud_service_mesh_service_mesh

Manages ASM instances.

alicloud_service_mesh_user_permission

Configures permissions on ASM instances.

Data Sources

alicloud_service_mesh_service_meshes

Queries all ASM instances.

alicloud_service_mesh_versions

Queries all available ASM editions.