This topic describes how to use Terraform to create an ACK serverless cluster.
You can run the sample code in this topic with a single click. Run with one click
Prerequisites
Container Service for Kubernetes (ACK) is activated. For more information about how to use Terraform to activate ACK, see Use Terraform to activate ACK and assign service roles to ACK.
An AccessKey pair is created for the Resource Access Management (RAM) user you log on as.
NoteBy default, an Alibaba Cloud account has full permissions on all resources that belong to this account. We recommend using a RAM account, as it provides limited resource permissions, minimizing potential security risks in case your credentials are compromised.
The following policy is attached to the RAM user that you use to run commands in Terraform. The policy includes the minimum permissions required to run commands in Terraform. For more information, see Grant permissions to a RAM user.
This access policy allows the RAM user to create, view, and delete VPCs, vSwitches, security groups, and ACK clusters.
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "vpc:CreateVpc", "vpc:CreateVSwitch", "vpc:DescribeVpcAttribute", "vpc:DescribeRouteTableList", "vpc:DescribeVSwitchAttributes", "ecs:CreateSecurityGroup", "ecs:ModifySecurityGroupPolicy", "ecs:DescribeSecurityGroups", "ecs:DescribeSecurityGroupAttribute", "ecs:ListTagResources", "cs:CreateCluster", "cs:DescribeTaskInfo", "cs:DescribeClusterDetail", "vpc:DeleteVpc", "vpc:DeleteVSwitch", "cs:DeleteCluster", "ecs:DeleteSecurityGroup" ], "Resource": "*" } ] }The runtime environment for Terraform is prepared by using one of the following methods:
Explorer: Alibaba Cloud provides an online runtime environment for Terraform. You can log on to the environment and use Terraform without needing to install it. Suitable for scenarios where you need to use and debug Terraform in a low-cost, efficient, and convenient manner.
Cloud Shell: Cloud Shell is preinstalled with Terraform and configured with your identity credentials. You can run Terraform commands in Cloud Shell. Suitable for scenarios where you need to use and access Terraform in a low-cost, efficient, and convenient manner.
Install and configure Terraform on your on-premises machine: Suitable for scenarios where network connections are unstable or a custom development environment is needed.
ImportantMake sure that your Terraform version is 0.12.28 or later. You can run the terraform --version command to check the version.
Resources
Some resources in this topic incur fees. Release the resources when they are no longer needed to avoid unexpected charges.
alicloud_eci_zones: Queries the zones where ECI instances are available.
alicloud_vpc: Creates a virtual private cloud (VPC).
alicloud_vswitch: Creates a virtual switch (vSwitch) to divide a VPC into one or more subnets.
alicloud_security_group: Creates a security group.
alicloud_cs_serverless_kubernetes: Creates an ACK serverless cluster.
Use Terraform to create an ACK serverless cluster
Create a working directory. In the working directory, create a configuration file named main.tf and copy the following code to the main.tf file.
provider "alicloud" { region = var.region_id } variable "region_id" { type = string default = "cn-shenzhen" } variable "cluster_spec" { type = string description = "The cluster specifications of kubernetes cluster,which can be empty. Valid values:ack.standard : Standard managed clusters; ack.pro.small : Professional managed clusters." default = "ack.pro.small" } variable "k8s_name_prefix" { description = "The name prefix used to create ASK cluster." default = "ask-example" } variable "ack_version" { type = string description = "Desired Kubernetes version. " default = "1.31.1-aliyun.1" } # Default resource names. locals { k8s_name_ask = substr(join("-", [var.k8s_name_prefix, "ask"]), 0, 63) new_vpc_name = "tf-vpc-172-16" new_vsw_name = "tf-vswitch-172-16-0" new_sg_name = "tf-sg-172-16" } data "alicloud_eci_zones" "default" {} resource "alicloud_vpc" "vpc" { vpc_name = local.new_vpc_name cidr_block = "172.16.0.0/12" } resource "alicloud_vswitch" "vsw" { vswitch_name = local.new_vsw_name vpc_id = alicloud_vpc.vpc.id cidr_block = cidrsubnet(alicloud_vpc.vpc.cidr_block, 8, 8) zone_id = data.alicloud_eci_zones.default.zones.0.zone_ids.0 } resource "alicloud_security_group" "group" { security_group_name = local.new_sg_name vpc_id = alicloud_vpc.vpc.id } resource "alicloud_cs_serverless_kubernetes" "serverless" { name = local.k8s_name_ask version = var.ack_version # Replace the value with the version of the cluster that you want to create. cluster_spec = var.cluster_spec vpc_id = alicloud_vpc.vpc.id vswitch_ids = split(",", join(",", alicloud_vswitch.vsw.*.id)) new_nat_gateway = true endpoint_public_access_enabled = true deletion_protection = false security_group_id = alicloud_security_group.group.id # Configure a ServiceAccount using RRSA. enable_rrsa = true time_zone = "Asia/Shanghai" service_cidr = "10.13.0.0/16" service_discovery_types = ["CoreDNS"] # tags tags = { "cluster" = "ack-serverless" } # addons addons { name = "nginx-ingress-controller" # Use the Internet. config = "{\"IngressSlbNetworkType\":\"internet\",\"IngressSlbSpec\":\"slb.s2.small\"}" # If you use the intranet, use the following configuration. # config = "{\"IngressSlbNetworkType\":\"intranet\",\"IngressSlbSpec\":\"slb.s2.small\"}" } addons { name = "metrics-server" } addons { name = "knative" } addons { name = "managed-arms-prometheus" } addons { name = "logtail-ds" # Specify an sls_project_name. # config = "{\"sls_project_name\":\"<YOUR-SLS-PROJECT-NAME>}\"}" } }Run the following command to initialize the Terraform runtime environment.
terraform initThe following output indicates that Terraform is initialized.
Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.Run the following command to create an execution plan.
terraform planThe following output indicates that the execution plan is created. You can preview the details of the resources that will be created.
Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ... Plan: 4 to add, 0 to change, 0 to destroy. ...Run the following command to create the cluster.
terraform applyWhen prompted, enter
yesand press the Enter key. Wait for the command to complete. The following output indicates that the ACK cluster is created.... Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes ... alicloud_cs_serverless_kubernetes.serverless: Creation complete after 8m26s [id=************] Apply complete! Resources: 4 added, 0 changed, 0 destroyed.Verification results
Run the terraform show command
You can run the following command to view the details of the resources that are created by Terraform.
terraform showLog on to the ACK console
Log on to the Container Service for Kubernetes console to view the created cluster.
Clean up resources
When you no longer need the resources created in this topic, run the terraform destroy command to release them. For more information about the terraform destroy command, see Common commands.
terraform destroy