All Products
Search

This Product

    Container Service for Kubernetes:Use Terraform to manage existing clusters

    Document Center

    Container Service for Kubernetes:Use Terraform to manage existing clusters

    Last Updated:Feb 29, 2024

    Terraform allows you to import and manage existing Container Service for Kubernetes (ACK) resources, such as clusters and node pools. This topic describes how to use Terraform to manage existing ACK managed clusters.

    Prerequisites

    • An ACK managed cluster is created. The cluster contains a node pool that consists of two nodes. For more information, see Create an ACK managed cluster.

    • Terraform is installed.

      Note

      You must install Terraform 0.12.28 or later. You can run the terraform --version command to query the Terraform version.

      • By default, Cloud Shell has preinstalled Terraform and configured your account information. You do not need to modify the configurations.

      • For more information about how to install Terraform by using a method other than Cloud Shell, see Install and configure Terraform in the local PC.

    • Your account information is configured.

      Run the following commands to create environment variables to store identity authentication information.

      • Linux environment

        export ALICLOUD_ACCESS_KEY="************"   # Replace the value with the AccessKey ID of your Alibaba Cloud account. 
export ALICLOUD_SECRET_KEY="************"   # Replace the value with the AccessKey secret of your Alibaba Cloud account. 
export ALICLOUD_REGION="cn-beijing"         # Replace the value with the ID of the region in which your cluster resides.

      • Windows environment

        set ALICLOUD_ACCESS_KEY="************"   # Replace the value with the AccessKey ID of your Alibaba Cloud account. 
set ALICLOUD_SECRET_KEY="************"   # Replace the value with the AccessKey secret of your Alibaba Cloud account. 
set ALICLOUD_REGION="cn-beijing"         # Replace the value with the ID of the region in which your cluster resides.

      Note

      To improve the flexibility and security of permission management, we recommend that you create a Resource Access Management (RAM) user named Terraform. Then, create an AccessKey pair for the RAM user and grant permissions to the RAM user. For more information, see Create a RAM user and Grant permissions to RAM users.

    Procedure

    1. Create a working directory and a file named main.tf under the directory. 

      provider "alicloud" {
}

    2. Run the following command to initialize the environment for Terraform: 

      terraform init

      If the following information is returned, Terraform is initialized: 

      Initializing the backend...

Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "alicloud" (hashicorp/alicloud) 1.90.1...
...

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

    3. Import the cluster.

      1. Add the cluster resources to the main.tf file. 

        # The ACK managed cluster. 
resource "alicloud_cs_managed_kubernetes" "default" {
}

      2. Run the following command to import the cluster.

        Replace <Cluster-ID> with the ID of the cluster that you want to import. 

        terraform import alicloud_cs_managed_kubernetes.default <Cluster-ID>

        Expected output:

        alicloud_cs_managed_kubernetes.default: Importing from ID "c338cf0f4496a4dc1936a9e314162****"...
alicloud_cs_managed_kubernetes.default: Import complete!
  Imported alicloud_cs_managed_kubernetes
alicloud_cs_managed_kubernetes.default: Refreshing state... [id=c338cf0f4496a4dc1936a9e314162****]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

        The following cluster information is included in the terraform.tfstate file:

        {
      "mode": "managed",
      "type": "alicloud_cs_managed_kubernetes",
      "name": "default",
      "provider": "provider.alicloud",
      "instances": [
        {
          "mode": "managed",
          "type": "alicloud_cs_managed_kubernetes",
          "name": "default",
          "provider": "provider.alicloud",
          "instances": [
             ........
          ]
        }
      ]
    }

      3. Run the following command to query the differences between the local resources and remote resources: 

        terraform plan

        The following information is returned. Add fields whose values are updated in the following code block to the main.tf file: 

        alicloud_cs_managed_kubernetes.default: Refreshing state..
erraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:
# Add the following fields whose values are updated to the main.tf file. 
  # alicloud_cs_managed_kubernetes.default must be replaced
-/+ resource "alicloud_cs_managed_kubernetes" "default" {
      + availability_zone            = (known after apply)
      ~ certificate_authority        = {.....}
      ~ control_plane_log_ttl        = "30" -> (known after apply)
      ~ deletion_protection          = true -> false
      - enable_rrsa                  = false -> null
      ~ id                           = "cc7c582b0b2b546dcb80ae118eef0cb12" -> (known after apply)
      + install_cloud_monitor        = (known after apply)
      + is_enterprise_security_group = (known after apply)
      ~ name                         = "TFCESHI" -> (known after apply)
      + name_prefix                  = "Terraform-Creation"
      ~ nat_gateway_id               = "ngw-wz9njmq9pf8k9gj042vbi" -> (known after apply)
      + new_nat_gateway              = true
      ~ node_cidr_mask               = 25 -> 24 # forces replacement
      + node_port_range              = (known after apply)
      ~ platform                     = "CentOS" -> (known after apply)
      ~ resource_group_id            = "rg-acfmwqnwhqohesq" -> (known after apply)        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

      4. Run the following command to import the preceding fields to the cluster: 

        terraform apply

        The following information is returned after the fields are imported: 

        alicloud_cs_kubernetes_node_pool.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009]
alicloud_cs_managed_kubernetes.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ............


        # (2 unchanged blocks hidden)
    }
Plan: 0 to add, 1 to change, 0 to destroy.

    4. Import the node pool.

      1. Add node resources to the main.tf file. 

        # The ACK managed cluster. 
resource "alicloud_cs_kubernetes_node_pool" "default" {
}

      2. Run the following commands to import the node pool.

        Replace <Cluster-ID> with the cluster ID that you specified in the previous step. Replace <Nodepool-ID> with the ID of the node pool that you want to import. Separate the cluster ID and node pool ID with a colon (:). 

        terraform import alicloud_cs_kubernetes_node_pool.default <Cluster-ID>:<Nodepool-ID>

        Expected output:

        alicloud_cs_kubernetes_node_pool.default: Importing from ID "c338cf0f4496a4dc1936a9e314162****:np0f8f2193384045d4aa503c3d24ca****"...
alicloud_cs_kubernetes_node_pool.default: Import complete!
  Imported alicloud_cs_kubernetes_node_pool
alicloud_cs_kubernetes_node_pool.default: Refreshing state... [id=c338cf0f4496a4dc1936a9e314162****:np0f8f2193384045d4aa503c3d24ca****]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

        The following node pool information is included in the terraform.tfstate file:

        .....
"resources": [
    {
      "mode": "managed",
      "type": "alicloud_cs_kubernetes_node_pool",
      "name": "default",
      "provider": "provider.alicloud",
      "instances": [
        .....
      ]
    }
  ]

      3. Run the following command to query the differences between the local resources and remote resources: 

        terraform plan

        The following information is returned. Add fields whose values are updated in the following code block to the main.tf file: 

        alicloud_cs_managed_kubernetes.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12]
alicloud_cs_kubernetes_node_pool.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:
# Add the following fields whose values are updated to the main.tf file. 
  # alicloud_cs_kubernetes_node_pool.default will be updated in-place
  ~ resource "alicloud_cs_kubernetes_node_pool" "default" {
      ~ name                       = "default-nodepool" -> "default"
      ~ system_disk_size           = 120 -> 40
        tags                       = {}
        # (27 unchanged attributes hidden)

      - management {
          - auto_repair      = true -> null
          - auto_upgrade     = false -> null
          - max_unavailable  = 0 -> null
          - surge            = 0 -> null
          - surge_percentage = 0 -> null
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

      4. Run the following command to import the preceding fields to the cluster: 

        terraform apply

        The following information is returned after the fields are imported: 

        alicloud_cs_kubernetes_node_pool.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009]
alicloud_cs_managed_kubernetes.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ............


        # (2 unchanged blocks hidden)
    }
Plan: 0 to add, 1 to change, 0 to destroy.

      You can manage the cluster and node pool by using the main.tf file after the cluster is imported.

    5. Check whether the node pool can be scaled out as normal

      1. Check whether the node pool can be scaled out as normal by using the main.tf file.

        For example, modify the main.tf file to increase the number of nodes in the node pool by one:

        ......

# The ACK managed cluster. 
resource "alicloud_cs_kubernetes_node_pool" "default" {
  .....
  # The expected number of nodes in the node pool is three. 
  desired_size = 3
}

.....

      2. Run the following command to apply the change: 

        terraform apply

        In the returned information, type yes and press Enter. 

        alicloud_cs_kubernetes_node_pool.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009]
alicloud_cs_managed_kubernetes.default: Refreshing state... [id=cc7c582b0b2b546dcb80ae118eef0cb12]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # alicloud_cs_kubernetes_node_pool.default will be updated in-place
  ~ resource "alicloud_cs_kubernetes_node_pool" "default" {
      ~ desired_size               = 2 -> 3
        # (2 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

alicloud_cs_kubernetes_node_pool.default: Modifying... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009]
alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009, 10s elapsed]
alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009, 20s elapsed]
alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009, 30s elapsed]
alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009, 40s elapsed]
alicloud_cs_kubernetes_node_pool.default: Still modifying... [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009, 50s elapsed]
alicloud_cs_kubernetes_node_pool.default: Modifications complete after 1m0s [id=cc7c582b0b2b546dcb80ae118eef0cb12:np651662dfc3e4440d9979360b24b1a009]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

      You can log on to the ACK console and go to the Node Pools page to check whether a node is added to the node pool.