After you deploy an application in Serverless App Engine (SAE), you can associate the application with an Internet-facing Server Load Balancer (SLB) instance to implement Internet access. You can also associate the application with an internal-facing SLB instance to communicate with the other applications in the virtual private cloud (VPC) where your application resides. This topic describes how to use Terraform to associate an Internet-facing SLB instance with an SAE application and how to disassociate the SLB instance.
Prerequisites
- Terraform is installed.
- You can use pre-installed Terraform in Cloud Shell. For more information, see Use Terraform in Cloud Shell.
- You can also install and configure Terraform in your local PC. For more information, see Install and configure Terraform in the local PC.
- Your account information is configured.
You can select an Alibaba Cloud authentication method to provide the authentication information required by Terraform. The following example shows how to use environment variables to perform authentication:
export ALICLOUD_ACCESS_KEY="************" export ALICLOUD_SECRET_KEY="************" export ALICLOUD_REGION="cn-hangzhou"Note To ensure data security, we recommend that you grant a RAM user the permissions to manage SAE resources based on your business requirements. For more information, see Grant permissions to a RAM user.
Background information
To associate an SLB instance with an
SAE application by using Terraform, you must configure the
alicloud_sae_load_balancer_internet resource when creating the application. To disassociate an SLB instance from an application, you must delete both the SLB instance and the application. The
alicloud_sae_load_balancer_internet resource of Terraform includes the following parameters:
- Required:app_id: the ID of the application with which you want to associate the SLB instance.
- Optional:internet_slb_id: the ID of the Internet-facing SLB instance.
- Required:internet: specifies to associate the application with the Internet-facing SLB instance. Parameter description:
- protocol: the network protocol. Valid values:
TCP,HTTP, andHTTPS. - https_cert_id: the ID of the Secure Sockets Layer (SSL) certificate. This parameter is required if you set the protocol parameter to HTTPS.
- target_port: the container port on which the process listens. The port is defined by the service. For example, a Web service uses port 8080 by default.
- port: the port of the SLB instance. Valid values: 1 to 65535.
- protocol: the network protocol. Valid values:
For more information, see alicloud_sae_load_balancer_internet.
Create an application and associate the application with an SLB instance
This section describes how to use an image to deploy an application, manually configure the application, and then associate the application with an SLB instance. The China (Hangzhou) region is used in this example.
- Create a project folder named terraform for storing Terraform resources.
- Run the following command to go to the project directory:
cd terraform - Create a configuration file named main.tf.
Sample code:
terraform { required_providers { alicloud = { source = "hashicorp/alicloud" version = "~> 1.164.0" } } } # Specify the namespace. resource "alicloud_sae_namespace" "default" { namespace_description = var.namespace_description namespace_id = var.namespace_id namespace_name = var.namespace_name } # Specify the security group. resource "alicloud_security_group" "sg" { name = var.name description = var.description vpc_id = module.vpc.VPC_ID } resource "alicloud_security_group_rule" "sg_rule" { type = "ingress" ip_protocol = "tcp" nic_type = "intranet" policy = "accept" port_range = var.port_range priority = 1 security_group_id = alicloud_security_group.sg.id cidr_ip = var.cidr_ip } module "vpc" { source = "git::github.com/kubevela-contrib/terraform-modules.git//alibaba/vswitch" zone_id = var.zone_id } # Manually configure the application. resource "alicloud_sae_application" "manual" { app_name = var.app_name app_description = var.app_description deploy = true image_url = var.image_url namespace_id = alicloud_sae_namespace.default.id vswitch_id = module.vpc.VSWITCH_ID vpc_id = module.vpc.VPC_ID security_group_id = alicloud_security_group.sg.id package_type = var.package_type timezone = "Asia/Beijing" replicas = var.replicas cpu = var.cpu memory = var.memory } # Configure an SLB instance. resource "alicloud_slb_load_balancer" "slb" { load_balancer_name = "prod" address_type = "internet" load_balancer_spec = "slb.s2.small" vswitch_id = module.vpc.VSWITCH_ID } resource "alicloud_sae_load_balancer_internet" "example" { app_id = alicloud_sae_application.manual.id internet_slb_id = alicloud_slb_load_balancer.slb.id internet { protocol = "HTTP" port = var.port target_port = 80 } } # Specify the description of the namespace. variable "namespace_description" { description = "Namespace Description" default = "a namespace" } # Specify the name of the namespace. variable "namespace_name" { description = "Namespace Name" type = string } # Specify the ID of the namespace. variable "namespace_id" { description = "Namespace ID" type = string } output "namespace_id" { value = var.namespace_id description = "Namespace ID" } # Specify the name of the security group. variable "name" { default = "tf" description = "The name of the security group rule" type = string } # Specify the description of the security group. variable "description" { default = "The description of the security group rule" description = "The description of the security group rule" type = string } # Specify the port range. variable "port_range" { default = "1/65535" description = "The port range of the security group rule" type = string } # Specify the Classless Inter-Domain Routing (CIDR) block. variable "cidr_ip" { description = "cidr blocks used to create a new security group rule" type = string default = "0.0.0.0/0" } # Specify the zone in the region. variable "zone_id" { description = "Availability Zone ID" type = string default = "cn-hongkong-b" } # Specify the application name. variable "app_name" { description = "The name of the application" type = string } # Specify the description of the application. variable "app_description" { default = "description created by Terraform" description = "The description of the application" type = string } # Specify the deployment method of the application. variable "package_type" { default = "Image" description = "The package type of the application" type = string } # Specify the CPU specifications of the instance. variable "cpu" { default = "500" description = "The cpu of the application, in unit of millicore" type = string } # Specify the memory size of the instance. variable "memory" { default = "1024" description = "The memory of the application, in unit of MB" type = string } # Specify the number of application instances. variable "replicas" { default = "1" description = "The replicas of the application" type = string } # Specify the port of the SLB instance. variable "port" { description = "The port of SLB" type = string default = "8000" } # Specify the address of the image. variable "image_url" { description = "The image url of the application, like `registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-slim:0.9`" type = string } output "app_id" { description = "The id of the application" value = alicloud_sae_application.manual.id } output "app_name" { description = "The name of the application" value = var.app_name } output "endpoint" { value = format("http://%s:%s", alicloud_slb_load_balancer.slb.address, var.port) } - Run the following command to initialize the configurations:
terraform init - Perform the following steps to create an application.
The
app-slbapplication is created and associated with the SLB instance. The IP address and port of the SLB instance are displayed in the output. - Verify the result.
Enter the IP address and port of the SLB instance in the browser, such as
http://121.43.XXX.XX:8000. Press Enter to go to the homepage of the application.
Disassociate the SLB instance and delete the application
This section describes how to disassociate the SLB instance from an application and delete the application. The app-slb application in the China (Hangzhou) region is used in this example.
- Run the following command in the project directory to execute the configuration file:
terraform destroy - To delete the application, enter the following information as prompted:
- app_name: Enter
app-scaling. - image_url: Enter
registry.cn-hangzhou.aliyuncs.com/****/****:01.Format:registry.<regionId>.aliyuncs.com/<Namespace name>/<Repository name>:<Image version>You can log on to the Container Registry console and obtain the image address on the Details page of the repository.
- namespace_id: the ID of the namespace. Enter
cn-hangzhou:demo. - namespace_name: the name of the namespace. Enter
demo.
Expected output:... alicloud_sae_namespace.default: Refreshing state... [id=cn-hangzhou:demo] module.vpc.alicloud_vpc.vpc[0]: Refreshing state... [id=vpc-bp1dmztolc522gckb****] ... alicloud_sae_load_balancer_internet.example: Refreshing state... [id=422e0338-04f4-442d-bfbe-b826895d****] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - destroy ... Plan: 0 to add, 0 to change, 8 to destroy. Changes to Outputs: - app_id = "422e0338-04f4-442d-bfbe-b826895d****" -> null - app_name = "app-slb" -> null - endpoint = "http://121.43.XXX.XX:8000" -> null - namespace_id = "cn-hangzhou:demo" -> null alicloud_security_group_rule.sg_rule: Destroying... [id=sg-bp1bmslkl1itv94n****:ingress:tcp:1/65535:intranet:0.0.0.0/0:accept:1] ... module.vpc.alicloud_vpc.vpc[0]: Destroying... [id=vpc-bp1dmztolc522gckb****] module.vpc.alicloud_vpc.vpc[0]: Destruction complete after 6s Destroy complete! Resources: 8 destroyed.The SLB instance is disassociated and theapp-slbapplication is deleted. - app_name: Enter