This topic describes how to create a ACK Serverless cluster using Terraform.
The sample code in this tutorial is ready to run. You can execute them directly here.
Prerequisites
Container Service for Kubernetes (ACK) is activated. For more information about how to use Terraform to activate ACK, see Use Terraform to activate ACK and assign service roles to ACK.
An AccessKey pair is created for the Resource Access Management (RAM) user you log on as.
NoteBy default, an Alibaba Cloud account has full permissions on all resources that belong to this account. We recommend using a RAM account, as it provides limited resource permissions, minimizing potential security risks in case your credentials are compromised.
The following policy is attached to the RAM user that you use to run commands in Terraform. The policy includes the minimum permissions required to run commands in Terraform. For more information, see Grant permissions to a RAM user.
This access policy allows the RAM user to create, view, and delete virtual private clouds (VPCs), vSwitches, security groups, and ACK clusters.
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "vpc:CreateVpc", "vpc:CreateVSwitch", "vpc:DescribeVpcAttribute", "vpc:DescribeRouteTableList", "vpc:DescribeVSwitchAttributes", "ecs:CreateSecurityGroup", "ecs:ModifySecurityGroupPolicy", "ecs:DescribeSecurityGroups", "ecs:DescribeSecurityGroupAttribute", "ecs:ListTagResources", "cs:CreateCluster", "cs:DescribeTaskInfo", "cs:DescribeClusterDetail", "vpc:DeleteVpc", "vpc:DeleteVSwitch", "cs:DeleteCluster", "ecs:DeleteSecurityGroup" ], "Resource": "*" } ] }The runtime environment for Terraform is prepared by using one of the following methods:
Explorer: Alibaba Cloud provides an online runtime environment for Terraform. You can log on to the environment and use Terraform without needing to install it. Suitable for scenarios where you need to use and debug Terraform in a low-cost, efficient, and convenient manner.
Cloud Shell: Cloud Shell is preinstalled with Terraform and configured with your identity credentials. You can run Terraform commands in Cloud Shell. Suitable for scenarios where you need to use and access Terraform in a low-cost, efficient, and convenient manner.
Install and configure Terraform on your on-premises machine: Suitable for scenarios where network connections are unstable or a custom development environment is needed.
ImportantYou must install Terraform 0.12.28 or later. Run the terraform --version command to check the Terraform version.
Resources used
Some resources in this example will incur costs. Release or unsubscribe them when they are no longer needed.
alicloud_eci_zones: Queries the zones available for elastic container instances.
alicloud_vpc: Creates a VPC.
alicloud_vswitch: Creates a vSwitch to divide a VPC into one or more subnets.
alicloud_security_group: Creates a security group for the cluster.
alicloud_cs_serverless_kubernetes: Creates an ACK Serverless cluster.
Procedure
Create the Terraform configuration file.
Create a new directory for your Terraform project.
Inside the directory, create a file named main.tf and add the following code to it.
provider "alicloud" { region = var.region_id } variable "region_id" { type = string default = "cn-shenzhen" } variable "cluster_spec" { type = string description = "The cluster specifications of kubernetes cluster,which can be empty. Valid values:ack.standard : Standard managed clusters; ack.pro.small : Professional managed clusters." default = "ack.pro.small" } variable "k8s_name_prefix" { description = "The name prefix used to create ASK cluster." default = "ask-example" } variable "ack_version" { type = string description = "Desired Kubernetes version. " default = "1.31.1-aliyun.1" } # The default resource names. locals { k8s_name_ask = substr(join("-", [var.k8s_name_prefix, "ask"]), 0, 63) new_vpc_name = "tf-vpc-172-16" new_vsw_name = "tf-vswitch-172-16-0" new_sg_name = "tf-sg-172-16" } data "alicloud_eci_zones" "default" {} resource "alicloud_vpc" "vpc" { vpc_name = local.new_vpc_name cidr_block = "172.16.0.0/12" } resource "alicloud_vswitch" "vsw" { vswitch_name = local.new_vsw_name vpc_id = alicloud_vpc.vpc.id cidr_block = cidrsubnet(alicloud_vpc.vpc.cidr_block, 8, 8) zone_id = data.alicloud_eci_zones.default.zones.0.zone_ids.1 } resource "alicloud_security_group" "group" { name = local.new_sg_name vpc_id = alicloud_vpc.vpc.id } resource "alicloud_cs_serverless_kubernetes" "serverless" { name = local.k8s_name_ask version = var.ack_version # Replace with the version of the cluster you want to create. cluster_spec = var.cluster_spec vpc_id = alicloud_vpc.vpc.id vswitch_ids = split(",", join(",", alicloud_vswitch.vsw.*.id)) new_nat_gateway = true endpoint_public_access_enabled = true deletion_protection = false security_group_id = alicloud_security_group.group.id # Configure ServiceAccount through RRSA. enable_rrsa = true time_zone = "Asia/Shanghai" service_cidr = "10.13.0.0/16" service_discovery_types = ["CoreDNS"] # tags tags = { "cluster" = "ack-serverless" } # addons addons { name = "nginx-ingress-controller" # Use Internet. config = "{\"IngressSlbNetworkType\":\"internet\",\"IngressSlbSpec\":\"slb.s2.small\"}" # If using Intranet, configure as follows. # config = "{\"IngressSlbNetworkType\":\"intranet\",\"IngressSlbSpec\":\"slb.s2.small\"}" } addons { name = "metrics-server" } addons { name = "knative" } addons { name = "managed-arms-prometheus" } addons { name = "logtail-ds" # Specify a specific sls_project_name # config = "{\"sls_project_name\":\"<YOUR-SLS-PROJECT-NAME>}\"}" } }
Run the following command in your project directory to initialize the Terraform environment.
terraform initExpected output:
Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.Run the following command to generate an execution plan.
terraform planThe following information is returned. You can preview the resources that Terraform will create.
Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ... Plan: 4 to add, 0 to change, 0 to destroy. ...Run the following command to create the cluster.
terraform applyWhen prompted, type
yesand press the Enter key to confirm. The creation process will take several minutes. A successful apply will end with a message similar to this:... Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes ... alicloud_cs_serverless_kubernetes.serverless: Creation complete after 8m26s [id=************] Apply complete! Resources: 4 added, 0 changed, 0 destroyed.Verify the result.
Run command
Use the following command to query the detailed information of resources created by Terraform:
terraform showUse the ACK console
Log on to the ACK console to view the created cluster.
Clean up resources
When you no longer need the resources, run the following command to destroy all resources created in this topic. For more management commands, see Common commands.
terraform destroy