在Serverless 應用引擎 SAE(Serverless App Engine)上部署應用後,可以通過添加公網SLB(Server Load Balancer,負載平衡)實現公網訪問,也可以添加私網SLB實現同VPC內所有應用間互相訪問。本文介紹如何通過Terraform為SAE應用綁定和解除綁定公網SLB。
說明
本教程所含範例程式碼支援一鍵運行,您可以直接運行代碼。一鍵運行
前提條件
由於阿里雲帳號(主帳號)具有資源的所有許可權,一旦發生泄露將面臨重大風險。建議您使用RAM使用者,並為該RAM使用者建立AccessKey,具體操作方式請參見建立RAM使用者和建立AccessKey。
為運行Terraform命令的RAM使用者綁定以下最小權限原則,以擷取管理本樣本所涉及資源的許可權。更多資訊,請參見為RAM使用者授權。
該自訂權限原則允許RAM使用者對SLB的描述、建立、刪除、配置及狀態設定等操作的許可權,同時允許對SAE應用執行綁定和解除綁定SLB的操作
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "slb:DescribeLoadBalancers", "slb:DescribeLoadBalancerAttribute", "slb:CreateLoadBalancer", "slb:DeleteLoadBalancer", "slb:ModifyLoadBalancerInternetSpec", "slb:CreateLoadBalancerTCPListener", "slb:CreateLoadBalancerHTTPListener", "slb:CreateLoadBalancerHTTPSListener", "slb:DeleteLoadBalancerListener", "slb:SetLoadBalancerStatus", "sae:BindSlb", "sae:UnbindSlb" ], "Resource": "*" } ] }準備Terraform運行環境,您可以選擇以下任一方式來使用Terraform。
ROS提供了Terraform託管服務,因此您可以直接在ROS控制台部署Terraform模板。詳細操作,請參見建立Terraform類型資源棧。
在Terraform Explorer中使用Terraform:阿里雲提供了Terraform的線上運行環境,您無需安裝Terraform,登入後即可線上使用和體驗Terraform。適用於零成本、快速、便捷地體驗和調試Terraform的情境。
Cloud Shell:阿里雲Cloud Shell中預裝了Terraform的組件,並已配置好身份憑證,您可直接在Cloud Shell中運行Terraform的命令。適用於低成本、快速、便捷地訪問和使用Terraform的情境。
在本地安裝和配置Terraform:適用於網路連接較差或需要自訂開發環境的情境。
使用的資源
alicloud_sae_namespace:用於建立和管理 SAE (Serverless Application Engine) 命名空間。
alicloud_security_group:用於建立和管理安全性群組。
alicloud_security_group_rule:用於建立和管理安全性群組規則
alicloud_sae_application:用於建立和管理 SAE 應用。
alicloud_slb_load_balancer:用於建立和管理 SLB (Server Load Balancer)。
alicloud_sae_load_balancer_internet:用於配置 SAE 應用的互連網負載平衡器。
建立應用並綁定SLB
本樣本以在華南1(深圳)地區下為應用綁定SLB為例,介紹如何通過鏡像方式自訂部署應用,並同時為應用綁定SLB。
建立一個用於存放Terraform資源的專案檔夾,命名為terraform。
執行以下命令,進入專案目錄。
cd terraform建立名為main.tf的設定檔。
內容如下:
# 供應商配置 provider "alicloud" { region = var.region_id } # 變數定義 variable "region_id" { type = string default = "cn-shenzhen" } variable "app_name" { description = "應用程式名稱" type = string default = "app-slb" } variable "image_url" { description = "鏡像地址" type = string default = "registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-slim:0.9" } variable "namespace_id" { description = "命名空間ID" type = string default = "cn-shenzhen:demo" } variable "namespace_name" { description = "命名空間名稱" type = string default = "demo" } # 命名空間 resource "alicloud_sae_namespace" "default" { namespace_description = var.namespace_description namespace_id = var.namespace_id namespace_name = var.namespace_name } # VPC resource "alicloud_vpc" "default" { vpc_name = var.name cidr_block = "10.4.0.0/16" } # VSwitch resource "alicloud_vswitch" "default" { vswitch_name = var.name cidr_block = "10.4.0.0/24" vpc_id = alicloud_vpc.default.id zone_id = var.zone_id } # 安全性群組 resource "alicloud_security_group" "sg" { name = var.name description = var.description vpc_id = alicloud_vpc.default.id } resource "alicloud_security_group_rule" "sg_rule" { type = "ingress" ip_protocol = "tcp" nic_type = "intranet" policy = "accept" port_range = var.port_range priority = 1 security_group_id = alicloud_security_group.sg.id cidr_ip = var.cidr_ip } # 應用配置 resource "alicloud_sae_application" "manual" { app_name = var.app_name app_description = var.app_description deploy = true image_url = var.image_url namespace_id = alicloud_sae_namespace.default.id vswitch_id = alicloud_vswitch.default.id vpc_id = alicloud_vpc.default.id security_group_id = alicloud_security_group.sg.id package_type = var.package_type timezone = "Asia/Beijing" replicas = var.replicas cpu = var.cpu memory = var.memory } # SLB配置 resource "alicloud_slb_load_balancer" "slb" { load_balancer_name = "prod" address_type = "internet" load_balancer_spec = "slb.s2.small" vswitch_id = alicloud_vswitch.default.id } resource "alicloud_sae_load_balancer_internet" "example" { app_id = alicloud_sae_application.manual.id internet_slb_id = alicloud_slb_load_balancer.slb.id internet { protocol = "HTTP" port = var.port target_port = 80 } } # 其他變數定義 variable "namespace_description" { description = "Namespace Description" default = "a namespace" } variable "name" { default = "tf" description = "The name of the security group rule" type = string } variable "description" { default = "The description of the security group rule" description = "The description of the security group rule" type = string } variable "port_range" { default = "1/65535" description = "The port range of the security group rule" type = string } variable "cidr_ip" { description = "cidr blocks used to create a new security group rule" type = string default = "0.0.0.0/0" } variable "zone_id" { description = "Availability Zone ID" type = string default = "cn-shenzhen-a" } variable "app_description" { default = "description created by Terraform" description = "The description of the application" type = string } variable "package_type" { default = "Image" description = "The package type of the application" type = string } variable "cpu" { default = "500" description = "The cpu of the application, in unit of millicore" type = string } variable "memory" { default = "1024" description = "The memory of the application, in unit of MB" type = string } variable "replicas" { default = "1" description = "The replicas of the application" type = string } variable "port" { description = "The port of SLB" type = string default = "8000" } # 輸出 output "namespace_id" { value = var.namespace_id description = "Namespace ID" } output "app_id" { description = "The id of the application" value = alicloud_sae_application.manual.id } output "app_name" { description = "The name of the application" value = var.app_name } output "endpoint" { value = format("http://%s:%s", alicloud_slb_load_balancer.slb.address, var.port) }執行以下命令,初始化配置。
terraform init預期結果:
依次執行以下命令,建立應用。
執行以下命令,部署應用。在執行過程中,根據提示輸入
yes並按下Enter鍵,等待命令執行完成,若出現以下資訊,則表示授權完成。terraform apply預期結果:
已成功建立綁定了SLB的應用
app-slb,並輸出了SLB的IP地址和連接埠。驗證結果:
執行terraform show命令
您可以使用以下命令查詢Terraform已建立的資來源詳細資料:
terraform show
瀏覽器訪問截圖
在瀏覽器中輸入SLB的IP地址和連接埠,例如
http://121.43.XXX.XX:8000,斷行符號進入應用首頁。
解除綁定SLB並刪除應用
本樣本以在華南1(深圳)地區下的應用app-slb為例,介紹如何解除綁定SLB並刪除應用。
在目標專案目錄內執行以下命令,回合組態檔案。
terraform destroy預期結果:
已成功解除綁定SLB並刪除應用
app-slb。
完整樣本
說明
當前範例程式碼支援一鍵運行,您可以直接運行代碼。一鍵運行
# 供應商配置
provider "alicloud" {
region = var.region_id
}
# 變數定義
variable "region_id" {
type = string
default = "cn-shenzhen"
}
variable "app_name" {
description = "應用程式名稱"
type = string
default = "app-slb"
}
variable "image_url" {
description = "鏡像地址"
type = string
default = "registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-slim:0.9"
}
variable "namespace_id" {
description = "命名空間ID"
type = string
default = "cn-shenzhen:demo"
}
variable "namespace_name" {
description = "命名空間名稱"
type = string
default = "demo"
}
# 命名空間
resource "alicloud_sae_namespace" "default" {
namespace_description = var.namespace_description
namespace_id = var.namespace_id
namespace_name = var.namespace_name
}
# VPC
resource "alicloud_vpc" "default" {
vpc_name = var.name
cidr_block = "10.4.0.0/16"
}
# VSwitch
resource "alicloud_vswitch" "default" {
vswitch_name = var.name
cidr_block = "10.4.0.0/24"
vpc_id = alicloud_vpc.default.id
zone_id = var.zone_id
}
# 安全性群組
resource "alicloud_security_group" "sg" {
name = var.name
description = var.description
vpc_id = alicloud_vpc.default.id
}
resource "alicloud_security_group_rule" "sg_rule" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = var.port_range
priority = 1
security_group_id = alicloud_security_group.sg.id
cidr_ip = var.cidr_ip
}
# 應用配置
resource "alicloud_sae_application" "manual" {
app_name = var.app_name
app_description = var.app_description
deploy = true
image_url = var.image_url
namespace_id = alicloud_sae_namespace.default.id
vswitch_id = alicloud_vswitch.default.id
vpc_id = alicloud_vpc.default.id
security_group_id = alicloud_security_group.sg.id
package_type = var.package_type
timezone = "Asia/Beijing"
replicas = var.replicas
cpu = var.cpu
memory = var.memory
}
# SLB配置
resource "alicloud_slb_load_balancer" "slb" {
load_balancer_name = "prod"
address_type = "internet"
load_balancer_spec = "slb.s2.small"
vswitch_id = alicloud_vswitch.default.id
}
resource "alicloud_sae_load_balancer_internet" "example" {
app_id = alicloud_sae_application.manual.id
internet_slb_id = alicloud_slb_load_balancer.slb.id
internet {
protocol = "HTTP"
port = var.port
target_port = 80
}
}
# 其他變數定義
variable "namespace_description" {
description = "Namespace Description"
default = "a namespace"
}
variable "name" {
default = "tf"
description = "The name of the security group rule"
type = string
}
variable "description" {
default = "The description of the security group rule"
description = "The description of the security group rule"
type = string
}
variable "port_range" {
default = "1/65535"
description = "The port range of the security group rule"
type = string
}
variable "cidr_ip" {
description = "cidr blocks used to create a new security group rule"
type = string
default = "0.0.0.0/0"
}
variable "zone_id" {
description = "Availability Zone ID"
type = string
default = "cn-shenzhen-a"
}
variable "app_description" {
default = "description created by Terraform"
description = "The description of the application"
type = string
}
variable "package_type" {
default = "Image"
description = "The package type of the application"
type = string
}
variable "cpu" {
default = "500"
description = "The cpu of the application, in unit of millicore"
type = string
}
variable "memory" {
default = "1024"
description = "The memory of the application, in unit of MB"
type = string
}
variable "replicas" {
default = "1"
description = "The replicas of the application"
type = string
}
variable "port" {
description = "The port of SLB"
type = string
default = "8000"
}
# 輸出
output "namespace_id" {
value = var.namespace_id
description = "Namespace ID"
}
output "app_id" {
description = "The id of the application"
value = alicloud_sae_application.manual.id
}
output "app_name" {
description = "The name of the application"
value = var.app_name
}
output "endpoint" {
value = format("http://%s:%s", alicloud_slb_load_balancer.slb.address, var.port)
}相關文檔
Terrafrom介紹,請參見Terraform產品介紹。