雲原生之旅
前言
工欲善其事,必先利其器。本篇文章我們介紹下 Terraform,為後續建立各種雲資源做準備,比如Kubernetes
關鍵詞:IaC, Infrastructure as Code, Terraform, 基礎架構即程式碼,Terraform 例子, Terraform 入門,Terraform 簡介
Terraform 是什麼?
Terraform 是一種安全有效地構建、更改和版本控制基礎設施的工具(基礎架構自動化的編排工具)。它的目標是 "Write, Plan, and create Infrastructure as Code", 基礎架構即程式碼。Terraform 幾乎可以支援所有市面上能見到的雲服務。具體的說就是可以用程式碼來管理維護 IT 資源,把之前需要手動操作的一部分任務通過程式來自動化的完成,這樣的做的結果非常明顯:高效、不易出錯。
Terraform 絕對是一個非常好用的工具,目前各大雲平臺也都支援的不錯,我很看好它的未來。Terraform 也是用 Go 語言開發的開源專案,你可以在 github 上存取到它的原始碼以及各種檔案。
安裝
我這裡強烈推薦tfenv, 下面介紹如何在Mac上利用 tfenv 來安裝Terraform。
安裝 tfenv
brew install tfenv brew link tfenv
利用tfenv 安裝 Terraform
# install latest version
tfenv install latest
# install specific version
tfenv install 1.2.9
列出所有版本
% tfenv list 1.2.9 1.0.0 0.14.2 0.13.7 * 0.13.5 (set by /usr/local/Cellar/tfenv/2.0.0/version)
* 表示當前使用的版本
切換版本
# switch to 1.2.9
tfenv use 1.2.9
Switching default version to v1.2.9
Switching completed
解除安裝
tfenv uninstall 0.14.2 tfenv uninstall latest
### https://www.cnblogs.com/wade-xu/p/16709133.html ###
Provider
我們公司主要用GCP 谷歌雲, 所以這裡也用 google 的 provider 來入門Terraform
安裝 Google Cloud SDK Install https://cloud.google.com/sdk/docs/quickstarts
Configure the environment for gcloud:
gcloud auth login gcloud auth list
確保你的賬號有許可權操作GCP的Project
我的目錄結構如下
providers.tf
1 terraform { 2 required_version = ">= 1.2.9" 3 4 required_providers { 5 google = { 6 source = "hashicorp/google" 7 version = "~> 4" 8 } 9 } 10 } 11 12 provider "google" { 13 project = local.project.project_id 14 region = local.project.region 15 }
backend.tf
terraform { backend "gcs" { bucket = "wadexu007" prefix = "demo/state" } }
這裡的bucket要提前建好用來存放Terraform state檔案。
network.tf
resource "google_compute_network" "default" { project = local.project.project_id name = local.project.network_name auto_create_subnetworks = true routing_mode = "GLOBAL" }
Network資源各個引數參考官方檔案。
locals.tf
locals { # project details project = { project_id = "demo-eng-cn-dev" region = "asia-east2" network_name = "wade-test-network" } }
### https://www.cnblogs.com/wade-xu/p/16709133.html ###
init
在此目錄下執行
terraform init
此目錄下會生成 .terraform 資料夾,init其實就安裝依賴外掛到 .terraform 目錄中:
Plan
plan 命令會檢查組態檔並生成執行計劃,如果發現組態檔中有錯誤會報錯。
terraform plan
結果如下
% terraform plan Acquiring state lock. This may take a few moments... Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # google_compute_network.default will be created + resource "google_compute_network" "default" { + auto_create_subnetworks = true + delete_default_routes_on_create = false + gateway_ipv4 = (known after apply) + id = (known after apply) + internal_ipv6_range = (known after apply) + mtu = (known after apply) + name = "wade-test-network" + project = "xperiences-eng-cn-dev" + routing_mode = "GLOBAL" + self_link = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy.
Apply
在使用 apply 命令執行實際的部署時,預設會先執行 plan 命令並進入互動模式等待使用者確認操作。
terraform apply
輸入 Yes
Tips: 可以使用 -auto-approve 選項跳過這些步驟直接執行部署操作。
terraform apply -auto-approve
GCS bucket 裡面的 Terraform 狀態檔案 gs://wadexu007/demo/state/default.tfstate 如下
{ "version": 4, "terraform_version": "1.2.9", "serial": 1, "lineage": "30210d18-6dd5-a542-5b0d-xxxxxxxx", "outputs": {}, "resources": [ { "mode": "managed", "type": "google_compute_network", "name": "default", "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", "instances": [ { "schema_version": 0, "attributes": { "auto_create_subnetworks": true, "delete_default_routes_on_create": false, "description": "", "enable_ula_internal_ipv6": false, "gateway_ipv4": "", "id": "projects/demo-eng-cn-dev/global/networks/wade-test-network", "internal_ipv6_range": "", "mtu": 0, "name": "wade-test-network", "project": "demo-eng-cn-dev", "routing_mode": "GLOBAL", "self_link": "https://www.googleapis.com/compute/v1/projects/demo-eng-cn-dev/global/networks/wade-test-network", "timeouts": null }, "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2xxxxxxxxxxxxxxxxxxxxx9" } ] } ] }
GCP控制檯檢視新建的資源
Destory
terraform destroy
銷燬資源,務必小心
% terraform destroy Acquiring state lock. This may take a few moments... google_compute_network.default: Refreshing state... [id=projects/demo-eng-cn-dev/global/networks/wade-test-network] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # google_compute_network.default will be destroyed - resource "google_compute_network" "default" { - auto_create_subnetworks = true -> null - delete_default_routes_on_create = false -> null - enable_ula_internal_ipv6 = false -> null - id = "projects/demo-eng-cn-dev/global/networks/wade-test-network" -> null - mtu = 0 -> null - name = "wade-test-network" -> null - project = "demo-eng-cn-dev" -> null - routing_mode = "GLOBAL" -> null - self_link = "https://www.googleapis.com/compute/v1/projects/demo-eng-cn-dev/global/networks/wade-test-network" -> null } Plan: 0 to add, 0 to change, 1 to destroy. Do you really want to destroy all resources? Terraform will destroy all your managed infrastructure, as shown above. There is no undo. Only 'yes' will be accepted to confirm. Enter a value: yes google_compute_network.default: Destroying... [id=projects/xperiences-eng-cn-dev/global/networks/wade-test-network] google_compute_network.default: Still destroying... [id=projects/demo-eng-cn-dev/global/networks/wade-test-network, 10s elapsed] google_compute_network.default: Still destroying... [id=projects/demo-eng-cn-dev/global/networks/wade-test-network, 20s elapsed] google_compute_network.default: Still destroying... [id=projects/demo-eng-cn-dev/global/networks/wade-test-network, 30s elapsed] google_compute_network.default: Still destroying... [id=projects/demo-eng-cn-dev/global/networks/wade-test-network, 40s elapsed] google_compute_network.default: Still destroying... [id=projects/demo-eng-cn-dev/global/networks/wade-test-network, 50s elapsed] google_compute_network.default: Destruction complete after 54s Releasing state lock. This may take a few moments... Destroy complete! Resources: 1 destroyed.
附上我的learning by doing 程式碼 供參考。
總結
Terraform 用法很簡單,支援的雲廠商也很多,只要檢視對應檔案建立你的資源就行, 上述例子僅僅入門,玩法很多,還可以module化,這樣不同的環境只需要source一下module,傳入不同的引數就行。
除了建雲資源,其它比如 Jenkins,Spinnaker, DNS,Vault 都可以用Terraform來建,所有infra 用程式碼來實現,人管程式碼,程式碼管基礎設施,避免管理員直接控制檯操作基礎設施,後面再運用上Atlantis 將Terraform 在Git上執行,所有change走PR, review之後apply change, 這也是GitOps的一種最佳實踐。
另外,Terraform 也支援開發自己的provider。
感謝閱讀,如果您覺得本文的內容對您的學習有所幫助,您可以打賞和推薦,您的鼓勵是我創作的動力。