Deploying an Alibaba Cloud ACK Kubernetes Cluster with Terraform

This guide demonstrates how to provision an Alibaba Cloud Container Service for Kubernetes (ACK) cluster using Terraform, covering provider configuration, RAM credentials, VPC and VSwitch creation, managed Kubernetes resource definition, and deployment of a Jenkins application.

It starts with initializing the AliCloud and Kubernetes providers, exporting access keys, then defines a VPC (cidr 172.16.0.0/12) and a VSwitch in zone cn-zhangjiakou-a.

The ACK cluster is created with

resource "alicloud_cs_managed_kubernetes" "k8s" {<br/>  name                = var.cluster_name<br/>  version             = local.cluster_version<br/>  cluster_spec        = "ack.standard"<br/>  availability_zone   = "cn-zhangjiakou-a"<br/>  service_cidr        = local.service_cidr<br/>  pod_cidr            = local.pod_cidr<br/>  new_nat_gateway     = true<br/>  load_balancer_spec  = "slb.s1.small"<br/>  slb_internet_enabled = true<br/>  password            = "Password123.com"<br/>  node_port_range     = "30000-32767"<br/>  os_type             = "Linux"<br/>  platform            = "CentOS"<br/>  worker_number       = 1<br/>  worker_instance_types = ["ecs.g6.xlarge"]<br/>  worker_vswitch_ids  = [alicloud_vswitch.vsw.id]<br/>  worker_disk_category = "cloud_efficiency"<br/>  worker_disk_size    = 40<br/>  runtime = { name = "docker"; version = "19.03.5" }<br/>  // optional addons omitted for brevity<br/>}

, specifying version, service and pod CIDRs, NAT gateway, load balancer, password, node settings, Docker runtime, and optional addons.

Standard Terraform workflow commands ( terraform fmt, terraform validate, terraform plan, terraform apply, terraform apply -auto-approve) are run to apply the configuration.

After the cluster is ready, a Jenkins deployment and service are defined with

resource "kubernetes_deployment_v1" "jenkins" {<br/>  provider = kubernetes.clustera<br/>  metadata { name = "jenkins"; labels = { app = "jenkins" }; namespace = kubernetes_namespace.jenkins.id }<br/>  spec { replicas = 1<br/>    selector { match_labels = { app = "jenkins" } }<br/>    template { metadata { labels = { app = "jenkins" } }<br/>      spec { container { name = "jenkins"; image = "jenkins/jenkins:2.332.2-centos7-jdk8"; ports { container_port = 8080 }<br/>        resources { limits = { cpu = "1000m"; memory = "4096Mi" }<br/>                    requests = { cpu = "250m"; memory = "1024Mi" } } } } } } }

and

resource "kubernetes_service_v1" "jenkins" {<br/>  provider = kubernetes.clustera<br/>  metadata { name = "jenkins-service"; namespace = kubernetes_namespace.jenkins.id }<br/>  spec { selector = { app = kubernetes_deployment_v1.jenkins.metadata[0].labels.app }<br/>         port { port = 8080; target_port = 8080 }<br/>         type = "ClusterIP" } }

, followed by an ingress rule to expose it.

Additional resources such as a DNS A record (

resource "alicloud_dns_record" "record" { name = "zeyang.site"; host_record = "jenkins"; type = "A"; value = kubernetes_ingress_v1.jenkins_ingress.status[0].load_balancer[0].ingress[0].ip }

) and a namespace are created, and the guide shows how to destroy the infrastructure with terraform destroy.

An optional ASK (serverless Kubernetes) extension is provided, illustrating how to import an existing ASK cluster into Terraform state (

terraform import alicloud_cs_serverless_kubernetes.main c995c50e1efa54eb9a1b03c8e41df22e5

) and manage its VPC, VSwitch, and serverless cluster resources using resource "alicloud_cs_serverless_kubernetes" "main" { ... }.