以 Azure Kubernetes Service 和 Terraform 建立 Kubernetes 叢集Create a Kubernetes cluster with Azure Kubernetes Service and Terraform

Azure Kubernetes Service (AKS) 可以管理裝載 Kubernetes 的環境;因此,您不需具備容器協調流程專業知識,就能快速、輕鬆地部署及管理容器化應用程式。Azure Kubernetes Service (AKS) manages your hosted Kubernetes environment, making it quick and easy to deploy and manage containerized applications without container orchestration expertise. 也可透過佈建、升級與依需求調整資源,以無需讓應用程式離線的方式來消除進行中作業及維護之間的界線。It also eliminates the burden of ongoing operations and maintenance by provisioning, upgrading, and scaling resources on demand, without taking your applications offline.

在本教學課程中,您將了解如何執行下列工作,以使用 Terraform 和 AKS 建立 Kubernetes 叢集:In this tutorial, you learn how to perform the following tasks in creating a Kubernetes cluster using Terraform and AKS:

  • 使用 HCL (HashiCorp 語言) 定義 Kubernetes 叢集Use HCL (HashiCorp Language) to define a Kubernetes cluster
  • 使用 Terraform 和 AKS 建立 Kubernetes 叢集Use Terraform and AKS to create a Kubernetes cluster
  • 使用 kubectl 工具測試 Kubernetes 叢集的可用性Use the kubectl tool to test the availability of a Kubernetes cluster

必要條件Prerequisites

建立目錄結構Create the directory structure

第一個步驟是先建立目錄,用來存放供練習使用的 Terraform 組態檔。The first step is to create the directory that holds your Terraform configuration files for the exercise.

  1. 瀏覽至 Azure 入口網站Browse to the Azure portal.

  2. 開啟 Azure Cloud ShellOpen Azure Cloud Shell. 如果您先前未選取環境,請選取 Bash 作為您的環境。If you didn't select an environment previously, select Bash as your environment.

    Cloud Shell 提示

  3. 切換至 clouddrive 目錄。Change directories to the clouddrive directory.

    cd clouddrive
    
  4. 建立名為 terraform-aks-k8s 的目錄。Create a directory named terraform-aks-k8s.

    mkdir terraform-aks-k8s
    
  5. 將目錄變更為新的目錄:Change directories to the new directory:

    cd terraform-aks-k8s
    

宣告 Azure 提供者Declare the Azure provider

建立宣告 Azure 提供者的 Terraform 組態檔。Create the Terraform configuration file that declares the Azure provider.

  1. 在 Cloud Shell 中建立名稱為 main.tf 的檔案。In Cloud Shell, create a file named main.tf.

    vi main.tf
    
  2. 選取 I 鍵輸入插入模式。Enter insert mode by selecting the I key.

  3. 將下列程式碼貼到編輯器中:Paste the following code into the editor:

    provider "azurerm" {
        version = "~>1.5"
    }
    
    terraform {
        backend "azurerm" {}
    }
    
  4. 選取 Esc 鍵結束插入模式。Exit insert mode by selecting the Esc key.

  5. 輸入下列命令來儲存檔案及結束 vi 編輯器:Save the file and exit the vi editor by entering the following command:

    :wq
    

定義 Kubernetes 叢集Define a Kubernetes cluster

建立宣告 Kubernetes 叢集資源的 Terraform 組態檔。Create the Terraform configuration file that declares the resources for the Kubernetes cluster.

  1. 在 Cloud Shell 中建立名稱為 k8s.tf 的檔案。In Cloud Shell, create a file named k8s.tf.

    vi k8s.tf
    
  2. 選取 I 鍵輸入插入模式。Enter insert mode by selecting the I key.

  3. 將下列程式碼貼到編輯器中:Paste the following code into the editor:

    resource "azurerm_resource_group" "k8s" {
        name     = "${var.resource_group_name}"
        location = "${var.location}"
    }
    
    resource "random_id" "log_analytics_workspace_name_suffix" {
        byte_length = 8
    }
    
    resource "azurerm_log_analytics_workspace" "test" {
        # The WorkSpace name has to be unique across the whole of azure, not just the current subscription/tenant.
        name                = "${var.log_analytics_workspace_name}-${random_id.log_analytics_workspace_name_suffix.dec}"
        location            = "${var.log_analytics_workspace_location}"
        resource_group_name = "${azurerm_resource_group.k8s.name}"
        sku                 = "${var.log_analytics_workspace_sku}"
    }
    
    resource "azurerm_log_analytics_solution" "test" {
        solution_name         = "ContainerInsights"
        location              = "${azurerm_log_analytics_workspace.test.location}"
        resource_group_name   = "${azurerm_resource_group.k8s.name}"
        workspace_resource_id = "${azurerm_log_analytics_workspace.test.id}"
        workspace_name        = "${azurerm_log_analytics_workspace.test.name}"
    
        plan {
            publisher = "Microsoft"
            product   = "OMSGallery/ContainerInsights"
        }
    }
    
    resource "azurerm_kubernetes_cluster" "k8s" {
        name                = "${var.cluster_name}"
        location            = "${azurerm_resource_group.k8s.location}"
        resource_group_name = "${azurerm_resource_group.k8s.name}"
        dns_prefix          = "${var.dns_prefix}"
    
        linux_profile {
            admin_username = "ubuntu"
    
            ssh_key {
                key_data = "${file("${var.ssh_public_key}")}"
            }
        }
    
        agent_pool_profile {
            name            = "agentpool"
            count           = "${var.agent_count}"
            vm_size         = "Standard_DS1_v2"
            os_type         = "Linux"
            os_disk_size_gb = 30
        }
    
        service_principal {
            client_id     = "${var.client_id}"
            client_secret = "${var.client_secret}"
        }
    
        addon_profile {
            oms_agent {
            enabled                    = true
            log_analytics_workspace_id = "${azurerm_log_analytics_workspace.test.id}"
            }
        }
    
        tags = {
            Environment = "Development"
        }
    }
    

    上述程式碼可設定叢集名稱、位置和 resource_group_name;The preceding code sets the name of the cluster, location, and the resource_group_name. 此外,也能設定屬於完整網域名稱 (FQDN) 一部分的 dns_prefix 值 (完整網域名稱可用來存取叢集)。In addition, the dns_prefix value - that forms part of the fully qualified domain name (FQDN) used to access the cluster - is set.

    linux_profile 記錄可讓您配置使用 SSH 登入背景工作角色節點的設定。The linux_profile record allows you to configure the settings that enable signing into the worker nodes using SSH.

    透過 AKS,您只需要為背景工作角色節點付費。With AKS, you pay only for the worker nodes. agent_pool_profile 記錄可設定這些背景工作角色節點的詳細資料。The agent_pool_profile record configures the details for these worker nodes. agent_pool_profile 記錄涵蓋要建立的背景工作角色節點數量,以及背景工作角色節點的類型。The agent_pool_profile record includes the number of worker nodes to create and the type of worker nodes. 若您日後需要擴充或縮減叢集規模,可修改此記錄中的 count 值。If you need to scale up or scale down the cluster in the future, you modify the count value in this record.

  4. 選取 Esc 鍵結束插入模式。Exit insert mode by selecting the Esc key.

  5. 輸入下列命令來儲存檔案及結束 vi 編輯器:Save the file and exit the vi editor by entering the following command:

    :wq
    

宣告變數Declare the variables

  1. 在 Cloud Shell 中建立名稱為 variables.tf 的檔案。In Cloud Shell, create a file named variables.tf.

    vi variables.tf
    
  2. 選取 I 鍵輸入插入模式。Enter insert mode by selecting the I key.

  3. 將下列程式碼貼到編輯器中:Paste the following code into the editor:

    variable "client_id" {}
    variable "client_secret" {}
    
    variable "agent_count" {
        default = 3
    }
    
    variable "ssh_public_key" {
        default = "~/.ssh/id_rsa.pub"
    }
    
    variable "dns_prefix" {
        default = "k8stest"
    }
    
    variable cluster_name {
        default = "k8stest"
    }
    
    variable resource_group_name {
        default = "azure-k8stest"
    }
    
    variable location {
        default = "Central US"
    }
    
    variable log_analytics_workspace_name {
        default = "testLogAnalyticsWorkspaceName"
    }
    
    # refer https://azure.microsoft.com/global-infrastructure/services/?products=monitor for log analytics available regions
    variable log_analytics_workspace_location {
        default = "eastus"
    }
    
    # refer https://azure.microsoft.com/pricing/details/monitor/ for log analytics pricing 
    variable log_analytics_workspace_sku {
        default = "PerGB2018"
    }
    
  4. 選取 Esc 鍵結束插入模式。Exit insert mode by selecting the Esc key.

  5. 輸入下列命令來儲存檔案及結束 vi 編輯器:Save the file and exit the vi editor by entering the following command:

    :wq
    

建立 Terraform 輸出檔Create a Terraform output file

Terraform 輸出檔可讓您定義 Terraform 套用方案後要對使用者醒目提示的值,以及讓您能使用 terraform output 命令查詢此輸出檔。Terraform outputs allow you to define values that will be highlighted to the user when Terraform applies a plan, and can be queried using the terraform output command. 在本節中,您可建立允許透過 kubectl 存取叢集的輸出檔。In this section, you create an output file that allows access to the cluster with kubectl.

  1. 在 Cloud Shell 中建立名稱為 output.tf 的檔案。In Cloud Shell, create a file named output.tf.

    vi output.tf
    
  2. 選取 I 鍵輸入插入模式。Enter insert mode by selecting the I key.

  3. 將下列程式碼貼到編輯器中:Paste the following code into the editor:

    output "client_key" {
        value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.client_key}"
    }
    
    output "client_certificate" {
        value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate}"
    }
    
    output "cluster_ca_certificate" {
        value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate}"
    }
    
    output "cluster_username" {
        value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.username}"
    }
    
    output "cluster_password" {
        value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.password}"
    }
    
    output "kube_config" {
        value = "${azurerm_kubernetes_cluster.k8s.kube_config_raw}"
    }
    
    output "host" {
        value = "${azurerm_kubernetes_cluster.k8s.kube_config.0.host}"
    }
    
  4. 選取 Esc 鍵結束插入模式。Exit insert mode by selecting the Esc key.

  5. 輸入下列命令來儲存檔案及結束 vi 編輯器:Save the file and exit the vi editor by entering the following command:

    :wq
    

設定 Azure 儲存體以儲存 Terraform 狀態Set up Azure storage to store Terraform state

Terraform 可透過 terraform.tfstate 檔案在本機追蹤狀態。Terraform tracks state locally via the terraform.tfstate file. 此模式在單一人員環境中運作良好。This pattern works well in a single-person environment. 不過,在更常見的多人環境中,您必須追蹤使用 Azure 儲存體的伺服器的狀態。However, in a more practical multi-person environment, you need to track state on the server utilizing Azure storage. 在本節中,您可擷取必要的儲存體帳戶資訊 (帳戶名稱和帳戶金鑰),以及建立儲存體容器,而系統會將 Terraform 狀態資訊儲存在該容器中。In this section, you retrieve the necessary storage account information (account name and account key), and create a storage container into which the Terraform state information will be stored.

  1. 在 Azure 入口網站中,選取左側功能表中的 [所有服務] 。In the Azure portal, select All services in the left menu.

  2. 選取 [儲存體帳戶] 。Select Storage accounts.

  3. 在 [儲存體帳戶] 索引標籤中,選取要讓 Terraform 儲存狀態的帳戶名稱。On the Storage accounts tab, select the name of the storage account into which Terraform is to store state. 例如,您可以使用第一次開啟 Cloud Shell 時建立的儲存體帳戶。For example, you can use the storage account created when you opened Cloud Shell the first time. Cloud Shell 建立的儲存體帳戶名稱通常會以 cs 開頭,其後加上由數字和字母組成的隨機字串。The storage account name created by Cloud Shell typically starts with cs followed by a random string of numbers and letters. 請記下您選取的儲存體帳戶名稱,稍後需要用到。Remember the name of the storage account you select, as it is needed later.

  4. 在 [儲存體帳戶] 索引標籤中,選取 [存取金鑰] 。On the storage account tab, select Access keys.

    [儲存體帳戶] 功能表

  5. 請記下 key1金鑰值。Make note of the key1 key value. (選取金鑰右邊的圖示,將值複製到剪貼簿。)(Selecting the icon to the right of the key copies the value to the clipboard.)

    儲存體帳戶存取金鑰

  6. 在 Cloud Shell 中,為您的 Azure 儲存體帳戶建立容器 (使用適用於 Azure 儲存體帳戶的適當值,取代 <YourAzureStorageAccountName> 和 <YourAzureStorageAccountAccessKey> 預留位置中的值)。In Cloud Shell, create a container in your Azure storage account (replace the <YourAzureStorageAccountName> and <YourAzureStorageAccountAccessKey> placeholders with the appropriate values for your Azure storage account).

    az storage container create -n tfstate --account-name <YourAzureStorageAccountName> --account-key <YourAzureStorageAccountKey>
    

建立 Kubernetes 叢集Create the Kubernetes cluster

在本節中,您可了解如何使用 terraform init 命令建立資源,即您在前述小節中建立的組態檔所定義的資源。In this section, you see how to use the terraform init command to create the resources defined the configuration files you created in the previous sections.

  1. 在 Cloud Shell 中初始化 Terraform (使用適用於 Azure 儲存體帳戶的適當值,取代 <YourAzureStorageAccountName> 和 <YourAzureStorageAccountAccessKey> 預留位置中的值)。In Cloud Shell, initialize Terraform (replace the <YourAzureStorageAccountName> and <YourAzureStorageAccountAccessKey> placeholders with the appropriate values for your Azure storage account).

    terraform init -backend-config="storage_account_name=<YourAzureStorageAccountName>" -backend-config="container_name=tfstate" -backend-config="access_key=<YourStorageAccountAccessKey>" -backend-config="key=codelab.microsoft.tfstate" 
    

    terraform init 命令會顯示後端和提供者外掛程式已成功初始化:The terraform init command displays the success of initializing the backend and provider plugin:

    「terraform 初始化」結果範例

  2. 匯出服務主體認證。Export your service principal credentials. 將 <your-client-id> 和 <your-client-secret> 預留位置分別取代為與您服務主體相關聯的應用程式識別碼密碼Replace the <your-client-id> and <your-client-secret> placeholders with the appId and password values associated with your service principal, respectively.

    export TF_VAR_client_id=<your-client-id>
    export TF_VAR_client_secret=<your-client-secret>
    
  3. 執行 terraform plan 命令以建立用來定義基礎結構元素的 Terraform 方案。Run the terraform plan command to create the Terraform plan that defines the infrastructure elements.

    terraform plan -out out.plan
    

    terraform plan 命令可顯示您執行 terraform apply 命令時將會建立的資源:The terraform plan command displays the resources that will be created when you run the terraform apply command:

    「terraform 方案」結果範例

  4. 執行 terraform apply 命令以套用方案,並建立 Kubernetes 叢集。Run the terraform apply command to apply the plan to create the Kubernetes cluster. 建立 Kubernetes 叢集的程序可能需要數分鐘,而這會導致 Cloud Shell 工作階段逾時。如果 Cloud Shell 工作階段逾時,請遵循「從 Cloud Shell 逾時復原」一節中的步驟以完成教學課程。The process to create a Kubernetes cluster can take several minutes, resulting in the Cloud Shell session timing out. If the Cloud Shell session times out, you can follow the steps in the section "Recover from a Cloud Shell timeout" to enable you to complete the tutorial.

    terraform apply out.plan
    

    terraform apply 命令可顯示建立資源 (即組態檔中定義的資源) 的結果:The terraform apply command displays the results of creating the resources defined in your configuration files:

    「terraform 套用」結果範例

  5. 在 Azure 入口網站中,選取左側功能表中的 [所有服務] 以查看針對新 Kuberneteses 叢集建立的資源。In the Azure portal, select All services in the left menu to see the resources created for your new Kubernetes cluster.

    Cloud Shell 提示

從 Cloud Shell 逾時復原Recover from a Cloud Shell timeout

如果 Cloud Shell 工作階段逾時,您可執行下列步驟進行復原:If the Cloud Shell session times out, you can perform the following steps to recover:

  1. 開啟 Cloud Shell 工作階段。Start a Cloud Shell session.

  2. 變更為包含 Terraform 組態檔的目錄。Change to the directory containing your Terraform configuration files.

    cd /clouddrive/terraform-aks-k8s
    
  3. 執行以下命令:Run the following command:

    export KUBECONFIG=./azurek8s
    

測試 Kubernetes 叢集Test the Kubernetes cluster

Kubernetes 工具可用來驗證新建立的叢集。The Kubernetes tools can be used to verify the newly created cluster.

  1. 從 Terraform 狀態取得 Kubernetes 組態,並將其儲存在 kubectl 可讀取的檔案中。Get the Kubernetes configuration from the Terraform state and store it in a file that kubectl can read.

    echo "$(terraform output kube_config)" > ./azurek8s
    
  2. 設定環境變數,以便 kubectl 挑選正確的組態。Set an environment variable so that kubectl picks up the correct config.

    export KUBECONFIG=./azurek8s
    
  3. 驗證叢集的健康情況。Verify the health of the cluster.

    kubectl get nodes
    

    您可查看背景工作角色節點的詳細資料,這些節點應該都處於 [就緒] 狀態,如下圖所示:You should see the details of your worker nodes, and they should all have a status Ready, as shown in the following image:

    kubectl 工具可讓您驗證 Kubernetes 叢集的健康情況

監視健康情況和記錄Monitor health and logs

建立 AKS 叢集時,啟用了監視功能來擷取叢集節點和 pod 的健康狀態計量。When the AKS cluster was created, monitoring was enabled to capture health metrics for both the cluster nodes and pods. 在 Azure 入口網站中可取得這些健康狀態度量。These health metrics are available in the Azure portal. 如需容器健康情況監視的詳細資訊,請參閱監視 Azure Kubernetes Service 健康情況For more information on container health monitoring, see Monitor Azure Kubernetes Service health.

後續步驟Next steps

在本文中,您可了解如何使用 Terraform 和 AKS 建立 Kubernetes 叢集。In this article, you learned how to use Terraform and AKS to create a Kubernetes cluster. 以下有一些額外的資源,可協助您深入了解 Azure 上的 Terraform:Here are some additional resources to help you learn more about Terraform on Azure:

Microsoft.com 中的 Terraform 中樞Terraform Hub in Microsoft.com
Terraform Azure 提供者文件Terraform Azure provider documentation
Terraform Azure 提供者來源Terraform Azure provider source
Terraform Azure 模組Terraform Azure modules