» alicloud_cs_kubernetes

This resource will help you to manager a Kubernetes Cluster. The cluster is same as container service created by web console.

NOTE: Kubernetes cluster only supports VPC network and it can access internet while creating kubernetes cluster. A Nat Gateway and configuring a SNAT for it can ensure one VPC network access internet. If there is no nat gateway in the VPC, you can set new_nat_gateway to "true" to create one automatically.

NOTE: If there is no specified vswitch_ids, the resource will create a new VPC and VSwitch while creating kubernetes cluster.

NOTE: Each kubernetes cluster contains 3 master nodes and those number cannot be changed at now.

NOTE: Creating kubernetes cluster need to install several packages and it will cost about 15 minutes. Please be patient.

NOTE: From version 1.9.4, the provider supports to download kube config, client certificate, client key and cluster ca certificate after creating cluster successfully, and you can put them into the specified location, like '~/.kube/config'.

NOTE: From version 1.16.0, the provider supports Multiple Availability Zones Kubernetes Cluster. To create a cluster of this kind, you must specify three items in vswitch_ids, master_instance_types and worker_instance_types.

NOTE: From version 1.20.0, the provider supports disabling internet load balancer for API Server by setting false to slb_internet_enabled.

NOTE: If you want to manage Kubernetes, you can use Kubernetes Provider.

NOTE: You need to activate several other products and confirm Authorization Policy used by Container Service before using this resource. Please refer to the Authorization management and Cluster management sections in the Document Center.

» Example Usage

Single AZ Kubernetes Cluster

data "alicloud_zones" "default" {
  "available_resource_creation"= "VSwitch"
}

resource "alicloud_cs_kubernetes" "main" {
  name_prefix = "my-first-k8s"
  availability_zone = "${data.alicloud_zones.default.zones.0.id}"
  new_nat_gateway = true
  master_instance_types = ["ecs.n4.small"]
  worker_instance_types = ["ecs.n4.small"]
  worker_numbers = [3]
  password = "Yourpassword1234"
  pod_cidr = "192.168.1.0/16"
  service_cidr = "192.168.2.0/24"
  enable_ssh = true
  install_cloud_monitor = true
}

Three AZ Kubernetes Cluster

variable "name" {
    default = "my-first-3az-k8s"
}

data "alicloud_zones" main {
  available_resource_creation = "VSwitch"
}

data "alicloud_instance_types" "instance_types_1_master" {
    availability_zone = "${data.alicloud_zones.main.zones.0.id}"
    cpu_core_count = 2
    memory_size = 4
    kubernetes_node_role = "Master"
}
data "alicloud_instance_types" "instance_types_2_master" {
    availability_zone = "${lookup(data.alicloud_zones.main.zones[(length(data.alicloud_zones.main.zones)-1)%length(data.alicloud_zones.main.zones)], "id")}"
    cpu_core_count = 2
    memory_size = 4
    kubernetes_node_role = "Master"
}
data "alicloud_instance_types" "instance_types_3_master" {
    availability_zone = "${lookup(data.alicloud_zones.main.zones[(length(data.alicloud_zones.main.zones)-2)%length(data.alicloud_zones.main.zones)], "id")}"
    cpu_core_count = 2
    memory_size = 4
    kubernetes_node_role = "Master"
}

data "alicloud_instance_types" "instance_types_1_worker" {
    availability_zone = "${data.alicloud_zones.main.zones.0.id}"
    cpu_core_count = 2
    memory_size = 4
    kubernetes_node_role = "Worker"
}
data "alicloud_instance_types" "instance_types_2_worker" {
    availability_zone = "${lookup(data.alicloud_zones.main.zones[(length(data.alicloud_zones.main.zones)-1)%length(data.alicloud_zones.main.zones)], "id")}"
    cpu_core_count = 2
    memory_size = 4
    kubernetes_node_role = "Worker"
}
data "alicloud_instance_types" "instance_types_3_worker" {
    availability_zone = "${lookup(data.alicloud_zones.main.zones[(length(data.alicloud_zones.main.zones)-2)%length(data.alicloud_zones.main.zones)], "id")}"
    cpu_core_count = 2
    memory_size = 4
    kubernetes_node_role = "Worker"
}
resource "alicloud_vpc" "foo" {
  name = "${var.name}"
  cidr_block = "10.1.0.0/21"
}

resource "alicloud_vswitch" "vsw1" {
  name = "${var.name}"
  vpc_id = "${alicloud_vpc.foo.id}"
  cidr_block = "10.1.1.0/24"
  availability_zone = "${data.alicloud_zones.main.zones.0.id}"
}

resource "alicloud_vswitch" "vsw2" {
  name = "${var.name}"
  vpc_id = "${alicloud_vpc.foo.id}"
  cidr_block = "10.1.2.0/24"
  availability_zone = "${lookup(data.alicloud_zones.main.zones[(length(data.alicloud_zones.main.zones)-1)%length(data.alicloud_zones.main.zones)], "id")}"
}

resource "alicloud_vswitch" "vsw3" {
  name = "${var.name}"
  vpc_id = "${alicloud_vpc.foo.id}"
  cidr_block = "10.1.3.0/24"
  availability_zone = "${lookup(data.alicloud_zones.main.zones[(length(data.alicloud_zones.main.zones)-2)%length(data.alicloud_zones.main.zones)], "id")}"
}

resource "alicloud_nat_gateway" "nat_gateway" {
  name = "${var.name}"
  vpc_id = "${alicloud_vpc.foo.id}"
  specification = "Small"
}

resource "alicloud_snat_entry" "snat_entry_1" {
  snat_table_id     = "${alicloud_nat_gateway.nat_gateway.snat_table_ids}"
  source_vswitch_id = "${alicloud_vswitch.vsw1.id}"
  snat_ip           = "${alicloud_eip.eip.ip_address}"
}

resource "alicloud_snat_entry" "snat_entry_2" {
  snat_table_id     = "${alicloud_nat_gateway.nat_gateway.snat_table_ids}"
  source_vswitch_id = "${alicloud_vswitch.vsw2.id}"
  snat_ip           = "${alicloud_eip.eip.ip_address}"
}

resource "alicloud_snat_entry" "snat_entry_3" {
  snat_table_id     = "${alicloud_nat_gateway.nat_gateway.snat_table_ids}"
  source_vswitch_id = "${alicloud_vswitch.vsw3.id}"
  snat_ip           = "${alicloud_eip.eip.ip_address}"
}

resource "alicloud_eip" "eip" {
  name = "${var.name}"
  bandwidth = "100"
}

resource "alicloud_eip_association" "eip_asso" {
  allocation_id = "${alicloud_eip.eip.id}"
  instance_id   = "${alicloud_nat_gateway.nat_gateway.id}"
}

resource "alicloud_cs_kubernetes" "k8s" {
  name = "${var.name}"
  vswitch_ids = ["${alicloud_vswitch.vsw1.id}", "${alicloud_vswitch.vsw2.id}", "${alicloud_vswitch.vsw3.id}"]
  new_nat_gateway = true
  master_instance_types = ["${data.alicloud_instance_types.instance_types_1_master.instance_types.0.id}", "${data.alicloud_instance_types.instance_types_2_master.instance_types.0.id}", "${data.alicloud_instance_types.instance_types_3_master.instance_types.0.id}"]
  worker_instance_types = ["${data.alicloud_instance_types.instance_types_1_worker.instance_types.0.id}", "${data.alicloud_instance_types.instance_types_2_worker.instance_types.0.id}", "${data.alicloud_instance_types.instance_types_3_worker.instance_types.0.id}"]
  worker_numbers = [1, 2, 3]
  master_disk_category  = "cloud_ssd"
  worker_disk_size = 50
  worker_data_disk_category  = "cloud_ssd"
  worker_data_disk_size = 50
  password = "Yourpassword1234"
  pod_cidr = "192.168.1.0/16"
  service_cidr = "192.168.2.0/24"
  enable_ssh = true
  slb_internet_enabled = true
  node_cidr_mask = 25
  install_cloud_monitor = true
}

» Argument Reference

The following arguments are supported:

name - The kubernetes cluster's name. It is the only in one Alicloud account.
name_prefix - The kubernetes cluster name's prefix. It is conflict with name. If it is specified, terraform will using it to build the only cluster name. Default to "Terraform-Creation".
availability_zone - (ForceNew) The Zone where new kubernetes cluster will be located. If it is not be specified, the value will be vswitch's zone.
vswitch_id - (Deprecated from version 1.16.0)(Force new resource) The vswitch where new kubernetes cluster will be located. If it is not specified, a new VPC and VSwicth will be built. It must be in the zone which availability_zone specified.
vswitch_ids - (ForceNew) The vswitch where new kubernetes cluster will be located. For SingleAZ Cluster, if it is not specified, a new VPC and VSwicth will be built. It must be in the zone which availability_zone specified. For MultiAZ Cluster, you must create three vswitches firstly, specify them here.
new_nat_gateway - (ForceNew) Whether to create a new nat gateway while creating kubernetes cluster. Default to true.
master_instance_type - (Deprecated from version 1.16.0)(Required, Force new resource) The instance type of master node.
master_instance_types - (Required, ForceNew) The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster. You can get the available kubetnetes master node instance types by datasource instance_types
worker_instance_type - (Deprecated from version 1.16.0)(Required, Force new resource) The instance type of worker node.
worker_instance_types - (Required, ForceNew) The instance type of worker node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster. You can get the available kubetnetes master node instance types by datasource instance_types
worker_number - The worker node number of the kubernetes cluster. Default to 3. It is limited up to 50 and if you want to enlarge it, please apply white list or contact with us.
password - (Required, ForceNew) The password of ssh login cluster node. You have to specify one of password and key_name fields.
key_name - (Required, ForceNew) The keypair of ssh login cluster node, you have to create it first.
user_ca - (Optional, ForceNew) The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
cluster_network_type - (Required, ForceNew) The network that cluster uses, use flannel or terway.
pod_cidr - (Required, ForceNew) The CIDR block for the pod network. It will be allocated automatically when vswitch_ids is not specified. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation. Maximum number of hosts allowed in the cluster: 256. Refer to Plan Kubernetes CIDR blocks under VPC.
service_cidr - (Required, ForceNew) The CIDR block for the service network. It will be allocated automatically when vswitch_id is not specified. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
master_instance_charge_type - (Optional, ForceNew) Master payment type. PrePaid or PostPaid, defaults to PostPaid.
master_period_unit - (Optional) Master payment period unit. Month or Week, defaults to Month.
master_period - (Optional) Master payment period. When period unit is Month, it can be one of { “1”, “2”, “3”, “4”, “5”, “6”, “7”, “8”, “9”, “12”, “24”, “36”,”48”,”60”}. When period unit is Week, it can be one of {“1”, “2”, “3”, “4”}.
master_auto_renew - (Optional) Enable master payment auto-renew, defaults to false.
master_auto_renew_period - (Optional) Master payment auto-renew period. When period unit is Month, it can be one of {“1”, “2”, “3”, “6”, “12”}. When period unit is Week, it can be one of {“1”, “2”, “3”}.
worker_instance_charge_type - (Optional, Force new resource) Worker payment type. PrePaid or PostPaid, defaults to PostPaid.
worker_period_unit - (Optional) Worker payment period unit. Month or Week, defaults to Month.
worker_period - (Optional) Worker payment period. When period unit is Month, it can be one of { “1”, “2”, “3”, “4”, “5”, “6”, “7”, “8”, “9”, “12”, “24”, “36”,”48”,”60”}. When period unit is Week, it can be one of {“1”, “2”, “3”, “4”}.
worker_auto_renew - (Optional) Enable worker payment auto-renew, defaults to false.
worker_auto_renew_period - (Optional) Worker payment auto-renew period. When period unit is Month, it can be one of {“1”, “2”, “3”, “6”, “12”}. When period unit is Week, it can be one of {“1”, “2”, “3”}.
node_cidr_mask - (Optional, Force new resource) The network mask used on pods for each node, ranging from 24 to 28. Larger this number is, less pods can be allocated on each node. Default value is 24, means you can allocate 256 pods on each node.
log_config - (Optional, ForceNew) A list of one element containing information about the associated log store. It contains the following attributes:
- type - Type of collecting logs, only SLS are supported currently.
- project - Log Service project name, cluster logs will output to this project.
enable_ssh - (ForceNew) Whether to allow to SSH login kubernetes. Default to false.
slb_internet_enabled - (ForceNew) Whether to create internet load balancer for API Server. Default to true.
master_disk_category - (ForceNew) The system disk category of master node. Its valid value are cloud_ssd and cloud_efficiency. Default to cloud_efficiency.
master_disk_size - (ForceNew) The system disk size of master node. Its valid value range [20~32768] in GB. Default to 20.
worker_disk_category - (ForceNew) The system disk category of worker node. Its valid value are cloud_ssd and cloud_efficiency. Default to cloud_efficiency.
worker_disk_size - (ForceNew) The system disk size of worker node. Its valid value range [20~32768] in GB. Default to 20.
worker_data_disk_size - (ForceNew) The data disk size of worker node. Its valid value range [20~32768] in GB. When worker_data_disk_category is presented, it defaults to 40.
worker_data_disk_category - (ForceNew) The data disk category of worker node. Its valid value are cloud_ssd and cloud_efficiency, if not set, data disk will not be created.
install_cloud_monitor - (ForceNew) Whether to install cloud monitor for the kubernetes' node.
is_outdated - (Optional) Whether to use outdated instance type. Default to false.
kube_config - (Optional) The path of kube config, like ~/.kube/config.
client_cert - (Optional) The path of client certificate, like ~/.kube/client-cert.pem.
client_key - (Optional) The path of client key, like ~/.kube/client-key.pem.
cluster_ca_cert - (Optional) The path of cluster ca certificate, like ~/.kube/cluster-ca-cert.pem

» Attributes Reference

The following attributes are exported:

id - The ID of the container cluster.
name - The name of the container cluster.
availability_zone - The ID of availability zone.
key_name - The keypair of ssh login cluster node, you have to create it first.
worker_number - (Deprecated from version 1.16.0) The ECS instance node number in the current container cluster.
worker_numbers - The ECS instance node number in the current container cluster.
vswitch_id - (Deprecated from version 1.16.0) The ID of VSwitch where the current cluster is located.
vswitch_ids - The ID of VSwitches where the current cluster is located.
vpc_id - The ID of VPC where the current cluster is located.
slb_id - (Deprecated from version 1.9.2).
slb_internet_enabled - Whether internet load balancer for API Server is created
slb_internet - The ID of public load balancer where the current cluster master node is located.
slb_intranet - The ID of private load balancer where the current cluster master node is located.
security_group_id - The ID of security group where the current cluster worker node is located.
image_id - The ID of node image.
nat_gateway_id - The ID of nat gateway used to launch kubernetes cluster.
master_instance_type - (Deprecated from version 1.16.0) The instance type of master node.
master_instance_types - The instance type of master node.
worker_instance_type - (Deprecated from version 1.16.0)The instance type of worker node.
worker_instance_types - The instance type of worker node.
master_disk_category - The system disk category of master node.
master_disk_size - The system disk size of master node.
worker_disk_category - The system disk category of worker node.
worker_disk_size - The system disk size of worker node.
worker_data_disk_category - The data disk size of worker node.
worker_data_disk_size - The data disk category of worker node.
nodes - (Deprecated from version 1.9.4) It has been deprecated from provider version 1.9.4. New field master_nodes and worker_nodes replace it.
master_nodes - List of cluster master nodes. It contains several attributes to Block Nodes.
worker_nodes - List of cluster worker nodes. It contains several attributes to Block Nodes.
connections - Map of kubernetes cluster connection information. It contains several attributes to Block Connections.
node_cidr_mask - The network mask used on pods for each node.
log_config - A list of one element containing information about the associated log store. It contains the following attributes:
- type - Type of collecting logs.
- project - Log Service project name.

» Block Nodes

id - ID of the node.
name - Node name.
private_ip - The private IP address of node.
role - (Deprecated from version 1.9.4)

» Block Connections

api_server_internet - API Server Internet endpoint.
api_server_intranet - API Server Intranet endpoint.
master_public_ip - Master node SSH IP address.
service_domain - Service Access Domain.

» Import

Kubernetes cluster can be imported using the id, e.g.

$ terraform import alicloud_cs_kubernetes.main ce4273f9156874b46bb