Glue terraform ecology to kubernetes world

background

With the expansion of the product landscape of major cloud manufacturers , Basic computing facilities , Middleware services , big data /AI service , Application operation and maintenance management services can be directly used by enterprises and developers . We have noticed that many enterprises build their own enterprise infrastructure based on the services of different cloud manufacturers . In order to be more efficient , Unified management of cloud services ,IaC Thoughts have prevailed in recent years , among Terrafrom It has been successfully adopted and supported by almost all cloud manufacturers . With Terrafrom Cloud services with model as the core IaC Ecology has formed . However, in Kubernetes Today's popularity ,IaC Be crowned with a broader imagination ,Terraform IaC If capabilities and ecological achievements are integrated Kubernetes The world , We think this is a combination of strong and strong .

Reason 1 ： Build a unified enterprise hybrid cloud PaaS platform

At present, most enterprises are based on Kubernetes Services to build PaaS Platform or infrastructure management platform , Unified integration of cloud and self built infrastructure . But in addition to providing infrastructure , Various middleware , Big data services ,AI service , Application observability is also a key product provided by cloud manufacturers . Enterprise platforms need the ability to create and destroy more cloud services , At this time Terraform Will enter the vision of platform builders , Then they need to be in Kubernetes Do you want to do another docking development besides ？ And at the same time, we need to consider continuous release ,GitOps, Gray release and other requirements . Obviously, if you directly be based on Kubernetes Docking is a better option .

Reason 2 ： Build... For developers Serverless Experience

The essence or goal of cloud computing is Serverless turn , However, self built infrastructure is always limited , Seamless access to cloud services can be enabled “ Almost infinite ” The resource pool of . At the same time, developers are building business applications , In addition to the Serverless Directly complete the deployment of business services on the platform , You also need to get information directly, such as message oriented middleware , Database and other services . More enterprises will adopt the scheme of docking with cloud manufacturers , The operation and maintenance management cost is lower . But for developers , It's better to be transparent , coincident .

Reason three ： More thoroughly IaC Ability

Everything serves , We need a unified model to describe cloud resources 、 Self built infrastructure and various enterprise applications .Terraform and Kubernetes It can be integrated and unified into developer oriented IaC standard . The benefit is that it can manage cloud resources and rich operation and maintenance capabilities of container ecosystem at the same time , And unified arrangement for complex applications .

Reason 4 ：Terraform The open source version works in client mode , Not like Kubernetes Maintain the final state as before .

Terraform Open source distributions work only in client mode , That is, the user cannot maintain the service state after one delivery , And if the delivery fails due to network failure, you need to retry manually .Kubernetes It brings end state oriented IaC thought , Maintain the state of the target resource through the controller mode , This further improves Terraform The advantages of tools at the automation level .

KubeVela It is a modern software delivery control plane , Provide unified for developers API abstract , Make developers use the same IaC To deliver common applications and cloud services at the same time .KubeVela Direct downward support Terraform Of API and Kubernetes API, All can be reused without modification Terraform Modules and all Kubernetes object . adopt KubeVela You can simply realize the appeal in three aspects . We also see another mode Crossplane project , By defining Kubernetes Native CRD In the form of docking cloud services , Make its experience more original ,KubeVela It also naturally supports Crossplane API.

Next, let's go through two parts , Let's take a closer look KubeVela How to apply Terraform To provide users with a unified IaC Experienced .

• Part.1 Will introduce how to Terraform And KubeVela Adhesion , It takes some Terraform and KubeVela Basic knowledge of .
• Part.2 Will introduce KubeVela A practical case of delivering cloud services , Include ：
• • 1） adopt KubeVela Provide a public network IP Of Cloud ECS example ;
  • 2） Use ECS Instance as tunnel server , Provide public access to any container service in the Intranet environment .

take Terraform Modules are transformed into KubeVela Components

Get ready Terraform Module

If you already have a well tested Terraform modular , Then you can skip this step .

Before we start , Please make sure you have ：

• install  Terraform CLI [ 1 ]
• Prepare a cloud service account （AK/SK）, The use case of this article uses Alibaba cloud .
• Learn to use Terraform Basic knowledge of . 

This is what I used for this demonstration  Terraform modular  [ 2]

1. download Terraform modular .

git clone https://github.com/wonderflow/terraform-alicloud-ecs-instance.git
cd terraform-alicloud-ecs-instance

1. Initialize and download the latest stable version of Alibaba cloud Provider.

terraform init

1. Configure Alibaba cloud authorized account information .

export ALICLOUD_ACCESS_KEY="your-accesskey-id"
export ALICLOUD_SECRET_KEY="your-accesskey-secret"
export ALICLOUD_REGION="your-region-id"

You can also create provider.tf File to configure account information .

provider "alicloud" {
    access_key  = "your-accesskey-id"
    secret_key   = "your-accesskey-secret"
    region           = "cn-hangzhou"
}

1. Test whether the resource creation is normal .

terraform apply -var-file=test/test.tfvars

1. Destroy all created resources after the test is normal .

terraform destroy  -var-file=test/test.tfvars

At this point, you can also push this module to your own code warehouse as needed .

conversion Terrafrom Module as KubeVela Extension component type

This step is the core , Before we start , Please make sure you have installed Kubevela Control plane  [ 3] , If you don't Kubernetes Clusters don't have to worry , Pass during the quick demonstration VelaD One click installation is enough .

We will use the one we just prepared Terraform Module to perform the following actions .

1. Generate KubeVela Component definition .

vela def init ecs --type component --provider alibaba --desc "Terraform configuration for Alibaba Cloud Elastic Compute Service" --git https://github.com/wonderflow/terraform-alicloud-ecs-instance.git > alibaba-ecs-def.yaml
vela kube apply -f alibaba-ecs-def.yaml

If you have customized Module , Please use your own code warehouse address directly .

By this point, you have successfully ECS Add module as KubeVela Type of extension component , You can... From here  [ 4]  Learn more about .Vela Developers on the platform can start using this type of component directly . You can use the following command to check the automatically generated component usage document ：

vela show alibaba-ecs
# OR
vela show alibaba-ecs --web

Is it very simple ？KubeVela Yes Terraform There is a complete tool chain , But you don't have to worry about the need for all Terraform The module repeats the operation , Because the community has provided users with plug-ins out of the box , You only need to install the plug-ins of the corresponding cloud manufacturers to obtain the converted components . Next, let's use this ability to experiment with some interesting scenarios .

Expose local container applications to the public network using cloud services

In this part , We will introduce a solution , You can use a specific port to send any Kubernetes Open service . The solution consists of ：

1. KubeVela Environmental Science , If you are in 1 Some of them have practiced , You already have .
2. Alibaba cloud ECS,KubeVela Will pass Access Key Automatically create a tiny ECS(1u1g).
3. FRP [ 5] ,KubeVela This agent will be started on the server side and on the client side .

Get ready KubeVela Environmental Science

• install KubeVela

curl -fsSl https://static.kubevela.net/script/install-velad.sh | bash
velad install

To view the document 1 [ 6]  To learn more about installation details .

• Enable Terraform Addon and Alibaba Provider

vela addon enable terraform
vela addon enable terraform-alibaba

• Add authorization information

vela provider add terraform-alibaba --ALICLOUD_ACCESS_KEY <"your-accesskey-id"> --ALICLOUD_SECRET_KEY "your-accesskey-secret" --ALICLOUD_REGION <your-region> --name terraform-alibaba-default

To view the document 2 [ 7]  For more details about other clouds .

Deploy with public network IP Address of the ECS Instance and start FRP service

cat <<EOF | vela up -f -
# YAML begins
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: ecs-demo
spec:
  components:
    - name: ecs-demo
      type: alibaba-ecs
      properties:
        providerRef:
          name: terraform-alibaba-default
        writeConnectionSecretToRef:
          name: outputs-ecs          
        name: "test-terraform-vela-123"
        instance_type: "ecs.n1.tiny"
        host_name: "test-terraform-vela"
        password: "Test-123456!"
        internet_max_bandwidth_out: "10"
        associate_public_ip_address: "true"
        instance_charge_type: "PostPaid"
        user_data_url: "https://raw.githubusercontent.com/wonderflow/terraform-alicloud-ecs-instance/master/frp.sh"
        ports:
        - 8080
        - 8081
        - 8082
        - 8083
        - 9090
        - 9091
        - 9092
        tags:
          created_by: "Terraform-of-KubeVela"
          created_from: "module-tf-alicloud-ecs-instance"
# YAML ends
EOF

This application definition will deploy a public network IP Address of the ECS example .

You can learn more about each field description through the following commands ：

vela show alibaba-ecs

After executing the above deployment command , You can view the application deployment status in the following ways ：

vela status ecs-demo
vela logs ecs-demo

After the application deployment is completed, you can get IP Address ：

$ kubectl get secret outputs-ecs --template={
  {.data.this_public_ip}} | base64 --decode
["121.196.106.174"]

You can go through IP:9091   Address access to FRP Service management page , The initial account password is ：admin:vela123  So far we're done ECS Deployment of services .

Use FRP service

FRP The use of the client is very simple , We can provide public services for any service in the cluster IP.

1. Separate deployment FRP-Proxy.

cat <<EOF | vela up -f -
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: frp-proxy
spec:
  components:
    - name: frp-proxy
      type: worker
      properties:
        image: oamdev/frpc:0.43.0
        env:
          - name: server_addr
            value: "121.196.106.174"
          - name: server_port
            value: "9090"
          - name: local_port
            value: "80"
          - name: connect_name
            value: "velaux-service"
          - name: local_ip
            value: "velaux.vela-system"
          - name: remote_port
            value: "8083"
EOF

under these circumstances , We go through  velaux.vela-system Appoint local_ip, This means that we are accessing namespaces vela-system Middle name is velaux Of Kubernetes service . You can use the public network IP:8083 To access the service .

1. Deploy agents and common applications .

cat <<EOF | vela up -f -
# YAML begins
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: composed-app
spec:
  components:
    - name: web-new
      type: webservice
      properties:
        image: oamdev/hello-world:v2
        ports:
          - port: 8000
            expose: true
    - name: frp-web
      type: worker
      properties:
        image: oamdev/frpc:0.43.0
        env:
          - name: server_addr
            value: "121.196.106.174"
          - name: server_port
            value: "9090"
          - name: local_port
            value: "8000"
          - name: connect_name
            value: "composed-app"
          - name: local_ip
            value: "web-new.default"
          - name: remote_port
            value: "8082"
EOF

After such deployment, you can use the public network IP:8082 To access the service . There is another way to play FRP-Proxy Defined as Trait, Directly mount to the components that need to expose Services , In this way, I hope you can read KubeVela To explore and realize .

Clean up the environment

Use the following command to complete the cleaning action of the application created during the test ：

vela delete composed-app -y
vela delete frp-proxy -y
vela delete ecs-demo -y

Cloud service components will also be destroyed as applications are deleted .

Here we describe it through a specific use case KubeVela How to complete the unified description and delivery of cloud services and common applications , I hope you have mastered and tried to diversify in your own environment . Through this case, you should also have a general understanding KubeVela combination Terraform The final effect of . More about KubeVela How to play , By reading KubeVela Access to official documents .

Reference link ：

[1] Terraform CLI**

https://www.terraform.io/down...

[2] Terraform modular

https://github.com/wonderflow...

[3] Installed Kubevela Control plane

https://kubevela.net/docs/ins...

[4] here

https://kubevela.net/docs/pla...

[5] FRP

https://github.com/fatedier/frp

[6] file 1

https://kubevela.net/docs/ins...

[7] file 2

https://kubevela.net/docs/ref...