Create a fault-tolerant Managed Kubernetes cluster
Create a fault-tolerant Managed Kubernetes cluster
We recommend create resources in order. If you create all the resources that are described in the configuration file The Terraform creates resources regardless of the order in which they are listed in the file.
- Optional: configure your ISPs.
- Create a private network and subnet.
- Create a cloud router connected to an external network.
- Create a fault-tolerant cluster.
- Create a node group with a network drive.
Configuration files
Example file for configuring providers
terraform {
required_providers {
selectel = {
source = "selectel/selectel"
version = "6.0.0"
}
openstack = {
source = "terraform-provider-openstack/openstack"
version = "2.1.0"
}
}
}
provider "selectel" {
domain_name = "123456"
username = "user"
password = "password"
}
resource "selectel_vpc_project_v2" "project_1" {
name = "project"
}
resource "selectel_iam_serviceuser_v1" "serviceuser_1" {
name = "username"
password = "password"
role {
role_name = "member"
scope = "project"
project_id = selectel_vpc_project_v2.project_1.id
}
}
provider "openstack" {
auth_url = "https://cloud.api.selcloud.ru/identity/v3"
domain_name = "123456"
tenant_id = selectel_vpc_project_v2.project_1.id
user_name = selectel_iam_serviceuser_v1.serviceuser_1.name
password = selectel_iam_serviceuser_v1.serviceuser_1.password
region = "ru-9"
}
Example file for a fault-tolerant cluster with nodes of arbitrary configuration
resource "openstack_networking_network_v2" "network_1" {
name = "private-network"
admin_state_up = "true"
}
resource "openstack_networking_subnet_v2" "subnet_1" {
name = "private-subnet"
network_id = openstack_networking_network_v2.network_1.id
cidr = "192.168.199.0/24"
}
data "openstack_networking_network_v2" "external_network_1" {
external = true
}
resource "openstack_networking_router_v2" "router_1" {
name = "router"
external_network_id = data.openstack_networking_network_v2.external_network_1.id
}
resource "openstack_networking_router_interface_v2" "router_interface_1" {
router_id = openstack_networking_router_v2.router_1.id
subnet_id = openstack_networking_subnet_v2.subnet_1.id
}
data "selectel_mks_kube_versions_v1" "versions" {
project_id = selectel_vpc_project_v2.project_1.id
region = "ru-9"
}
resource "selectel_mks_cluster_v1" "cluster_1" {
name = "high_availability_cluster"
project_id = selectel_vpc_project_v2.project_1.id
region = "ru-9"
kube_version = data.selectel_mks_kube_versions_v1.versions.latest_version
network_id = openstack_networking_network_v2.network_1.id
subnet_id = openstack_networking_subnet_v2.subnet_1.id
maintenance_window_start = "00:00:00"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.cluster_1.id
project_id = selectel_mks_cluster_v1.cluster_1.project_id
region = selectel_mks_cluster_v1.cluster_1.region
availability_zone = "ru-9a"
nodes_count = "2"
cpus = 2
ram_mb = 4096
volume_gb = 32
volume_type = "fast.ru-9a"
labels = {
"label-key0": "label-value0",
"label-key1": "label-value1",
"label-key2": "label-value2",
}
}
Example file for a fault-tolerant cluster with fixed configuration nodes (flavors)
resource "openstack_networking_network_v2" "network_1" {
name = "private-network"
admin_state_up = "true"
}
resource "openstack_networking_subnet_v2" "subnet_1" {
network_id = openstack_networking_network_v2.network_1.id
cidr = "192.168.199.0/24"
}
data "openstack_networking_network_v2" "external_network_1" {
external = true
}
resource "openstack_networking_router_v2" "router_1" {
name = "router"
external_network_id = data.openstack_networking_network_v2.external_network_1.id
}
resource "openstack_networking_router_interface_v2" "router_interface_1" {
router_id = openstack_networking_router_v2.router_1.id
subnet_id = openstack_networking_subnet_v2.subnet_1.id
}
data "selectel_mks_kube_versions_v1" "versions" {
project_id = selectel_vpc_project_v2.project_1.id
region = "ru-9"
}
resource "selectel_mks_cluster_v1" "cluster_1" {
name = "high_availability_cluster"
project_id = selectel_vpc_project_v2.project_1.id
region = "ru-9"
kube_version = data.selectel_mks_kube_versions_v1.versions.latest_version
network_id = openstack_networking_network_v2.network_1.id
subnet_id = openstack_networking_subnet_v2.subnet_1.id
maintenance_window_start = "00:00:00"
}
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.cluster_1.id
project_id = selectel_mks_cluster_v1.cluster_1.project_id
region = selectel_mks_cluster_v1.cluster_1.region
availability_zone = "ru-9a"
nodes_count = "2"
flavor_id = "1011"
volume_gb = 32
volume_type = "fast.ru-9a"
labels = {
"label-key0": "label-value0",
"label-key1": "label-value1",
"label-key2": "label-value2",
}
}
optional: configure providers
If you're set up the ISPs Selectel and OpenStack, skip this step.
-
Make sure that in the control panel you created a service user with the Account Administrator and User Administrator roles.
-
Create a directory to store the configuration files and a separate file with the extension
.tfto configure the ISPs. -
Add Selectel and OpenStack providers to the file to configure the providers:
terraform {
required_providers {
selectel = {
source = "selectel/selectel"
version = "6.0.0"
}
openstack = {
source = "terraform-provider-openstack/openstack"
version = "2.1.0"
}
}
}Here
version— версии провайдеров. Актуальную версию можно посмотреть в документации Selectel (в Terraform Registry и GitHub) и OpenStack (в Terraform Registry и GitHub).Подробнее о продуктах, услугах и сервисах, которыми можно управлять с помощью провайдеров, в инструкции Провайдеры Selectel и OpenStack.
-
Инициализируйте провайдер Selectel:
provider "selectel" {
domain_name = "123456"
username = "user"
password = "password"
}Здесь:
domain_name— номер аккаунта Selectel. Можно посмотреть в панели управления в правом верхнем углу;username— имя сервисного пользователя с ролями Администратор аккаунта и Администратор пользователей. Можно посмотреть в панели управления: раздел Управление доступом → Управление пользователями → вкладка Сервисные пользователи (раздел доступен только Владельцу аккаунта и Администратору пользователей);password— пароль сервисного пользователя. Можно посмотреть при создании пользователя или изменить на новый.
-
Создайте проект:
resource "selectel_vpc_project_v2" "project_1" {
name = "project"
}Посмотрите подробное описание ресурса selectel_vpc_project_v2.
-
Создайте сервисного пользователя для доступа к проекту и назначьте ему роль Администратор проекта:
resource "selectel_iam_serviceuser_v1" "serviceuser_1" {
name = "username"
password = "password"
role {
role_name = "member"
scope = "project"
project_id = selectel_vpc_project_v2.project_1.id
}
}Здесь:
username— имя пользователя;password— пароль пользователя. Пароль должен быть не короче восьми символов и содержать латинские буквы разных регистров и цифры;project_id— ID проекта. Можно посмотреть в панели управления: раздел Облачная платформа → откройте меню проектов (название текущего проекта) → в строке нужного проекта нажмите .
Посмотрите подробное описание ресурс�а selectel_iam_serviceuser_v1.
-
Инициализируйте провайдер OpenStack:
provider "openstack" {
auth_url = "https://cloud.api.selcloud.ru/identity/v3"
domain_name = "123456"
tenant_id = selectel_vpc_project_v2.project_1.id
user_name = selectel_iam_serviceuser_v1.serviceuser_1.name
password = selectel_iam_serviceuser_v1.serviceuser_1.password
region = "ru-9"
}Здесь:
domain_name— номер аккаунта Selectel. Можно посмотреть в панели управления в правом верхнем углу;region— пул, напримерru-9. Все ресурсы будут создаваться в этом пуле. Список доступных пулов можно посмотреть в инструкции Матрицы доступности.
-
Если одновременно с настройкой провайдеров вы создаете ресурсы, то для ресурсов OpenStack добавьте аргумент
depends_on. Например, для ресурса openstack_networking_network_v2:resource "openstack_networking_network_v2" "network_1" {
name = "private-network"
admin_state_up = "true"
depends_on = [
selectel_vpc_project_v2.project_1,
selectel_iam_serviceuser_v1.serviceuser_1
]
} -
Опционально: если вы хотите использовать зеркало, создайте отдельный конфигурационный файл Terraform CLI и добавьте в него блок:
provider_installation {
network_mirror {
url = "https://tf-proxy.selectel.ru/mirror/v1/"
include = ["registry.terraform.io/*/*"]
}
direct {
exclude = ["registry.terraform.io/*/*"]
}
}Подробнее о настройках зеркал в инструкции CLI Configuration File документации HashiCorp.
-
Откройте CLI.
-
Инициализируйте конфигурацию Terraform в директории:
terraform init -
Проверьте, что конфигурационные файлы составлены без ошибок:
terraform validate -
Отформатируйте конфигурационные файлы:
terraform fmt -
Проверьте, какие ресурсы будут созданы:
terraform plan -
Примените изменения и создайте ресурсы:
terraform apply -
Подтвердите создание — введите yes и нажмите Enter. Созданные ресурсы отобразятся в панели управления.
-
Если для создания ресурсов оказалось недостаточно квот, увеличьте квоты.
Create a private network and subnet
resource "openstack_networking_network_v2" "network_1" {
name = "private-network"
admin_state_up = "true"
}
resource "openstack_networking_subnet_v2" "subnet_1" {
name = "private-subnet"
network_id = openstack_networking_network_v2.network_1.id
cidr = "192.168.199.0/24"
dns_nameservers = ["188.93.16.19", "188.93.17.19"]
enable_dhcp = false
}
Here:
cidr— CIDR of a private subnet, e.g.192.168.199.0/24;dns_nameservers— DNS servers, such as DNS Selectel188.93.16.19and188.93.17.19.
See a detailed description of the resources:
Create a cloud router connected to an external network
A cloud router connected to an external network acts as a 1:1 NAT for access from a private network to the Internet through the public IP address of the router.
data "openstack_networking_network_v2" "external_network_1" {
external = true
}
resource "openstack_networking_router_v2" "router_1" {
name = "router"
external_network_id = data.openstack_networking_network_v2.external_network_1.id
}
resource "openstack_networking_router_interface_v2" "router_interface_1" {
router_id = openstack_networking_router_v2.router_1.id
subnet_id = openstack_networking_subnet_v2.subnet_1.id
}
See a detailed description of the resources:
- openstack_networking_network_v2;
- openstack_networking_router_v2;
- openstack_networking_router_interface_v2.
Create a fault-tolerant cluster
data "selectel_mks_kube_versions_v1" "versions" {
project_id = selectel_vpc_project_v2.project_1.id
region = "ru-9"
}
resource "selectel_mks_cluster_v1" "cluster_1" {
name = "high_availability_cluster"
project_id = selectel_vpc_project_v2.project_1.id
region = "ru-9"
kube_version = data.selectel_mks_kube_versions_v1.versions.latest_version
network_id = openstack_networking_network_v2.network_1.id
subnet_id = openstack_networking_subnet_v2.subnet_1.id
maintenance_window_start = "00:00:00"
}
Here. region — pool in which the cluster will be created, e.g. ru-9.
Check out the detailed description of the resource selectel_mks_cluster_v1.
Create a node group with a network disk
Fixed configurations
Arbitrary configuration
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.cluster_1.id
project_id = selectel_mks_cluster_v1.cluster_1.project_id
region = selectel_mks_cluster_v1.cluster_1.region
availability_zone = "ru-9a"
nodes_count = "2"
flavor_id = "1011"
volume_gb = 32
volume_type = "fast.ru-9a"
labels = {
"label-key0": "label-value0",
"label-key1": "label-value1",
"label-key2": "label-value2",
}
}
Here:
availability_zone— pool segment where the group of nodes will be located, e.g.ru-9a;nodes_count— number of working nodes in the node group. The maximum number of nodes is 15;flavor_id— Flavor ID. The flavors correspond to cloud server configurations and determine the number of vCPUs, RAM, and local disk size (optional) of the node. For example,3031— Flavor to create a node with GPU Line configuration with 4 vCPUs, 32 GB RAM. You can see the list of flavors in a specific pool in the Openstack CLI;volume_gb— the disk size in GB. If the disk size is specified in the configuration you selected in the argumentflavor_idthen the argumentvolume_gbyou don't have to specify;volume_type— disk type in format<type>.<pool_segment>for examplebasic.ru-9a:<type>—basic,universalorfast;<pool_segment>— pool segment where the network drive will be created, e.g.ru-9a.
Check out the detailed description of the resource selectel_mks_nodegroup_v1.
resource "selectel_mks_nodegroup_v1" "nodegroup_1" {
cluster_id = selectel_mks_cluster_v1.cluster_1.id
project_id = selectel_mks_cluster_v1.cluster_1.project_id
region = selectel_mks_cluster_v1.cluster_1.region
availability_zone = "ru-9a"
nodes_count = "2"
cpus = 2
ram_mb = 4096
volume_gb = 32
volume_type = "fast.ru-9a"
labels = {
"label-key0": "label-value0",
"label-key1": "label-value1",
"label-key2": "label-value2",
}
}
Here:
availability_zone— pool segment where the node group will be located, e.g.ru-9a;nodes_count— number of working nodes in the node group. The maximum number of nodes is 15;cpus— number of vCPUs for each node;ram_mb— the amount of RAM for each node in MB;volume_gb— disk size in GB;volume_type— disk type in format<type>.<pool_segment>for examplebasic.ru-9a:<type>—basic,universalorfast;<pool_segment>— pool segment where the network drive will be created, e.g.ru-9a.
Check out the detailed description of the resource selectel_mks_nodegroup_v1.