IaC Terraform provision(五) - 讓terraform與helm結合 - iT 邦幫忙::一起幫忙解決難題，拯救 IT 人的一天

2022 iThome 鐵人賽

DAY 7

DevOps

從零開始的Kubernetes轉換系列第 7 篇

IaC Terraform provision(五) - 讓terraform與helm結合

14th鐵人賽

百九

團隊光明頂

2022-09-21 18:14:04

1788 瀏覽

分享至

昨天我們用terraform 建立了private GKE cluster, 今天我們要來用helm來這個建立好的GKE cluster上面開啟一些service, terraform 也有support helm的register。我們可以透過terraform helm registry來對我們的private kubernetes操作

首先我們需要在prvider中提供helm GKE access的information

provider "helm" {
  kubernetes {
    host                   = "https://${module.gke-private.endpoint}"
    token                  = data.google_client_config.default.access_token
    cluster_ca_certificate = base64decode(module.gke-private.ca_certificate)
  }
}

接下來可以寫入helm.tf 這邊我們用clickhouse來舉例，使用alinity的operator

resource "helm_release" "click_house" {
  name       = "clickhouse"
  repository = "https://slamdev.github.io/helm-charts"
  chart      = "altinity-clickhouse-operator"
  version    = "0.0.13"
  timeout    = 300

  cleanup_on_fail = "true"
  create_namespace = "true"
  namespace = "dsp-ml"

  values = [
    "${file("data/clickhouse-value.yaml")}"
  ]
}
resource "kubernetes_storage_class" "clickhouse_storage" {
  metadata {
    name = "clickhouse-sc"
  }
  storage_provisioner = "kubernetes.io/gce-pd"
  reclaim_policy      = "Retain"
  parameters = {
    type = "pd-standard"
  }
  allow_volume_expansion = true
}


resource "kubectl_manifest" "clickhouse_installation" {
    yaml_body = "${file("data/clickhouse-installation.yaml")}"
}

加入 data/clickhouse-value.yaml

operator:
  resources:
    limits:
      cpu: 100m
      memory: 128Mi
    requests:
      cpu: 100m
      memory: 128Mi

nodeSelector:
  instance-type: static

和 data/clickhouse-installation

apiVersion: "clickhouse.altinity.com/v1"
kind: "ClickHouseInstallation"

metadata:
  name: "ch"
  namespace: "dsp-ml"

spec:
  defaults:
    templates:
      dataVolumeClaimTemplate: data-volume-template
      logVolumeClaimTemplate: log-volume-template
      podTemplate: clickhouse-pod-template
      # podTemplate: clickhouse:20.3
  configuration:
    # profiles:
    #   default/format_avro_schema_registry_url: http://avrosr-schema-registry.avrosr:8081
    zookeeper:
      nodes:
      - host: zookeeper-0.zookeeper-headless.dsp-ml.svc.cluster.local
        port: 2181
      - host: zookeeper-1.zookeeper-headless.dsp-ml.svc.cluster.local
        port: 2181
      - host: zookeeper-2.zookeeper-headless.dsp-ml.svc.cluster.local
        port: 2181
    # must be placed after zookeeper
    users:
      user1/password: 123456
      user1/profile: default
      user1/quota: default
      user1/networks/ip:
        - ::/0
    # must not be camel case(will not start clickhouse pod) or snake case(cannot use).
    clusters:
      - name: cluster
        layout:
          shards:
            - name: shard0
              replicasCount: 1
              weight: 1
              internalReplication: Disabled
            - name: shard1
              replicasCount: 1
              weight: 1
              internalReplication: Disabled
            - name: shard2
              replicasCount: 1
              weight: 1
              internalReplication: Disabled

  templates:
    podTemplates:
      - name: clickhouse-pod-template
        spec:
          nodeSelector:
            instance-type: static
    volumeClaimTemplates:
      - name: data-volume-template
        spec:
          storageClassName: clickhouse-sc
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              storage: 1000Gi
      - name: log-volume-template
        spec:
          storageClassName: clickhouse-sc
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              storage: 50Gi

接下來
terraform init
terraform apply就可以將clickhouse裝到GKE上啦

其中helm chart的value和clickhouse installation的詳細大家可以到alinity 的官網查詢

這邊介紹的是如何將helm和GKE做個整合使用terraform結合helm叫起DB的一些工作