Sign in Subscribe
2 min read

Deploying a Kubernetes Cluster on Alibaba Cloud Using Terraform

Deploying a Kubernetes Cluster on Alibaba Cloud Using Terraform
Deploy Kubernetes with IaC tool

Introduction

Kubernetes has become the go-to orchestration tool for containerized workloads due to its scalability and flexibility. In this blog, we will explore how to deploy a Kubernetes cluster on Alibaba Cloud using Terraform. This deployment will leverage Alibaba Cloud Container Service for Kubernetes (ACK) to efficiently manage the cluster infrastructure and workloads.

Prerequisites

Before starting, ensure you have the following:

  • An Alibaba Cloud account
  • Terraform installed on your local machine
  • Alibaba Cloud CLI configured
  • Proper access credentials for provisioning resources in Alibaba Cloud

Step 1: Set Up the Terraform Provider

To start with, define the Alibaba Cloud provider in the main.tf file to authenticate and interact with Alibaba Cloud resources.

provider "alicloud" {
  region = "cn-beijing"
}

This sets the Alibaba Cloud region where the Kubernetes cluster will be deployed. You can replace "cn-beijing" with the region of your choice.

Step 2: Define the VPC and Networking Components

Kubernetes clusters require networking for communication between pods and external systems. In this step, we'll define the VPC and associated subnets.

resource "alicloud_vpc" "vpc" {
  name       = "k8s-vpc"
  cidr_block = "10.0.0.0/16"
}

resource "alicloud_vswitch" "vswitch" {
  vpc_id            = alicloud_vpc.vpc.id
  cidr_block        = "10.0.1.0/24"
  zone_id           = "cn-beijing-a"
  name              = "k8s-vswitch"
  description       = "VSwitch for Kubernetes cluster"
  availability_zone = "cn-beijing-a"
}

This configuration creates a VPC and a VSwitch (subnet) for your Kubernetes cluster, providing network isolation and security.

Step 3: Provision the Kubernetes Cluster

Alibaba Cloud ACK simplifies the process of deploying a Kubernetes cluster. In this step, we’ll create an ACK cluster and define the node pools.

resource "alicloud_cs_kubernetes_cluster" "k8s" {
  name               = "k8s-cluster"
  cluster_type       = "ManagedKubernetes"
  vswitch_ids        = [alicloud_vswitch.vswitch.id]
  worker_instance_types = ["ecs.g6.large"]
  worker_system_disk_category = "cloud_efficiency"
  worker_system_disk_size     = 100
  worker_data_disk            = false
  worker_vswitch_ids          = [alicloud_vswitch.vswitch.id]

  worker_instance_charge_type = "PostPaid"
  worker_number               = 3
}

resource "alicloud_cs_kubernetes_node_pool" "node_pool" {
  cluster_id                 = alicloud_cs_kubernetes_cluster.k8s.id
  name                       = "k8s-node-pool"
  scaling_group_min_size      = 1
  scaling_group_max_size      = 5
  scaling_group_desired_size  = 3
  scaling_group_instance_type = "ecs.c5.large"
  vswitch_ids                = [alicloud_vswitch.vswitch.id]
}

This configuration deploys a managed Kubernetes cluster with 3 worker nodes. The alicloud_cs_kubernetes_node_pool resource manages the node pool, allowing for autoscaling based on the workloads.

Step 4: Configure Security Groups for the Cluster

It’s crucial to set up security groups to manage access to your Kubernetes cluster. We’ll define the security rules that allow communication between the nodes and external traffic.

resource "alicloud_security_group" "k8s_sg" {
  name        = "k8s-sg"
  description = "Security group for Kubernetes cluster"
  vpc_id      = alicloud_vpc.vpc.id
}

resource "alicloud_security_group_rule" "inbound_rule" {
  type                     = "ingress"
  ip_protocol              = "tcp"
  port_range               = "6443/6443"
  source_cidr_ip           = "0.0.0.0/0"
  security_group_id        = alicloud_security_group.k8s_sg.id
}

resource "alicloud_security_group_rule" "outbound_rule" {
  type                     = "egress"
  ip_protocol              = "all"
  port_range               = "-1/-1"
  dest_cidr_ip             = "0.0.0.0/0"
  security_group_id        = alicloud_security_group.k8s_sg.id
}

This ensures that your cluster can communicate internally and externally, while keeping security in mind.

Step 5: Apply the Terraform Configuration

Once all resources are defined, initialize Terraform and apply the configuration.

terraform init
terraform apply

Terraform will provision the Kubernetes cluster and all associated resources on Alibaba Cloud. The output will display the cluster's API server endpoint and other useful information.

Step 6: Access the Kubernetes Cluster

After deployment, use kubectl to manage the cluster. You can configure kubectl by downloading the kubeconfig from Alibaba Cloud's ACK console or through the Terraform output.

kubectl get nodes

This should list the nodes in your cluster, confirming that the deployment is successful.

Conclusion

In this blog, we’ve shown how to deploy a Kubernetes cluster on Alibaba Cloud using Terraform. This automated approach simplifies cluster management and allows you to leverage the full power of Kubernetes. Future enhancements could include setting up a CI/CD pipeline for your Kubernetes workloads, integrating monitoring solutions, or scaling the cluster based on load.

Published by:

Bhavesh Panchal