我正在尝试使用Terraform在DigitalOcean上部署新集群,主要思想是将Fission部署为具有无服务器环境,这是我的文件:
do_provider.tf
provider "digitalocean" {
token = "${var.do_token}"
}
variables.tf
variable region {
description = "Region for cloud resources."
default = "lon1"
}
k8s_cluster.tf
resource "random_id" "fission-cluster" {
byte_length = 8
}
resource "digitalocean_kubernetes_cluster" "fission-cluster" {
name = "k8s-fission-${var.region}-${random_id.fission-cluster.hex}"
region = "${var.region}"
version = "1.15.3-do.3"
node_pool {
name = "k8s-fission-${var.region}-${random_id.fission-cluster.hex}-worker"
size = "s-1vcpu-2gb"
node_count = "3"
tags = ["fission", "worker"]
}
tags = ["fission"]
}
resource "local_file" "config" {
content = "${digitalocean_kubernetes_cluster.fission-cluster.kube_config.0.raw_config}"
filename = "${path.module}/config"
}
provider "kubernetes" {
host = "${digitalocean_kubernetes_cluster.fission-cluster.endpoint}"
client_certificate = "${base64decode(digitalocean_kubernetes_cluster.fission-cluster.kube_config.0.client_certificate)}"
client_key = "${base64decode(digitalocean_kubernetes_cluster.fission-cluster.kube_config.0.client_key)}"
cluster_ca_certificate = "${base64decode(digitalocean_kubernetes_cluster.fission-cluster.kube_config.0.cluster_ca_certificate)}"
}
helm.tf
provider "helm" {
service_account = "tiller"
kubernetes {
host = "https://${google_container_cluster.fission-cluster.endpoint}"
client_certificate = "${base64decode(google_container_cluster.fission-cluster.master_auth.0.cluster_ca_certificate)}"
client_key = "${base64decode(google_container_cluster.fission-cluster.master_auth.0.client_key)}"
cluster_ca_certificate = "${base64decode(google_container_cluster.fission-cluster.master_auth.0.client_certificate)}"
}
}
resource "kubernetes_service_account" "tiller" {
metadata {
name = "tiller"
namespace = "kube-system"
}
depends_on = [ "kubernetes_cluster_role_binding.tiller" ]
}
resource "kubernetes_cluster_role_binding" "tiller" {
metadata {
name = "tiller"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "cluster-admin"
}
subject {
kind = "User"
name = "admin"
api_group = "rbac.authorization.k8s.io"
}
subject {
kind = "ServiceAccount"
name = "tiller"
namespace = "kube-system"
}
subject {
kind = "Group"
name = "system:masters"
api_group = "rbac.authorization.k8s.io"
}
}
[当我运行terrarform plan时,它会正确显示更改,并且当我运行terraform apply时,会创建集群并将输出显示为正确
random_id.fission-cluster: Creating...
random_id.fission-cluster: Creation complete after 0s [id=dag8ooN_yVg]
digitalocean_kubernetes_cluster.fission-cluster: Creating...
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [10s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [20s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [30s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [40s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [50s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [1m0s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [1m10s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [1m20s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [1m30s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [1m40s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [1m50s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [2m0s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [2m10s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [2m20s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [2m30s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [2m40s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [2m50s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [3m0s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [3m10s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [3m20s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [3m30s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [3m40s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [3m50s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [4m0s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [4m10s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [4m20s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [4m30s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [4m40s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [4m50s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [5m0s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [5m10s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [5m20s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [5m30s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [5m40s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Still creating... [5m50s elapsed]
digitalocean_kubernetes_cluster.fission-cluster: Creation complete after 5m52s [id=a2dbf847-a273-41c0-a5f7-5aab8ab21407]
local_file.config: Creating...
local_file.config: Creation complete after 0s [id=bab7483e4abd5e02e473464556055c80ec952826]
kubernetes_service_account.tiller: Creating...
kubernetes_service_account.tiller: Creation complete after 2s [id=kube-system/tiller]
Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
问题是,在所有过程之后,分till未部署到集群中,并且helm cli命令请求首先初始化分till。
~/.kube/config
在您的配置中,您似乎正在使用local_file配置资源将新的Kubernetes集群kube配置保存到模块路径中。即
"${path.module}/config"
因此,我将在舵手提供程序部分中调整您的kubernetes块以添加类似内容:
load_config_file = "${path.module}/config"
如果失败,则在运行时启用更高的日志调试级别-也许初始化头盔舵机组件的失败是无声警告或信息日志消息。尝试将
TF_LOG环境变量设置为TRACE。 Debugging docs for Terraform