diff --git a/examples/tencentcloud-tke-nodepool/main.tf b/examples/tencentcloud-tke-nodepool/main.tf new file mode 100644 index 0000000000..6f1b8af16d --- /dev/null +++ b/examples/tencentcloud-tke-nodepool/main.tf @@ -0,0 +1,188 @@ +# examples for node pool based on a empty cluster +locals { + first_vpc_id = data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.vpc_id + first_subnet_id = data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.subnet_id + second_vpc_id = data.tencentcloud_vpc_subnets.vpc_two.instance_list.0.vpc_id + second_subnet_id = data.tencentcloud_vpc_subnets.vpc_two.instance_list.0.subnet_id + sg_id = tencentcloud_security_group.sg.id +} + +data "tencentcloud_vpc_subnets" "vpc_one" { + is_default = true + availability_zone = var.availability_zone_first +} + +data "tencentcloud_vpc_subnets" "vpc_two" { + is_default = true + availability_zone = var.availability_zone_second +} + +resource "tencentcloud_security_group" "sg" { + name = "tf-example-np-sg" +} + +resource "tencentcloud_security_group_lite_rule" "sg_rule" { + security_group_id = tencentcloud_security_group.sg.id + + ingress = [ + "ACCEPT#10.0.0.0/16#ALL#ALL", + "ACCEPT#172.16.0.0/22#ALL#ALL", + "DROP#0.0.0.0/0#ALL#ALL", + ] + + egress = [ + "ACCEPT#172.16.0.0/22#ALL#ALL", + ] +} + +resource "tencentcloud_kubernetes_cluster" "example" { + vpc_id = local.first_vpc_id + cluster_cidr = var.example_cluster_cidr + cluster_max_pod_num = 32 + cluster_name = "tf_example_cluster_np" + cluster_desc = "example for tke cluster" + cluster_max_service_num = 32 + cluster_version = "1.22.5" + cluster_deploy_type = "MANAGED_CLUSTER" + # without any worker config +} + +resource "tencentcloud_kubernetes_node_pool" "example" { + name = "tf_example_node_pool" + cluster_id = tencentcloud_kubernetes_cluster.example.id + max_size = 6 # set the node scaling range [1,6] + min_size = 1 + vpc_id = local.first_vpc_id + subnet_ids = [local.first_subnet_id] + retry_policy = "INCREMENTAL_INTERVALS" + desired_capacity = 4 + enable_auto_scale = true + multi_zone_subnet_policy = "EQUALITY" + + auto_scaling_config { + instance_type = var.default_instance_type + system_disk_type = "CLOUD_PREMIUM" + system_disk_size = "50" + security_group_ids = [local.sg_id] + + data_disk { + disk_type = "CLOUD_PREMIUM" + disk_size = 50 + } + + internet_charge_type = "TRAFFIC_POSTPAID_BY_HOUR" + internet_max_bandwidth_out = 10 + public_ip_assigned = true + password = "test123#" + enhanced_security_service = false + enhanced_monitor_service = false + host_name = "12.123.0.0" + host_name_style = "ORIGINAL" + } + + labels = { + "test1" = "test1", + "test2" = "test2", + } + + taints { + key = "test_taint" + value = "taint_value" + effect = "PreferNoSchedule" + } + + taints { + key = "test_taint2" + value = "taint_value2" + effect = "PreferNoSchedule" + } + + node_config { + extra_args = [ + "root-dir=/var/lib/kubelet" + ] + } +} + +# examples for node pool based on a empty cluster, and open the network through endpoint +resource "tencentcloud_kubernetes_cluster" "example_np_ep" { + vpc_id = local.first_vpc_id + cluster_cidr = var.example_cluster_cidr + cluster_max_pod_num = 32 + cluster_name = "tf_example_cluster" + cluster_desc = "example for tke cluster" + cluster_max_service_num = 32 + cluster_internet = false # (can be ignored) open it after the nodes added + cluster_version = "1.22.5" + cluster_deploy_type = "MANAGED_CLUSTER" + # without any worker config +} + +resource "tencentcloud_kubernetes_node_pool" "example_np_ep" { + name = "tf_example_node_pool_ep" + cluster_id = tencentcloud_kubernetes_cluster.example_np_ep.id + max_size = 6 # set the node scaling range [1,6] + min_size = 1 + vpc_id = local.second_vpc_id + subnet_ids = [local.second_subnet_id] + retry_policy = "INCREMENTAL_INTERVALS" + desired_capacity = 4 + enable_auto_scale = true + multi_zone_subnet_policy = "EQUALITY" + + auto_scaling_config { + instance_type = var.default_instance_type + system_disk_type = "CLOUD_PREMIUM" + system_disk_size = "50" + security_group_ids = [local.sg_id] + + data_disk { + disk_type = "CLOUD_PREMIUM" + disk_size = 50 + } + + internet_charge_type = "TRAFFIC_POSTPAID_BY_HOUR" + internet_max_bandwidth_out = 10 + public_ip_assigned = true + password = "test123#" + enhanced_security_service = false + enhanced_monitor_service = false + host_name = "12.123.0.0" + host_name_style = "ORIGINAL" + } + + labels = { + "test1" = "test1", + "test2" = "test2", + } + + taints { + key = "test_taint" + value = "taint_value" + effect = "PreferNoSchedule" + } + + taints { + key = "test_taint2" + value = "taint_value2" + effect = "PreferNoSchedule" + } + + node_config { + extra_args = [ + "root-dir=/var/lib/kubelet" + ] + } +} + +resource "tencentcloud_kubernetes_cluster_endpoint" "example_np_ep" { + cluster_id = tencentcloud_kubernetes_cluster.example_np_ep.id + cluster_internet = true # open the internet here + cluster_intranet = true + cluster_internet_security_group = local.sg_id + cluster_intranet_subnet_id = local.second_subnet_id + depends_on = [ # wait for the node pool ready + tencentcloud_kubernetes_node_pool.example_np_ep + ] +} + diff --git a/examples/tencentcloud-tke-nodepool/variables.tf b/examples/tencentcloud-tke-nodepool/variables.tf new file mode 100644 index 0000000000..3967391e22 --- /dev/null +++ b/examples/tencentcloud-tke-nodepool/variables.tf @@ -0,0 +1,15 @@ +variable "default_instance_type" { + default = "SA2.2XLARGE16" +} + +variable "availability_zone_first" { + default = "ap-guangzhou-3" +} + +variable "availability_zone_second" { + default = "ap-guangzhou-4" +} + +variable "example_cluster_cidr" { + default = "10.31.0.0/16" +} \ No newline at end of file diff --git a/examples/tencentcloud-tke-nodepool/version.tf b/examples/tencentcloud-tke-nodepool/version.tf new file mode 100644 index 0000000000..133d0d73e7 --- /dev/null +++ b/examples/tencentcloud-tke-nodepool/version.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.12" +} \ No newline at end of file diff --git a/tencentcloud/resource_tc_kubernetes_addon_attachment.go b/tencentcloud/resource_tc_kubernetes_addon_attachment.go index a01899c7f3..cda5aa9241 100644 --- a/tencentcloud/resource_tc_kubernetes_addon_attachment.go +++ b/tencentcloud/resource_tc_kubernetes_addon_attachment.go @@ -32,8 +32,8 @@ resource "tencentcloud_kubernetes_addon_attachment" "addon_tcr" { "global.imagePullSecretsCrs[0].namespaces=${local.ns_name}", #input the specified namespaces of the cluster, or input `*` for all. "global.imagePullSecretsCrs[0].serviceAccounts=*", #input the specified service account of the cluster, or input `*` for all. "global.imagePullSecretsCrs[0].type=docker", #only support docker now - "global.imagePullSecretsCrs[0].dockerUsername=${local.user_name}", #input the access username, or you can create it from data source `tencentcloud_tcr_tokens` - "global.imagePullSecretsCrs[0].dockerPassword=${local.token}", #input the access token, or you can create it from data source `tencentcloud_tcr_tokens` + "global.imagePullSecretsCrs[0].dockerUsername=${local.user_name}", #input the access username, or you can create it from `tencentcloud_tcr_token` + "global.imagePullSecretsCrs[0].dockerPassword=${local.token}", #input the access token, or you can create it from `tencentcloud_tcr_token` "global.imagePullSecretsCrs[0].dockerServer=${local.tcr_name}-vpc.tencentcloudcr.com", #invalid format as: `${tcr_name}-vpc.tencentcloudcr.com` "global.imagePullSecretsCrs[1].name=${local.tcr_id}-public", #specify a unique name, invalid format as: `${tcr_id}-public` "global.imagePullSecretsCrs[1].namespaces=${local.ns_name}", diff --git a/tencentcloud/resource_tc_kubernetes_cluster.go b/tencentcloud/resource_tc_kubernetes_cluster.go index 1e25d17613..c0c78a7cd4 100644 --- a/tencentcloud/resource_tc_kubernetes_cluster.go +++ b/tencentcloud/resource_tc_kubernetes_cluster.go @@ -137,6 +137,271 @@ resource "tencentcloud_kubernetes_cluster" "example" { ``` +Create an empty cluster with a node pool + +The cluster does not have any nodes, nodes will be added through node pool. + +```hcl +variable "default_instance_type" { + default = "SA2.2XLARGE16" +} + +variable "availability_zone_first" { + default = "ap-guangzhou-3" +} + +variable "availability_zone_second" { + default = "ap-guangzhou-4" +} + +variable "example_cluster_cidr" { + default = "10.31.0.0/16" +} + +locals { + first_vpc_id = data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.vpc_id + first_subnet_id = data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.subnet_id + sg_id = tencentcloud_security_group.sg.id +} + +data "tencentcloud_vpc_subnets" "vpc_one" { + is_default = true + availability_zone = var.availability_zone_first +} + +data "tencentcloud_vpc_subnets" "vpc_two" { + is_default = true + availability_zone = var.availability_zone_second +} + +resource "tencentcloud_security_group" "sg" { + name = "tf-example-np-sg" +} + +resource "tencentcloud_security_group_lite_rule" "sg_rule" { + security_group_id = tencentcloud_security_group.sg.id + + ingress = [ + "ACCEPT#10.0.0.0/16#ALL#ALL", + "ACCEPT#172.16.0.0/22#ALL#ALL", + "DROP#0.0.0.0/0#ALL#ALL", + ] + + egress = [ + "ACCEPT#172.16.0.0/22#ALL#ALL", + ] +} + +resource "tencentcloud_kubernetes_cluster" "example" { + vpc_id = local.first_vpc_id + cluster_cidr = var.example_cluster_cidr + cluster_max_pod_num = 32 + cluster_name = "tf_example_cluster_np" + cluster_desc = "example for tke cluster" + cluster_max_service_num = 32 + cluster_version = "1.22.5" + cluster_deploy_type = "MANAGED_CLUSTER" + # without any worker config +} + +resource "tencentcloud_kubernetes_node_pool" "example" { + name = "tf_example_node_pool" + cluster_id = tencentcloud_kubernetes_cluster.example.id + max_size = 6 # set the node scaling range [1,6] + min_size = 1 + vpc_id = local.first_vpc_id + subnet_ids = [local.first_subnet_id] + retry_policy = "INCREMENTAL_INTERVALS" + desired_capacity = 4 + enable_auto_scale = true + multi_zone_subnet_policy = "EQUALITY" + + auto_scaling_config { + instance_type = var.default_instance_type + system_disk_type = "CLOUD_PREMIUM" + system_disk_size = "50" + security_group_ids = [local.sg_id] + + data_disk { + disk_type = "CLOUD_PREMIUM" + disk_size = 50 + } + + internet_charge_type = "TRAFFIC_POSTPAID_BY_HOUR" + internet_max_bandwidth_out = 10 + public_ip_assigned = true + password = "test123#" + enhanced_security_service = false + enhanced_monitor_service = false + host_name = "12.123.0.0" + host_name_style = "ORIGINAL" + } + + labels = { + "test1" = "test1", + "test2" = "test2", + } + + taints { + key = "test_taint" + value = "taint_value" + effect = "PreferNoSchedule" + } + + taints { + key = "test_taint2" + value = "taint_value2" + effect = "PreferNoSchedule" + } + + node_config { + extra_args = [ + "root-dir=/var/lib/kubelet" + ] + } +} + +```` + +Create a cluster with a node pool and open the network access with cluster endpoint + +The cluster's internet and intranet access will be opened after nodes are added through node pool. + +```hcl +variable "default_instance_type" { + default = "SA2.2XLARGE16" +} + +variable "availability_zone_first" { + default = "ap-guangzhou-3" +} + +variable "availability_zone_second" { + default = "ap-guangzhou-4" +} + +variable "example_cluster_cidr" { + default = "10.31.0.0/16" +} + +locals { + first_vpc_id = data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.vpc_id + first_subnet_id = data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.subnet_id + sg_id = tencentcloud_security_group.sg.id +} + +data "tencentcloud_vpc_subnets" "vpc_one" { + is_default = true + availability_zone = var.availability_zone_first +} + +data "tencentcloud_vpc_subnets" "vpc_two" { + is_default = true + availability_zone = var.availability_zone_second +} + +resource "tencentcloud_security_group" "sg" { + name = "tf-example-np-ep-sg" +} + +resource "tencentcloud_security_group_lite_rule" "sg_rule" { + security_group_id = tencentcloud_security_group.sg.id + + ingress = [ + "ACCEPT#10.0.0.0/16#ALL#ALL", + "ACCEPT#172.16.0.0/22#ALL#ALL", + "DROP#0.0.0.0/0#ALL#ALL", + ] + + egress = [ + "ACCEPT#172.16.0.0/22#ALL#ALL", + ] +} + +resource "tencentcloud_kubernetes_cluster" "example" { + vpc_id = local.first_vpc_id + cluster_cidr = var.example_cluster_cidr + cluster_max_pod_num = 32 + cluster_name = "tf_example_cluster" + cluster_desc = "example for tke cluster" + cluster_max_service_num = 32 + cluster_internet = false # (can be ignored) open it after the nodes added + cluster_version = "1.22.5" + cluster_deploy_type = "MANAGED_CLUSTER" + # without any worker config +} + +resource "tencentcloud_kubernetes_node_pool" "example" { + name = "tf_example_node_pool" + cluster_id = tencentcloud_kubernetes_cluster.example.id + max_size = 6 # set the node scaling range [1,6] + min_size = 1 + vpc_id = local.first_vpc_id + subnet_ids = [local.first_subnet_id] + retry_policy = "INCREMENTAL_INTERVALS" + desired_capacity = 4 + enable_auto_scale = true + multi_zone_subnet_policy = "EQUALITY" + + auto_scaling_config { + instance_type = var.default_instance_type + system_disk_type = "CLOUD_PREMIUM" + system_disk_size = "50" + security_group_ids = [local.sg_id] + + data_disk { + disk_type = "CLOUD_PREMIUM" + disk_size = 50 + } + + internet_charge_type = "TRAFFIC_POSTPAID_BY_HOUR" + internet_max_bandwidth_out = 10 + public_ip_assigned = true + password = "test123#" + enhanced_security_service = false + enhanced_monitor_service = false + host_name = "12.123.0.0" + host_name_style = "ORIGINAL" + } + + labels = { + "test1" = "test1", + "test2" = "test2", + } + + taints { + key = "test_taint" + value = "taint_value" + effect = "PreferNoSchedule" + } + + taints { + key = "test_taint2" + value = "taint_value2" + effect = "PreferNoSchedule" + } + + node_config { + extra_args = [ + "root-dir=/var/lib/kubelet" + ] + } +} + +resource "tencentcloud_kubernetes_cluster_endpoint" "example" { + cluster_id = tencentcloud_kubernetes_cluster.example.id + cluster_internet = true # open the internet here + cluster_intranet = true + cluster_internet_security_group = local.sg_id + cluster_intranet_subnet_id = local.first_subnet_id + depends_on = [ # wait for the node pool ready + tencentcloud_kubernetes_node_pool.example + ] +} + + +```` + Use Kubelet ```hcl @@ -1156,7 +1421,7 @@ func resourceTencentCloudTkeCluster() *schema.Resource { Optional: true, Description: "Open internet access or not." + " If this field is set 'true', the field below `worker_config` must be set." + - " Because only cluster with node is allowed enable access endpoint.", + " Because only cluster with node is allowed enable access endpoint. You may open it through `tencentcloud_kubernetes_cluster_endpoint`.", }, "cluster_internet_domain": { Type: schema.TypeString, @@ -1170,7 +1435,7 @@ func resourceTencentCloudTkeCluster() *schema.Resource { Optional: true, Description: "Open intranet access or not." + " If this field is set 'true', the field below `worker_config` must be set." + - " Because only cluster with node is allowed enable access endpoint.", + " Because only cluster with node is allowed enable access endpoint. You may open it through `tencentcloud_kubernetes_cluster_endpoint`.", }, "cluster_intranet_domain": { Type: schema.TypeString, diff --git a/tencentcloud/resource_tc_tcr_service_account_test.go b/tencentcloud/resource_tc_tcr_service_account_test.go index 0b60fc9053..f8a780dce6 100644 --- a/tencentcloud/resource_tc_tcr_service_account_test.go +++ b/tencentcloud/resource_tc_tcr_service_account_test.go @@ -67,7 +67,7 @@ const testAccTcrServiceAccount = ` resource "tencentcloud_tcr_instance" "example" { name = "tf-example-tcr-instance" - instance_type = "basic" + instance_type = "premium" delete_bucket = true tags = { "createdBy" = "terraform" @@ -107,7 +107,7 @@ const testAccTcrServiceAccount_Update = ` resource "tencentcloud_tcr_instance" "example" { name = "tf-example-tcr-instance" - instance_type = "basic" + instance_type = "premium" delete_bucket = true tags = { "createdBy" = "terraform" diff --git a/tencentcloud/resource_tc_tcr_tag_retention_rule_test.go b/tencentcloud/resource_tc_tcr_tag_retention_rule_test.go index c37ae46b88..1d8be469d8 100644 --- a/tencentcloud/resource_tc_tcr_tag_retention_rule_test.go +++ b/tencentcloud/resource_tc_tcr_tag_retention_rule_test.go @@ -140,7 +140,7 @@ func testAccCheckTCRTagRetentionRuleExists(re string) resource.TestCheckFunc { const testAccTCRInstance_retention = ` resource "tencentcloud_tcr_instance" "mytcr_retention" { name = "tf-test-tcr-retention" - instance_type = "basic" + instance_type = "premium" delete_bucket = true tags ={ diff --git a/tencentcloud/resource_tc_tcr_webhook_trigger_test.go b/tencentcloud/resource_tc_tcr_webhook_trigger_test.go index 1d594106b5..da77be9045 100644 --- a/tencentcloud/resource_tc_tcr_webhook_trigger_test.go +++ b/tencentcloud/resource_tc_tcr_webhook_trigger_test.go @@ -149,7 +149,7 @@ func testAccCheckTCRWebhookTriggerExists(re string) resource.TestCheckFunc { const testAccTCRInstance_webhooktrigger = ` resource "tencentcloud_tcr_instance" "mytcr_webhooktrigger" { name = "tf-test-tcr-%s" - instance_type = "basic" + instance_type = "premium" delete_bucket = true tags ={ diff --git a/website/docs/r/kubernetes_addon_attachment.html.markdown b/website/docs/r/kubernetes_addon_attachment.html.markdown index 0be2227882..1ad13484e3 100644 --- a/website/docs/r/kubernetes_addon_attachment.html.markdown +++ b/website/docs/r/kubernetes_addon_attachment.html.markdown @@ -41,8 +41,8 @@ resource "tencentcloud_kubernetes_addon_attachment" "addon_tcr" { "global.imagePullSecretsCrs[0].namespaces=${local.ns_name}", #input the specified namespaces of the cluster, or input `*` for all. "global.imagePullSecretsCrs[0].serviceAccounts=*", #input the specified service account of the cluster, or input `*` for all. "global.imagePullSecretsCrs[0].type=docker", #only support docker now - "global.imagePullSecretsCrs[0].dockerUsername=${local.user_name}", #input the access username, or you can create it from data source `tencentcloud_tcr_tokens` - "global.imagePullSecretsCrs[0].dockerPassword=${local.token}", #input the access token, or you can create it from data source `tencentcloud_tcr_tokens` + "global.imagePullSecretsCrs[0].dockerUsername=${local.user_name}", #input the access username, or you can create it from `tencentcloud_tcr_token` + "global.imagePullSecretsCrs[0].dockerPassword=${local.token}", #input the access token, or you can create it from `tencentcloud_tcr_token` "global.imagePullSecretsCrs[0].dockerServer=${local.tcr_name}-vpc.tencentcloudcr.com", #invalid format as: `${tcr_name}-vpc.tencentcloudcr.com` "global.imagePullSecretsCrs[1].name=${local.tcr_id}-public", #specify a unique name, invalid format as: `${tcr_id}-public` "global.imagePullSecretsCrs[1].namespaces=${local.ns_name}", diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown index cb3d1aa091..efd8103032 100644 --- a/website/docs/r/kubernetes_cluster.html.markdown +++ b/website/docs/r/kubernetes_cluster.html.markdown @@ -146,6 +146,268 @@ resource "tencentcloud_kubernetes_cluster" "example" { } ``` +### Create an empty cluster with a node pool + +The cluster does not have any nodes, nodes will be added through node pool. + +```hcl +variable "default_instance_type" { + default = "SA2.2XLARGE16" +} + +variable "availability_zone_first" { + default = "ap-guangzhou-3" +} + +variable "availability_zone_second" { + default = "ap-guangzhou-4" +} + +variable "example_cluster_cidr" { + default = "10.31.0.0/16" +} + +locals { + first_vpc_id = data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.vpc_id + first_subnet_id = data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.subnet_id + sg_id = tencentcloud_security_group.sg.id +} + +data "tencentcloud_vpc_subnets" "vpc_one" { + is_default = true + availability_zone = var.availability_zone_first +} + +data "tencentcloud_vpc_subnets" "vpc_two" { + is_default = true + availability_zone = var.availability_zone_second +} + +resource "tencentcloud_security_group" "sg" { + name = "tf-example-np-sg" +} + +resource "tencentcloud_security_group_lite_rule" "sg_rule" { + security_group_id = tencentcloud_security_group.sg.id + + ingress = [ + "ACCEPT#10.0.0.0/16#ALL#ALL", + "ACCEPT#172.16.0.0/22#ALL#ALL", + "DROP#0.0.0.0/0#ALL#ALL", + ] + + egress = [ + "ACCEPT#172.16.0.0/22#ALL#ALL", + ] +} + +resource "tencentcloud_kubernetes_cluster" "example" { + vpc_id = local.first_vpc_id + cluster_cidr = var.example_cluster_cidr + cluster_max_pod_num = 32 + cluster_name = "tf_example_cluster_np" + cluster_desc = "example for tke cluster" + cluster_max_service_num = 32 + cluster_version = "1.22.5" + cluster_deploy_type = "MANAGED_CLUSTER" + # without any worker config +} + +resource "tencentcloud_kubernetes_node_pool" "example" { + name = "tf_example_node_pool" + cluster_id = tencentcloud_kubernetes_cluster.example.id + max_size = 6 # set the node scaling range [1,6] + min_size = 1 + vpc_id = local.first_vpc_id + subnet_ids = [local.first_subnet_id] + retry_policy = "INCREMENTAL_INTERVALS" + desired_capacity = 4 + enable_auto_scale = true + multi_zone_subnet_policy = "EQUALITY" + + auto_scaling_config { + instance_type = var.default_instance_type + system_disk_type = "CLOUD_PREMIUM" + system_disk_size = "50" + security_group_ids = [local.sg_id] + + data_disk { + disk_type = "CLOUD_PREMIUM" + disk_size = 50 + } + + internet_charge_type = "TRAFFIC_POSTPAID_BY_HOUR" + internet_max_bandwidth_out = 10 + public_ip_assigned = true + password = "test123#" + enhanced_security_service = false + enhanced_monitor_service = false + host_name = "12.123.0.0" + host_name_style = "ORIGINAL" + } + + labels = { + "test1" = "test1", + "test2" = "test2", + } + + taints { + key = "test_taint" + value = "taint_value" + effect = "PreferNoSchedule" + } + + taints { + key = "test_taint2" + value = "taint_value2" + effect = "PreferNoSchedule" + } + + node_config { + extra_args = [ + "root-dir=/var/lib/kubelet" + ] + } +} +``` + +### Create a cluster with a node pool and open the network access with cluster endpoint + +The cluster's internet and intranet access will be opened after nodes are added through node pool. + +```hcl +variable "default_instance_type" { + default = "SA2.2XLARGE16" +} + +variable "availability_zone_first" { + default = "ap-guangzhou-3" +} + +variable "availability_zone_second" { + default = "ap-guangzhou-4" +} + +variable "example_cluster_cidr" { + default = "10.31.0.0/16" +} + +locals { + first_vpc_id = data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.vpc_id + first_subnet_id = data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.subnet_id + sg_id = tencentcloud_security_group.sg.id +} + +data "tencentcloud_vpc_subnets" "vpc_one" { + is_default = true + availability_zone = var.availability_zone_first +} + +data "tencentcloud_vpc_subnets" "vpc_two" { + is_default = true + availability_zone = var.availability_zone_second +} + +resource "tencentcloud_security_group" "sg" { + name = "tf-example-np-ep-sg" +} + +resource "tencentcloud_security_group_lite_rule" "sg_rule" { + security_group_id = tencentcloud_security_group.sg.id + + ingress = [ + "ACCEPT#10.0.0.0/16#ALL#ALL", + "ACCEPT#172.16.0.0/22#ALL#ALL", + "DROP#0.0.0.0/0#ALL#ALL", + ] + + egress = [ + "ACCEPT#172.16.0.0/22#ALL#ALL", + ] +} + +resource "tencentcloud_kubernetes_cluster" "example" { + vpc_id = local.first_vpc_id + cluster_cidr = var.example_cluster_cidr + cluster_max_pod_num = 32 + cluster_name = "tf_example_cluster" + cluster_desc = "example for tke cluster" + cluster_max_service_num = 32 + cluster_internet = false # (can be ignored) open it after the nodes added + cluster_version = "1.22.5" + cluster_deploy_type = "MANAGED_CLUSTER" + # without any worker config +} + +resource "tencentcloud_kubernetes_node_pool" "example" { + name = "tf_example_node_pool" + cluster_id = tencentcloud_kubernetes_cluster.example.id + max_size = 6 # set the node scaling range [1,6] + min_size = 1 + vpc_id = local.first_vpc_id + subnet_ids = [local.first_subnet_id] + retry_policy = "INCREMENTAL_INTERVALS" + desired_capacity = 4 + enable_auto_scale = true + multi_zone_subnet_policy = "EQUALITY" + + auto_scaling_config { + instance_type = var.default_instance_type + system_disk_type = "CLOUD_PREMIUM" + system_disk_size = "50" + security_group_ids = [local.sg_id] + + data_disk { + disk_type = "CLOUD_PREMIUM" + disk_size = 50 + } + + internet_charge_type = "TRAFFIC_POSTPAID_BY_HOUR" + internet_max_bandwidth_out = 10 + public_ip_assigned = true + password = "test123#" + enhanced_security_service = false + enhanced_monitor_service = false + host_name = "12.123.0.0" + host_name_style = "ORIGINAL" + } + + labels = { + "test1" = "test1", + "test2" = "test2", + } + + taints { + key = "test_taint" + value = "taint_value" + effect = "PreferNoSchedule" + } + + taints { + key = "test_taint2" + value = "taint_value2" + effect = "PreferNoSchedule" + } + + node_config { + extra_args = [ + "root-dir=/var/lib/kubelet" + ] + } +} + +resource "tencentcloud_kubernetes_cluster_endpoint" "example" { + cluster_id = tencentcloud_kubernetes_cluster.example.id + cluster_internet = true # open the internet here + cluster_intranet = true + cluster_internet_security_group = local.sg_id + cluster_intranet_subnet_id = local.first_subnet_id + depends_on = [ # wait for the node pool ready + tencentcloud_kubernetes_node_pool.example + ] +} +``` + ### Use Kubelet ```hcl @@ -545,10 +807,10 @@ The following arguments are supported: * `cluster_extra_args` - (Optional, List, ForceNew) Customized parameters for master component,such as kube-apiserver, kube-controller-manager, kube-scheduler. * `cluster_internet_domain` - (Optional, String) Domain name for cluster Kube-apiserver internet access. Be careful if you modify value of this parameter, the cluster_external_endpoint value may be changed automatically too. * `cluster_internet_security_group` - (Optional, String) Specify security group, NOTE: This argument must not be empty if cluster internet enabled. -* `cluster_internet` - (Optional, Bool) Open internet access or not. If this field is set 'true', the field below `worker_config` must be set. Because only cluster with node is allowed enable access endpoint. +* `cluster_internet` - (Optional, Bool) Open internet access or not. If this field is set 'true', the field below `worker_config` must be set. Because only cluster with node is allowed enable access endpoint. You may open it through `tencentcloud_kubernetes_cluster_endpoint`. * `cluster_intranet_domain` - (Optional, String) Domain name for cluster Kube-apiserver intranet access. Be careful if you modify value of this parameter, the pgw_endpoint value may be changed automatically too. * `cluster_intranet_subnet_id` - (Optional, String) Subnet id who can access this independent cluster, this field must and can only set when `cluster_intranet` is true. `cluster_intranet_subnet_id` can not modify once be set. -* `cluster_intranet` - (Optional, Bool) Open intranet access or not. If this field is set 'true', the field below `worker_config` must be set. Because only cluster with node is allowed enable access endpoint. +* `cluster_intranet` - (Optional, Bool) Open intranet access or not. If this field is set 'true', the field below `worker_config` must be set. Because only cluster with node is allowed enable access endpoint. You may open it through `tencentcloud_kubernetes_cluster_endpoint`. * `cluster_ipvs` - (Optional, Bool, ForceNew) Indicates whether `ipvs` is enabled. Default is true. False means `iptables` is enabled. * `cluster_level` - (Optional, String) Specify cluster level, valid for managed cluster, use data source `tencentcloud_kubernetes_cluster_levels` to query available levels. Available value examples `L5`, `L20`, `L50`, `L100`, etc. * `cluster_max_pod_num` - (Optional, Int, ForceNew) The maximum number of Pods per node in the cluster. Default is 256. The minimum value is 4. When its power unequal to 2, it will round upward to the closest power of 2.