Deploying Applications on CCI Using Terraform
Scenario
Terraform is an open-source infrastructure as code tool that lets you easily create, update, and delete Huawei Cloud resources. To deploy applications on CCI, you need to deploy service containers, and configure network resources and load balancers. With Terraform, you can automatically create, update, and delete pods, network configurations, and load balancer resources. Terraform can automatically process dependencies between resources to ensure that resources are created and updated in the correct sequence, making it easy to deploy applications.
Example Description
In this example, the nginx image is used to describe how to create a Deployment and add pods to the backend server group of the associated load balancer through a PoolBinding, to release the Nginx application and access it from the public network. The following figure shows the resources created and their dependencies during Nginx application release using Terraform.
|
Parameter |
Description |
|---|---|
|
ns_name |
Namespace name. The default value is tf-ns. You can enter a custom name as needed. |
|
network_name |
Network name. The default value is tf-network. You can enter a custom name as needed. |
|
project_id |
Project ID. For details, see My Credentials. |
|
domain_id |
Account ID. For details, see My Credentials. |
|
deploy_name |
Deployment name. The default value is tf-deploy. You can enter a custom name as needed. |
|
replica |
Number of replicas of the Deployment. The default value is 1. You can enter any value as needed. |
|
image_address |
Image path of the container running the Deployment. The example value is the path of the nginx image in SWR. |
|
pool_binding_name |
PoolBinding name. The default value is tf-binding. You can enter a custom name as needed. |
|
container_port |
Container port. The nginx image is used in this example, and the default port is 80. This parameter is related to the container image. If this parameter is incorrectly configured, there will be access exceptions. |
|
vpc_name |
VPC name. The default value is tf-cci-vpc. You can enter a custom name as needed. |
|
subnet_name |
Subnet name. The default value is tf-cci-subnet. You can enter a custom name as needed. |
|
sg_name |
Security group name. The default value is tf-sg. You can enter a custom name as needed. |
|
bandwidth_name |
Bandwidth name. The default value is tf-bandwidth. You can enter a custom name as needed. |
|
elb_name |
Load balancer name. The default value is tf-elb. You can enter a custom name as needed. |
|
listener_name |
Listener name. The default value is tf-listener. You can enter a custom name as needed. |
|
pool_name |
Backend server group (pool) name. The default value is tf-pool. You can enter a custom name as needed. |
|
listener_protocol_port |
Listener's port. The default value is 8080. You can enter a custom port as needed. |
|
Parameter |
Description |
|---|---|
|
swr_vpcep_service_id |
ID of the SWR endpoint service ID. For details about how to obtain the ID, see Querying Resources Using Terraform. |
|
obs_vpcep_service_id |
ID of the OBS endpoint service ID. Submit a service ticket to OBS to obtain the ID. |
|
l4_flavor_id |
Layer-4 flavor ID of the load balancer. For details about how to obtain the ID, see Querying Resources Using Terraform. |
|
l7_flavor_id |
Layer-7 flavor ID of the load balancer. For details about how to obtain the ID, see Querying Resources Using Terraform. |
Prerequisites
You have installed and configured Terraform. To reduce the risk of key leakage, the Terraform authentication and authorization are configured using environment variables in the operations below. When you run Terraform commands, the environment variables related to the credentials are automatically obtained. Therefore, static credential configuration is not involved.
The Terraform resources and parameters described in the following are those involved in this example. For more information Huawei Cloud resources supported by Terraform, see terraform-provider-huaweicloud.
Procedure
- Create a project.
Create working directories and files according to the resource creation flowchart in Example Description.
demo |- main.tf |- variables.tf |- outputs.tf |- modules |- vpc | |- main.tf | |- variables.tf | |- outputs.tf |- elb | |- main.tf | |- variables.tf | |- outputs.tf |- cci |- main.tf |- variables.tf |- outputs.tf(optional)- demo: project name. This parameter is user-defined.
- main.tf: declares the provider and each module.
- variables.tf: declares the parameters used by each module resource.
- outputs.tf: declares the output of the resource or expression relationship value of each module.
- modules/vpc: indicates a network child module, which contains main.tf, variables.tf, and outputs.tf.
- modules/elb: indicates the ELB child module, which contains main.tf, variables.tf, and outputs.tf.
- modules/cci: indicates a CCI child module, which contains main.tf, variables.tf, and outputs.tf. outputs.tf is optional because this example does not involve CCI resources. You can specify the output information of CCI resources.
The following shows the working directories and files.
- Edit the configuration files for the network child module (modules/vpc).
- Edit the main.tf file to add a VPC, subnet, VPC endpoint for SWR, VPC endpoint for OBS, security group, security group rule, and EIP.
terraform { required_providers { huaweicloud = { source = "huaweicloud/huaweicloud" version = ">= 1.36.0" } } } # 1. Create a VPC. resource "huaweicloud_vpc" "vpc" { name = var.vpc_name # VPC name. It is input as a variable. cidr = "172.16.0.0/16" # VPC CIDR block } # 2. Create a subnet. resource "huaweicloud_vpc_subnet" "subnet" { name = var.subnet_name # Subnet name. It is input as a variable. cidr = "172.16.0.0/24" # Subnet CIDR block gateway_ip = "172.16.0.1" # Subnet gateway. It must be in the IP address format. vpc_id = huaweicloud_vpc.vpc.id # ID of the VPC where the subnet is. It is the ID returned when the VPC is created. } # 3. Create a VPC endpoint for accessing SWR and a VPC endpoint for accessing OBS. To pull images from an SWR public image repository, you need a VPC endpoint for accessing SWR and a VPC endpoint for accessing OBS in the VPC where the workload is deployed. resource "huaweicloud_vpcep_endpoint" "swr_vpcep" { service_id = var.swr_vpcep_service_id # ID of the SWR VPC endpoint service. It is input as a variable. vpc_id = huaweicloud_vpc.vpc.id # ID of the VPC where the VPC endpoint is. It is the ID returned when the VPC is created. network_id = huaweicloud_vpc_subnet.subnet.id # You need to specify the ID of the network created for the VPC specified by **vpc_id**. } resource "huaweicloud_vpcep_endpoint" "obs_vpcep" { service_id = var.obs_vpcep_service_id # ID of the OBS VPCEP service. It is input as a variable. vpc_id = huaweicloud_vpc.vpc.id # ID of the VPC where the VPC endpoint is. It is the ID returned when the VPC is created. } # 4. Create a security group. resource "huaweicloud_networking_secgroup" "secgroup" { name = var.sg_name # Security group name. It is input as a variable. } # 5. Add an inbound rule for the security group. By default, the outbound rule allows traffic by default and does not need to be configured separately. resource "huaweicloud_networking_secgroup_rule" "ingress" { security_group_id = huaweicloud_networking_secgroup.secgroup.id # Security group ID, which is the ID returned after the security group is created. direction = "ingress" # Inbound direction of the security group rule ethertype = "IPv4" # IP address version ports = "1-65535" # Port protocol = "tcp" # Protocol } # 6. Assign an EIP. resource "huaweicloud_vpc_eip" "eip" { publicip { type = "5_bgp" # EIP type } bandwidth { share_type = "PER" # Bandwidth type. PER indicates a dedicated bandwidth. charge_mode = "traffic" # Bandwidth billing option. traffic indicates that the bandwidth is billed by traffic. size = "5" # Bandwidth name = var.bandwidth_name # Bandwidth name. It is input as a variable. } }
Terraform automatically identifies the dependencies between resources based on the parameter dependencies of the resources to be created and creates resources in sequence. For example, if the VPC ID is referenced during subnet creation, Terraform creates the VPC before creating the subnet.
- Edit the variables.tf file and configure the input variables of the network child module.
variable "vpc_name" { default = "tf-vpc" } variable "subnet_name" {} variable "swr_vpcep_service_id" {} variable "obs_vpcep_service_id" {} variable "sg_name" {} variable "bandwidth_name" {}
The variables in the variables.tf file are the variables configured in the resources created in the previous step. Values can be transferred through the parent module. If the parent module does not transfer values, you can configure the default values, for example, vpc_name.
- Edit the outputs.tf file to configure the output variables returned from the network child module to the upper-level module.
# ID of the created IPv4 subnet. It is referenced when the CCI network resources are created. output "subnet_ipv4_id" { value = huaweicloud_vpc_subnet.subnet.ipv4_subnet_id } # ID of the created security group. It is referenced when the CCI network resources are created. output "sg_id" { value = huaweicloud_networking_secgroup.secgroup.id } # ID of the created VPC. It is referenced when the ELB resources are created. output "vpc_id" { value = huaweicloud_vpc.vpc.id } # ID of the assigned EIP. It is referenced when the ELB resources are created. output "eip_id" { value = huaweicloud_vpc_eip.eip.id } # Assigned IPv4 EIP. output "eip_address" { value = huaweicloud_vpc_eip.eip.address }
The output in the child module indicates the values returned to the upper-level module. The values can be printed on the terminal by the root module as required. Child modules at the same level can also reference the returned values.
For example, the upper-level module of the network child module is the root module. After the outputs.tf file of the root module references the output variables, the application is executed, and the corresponding information is printed on the terminal. In addition, the output variables of the network child module can be referenced by the CCI child module. For example, the IPv4 subnet ID can be referenced by the CCI child module as the subnet parameter of the network resource object.
- Edit the main.tf file to add a VPC, subnet, VPC endpoint for SWR, VPC endpoint for OBS, security group, security group rule, and EIP.
- Edit the configuration files for the ELB child module (modules/elb).
- Edit the main.tf file to create a dedicated load balancer, listener, and backend server group (pool).
terraform { required_providers { huaweicloud = { source = "huaweicloud/huaweicloud" version = ">= 1.36.0" } } } # 1. Create a load balancer. resource "huaweicloud_elb_loadbalancer" "elb" { name = var.elb_name # Load balancer name. It is input as a variable. vpc_id = var.vpc_id # ID of the VPC where the load balancer is. It is input as a variable and is the VPC ID generated by the network child module. ipv4_subnet_id = var.ipv4_subnet_id # ID of the IPv4 subnet where the load balancer is. It is input as a variable and is the IPv4 subnet ID generated by the network child module. l4_flavor_id = var.l4_flavor_id # ID of the network load balancing flavor. It is input as a variable and can be obtained from the flavors available at the corresponding site. l7_flavor_id = var.l7_flavor_id # ID of the application load balancing flavor. It is input as a variable and can be obtained from the flavors available at the corresponding site. availability_zone = [ # List of AZs where the load balancer is. If disaster recovery is required, you are advised to select at least two AZs. "ap-southeast-3a", "ap-southeast-3b", ] ipv4_eip_id = var.eip_id # ID of the EIP bound to the load balancer. It is input as a variable and is the EIP ID generated by the network child module. } # 2. Create an HTTP listener. resource "huaweicloud_elb_listener" "listener" { name = var.listener_name # Listener name. It is input as a variable. protocol = "HTTP" # Listener's protocol protocol_port = var.listener_protocol_port # Listener's port loadbalancer_id = huaweicloud_elb_loadbalancer.elb.id # ID of the load balancer that the listener is added to, which is the ID returned when the load balancer is created. } # 3. Create a backend server group. resource "huaweicloud_elb_pool" "pool" { name = var.pool_name # Name of the backend server group. It is input as a variable. protocol = "HTTP" # Backend protocol of the backend server group. If the listener uses HTTP, this parameter must be set to HTTP. lb_method = "ROUND_ROBIN" # Load balancing algorithm of the backend server group. The weighted round robin algorithm is used in this example. listener_id = huaweicloud_elb_listener.listener.id # ID of the listener associated with the backend server group, which is the ID returned when the listener is created. vpc_id = var.vpc_id # ID of the VPC where the backend server group is, which is the ID of the VPC created by the network child module. type = "instance" # Type of the backend server group. instance indicates that any backend server group type is allowed. }
Terraform automatically identifies the dependencies between resources based on the parameter dependencies of the resources to be created and creates resources in sequence. For example, if the EIP ID of the network child module is referenced during the load balancer creation, Terraform assigns an EIP for the network child module before creating the load balancer of the ELB child module.
- Edit the variables.tf file and configure the input variables of the network child module.
variable "vpc_id" {} variable "ipv4_subnet_id" {} variable "elb_name" {} variable "l4_flavor_id" {} variable "l7_flavor_id" {} variable "eip_id" {} variable "listener_name" {} variable "pool_name" {} variable "listener_protocol_port" {}
The variables in the variables.tf file are the variables configured in the resources created in 3.a. Values can be transferred through the parent module. If the parent module does not transfer values, you can configure the default values.
- Edit the outputs.tf file to configure the output variables returned from the network child module to the upper-level module.
# ID of the created backend server group. It is referenced when the CCI PoolBinding is created. output "pool_id" { value = huaweicloud_elb_pool.pool.id }
The output in the child module indicates the values returned to the upper-level module. The values can be printed on the terminal by the root module as required. Child modules at the same level can also reference the returned values.
For example, the upper-level module of the ELB child module is the root module. After the outputs.tf file of the root module references the output variables, the application is executed, and the corresponding information is printed on the terminal. In addition, the output variables of the ELB child module can be referenced by the CCI child module. For example, the backend server group ID can be referenced by the CCI child module as the subnet parameter of the PoolBinding resource object.
- Edit the main.tf file to create a dedicated load balancer, listener, and backend server group (pool).
- Edit the configuration files of the CCI child module (modules/cci).
- Edit the main.tf file to create a namespace, network, Deployment, and PoolBinding.
terraform { required_providers { huaweicloud = { source = "huaweicloud/huaweicloud" version = ">= 1.36.0" } } } # 1. Create a namespace. resource "huaweicloud_cciv2_namespace" "ns" { name = var.ns_name # Namespace name. It is input as a variable. } # 2. Create a network. resource "huaweicloud_cciv2_network" "network" { name = var.network_name # Network name. It is input as a variable. namespace = var.ns_name # Name of the namespace where the network is located. It is input as a variable. annotations = { "yangtse.io/project-id" = var.project_id # Project ID. It is input as a variable. "yangtse.io/domain-id" = var.domain_id # Account ID. It is input as a variable. } subnets { subnet_id = var.subnet_ipv4_id # IPv4 subnet ID. It is input as a variable and is the IPv4 subnet ID generated by the network child module. } security_group_ids = var.sg_ids # Security group ID, which is the security group ID generated by the network child module. # Display the dependency between the declaration and the namespace. depends_on = [huaweicloud_cciv2_namespace.ns] } # 3. Create a Deployment. resource "huaweicloud_cciv2_deployment" "deploy" { namespace = var.ns_name # Name of the namespace where the Deployment is located. It is input as a variable. name = var.deploy_name # Deployment name. It is input as a variable. replicas = var.replica # Number of Deployment replicas. It is input as a variable. selector { match_labels = { app = var.deploy_name # Label of the specified selector. It is user-defined and is input as a variable. } } template { metadata { labels = { app = var.deploy_name # Label. It is user-defined and is input as a variable. } } spec { containers { name = "container1" image = var.image_address # Container image path. It is user-defined and is input as a variable. In this example, the nginx image is used. resources { limits = { cpu = "1" memory = "2G" } requests = { cpu = "1" memory = "2G" } } } image_pull_secrets { name = "imagepull-secret" } } } # Display the dependency between the declaration and network. depends_on = [huaweicloud_cciv2_network.network] } # 4. Create a PoolBinding and associate it with the created Deployment. resource "huaweicloud_cciv2_pool_binding" "binding" { name = var.pool_binding_name # PoolBinding name. It is input as a variable. namespace = var.ns_name # Name of the namespace where the PoolBinding is located. It is input as a variable. pool_ref { id = var.pool_id # ID of the associated backend server group. It is input as a variable and is the backend server group ID generated by the ELB child module. } target_ref { group = "cci/v2" # Associated backend server group kind = "Deployment" # Type of the backend object name = var.deploy_name # Name of the Deployment associated as the backend object. It is input as a variable. namespace = var.ns_name # Name of the namespace where the associated backend object is located. It is input as a variable. port = var.container_port # Target port of the associated backend object. It is container port and input as a variable. } # Display the dependency between the declaration and Deployment. depends_on = [huaweicloud_cciv2_deployment.deploy] }
Terraform automatically identifies the dependencies between resources based on the parameter dependencies of the resources to be created and creates resources in sequence. If two resources have dependencies but no implicit dependencies, you can declare depends_on in the resources to specify the dependency of a feature resource, so that the creation time of the feature resource is later than that of the dependent resource. For example, the network needs to be created after the namespace. However, the parameter for creating the network do not reference the parameter of the created namespace. Therefore, you can declare depends_on to explicitly specify the dependency between the network and namespace.
- Edit the variables.tf file and configure the input variables of the CCI child module.
variable "ns_name" {} variable "network_name" {} variable "project_id" {} variable "domain_id" {} variable "sg_ids" { type = list(string) } variable "subnet_ipv4_id" {} variable "deploy_name" {} variable "replica" { type = number } variable "image_address" {} variable "pool_binding_name" {} variable "container_port" {} variable "pool_id" {}
The variables in the variables.tf file are the variables configured in the resources created in 4.a. Values can be transferred through the parent module. If the parent module does not transfer values, you can configure the default values.
- Edit the main.tf file to create a namespace, network, Deployment, and PoolBinding.
- Edit the configuration file of the root module.
- Edit the main.tf file and configure the network, ELB, and CCI child modules.
terraform { required_providers { huaweicloud = { source = "huaweicloud/huaweicloud" version = ">= 1.36.0" } } } # CCI child module module "cci" { # Declare the path of the CCI child module. source = "./cci" # Input variables involved in the CCI child module. They are referenced as the output values of the root module or other child modules. ns_name = var.ns_name network_name = var.network_name sg_ids = [module.vpc.sg_id] subnet_ipv4_id = module.vpc.subnet_ipv4_id project_id = var.project_id domain_id = var.domain_id deploy_name = var.deploy_name replica = var.replica image_address = var.image_address pool_binding_name = var.pool_binding_name pool_id = module.elb.pool_id container_port = var.container_port # Display the dependency between the CCI child module and the ELB child module. depends_on = [module.elb] } # Network child module module "vpc" { # Declare the path of the network child module. source = "./vpc" # Input variables involved in the network child module. They are referenced as the output values of the root module or other child modules. vpc_name = var.vpc_name subnet_name = var.subnet_name swr_vpcep_service_id = var.swr_vpcep_service_id obs_vpcep_service_id = var.obs_vpcep_service_id sg_name = var.sg_name bandwidth_name = var.bandwidth_name } # ELB child module module "elb" { # Declare the path of the ELB child module. source = "./elb" # Input variables involved in the ELB child module. They are referenced as the output values of the root module or other child modules. elb_name = var.elb_name l4_flavor_id = var.l4_flavor_id l7_flavor_id = var.l7_flavor_id vpc_id = module.vpc.vpc_id ipv4_subnet_id = module.vpc.subnet_ipv4_id listener_name = var.listener_name pool_name = var.pool_name eip_id = module.vpc.eip_id listener_protocol_port = var.listener_protocol_port } - Edit the variables.tf file and configure the input variables of the root module.
# Input variables involved in the CCI child module # Namespace name variable "ns_name" { default = "tf-ns" } # Network name variable "network_name" { default = "tf-network" } # Project ID variable "project_id" { default = "0582xxxxxxxxxxxxxxxxxxxxxxxxdb94" } # Account ID variable "domain_id" { default = "0560xxxxxxxxxxxxxxxxxxxxxxxxa060" } # Deployment name variable "deploy_name" { default = "tf-deploy" } # Number of Deployment replicas variable "replica" { type = number default = "1" } # Image path of the Deployment container variable "image_address" { default = "library/nginx:stable-alpine-perl" } # PoolBinding name variable "pool_binding_name" { default = "tf-binding" } # Port of the Deployment container. The nginx image is used in this example, and the default port is 80. variable "container_port" { default = "80" } # Input variables involved in the network child module # VPC name variable "vpc_name" { default = "tf-cci-vpc" } # Subnet name variable "subnet_name" { default = "tf-cci-subnet" } # ID of the VPC endpoint service for SWR variable "swr_vpcep_service_id" { default = "005axxxx-xxxx-xxxx-xxxx-xxxx019eb5c6" } # ID of the VPC endpoint service for OBS variable "obs_vpcep_service_id" { default = "a372xxxx-xxxx-xxxx-xxxx-xxxx8fb2e98f" } # Security group name variable "sg_name" { default = "tf-sg" } # Bandwidth name variable "bandwidth_name" { default = "tf-bandwidth" } # Input variables involved in the ELB child module # Load balancer name variable "elb_name" { default = "tf-elb" } # Layer-4 flavor ID of the load balancer variable "l4_flavor_id" { default = "7699xxxx-xxxx-xxxx-xxxx-xxxxf76a3dc4" } # Layer-7 flavor ID of the load balancer variable "l7_flavor_id" { default = "47b9xxxx-xxxx-xxxx-xxxx-xxxxd3e73e26" } # Listener name variable "listener_name" { default = "tf-listener" } # Backend server group name variable "pool_name" { default = "tf-pool" } # Listener's port variable "listener_protocol_port" { default = "8080" }
Variables in the variables.tf file of the root module are external input variables involved in the child modules and are transferred to the child modules through the parent module. In the example, default values are configured. If no external input is set when you run the terraform apply command, the default values are used.
- Edit the outputs.tf file to configure the output variables. In this example, only the IPv4 EIP is displayed. You can define other output variables.
# IPv4 EIP output "eip_address" { value = module.vpc.eip_address }
The output in the root module indicates the information that needs to be printed on the terminal.
- Edit the main.tf file and configure the network, ELB, and CCI child modules.
- Deploy the application.
- Run the following command in the demo project to perform initialization:
terraform init
If the following command output is displayed, Huawei Cloud Provider will be downloaded and installed when you run this command for the first time:
- Run the following command in the demo project to view the resources to be created:
terraform plan
Terraform printouts the resources to be created.
- Run the following command in the demo project to create resources:
terraform apply
Enter yes as prompted. If the following information is displayed, the resources have been created. You can also check whether the resources have been created on the Huawei Cloud console.
- Access the Nginx application and construct the curl command based on the IPv4 EIP displayed in the command output after the resource is created.
curl http://${eip_address}:${port}- eip_address: IPv4 EIP, which is the address displayed on the terminal after the resource is created.
- port: listener's port. If it is not specified when the resource is created, the default value configured in variables.tf in 5 is used.
If the following information is displayed, the access is successful.
- Run the following command in the demo project to perform initialization:
- Destroy resources.
Run the command below to destroy resources. By default, all resources are released.
terraform destroy
Enter yes as prompted. If the following information is displayed, all resources have been deleted. You can also check whether the resources have been deleted on the Huawei Cloud console.
Querying Resources Using Terraform
Terraform supports resource query. The following example shows how to query the specifications of the VPC endpoint service for SWR and of the load balancer through Terraform commands.
If too many resources are queried through Terraform, it is inconvenient to read and retrieve the information directly on the terminal. To improve availability, you are advised to redirect the query results to the local PC.
- Create a project, for example, demo2, and edit the main.tf file as follows:
terraform { required_providers { huaweicloud = { source = "huaweicloud/huaweicloud" version = ">= 1.20.0" } } } # Query the VPC endpoint service for SWR. data "huaweicloud_vpcep_public_services" "swr_service" { service_name = "swr" } # Display the query result of the VPC endpoint service for SWR on the terminal. output "swr_service" { value = data.huaweicloud_vpcep_public_services.swr_service } # Query the flavors supported by the load balancer at the site. data "huaweicloud_elb_flavors" "flavors" {} # Display the specifications query result on the terminal. output "all_flavors" { value = data.huaweicloud_elb_flavors.flavors } - Run the following command in the demo2 project to perform initialization:
terraform init
If the following command output is displayed, Huawei Cloud Provider will be downloaded and installed when you run this command for the first time:
- Run the following command in project demo2 to query resources:
terraform apply
The following is an example of the query result. You can select the Layer-4 and Layer-7 flavor IDs as needed.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
