如何在禁用了堆栈驱动程序的情况下使用Terraform配置自动修复和自动扩展的Google Cloud Kubernetes集群

Question

我正在阅读this博客，内容是为个人项目设置负担得起的Kubernetes集群，并设置我的集群。

问题是，随着时间的流逝，我倾向于忘记很多手动配置，因此我决定使用Terraform将其存储在声明性代码中。

我设法构建了以下配置，并将其应用：

std::less

问题是，两个集群的配置略有不同，这是我需要添加到配置中的内容：

• Stackdriver Logging：当前已启用，必须禁用 。
• Stackdriver Monitoring：当前已启用，必须禁用 。
• 自动节点升级：当前已禁用，必须启用 。
• 自动节点修复：当前已禁用，必须启用 。

我在google_container_cluster资源的文档中找不到配置选项。我该怎么设置这些选项？

Answer 1

我找到了选项：

• Stackdriver日志记录：在google_container_cluster下称为logging_service
• 堆栈驱动程序监视：在google_container_cluster下称为monitoring_service
• 自动节点升级：在container_node_pool下称为management.auto_upgrade
• 节点自动修复：在container_node_pool下称为management.auto_repair

不幸的是，container_node_pool选项不适用于使用群集创建的默认池，因此，我发现一种解决方法是删除默认池，然后将完全配置的节点池添加到群集。 / p>

这是最终的配置：

/* This configuration sets up a Kubernetes Cluster following
   https://www.doxsey.net/blog/kubernetes--the-surprisingly-affordable-platform-for-personal-projects

   Confession: there's a minor difference between the article and my config, the
   former created a Cluster and configured the default node pool, however the options
   for doing this via the API are limited, so my configuration creates an empty
   default node pool for the cluster, and the creates and adds a fully configured
   one on top
    */

provider "google" {
  credentials = "${file("secret-account.json")}"
  project     = "worklark-218609"
  zone        = "us-central1-a"
}

# Node pool configuration
resource "google_container_node_pool" "primary_pool" {
  name       = "worklark-node-pool"
  cluster    = "${google_container_cluster.primary.name}"
  node_count = 3

  node_config {
    machine_type = "f1-micro"
    disk_size_gb = 10         # Set the initial disk size
    preemptible  = true
  }

  management {
    auto_repair  = true
    auto_upgrade = true
  }
}

# configuration
resource "google_container_cluster" "primary" {
  name               = "worklark-cluster"
  logging_service    = "none"
  monitoring_service = "none"

  addons_config {
    kubernetes_dashboard {
      disabled = false # Configure the Kubernetes dashboard
    }

    http_load_balancing {
      disabled = false # Configure the Kubernetes dashboard
    }
  }

  remove_default_node_pool = "true"

  node_pool {
    name = "default-pool"
  }
}

resource "google_compute_firewall" "default" {
  name        = "http-https"
  network     = "${google_container_cluster.primary.network}"
  description = "Enable HTTP and HTTPS access"

  direction = "INGRESS"

  allow {
    protocol = "tcp"
    ports    = ["80", "443"]
  }
}