Infrastructure as Code con Hikube
Hikube essendo basato su Kubernetes, potete utilizzare Terraform per gestire la vostra infrastruttura in modo dichiarativo e riproducibile. Questo approccio vi permette di versionare, testare e distribuire la vostra infrastruttura Hikube in modo automatizzato.
Configurazione
Prerequisiti
Provider Kubernetes
main.tf
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "~> 2.24"
}
kubectl = {
source = "gavinbunney/kubectl"
version = "~> 1.14"
}
}
}
provider "kubernetes" {
config_path = "~/.kube/config"
}
provider "kubectl" {
config_path = "~/.kube/config"
}
Variabili
variables.tf
variable "ssh_public_key" {
description = "Clé SSH publique pour l'accès aux VMs"
type = string
}
variable "cluster_name" {
description = "Nom du cluster Kubernetes"
type = string
default = "terraform-cluster"
}
variable "vm_name" {
description = "Nom de la machine virtuelle"
type = string
default = "terraform-vm"
}
Esempi
Distribuire un Cluster Kubernetes
kubernetes.tf
resource "kubectl_manifest" "kubernetes_cluster" {
yaml_body = yamlencode({
apiVersion = "apps.cozystack.io/v1alpha1"
kind = "Kubernetes"
metadata = {
name = var.cluster_name
namespace = "default"
}
spec = {
controlPlane = {
replicas = 2
}
nodeGroups = {
general = {
minReplicas = 1
maxReplicas = 5
instanceType = "s1.large"
ephemeralStorage = "50Gi"
roles = ["ingress-nginx"]
}
}
storageClass = "replicated"
addons = {
certManager = {
enabled = true
}
ingressNginx = {
enabled = true
hosts = [
"${var.cluster_name}.example.com"
]
}
}
}
})
}
# Récupérer le kubeconfig
data "kubernetes_secret" "cluster_kubeconfig" {
depends_on = [kubectl_manifest.kubernetes_cluster]
metadata {
name = "${var.cluster_name}-admin-kubeconfig"
namespace = "default"
}
}
# Sauvegarder le kubeconfig
resource "local_file" "kubeconfig" {
content = base64decode(
data.kubernetes_secret.cluster_kubeconfig.data["super-admin.conf"]
)
filename = "${path.module}/${var.cluster_name}-kubeconfig.yaml"
file_permission = "0600"
}
Distribuire una Macchina Virtuale
virtual-machine.tf
resource "kubectl_manifest" "virtual_machine" {
yaml_body = yamlencode({
apiVersion = "apps.cozystack.io/v1alpha1"
kind = "VirtualMachine"
metadata = {
name = var.vm_name
}
spec = {
running = true
instanceProfile = "ubuntu"
instanceType = "u1.xlarge"
systemDisk = {
size = "50Gi"
storageClass = "replicated"
}
external = true
externalMethod = "PortList"
externalPorts = [22, 80, 443]
sshKeys = [var.ssh_public_key]
cloudInit = <<-EOT
#cloud-config
users:
- name: ubuntu
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
ssh_authorized_keys:
- ${var.ssh_public_key}
package_update: true
packages:
- curl
- wget
- git
- docker.io
runcmd:
- systemctl enable docker
- systemctl start docker
- usermod -aG docker ubuntu
EOT
}
})
}
Distribuire una VM con GPU
vm-gpu.tf
resource "kubectl_manifest" "vm_gpu" {
yaml_body = yamlencode({
apiVersion = "apps.cozystack.io/v1alpha1"
kind = "VirtualMachine"
metadata = {
name = "gpu-vm"
}
spec = {
running = true
instanceProfile = "ubuntu"
instanceType = "u1.xlarge"
gpus = [
{
name = "nvidia.com/AD102GL_L40S"
}
]
systemDisk = {
size = "100Gi"
storageClass = "replicated"
}
external = true
externalMethod = "PortList"
externalPorts = [22, 8888]
sshKeys = [var.ssh_public_key]
cloudInit = <<-EOT
#cloud-config
users:
- name: ubuntu
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
package_update: true
packages:
- curl
- wget
- build-essential
runcmd:
# Installation pilotes NVIDIA
- wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-keyring_1.0-1_all.deb
- dpkg -i cuda-keyring_1.0-1_all.deb
- apt-get update
- apt-get install -y cuda-toolkit nvidia-driver-535
- nvidia-smi -pm 1
EOT
}
})
}
Distribuire PostgreSQL
postgresql.tf
resource "kubectl_manifest" "postgres" {
yaml_body = yamlencode({
apiVersion = "apps.cozystack.io/v1alpha1"
kind = "Postgres"
metadata = {
name = "terraform-postgres"
}
spec = {
external = false
size = "20Gi"
replicas = 2
storageClass = "replicated"
users = {
admin = {
password = var.postgres_password
}
}
databases = {
myapp = {
roles = {
admin = ["admin"]
}
}
}
}
})
}
variable "postgres_password" {
description = "Password for PostgreSQL admin user"
type = string
sensitive = true
}
Output e Variabili
Output utili
outputs.tf
output "cluster_kubeconfig" {
description = "Chemin vers le kubeconfig du cluster"
value = local_file.kubeconfig.filename
}
output "vm_status" {
description = "Commande pour vérifier le statut de la VM"
value = "kubectl get virtualmachine ${var.vm_name}"
}
output "postgres_connection" {
description = "Commande pour se connecter à PostgreSQL"
value = "kubectl exec -it postgres-terraform-postgres-0 -- psql -U admin -d myapp"
sensitive = true
}
File terraform.tfvars
terraform.tfvars
# Configuration de base
cluster_name = "my-prod-cluster"
vm_name = "my-app-vm"
# Votre clé SSH publique
ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQ... user@hostname"
# Mot de passe PostgreSQL
postgres_password = "your-secure-password-here"
Buone Pratiche
Struttura del progetto
hikube-terraform/
├── environments/
│ ├── dev/
│ ├── staging/
│ └── production/
├── modules/
│ ├── kubernetes/
│ ├── vm/
│ └── database/
└── shared/
├── variables.tf
└── outputs.tf
Comandi utili
# Inizializzare Terraform
terraform init
# Pianificare le modifiche
terraform plan
# Applicare la configurazione
terraform apply
# Verificare le risorse create
terraform show
# Pulire le risorse
terraform destroy