Technical

Terraform-ing Resources on Alibaba Cloud

Posted on by boy.suganda

Overview

Terraform is an open-source tool to do Infrastructure as a code.

It means that we will create resources by using this tool.

In this article, we are going to use Terraform to manage resources.

Let’s create the scenario, we want to create resources with this specifications.

  • 1 VPC
  • 1 Public Subnet (vSwitch)
  • 1 Private Subnet (vSwitch which mounted to 1 NAT Gateway
  • 1 Autoscaling Group on private subnet
    – minSize 2 instances
    – maxSize 5 instances
    – scalingRule > 40% for CPU usage

To create these resources, we required AccessKey, SecretKey, and Terraform.

Implementation

Now, let’s start creating the resources.

We will create VPC first.

resource "alicloud_vpc" "vpc" {
  vpc_name   = "vpc-test"
  cidr_block = "192.168.0.0/16"
}

Then, we will create vSwitches to split the public and private subnet.

resource "alicloud_vswitch" "vswprivate" {
  vswitch_name      = "test-private"
  vpc_id            = alicloud_vpc.vpc.id
  cidr_block        = "192.168.0.0/24"
  zone_id           = "ap-southeast-5a"
}

resource "alicloud_vswitch" "vswpublic" {
  vswitch_name      = "test-public"
  vpc_id            = alicloud_vpc.vpc.id
  cidr_block        = "192.168.1.0/24"
  zone_id           = "ap-southeast-5a"
}

Next. we need to add security group to provide the options when creating the instances.

resource "alicloud_security_group" "sgtest" {
  name   = "sg-test"
  vpc_id = alicloud_vpc.vpc.id
}

And dont forget to attach our private vSwitch to NAT gateway so that it can access the internet.

resource "alicloud_nat_gateway" "natprivate" {
  depends_on           = [alicloud_vswitch.vswprivate]
  vpc_id               = alicloud_vpc.vpc.id
  specification        = "Small"
  nat_gateway_name     = "nat-private"
  payment_type         = "PayAsYouGo"
  vswitch_id           = alicloud_vswitch.vswprivate.id
  nat_type             = "Enhanced"
}

Since NAT Gateway have no EIP yet to associate with, we will need to add the EIP.

resource "alicloud_eip_address" "eip" {
}

resource "alicloud_eip_association" "eip_asso" {
  allocation_id = alicloud_eip_address.eip.id
  instance_id   = alicloud_nat_gateway.natprivate.id
}

I want to define ess_name with variable, but it can be optional based on your requirement.

variable "ess_name" {
  default = "essscalingconfig"
}

For the specifications, we want to use specifications like 1vCPU(s) and 4 GBs memory. 

data "alicloud_instance_types" "in_types" {
  availability_zone = "ap-southeast-5a"
  cpu_core_count    = 1
  memory_size       = 2
}

Also, define the image that we use.

data "alicloud_images" "img_list" {
  name_regex  = "^centos_7_9.*64"
  most_recent = true
  owners      = "system"
}

After that, we will create config to add scaling group, scaling rule, and alarm.

resource "alicloud_ess_scaling_group" "ess_group" {
  min_size           = 2
  max_size           = 5
  scaling_group_name = "${var.ess_name}"
  removal_policies   = ["OldestInstance", "NewestInstance"]
  vswitch_ids        = ["${alicloud_vswitch.vswprivate.id}"]
}

resource "alicloud_ess_scaling_configuration" "default" {
  scaling_group_id  = "${alicloud_ess_scaling_group.ess_group.id}"
  image_id          = "${data.alicloud_images.img_list.images.0.id}"
  instance_type     = "${data.alicloud_instance_types.in_types.instance_types.0.id}"
  security_group_id = "${alicloud_security_group.sgtest.id}"
  force_delete      = true
  active            = true
}

resource "alicloud_ess_scaling_rule" "ess_rule" {
  scaling_group_id          = "${alicloud_ess_scaling_group.ess_group.id}"
  metric_name               = "CpuUtilization"
  target_value              = 40
  scaling_rule_type         = "SimpleScalingRule"
  adjustment_type           = "QuantityChangeInCapacity"
  adjustment_value          = 1
}

resource "alicloud_ess_alarm" "ess_alarm" {
  name                = "tf-Autoscaling"
  description         = "Alarming Autoscaling"
  alarm_actions       = ["${alicloud_ess_scaling_rule.ess_rule.ari}"]
  scaling_group_id    = "${alicloud_ess_scaling_group.ess_group.id}"
  metric_type         = "system"
  metric_name         = "CpuUtilization"
  period              = 60
  statistics          = "Average"
  threshold           = 40
  comparison_operator = ">="
  evaluation_count    = 2
}

As you can see above, from the config we will create resource Autoscaling Group with minSize=2, maxSize=5, it will trigger alert and scale the resource when the thresold on 40% of CPU Utilization.

The config will be merged in one file called main.tf.

We also need to add another file called provider.tf, but just fill the file with this config

provider "alicloud" {
}

Because we use export AccessKeyID, AccessKeySecret directly from terminal.

And you can add version.tf to decide what version that you use for the terraform (based on compatibility)

terraform {
  required_version = ">= 0.12"
}

So the last thing that you need is only executing by

$ terragrunt apply

Attachments

Directory structure

Export access key and secret key

vSwitch Resources

NAT to private vSwitch

Auto Scaling Group configurations

Auto Scaling rule

Event Triggered Task

Published by boy.suganda

My name is Boy Suganda Sinaga. I worked as Site Reliability Engineer (SRE) at Shipper Indonesia. I'm still developing my skill, both hard-skill and soft-skill. Let's work together, to bring better future for others.

You might also like

KKSI 2019: Road to Final
May 25, 2020
[Certification] Apsara Clouder – Implement Blue-Green Deployment with Container Service
May 27, 2020
Using Alibaba Cloud KMS to Simulate Data Encryption
March 13, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *