YC Kubernetes 1.24

Зональные мастера с двумя группами. Масштабируемой и фиксированной.

Создадим фолдер kubernetes и в нём три файла.

Здесь предполагается, что сеть и подсети уже созданы. Также создан SA, SG и KMS ключ.

variables.tf

variable "cloudID" { //cloud-id
  default = "b1gig0ogqtnk75jde2q8"
}

variable "folderID" { //folder-id
  default = "b1g62iqs14tk7mu0faun"
}

variable "tokenName" { //token that should be created by 'yc iam create-token'
  type    = string
  default = "t1.9euelZqczJaZzoucns_JzsiMlZWMte3rnpWazcqLj4yOkZSQnoHcnJuez5fl8PdyGgxi-e8tSkCM5fT3Mm0KXvnvLUPAjA.it-O02jXSamhoOriXKtwtl2npBUPAmyaxal9MDbJi0EANfj-gGWolV6DmG1df0BxuJ0Pr3PigzxDfVZWOWkaBQ"
}

variable "zoneName" { //default zone
    default = "ru-central1-a"
}

variable "networkID" { //default network
    default = "enpblgntu48fhohf30ml"
}

variable "subnetID" { //default subnet
    default = "e9b16nenl5a52h6o9djb"
}

variable "versionNum" { //cluster version
    default = "1.24"
}

variable "serviceAccountID" { //SA
    default = "ajedb6f0dbffqnuukokd"
}

variable "SG_ID" { //SG
    default = "enpauibqifvmvss6balo"
}

variable "KMS_ID" { //KMS key
    default = "abjesk4gh0vo91lm3ia6"
}

variable "LogID" { //Kubernetes log group
    default = "e23h969s0kq6fttqoe6v"
}

provider.tf

terraform {
  required_providers {
    yandex = {
      source = "yandex-cloud/yandex"
      version = ">=0.85"
    }
  }
}

provider "yandex" {
  token     = var.tokenName
  cloud_id  = var.cloudID
  folder_id = var.folderID
  zone      = var.zoneName
}

Кластер с cilium и KMS ключом. Логи мастера выгружаются в лог группу.

main.tf

resource "yandex_kubernetes_cluster" "k8s-zonal" {
  name        = "cam-prod"
  description = "Cameda production cluster"
  folder_id = var.folderID
  network_id = var.networkID
  cluster_ipv4_range = "10.30.0.0/16"
  service_ipv4_range = "10.31.0.0/16"
  node_ipv4_cidr_mask_size = "24"
  
  master {
    version = var.versionNum
    zonal {
      zone      = var.zoneName
      subnet_id = var.subnetID
    }
    
    public_ip = true
    security_group_ids = [var.SG_ID]
   
    maintenance_policy {
      auto_upgrade = true
      maintenance_window {
        start_time = "07:00"
        duration   = "3h"
      }
    }
    
    master_logging {
      enabled = true
      log_group_id = var.LogID
      kube_apiserver_enabled = true
      cluster_autoscaler_enabled = true
      events_enabled = true
    }
  }
  service_account_id      = var.serviceAccountID
  node_service_account_id = var.serviceAccountID
  
  labels = {
    env = "prod"
  }

  release_channel = "RAPID"
  
  #network_policy_provider = "CALICO"
  network_implementation {
    cilium {}
  }
  
  kms_provider {
    key_id = var.KMS_ID
  }
}