feat: 解决方案deploy-nginx-services-through-ingress tf文件完成

Author: Atmosphere10

solution/tech-solution/nginx-ingress/README.md

@@ -0,0 +1,45 @@
+## Introduction
+<!-- DOCS_DESCRIPTION_CN -->
+本示例用于实现解决方案[部署 Nginx 并通过 Ingress 暴露服务](https://www.aliyun.com/solution/tech-solution/nginx-ingress), 涉及到专有网络（VPC）、交换机（VSwitch）、云服务器（ECS）、 容器服务 Kubernetes（ACK）、日志服务（SLS）。
+<!-- DOCS_DESCRIPTION_CN -->
+
+<!-- DOCS_DESCRIPTION_EN -->
+This example demonstrates the implementation of the solution [Deploy Nginx and expose the service through Ingress](https://www.aliyun.com/solution/tech-solution/nginx-ingress). It involves the creation, configuration, and deployment of resources such as Virtual Private Cloud (Vpc), Virtual Switch (VSwitch), Elastic Compute Service (Ecs), Container Service for Kubernetes (ACK), and Simple Log Service (SLS).
+<!-- DOCS_DESCRIPTION_EN -->
+    
+
+<!-- BEGIN_TF_DOCS -->
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_alicloud"></a> [alicloud](#provider\_alicloud) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [alicloud_cs_kubernetes_node_pool.node_pool](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/cs_kubernetes_node_pool) | resource |
+| [alicloud_cs_managed_kubernetes.ack](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/cs_managed_kubernetes) | resource |
+| [alicloud_ram_role.role](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/ram_role) | resource |
+| [alicloud_ram_role_policy_attachment.attach](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/ram_role_policy_attachment) | resource |
+| [alicloud_vpc.vpc](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/vpc) | resource |
+| [alicloud_vswitch.vsw](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/vswitch) | resource |
+| [alicloud_ack_service.open_ack](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/data-sources/ack_service) | data source |
+| [alicloud_instance_types.default](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/data-sources/instance_types) | data source |
+| [alicloud_log_service.open_sls](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/data-sources/log_service) | data source |
+| [alicloud_ram_roles.roles](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/data-sources/ram_roles) | data source |
+| [alicloud_zones.default](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/data-sources/zones) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_ack_name"></a> [ack\_name](#input\_ack\_name) | 集群名称：The name must be 1 to 63 characters in length and can contain letters, Chinese characters, digits, and hyphens (-). | `string` | `"cluster-for-nginx-test"` | no |
+| <a name="input_common_name"></a> [common\_name](#input\_common\_name) | Common Name | `string` | `"ack-for-nginx"` | no |
+| <a name="input_region"></a> [region](#input\_region) | 地域 | `string` | `"cn-hangzhou"` | no |
+<!-- END_TF_DOCS -->

solution/tech-solution/nginx-ingress/main.tf

@@ -0,0 +1,240 @@
+# 开通sls服务
+data "alicloud_log_service" "open_sls" {
+  enable = "On"
+}
+
+# 开通ack pro
+data "alicloud_ack_service" "open_ack" {
+  enable = "On"
+  type   = "propayasgo"
+}
+
+# 查询实例实例规格
+data "alicloud_instance_types" "default" {
+  instance_type_family = "ecs.g7"
+  sorted_by            = "CPU"
+  memory_size          = "16"
+}
+
+# 查询实例规格支持的可用区
+data "alicloud_zones" "default" {
+  available_instance_type    = data.alicloud_instance_types.default.ids.0
+  available_slb_address_type = "classic_internet"
+}
+
+resource "alicloud_vpc" "vpc" {
+  cidr_block = "192.168.0.0/16"
+  vpc_name   = "${var.common_name}-vpc"
+}
+
+resource "alicloud_vswitch" "vsw" {
+  vpc_id       = alicloud_vpc.vpc.id
+  cidr_block   = "192.168.0.0/24"
+  zone_id      = data.alicloud_zones.default.ids.0
+  vswitch_name = "${var.common_name}-${data.alicloud_zones.default.ids.0}-vsw"
+}
+
+resource "alicloud_cs_managed_kubernetes" "ack" {
+  depends_on                   = [data.alicloud_log_service.open_sls, data.alicloud_ack_service.open_ack, alicloud_ram_role_policy_attachment.attach]
+  name                         = var.ack_name
+  cluster_spec                 = "ack.pro.small"
+  vswitch_ids                  = [alicloud_vswitch.vsw.id]
+  pod_vswitch_ids              = [alicloud_vswitch.vsw.id]
+  service_cidr                 = "172.16.0.0/16"
+  new_nat_gateway              = true
+  slb_internet_enabled         = false
+  is_enterprise_security_group = false
+
+  addons {
+    name = "security-inspector"
+  }
+  addons {
+    name = "terway-eniip"
+    config = jsonencode({
+      IPVlan        = "false"
+      NetworkPolicy = "false"
+      ENITrunking   = "false"
+    })
+  }
+  addons {
+    name = "csi-plugin"
+  }
+  addons {
+    name = "csi-provisioner"
+  }
+  addons {
+    name = "storage-operator"
+    config = jsonencode({
+      CnfsOssEnable = "false"
+      CnfsNasEnable = "false"
+    })
+  }
+  addons {
+    name = "logtail-ds"
+    config = jsonencode({
+      IngressDashboardEnabled = "true"
+    })
+  }
+  addons {
+    name = "nginx-ingress-controller"
+    config = jsonencode({
+      IngressSlbNetworkType = "internet"
+      IngressSlbSpec        = "slb.s2.small"
+    })
+  }
+  addons {
+    name = "ack-node-local-dns"
+  }
+  addons {
+    name = "arms-prometheus"
+  }
+  addons {
+    name = "ack-node-problem-detector"
+    config = jsonencode({
+      sls_project_name = ""
+    })
+  }
+}
+
+resource "alicloud_cs_kubernetes_node_pool" "node_pool" {
+  node_pool_name       = "${var.common_name}-nodepool"
+  cluster_id           = alicloud_cs_managed_kubernetes.ack.id
+  vswitch_ids          = [alicloud_vswitch.vsw.id]
+  instance_types       = [data.alicloud_instance_types.default.ids.0]
+  system_disk_category = "cloud_essd"
+  system_disk_size     = 40
+  desired_size         = 3
+
+  runtime_name    = "containerd"
+  runtime_version = "1.6.20"
+}
+
+# 定义本地变量，包含所有要创建的 RAM Role 及其策略
+locals {
+  cs_roles = [
+    {
+      name            = "AliyunCSManagedLogRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "集群的日志组件使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCSManagedLogRolePolicy"
+    },
+    {
+      name            = "AliyunCSManagedCmsRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "集群的CMS组件使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCSManagedCmsRolePolicy"
+    },
+    {
+      name            = "AliyunCSManagedCsiRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "集群的存储组件使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCSManagedCsiRolePolicy"
+    },
+    {
+      name            = "AliyunCSManagedCsiPluginRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "集群的存储组件使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCSManagedCsiPluginRolePolicy"
+    },
+    {
+      name            = "AliyunCSManagedCsiProvisionerRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "集群的存储组件使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCSManagedCsiProvisionerRolePolicy"
+    },
+    {
+      name            = "AliyunCSManagedVKRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "ACK Serverless集群的VK组件使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCSManagedVKRolePolicy"
+    },
+    {
+      name            = "AliyunCSServerlessKubernetesRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "集群默认使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCSServerlessKubernetesRolePolicy"
+    },
+    {
+      name            = "AliyunCSKubernetesAuditRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "集群审计功能使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCSKubernetesAuditRolePolicy"
+    },
+    {
+      name            = "AliyunCSManagedNetworkRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "集群网络组件使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCSManagedNetworkRolePolicy"
+    },
+    {
+      name            = "AliyunCSDefaultRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "集群操作时默认使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCSDefaultRolePolicy"
+    },
+    {
+      name            = "AliyunCSManagedKubernetesRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "集群默认使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCSManagedKubernetesRolePolicy"
+    },
+    {
+      name            = "AliyunCSManagedArmsRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "集群Arms插件使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCSManagedArmsRolePolicy"
+    },
+    {
+      name            = "AliyunCISDefaultRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "容器服务（CS）智能运维使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCISDefaultRolePolicy"
+    },
+    {
+      name            = "AliyunOOSLifecycleHook4CSRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"oos.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "集群扩缩容节点池依赖OOS服务，OOS使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunOOSLifecycleHook4CSRolePolicy"
+    },
+    {
+      name            = "AliyunCSManagedAutoScalerRole"
+      policy_document = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"cs.aliyuncs.com\"]}}],\"Version\":\"1\"}"
+      description     = "集群的弹性伸缩组件使用此角色来访问您在其他云产品中的资源。"
+      policy_name     = "AliyunCSManagedAutoScalerRolePolicy"
+    }
+  ]
+}
+
+// 查询RAM角色列表
+data "alicloud_ram_roles" "roles" {
+  policy_type = "Custom"
+  name_regex  = "^Aliyun.*Role$"
+}
+
+locals {
+  # 提取所有所需RAM角色name
+  all_role_names = [for role in local.cs_roles : role.name]
+  # 提取已存在的RAM角色name
+  created_role_names = [for role in data.alicloud_ram_roles.roles.roles : role.name]
+  # 计算补集：即找出还未创建的所需RAM角色
+  complement_names = setsubtract(local.all_role_names, local.created_role_names)
+  # 待创建的RAM角色
+  complement_roles = [for role in local.cs_roles : role if contains(local.complement_names, role.name)]
+}
+
+// 创建角色。
+resource "alicloud_ram_role" "role" {
+  for_each                    = { for r in local.complement_roles : r.name => r }
+  role_name                   = each.value.name
+  assume_role_policy_document = each.value.policy_document
+  description                 = each.value.description
+}
+
+// 角色关联系统权限。
+resource "alicloud_ram_role_policy_attachment" "attach" {
+  for_each    = { for r in local.complement_roles : r.name => r }
+  policy_name = each.value.policy_name
+  policy_type = "System"
+  role_name   = each.value.name
+  depends_on  = [alicloud_ram_role.role]
+}

solution/tech-solution/nginx-ingress/output.tf

@@ -0,0 +1,3 @@
+output "ack_cluster_id" {
+  value = alicloud_cs_managed_kubernetes.ack.id
+}

solution/tech-solution/nginx-ingress/provider.tf

@@ -0,0 +1,3 @@
+provider "alicloud" {
+  region = var.region
+}

solution/tech-solution/nginx-ingress/variable.tf

@@ -0,0 +1,17 @@
+variable "region" {
+  description = "地域"
+  type        = string
+  default     = "cn-hangzhou"
+}
+
+variable "ack_name" {
+  description = "集群名称：The name must be 1 to 63 characters in length and can contain letters, Chinese characters, digits, and hyphens (-)."
+  type        = string
+  default     = "cluster-for-nginx-test"
+}
+
+variable "common_name" {
+  description = "Common Name"
+  type        = string
+  default     = "ack-for-nginx"
+}