A guide to creating clusters and managing infrastructure with Terraform

Terraform is one of the most popular tools for automating work with infrastructure. According to research state of DevOps in Russia 2023, it is chosen by 37% of specialists. At the same time, many DevOps engineers and system administrators continue to face problems when mastering the tool in practice. Let’s try to fix this.

My name is Alexey Volkov, I am a product manager, I am responsible for
Cloud Containers — service for managing clusters in VK Cloud. In this article I will talk about Terraform and show the algorithm for working with the tool in the cloud in the main scenarios.

Infrastructure as a Code (IaC)

Infrastructure as Code (IaC) is an automation model that involves writing code, testing it, and running it to define, deploy, update, and remove infrastructure. Following IaC principles reduces the difference between writing applications and deploying environments for them. This way you can interact with servers, databases, networks, logs and applications.

In addition to increasing convenience, this provides several advantages:

  • Reduced development costs. IaC allows you to obtain the necessary infrastructure and automatically perform individual administration tasks. This reduces the time and costs for developing, testing and releasing IT products.
  • Risk reduction. IaC allows you to check all changes in version control and, if necessary, quickly roll back to the desired version or checkpoint.
  • Increased testability. Infrastructure as Code allows you to test any changes, even small ones. Moreover, you can use static analysis and autotests to find errors.
  • Simplification of maintenance. Automation using IaC eliminates dependence on a specific specialist and allows any user from the DevOps team to initiate processes. And the declarative approach of IaC allows you to obtain any necessary resources.
  • Ensuring idempotency. With IaC, it is enough to describe the desired state of the infrastructure in code once to always get the same result. This is convenient when you need to launch dozens of identical instances: errors and inconsistencies are excluded.

There are two main IaC approaches:

  1. Declarative. The user specifies what needs to be obtained as a result. The entire algorithm of actions on the way to the final result is left to the IaC tool provider. Examples of such a provider are Terraform, Puppet.
  2. Imperative. The user determines step by step what needs to be done to achieve the desired state. Examples of tools are Ansible, DSC.

One of the most popular IaC solutions is Terraform, which they work with

37% specialists


A little about Terraform

Terraform is an Open-Source solution that allows you to create, modify and manage infrastructure in the cloud and virtual environments. It is one of the key DevOps tools that facilitates management and automation.

Terraform has several advantages over Ansible, Shell scripts, custom Go and Python scripts, and other solutions:

  • High level of abstraction. Terraform allows you to describe infrastructure at a higher level of abstraction, which makes the code more readable and understandable. Ansible, Shell and self-written scripts usually require more code and are more difficult for new developers.
  • Planning for change. Terraform allows you to view a plan for changes before applying them to avoid errors or data loss when upgrading your infrastructure. When working with Ansible, Shell and self-written scripts, there is no such function out of the box, or it is more difficult to obtain.
  • Simple state management. Terraform automatically manages the state of the infrastructure: tracks changes and saves the current state. As a result, you can quickly restore or recreate your infrastructure in the event of failures or data loss. In the case of Ansible, Shell and self-written scripts, this requires additional manipulations at the setup or use stage.
  • Extended provider support. Terraform is compatible out of the box with many cloud providers, making it easy to deploy across multiple cloud environments. In the case of Shell and self-written scripts, ensuring compatibility is more difficult.

On the platform

VK Cloud

has its own Terraform provider, which is also used for management

Cloud Containers

(cluster management service in VK Cloud).

Terraform provider VK Cloud

VK Cloud is based on OpenStack. Therefore, initially our clients used the OpenStack Terraform provider. Over time, we created our own Terraform provider, which combined the capabilities of both OpenStack and our own solution. It supports all our cloud resources: disks, VMs, key pairs, database instances and clusters, Kubernetes clusters, load balancers, networks, VPN, Shared filesystem. Thanks to this compatibility, it can be used for different scenarios.

Example: Creating a Cluster Using Terraform

Important: Before creating a cluster, you need to initialize Terraform and configure providerto plug OpenStack CLI and authenticationand also create a Terraform configuration file.

Preparing the right data sources

First, you need to select the VM type for the master nodes of the cluster. To do this we run the command OpenStack flavor list, in response to which a list of all available VM types will be displayed. Select the VM of the desired type and write down its name.

Next you need to select the K8s version with which to create a cluster. To do this, add the following lines to the configuration file:

data "vkcs_kubernetes_clustertemplates" "k8s-template-list" {}
output "k8s-version-list" {
    value = data.vkcs_kubernetes_clustertemplates.k8s-template-list.cluster_templates.*.version

After this we execute the commands

terraform refresh


terraform output k8s-version-list

after which a list of available versions of K8s will be displayed – select the one you need and write down its number.

At the next stage, you need to add data sources to the configuration file:

  • Virtual machine template for master nodes. For example:
data "vkcs_compute_flavor" "k8s-master-flavor" {
    name = "имя шаблона"

  • Cluster template. For example:
data "vkcs_kubernetes_clustertemplate" "k8s-template" {
    version = "версия K8s"

Description of the cluster configuration

At this stage, you need to add a cluster resource to the configuration file.

resource "vkcs_kubernetes_cluster" "k8s-cluster" {
  name                = "k8s-cluster"
  cluster_template_id = data.vkcs_kubernetes_clustertemplate.k8s-template.id
  master_flavor       = data.vkcs_compute_flavor.k8s-master-flavor.id
  master_count        = <количество master-узлов>
  network_id          = "<идентификатор сети>"
  subnet_id           = "<идентификатор подсети>"
  availability_zone   = "<зона доступности>"
  floating_ip_enabled = <true или false: назначить ли публичный IP-адрес для API-кластера>

Description of the configurations of one or more groups of worker nodes

The setup algorithm is described in detail


. But this is an optional step: you can create a cluster only from master nodes, and add groups of worker nodes later.

Initializing cluster creation

First, we check the correctness of the Terraform configuration file using the command terraform validate. Afterwards, you can view the planned changes and accept them by sequentially executing the commands terraform plan And terraform apply.

After this, the creation of the K8s cluster will begin.

Example: deploying an application on a Kubernetes cluster in integration with DBaaS to improve fault tolerance

For example, let’s create a network, a load balancer and a cluster in the cloud, in which we will deploy a WordPress application and add a MySQL-based database. First, run the command

terraform init

which initiates the download of all plugins described by the provider.

After downloading, run the command terraform apply, which begins creating the configuration. We go to configuration mode, where we enter the command yes: We confirm that we agree to the list of resources that Terraform intends to deploy.

For example, in our configuration we register files with descriptions of providers, network and subnet settings, database parameters, the final element in our configuration is WordPress, in which we create a balancer, Persistent volume claim, Deployment with two replicas and many other settings.

We specify most of the settings and specified parameters in the configuration files ourselves. The missing required settings can be found in your VK Cloud personal account in the “Project Settings” tab in the “API Keys” section.

After running all the commands and opening the terminal, you can see all the running processes. For example, that networks, a router, a database instance, a user and a cluster have been created and the creation of a node group begins. Only after this will WordPress be created in the Kubernetes cluster.

We return to the deployed configuration in the cloud and see that WordPress with all the accompanying elements has already risen.

There is also an IP address that you can use. To check, open it in the browser and get into the WordPress settings window – everything works correctly.

You can read more about the example in repositories.

Example: migrating manifests to Terraform provider VK Cloud

There are two main ways to migrate to a new Terraform provider:

  1. Create a new configuration for new resources. The method implies that new resources will be included in the new configuration, and the instance with the old ones will exist in parallel. This is inconvenient because you need to maintain two configurations, and resources may be duplicated.
  2. Using the import command. The method allows you to immediately transfer resources to a new configuration, so in most cases it is considered a priority.

Migration process to Terraform provider VK Cloud using the command


consists of several stages:

  1. Add an empty resource to the configuration.
  2. We execute the resource import command: terraform import vkcs_compute_instance.myWM Resource_ID.
  3. We get the configuration of the imported resource with the command terraform show.
  4. Add the configuration to the file.
  5. We check the configuration with the command terraform plan.

Let’s look at how this happens using the example of a previously created configuration. An example can be found in



To start we have:

  • migrate_to_vkcs folder with files;
  • environment variables that need to be applied to initialize;
  • main file, where the Terraform provider VK Cloud is initialized through the environment;
  • an empty instance that has a title, resource, type and instance name;
  • empty configuration.

To migrate, go to your VK Cloud personal account. The demo project has only one VM – CentOS_Basic.

In the settings we get the ID of the virtual machine.

Copy the ID and go to the console. Enter the command terraform import, add the name of the resource we want to import and the copied resource ID. We take information about the resource name from the configuration.

We run the command and receive confirmation of successful import.

Important: First you need to initialize the Terraform provider using the command terraform init.

Next, enter the command terraform showto see the configuration that exists in the cloud.

We copy the resource data and replace it in the instance.tf file. After this, we remove unnecessary elements, for example ID, metadata, tags, MAC address.

Execute the command terraform plan. We receive confirmation that the configuration matches the configuration in the cloud, that is, the virtual machine was successfully imported.

Instead of conclusions

Terraform is a “Swiss knife” that makes it easy to deploy servers, configure networks, load balancers, and other infrastructure components. Its main feature is compliance with the IaC automation model and a declarative approach to management. That is, Terraform allows you to obtain the necessary resources and infrastructure states using a few commands and clicks – this is what I showed using the example of working with the Terraform provider VK Cloud.

You can use it right now Kubernetes from VK Cloud. For testing, we are awarding new users 3,000 bonus rubles and will be glad to receive your feedback.

Stay tuned

Join the Telegram channel “Around Kubernetes”to keep up to date with news from the K8s world: regular digests, useful articles, as well as announcements of conferences and webinars.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *