如何使用Pulumi管理DigitalOcean和Kubernetes基础架构

最新推荐文章于 2024-07-07 16:50:38 发布

cukw6666

最新推荐文章于 2024-07-07 16:50:38 发布

阅读量711

点赞数

文章标签： python linux java 数据库 docker

原文链接：https://www.digitalocean.com/community/tutorials/how-to-manage-digitalocean-and-kubernetes-infrastructure-with-pulumi

版权

The author selected the Diversity in Tech Fund to receive a donation as part of the Write for DOnations program.

作者选择了“技术多元化”基金来接受捐赠，这是Write for DOnations计划的一部分。

介绍 (Introduction)

Pulumi is a tool for creating, deploying, and managing infrastructure using code written in general purpose programming languages. It supports automating all of DigitalOcean’s managed services—such as Droplets, managed databases, DNS records, and Kubernetes clusters—in addition to application configuration. Deployments are performed from an easy-to-use command-line interface that also integrates with a wide variety of popular CI/CD systems.

Pulumi是使用通用编程语言编写的代码创建，部署和管理基础结构的工具。除应用程序配置外，它还支持自动化DigitalOcean的所有托管服务，例如Droplet，托管数据库，DNS记录和Kubernetes群集。通过易于使用的命令行界面进行部署，该界面还与各种流行的CI / CD系统集成。

Pulumi supports multiple languages but in this tutorial you will use TypeScript, a statically typed version of JavaScript that uses the Node.js runtime. This means you will get IDE support and compile-time checking that will help to ensure you’ve configured the right resources, used correct slugs, etc., while still being able to access any NPM modules for utility tasks.

Pulumi支持多种语言，但是在本教程中，您将使用TypeScript ，它是使用Node.js运行时的JavaScript的静态类型。这意味着您将获得IDE支持和编译时检查，这将有助于确保您配置了正确的资源，使用了正确的子弹等，同时仍然能够访问任何NPM模块来执行实用程序任务。

In this tutorial, you will provision a DigitalOcean Kubernetes cluster, a load balanced Kubernetes application, and a DigitalOcean DNS domain that makes your application available at a stable domain name of your choosing. This can all be provisioned in 60 lines of infrastructure-as-code and a single pulumi up command-line gesture. After this tutorial, you’ll be ready to productively build powerful cloud architectures using Pulumi infrastructure-as-code that leverages the full surface area of DigitalOcean and Kubernetes.

在本教程中，您将提供一个DigitalOcean Kubernetes集群，一个负载平衡的Kubernetes应用程序和一个DigitalOcean DNS域，该域可以使您的应用程序以您选择的稳定域名提供。所有这些都可以通过60行基础架构代码和一个单一的pulumi up命令行手势进行配置。学习完本教程后，您将准备使用Pulumi基础架构代码有效地构建强大的云架构，该基础架构利用了DigitalOcean和Kubernetes的整个表面积。

先决条件 (Prerequisites)

To follow this tutorial, you will need:

要遵循本教程，您将需要：

A DigitalOcean Account to deploy resources to. If you do not already have one, register here.
一个用于部署资源的DigitalOcean帐户。如果您还没有，请在这里注册。
A DigitalOcean API Token to perform automated deployments. Generate a personal access token here and keep it handy as you’ll use it in Step 2.
用于执行自动部署的DigitalOcean API令牌。在此处生成一个个人访问令牌，并在步骤2中使用它时方便使用。
Because you’ll be creating and using a Kubernetes cluster, you’ll need to install kubectl. Don’t worry about configuring it further — you’ll do that later.
因为您将要创建和使用Kubernetes集群，所以需要安装kubectl 。不用担心进一步配置它-稍后再做。
You will write your infrastructure-as-code in TypeScript, so you will need Node.js 8 or later. Download it here or install it using your system’s package manager.
您将使用TypeScript编写基础结构代码，因此需要Node.js 8或更高版本。在此处下载或使用系统的软件包管理器进行安装。
You’ll use Pulumi to deploy infrastructure, so you’ll need to install the open source Pulumi SDK.
您将使用Pulumi来部署基础结构，因此您需要安装开源Pulumi SDK 。
To perform the optional Step 5, you will need a domain name configured to use DigitalOcean nameservers. This guide explains how to do this for your registrar of choice.
要执行可选的步骤5，您将需要配置一个域名以使用DigitalOcean名称服务器。本指南说明了如何为您选择的注册商执行此操作。

第1步-搭建新项目 (Step 1 — Scaffolding a New Project)

The first step is to create a directory that will store your Pulumi project. This directory will contain the source code for your infrastructure definitions, in addition to metadata files describing the project and its NPM dependencies.

第一步是创建一个目录，该目录将存储您的Pulumi项目。除了描述项目及其NPM依赖项的元数据文件之外，该目录还将包含基础结构定义的源代码。

First, create the directory:

首先，创建目录：

mkdir do-k8s
mkdir do-k8s

Next, move in to the newly created directory:

接下来，进入新创建的目录：

cd do-k8s
cd do-k8s

From now on, run commands from your newly created do-k8s directory.

从现在开始，从新创建的do-k8s目录中运行命令。

Next, create a new Pulumi project. There are different ways to accomplish this, but the easiest way is to use the pulumi new command with the typescript project template. This command will first prompt you to log in to Pulumi so that your project and deployment state are saved, and will then create a simple TypeScript project in the current directory:

接下来，创建一个新的Pulumi项目。有不同的方式来做到这一点，但最简单的方法是使用pulumi new命令和typescript项目模板。此命令将首先提示您登录Pulumi，以便保存您的项目和部署状态，然后将在当前目录中创建一个简单的TypeScript项目：

pulumi new typescript -y
pulumi新打字稿-y

Here you have passed the -y option to the new command which tells it to accept default project options. For example, the project name is taken from the current directory’s name, and so will be do-k8s. If you’d like to use different options for your project name, simply elide the -y.

在这里，您已经将-y选项传递给了new命令，该命令告诉它接受默认项目选项。例如，项目名称取自当前目录的名称， do-k8s 。如果您想为项目名称使用其他选项，只需省略-y 。

After running the command, list the contents of the directory with ls:

运行命令后，使用ls列出目录的内容：

ls
ls

The following files will now be present:

现在将出现以下文件：


   
   
    
    Output
   
   Pulumi.yaml       index.ts          node_modules
package-lock.json package.json      tsconfig.json

The primary file you’ll be editing is index.ts. Although this tutorial only uses this single file, you can organize your project any way you see fit using Node.js modules. This tutorial also describes one step at a time, leveraging the fact that Pulumi can detect and incrementally deploy only what has changed. If you prefer, you can just populate the entire program, and deploy it all in one go using pulumi up.

您将要编辑的主要文件是index.ts 。尽管本教程仅使用单个文件，但是您可以使用Node.js模块以适合您的任何方式组织项目。本教程还利用Pulumi仅能检测和增量部署已更改的事实，一次描述一个步骤。如果愿意，您可以填充整个程序，然后使用pulumi up一次全部部署。

Now that you’ve scaffolded your new project, you are ready to add the dependencies needed to follow the tutorial.

既然已经完成了新项目的脚手架，那么您就可以添加遵循本教程所需的依赖项了。

第2步-添加依赖项 (Step 2 — Adding Dependencies)

The next step is to install and add dependencies on the DigitalOcean and Kubernetes packages. First, install them using NPM:

下一步是在DigitalOcean和Kubernetes软件包上安装并添加依赖项。首先，使用NPM安装它们：

npm install @pulumi/digitalocean @pulumi/kubernetes
npm安装@ pulumi / digitalocean @ pulumi / kubernetes

This will download the NPM packages, Pulumi plugins, and save them as dependencies.

这将下载NPM软件包，Pulumi插件，并将它们另存为依赖项。

Next, open the index.ts file with your favorite editor. This tutorial will use nano:

接下来，使用您喜欢的编辑器打开index.ts文件。本教程将使用nano：

nano index.ts
纳米指数

Replace the contents of your index.ts with the following:

用以下内容替换index.ts的内容：

index.ts

索引

import * as digitalocean from "@pulumi/digitalocean";
import * as kubernetes from "@pulumi/kubernetes";

This makes the full contents of these packages available to your program. If you type "digitalocean." using an IDE that understands TypeScript and Node.js, you should see a list of DigitalOcean resources supported by this package, for instance.

这使这些程序包的全部内容可用于您的程序。如果键入"digitalocean." 例如，使用了解TypeScript和Node.js的IDE，您应该看到此程序包支持的DigitalOcean资源列表。

Save and close the file after adding the content.

添加内容后，保存并关闭文件。

Note: We will be using a subset of what’s available in those packages. For complete documentation of resources, properties, and associated APIs, please refer to the relevant API documentation for the @pulumi/digitalocean and @pulumi/kubernetes packages.

注意：我们将使用这些软件包中可用的子集。有关资源，属性和关联的API的完整文档，请参阅@pulumi/digitalocean和@pulumi/kubernetes软件包的相关API文档。

Next, you will configure your DigitalOcean token so that Pulumi can provision resources in your account:

接下来，您将配置DigitalOcean令牌，以便Pulumi可以在您的帐户中配置资源：

pulumi config set digitalocean:token YOUR_TOKEN_HERE --secret
pulumi config set digitalocean：token YOUR_TOKEN_HERE --secret

Notice the --secret flag, which uses Pulumi’s encryption service to encrypt your token, ensuring that it is stored in cyphertext. If you prefer, you can use the DIGITALOCEAN_TOKEN environment variable instead, but you’ll need to remember to set it every time you update your program, whereas using configuration automatically stores and uses it for your project.

请注意--secret标志，该标志使用Pulumi的加密服务来加密您的令牌，确保将其存储在密文中。如果愿意，可以改用DIGITALOCEAN_TOKEN环境变量，但是您需要记住，每次更新程序时都要进行设置，而使用配置会自动将其存储并用于项目。

In this step you added the necessary dependencies and configured your API token with Pulumi so that you can provision your Kubernetes cluster.

在这一步中，您添加了必要的依赖关系，并使用Pulumi配置了API令牌，以便可以配置Kubernetes集群。

第3步—设置Kubernetes集群 (Step 3 — Provisioning a Kubernetes Cluster)

Now you’re ready to create a DigitalOcean Kubernetes cluster. Get started by reopening the index.ts file:

现在，您准备创建DigitalOcean Kubernetes集群。通过重新打开index.ts文件开始：

nano index.ts
纳米指数

Add these lines at the end of your index.ts file:

将这些行添加到index.ts文件的末尾：

index.ts

索引

...
const cluster = new digitalocean.KubernetesCluster("do-cluster", {
    region: digitalocean.Regions.SFO2,
    version: "latest",
    nodePool: {
        name: "default",
        size: digitalocean.DropletSlugs.DropletS2VPCU2GB,
        nodeCount: 3,
    },
});

export const kubeconfig = cluster.kubeConfigs[0].rawConfig;

This new code allocates an instance of digitalocean.KubernetesCluster and sets a number of properties on it. This includes using the sfo2 region slug, the latest supported version of Kubernetes, the s-2vcpu-2gb Droplet size slug, and states your desired count of three Droplet instances. Feel free to change any of these, but be aware that DigitalOcean Kubernetes is only available in certain regions at the time of this writing. You can refer to the product documentation for updated information about region availability.

此新代码分配了digitalocean.KubernetesCluster实例，并在其上设置了许多属性。这包括使用sfo2 区域slug ， sfo2的latest受支持版本， s-2vcpu-2gb Droplet大小slug ，并说明您希望的三个Droplet实例的数量。可以随意更改其中的任何一个，但请注意，在撰写本文时，DigitalOcean Kubernetes仅在某些地区可用。您可以参考产品文档以获取有关区域可用性的更新信息。

For a complete list of properties you can configure on your cluster, please refer to the KubernetesCluster API documentation.

有关您可以在集群上配置的属性的完整列表，请参考KubernetesCluster API文档。

The final line in that code snippet exports the resulting Kubernetes cluster’s kubeconfig file so that it’s easy to use. Exported variables are printed to the console and also accessible to tools. You will use this momentarily to access our cluster from standard tools like kubectl.

该代码段的最后一行将导出生成的Kubernetes集群的kubeconfig文件，以便于使用。导出的变量将打印到控制台，并且也可以通过工具访问。您将立即使用它从诸如kubectl类的标准工具访问我们的集群。

Now you’re ready to deploy your cluster. To do so, run pulumi up:

现在您可以部署集群了。为此，请运行pulumi up ：

pulumi up
普鲁米

This command takes the program, generates a plan for creating the infrastructure described, and carries out a series of steps to deploy those changes. This works for the initial creation of infrastructure in addition to being able to diff and update your infrastructure when subsequent updates are made. In this case, the output will look something like this:

此命令采用程序，生成用于创建描述的基础结构的计划，并执行一系列步骤以部署这些更改。除了能够在进行后续更新时差异化和更新基础结构之外，这还可以用于基础结构的初始创建。在这种情况下，输出将如下所示：


   
   
    
    Output
   
   Previewing update (dev):

     Type                                     Name        Plan
 +   pulumi:pulumi:Stack                      do-k8s-dev  create
 +   └─ digitalocean:index:KubernetesCluster  do-cluster  create

Resources:
    + 2 to create

Do you want to perform this update?
  yes
> no
  details

This says that proceeding with the update will create a single Kubernetes cluster named do-cluster. The yes/no/details prompt allows us to confirm that this is the desired outcome before any changes are actually made. If you select details, a full list of resources and their properties will be shown. Choose yes to begin the deployment:

这表示继续进行更新将创建一个名为do-cluster Kubernetes do-cluster 。 yes/no/details提示使我们能够在实际进行任何更改之前确认这是期望的结果。如果选择details ，将显示资源及其属性的完整列表。选择yes开始部署：


   
   
    
    Output
   
   Updating (dev):

     Type                                     Name        Status
 +   pulumi:pulumi:Stack                      do-k8s-dev  created
 +   └─ digitalocean:index:KubernetesCluster  do-cluster  created

Outputs:
    kubeconfig: "..."

Resources:
    + 2 created

Duration: 6m5s

Permalink: https://app.pulumi.com/.../do-k8s/dev/updates/1

It takes a few minutes to create the cluster, but then it will be up and running, and the full kubeconfig will be printed out to the console. Save the kubeconfig to a file:

创建集群需要花费几分钟，但是它将启动并运行，并且完整的kubeconfig将被打印到控制台。将kubeconfig保存到文件：

pulumi stack output kubeconfig > kubeconfig.yml
pulumi堆栈输出kubeconfig> kubeconfig.yml

And then use it with kubectl to perform any Kubernetes command:

然后将其与kubectl一起使用以执行任何Kubernetes命令：

KUBECONFIG=./kubeconfig.yml kubectl get nodes
KUBECONFIG =。/ kubeconfig.yml kubectl获取节点

You will receive output similar to the following:

您将收到类似于以下内容的输出：


   
   
    
    Output
   
   NAME           STATUS    ROLES     AGE       VERSION
default-o4sj   Ready     <none>    4m5s      v1.14.2
default-o4so   Ready     <none>    4m3s      v1.14.2
default-o4sx   Ready     <none>    3m37s     v1.14.2

At this point you’ve set up infrastructure-as-code and have a repeatable way to bring up and configure new DigitalOcean Kubernetes clusters. In the next step, you will build on top of this to define the Kubernetes infrastructure in code and learn how to deploy and manage them similarly.

至此，您已经设置了基础架构即代码，并具有一种可重复的方式来启动和配置新的DigitalOcean Kubernetes集群。在下一步中，您将基于此基础来定义代码中的Kubernetes基础架构，并学习如何类似地部署和管理它们。

步骤4 —将应用程序部署到群集 (Step 4 — Deploying an Application to Your Cluster)

Next, you will describe a Kubernetes application’s configuration using infrastructure-as-code. This will consist of three parts:

接下来，您将使用基础架构代码描述Kubernetes应用程序的配置。这将包括三个部分：

A Provider object, which tells Pulumi to deploy Kubernetes resources to the DigitalOcean cluster, rather than the default of whatever kubectl is configured to use.
Provider对象，该对象告诉Pulumi将Kubernetes资源部署到DigitalOcean集群，而不是配置为使用的任何kubectl的默认kubectl 。
A Kubernetes Deployment, which is the standard Kubernetes way of deploying a Docker container image that is replicated across any number of Pods.
Kubernetes部署，这是部署可在任意数量的Pod中复制的Docker容器映像的标准Kubernetes方式。
A Kubernetes Service, which is the standard way to tell Kubernetes to load balance access across a target set of Pods (in this case, the Deployment above).
Kubernetes服务，这是告诉Kubernetes在目标Pod组(在本例中为上述Deployment)之间进行负载平衡访问的标准方法。

This is a fairly standard reference architecture for getting up and running with a load balanced service in Kubernetes.

这是一个相当标准的参考架构，用于在Kubernetes中使用负载平衡服务启动和运行。

To deploy all three of these, open your index.ts file again:

要部署所有这三个，请再次打开index.ts文件：

nano index.ts
纳米指数

Once the file is open, append this code to the end of the file:

打开文件后，将此代码附加到文件末尾：

index.ts

索引

...
const provider = new kubernetes.Provider("do-k8s", { kubeconfig })

const appLabels = { "app": "app-nginx" };
const app = new kubernetes.apps.v1.Deployment("do-app-dep", {
    spec: {
        selector: { matchLabels: appLabels },
        replicas: 5,
        template: {
            metadata: { labels: appLabels },
            spec: {
                containers: [{
                    name: "nginx",
                    image: "nginx",
                }],
            },
        },
    },
}, { provider });
const appService = new kubernetes.core.v1.Service("do-app-svc", {
    spec: {
        type: "LoadBalancer",
        selector: app.spec.template.metadata.labels,
        ports: [{ port: 80 }],
    },
}, { provider });

export const ingressIp = appService.status.loadBalancer.ingress[0].ip;

This code is similar to standard Kubernetes configuration, and the behavior of objects and their properties is equivalent, except that it’s written in TypeScript alongside your other infrastructure declarations.

该代码类似于标准的Kubernetes配置，并且对象及其属性的行为相同，只是它与其他基础结构声明一起用TypeScript编写。

Save and close the file after making the changes.

进行更改后，保存并关闭文件。

Just like before, run pulumi up to preview and then deploy the changes:

与之前一样， pulumi up运行pulumi up进行预览，然后部署更改：

pulumi up
普鲁米

After selecting yes to proceed, the CLI will print out detailed status updates, including diagnostics around Pod availability, IP address allocation, and more. This will help you understand why your deployment might be taking time to complete or getting stuck.

选择yes继续后，CLI将打印出详细的状态更新，包括有关Pod可用性，IP地址分配等的诊断。这将帮助您了解为什么您的部署可能要花一些时间才能完成或陷入困境。

The full output will look something like this:

完整的输出如下所示：


   
   
    
    Output
   
   Updating (dev):

     Type                            Name        Status
     pulumi:pulumi:Stack             do-k8s-dev
 +   ├─ pulumi:providers:kubernetes  do-k8s      created
 +   ├─ kubernetes:apps:Deployment   do-app-dep  created
 +   └─ kubernetes:core:Service      do-app-svc  created

Outputs:
  + ingressIp : "157.230.199.202"

Resources:
    + 3 created
    2 unchanged

Duration: 2m52s

Permalink: https://app.pulumi.com/.../do-k8s/dev/updates/2

After this completes, notice that the desired number of Pods are running:

完成此操作后，请注意所需数量的Pod正在运行：

KUBECONFIG=./kubeconfig.yml kubectl get pods
KUBECONFIG =。/ kubeconfig.yml kubectl获取容器


   
   
    
    Output
   
   NAME                                   READY     STATUS    RESTARTS   AGE
do-app-dep-vyf8k78z-758486ff68-5z8hk   1/1       Running   0          1m
do-app-dep-vyf8k78z-758486ff68-8982s   1/1       Running   0          1m
do-app-dep-vyf8k78z-758486ff68-94k7b   1/1       Running   0          1m
do-app-dep-vyf8k78z-758486ff68-cqm4c   1/1       Running   0          1m
do-app-dep-vyf8k78z-758486ff68-lx2d7   1/1       Running   0          1m

Similar to how the program exports the cluster’s kubeconfig file, this program also exports the Kubernetes service’s resulting load balancer’s IP address. Use this to curl the endpoint and see that it is up and running:

与程序导出群集的kubeconfig文件的方式kubeconfig ，该程序还导出Kubernetes服务的结果负载均衡器的IP地址。使用它来curl端点并查看它是否已启动并正在运行：

curl $(pulumi stack output ingressIp)
curl $(pulumi堆栈输出ingressIp)


   
   
    
    Output
   
   <!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

From here, you can easily edit and redeploy your application infrastructure. For example, try changing the replicas: 5 line to say replicas: 7, and then rerun pulumi up:

从这里，您可以轻松地编辑和重新部署应用程序基础结构。例如，尝试更改replicas: 5行，将其表示为replicas: 7 ，然后重新运行pulumi up ：

pulumi up
普鲁米

Notice that it just shows what has changed, and that selecting details displays the precise diff:

注意，它仅显示更改的内容，选择详细信息将显示精确的差异：


   
   
    
    Output
   
   Previewing update (dev):

     Type                           Name        Plan       Info
     pulumi:pulumi:Stack            do-k8s-dev
 ~   └─ kubernetes:apps:Deployment  do-app-dep  update     [diff: ~spec]

Resources:
    ~ 1 to update
    4 unchanged

Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dev::do-k8s::pulumi:pulumi:Stack::do-k8s-dev]
    ~ kubernetes:apps/v1:Deployment: (update)
        [id=default/do-app-dep-vyf8k78z]
        [urn=urn:pulumi:dev::do-k8s::kubernetes:apps/v1:Deployment::do-app-dep]
        [provider=urn:pulumi:dev::do-k8s::pulumi:providers:kubernetes::do-k8s::80f36105-337f-451f-a191-5835823df9be]
      ~ spec: {
          ~ replicas: 5 => 7
        }

Now you have both a fully functioning Kubernetes cluster and a working application. With your application up and running, you may want to configure a custom domain to use with your application. The next step will guide you through configuring DNS with Pulumi.

现在，您既有一个功能全面的Kubernetes集群，又有一个正在运行的应用程序。随着应用程序的启动和运行，您可能需要配置一个自定义域以用于您的应用程序。下一步将指导您通过Pulumi配置DNS。

第5步-创建DNS域(可选) (Step 5 — Creating a DNS Domain (Optional))

Although the Kubernetes cluster and application are up and running, the application’s address is dependent upon the whims of automatic IP address assignment by your cluster. As you adjust and redeploy things, this address might change. In this step, you will see how to assign a custom DNS name to the load balancer IP address so that it’s stable even as you subsequently change your infrastructure.

尽管Kubernetes集群和应用程序已启动并正在运行，但是应用程序的地址取决于集群自动分配IP地址的想法。在您调整和重新部署事物时，此地址可能会更改。在此步骤中，您将看到如何为负载均衡器IP地址分配一个自定义DNS名称，以使该名称稳定，即使您随后更改基础结构也是如此。

Note: To complete this step, ensure you have a domain using DigitalOcean’s DNS nameservers, ns1.digitalocean.com, ns2.digitalocean.com, and ns3.digitalocean.com. Instructions to configure this are available in the Prerequisites section.

注意：要完成此步骤，请确保您具有使用DigitalOcean的DNS域名服务器ns1.digitalocean.com ， ns2.digitalocean.com和ns3.digitalocean.com 。先决条件部分中提供了配置此操作的说明。

To configure DNS, open the index.ts file and append the following code to the end of the file:

要配置DNS，请打开index.ts文件，并将以下代码附加到文件末尾：

index.ts

索引

...
const domain = new digitalocean.Domain("do-domain", {
    name: "your_domain",
    ipAddress: ingressIp,
});

This code creates a new DNS entry with an A record that refers to your Kubernetes service’s IP address. Replace your_domain in this snippet with your chosen domain name.

此代码使用A记录创建一个新DNS条目，该记录引用您的Kubernetes服务的IP地址。用您选择的域名替换此代码段中的your_domain 。

It is common to want additional sub-domains, like www, to point at the web application. This is easy to accomplish using a DigitalOcean DNS record. To make this example more interesting, also add a CNAME record that points www.your_domain.com to your_domain.com:

通常，希望其他子域(例如www )指向Web应用程序。使用DigitalOcean DNS记录很容易做到这一点。为了使该示例更有趣，还添加一个指向www. your_domain .com的CNAME记录www. your_domain .com www. your_domain .com到your_domain .com ：

index.ts

索引

...
const cnameRecord = new digitalocean.DnsRecord("do-domain-cname", {
    domain: domain.name,
    type: "CNAME",
    name: "www",
    value: "@",
});

Save and close the file after making these changes.

进行这些更改后，保存并关闭文件。

Finally, run pulumi up to deploy the DNS changes to point at your existing application and cluster:

最后，运行pulumi up以部署DNS更改以指向您现有的应用程序和群集：


   
   
    
    Output
   
   Updating (dev):

     Type                             Name             Status
     pulumi:pulumi:Stack              do-k8s-dev
 +   ├─ digitalocean:index:Domain     do-domain        created
 +   └─ digitalocean:index:DnsRecord  do-domain-cname  created

Resources:
    + 2 created
    5 unchanged

Duration: 6s

Permalink: https://app.pulumi.com/.../do-k8s/dev/updates/3

After the DNS changes have propagated, you will be able to access your content at your custom domain:

DNS更改传播之后，您将可以在自定义域中访问内容：

curl www.your_domain.com
卷曲www。 your_domain .com

You will receive output similar to the following:

您将收到类似于以下内容的输出：


   
   
    
    Output
   
   <!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

With that, you have successfully set up a new DigitalOcean Kubernetes cluster, deployed a load balanced Kubernetes application to it, and given that application’s load balancer a stable domain name using DigitalOcean DNS, all in 60 lines of code and a pulumi up command.

这样，您就成功建立了一个新的DigitalOcean Kubernetes集群，在其中部署了负载均衡的Kubernetes应用程序，并使用DigitalOcean DNS为该应用程序的负载均衡器提供了一个稳定的域名，所有这些均以60行代码和一个pulumi up命令完成。

The next step will guide you through removing the resources if you no longer need them.

下一步将指导您删除不再需要的资源。

步骤6 —删除资源(可选) (Step 6 — Removing the Resources (Optional))

Before concluding the tutorial, you may want to destroy all of the resources created above. This will ensure you don’t get charged for resources that aren’t being used. If you prefer to keep your application up and running, feel free to skip this step.

在结束本教程之前，您可能想要销毁上面创建的所有资源。这将确保您不会因未使用的资源而收费。如果您希望保持应用程序的正常运行，请随时跳过此步骤。

Run the following command to destroy the resources. Be careful using this, as it cannot be undone!

运行以下命令以销毁资源。请谨慎使用，因为无法撤消！

pulumi destroy
普鲁米破坏

Just as with the up command, destroy displays a preview and prompt before taking action:

与up命令一样， destroy在执行操作之前会显示预览和提示：


   
   
    
    Output
   
   Previewing destroy (dev):

     Type                                     Name             Plan
 -   pulumi:pulumi:Stack                      do-k8s-dev       delete
 -   ├─ digitalocean:index:DnsRecord          do-domain-cname  delete
 -   ├─ digitalocean:index:Domain             do-domain        delete
 -   ├─ kubernetes:core:Service               do-app-svc       delete
 -   ├─ kubernetes:apps:Deployment            do-app-dep       delete
 -   ├─ pulumi:providers:kubernetes           do-k8s           delete
 -   └─ digitalocean:index:KubernetesCluster  do-cluster       delete

Resources:
    - 7 to delete

Do you want to perform this destroy?
  yes
> no
  details

Assuming this is what you want, select yes and watch the deletions occur:

假设这是您想要的，请选择yes然后观察删除的发生：


   
   
    
    Output
   
   Destroying (dev):

     Type                                     Name             Status
 -   pulumi:pulumi:Stack                      do-k8s-dev       deleted
 -   ├─ digitalocean:index:DnsRecord          do-domain-cname  deleted
 -   ├─ digitalocean:index:Domain             do-domain        deleted
 -   ├─ kubernetes:core:Service               do-app-svc       deleted
 -   ├─ kubernetes:apps:Deployment            do-app-dep       deleted
 -   ├─ pulumi:providers:kubernetes           do-k8s           deleted
 -   └─ digitalocean:index:KubernetesCluster  do-cluster       deleted

Resources:
    - 7 deleted

Duration: 7s

Permalink: https://app.pulumi.com/.../do-k8s/dev/updates/4

At this point, nothing remains: the DNS entries are gone and the Kubernetes cluster—along with the application running inside of it—are gone. The permalink is still available, so you can still go back and see the full history of updates for this stack. This could help you recover if the destruction was a mistake, since the service keeps full state history for all resources.

此时，什么都没有了：DNS条目消失了，Kubernetes集群以及其中运行的应用程序消失了。永久链接仍然可用，因此您仍然可以返回并查看此堆栈的更新的完整历史记录。如果销毁是错误的，这可以帮助您恢复，因为该服务保留所有资源的完整状态历史记录。

If you’d like to destroy your project in its entirety, remove the stack:

如果您想彻底销毁您的项目，请删除堆栈：

pulumi stack rm
pulumi stack rm

You will receive output asking you to confirm the deletion by typing in the stack’s name:

您将收到输出，要求您通过输入堆栈名称来确认删除：


   
   
    
    Output
   
   This will permanently remove the 'dev' stack!
Please confirm that this is what you'd like to do by typing ("dev"):

Unlike the destroy command, which deletes the cloud infrastructure resources, the removal of a stack erases completely the full history of your stack from Pulumi’s purview.

与销毁命令删除云基础架构资源不同，删除堆栈会从Pulumi的权限中完全删除堆栈的全部历史记录。

结论 (Conclusion)

In this tutorial, you’ve deployed DigitalOcean infrastructure resources—a Kubernetes cluster and a DNS domain with A and CNAME records—in addition to the Kubernetes application configuration that uses this cluster. You have done so using infrastructure-as-code written in a familiar programming language, TypeScript, that works with existing editors, tools, and libraries, and leverages existing communities and packages. You’ve done it all using a single command line workflow for doing deployments that span your application and infrastructure.

在本教程中，除了使用该集群的Kubernetes应用程序配置之外，您还部署了DigitalOcean基础结构资源— Kubernetes集群以及具有A和CNAME记录的DNS域。您已使用以熟悉的编程语言TypeScript编写的基础结构即代码来完成此任务，该语言可与现有的编辑器，工具和库一起使用，并利用现有的社区和软件包。您已经使用单个命令行工作流程完成了所有跨越您的应用程序和基础架构的部署。

From here, there are a number of next steps you might take:

从这里开始，您可以执行许多后续步骤：

Explore the full set DigitalOcean resources supported by Pulumi.
探索Pulumi支持的全套DigitalOcean资源。
Explore Pulumi’s support for Kubernetes applications, including common architectures.
探索Pulumi对Kubernetes应用程序的支持，包括常见的体系结构。
Trigger deployments automatically with CI/CD and Git workflow integrations.
通过CI / CD和Git工作流集成自动触发部署。
Make certain elements of your program configurable like the example does, to facilitate larger projects and multi-stack approaches (such as dev, test, staging, production).
像示例一样，使程序的某些元素可配置，以便利大型项目和多堆栈方法 (例如dev，test，staging，production)。

The entire sample from this tutorial is available on GitHub. For extensive details about how to use Pulumi infrastructure-as-code in your own projects today, check out the Pulumi Documentation, Tutorials, or Getting Started guides. Pulumi is open source and free to use.

本教程的整个示例都可以在GitHub上找到。有关今天如何在您自己的项目中使用Pulumi基础结构代码的广泛详细信息，请查看《 Pulumi文档》，《教程》或《入门指南》。 Pulumi是开源的，可以免费使用。